The Privacy BlogPrivacy, Security, Cryptography, and Anonymity



Who do you / can you trust for privacy?

Woman hiding at corner

Recently a colleague was reading a blog post by a Russian based VPN provider which talked about their privacy stance. He was incredulous. “Why would anyone trust a Russian VPN company?!?!”

It is a reasonable question about many locations. Russia, China, Iran, and many other companies are justifiably known for Internet monitoring and censorship. Of course, in the post Snowden era, a lot of attention has been focused on US surveillance as well.

I think that many people have the feeling that they should trust anyone but their own governments. After all, foreign intelligence services are unlikely to do anything about any intercepts unless they see some kind of global doomsday scenario. You might worry that your local intelligence agency could pass along information to local law enforcement, but that too seems generally unlikely. Exposing such intercepts would also expose sources and methods, which are some of the most highly protected secrets out there.

To me the question is what the VPN / Privacy provider is ALLOWED to keep private. It is clear that many governments put a huge amount of pressure, or actually pass laws, on companies to keep all kinds of user activity records. Interestingly that is not the case in the United States.

Anonymizer has no requirement to keep any records about what our users do through our service, or any way to identify associate any activity with a given user. Our systems are architected so that we don’t need to refuse to provide any of that information, we are simply incapable of doing so.


Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on FacebookTwitter, and Google+.

· · · ·


  • Odd · October 22, 2014 at 12:57 pm

    I wish I could believe you.


    • Author comment by Lance Cottrell · October 22, 2014 at 2:47 pm

      It is logically impossible to prove a negative. No one can prove that they are not keeping logs. All you have to go on is reputation and track record. I have been creating and deploying privacy solutions since 1992. I founded Anonymizer in 1995. In all that time with our millions of users over the years you will not find a single example of a time where Anonymizer leaked or had stolen any information about any user’s activity.
      Tor can’t say that, they have been breached many times. Other providers have much shorter track records, and many are known to have handed over user information.
      At the end of the day, you need to make the decision that is right for you.


  • Odd · October 22, 2014 at 3:20 pm

    That is true. But what about those “secret laws” you have in your country? Couldn’t they compel you to do stuff that that’s counter to users’ privacy?

    Not saying that being a US company, you have the disadvantage. I know other democratic countries can be, and some are, way worse off when it comes to citizens privacy. At least you have the constitution, which, while under attack, gives you strong laws favoring citizens privacy.

    But in the end, it’s a matter of trust, as you say. Thanks for taking the time to address these issues.

    I feel somewhat assured by what you’re saying.


    • Author comment by Lance Cottrell · October 22, 2014 at 3:35 pm

      It is certainly the case that there are secret orders in the United States that can force information to be handed over. It is less clear that I could be forced to fundamentally change my business practices. There are several people who have direct contact with our production systems and would be aware of any such change. There has been turnover in that group over the years. They are all passionate about privacy issues. It is unlikely that it could actually stay a secret. After all, they would know how to leak it anonymously.
      At the end of the day, I certainly understand how hard it is to know who to trust, after all everyone is going to say that they are trustworthy.


  • Odd · October 23, 2014 at 5:13 pm

    Thanks. Consider me a future client!


  • Cell Beat · June 7, 2018 at 3:07 am

    I would say you should not trust anyone when it comes to privacy. one way or another people manage to invade it


Leave a Reply