undefined | Better HN

0 pointsjlgaddis8y ago0 comments

I work for an ISP and believe deeply in online privacy. I've had the idea of offering up an as-private-as-I-can-make-it VPN service a few times, but I always end up at the same point: wondering how I could prove that the service wasn't doing anything malicious or nefarious -- "taps", Netflow data, etc. would all be easily available to me.

What would it take to convince you that a VPN service was trustworthy?

0 comments

3 comments · 2 top-level

ehxcaet8y ago· 1 in thread

I feel like people who complain about this are people who wouldn't be satisfied with anything unless they rolled it themselves. Of course, you could purchase your own server, use OpenVPN, etc. But anything that you haven't touched yourself is just one more thing that's potentially malicious.

pnutjam8y ago

perfect is the enemy of good enough

zimbatm8y ago

Random audits from trusted third-parties would be a nice thing. Allow people to come in at any time and check the systems. Trust is better when distributed over multiple neutral parties.

In terms of features, allow clients to regularly change IP and don't log who is using what IP. Also mix client traffic with Tor exit nodes to add noise to the traffic.

j / k navigate · click thread line to collapse