Proxy.sh fighting the naysayers with improvements

Easier Access

After posting an article two days ago entitled Proxy.sh use Wireshark… again! in which we looked in to the second public usage of the network troubleshooting (aka sniffing) software, Wireshark it appears Proxy.sh made a somewhat exciting announcement the day after the article was published.

Firstly after their “Ethical Policy” was belittled by Electronic Frontier Foundation staff attorney, Nate Cardozo in regard to the loopholes it may leave the company open to they have complete re-written this policy with the help of feedback from Nate Cardozo plus others. This is a step in the right direction and with pointers from a well respected organisation such as the EFF we hope that the previous loopholes that existed have now been covered.

One of the major new features of the Ethical Policy and one which was most heavily criticised on the old policy from nearly every corner is the fact that Proxy.sh will now not play judge and jury when it comes to matters which in their own words “is directly harmful to another human being“. This is a huge step in the right direction as most are in agreement that it should not be up to an ISP, VPN provider or other service in the same industry to be policing their network to the extent which Proxy.sh previously allowed themselves via their old policy.

However although the new policy from my non-legal viewpoint looks good I am still quite confused by the statement that follows the section based upon what their “Ethical Task Force” will do should they receive a complaint that relates to some of the more serious crimes. The policy explains that after receiving a complaint it will require the complainant to submit two reports, one by a legal attorney and one by an IT forensics analyst, after such “The team will then attempt to actively report the case to law enforcement bodies and competent non-governmental organizations involved in the fields that the abuse relates to“. The issue I have with this is if a crime or activity is taking place against an individual then it should be for the person(s) in question to report the incident to a law enforcement body or competent non-governmental organisation who should in turn contact Proxy.sh to liaise on the technical aspect of the crime.

Although this may open Proxy.sh up to a position where they are then not able to publish the complaint in their transparency report this would be the case if a individual went to a law agency directly anyway. It appears as if this policy point adds to the workload of Proxy.sh themselves as they will then be putting themselves in a position where they are responsible for contacting law enforcement institutes around the world many of which would require the alleged victim of a crime to be the one reporting it, not another company on their behalf. However I am pleased to see that they are acting in a responsible manner when it comes to the most heinous crimes and as such not allowing or giving the impression that a VPN should be the enabler of crime.

That said, apart from that nuance their policy is now clear that they will not install or use monitoring tools such as Wireshark when receiving a complaint unless it is required by law. As was with the previous case that caused such uproar, in a similar instance this would now not be possible which will no doubt please many of the critics of the company.

Further detail from the announcement and something with which we took issue to in our article two days ago is they are making it an obligation to themselves to “provide alerts within an appropriate timeframe” when they need to intervene on one of their servers for technical reasons. We sincerely hope that this time frame will be greater than the 4 hours they provided on Friday due to a DDOS attack on one of their dutch servers although in the announcement they make no notice of how long an “appropriate timeframe” is which is possibly something they may wish to clarify. Regardless the understanding that this needs to be improved is again a welcome policy change.

For those who haven’t been keeping up to date with the happenings at Proxy.sh, for the past month they have been publicly publishing all the reports they receive in relation to such things as DMCA notices, DDOS and hacking related activity in what they title their Transparency Report. This is a step in the right direction for transparency and puts Proxy.sh at the forefront in this area, a very nice addition that I hope other providers will and should follow in suit.

One of the most interesting parts of the recent announcement is Proxy.sh have decided to publish a Warrant Canary making them the first VPN provider to make such a radical step and taking them one step further in the privacy stakes. This in a nutshell is best explained by the Wikpedia explanation which states

A warrant canary may be posted by the provider to inform users of dates that they have not been served a secret subpoena. If the canary has not been updated in the time period specified by the host, users are to assume that the host has been served with such a subpoena. The intention is to allow the provider to inform users of the existence of a subpoena passively, without violating any laws.

In essence it provides a silent whistle on themselves should their service of been compromised by a government organisation which requires them by law not to publish information or inform third parties regarding such action which would compromise their integrity and the privacy services which they offer.

Such a move was recently made by Apple and although not fully tested by law is a smart move by Proxy.sh and will go a long way in regaining the trust of their current and future user base.

Easier Access

Easier Access

Finally in our article Proxy.sh use Wireshark… again! published two days ago we questioned the lack of communicating network troubleshooting and the implications that this would have on users who would not be clearly informed of said action on the server that they may connect to. I am pleased to see that not only have Proxy.sh heeded our concerns by stating “We still need to link our Transparency Report and our Network Status alerts to our Twitter account (suggested by VPNCompare), so that you can be kept alerted in real time through third party communication channels” which goes to show that they are ready to listen and improve their service and in an extremely swift time frame. Furthermore in this regard they have already introduced easier access to their Transparency Report, Warrant Canary and Network Alerts from their Client Panel which is a very welcomed move making it easier for customers to better understand the actions that they take.

It appears as if Proxy.sh are not only willing to listen to and improve on criticism but are also taking market leading steps to ensure that they are doing the utmost possible to secure the privacy of their users. All of the above improvements will only go to strengthen the stance that they take in the respected areas and should be areas that other providers may wish to take note of for their own services. Proxy.sh provide an excellent service and we found no trouble when we reviewed them back in August. They have taken a heavy bashing from both the public and media in certain regards but are taking the correct steps in readdressing these concerns and I applaud them for introducing such measures.

Christopher Seward

Author: Christopher Seward

After 25 years of using the internet, Christopher launched one of the very first VPN comparison websites in 2013. An expert in the field his reviews, testing and knowledge have helped thousands of users get the correct VPN for their needs.

Comments

  1. Avatar VPN

    Hey Chris,
    I’m the guy who likes cascading VPNs from different (competing) vendors.
    I linked a very interesting older post from ‘Reuben’ at bolehvpn.
    Relevant to this current event IMHO – I agree a VPN provider has a tough job.

    http://www.bolehvpn.net/blog/2012/03/would-you-pay-for-a-multi-hop-vpn-option/

    “First of all, I seriously do not know what any of my users are using the VPN for. I could of course turn on logs and take a look, but frankly it’s not in my interest to do so. It takes up serious disk space, it takes up CPU, it breaches my own guarantees to my customers and puts me at threat of legal action against me by breaching my contractual obligations. The only times I do turn on logs are when I suspect some sort of abuse (using our service for DDoSing or mass spam etc) in which I turn it on, try to catch the guy doing it in the act (since I have no history), and then wipe the logs off again. This is necessary to continue running a viable service or else a few users will spoil the experience of everyone. I believe I’ve made this clear somewhere (I’ll have to relook at this to make sure the message gets across). I can’t even remember the last time I turned it on. For e.g. in the IPT password change when some user being an asshole decided to change the password, I could not identify the user. I didn’t have logs turned on, I knew the IP that changed the password (which was one of our VPN IPs) but could not pinpoint it to someone. Of course maybe if this becomes a consistent problem, then I would turn on logs and catch the culprit but I would also more likely than not just stop access for a while so that EVERYONE loses but not at the cost of turning on logs (I believe I’ve in fact done this before if you search the blog). To me, turning on logs is really a last resort since I would have to actively monitor it to find the culprit which isn’t an easy task.”
    .
    “I don’t know how I would react if someone had good proof to show that terrorist activities have been conducted. If turning on logs might save lives….well I don’t know how I would react then.”

    🙂

    • Avatar VPNCompare

      Greetings, good article to link to. I agree with you, a VPN provider has a very difficult job and not one I would personally want to be responsible for.

      I said a similar thing to your quoted passage back In October and again related to the Proxy.sh situation, http://www.vpncompare.co.uk/was-proxy-sh-right-to-sniff-traffic/

      • Avatar VPN

        A slightly off-topic observation … p2p over VPN …
        p2p torrent traffic is rarely (if ever) blocked by a VPN vendor.
        .
        Vendors will, however, block torrent trackers. The ‘rule-of-thumb’ is to block torrent trackers on USA and UK – VPN exit servers. DHT, Local Peer Discovery, and Peer Exchange can’t be blocked. Just trackers. Most VPNs allow all trackers on their NL VPN servers. Once you have ‘discovered’ a bunch of peers, then ANY VPN server will work just fine. I get great torrent speed from USA VPNs once I have a torrent ‘warmed up’. I stay away from UK VPNs just because I’m not too keen on UK right now. Bloody politics.
        .
        Must be tough to be a freedom loving Brit these days.

  2. I am going to go out on a limb and say that the reason it says “The team will then attempt to actively report the case to law enforcement bodies and competent non-governmental organizations involved in the fields that the abuse relates to” is for fraud. I have always said I do not want to find people doing illegal stuff my network and I would rather not know whats going on but if something is brought to my attention then I feel obligated to try and help fix the problem. I have had several people contact me when someone has stolen their credit card information and they are trying to get to the bottom of it. We get charged if they file a chargeback so I would MUCH rather them come to me first so I can refund them their money and I am more then happy to provide any and all information I have on the user to MaxMind and the cops.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.