The UK is a terrible base for a VPN provider, due to its intrusive data retention laws now codified through the UK Investigatory Powers Act, or the ‘Snooper’s Charter’ as it is popularly known. AVG was in turn bought by Avast, another Czech antivirus firm, in 2016.ĭespite the parent company, Avast, being based in the Czech Republic, Privax Ltd is still located in the UK. The VPN’s popularity led AVG, a Czech antivirus company, to acquire it for up to $60 million in 2015. HideMyAss launched its first subscription-based VPN service in 2009 under the ownership of parent company Privax Ltd.
The important thing is that HMA’s no-logs policy clearly states your internet activity will not be tracked or logged.ĭespite the logging policy improvement, HMA is a VPN service with an extremely poor track record when it comes to safeguarding its customers’ anonymity. The only personal information HideMyAss retains is your email address and username, which is standard practice among VPNs. Third-party security audits provide real evidence of a VPN’s activities, so you’re not forced to rely on what a VPN service claims. VerSprite awarded HideMyAss a “low-risk user privacy impact rating” - the best possible classification. HMA’s updated logging policy has been verified by reputable cybersecurity consulting firm VerSprite, following an audit of HMA’s systems. The limited amount of data that HMA does log is aggregated and not tied to any specific user. We worked to help validate the assurances made from the no-logging policy and helped them understand the nature of the risks identified so that they could improve the product’s overall privacy level.Excerpt from HMA’s updated no-logs privacy policy. HMA relied on our offensive security team’s talents to focus more on privacy violations that could be present via the VPN client software. “For years, VerSprite's Research & Offensive Security teams have found numerous zero day vulnerabilities and risks in VPN software.
This isn't the first time that HMA has worked with VerSprite as the firm also conducted security penetration testing on its VPN service.ĬEO of VerSprite Tony UcedaVélez provided further insight on how its security team searched for privacy violations in HMA's VPN clients, saying: The objective of the independent audit was to identify, report and provide recommendations for any technical gaps related to HMA's no-logging policy. The firm applied a privacy-focused threat model to encompass manual assessment techniques aimed at identifying where privacy violation risks may be present within the VPN service's clients. VerSprite's technical private independent audit covered HMA's clients for Android, iOS, Mac and Windows and started from the installation process all the way through the entire data flow of the in-scope endpoint applications.
0 kommentar(er)
