←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 8 comments | 01 Apr 18 12:14 UTC | HN request time: 0.619s | source | bottom
Show context
bogomipz ◴[01 Apr 18 19:07 UTC] No.16729876[source]
>"And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would."

It's worth pointing out that KPMG was Wells Fargo's independent auditor while the bank recently committed fraud on a massive scale by creating more than a million fake deposit accounts and 560,000 credit card applications for customers without their knowledge or approval.[1]

Calling KPMG a "well-respected auditing firm" when they failed to detect over a million fake bank accounts is a joke. See:

https://www.reuters.com/article/wells-fargo-kpmg/lawmakers-q...

[1] https://www.warren.senate.gov/files/documents/2016-10-27_Ltr...

replies(10): >>16729897 #>>16730009 #>>16730105 #>>16730119 #>>16730193 #>>16730271 #>>16730746 #>>16730782 #>>16731153 #>>16731246 #
1. jumelles ◴[01 Apr 18 19:58 UTC] No.16730105[source]
Genuinely asking, what are some companies that would be a good choice for this sort of thing?
replies(2): >>16730326 #>>16730442 #
2. chrissnell ◴[01 Apr 18 20:40 UTC] No.16730326[source]
Many privacy activists believe that the best proof of a no-logging assertion is for a court to order a provider to turn over logs and for the company to be unable to do so.
replies(3): >>16730486 #>>16730540 #>>16730791 #
3. tialaramex ◴[01 Apr 18 21:08 UTC] No.16730442[source]
As genuine as your question is, there are no good answers. The way we ended up with a Big Four is that the Fifth member of the Big Five (Arthur Andersen) audited Enron, essentially telling everybody that it wasn't an enormous fraud, but it was. All the senior people at AA avoided jail but the audit firm was so obviously untrustworthy it folded. But that doesn't mean the other Four are fine, it just means the "Too Big To Fail" problem is far worse for audit firms than for banking. If we took down one of the Big Four it would probably tank the whole world economy, and they know that, which is Not Good.
replies(1): >>16731215 #
4. biot ◴[01 Apr 18 21:17 UTC] No.16730486[source]
And to prove that they are unable to do so, would they need to get audited?
5. ethics_gradient ◴[01 Apr 18 21:28 UTC] No.16730540[source]
Signal did a version of that with the help of aclu.
6. geofft ◴[01 Apr 18 22:09 UTC] No.16730791[source]
Isn't the court system mostly powered by the threat of serious jail time if you're found to be lying, and penalties for your lawyers, too?

If you say "We don't have those logs," and you swear to it and a lawyer puts their name on the filing, it's not like Judge Alsup will start pentesting your company to find the one employee who accidentally has Dropbox pointed at an sftp mount of some production server.

7. JumpCrisscross ◴[01 Apr 18 23:47 UTC] No.16731215[source]
> If we took down one of the Big Four it would probably tank the whole world economy

No it wouldn’t.

replies(1): >>16731369 #
8. buyx ◴[02 Apr 18 00:26 UTC] No.16731369{3}[source]
The "too big to fail" argument is what saved KPMG in South Africa:

https://www.reuters.com/article/us-kpmg-safrica-exclusive/ex...