back to article VPN logs helped unmask alleged 'net stalker, say feds

Virtual private network provider PureVPN helped the FBI track down a suspected internet stalker, by combing its logs to reveal his IP address. The US Department of Justice announced on Friday the arrest of Ryan Lin, a 24-year-old from Newtown, Massachusetts, on charges that he cyber-stalked a former roommate. According to the …

  1. Anonymous Coward
    Anonymous Coward

    sure they have logs which should be kept offshore maybe with a sister 'log company'

    and you expect them not to be associated with a billing user with the detail to be deleted and merged in to overall summary stats quickly.

    if i was this vpn provider i'd be worried about staying in business with headlines like this.

    not that this chap didn't deserve it but what did the roomate do to drive him this insane? :P

    1. Christoph

      There is no reason to suppose she did anything - stalkers get obsessed with someone from something in their own thoughts which might be nothing to do with what the victim did, or because of something utterly trivial. Many celebrities have been stalked by people they had never met before.

    2. Notas Badoff
      FAIL

      She deserved it (really?)

      Isn't that really what you just said? Something mighty unusual in his actions, so there must have been something outrageously unusual in her actions?

      No, people fixate on single things/people, and for reasons very much more due to their own internal issues. It quite literally could have been directed onto *anyone* impinging on their lives. Next time you have a total miss at empathy, realize it could be *you* with no explanation as to 'why'.

      1. garetht t

        Re: She deserved it (really?)

        Strawman:

        OP never said "She deserved it" so the rest of your argument is invalid.

        1. Just Enough

          Re: She deserved it (really?)

          "OP never said "She deserved it""

          Indeed. OP said;

          "but what did the roomate do to drive him this insane? "

          Meaning it was something the room-mate did that was the root cause of this, otherwise he wouldn't have been an insane stalker. This is what is called "victim blaming" and just one step away from saying she reaped what she sowed.

          This question is, of course, exactly what the victim has probably asked herself a million times. "What did I do to cause this vindictive, crazy behaviour from someone I thought was a friend." And the answer in most cases is; absolutely nothing. You were just unlucky to cross paths with someone with a deep personality flaw who became obsessed with you.

          1. Anonymous Coward
            Anonymous Coward

            Re: She deserved it (really?)

            I think you're being a bit quick to jump in with an accusation of 'victim blaming' here.

            We know very little about the case, we don't know what the room-mate might have done.

            The answer could be "nothing significant" so yes he's just crazy. Similar to my wife holding me accountable for something I did in her dream.

            The answer could also be "something bad, but nothing which could deserve this over-reaction"

            or it could be "she killed his family but got away with it due to an obscure legal loophole" in which case fair enough.

            I think it's likely that the answer is one of the first two and if we find out that's the case then we should be supportive of the victim. But at this moment when we don't know, so it's reasonable to wonder.

    3. Anonymous Coward
      Anonymous Coward

      @ "first in" AC

      I agree about VPN providers that sell out their customers, when you are selling anonymity it's not really the best idea to brag how you sold any client out.

      One wonders if perhaps they didn't sell out fast enough and this is their punishment/warning to the rest.

      Again generally stupid decision by everyone involved to advertise that VPN does not give the security promised, unless ofc the idea was to discredit VPN providers and specifically PureVPN.

      1. Rustbucket

        Re: @ "first in" AC

        "I agree about VPN providers that sell out their customers, when you are selling anonymity it's not really the best idea to brag how you sold any client out."

        On the contrary, the logging they did was spelt out clearly in their terms and conditions.

        The idiot's main fault was not choosing the right VPN, and doing his dirty work on his work computer (and not wiping the evidence afterwards).

  2. a_yank_lurker

    Interesting, very interesting

    So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down. It appears the real problem is if the ones movements and usage can be linked one stands a good chance of being toast. Also, since some stalkers have been murderers, it seems that a stalking campaign might get the flatfeet out of the doughnut shop.

    Based on the sentence, it sounds like doofus will have a felony conviction to deal with for the rest of his life.

    1. inmypjs Silver badge

      Re: Interesting, very interesting

      "So using a VPN does not prevent"

      Especially a crappy one that keeps logs.

      1. gnasher729 Silver badge

        Re: Interesting, very interesting

        "Especially a crappy one that keeps logs."

        There are two kinds of VPNs. Those that state that they are keeping logs, and those that lie about keeping logs.

        1. Naich

          Re: Interesting, very interesting

          Three kinds - those that you set up yourself, which you know don't keep logs.

          1. Sir Runcible Spoon

            Re: Interesting, very interesting

            Setting up your own VPN server leaves behind information that goes back to that server, so unless you are also allowing other people to use that VPN server, then it all leads back to the owner of the server.

            At that point you then have to try and hide your tracks as it relates to owning and managing the server. Obviously you also have to ensure that all management connections to that server are not logged either (i.e. not logged in the first place, rather than logged and deleted - as that info could be recovered).

            You also have to consider the possibility that the server has been hacked, since you won't have any logs you'll never be able to tell will you?

            It's logs all the way down mate :)

        2. NonSSL-Login

          Re: Interesting, very interesting

          Some only log when they are troubleshooting a problem and delete the logs after.

          It takes some work to dig out the good from the bad with VPN providers and it all depends on your thread model anyway.

          1. Anonymous Coward
            Anonymous Coward

            Re: Interesting, very interesting

            it all depends on your thread model anyway.

            That's for when the rubber hits the road after a *cough* Good Year. :)

            I presume you mean threat model, and in that case you're right. I have no problem with normal, legal scrutiny under warrant, but I am no fan of data leakage to uncontrolled entities.

      2. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        As he pointed out himself.

        If they bill you for usage, they HAVE to keep logs.

        1. This post has been deleted by its author

        2. Adam 1

          Re: Interesting, very interesting

          > If they bill you for usage, they HAVE to keep logs.

          If by usage, you mean GB/month then it may be very difficult to not indirectly profile you based upon the size of the traffic between specified periods of time. I wish I remember where I read about it, but there was a fascinating study of profiling a user's traversal of a HTTPS delivered news website by datamatching the size and concurrency of the connections to that server.

          If you mean X concurrent users per account, it is very doable. It is hard in the sense that leaking information is very easy to accidentally do, but definitely achievable without substantial cost overhead.

        3. Kiwi
          Boffin

          Re: Interesting, very interesting

          As he pointed out himself.

          If they bill you for usage, they HAVE to keep logs.

          Just need to do a little bit of database work, basically

          UPDATE total_bytes_used WITH bytes_used_this_session

          UPDATE session_times WITH session_start_time session_end_time

          So, for billing purposes, you have when they logged in, when they logged out, and how many bytes they used during the session.

          And no, all I know about SQL I get from "Google how-to.... "

      3. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        Especially a crappy one that keeps logs.

        I'm not sure that an outfit that keeps logs automatically deserves to be called crappy.

        There is a major difference between being anonymous (which is a right) and being unaccountable (which usually infringes other people's rights and frequently veers into the criminal), although they are often seen as one and the same. The problem with offering anonymisation and privacy facilities is that you may also end up protecting criminal behaviour and the one thing you can NOT do as a business is break the law or collaborate with law breakers.

        As a business, logfiles are your only protection against that, provided you're in a country where access to such data is legally protected (which is why you really should not use a US provider as they have declared such meta data in certain cases accessible without warrant).

        I have looked at PureVPN before, and I decided not to use them because I don't know about Chinese law and HK exceptions to know what rights I have (which is not their fault). However, I cannot blame a business from collaborating with the police - they have no choice, and it may even be that they are legally required to preserve those logs. To be honest, if I were running a business like that I'd preserve them too (I'd make that clear to possible customers, which admittedly may be fewer as a consequence), provided I had a legal means to prevent access without warrant.

        It's not their fault that people conflate anonymous and unaccountable.

        1. Sir Runcible Spoon

          Re: Interesting, very interesting

          Using a VPN service that logs isn't a problem as long as the authorities are required to submit a warrant to view those logs (and not some general catch-all type BS either).

          Under those circumstances I'm happy for them to keep logs. I want to avoid being spied on by general busybodies in local Councils etc., I'm not trying to avoid (reasonable) legal scrutiny.

          1. ave199

            Re: Interesting, very interesting

            Yes it is a problem and defeats the point of a VPN. You either protect privacy or you don't. HideMyAss got caught lying as well. PureVPN lied, it's that simple. Nobody should use their service or any VPN that lies to their customers many of whom are just getting around geo-restricted content like Netflix.

    2. Paul Crawford Silver badge

      Re: Interesting, very interesting

      "So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down."

      Using a VPN prevents mass surveillance as it then takes some degree of effort to follow an individual but, as seen here, it is not some magic tool that makes you invisible in perpetuity. Same issue with logging: many VPN say they don't keep routine logs and that may well be true, but if they receive a court order in their jurisdiction (and more probably if it is in connection with a genuinely serious case) they will probably find some bits of information have mysteriously been left on their systems that might be of some assistance...

    3. Kiwi

      Re: Interesting, very interesting

      So using a VPN does not prevent the few competent flatfeet from connecting the dots, only slows them down.

      Only if they do the actual detective work, rather than either making it up as they go along or that plus a little "game of golf", the ball being the one on the top of the shoulders of the person who is "hampering their investigation" by not caving in and agreeing to whatever lies the pigs want to push.

      There are some, however, who do a decent job - or so I've heard. And sometimes some people make it easy for them by being logged into TOR and logging into their bank in the same naughtiness session.

      I do have to wonder about the former work computer though. Not only had he been fired, but also the OS was reinstalled - at that level one assumes the level of trust is so far gone that different passwords would also be a must... Yet they found vague "fingerprints" on it. If the guy has a good lawyer (and the article wasn't to vague in it's own right), there could be room there to suggest another party was doing the stalking and hinting at the other guy. Yes it was his "room mate", but where I've worked in one place for more than a few months my co-workers have met people I live with.

      (Before anyone asks, I'd hate to be in the position of a loved one being a victim of a serious crime when the alledged perp was caught - my family's experience with the police would mean we could never trust that they really did get the right person, we would never be able to trust the conviction because we know how much pigs lie and falsify material)

      1. Anonymous Coward
        Anonymous Coward

        Re: Interesting, very interesting

        he person who is "hampering their investigation" by not caving in and agreeing to whatever lies the pigs want to push.

        A company has no choice but to follow the law, but that also means it does not have to follow anything BUT the law. We do privacy, yet have a reasonable relationship with the police insofar that they know that the whole "nudge, nudge, wink, wink" game of getting access without a warrant is not going to fly.

        If they DO come in with a warrant, they know we have the processes in place to help them quickly and explicitly contained to their enquiry (fishing expeditions are illegal) - it is in our interest too not to contribute to crime. But without a warrant it's a no-go, the way it should be. Not that we've ever seen them ask for anything yet, but when you plan a business you should do it right because NOT doing it creates a customer risk in itself.

  3. Anonymous Coward
    Anonymous Coward

    Trapping you between your entry into a VPN's network and your exit out out the other in the internet as a whole is child's play compared to doing it around your use of TOR. And everyone should already be aware the TLA's already have done that repeatedly. Signal's Intelligence has changed all that much since Shannon was around.

    I use a VPN here for two reasons. (1) Comcast. (2) Should I be accused of something untoward, it will help the people around me deal with it better if the untoward traffic is all identifiably mine. Given the feds scorched earth tactics, that's a consideration. Take my gear, leave theirs alone. I wish them well, going through my stuff will take them the better part of a decade. [Digital Packrat]

  4. Adam 1

    PureVPN has some explaining to do

    Whilst it is a good thing to bring an (alleged) piece of work to justice, I'm not such a fan of "the ends justify the means" logic at play here.

    "We do NOT keep any logs that can identify or help in monitoring a user’s activity."

    Says the massive bannerhere. I look forward to observing some incredible gymnastics of the English language to reconcile that.

    1. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      Of course anyone with half a brain will read past the headline....

      "....we will only share information with authorities having valid subpoenas, warrants, other legals documents...."

      Also they state that they will terminate account based on abuse of T&C's. How can they trace the person committing the abuse, if they have no records?

      If you pay, then records are kept, otherwise how can they police usage? One payment, 100,000 users?

      There are also key bits people have missed.

      1. It seems to be based on source IP addresses, not sites visited from PureVPN. They tied two IP addresses together, work and home.

      2. Work, it was there they found out his activity, so most likely proxy logs.

      So in summary, they linked work and home, then got evidence from work.

      1. Adam 1

        Re: PureVPN has some explaining to do

        I think you are missing the point. They claim not to log. They are of course obliged to share the logs with any TLA. They must hand over everything that they collect that relates to the warrant they have been served, which should sum to an empty file.

        I can imagine a few alternative scenarios. In one, they already had a warrant for the person who was otherwise of interest, traced his user account through say credit car or email to VPN account link, then asked them to log that user and got confirmation. In another scenario, they could have worked with one of the service providers to deliver him an iframe with some DRM callback to unmask his IP. (Some VPN providers don't necessarily handle ip6 so well or leak via DNS). Or you know, people make mistakes. Maybe he was disconnected one time.

        It is the same argument that I make against CAs that are prepared to issue a fake cert of some site to their favourite TLA. You have only one job. If it's easier, replace the good* guy FBI with FSB or MSS and "abusive stalker" with "political dissident" and ask whether the PureVPN lived up to their claims.

        *degrees of good

        1. Stripes the Dalmatian

          Re: PureVPN has some explaining to do

          "We do NOT keep any logs that can identify or help in monitoring a user’s activity."

          But, being unable to identify the culprit from the log data is not the same as being unable to identify the relevant log data for a known culprit.

    2. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      True but then they'll say "You should of read the T&C". But how they still get away with their banner is anyone's guess as its clearly false advertising.

      1. Adam 1

        Re: PureVPN has some explaining to do

        This isn't about whether they covered their backsides legally. Their capital is trust. They claim to protect your privacy so well that not even they can figure out your identity. They broke that promise if not in letter then definitely in spirit. This will cost them customers. Not that they cooperated (they should) but the mere fact that they had access to that information in the first place means that they are either lying or clueless (or the TLA is lying).

    3. This post has been deleted by its author

    4. Anonymous Coward
      Anonymous Coward

      Re: PureVPN has some explaining to do

      PureVPN sure do have some explaining to do, especially since they are a Hong Kong based provider, not a US one!

      1. Anonymous Coward
        Anonymous Coward

        Re: PureVPN has some explaining to do

        From my reading of the article and PureVPN T&C, it is unclear if the logging was enabled before or after the warrants.

        The T&C's indicate that PureVPN will work with law enforcement in the event of a valid warrant so as long as the information was captured post-warrant, has any damage been done?

  5. ThatOne Silver badge

    > what did the roomate do to drive him this insane?

    Well, given the stalker is apparently a male and the victim apparently a female, it's pretty IMHO obvious: She didn't fall desperately in love with him. While this is a heinous crime indeed, I hope he'll get his comeuppance.

  6. Anonymous Coward
    Anonymous Coward

    Not sure why they outed PureVPN

    This isn't going to do them any favors, and serves as an object lesson to other VPN providers who the feds come to for help. Sure, if there's a subpeona there's not much they can do about it, but they certainly won't cooperate willingly knowing the FBI is likely to shout it from the rooftops. It'll also teach criminals they should look for VPN providers in other countries. Countries that don't tend to cooperate with the US in investigations of crimes in the US, like say Russia or China.

    The FBI is really shooting themselves in the foot trying to drag PureVPN's name through the mud, like they tried to do with Apple last year. Maybe the FBI's logic is "we hate VPN services because it makes our job harder" but all they'll do is make VPN companies try to find ways to operate without logging, and make criminals more likely to avoid US based VPN services.

    This really makes no sense to me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure why they outed PureVPN

      Or it panics people to switch to an even less secure honeypot...I mean VPN.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not sure why they outed PureVPN

      The FBI is really shooting themselves in the foot trying to drag PureVPN's name through the mud

      I'm not sure this is "mud dragging" - this is merely stating facts. As far as I know, PureVPN has never claimed not to retain logs, and IMHO they would be insane not to, just to protect themselves.

      1. Rimpel
        Facepalm

        Re: Not sure why they outed PureVPN

        > As far as I know, PureVPN has never claimed not to retain logs

        quote "We Do Not monitor user activity nor do we keep any logs.". "PureVPN specifically chose Hong Kong (HK) for its headquarter because there are "No Mandatory Data Retention Laws" in Hong Kong"

        etc.

        1. Anonymous Coward
          Anonymous Coward

          Re: Not sure why they outed PureVPN

          If they are headquartered in Hong Kong, I wonder why they helped the FBI? A subpoena from a US court would carry no weight, and since it looks like they market on "we don't log" handing over logs is a risky move even if they expected the FBI would keep their name out of it.

          Like I said, now no VPN provider will ever willingly help the FBI. Maybe Apple would have been willing to quietly work behind the scenes to unlock that terrorist's phone if the FBI had been willing to keep it quiet, we can't know for sure either way, but whatever chance there may have been went out the window when they went straight to court and issued a public statement about it. Whoever is in charge of these decisions there is a real idiot (and sorry, you can't blame Trump for this, since the Apple thing was when Obama was still in office)

          1. Anonymous Coward
            Anonymous Coward

            Re: Not sure why they outed PureVPN

            Could be institutional arrogance for which the FBI is well known as checking in with any state, county/parish, or town police force to hear chapter and verse. The other side would be attempting to drive the herd in a particular direction that serves as the purpose for these statements.

            A two-fer? I have no idea. I do know that the real security researchers that I hang out with place no value, even a negative valuation due to flagging up your traffic, on this topic.

          2. Adam 1

            Re: Not sure why they outed PureVPN

            One interesting angle is that China has been putting their foot on VPN provider's throats of recent. I wonder aloud whether one of the licensing conditions required to operate has directly or indirectly exposed their users.

  7. Blotto Silver badge

    The Myth of internet privacy.

    The number of people who think a vpn done how anonymises them on the internet is staggering.

    VPN providers are just snake oil salesmen.

    If they really want to get at you they will.

    It’s now time the authorities turned their internet skills on to finding the peodo’s and other vile scum that exist and thrive on the net, although it’s lijely they’ll go after the copyright infringers first, because money and Hollywood.

    1. NonSSL-Login

      Re: The Myth of internet privacy.

      Again it's down to individual threat models and why someone wants to use the VPN.

      Don't want UK plod partner to know you visited xhamster 10 times in one day from ICR's, a VPN does the job.

      The problem is many people confuse privacy and anonymity.

    2. Anonymous Coward
      Anonymous Coward

      Re: The Myth of internet privacy.

      "It’s now time the authorities turned their internet skills on to finding the peodo’s and other vile scum that exist and thrive on the net"

      That would be silly. They need those to provide an excuse for spying on everyone else.

  8. Roj Blake Silver badge

    Location, Location, Location

    It's not a case of whether or not your VPN provider keeps logs - most of them do whether they admit it or not.

    The thing to consider is where they're kept. Use a provider and a server based in a country that's not in the Five Eyes and you should be out of the reach of the FBI and their friends.

    1. Anonymous Coward
      Anonymous Coward

      Re: Location, Location, Location

      Such as Hong Kong?

      1. Roj Blake Silver badge

        Re: Location, Location, Location

        The company might be in Hong Kong, but is the server?

    2. Velv
      Big Brother

      Re: Location, Location, Location

      "Use a provider and a server based in a country that's not in the Five Eyes and you should be out of the reach of the FBI and their friends."

      Oh how naive you are. You might be out of reach of the flat foot plod, but don't for one minute think you are out of reach of those who are above the law.

      1. Lysenko

        Re: Location, Location, Location

        I'm fairly sure that a VPN based in FSB jurisdiction is out of reach of any American TLA unless there is a tempting quid pro quo on the table (which is unlikely in the current climate).

  9. Charlie Clark Silver badge

    What is this about?

    I mean, what is internet stalking?

    Sounds to me like a sad fuck with too much time on his hands. If he was doing anything of note you'd expect probable cause and standard police work would be pretty effective with any VPN stuff icing on the cake.

    Or have I missed something?

    1. Hollerithevo

      Re: What is this about?

      You have missed something. 'Stalking' IRL is a concept you might know; 'internet stalking' is doing that on the internet, using all the resources it offers to watch and follow your victim and to make her life, and the lives of people close to her, a misery. Not hard.

      'Too much time on his hands' -- lots of people had idle hours. Not all of them decide to use devious means to keep tabs on someone who doesn't want any contact with him. He was doing stuff of note: he was harassing her, harassing the people close to her, trying to libel her and trash her reputation. He wasn't leaving her alone when she wanted him to leaver her alone.

      Again, not hard to understand.

      1. Charlie Clark Silver badge

        Re: What is this about?

        he was harassing her, harassing the people close to her, trying to libel her and trash her reputation.

        I thought we were talking about stalking? Libel and harassment are crimes in their own right.

  10. Alexander Hanff 1

    Completely incorrect

    “There is no such thing as a VPN that doesn't keep logs. If they can limit your connections or track bandwidth usage, they keep logs.”

    This is factually incorrect, I have been running OpenVPN on my server for about 10 years and there is not a single log file - so yes a VPN can be configured to not log anything. I think what you meant was "there is no such thing as a VPN service that doesn't keep logs..." and I suspect that may be true (although there are several who claim they don't).

    What the FBI did do here though is just destroy PureVPN's business as I suspect people will now run for the hills knowing that PureVPN is not only logging but working with LEAs.

    1. Peter2 Silver badge

      Re: Completely incorrect

      The only people who would run for the hills knowing that the company is logging the IP's that you connect to it from are those engaged in pretty serious criminality? Nobody else cares.

      1. Anonymous Coward
        Anonymous Coward

        Re: Completely incorrect

        "The only people who would run for the hills knowing that the company is logging the IP's that you connect to it from are those engaged in pretty serious criminality?"

        Which is merely the usual "Nothing to worry about if you are doing nothing wrong" panacea.

        The interpretation of a law by enforcement agencies is up to them - even if you believe you are not breaking a law. You've possibly not met the institutional mind-set obsessed with their own potential or actual guilt. They thus assume everyone else is guilty too. They will justify any persecution to maintain their own view of reality.

      2. Alexander Hanff 1

        Re: Completely incorrect

        That is a somewhat unqualified presumption. Many people use VPNs because they value privacy - that doesn't make them criminals.

        1. Peter2 Silver badge

          Re: Completely incorrect

          That is a somewhat unqualified presumption. Many people use VPNs because they value privacy - that doesn't make them criminals.

          No, it doesn't. But the fact that the VPN service knows which IP's you have connected to the VPN from doesn't appear to compromise your privacy. Somebody paranoid enough to bother with a VPN would presumably be doing it because they think (or know) that their ISP is providing information on their connections in any case. If that is the case then logically you'd expect your ISP to know that you are accessing a VPN service.

          ISP: The VPN connected to $VPN

          VPN provider: The VPN connection came from $IP

          This is rather circular. It was only a problem here because they proved that he was accessing information from home and work, and his employer handed over the machine that he'd used and the FBI pulled information out of it via digital forensics.

          That doesn't sound like it has huge privacy implications if your not doing something illegal enough to justify a warrant seizing your equipment for forensics work?

      3. Kiwi

        Re: Completely incorrect

        The only people who would run for the hills knowing that the company is logging the IP's that you connect to it from are those engaged in pretty serious criminality? Nobody else cares.

        I was actually looking for something to get around some geoblocked stuff, and PureVPN was high on the list. Had this article come out tomorrow I may well have recommended friends go with it.

        Now PureVPN is off the list permanently. Nothing illegal in what was to be done, but the trust factor is destroyed - "we do not log, but we have logs to give the feds when they want, even though we're based in HK so we don't have to keep logs or give them up".

        In what other ways will they break customer trust? Well, it won't be the problem of those I suggest a VPN to.

        (only looking to them because Datho isn't responding atm)

  11. JimmyPage Silver badge
    Boffin

    So many posts about logs ...

    and yet so little discussion on what a "log" is.

    Once again, I feel a tad like the greybeard at a hipster convention.

    There are "logs" - as in the technical definition of records kept by a system etc etc

    Then there are "logs" which is what the law defines as "information relating to the operation of the system which if they exist can be captured for inspection ..." (or somesuchsimilar).

    Remember, in the UK at least, courts are allowed to use the contents of caches - which are axiomatically transient - as evidence.

    If the information exists in memory, then the law can decide it can be frozen as evidence.

    1. blcollier

      Re: So many posts about logs ...

      So many posts about logs and yet not a single poop gag.

      1. Anonymous Coward
        Anonymous Coward

        Re: So many posts about logs ...

        "So many posts about logs and yet not a single poop gag."

        You mean no one has called the TLAs potential facists?

  12. This post has been deleted by its author

  13. NonSSL-Login

    Getting stalker = good!

    VPN provider logging = bad!

    Have a VPN connection at your router to one VPN provider and using a Pi or virtual machines with Tor/Whonix to tunnel through that (so no Tor IP's seen by ISP's) and finally VPN to a different VPN provider though that double tunnel. No Tor exit node to sniff your traffic and no way to link up ip's unless you login to something which keep slogs, such as email providers. Used to be slow but not so much these days with all the good routes and servers.

    As for pointing out he had a Protonmail account, if that is a sign of guilt, I must be guilty too!

    PureVPN is going to suffer from this in the same way HideMyAss did after they did the same.

  14. A Nonny Moose
    Big Brother

    Goodbye PureVPN

    Welp, time to ditch my PureVPN account then, since they can't provide the service they've advertised (no logs). NordVPN any good?

    1. Anonymous Coward
      Anonymous Coward

      Re: Goodbye PureVPN

      I heard Nord is good but also take a look at AirVPN.

    2. NonSSL-Login

      Re: Goodbye PureVPN

      NordVPN are one I would trust.

      I use proxy.sh https://tinyurl.com/Proxy-SH-Reg (affil link)

  15. King Jack
    Headmaster

    No one is running any where

    HideMyAss had a similar issue a few years back where the gave up a customer to the plod. They are still in business as people have no memory nowadays. PureVPN will carry on as normal. Maybe lower their prices and design a new logo ( likeTalkTalk) and bingo saps will buy in. This is the internet age.

    1. ave199

      Re: No one is running any where

      Sadly true.

  16. telecine

    And who runs many of the VPNs ?

    Come on, you’d have to be a bit of a div not to see the obvious .

    Not posting as AC as this subject is the bleeding obvious .

  17. dol

    Worth a look

    This is not a bad place to start if you are feeling a tad insecure about your VPN service

    https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/

    If you could not be arsed reading the article at least ask your VPN service the following questions which the article is based on

    " 1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user/users of your service? If so, what information do you hold and for how long?

    2. What is the registered name of the company and under what jurisdiction(s) does it operate?

    3. Do you use any external visitor tracking, email providers or support tools that hold information about your users/visitors?

    4. In the event you receive a takedown notice (DMCA or other), how are these handled?

    5. What steps are taken when a valid court order or subpoena requires your company to identify an active user of your service? Has this ever happened?

    6. Is BitTorrent and other file-sharing traffic allowed (and treated equally to other traffic) on all servers? If not, why?

    7. Which payment systems do you use and how are these linked to individual user accounts?

    8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

    9. How do you currently handle IPv6 connections and potential IPv6 leaks? Do you provide DNS leak protection and tools such as “kill switches” if a connection drops?

    10. Do you offer a custom VPN application to your users? If so, for which platforms?

    11. Do you have physical control over your VPN servers and network or are they hosted by/accessible to a third party? Do you use your own DNS servers?

    12. What countries are your servers located in?"

    Remember, Assume nothing, Believe nobody, Check everything.

  18. nickx89

    Good call from the part of VPN company.

    IMO, it was a good move from the side of VPN company if they were obliged to act due to any court order. There's one less criminal in the street. It's not necessary that if they kept logs of one person, they would keep of others too. So, it's just a hype people are creating instead of seeing the bigger picture. Additionally, they have clear log policy on abusive use of the service. People should read privacy policy first no matter what service they use. Such services are not for using in such activities.

  19. Potemkine! Silver badge

    Or...

    ... maybe the FBI covers its tracks to not tell how that guy was caught, so it can use the same strategy to catch the next one.

  20. Aodhhan

    No such thing as absolute anonymity on the Internet

    Anyone who believes a site's claim they maintain your anonymity is lying, and anyone who buys it is an idiot.

    Of course logs are kept. If nothing else for maintenance, speed/efficiency and security reasons. The stories of ISPs and VPN companies cooperating with law enforcement should let you know this. Of course they are going to assist law enforcement when certain crimes are taking place. The only people who have a problem with this are those who break the law.

    Someone talked about how the company should worry about their business for cooperating with law enforcement. No, a company should worry about their business if they cover up the identity of a sexual predator.

    1. ave199

      Re: No such thing as absolute anonymity on the Internet

      LOL, you sign-up to a VPN for absolute privacy. You may slip up in many other ways and reveal yourself but you expect a VPN to protect you. Otherwise it is worthless so don't even bother using one. PureVPN like HideMyAss are liars. Never use them. It makes you wonder how many others are also lying though......

  21. ave199

    PureVPN is garbage

    Never use them. It's that simple. A VPN that does not protect you is worthless. At least they have been exposed as liars like HideMyAss.

  22. MichealC

    How can You

    I dont believe how can you give away a person's information who is trusting you and giving you money to hide his data. Basically you sell out you self. People should boycott such VPN provider once and for all.

    1. Kiwi

      Re: How can You

      I dont believe how can you give away a person's information who is trusting you and giving you money to hide his data.

      They probably looked around at the state of the world today, and said "if Google and MS et al can get away with it, why can't we?".

      At least they're not selling out all of their users for marketing money.

      Yet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like