We're often asked what makes us different from the me-too "VPN services" that litter the internet landscape nowadays. It's a fair question, but one we rarely (as a team) take time to address... because, frankly, we don't see ourselves as a "VPN service" and never have. It seems like asking a top-end auto manufacturer what makes them different from a rattletrap old VW Beetle: a categorical error.
But smart people with Marketing Experience tell us that answering this question - in 20 words or less, if possible! - is a Key To Success. Or whatever. Hence we've been reluctantly drawn into this question, those of us on the tech side of our team (which is almost all of us, actually)... and tasks have been mercilessly parcelled out.
Here's a reply one of our tech ops folks sent out yesterday, and I decided that posting it here might get things moving. So that's what I'm doing... perhaps someone with marketing expertise will read it, do their magical marketing thing, and leave us with the 20 words that explain Why We Are Different. One can always hope, right?
The original question as posed by a prospective customer (or someone claiming to be, anyhow - "VPN services" routinely send questions to our support folks, copy/paste our replies to their fake questions, and then use that language on their websites or promotional materials; it's happened so many times that it's become a running joke amoungst our staff) reads as follows:
And in reply...I have been reading for an hour on your forum yesterday, but I can not see in what your product is different. Can you explain to that me? I mean, yes, you use OpenVPN too
And yes, it is possible to buy your tokens anonymously (so you write, but it appears you have only one reseller - > so the bulk of tokens still come from you, and then again: nobody knows if this reseller isn’t actually you yourself under another nick. You see, you are not the only one not trusting anything J).
But is the situation that you provide ‘anymous’ tokens the only difference between you and say privateinternetaccess.com or liquidvpn? I mean: OpenVPN is OpenVPN, right?”
{name redacted} -
Hi, let me point you at some additional information.
Our colleagues wrote up a review of some of the crypto snake-oil that is use as marketing materials by "private internet access." That paper is available here. There are issues of credibility raised by this kind of thing: one research group made one review of one marketing claim by this company, and turned up a pile of troubling problems. To me, I cannot imagine trusting that such a company is in any way competent if even such a cursory review uncovers this level of failure. Also, claiming (falsely or not) to be a "founder of Mt.Gox" is not really confidence inspiring at this point in time.
There are hundreds of these me-too "VPN companies" out there nowadays. We've contributed to peer reviews of several dozen, and found horrific examples of security failures... it's hard to even know where to begin. Recently was the case of "FrootVPN" publishing the private session keys of customers. These failures are so bad, it's difficult to speak rationally about them... and yet these companies are often good at "gaming" the SEO and "VPN review" systems in a way to present themselves as legitimate.
OpenVPN is both a protocol and an opensource tool for OSI layer 3 encapsulation of higher-layer packet streams within TCP/IP. To say that anyone "using" OpenVPN is equivalent would be like claiming that, since all brands of cars use internal combustion engines (or until recently, pre-electric!) they are the same. Which is true at one level, perhaps... but not true enough for most folks to trade a Bugatti for a Yugo.
Running a competent network security services - we don't sell "products" - requires a range of expertise and experience far, far beyond simply downloading the openvpn binaries and installing them somewhere. Our network is routinely trusted by members worldwide whose lives depend on the integrity of their private online communications. That's the bar we set for ourselves, and the service we deliver every day.
It has been said that success often depends on doing 10,000 things right. Top-end technical security systems are often similar: there is no magic "security sauce" that one spreads over things to make it good. Rather, there are countless small tasks and decisions and competencies that come into play, day after day.
Or, alternatively, one can simply put up a pretty website with happy logos, install the absolute minimal level of required software, and market the hell out of it as a "VPN service." That's the easy path, obviously, but that's not of interest to us.
When we do our job right, as a service provider, nothing happens: data from our members' internet connections is never leaked, nobody ever gets arrested and tortured by the secret police because our network failed, we never betray our customers, and our servers never get subverted. When it all works, nothing happens - and that's as we like it. We work very hard to ensure that nothing happens, in that sense of the phrase. It is what we are good at.
For some folks, that level of professional expertise, experience, and hard-won credibility matters. Those are our members. For other folks, the "Hide My Ass" style of bullshit marketing - such a cute logo! - is what they prefer. Life is made of choices, and we all make our own choices.
Regards,
~ cryptostorm_ops
