I think what they say makes sense. I read it the opposite way: How do I know any service with an audit really is as described the day after the audit concludes?
Most audits (as far as I’m aware) will tell the company maybe a week in advance that they are coming in to do the audit, so it’a not like surprise visits I don’t think.
I 100% think it comes down to trust (and some accountability being that their code is open source). Audits feel like a gamed system.
And being open source is a way of showing what they are doing.
That’s just so bad, “we won’t show what we’re doing because it’s tiresome to cover it up” is what I read here.
If you want to look at the thread I was referring to (looked it up): https://airvpn.org/forums/topic/56799-audits/
I think what they say makes sense. I read it the opposite way: How do I know any service with an audit really is as described the day after the audit concludes?
Most audits (as far as I’m aware) will tell the company maybe a week in advance that they are coming in to do the audit, so it’a not like surprise visits I don’t think.
I 100% think it comes down to trust (and some accountability being that their code is open source). Audits feel like a gamed system.
And being open source is a way of showing what they are doing.