Seems odd that they don't mention who of the "Big 4" companies did the audit and how the audit was done. It could be anything from filling out some questionaire to full on forensics analysis of...
Seems odd that they don't mention who of the "Big 4" companies did the audit and how the audit was done. It could be anything from filling out some questionaire to full on forensics analysis of servers, because a "review our servers and code and to interview the employees in charge of maintaining our service" (quote from the NordVPN blog article) could mean basically anything.
Also what is "However, in order to uphold the integrity of the audit and its results, we are currently significantly limited in what we can publicly say about it." supposed to mean? How does that even make sense?
Honestly, I'm not saying that NordVPN are in fact logging anything, but this "audit" doesn't really increase my confidence in their services, rather the opposite.
Right, I saw that in the article as well. That makes it even more odd to me. I'm assuming that NordVPN paid for this audit, so why would they accept these terms by the audit company? It just makes...
Right, I saw that in the article as well. That makes it even more odd to me. I'm assuming that NordVPN paid for this audit, so why would they accept these terms by the audit company? It just makes the audit seem like a "oh yeah, we're totally safe and secure guys, just trust us." rather than any substantiated evidence, which would basically be the point of the audit, no? I.e., (re)gain trust from existing (who get to see the report) and potential customers.
Anyways, I'm pretty certain that the report will get "leaked" within the day anyways.
I would guess that the reasons for not allowing the audit to be shared basically boil down to company secrets. If you have a particular process you follow and want to get paid for following that...
I would guess that the reasons for not allowing the audit to be shared basically boil down to company secrets. If you have a particular process you follow and want to get paid for following that process, then it would be kind of silly to allow people to freely distribute the details of that process.
As for why NordVPN would pay for their service and accept those terms, it's probably a combination of understanding the aforementioned as well as wanting to be able to say that they used an established, external company to perform the audit, rather than saying "we audited ourselves". It could also be that the details of any audit would include details of their own internals, which would mean NordVPN might also have to leak their own company secrets, which typically isn't desired.
This is all pure conjecture, of course, but there are perfectly valid reasons for why they might not want to be 100% transparent.
Those were just examples of valid reasons. Please keep in mind that I'm not suggesting what their actual motivations are, only that they likely have some sort of justification that makes sense...
Those were just examples of valid reasons. Please keep in mind that I'm not suggesting what their actual motivations are, only that they likely have some sort of justification that makes sense from a business perspective.
Seems odd that they don't mention who of the "Big 4" companies did the audit and how the audit was done. It could be anything from filling out some questionaire to full on forensics analysis of servers, because a "review our servers and code and to interview the employees in charge of maintaining our service" (quote from the NordVPN blog article) could mean basically anything.
Also what is "However, in order to uphold the integrity of the audit and its results, we are currently significantly limited in what we can publicly say about it." supposed to mean? How does that even make sense?
Honestly, I'm not saying that NordVPN are in fact logging anything, but this "audit" doesn't really increase my confidence in their services, rather the opposite.
Right, I saw that in the article as well. That makes it even more odd to me. I'm assuming that NordVPN paid for this audit, so why would they accept these terms by the audit company? It just makes the audit seem like a "oh yeah, we're totally safe and secure guys, just trust us." rather than any substantiated evidence, which would basically be the point of the audit, no? I.e., (re)gain trust from existing (who get to see the report) and potential customers.
Anyways, I'm pretty certain that the report will get "leaked" within the day anyways.
I would guess that the reasons for not allowing the audit to be shared basically boil down to company secrets. If you have a particular process you follow and want to get paid for following that process, then it would be kind of silly to allow people to freely distribute the details of that process.
As for why NordVPN would pay for their service and accept those terms, it's probably a combination of understanding the aforementioned as well as wanting to be able to say that they used an established, external company to perform the audit, rather than saying "we audited ourselves". It could also be that the details of any audit would include details of their own internals, which would mean NordVPN might also have to leak their own company secrets, which typically isn't desired.
This is all pure conjecture, of course, but there are perfectly valid reasons for why they might not want to be 100% transparent.
But then it wouldn't make sense to release the report to existing customers, which would leak all of that information as well.
Those were just examples of valid reasons. Please keep in mind that I'm not suggesting what their actual motivations are, only that they likely have some sort of justification that makes sense from a business perspective.