Reading Time: 5 minutes

Transparency in business calls for stakeholders to openly disclose their business’s goals, performance, and operations for the general public. While it sounds plain and simple, it’s easier said than done.

For a VPN provider, disclosing as little information as possible seems to be the norm. However, it’s not entirely ethical.

Now I’m not suggesting VPN providers should disclose their secrets; however, a little transparency about their owners, their company address can help a consumer make a planned decision.

NordVPN and ExpressVPN are exceptional VPN services without a doubt. However, the fact that they don’t disclose their company owners makes me a little wary of their practices.

However, to restore your faith in VPN providers, I went all out Ace Ventura on several VPN providers to see if they’d open up. In this investigative article, you’re going to find intriguing findings.

But first, let’s talk a little bit about transparency and why it’s even important.

 

Transparency, Why Is It Crucial For Business Success?

The term “need to know” has undergone a massive shift over the past few years. If we look at the statistics, the trend for “business transparency” has soared significantly over the past five years.

Business-transparency-google-trends-graph

With global information only a click away and social media connecting the world, we are compelled to know and share anything and everything.

Whether it be product reviews or our deepest and darkest thoughts, we share our minutiae online without even thinking twice.

Stepping into the realm of business and we don’t see the same level of transparency, at least not at the moment. However, things are changing for the good.

Since today’s consumers are savvier than the generation before, skepticism seems to be the default emotion of most consumers.

And why not.

After all, the statistics of online scams has never been higher. Take the case of Australia, the total number of scans is increasing over the years since 2015.

online-scam-statistics-statista

Source: Number of Scams in Australia from 2015-18

For businesses looking to build brand loyalty, it is absolutely crucial first to build consumer trust. And transparency seems to be the key to that.

Allow me to explain…

According to a study conducted by Label Insight, more than 94% of surveyed consumers said they were more likely to be loyal to a brand that offers transparency. In addition to that, 73% of consumers said they would pay more for a product that offered complete transparency.

Another study by Harvard Business School revealed a 17% increase in customer satisfaction and a significant 13% faster customer service when chefs and customers could transparently see each other. [Source]

That’s just a brief look into the power of transparency. It makes sense right if retailers were constantly under the radar, wouldn’t that result in better product and services?

These are enough reasons why companies around the world are improving their efforts to achieving transparency.

Take for example Buffer that introduced open salary list in order to achieve greater transparency. Companies like Whole Foods and Patagonia openly disclose their product procurement methodologies and their supply chains.

 

VPN Transparency & Why You Should Be Concerned About It?

Why-is-VPN-transparency-important

When it comes to VPN services, not knowing who’s running the show or where the company is located, can be somewhat detrimental to your privacy.

Hypothetically speaking, imagine if a VPN listed its location in a privacy-friendly country, but in reality, operating in a country with extensive data retention or surveillance laws. If your VPN leaks, your intimate data could be at the risk of being intercepted by the 5, 9 and 14 eyes alliances.

As a savvy VPN consumer, it never hurts to do a bit of background checking before purchasing any VPN subscription.

Here’s what you should be looking out for:

Transparency Report

Transparency report is one piece of document you should absolutely read. Transparency reports are published on a reoccurring basis by the VPN provider.

This document quantifiably highlights all the warrants, subpoenas and other requests for information by government agencies over a set period of time (6 or 12 months) and how the company dealt with them.

More specifically, whether the specific VPN provider responded to the requests and what information is disclosed, the document also specifies the number of requests, amount and the type of data handed over to the requesting authorities.

CyberGhost is among the very few VPNs that offer detailed and updated transparency reports.

If the VPN provider you’re looking to purchase doesn’t offer a transparency report, they might actually be complying with disclosure requests.

Because let’s face it, if a VPN provider isn’t disclosing any requests, there is no reason for the company not to disclose their transparency reports.

People Behind the Company

As I mentioned earlier, it is also important to know who’s running the show. For a VPN service, it can be very helpful to know whose overseeing the activities of a company. Are all the stated policies of the company being properly met?

For instance, Avast Secure Line VPN discloses a complete and transparent list of most of its senior leadership team, including their CEO. However, not all VPN providers are this transparent.

Some VPN providers even disclose a complete list of all of their profiles on LinkedIn. In fact on CyberGhost’s LinkedIn page, you can even view the full profiles of many of their employees.

Same goes for TunnelBear as well. If you look up TunnelBear’s LinkedIn page, you’ll find a ton of profiles of people working there.

But why is it even important to know who’s behind the company? Well, it helps to know who to blame or point fingers at when things go wrong.

For instance, when the whole Hotspot shield targeted ad scandal surfaced, The Center for Democracy & Technology (CDT) and the Federal Trade Commission (FTC) held Hotspot Shield CEO David Gorodyansky accountable mishandling user data. [Source]

Where the Company Is Located

Location matters. If a VPN provider is located in a data hogging jurisdiction, there’s no point in purchasing it. You see, every country has its own set of data retention laws.

For instance, the UK’s Data Retention and Investigatory Powers Act 2014 requires communication companies to retain communications data and make it available to law enforcement agencies when required.

Similarly, Australia’s Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 mandates telecommunication providers and ISPs to retain copies of telephony, Internet and email metadata of users for two years without a warrant.

Since you’d want to secure your data, you’d want a VPN service that isn’t located in a data-hungry jurisdiction or isn’t required to keep VPN logs by the governing laws of the country.

These are just some of the things any VPN user should be made aware of. If your VPN provider isn’t disclosing such information, they aren’t transparent with their customers.

My Research Methodology

VPN-transparency-research-methadology

To see which VPNs actually disclose their company information, I asked multiple VPN providers in the industry a series of questions. While some answered all of my questions, I’m still waiting for a couple them to respond. I’ll update this article with other responses as well in the future.

Here’s what I asked:

  1. What is your company’s official location and address?
  2. Does your VPN service publish Transparency/Clearance reports to disclose any information that is required by the governments? If yes, how often? (Please provide a URL or a PDF file, if available).
  3. If there are no published transparency/clearance reports, what are the reasons?
  4. Has your VPN service ever been audited by the third-party security firms? If yes, when it was last audited? (Please provide a URL or a PDF file, if available).
  5. If not, then what are the reasons for not being audited?
  6. Who are the owners behind your company and where are they based?
  7. Are there any investors backing the company? If yes, is this information publicly available for general users? (Please provide a URL, if available)
  8. How many people are there on your Board of Directors? Who are they?

Anyways, without further ado, here are all the answers of the providers that responded to my questionnaire.

Can’t find what you’re looking for, use the super handy filters below…
arrow-pointing-to-filters


SigaVPN

The official address is:

P.O. Box 1722
Southaven, MS 38671

The reason I use a PO box is because there isn’t a physical office I rent out for the VPN. I run it by myself, and there is no use for a physical office. I could have a street address, but they are usually more expensive.

I have never received a government request. I do receive emails from webmasters, angry individuals, companies, etc. I’ve never given user information or logged it, even when it was controversial.

It is expensive and I run the service at-cost.

Me. United States of America

**Although SigaVPN answered my question, it’s unclear who the owner is since they didn’t provide any name**

NVPN

We don’t have such thing like an “official location” and therefore no address either.

We are a group of four privacy enthusiasts most spread over the eastern European region in Bosnia, Ukraine, Poland and Serbia.

We are actually thinking about to do this soon, yes, but we don’t have such thing in place yet, but is planned for 2019 to make some kind of archive which every member can access and read our replies.

There is no reason not to publish our replies and handlings, really, we don’t have anything to hide, as said above we will get this published and accessible to our members in 2019, I can’t tell the exact date yet, since we have many other tasks on the to do list first (Implementation of WireGuard, full native IPv6 and release of our Linux and Mac OS client – next 2-6 weeks).

Me personally, I would have no problem to do this, the question is just how and which firm would do such audit and how, I mean how such an audit really looks like in the reality, which data they want to see database, server side – I mean, server side is no problem nothing interesting there anyways – but the customer database is another story we have customer emails there, so not sure which firm could do this who is trustable enough and how.

No reason against it, just unsure how this will be done and who is trusted enough to perform the audit.

We have no single owner, like stated above everyone and nobody owns nVPN.net we have four people, where two of them have Domain access only one of those has Database access rights, no owner exists here.

**NVPN didn’t disclose who the owners are behind the company**

We have no investors at all, all is self-made and self-handled between the four people I’ve mentioned above.

ProtonVPN

Our headquarters is in Geneva, Switzerland. Chemin du Pré-Fleuri, 3

CH-1228 Plan-les-Ouates, Genève, Switzerland.

**They have published transparency/clearance reports**

Not yet as we have been fully transparent to our users with regards to our headquarters, owners, etc. However, we are considering an audit in the near future.

They are considering to conduct an audit in the near future.

ProtonTechnologies AG owns ProtonVPN. It is a Swiss company, based in Geneva.

** ProtonVPN disclosed where they’re based, however, it didn’t provide any information regarding the owners**

The Board of Directors of ProtonVPN AG is Antonio Gambardella

CyberGhost

We’re in Bucharest, Romania, outside of the 5 Eyes, 9 Eyes, 14 Eyes alliance jurisdictions. Our details are here: https://www.cyberghostvpn.com/en_US/imprint

Yes, we were the first ones in the VPN industry to publish a Transparency Report back in 2011. It’s a tradition we hold dear.

Our yearly Transparency Report is here: https://www.cyberghostvpn.com/en_US/transparency-report

The numbers of legal request for Q1 2019 will soon be live on our Privacy Hub: https://www.cyberghostvpn.com/privacyhub/

**They have published transparency/clearance reports**

So far, we have been focused on building the best VPN for our users. But we plan on having our VPN audited in the future.

IbVPN

Our company is located in Tirgu-Mures, Romania. The address is publicly available on our site, in the footer area: https://www.ibvpn.com

Our company must comply to GDPR and we have spent the year before 25 May 2018 to prepare and the following months to implement data protection mechanism that assure our clients that their data is safe. The objective for 2019 is to successfully implement ISO 27001 (Information security management) and 9001 (Quality management).

**They didn’t provide a clear cut answer**

SC Amplusnet SRL is the company that holds full ownership of ibVPN. The company owners are private persons that are involved in developing and maintaining the ibVPN service.

**Not disclosing the owner’s identity**

You can check for the public information about the company SC Amplusnet SRL.

Surfshark

Surfshark is a registered trademark of Surfshark Ltd., a legal entity of the British Virgin Islands. The official address of Surfshark Ltd. is as follows:

Surfshark Limited

Vanterpool Plaza, 2nd Floor, Wickhams Cay I

Road Town, VG 1110

The British Virgin Islands

The government of the British Virgin Islands does not require Surfshark to publish Transparency/Clearance reports; therefore we do not do that.

Surfshark is a private company, thus publishing such kind of reports is not mandatory. As Surfshark is not listed publicly in any stock exchange, we apply a common practice not to disclose such information to the public.

Surfshark is one of the very few VPN service providers which have been independently audited. The last audit was carried out in November 2018 by the acknowledged German security company Cure53: https://cure53.de/pentest-report_surfshark.pdf.

**They have conducted an independent audit in the past**

Surfshark provides its services to people all over the world, including heavily restrictive countries and regimes where access to the internet is controlled, opposing media is persecuted, and NGOs are constrained. We are one of the few VPN providers who has managed to overcome the Great Firewall of China. As long as we are determined to invest time as well as effort in developing smart solutions which can overcome the restrictions, the private shareholders of Surfshark Ltd. seek to exercise their right of privacy and remain undisclosed. This is a measure of risk management to secure the sustainability of Surfshark as a service, protect our customers and employees.

**As you can see, Surfshark didn’t provided a clear cut answer. Instead of disclosing their owners, they answered my question with a sales pitch**

Surfshark Ltd. is owned by private shareholders who chose not to disclose their private information to the public as it has not been legally required.

Surfshark is a private company which is not required to have and does not have a Board of Directors. It is run by the management team, which includes the Chief Executive, Chief Marketing, Chief Technology Officers, as well as several Product Owners.

PureVPN

Company name: GZ Systems LTD

Address: 36/F, Tower Two, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong

PureVPN constantly take feedback from third party consultants to optimize our infrastructure and we do conduct Audits from third in regards to practices, SOPs and business operations.

**Although PureVPN claims to conduct independent audits, they did not provide me with any document of proof**

The owners are based in Hong Kong.

**Although PureVPN states their owners are based in Hong Kong, they didn’t provide any names**

Hide.Me

We are incorporated in Malaysia, our company address is:

eVenture Limited

Office 2.19, Lazenda Commercial Center

Federal Territory of Labuan

87007 Malaysia

Yes, we do publish periodicity transparency report with the historical data.

We do oblige to the laws in our jurisdiction, as Malaysia does not require from us to store and log data we do not do so; therefore we cannot hand out any to the parties that request such.

The last one was 2015, and the next one will be published in the next two or three weeks.

https://hide.me/en/blog/leon-juranic-certifies-hide-me-as-one-of-the-most-anonymous-vpn-provider/

**They have conducted independent audits**

The company is entirely privately owned.

**They choose not to disclose any names**

List of VPN Providers that Offer Transparency Reports

  1. CyberGhost
  2. Private Internet Access
  3. AceVPN
  4. Avast Secure line
  5. AzireVPN
  6. Betternet
  7. HideMyAss
  8. Hotspot Shield
  9. IVPN
  10. OVPN
  11. TunnelBear

 

List of VPN Providers That Have Conducted Independent Audits

  1. TunnelBear security audit
  2. Mullvad security audit
  3. Surfshark browser extension audit
  4. NordVPN no-log policy audit (Not publically disclosed, however, you can view it if you log on to NordVPN’s website)
  5. VyprVPN’s audit
  6. ExpressVPN security audit

VPN Providers That Didn’t Respond To My Questions

As I mentioned earlier, only a handful of VPN providers felt the need to get back to me. Here are all the VPN providers that didn’t answered my questionnaire:

Astrill
Anonine
AzireVPN
ActiVPN
AceVPN
AirVPN
AnonVPN
Anonymizer
AnonymousVPN
Avira Phantom VPN
Avast Secureline
Boxpn
Buffered
Blockless
BTGuard
BeeVPN
Betternet
BlackVPN
BolehVPN
Celo
CryptoStorm
CactusVPN
CitizenVPN
CloakVPN
CrypticVPN
CryptoHippie
ChillGlobal
DotVPN
DathoVPN
Doublehop
Disconnect.me
DefenceVPN
EarthVPN
ExpressVPN
EtherealVPN
Encrypt.me
FoxyProxy
FinchVPN
Faceless.ME
FlowVPN
Freedom-IP
Freedome
FrootVPN
FrostVPN
FlyVPN
GoVPN
GetFlix
GooseVPN
GhostPath
GoTrusted
Hide.me
HideALLIP
Hola!VPN
HotVPN
HideMyAss
Hotspot Shield
HideIPVPN
Hide My IP
IntroVPN
Insorg
IPVanish
Ivacy
IVPN
IntelliVPN
IncognitoVPN
Ironsocket
IPredator
IPinator
Integrity.st
Internetz.me
In-Disguise
Identity Cloaker
Kepard
LibertyShield
LeVPN
LimeVPN
LibertyVPN
LiquidVPN
My Private Network
My Expat Network
MyVPN.Pro
MyIP.io
NetShade
Newshosting
NordVPN
NolimitVPN
NEXTGenVPN
Norton WiFi Privacy
OneVPN
oVPN.to
Opera (Browser) VPN
OverPlay
OctaneVPN
PRQ
ProXPN
PureVPN
Proxy.sh
PrivateVPN
Perfect Privacy
PrivateTunnel
Private Internet Access
PrivatePackets.io
RogueVPN
RootVPN
RA4W VPN
Speedify
SlickVPN
Spotflux
SurfEasy
Seed4.Me
SunVPN
SuperVPN
SmartVPN
StrongVPN
Smart DNS Proxy
Seedboxes.cc
SecureVPN.com
Steganos
SwitchVPN
SaferVPN
SecurityKISS
SumRando
ShadeYouVPN
Tunnelr
TorVPN
TGVPN
TotalVPN
Torguard
TigerVPN
Trust.Zone
Traceless.me
TunnelBear
TorrentPrivacy
TVWhenAway
Unspyable
Unlocator
Unblock VPN
UnoTelly
Unblock-Us
Unseen Online
VPN.sh
VPN.ht
VPN.cc
VPN.ac
VPNMe
VIP72
VPNUK
VyprVPN
VPNTraffic
VanishedVPN
VPNAUS
VPNSecure
VPN.Asia
VPNArea
VPNJack
VPNShazam
VPN Gate
VPN Land
VPN4All
VPN Shield
VPNBaron
VPNTunnel
VikingVPN
VPN Master
Virtual Shield
WorldVPN
Windscribe
WifiMask
WASEL Pro
WiTopia
Whoer
ZorroVPN
Zenmate
ZoogVPN
ZPN
Surfshark
Hola VPN
Norton Secure VPN

Wrapping up!

Businesses weren’t too transparent in the past. Supply chains and business operations were mostly kept out of the eyes of consumers.

However, with consumers demanding a peek into the inner workings of mainstream businesses, companies from all domains have molded their business methodologies.

This change has certainly also reflected in the VPN industry. VPN Providers not only openly disclose their transparency reports, but even more insightful information as to what kind of servers they offer (Virtual or Physical).

Not only that, with the current trend of business transparency, VPN providers are more open to answering business related queries, that would be have been considered a taboo, only a few years ago.

So what’s the take away here? Do a bit of research before you purchase a VPN. More appropriately, do a bit of background checking. You’d be surprised by what you may find.

 

Not at all Likely Extremely Likely