Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
However, in the last couple of years, a new practice emerged: independent auditing. This proved to be an efficient way for VPN service providers to test their security features, as well as provide their customers with more than just promises. Brands like ExpressVPN, NordVPN, TunnelBear, and others, were able to defend their statements with rock-solid facts.
Letâs dive in to see how all this started and what was done in a few years.
TunnelBear audit
TunnelBear is the first VPN provider to submit their product to the test willingly. During 2016â2017 they worked alongside German cyber security experts Cure53 (this company name will pop-up frequently) and in August 2017 released a blog post about audit results, with the report itself following in a few months.
https://www.tunnelbear.com/blog/tunnelbear-completes-2nd-annual-independent-security-audit/ audit-2018@2x.png
Overall, Cure53 found 2 âcritical,â 5 âhigh,â 3 âmedium,â 7 âlow,â issues. This might look like a lot, but these tests are done to find vulnerabilities before something bad happens. Because Cure53 have been working with TunnelBear for over a year, they positively rated the overall security improvements over time. Also, they underlined that TunnelBear was fast and positive to react to vulnerabilities and improved their services ASAP.
Mullvad and Surfshark audits
Two lesser-known VPNs, Mullvad and Surfshark, followed with separate audits, although once again carried out by Cure53. Mullvad has been here for a while, on the other hand, Surfshark is just over a year old, but already crowned the best VPN newcomer of 2019.
Regarding Mullvad, seven issues were discovered, one rated âcriticalâ and another rated âhigh.â The results were positive. However, Cure53 underlined that they checked only the front-end side of the service for security issues. Meaning this report doesnât cover the logging and privacy parts. Still, Mullvad users should be satisfied because their service has been checked for front-end security issues and returned a satisfactory result.
https://vpnpro.com/blog/surfshark-vpn-independent-audit-results/ Surfshark-VPN-releases.jpg
Surfshark went through code audit and penetration tests of their Chrome and Firefox web extensions. to quote the report, âas the extremely low number of findings and their limited implications clearly indicate,the results of this Cure53 assessment of the Surfshark VPN extensions position the product in a very good light.â It looks like the market newcomers took their service seriously and managed to launch a new high-quality VPN with as little security issues as possible.
ExpressVPN and NordVPNÂ audits
After the first audits came out, two VPN market giants decided to follow. For one week in October 2018, four Cure53 members assessed ExpressVPN security and privacy extensions and on November came back to verify that the issues have been fixed. All in all, they uncovered eight security issues, none of which were rated worse than of âmediumâ level. All of the uncovered problems have been fixed, and, as expected, ExpressVPN received a positive review.
https://www.vpncompass.com.au/expressvpn-announces-independent-security-audit/ ExpressVPN-independent-security-audit.jpg
NordVPN chose a different audit company and submitted themselves to Switz cyber security experts PricewaterhouseCoopers. I have elaborated in-depth on their audit in my previous article, but to summarize shortly, NordVPN chose to prove they keep no-logs. Auditors evaluated their server back-end configurations and revealed that NordVPN does not hold any more logs than necessary to maintain their service. Nothing out of the ordinary has been found, and they were given a positive review of their services.
All in all, major and ambitious VPN providers one after another are checking their services for potential vulnerabilities, and these audits look to be an effective way to back-up the security and privacy claim these companies make. There are lots of VPN providers out there, and the number is growing, and audits may become the new consumer standard for choosing the best provider.
Independent audits, a new transparency practice in the VPN industry was originally published in HackerNoon.com on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.