alt Hacker NewsOne person can tell a lie, but a company consists of many people. You must ensure that only few people know of the logging or there will be a risk of a leak.
Replies
An intelligence agency already consists of more people than you need to run a VPN service.
Intelligence agencies... are generally pretty good at that.
leakers and whistleblowers are extremely rare. History is filled with examples of conspiracies involving many people that went on for long periods of time before one person eventually risked everything and said something. The Tuskegee Experiment went on for like 40 years! If keeping secrets were all that hard none of them would have been allowed to go on as long as they did.
Companies can lie at large too. Enron, theranos, and many others come to mind.
Well, there should only be a few people with the access needed to discover logging is happening. Just put the logging configuration in whatever secure configuration management tool is storing your TLS keys and suchlike.
Make it look like an accidental misconfiguration and if an insider who isn't an NSA mole does somehow discover the logging, there's a fair chance they'll turn a blind eye anyway. After all, if you work at a VPN, publicly outing your employer for logging will tank the business, then you and your colleagues will all be out of a job.