Virtual Private Network (VPN) providers are supposed to be the most trustworthy companies around. They offer you a secure tunnel that you can use to use the internet without being observed. However, what happens when these companies aren’t above board with you the way they should be? Tech Radar mentions that NordVPN had a breach to their systems sometime in March 2018, but didn’t inform clients before quietly switching servers. News of the breach forced the company to admit it was hacked previously, but some users raised the question of whether they should have been informed about the data breach. The only time users were apprised of the situation was when someone brought it to light on Twitter. Many users were rightfully angry that the company didn’t even bother to inform them when they realized the situation.
The Issues at Stake
While the breach was not devastating to NordVPN, there are two things at stake here – NordVPN’s reputation with users and the data of those users. While the breach itself was somewhat limited in scope, the malicious user could still trace user data back to the source, and attribute it to a specific individual based on their account information. Fortunately, the malicious user would only be able to see the domain that the user went to and not the subdomain system. While that offers some protection, it’s not what users who subscribed to NordVPN were paying for.
The second issue is a thornier one. Enterprise-level programs like NordVPN make them ideal for use as a school VPN, but there is a level of trust necessary for the buyer to allow the VPN provider to use their service. Indeed, the idea that you’re paying for a service already makes it seem like a legitimate business. As How To Geek mentions, there’s no reason for someone to trust a free VPN, and for a good reason. In the case of a paid VPN, however, the idea is that you should get your money’s worth. It’s most definitely not on the cards for the VPN provider to omit news of a potential data breach. It’s even worse when the acknowledgment comes over a year after data may have been stolen.
Trust is the Building Block of VPN Security
Almost all of humanity’s modern inventions are based on trust. Scientific American mentions that many people are heavily dependent on advanced technology, even though they don’t trust it. Users of VPNs, such as YEAH! Local, have no choice but to trust their providers. Unless someone blows a whistle, they won’t be aware of if someone is spying on their data. The fact that the company took so long to admit that there was a breach of trust puts them on a shaky foundation. It won’t be surprising if many of those users simply close their subscriptions with the business because of the blatant abuse of trust.
Keeping a Product Depends on Trusting the Product
The takeaway from this fiasco is that, as a buyer, you have the opportunity to vote with your wallet. While NordVPN is one of the leaders in the industry, that doesn’t give them the right to maltreat their customers. Consumers have the power to decide whether a business is worth spending money on or not. Since trust is part of the company’s product, and the enterprise abused that trust, it’s only fair that users show them the door, if only temporarily. The company has already committed itself to completing an audit of its servers by a third party, according to PC Mag. Whether this will be enough to assure users remains to be seen. Regaining a user’s trust is a lot harder after they have learned you’ve abused it.