On Fri, 15 Aug 2025, at 21:02, Dan Ritter wrote:If you are buying a service from someone, you should be asking them what is possible and what they support, and making decisions about how trustworthy they are for your use case.How does <anyone> assess the trustworthiness of a VPN provider?
I would suggest that the first step is to see if they have been independently audited. A decent VPN provider should be open and honest about what they're doing; it's all very well the VPN saying "we can't see any traffic we pass", but metadata is just as valuable these days. So you want to ensure that the VPN provider doesn't keep logs either.
The other value proposition of VPNs is the anonymity of crowds (in a way, the VPN provider becomes your ISP. Your traffic appears to originate from the VPN provider, rather than some regional ISP), so you are better off with a popular VPN than a small one.
Finally, there's a question of how paranoid are you? What's your threat model? If you're wanting a VPN provider because you're an international spy and getting caught could cost millions of lives, then you obviously want to be more paranoid than if you just want to watch Live Sports from a neighbouring country.
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature