TMCnet News

HMA VPN No Logging Policy Verified by Cyber-Risk Consulting Firm VerSprite
[August 05, 2020]

HMA VPN No Logging Policy Verified by Cyber-Risk Consulting Firm VerSprite


LONDON, Aug. 5, 2020 /PRNewswire/ -- HMA VPN, the net neutrality and anti-censorship company, has been awarded a low risk user privacy impact rating for its no-logging policy following an independent review by cyber-risk consulting firm VerSprite. The assessment, which categorised risk level on a scale of low to critical, included analyses of data, traffic, and storage on both the client and server-side, and the disconnection of user identities with data containing information about online user activity. The introduction of the no-logging policy earlier this year and now the third-party audit forms part of a broader initiative by HMA to become a privacy champion for people around the world.

VerSprite's technical PIA covered HMA clients for Android, iOS, Mac, and Windows, and ran from the installation process through the entire data flow of the in-scope endpoint applications. VerSprite applied a privacy-focused threat model to encompass manual assessment techniques aimed at identifying where privacy violation risks may be present within the HMA clients. The objective was to identify, report, and provide recommendations for any technical gaps related to HMA's no-logging policy. This technical PIA follows other security penetration testing efforts by VerSprite on HMA VPN.

"For years, VerSprite's Research & Offensive Security teams have found numerous zero day vulnerabilities and risks in VPN software," said Tony UcedaVélez, CEO of VerSprite. "HMA relied on our offensive security team's talents to focus more on privacy violations that could be present via the VPN client oftware. We worked to help validate the assurances made from the no-logging policy and helped them understand the nature of the risks identified so that they could improve the product's overall privacy level."



Andrei Mochola, Commercial Director at HMA, said, "The VPN industry has struggled with a trust issue for a long time. The ownership of some VPN companies is ambiguous at best or concealed at worst, and many people are unaware that they're handing over their data to organizations which offer little to no visibility on what they do with it. Our ambition is to set a new standard in privacy protection for consumers by being painstakingly transparent across all touch points in our privacy policy, our products and our communications."

"The introduction of the no-logging policy in May this year was phase one. This stamp of approval from VerSprite is phase two, and moving forwards we will be introducing new privacy features, connection protocols, and improvements to our infrastructure so we can better protect user privacy."   


HMA's no-logging policy applies to HMA for Windows, Mac, Android, AndroidTV, iOS, and Linux.

HMA VPN has over 1,100 servers in 290+ locations across 190 countries - the largest selection of server locations in the VPN market. It is available to download from www.hmavpn.com.

About HMA
HMA helps millions of people all over the world to safely and securely enjoy the internet, preserving our fundamental right to choose how and when we share personal information. HMA has more than 1,000 servers in over 290 locations in over 190 countries, and is a global company based in London with offices in the UK, Czech Republic, and Serbia.

In 2016, HMA was acquired by Avast (LSE:AVST), a global leader in digital security products, which has added HMA VPN to its existing portfolio of security software and services.

HMA is a champion of net neutrality and a committed anti-censorship campaigner. It believes strongly that everyone should be entitled to freedom of association and open access to online information.

About VerSprite
VerSprite is an international leader in risk-based cybersecurity consulting services and threat modeling. Their offensive approach goes beyond assessing security controls to examine credible threats to understand the likelihood of real-world abuse cases and measure the magnitude of the business impact if a breach should occur.

VerSprite has proven that by developing a holistic business/IT risk view, security decisions become business decisions. They believe an integrated approach will result in better and more cost-effective security practices and better business outcomes overall.

VerSprite partners with clients to provide security solutions across many security practice areas including pen testing, red teaming, Cloud security, Threat Intelligence, vSOC, organizational threat modeling, geopolitical risk, and research as a service to name a few. They are also emerging leaders in security products with their Cyber Threat Intelligence Portal (CTIP) and Cloud Security Assessment Platform (CSAP). VerSprite is proud to be an innovator on behalf of its wide range of clients.

 

Cision View original content to download multimedia:http://www.prnewswire.com/news-releases/hma-vpn-no-logging-policy-verified-by-cyber-risk-consulting-firm-versprite-301106096.html

SOURCE HMA


[ Back To TMCnet.com's Homepage ]