←back to thread

1.1.1.1: Fast, privacy-first consumer DNS service

(blog.cloudflare.com)
1895 points _l4jh | 4 comments | 01 Apr 18 12:14 UTC | HN request time: 0.253s | source
Show context
bogomipz ◴[01 Apr 18 19:07 UTC] No.16729876[source]
>"And we wanted to put our money where our mouth was, so we committed to retaining KPMG, the well-respected auditing firm, to audit our code and practices annually and publish a public report confirming we're doing what we said we would."

It's worth pointing out that KPMG was Wells Fargo's independent auditor while the bank recently committed fraud on a massive scale by creating more than a million fake deposit accounts and 560,000 credit card applications for customers without their knowledge or approval.[1]

Calling KPMG a "well-respected auditing firm" when they failed to detect over a million fake bank accounts is a joke. See:

https://www.reuters.com/article/wells-fargo-kpmg/lawmakers-q...

[1] https://www.warren.senate.gov/files/documents/2016-10-27_Ltr...

replies(10): >>16729897 #>>16730009 #>>16730105 #>>16730119 #>>16730193 #>>16730271 #>>16730746 #>>16730782 #>>16731153 #>>16731246 #
jumelles ◴[01 Apr 18 19:58 UTC] No.16730105[source]
Genuinely asking, what are some companies that would be a good choice for this sort of thing?
replies(2): >>16730326 #>>16730442 #
1. chrissnell ◴[01 Apr 18 20:40 UTC] No.16730326[source]
Many privacy activists believe that the best proof of a no-logging assertion is for a court to order a provider to turn over logs and for the company to be unable to do so.
replies(3): >>16730486 #>>16730540 #>>16730791 #
2. biot ◴[01 Apr 18 21:17 UTC] No.16730486[source]
And to prove that they are unable to do so, would they need to get audited?
3. ethics_gradient ◴[01 Apr 18 21:28 UTC] No.16730540[source]
Signal did a version of that with the help of aclu.
4. geofft ◴[01 Apr 18 22:09 UTC] No.16730791[source]
Isn't the court system mostly powered by the threat of serious jail time if you're found to be lying, and penalties for your lawyers, too?

If you say "We don't have those logs," and you swear to it and a lawyer puts their name on the filing, it's not like Judge Alsup will start pentesting your company to find the one employee who accidentally has Dropbox pointed at an sftp mount of some production server.