Running a VPN service can be a tough job and not one I would personally want to do. There are three P’s to take into account when you’re running a service such as a VPN, well, actually I tell a lie, one of the P’s is “Provider” as in VPN Provider, but “The two P’s of offering a VPN service” just didn’t sound like a convincing title, so I used poetic licence and extended it to three.
Professionalism Vs. Preservation
Professionalism for a VPN service is all about offering what the consumer requires. For the majority of clued up customers the main requirement of a provider should include Privacy, Encryption and Anonymity. These are three of the most important aspects that a provider can offer and without these the service will fail to attract the customer base that it requires. Many providers claim that they do not log, either in full or your usage and is one of the main requirements that most of us as users look for in a provider.
Recent events for the US based LiquidVPN have raised an important question in the debate between Professionalism and Preservation. When I talk about “Preservation” I refer to it in sense of the service, the actions and decisions that are made to keep the service viable and running, preservation of that service. For those who aren’t aware of the recent situation at LiquidVPN they were in the past few days subject to a range of actions that have lead to the loss of 50% of their US based servers through user action.
Within a short space of time they received a mass of DMCA notices regarding the access and/or upload of copyrighted material in one batch. Now if this was against the TOS on those specific servers then they would have something to grumble about but that coupled with the receipt of a notice regarding a user or users who were attempting to use the service to disrupt, hack or attack the Bank of America came as a final nail in the coffin.
This kind of action can lead to the VPN provider landing in a lot of trouble and are requested to resolve the issue by stopping the abuse reports which would most likely involve removing the user from the service. How does a provider go about removing a user when they keep no logs? Well, the simple answer is, enable logging! This is the time critical moment where Professionalism meet Preservation head to head and for any provider must be a tough call.
LiquidVPN sent out a notice informing users that they would need to enable logging or risk losing their servers. This type of action is always met by scepticism from the community, the golden rule of a non-logging provider is to never enable logging at all costs or feel the backlash of disgruntled customers. However, how is the preservation of the service possible if a small minority of users start to destabilise the service at the detriment of the majority?
Logging can be enabled at any time
The simple fact of the matter is logging can be enabled by any provider at any given time without the user being aware. Claim you log nothing and turn on 24/7 logging, it isn’t ethical, but entirely possible. Yet we choose, or should choose providers based on trust, you trust your provider not to carry out this kind of action, so in times of crisis perhaps it is a requirement that the community understands that in extreme cases it is a necessary evil to uphold the preservation of the service.
In the case of the LiquidVPN incident, if it had got to the stage when logging was enabled the only person or persons who would have access to such logs are the owners or technical department, the kinds of people who we trust to set up the networks that we use, the kinds of people who if they do their job correctly protect our privacy and if they fail at this they expose us to the types of situations that we are trying to avoid by using a VPN in the first instance.
So surely we also trust them to rectify these service disrupting issues quickly and by keeping our best interests at heart, if this requires logging to be enabled or some form of identifying a user responsible for a certain action then surely it comes down to, so be it?
VPN providers are the ones that lose out
Unfortunately it was too late and by the time they had started to action measures to resolve the issue the server cluster had been lost and the loser? The VPN provider. Users of the service are also losers because they lose access to servers that may have been ideal for their use, they also have the disruption of waiting for new servers in a similar location to go online, this isn’t an instant action and in the case of LiquidVPN will no doubt require careful consideration.
We push for and strive for the most secure, anonymous and safe service and with these requirements we put further pressures on the companies who operate the services that we entrust with our privacy. This recent situation leads me to question, will a small amount of users who feel that a VPN service allows crime to be committed lead to the downfall of the services that we now, more than ever, require?
The Professionalism of a VPN service strives to offer everything and more that they claim is possible but on a personal level how this translates into reality is another matter. As providers they must be torn between their honest and respectable customers and also upholding the same morals for the unscrupulous users who feel that because they have handed over a ~$5 fee that they are welcome to rip to pieces the service that the owners have so carefully crafted to uphold the privacy of the genuine customer base in the first instance.
Food for thought and perhaps time for changing attitudes in the VPN community more so than from the provider side.
Hacker image courtesy of chanpipat / FreeDigitalPhotos.net