After filing a complaint with the FTC about the data handling practices of a VPN provider in 2017, I led a project to work with VPN providers to improve trust in their products. Together, we created a questionnaire document to advance transparency while encouraging providers to undergo independent audits of their practices in mid-2018. Ever since, I’ve been fascinated by how this industry has evolved, whether its launching prominent television commercials or engaging in substantive security audits.

I’ve also managed to find myself with a front row seat to journalists’ efforts to identify what makes a good VPN:

1. The New York Times’ Wirecutter recently updated its VPN guide, reviewing and building upon some of the work of VPN accountability project I started at CDT with several VPN providers. It’s an incredibly detailed overview of what to consider when purchasing a VPN.
2. TIME, on the other hand, assessed whether using a VPN was even worthwhile, highlighting that VPNs ultimately “shift your risk.”
3. For one of his final pieces with Slate, Will Oremus explored the dynamics of the VPN industry and got me to give him a pretty stark description of the ecosystem: “It is fascinating the amount of sniping that goes on” between VPN companies . . . “They are very quick to pull out knives and shiv each other.”

// Finally, my original primer on VPNs in available here and a summary of considerations I wrote up to mark Data Privacy Day is here.