The VPN Trust Initiative ("VTI") Principles:
An initiative focused on promoting privacy and security through VPNs, and establishing standard practices for VPNs that foster trust.
The non-profit i2Coalition headed an effort to draft a set of common principles to serve as a baseline for how VPN providers should operate
Launched September 29, 2020, the VTI Principles offer a comprehensive set of best practices for VPN providers that bolster consumer confidence and provider accountability and ultimately increase VPN adoption and access to the technology’s benefits.
They have been informed by input from civil society and other outside experts to protect the privacy and security of VPN users, offer practical policy guidelines for VPN providers and ensure policymakers, regulators and the wider market have access to criteria for evaluating these technologies.
We made a major update to the VTI Principles in 2022.
Read the full VTI Principles document here:
The 5 Key VTI Principle Areas
The VTI principles focus on five key areas: security, privacy, advertising practices, disclosure and transparency and social responsibility.
These are our common best practices for VPNs used by our members:
VPNs will use the necessary security measures including strong encryption and authentication protocols to appropriately address the risks. VPNs will:
- Suspend compromised authenticators in the event of a security incident
- Use token-based authentication when possible
- Never store usernames and passwords in plain text
- Help prevent keys from being shared between users
Given the complexity and different use cases for VPNs, claims must not mislead. VPNs will:
- Use clear and transparent language
- Never claim VPNs guarantee anonymity - VPNs provide privacy but cannot ensure complete anonymity because user behaviour could hint at or reveal the user’s identity.
VPNs should keep as little data as they deem necessary to provide the service, and only produce data to law enforcement when legally required. VPNs will:
- Say what they log, why they log it, and how long they keep the logs
- Notify users of a potential data breach or security incident within a reasonable timeframe
- Be transparent about any disclosure of data to third-parties
Disclosure and Transparency
To drive trust, member companies must take steps towards informing users and the public about their actions and procedures.
- Disclose how data is used, and what other business units and/or third-parties have access to data and why
- Publish annual transparency reports
- Provide user data only upon legitimate and valid court-ordered legal requests.
VPNs provide greater security and privacy - social goods that are important to those trying to make the world a better place. VPNs should:
- support public education around VPNs and with truthful information
- Contribute to VPN technology including open source initiatives
- Promote VPN technology to support freedom of expression
The VPN Trust Seal accreditation program provides a clear public indicator that a participating VPN provider follows established best practices for delivering service in these five areas. For more detailed information on each of these principles and how to get the VPN Trust Seal, please contact Hilary Osborne at [email protected].
Watch our webinar on the VTI Principles
Hear from Surfshark Founder and CEO Vytautas Kaziukonis, ExpressVPN Vice President Harold Li, NetProtect Vice President of Marketing Terry Myers, NordVPN Head of Public Relations Laura Tyrell, on why the VTI Principles are important to their organizations. Christian Dawson and David Hamilton from i2Coalition also provide insights and a window into drafting the principles along with moderator Ilissa Miller of iMiller Public Relations.
About i2Coalition’s VPN Trust Initiative
i2Coalition’s VPN Trust Initiative (VTI) is an industry-led consortium that promotes consumer safety and privacy online by increasing understanding of VPNs and strengthening business practices in an industry that already protects millions of Internet users. The VTI leverages first-hand knowledge to advocate, create, vet, and validate guidelines that strengthen trust and transparency and mitigate risk for users.
To learn more about the VTI, please click here.
About the i2Coalition
The Internet Infrastructure Coalition (“i2Coalition”) ensures that those who build the infrastructure of the Internet have a voice in public policy. We are a leading voice for web hosting companies, data centers, domain registrars and registries, cloud infrastructure providers, managed services providers, and related tech. We protect innovation and the continued growth of the Internet’s infrastructure which is essential to the global economy. Our coalition launched at a significant time in our industry’s history. The genesis of the organization began in 2011 when many of the i2Coalition founding and charter members joined forces during the successful effort to prevent SOPA and PIPA from becoming United States law. After mobilizing to ensure the Internet’s free flow of information and commerce, we realized the on-going need for an industry voice, founding formally in 2012.
To learn more about the i2Coalition and explore membership, please visit i2Coalition.com.