Back in May 2020, HMA VPN added a new No Logging Policy, and now the company has had an independent audit of the policy completed. Following some recent news of other VPN services which offer the same promise actually keeping logs, it was important for the company to prove that it stood behind the claim. HMA VPN's new no-logs policy has been given "a low-risk user privacy impact rating" following a third-party audit.
The UK-based company, which operates 1100 VPN servers globally, took part in an independent audit conducted by cyber risk specialists Versprite to make sure its newly launched no-logs policy could protect user privacy effectively.
HMA explained that the assessment comprised "analyses of data, traffic, and storage on both the client and server-side, and the disconnection of user identities with data containing information about online user activity."
With these results, the security experts then generated a risk level of low to critical. In the case of HMA, it was given the lower rating -- meaning that its privacy policies don't pose a threat to users.
Andrei Mochola, commercial director at HMA, said:
"The VPN industry has struggled with a trust issue for a long time. The ownership of some VPN companies is ambiguous at best or concealed at worst, and many people are unaware that they're handing over their data to organizations which offer little to no visibility on what they do with it.
Improving user privacy
He went on to say that the introduction of HMA's no-logs policy is one of many steps the company is taking to improve user privacy across its platform.
"The introduction of the no-logging policy in May this year was phase one. This stamp of approval from VerSprite is phase two, and moving forwards we will be introducing new privacy features, connection protocols, and improvements to our infrastructure so we can better protect user privacy."
In total, VerSprite performed tests on the HMA Android, iOS, Mac and Windows applications, and these "ran from the installation process through the entire data flow of the in-scope endpoint applications."
The objective was to look for any privacy threats and, if any were found, to report them to HMA so that they could be fixed. But given that HMA was provided with a low risk rating, it's fair to say that the tests went well.
"For years, VerSprite's Research & Offensive Security teams have found numerous zero day vulnerabilities and risks in VPN software," said Tony UcedaVélez, CEO of VerSprite.
"HMA relied on our offensive security team's talents to focus more on privacy violations that could be present via the VPN client software. We worked to help validate the assurances made from the no-logging policy and helped them understand the nature of the risks identified so that they could improve the product's overall privacy level."
Looking to get started with a VPN? Be sure to check out all of our best VPN service picks now!
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.