Now, we’re happy to share the key best practices that VTI members have agreed to follow. It’s not just about making NordVPN better — it’s about improving the VPN market as a whole to make its users more secure.
The core principles of VPN Trust Initiative
The first and most important focus of the VTI is security. All members must use strong security measures and protocols to ensure the safety of our customers. But the security guidelines don’t contain specific technological requirements. Since the VPN industry is still changing, any such criteria would become outdated very quickly. However, there are security guidelines services should follow:
- VPNs must use robust encryption and authentication protocols.
- VPNs should use token-based authentication.
- VPN providers should never store usernames or passwords in plain text.
- Companies should be transparent about the safety measures that they use.
- VPN providers need to be on the lookout for potential vulnerabilities in their service. They can ensure security with bug bounties, security audits, and penetration testing.
Users’ digital privacy is another core principle of the VTI. Members of the coalition must ensure the privacy of their users as much as possible. VPNs can achieve this through technological means and through their communication.
When it comes to technology, the first thing VPNs should provide is anonymous payment methods like cryptocurrencies or cash. Others tech solutions for concealing customers’ identities could be token or number based IDs. Tokenization replaces sensitive information, like a user’s personal data, with unique, non-sensitive identification symbols.
VPN providers should make sure their users know how VPN technology works. Users should also understand what information their providers collect, the company’s logging policy, and VPNs’ tech limitations.
VPNs have to be clear about the level of security they provide. For example, brands shouldn’t claim that they provide complete anonymity online.
Disclosure and transparency
VPN service providers must be open about their practices and procedures. VTI members have to be clear about what they collect and how they use user data.
VPNs must also adhere to the data regulations of their jurisdiction. In addition, they are recommended to disclose requests for data like warrants, subpoenas, or other court orders.
VPN companies should support the security and freedom of the Internet. VTI members can do so by educating the public and supporting the freedom of expression.
VPN software providers should also contribute to the advancement of the VPN industry and share their best practices with other technology providers.
We hope that these guidelines will push the industry to become more open and secure. This is not just for NordVPN users. The purpose of VTI is to hold its members to higher quality standards. No matter what VPN you decide to use, if it’s a member of the VTI, it will meet the VTI’s core principles. For a detailed look at the VTI principles, visit the official VPN Trust Initiative website.
Want to read more like this?
Get the latest news and tips from NordVPN