In the last decade, the VPN market has been steadily growing, and this growth was spiked even further in 2020. Two main reasons contributed to an even more expansive use of VPN software: 1) Covid-19, quarantine, and work from home set the needs for home network security; 2) cybercrime has been on the rise and cybersecurity became a more common issue.
This has paved a broader way for commercial and business VPN service providers but also staged numerous challenges. One of them is to set security, transparency, and ethical practice standards for global commercial VPN service providers. At the front of this mission is i2Coalitions VPN Trust Initiative (VTI), that released their core principles on 29th September 2020. They decided to build the trust bottom-up, informing their users of crucial software intricacies, capabilities and limitations.
i2Coalition formed in 2011 under very specific circumstances - USA was about to implement SOPA (Stop Online Privacy Act) and PIPA (Protect IP Act). Names of these two laws had little in common with their content - huge ambiguities existed within them, threatening online freedom of speech, user-created content, and copyright infringement looked more like Internet control.
i2Coalition founding members actively participated in the successful protests against SOPA and PIPA and having realized the need for ongoing efforts to protect online freedom formed a collective. Jumping eight years further, in 2019, they established a coalition with NordVPN, ExpressVPN, VyprVPN, Surfshark, and NetProtect to create VPN Trust Initiative or VTI. NordVPN being the founder of the initiative, you can read their statement here. Later they were joined by other IT companies, including web-infrastructure and website-security giant Cloudflare.
According to official VTI principles for commercial VPN providers, it was
"established in 2019 as an industry-led & member-driven consortium of leading VPN providers focused on educating consumers on the privacy and security benefits of VPN providers, and establishing standard practices for VPN providers that foster trust."
Those that join this collective adhere to its principals, which include:
In other words, more honesty and engagement with the user. So how exactly does this benefit the VPN community?
First of all, security guidelines will motivate all VTI members (hopefully others too) to implement the latest encryption and VPN protocol standards, that are considered safer and contribute to better user experience. Recently adopted WireGuard Protocol by numerous commercial VPN service providers is a representative example. Both faster and easier to audit it enhances security (audits) and UX (faster speeds).
Clearer privacy policies will enable users to understand what information does their VPN collect, under what circumstances it will be shared with authorities, and what level of privacy they can expect. Misleading PP (Privacy Policies) have popped up more often than desired, confusing users with "complete anonymity" and "no-logs" promises, without the capabilities to keep them. VTI principles strictly forbid this, prioritizing audited no-logs services, or clear data-collection messages if data-collection is part of the service.
This extends to marketing and advertising. "Complete anonymity" has been used by various VPN service providers, and those that care about their reputation removed these false statements after it was proven that additional encryption and IP obfuscation is not enough to grant online anonymity. Up-to-the-point transparent marketing strategies will empower users to choose a VPN best suited for their needs - a significant improvement to a competitive VPN market.
Last but not least is social responsibility. "VPN providers provide greater security and privacy, which is a social good that is vitally important to those who are trying to make the digital sphere a better place." VTI aims to broaden VPN social responsibility ethics by revealing how both sides - VPN service providers and users - benefit from a more open, free, and secure Internet. NordVPN Emergency VPN assistance program, which provides free VPN service to those struggling under extreme censorship and privacy violations is one of the numerous ways of giving back to the community.
VTI was established only a year ago, and at the time of this writing, the core principles are online for no more than a day. However, having followed the commercial VPN market for nearly all its existence, I can say these five core principles come in the right place at the right time, by the right people.
It's crucial to understand that the safe Internet problem is a social problem. The Internet is not separate, but a supplementary part of our lives, and until it's been fixed, there'll be concrete dangers and grievances offline. VPNs that can ensure a safer and more open connection to the Internet, more private browsing, should set the standards of precise policies and social responsibility.
And VTI is a promising start from most-prominent VPN service providers and cybersecurity experts in general, hopefully, leading VPN services and the World Wide Web towards a safer and more honest state.