back to article VPN logs helped unmask alleged 'net stalker, say feds

Virtual private network provider PureVPN helped the FBI track down a suspected internet stalker, by combing its logs to reveal his IP address. The US Department of Justice announced on Friday the arrest of Ryan Lin, a 24-year-old from Newtown, Massachusetts, on charges that he cyber-stalked a former roommate. According to the …

Page:

  1. Anonymous Coward
    Anonymous Coward

    sure they have logs which should be kept offshore maybe with a sister 'log company'

    and you expect them not to be associated with a billing user with the detail to be deleted and merged in to overall summary stats quickly.

    if i was this vpn provider i'd be worried about staying in business with headlines like this.

    not that this chap didn't deserve it but what did the roomate do to drive him this insane? :P

    1. Christoph

      There is no reason to suppose she did anything - stalkers get obsessed with someone from something in their own thoughts which might be nothing to do with what the victim did, or because of something utterly trivial. Many celebrities have been stalked by people they had never met before.

    2. Notas Badoff
      FAIL

      She deserved it (really?)

      Isn't that really what you just said? Something mighty unusual in his actions, so there must have been something outrageously unusual in her actions?

      No, people fixate on single things/people, and for reasons very much more due to their own internal issues. It quite literally could have been directed onto *anyone* impinging on their lives. Next time you have a total miss at empathy, realize it could be *you* with no explanation as to 'why'.

      1. garetht t

        Re: She deserved it (really?)

        Strawman:

        OP never said "She deserved it" so the rest of your argument is invalid.

        1. Just Enough

          Re: She deserved it (really?)

          "OP never said "She deserved it""

          Indeed. OP said;

          "but what did the roomate do to drive him this insane? "

          Meaning it was something the room-mate did that was the root cause of this, otherwise he wouldn't have been an insane stalker. This is what is called "victim blaming" and just one step away from saying she reaped what she sowed.

          This question is, of course, exactly what the victim has probably asked herself a million times. "What did I do to cause this vindictive, crazy behaviour from someone I thought was a friend." And the answer in most cases is; absolutely nothing. You were just unlucky to cross paths with someone with a deep personality flaw who became obsessed with you.

          1. Anonymous Coward
            Anonymous Coward

            Re: She deserved it (really?)

            I think you're being a bit quick to jump in with an accusation of 'victim blaming' here.

            We know very little about the case, we don't know what the room-mate might have done.

            The answer could be "nothing significant" so yes he's just crazy. Similar to my wife holding me accountable for something I did in her dream.

            The answer could also be "something bad, but nothing which could deserve this over-reaction"

            or it could be "she killed his family but got away with it due to an obscure legal loophole" in which case fair enough.

            I think it's likely that the answer is one of the first two and if we find out that's the case then we should be supportive of the victim. But at this moment when we don't know, so it's reasonable to wonder.

    3. Anonymous Coward
      Anonymous Coward

      @ "first in" AC

      I agree about VPN providers that sell out their customers, when you are selling anonymity it's not really the best idea to brag how you sold any client out.

      One wonders if perhaps they didn't sell out fast enough and this is their punishment/warning to the rest.

      Again generally stupid decision by everyone involved to advertise that VPN does not give the security promised, unless ofc the idea was to discredit VPN providers and specifically PureVPN.

      1. Rustbucket

        Re: @ "first in" AC

        "I agree about VPN providers that sell out their customers, when you are selling anonymity it's not really the best idea to brag how you sold any client out."

        On the contrary, the logging they did was spelt out clearly in their terms and conditions.

        The idiot's main fault was not choosing the right VPN, and doing his dirty work on his work computer (and not wiping the evidence afterwards).

  2. a_yank_lurker

    Interesting, very interesting

    So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down. It appears the real problem is if the ones movements and usage can be linked one stands a good chance of being toast. Also, since some stalkers have been murderers, it seems that a stalking campaign might get the flatfeet out of the doughnut shop.

    Based on the sentence, it sounds like doofus will have a felony conviction to deal with for the rest of his life.

    1. inmypjs Silver badge

      Re: Interesting, very interesting

      "So using a VPN does not prevent"

      Especially a crappy one that keeps logs.

      1. gnasher729 Silver badge

        Re: Interesting, very interesting

        "Especially a crappy one that keeps logs."

        There are two kinds of VPNs. Those that state that they are keeping logs, and those that lie about keeping logs.

        1. Naich

          Re: Interesting, very interesting

          Three kinds - those that you set up yourself, which you know don't keep logs.

          1. Sir Runcible Spoon

            Re: Interesting, very interesting

            Setting up your own VPN server leaves behind information that goes back to that server, so unless you are also allowing other people to use that VPN server, then it all leads back to the owner of the server.

            At that point you then have to try and hide your tracks as it relates to owning and managing the server. Obviously you also have to ensure that all management connections to that server are not logged either (i.e. not logged in the first place, rather than logged and deleted - as that info could be recovered).

            You also have to consider the possibility that the server has been hacked, since you won't have any logs you'll never be able to tell will you?

            It's logs all the way down mate :)

        2. NonSSL-Login

          Re: Interesting, very interesting

          Some only log when they are troubleshooting a problem and delete the logs after.

          It takes some work to dig out the good from the bad with VPN providers and it all depends on your thread model anyway.

          1. Anonymous Coward
            Anonymous Coward

            Re: Interesting, very interesting

            it all depends on your thread model anyway.

            That's for when the rubber hits the road after a *cough* Good Year. :)

            I presume you mean threat model, and in that case you're right. I have no problem with normal, legal scrutiny under warrant, but I am no fan of data leakage to uncontrolled entities.

      2. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        As he pointed out himself.

        If they bill you for usage, they HAVE to keep logs.

        1. This post has been deleted by its author

        2. Adam 1

          Re: Interesting, very interesting

          > If they bill you for usage, they HAVE to keep logs.

          If by usage, you mean GB/month then it may be very difficult to not indirectly profile you based upon the size of the traffic between specified periods of time. I wish I remember where I read about it, but there was a fascinating study of profiling a user's traversal of a HTTPS delivered news website by datamatching the size and concurrency of the connections to that server.

          If you mean X concurrent users per account, it is very doable. It is hard in the sense that leaking information is very easy to accidentally do, but definitely achievable without substantial cost overhead.

        3. Kiwi
          Boffin

          Re: Interesting, very interesting

          As he pointed out himself.

          If they bill you for usage, they HAVE to keep logs.

          Just need to do a little bit of database work, basically

          UPDATE total_bytes_used WITH bytes_used_this_session

          UPDATE session_times WITH session_start_time session_end_time

          So, for billing purposes, you have when they logged in, when they logged out, and how many bytes they used during the session.

          And no, all I know about SQL I get from "Google how-to.... "

      3. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        Especially a crappy one that keeps logs.

        I'm not sure that an outfit that keeps logs automatically deserves to be called crappy.

        There is a major difference between being anonymous (which is a right) and being unaccountable (which usually infringes other people's rights and frequently veers into the criminal), although they are often seen as one and the same. The problem with offering anonymisation and privacy facilities is that you may also end up protecting criminal behaviour and the one thing you can NOT do as a business is break the law or collaborate with law breakers.

        As a business, logfiles are your only protection against that, provided you're in a country where access to such data is legally protected (which is why you really should not use a US provider as they have declared such meta data in certain cases accessible without warrant).

        I have looked at PureVPN before, and I decided not to use them because I don't know about Chinese law and HK exceptions to know what rights I have (which is not their fault). However, I cannot blame a business from collaborating with the police - they have no choice, and it may even be that they are legally required to preserve those logs. To be honest, if I were running a business like that I'd preserve them too (I'd make that clear to possible customers, which admittedly may be fewer as a consequence), provided I had a legal means to prevent access without warrant.

        It's not their fault that people conflate anonymous and unaccountable.

        1. Sir Runcible Spoon

          Re: Interesting, very interesting

          Using a VPN service that logs isn't a problem as long as the authorities are required to submit a warrant to view those logs (and not some general catch-all type BS either).

          Under those circumstances I'm happy for them to keep logs. I want to avoid being spied on by general busybodies in local Councils etc., I'm not trying to avoid (reasonable) legal scrutiny.

          1. ave199

            Re: Interesting, very interesting

            Yes it is a problem and defeats the point of a VPN. You either protect privacy or you don't. HideMyAss got caught lying as well. PureVPN lied, it's that simple. Nobody should use their service or any VPN that lies to their customers many of whom are just getting around geo-restricted content like Netflix.

    2. Paul Crawford Silver badge

      Re: Interesting, very interesting

      "So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down."

      Using a VPN prevents mass surveillance as it then takes some degree of effort to follow an individual but, as seen here, it is not some magic tool that makes you invisible in perpetuity. Same issue with logging: many VPN say they don't keep routine logs and that may well be true, but if they receive a court order in their jurisdiction (and more probably if it is in connection with a genuinely serious case) they will probably find some bits of information have mysteriously been left on their systems that might be of some assistance...

    3. Kiwi

      Re: Interesting, very interesting

      So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down.

      Only if they do the actual detective work, rather than either making it up as they go along or that plus a little "game of golf", the ball being the one on the top of the shoulders of the person who is "hampering their investigation" by not caving in and agreeing to whatever lies the pigs want to push.

      There are some, however, who do a decent job - or so I've heard. And sometimes some people make it easy for them by being logged into TOR and logging into their bank in the same naughtiness session.

      I do have to wonder about the former work computer though. Not only had he been fired, but also the OS was reinstalled - at that level one assumes the level of trust is so far gone that different passwords would also be a must... Yet they found vague "fingerprints" on it. If the guy has a good lawyer (and the article wasn't to vague in it's own right), there could be room there to suggest another party was doing the stalking and hinting at the other guy. Yes it was his "room mate", but where I've worked in one place for more than a few months my co-workers have met people I live with.

      (Before anyone asks, I'd hate to be in the position of a loved one being a victim of a serious crime when the alledged perp was caught - my family's experience with the police would mean we could never trust that they really did get the right person, we would never be able to trust the conviction because we know how much pigs lie and falsify material)

      1. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        he person who is "hampering their investigation" by not caving in and agreeing to whatever lies the pigs want to push.

        A company has no choice but to follow the law, but that also means it does not have to follow anything BUT the law. We do privacy, yet have a reasonable relationship with the police insofar that they know that the whole "nudge, nudge, wink, wink" game of getting access without a warrant is not going to fly.

        If they DO come in with a warrant, they know we have the processes in place to help them quickly and explicitly contained to their enquiry (fishing expeditions are illegal) - it is in our interest too not to contribute to crime. But without a warrant it's a no-go, the way it should be. Not that we've ever seen them ask for anything yet, but when you plan a business you should do it right because NOT doing it creates a customer risk in itself.

  3. Anonymous Coward
    Anonymous Coward

    Trapping you between your entry into a VPN's network and your exit out out the other in the internet as a whole is child's play compared to doing it around your use of TOR. And everyone should already be aware the TLA's already have done that repeatedly. Signal's Intelligence has changed all that much since Shannon was around.

    I use a VPN here for two reasons. (1) Comcast. (2) Should I be accused of something untoward, it will help the people around me deal with it better if the untoward traffic is all identifiably mine. Given the feds scorched earth tactics, that's a consideration. Take my gear, leave theirs alone. I wish them well, going through my stuff will take them the better part of a decade. [Digital Packrat]

  4. Adam 1

    PureVPN has some explaining to do

    Whilst it is a good thing to bring an (alleged) piece of work to justice, I'm not such a fan of "the ends justify the means" logic at play here.

    "We do NOT keep any logs that can identify or help in monitoring a user’s activity."

    Says the massive bannerhere. I look forward to observing some incredible gymnastics of the English language to reconcile that.

    1. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      Of course anyone with half a brain will read past the headline....

      "....we will only share information with authorities having valid subpoenas, warrants, other legals documents...."

      Also they state that they will terminate account based on abuse of T&C's. How can they trace the person committing the abuse, if they have no records?

      If you pay, then records are kept, otherwise how can they police usage? One payment, 100,000 users?

      There are also key bits people have missed.

      1. It seems to be based on source IP addresses, not sites visited from PureVPN. They tied two IP addresses together, work and home.

      2. Work, it was there they found out his activity, so most likely proxy logs.

      So in summary, they linked work and home, then got evidence from work.

      1. Adam 1

        Re: PureVPN has some explaining to do

        I think you are missing the point. They claim not to log. They are of course obliged to share the logs with any TLA. They must hand over everything that they collect that relates to the warrant they have been served, which should sum to an empty file.

        I can imagine a few alternative scenarios. In one, they already had a warrant for the person who was otherwise of interest, traced his user account through say credit car or email to VPN account link, then asked them to log that user and got confirmation. In another scenario, they could have worked with one of the service providers to deliver him an iframe with some DRM callback to unmask his IP. (Some VPN providers don't necessarily handle ip6 so well or leak via DNS). Or you know, people make mistakes. Maybe he was disconnected one time.

        It is the same argument that I make against CAs that are prepared to issue a fake cert of some site to their favourite TLA. You have only one job. If it's easier, replace the good* guy FBI with FSB or MSS and "abusive stalker" with "political dissident" and ask whether the PureVPN lived up to their claims.

        *degrees of good

        1. Stripes the Dalmatian

          Re: PureVPN has some explaining to do

          "We do NOT keep any logs that can identify or help in monitoring a user’s activity."

          But, being unable to identify the culprit from the log data is not the same as being unable to identify the relevant log data for a known culprit.

    2. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      True but then they'll say "You should of read the T&C". But how they still get away with their banner is anyone's guess as its clearly false advertising.

      1. Adam 1

        Re: PureVPN has some explaining to do

        This isn't about whether they covered their backsides legally. Their capital is trust. They claim to protect your privacy so well that not even they can figure out your identity. They broke that promise if not in letter then definitely in spirit. This will cost them customers. Not that they cooperated (they should) but the mere fact that they had access to that information in the first place means that they are either lying or clueless (or the TLA is lying).

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      PureVPN sure do have some explaining to do, especially since they are a Hong Kong based provider, not a US one!

      1. Anonymous Coward
        Anonymous Coward

        Re: PureVPN has some explaining to do

        From my reading of the article and PureVPN T&C, it is unclear if the logging was enabled before or after the warrants.

        The T&C's indicate that PureVPN will work with law enforcement in the event of a valid warrant so as long as the information was captured post-warrant, has any damage been done?

  5. ThatOne Silver badge

    > what did the roomate do to drive him this insane?

    Well, given the stalker is apparently a male and the victim apparently a female, it's pretty IMHO obvious: She didn't fall desperately in love with him. While this is a heinous crime indeed, I hope he'll get his comeuppance.

  6. Anonymous Coward
    Anonymous Coward

    Not sure why they outed PureVPN

    This isn't going to do them any favors, and serves as an object lesson to other VPN providers who the feds come to for help. Sure, if there's a subpeona there's not much they can do about it, but they certainly won't cooperate willingly knowing the FBI is likely to shout it from the rooftops. It'll also teach criminals they should look for VPN providers in other countries. Countries that don't tend to cooperate with the US in investigations of crimes in the US, like say Russia or China.

    The FBI is really shooting themselves in the foot trying to drag PureVPN's name through the mud, like they tried to do with Apple last year. Maybe the FBI's logic is "we hate VPN services because it makes our job harder" but all they'll do is make VPN companies try to find ways to operate without logging, and make criminals more likely to avoid US based VPN services.

    This really makes no sense to me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure why they outed PureVPN

      Or it panics people to switch to an even less secure honeypot...I mean VPN.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not sure why they outed PureVPN

      The FBI is really shooting themselves in the foot trying to drag PureVPN's name through the mud

      I'm not sure this is "mud dragging" - this is merely stating facts. As far as I know, PureVPN has never claimed not to retain logs, and IMHO they would be insane not to, just to protect themselves.

      1. Rimpel
        Facepalm

        Re: Not sure why they outed PureVPN

        > As far as I know, PureVPN has never claimed not to retain logs

        quote "We Do Not monitor user activity nor do we keep any logs.". "PureVPN specifically chose Hong Kong (HK) for its headquarter because there are "No Mandatory Data Retention Laws" in Hong Kong"

        etc.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not sure why they outed PureVPN

          If they are headquartered in Hong Kong, I wonder why they helped the FBI? A subpoena from a US court would carry no weight, and since it looks like they market on "we don't log" handing over logs is a risky move even if they expected the FBI would keep their name out of it.

          Like I said, now no VPN provider will ever willingly help the FBI. Maybe Apple would have been willing to quietly work behind the scenes to unlock that terrorist's phone if the FBI had been willing to keep it quiet, we can't know for sure either way, but whatever chance there may have been went out the window when they went straight to court and issued a public statement about it. Whoever is in charge of these decisions there is a real idiot (and sorry, you can't blame Trump for this, since the Apple thing was when Obama was still in office)

          1. Anonymous Coward
            Anonymous Coward

            Re: Not sure why they outed PureVPN

            Could be institutional arrogance for which the FBI is well known as checking in with any state, county/parish, or town police force to hear chapter and verse. The other side would be attempting to drive the herd in a particular direction that serves as the purpose for these statements.

            A two-fer? I have no idea. I do know that the real security researchers that I hang out with place no value, even a negative valuation due to flagging up your traffic, on this topic.

          2. Adam 1

            Re: Not sure why they outed PureVPN

            One interesting angle is that China has been putting their foot on VPN provider's throats of recent. I wonder aloud whether one of the licensing conditions required to operate has directly or indirectly exposed their users.

  7. Blotto Silver badge

    The Myth of internet privacy.

    The number of people who think a vpn done how anonymises them on the internet is staggering.

    VPN providers are just snake oil salesmen.

    If they really want to get at you they will.

    It’s now time the authorities turned their internet skills on to finding the peodo’s and other vile scum that exist and thrive on the net, although it’s lijely they’ll go after the copyright infringers first, because money and Hollywood.

    1. NonSSL-Login

      Re: The Myth of internet privacy.

      Again it's down to individual threat models and why someone wants to use the VPN.

      Don't want UK plod partner to know you visited xhamster 10 times in one day from ICR's, a VPN does the job.

      The problem is many people confuse privacy and anonymity.

    2. Anonymous Coward
      Anonymous Coward

      Re: The Myth of internet privacy.

      "It’s now time the authorities turned their internet skills on to finding the peodo’s and other vile scum that exist and thrive on the net"

      That would be silly. They need those to provide an excuse for spying on everyone else.

  8. Roj Blake Silver badge

    Location, Location, Location

    It's not a case of whether or not your VPN provider keeps logs - most of them do whether they admit it or not.

    The thing to consider is where they're kept. Use a provider and a server based in a country that's not in the Five Eyes and you should be out of the reach of the FBI and their friends.

    1. Anonymous Coward
      Anonymous Coward

      Re: Location, Location, Location

      Such as Hong Kong?

      1. Roj Blake Silver badge

        Re: Location, Location, Location

        The company might be in Hong Kong, but is the server?

    2. Velv
      Big Brother

      Re: Location, Location, Location

      "Use a provider and a server based in a country that's not in the Five Eyes and you should be out of the reach of the FBI and their friends."

      Oh how naive you are. You might be out of reach of the flat foot plod, but don't for one minute think you are out of reach of those who are above the law.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like