undefined | Better HN

0 pointsjlgaddis8y ago0 comments

Honest question: Short of root-level access to the entirety of their infrastructure, how would you verify it?

I work for an ISP and have toyed with the idea of offering a "private, no logs" VPN service. As someone running such a service, what would it take to convince you that I wasn't logging information that could be used to identify you?

(Obviously, there would be logs of some stuff -- just not the kind of things that would allow you to be individually or personally identified.)

0 comments

1 comments · 1 top-level

toyg8y ago

Get a reputable auditor to vouch for you, by giving them access to your infrastructure for a while. Of course it’s not foolproof (you could change everything the minute he leaves) but it’s the best you can do. Bonus points for making it a yearly event.

j / k navigate · click thread line to collapse