VyprVPN engaged leading security firm Leviathan Security to carry out an independent audit on its VPN servers in September 2018. Sunday Yokubaitis, CEO of Golden Frog (parent company of VyprVPN) said that it wanted to “do something more to create trust than just updating our website and privacy policy with No Log language.”

Frank Heidt, CEO of Leviathan Security, called Golden Frog “a pleasure to work with”, stating that his team had unrestricted access to source code and configuration files for the duration of the audit. He said it was very clear to see that VyprVPN is “absolutely committed to providing a safe and private experience to their users”.

The finished audit, which you can view on VyprVPN’s website, reveals a limited number of issues which were quickly fixed. Leviathan Security then performed a re-test to verify that all of these fixes were effective. VyprVPN’s new logging policy now confirms that it no longer logs or retains user IP addresses, server IP addresses, connection start and end times or total amount of bandwidth consumed, which is great for privacy.

VyprVPN made the decision to switch to a No Logs policy and conduct this audit after it was excluded from a Wirecutter review of the Best VPN Services for 2018 in April of this year. It saw a customer ask on Twitter why this was, and when it discovered it was due to its minimal logging policy, it knew it was “time for action”.

The main takeaways from the audit are:

  • VyprVPN produces no identifying logs without the user’s consent
  • VyprVPN fixed the limited number of issues that were revealed during the project
  • VyprVPN can confirm to its users that none of their activity is logged while they’re connected to the VPN

VyprVPN was also recently featured in an article written by the CDT (Center for Democracy and Technology) entitled “Signals of Trustworthy VPNs”, which helped users better understand the questions they should be asking their VPN provider. It also further outlines VyprVPN’s commitment to user privacy, including the extra security measures put in place to ensure the highest possible level of protection.

VyprVPN is also considering a general security audit in the near future, which will cover the service as a whole, rather than just the logging policy. It hopes that this audit will encourage other VPN providers to assess how they deal with user data, as it believes this will help “create more trust with VPN services in general”.

You can read our independent review of VyprVPN here.