Skip to content

Valuing Corporate Values

Much is said about Google’s “don’t be evil” corporate motto. That is not what this post is about.

This is about corporate values — and a (rather smaller) company I have found myself appreciating because of their words and actions on the subject. This stuff can be easily overlooked when the market demands a rush to the lowest price, but to consumers like myself, it is possibly the most important thing.

This isn’t some murky sponsored post (although I do have an affiliate link at the bottom) — this is all genuine and from the heart.


Cloak logo

I found out about Cloak through their co-branding with 1Password, my password manager of choice. They are a VPN service designed to give you a way to encrypt your traffic when you are connected to untrusted networks. Their service is technically brilliant, but what is more important than that is the honesty, openness and realism they have shown so far in their communications.

At first I felt a little apprehensive about their corporate values and how well they were upheld in practice. Their privacy policy was scant in detail — using claims along the lines of “we don’t store any of your data”, but with an exception of data that they’d need “to make sure you’re not sending out spam”.

Well, what does that mean?

For a service I am sending all my internet traffic through, I needed a little bit more transparency. There has to be a mutual trust relationship — I won’t abuse their service and make their life difficult and they will treat my information with the privacy and respect it deserves.

Then, a few days ago, they updated their policies with a lot more detail. What happened to the excessively broad terms?

In the past, one of the items in our list of information we collect was “information necessary to make sure you’re not sending spam emails or doing other fundamentally evil things.” This is pretty broad and gave us a lot of leeway. Today we’re prepared to be much more specific: we keep the headers of all TCP connections and UDP sessions for about fifteen days (depending on the log rotation schedule; never more than sixteen).

And there’s lots more — including the technical detail on how they achieve this. (Their technical deep-dive is good too.)

So, they are being transparent and honest (as far as anyone but them can guarantee!) about what they do and don’t do. What is also important, though, is that they don’t make incredible claims about how much privacy they can give you, or that they will do things that are not possible.

Another key design point is that no information directly identifying a user or account is stored in the archives. Based on the IP data, it is ultimately possible to link a connection to a specific Cloak session, but those sessions are not stored on the same machine after the user disconnects.

So many companies answer questions about how they protect you from things in a patronising and deceptively incomplete way — “our security measures are robust”, “we use encryption that is twice as strong as is used for credit cards!” and so on.

It is a breath of fresh air that Cloak is honest about what is and is not possible.

What is my point? Corporate values are not just empty promises you broadcast to make people feel safer. If you act on them, consistently, you build trust and loyalty that is deeper and more meaningful.

Maybe this is “old fashioned”. Admittedly it is easier to do is a small company than a big one. But I’d like to see this happen more. Companies that follow this lead are much more likely to get my money, at least.

(And if you do like Cloak too, and want to sign up, I wouldn’t say no to you using my affiliate link. Or not, your choice.)

Like this post?

If you would like to support the time and effort I have put into my tutorials and writing, please consider making a donation.

One Trackback/Pingback

  1. Secure your Internet connection with Cloak on Friday, January 24, 2014 at 00:39

    […] my good friend Peter Upfold is my guest on the show. Peter introduced me to Cloak through a post on his blog, and I was excited to have him come share the service with the Wrapp Up […]

Post a Comment

On some sites, you must be logged in to post a comment. This is not the case on this site.
Your email address is not made public or shared. Required fields are marked with *.

Posting a comment signifies you accept the privacy policy.
Please note — your comment will not appear straight away, as all comments are held for approval.