I’m currently researching privacy service providers to find one I can trust long-term. As I search, I find it difficult to get a sense of the viability and stability of many of these companies that operate entirely online with no physical footprint.
I have a few questions for the community:
What signs or metrics do you look for to determine if an online privacy company is well-established and likely to be around for awhile? Things like funding, leadership team, corporate structure etc.
For US-based companies, the Better Business Bureau provides some insight. Are there similar agencies or resources that help identify reputable companies in other countries (specifically Switzerland, Germany, UK)?
How do you screen out unreliable or overly biased opinions when researching providers? I often find online reviews to be skewed by things like brand loyalty and politics unrelated to the actual service quality.
Are there key questions you ask or critical signals you look for regarding a company’s governance, oversight, and accountability structures when evaluating an online privacy provider?
What are reasonable expectations for longevity and service continuity from a newer or bootstrapped provider versus an established publicly traded company? At what point should one expect stability?
I’m wary of putting my trust and personal data in the hands of a company or service that might vanish. Keen to hear this community’s best practices for vetting options.
Whether there are audits or the encryption is internally made, reputability of shared code with other projects
Does the product actually work (no point in using something that crashes all the time or is alpha quality and will just frustrate people because of missing basic expected features to make minimum viable product)
Is there control over user data. Can it be exported or moved?
Reputation of the company, competency, track record etc.
We also look at their marketing strategy. We get bad vibes when it over promises and is spammed everywhere in order to hit a certain subscription number for example. Do they obsess about affiliate marketing programs to make themselves appear to be bigger etc.
In terms of questioning, we generally ask about audits, when they will occur, and what the policy is in regard to security disclosures.
We avoid listing things that appeared yesterday. They may not be around tomorrow. We’re not a free marketing website to get “listed on” for the “SEO”.
This is the bit I want to learn more about. If a US company looks bad on BBB I will probably avoid them. Similarly for Trustpilot, if I think the negative comments have merit.
But are there other resources to evaluate reputation and track records? Especially for companies in countries where I don’t speak the language.
ToS;DR and PrivacySpy make privacy policies and terms of service easier to digest, which may be helpful to you, but I think these websites are pretty US-centric.