Most Transparent VPN Providers 2019 – Who’s Behind Your VPN?
We often emphasize the importance of a VPN's location in keeping you safe from Five-Eyes surveillance. So it concerns us when we can't verify that a provider is based where it claims to be. Here's a look at the VPNs that aren't afraid to tell the world where – and who – they are. Share
It may come as no surprise that some of the VPN providers that specialize in masking our locations aren’t eager to completely reveal their own. In fact, some VPNs actually hide their physical locations by registering their businesses in a different country.
We often hear about companies in other industries registering overseas to save money, but VPN companies tend to do it to avoid association with the Five-Eyes countries and their 9-Eyes and 14-Eyes allies.
We generally recommend using a VPN based outside Five-Eyes jurisdiction to protect yourself from data retention laws that put your privacy at risk. However, it concerns us when we can’t verify that a VPN provider is located where it claims to be.
Imagine if a VPN listed its location in a privacy-friendly country, but actually operated in a country with extensive data storage and even spying on internet users. Your data could be at risk of surveillance and you would never know it.
If honesty and openness matter to you in a VPN, read on to learn about the most transparent providers we have researched. We not only know exactly where they are, but also who they are.
What Is the Five-Eyes Alliance and Why Is It Important?
The Five Eyes is an intelligence-sharing alliance between Australia, Canada, New Zealand, the United Kingdom, and the United States. The alliance formed in response to worldwide surveillance needs after World War II and remains active today.
During the Cold War, the alliance developed the ECHELON surveillance system to monitor communications between the Soviet Union and Eastern Bloc European countries. Today, the system is used to monitor billions of private and corporate communications across the globe.
Over time, the alliance was extended to include Denmark, France, the Netherlands, and Norway as third parties. Along with the original five nations, this group is referred to as “Nine Eyes.” Germany, Belgium, Italy, Spain, and Sweden eventually joined to form the “14 Eyes.”
The Five Eyes nations began placing an emphasis on internet surveillance as part of the War on Terror in 2001. Domestic laws prevented these governments from spying on their own people, but documents leaked in 2013 by Edward Snowden revealed that they got around these laws by spying on each other’s citizens.
Why Are 5/9/14-Eyes Countries a Threat to My VPN Security?
If you primarily use your VPN to access geo-restricted content like Netflix or the BBC iPlayer, you probably don’t need to worry about surveillance issues in Five-Eyes countries. If you want 100% anonymity online, however, Five-Eyes spying is a major concern.
Any data that passes through a server based in a Five-Eyes country is subject to the country’s surveillance protocols. This means that if you use a server in one of these regions, your privacy could be compromised.
That’s we usually advise avoiding VPN companies based in Five-Eyes (or 9- or 14-Eyes) territory. If absolute privacy is critical to you, you might even want to avoid connecting to servers in those countries.
Even though the military-grade encryption used by top VPNs promises to keep your browsing private and secure everywhere, no one can 100% guarantee that. We know from the Snowden case that weaker encryption protocols like PPTP have been cracked by the NSA.
That case also showed that the FBI can demand that a digital services provider turn over its encryption keys. Authorities can even put the provider under a gag order to prevent it from telling users what is going on, as they did to the encrypted email service Lavabit.
This brings us to the real threat faced by those of us who use a VPN provider that is not transparent about its location.
If you cannot verify where the provider is based, there is no way to know whose jurisdiction it falls under. If the service is actually located in a Five-Eyes country, your private information could be at risk without your knowledge.
Top Three Most Transparent VPN Providers
Luckily, there are some VPN companies that are completely transparent about their locations and even their personnel. If you want to know who’s behind your VPN, here are the companies that we recommend.
SaferVPN’s mission statement lists its core values as acceptance, respect, transparency, and trust, and the provider’s business practices are completely consistent with those values. In fact, SaferVPN is one of the most transparent VPN companies in the industry.
SaferVPN’s Terms of Service document clearly states that it is a registered business in Tel-Aviv, Israel. In fact, we have visited the company’s offices!
Even though Israel is not a member of the 5, 9, or 14 Eyes, SaferVPN’s truthfulness about its location is courageous. Many consumers are concerned about the actions of Israel’s national intelligence agency, Mossad.
CyberGhost has always been fully transparent about its offices in Romania and Germany, even though Germany is a 14-Eyes nation.
When a company acknowledges its presence in 5/9/14-Eyes territory, we can fully evaluate the measures it takes to protect you from surveillance. That’s why transparency matters, and why when we say CyberGhost is safe, we know it’s true.
In fact, all of CyberGhost’s business information, including addresses, is clearly displayed on its LinkedIn page. You can even view the full profiles of more than 50 CyberGhost employees.
In 2016 and again in 2017, TunnelBear commissioned Cure53 to complete a third-party Consumer VPN Public Security Audit on its services. This was an industry first, and TunnelBear was extremely forthcoming about the results.
Although the first audit showed some unexpected vulnerabilities, most of them had been resolved by 2017, when only a few low-risk issues were discovered.
The provider’s business details, including its Canadian business address and profiles of over 40 employees, are also available on LinkedIn.
Although a location in Five-Eyes territory is far from ideal for a VPN, TunnelBear’s openness about that location means that you can analyze the VPN’s methods for protecting you from government surveillance for yourself.
What About NordVPN and ExpressVPN?
Although they are two of the world’s most popular VPNs and we recommend both highly, NordVPN and ExpressVPN do not qualify for this list. Both companies claim to be based outside Five-Eyes jurisdiction, but we were unable to verify their locations.
Unlike CyberGhost, TunnelBear, and SaferVPN, NordVPN and ExpressVPN have not made their information public on LinkedIn, nor are there any employee profiles linked to the companies.
This doesn’t mean that we don’t trust these VPN services. There have been no complaints of privacy leaks against either provider, and we have no reason to believe there will be.
And they may well be telling the truth about their locations (Panama for NordVPN and British Virgin Islands for ExpressVPN according to their websites). We would just prefer for them to adopt a policy of transparency so that you could confirm those locations for yourself.
A location outside 14-Eyes jurisdiction is best for a VPN provider. However, a VPN with a falsified location in a privacy-supportive country and an actual location subject to Five-Eyes surveillance could pose a serious threat to your online privacy.
Of course, VPN companies being transparent about their locations and staff will not fix the problem of government internet intrusions and intelligence agency spying, but it does mean that your data is never put at risk without your knowledge.
That’s why transparency is one of our core values, and why we applaud any VPN company that lowers the veil to reveal who keeps you safe on online and where they do it.
To learn more about the ways a VPN provider can keep you completely anonymous online, see our guide to VPNs for privacy seekers.