One person can tell a lie, but a company consists of many people. You must ensure that only few people know of the logging or there will be a risk of a leak.
Well, there should only be a few people with the access needed to discover logging is happening. Just put the logging configuration in whatever secure configuration management tool is storing your TLS keys and suchlike.
Make it look like an accidental misconfiguration and if an insider who isn't an NSA mole does somehow discover the logging, there's a fair chance they'll turn a blind eye anyway. After all, if you work at a VPN, publicly outing your employer for logging will tank the business, then you and your colleagues will all be out of a job.
leakers and whistleblowers are extremely rare. History is filled with examples of conspiracies involving many people that went on for long periods of time before one person eventually risked everything and said something. The Tuskegee Experiment went on for like 40 years! If keeping secrets were all that hard none of them would have been allowed to go on as long as they did.
I could just...lie.
You really think someone would do that?
An intelligence agency? LIE??? Perish the thought!
What, just go on the Internet and tell lies? Who would do such a thing‽
*gasp
One person can tell a lie, but a company consists of many people. You must ensure that only few people know of the logging or there will be a risk of a leak.
Well, there should only be a few people with the access needed to discover logging is happening. Just put the logging configuration in whatever secure configuration management tool is storing your TLS keys and suchlike.
Make it look like an accidental misconfiguration and if an insider who isn't an NSA mole does somehow discover the logging, there's a fair chance they'll turn a blind eye anyway. After all, if you work at a VPN, publicly outing your employer for logging will tank the business, then you and your colleagues will all be out of a job.
An intelligence agency already consists of more people than you need to run a VPN service.
3 replies →
Intelligence agencies... are generally pretty good at that.
leakers and whistleblowers are extremely rare. History is filled with examples of conspiracies involving many people that went on for long periods of time before one person eventually risked everything and said something. The Tuskegee Experiment went on for like 40 years! If keeping secrets were all that hard none of them would have been allowed to go on as long as they did.
Companies can lie at large too. Enron, theranos, and many others come to mind.
> How would you claim it's a no log VPN?
Mullvad have been taken to court over this in relation to a copyright infringement case.
TL;DR The judge permitted people to take a fine-tooth comb to Mullvad's infrastructure and no logging was found[1].
[1] https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-sea...
Their 3rd party audit didn’t catch this…
I guess we’ll see how they respond.