I think all VPNs are required to keep ip logs. Is that true or not? I think there are VPNs that don't keep ip logs. They are just hard to find.
They said they don't keep logs but we don't really know if they actually do logging and how long they keep the logs (if they keep logs). All VPN services definitely know your real public IP address and related activities when you use their service I believe, unless you take some extra steps to obfuscate your true identity to hide even from the VPN.
True. Choosing a VPN in a country that does not have invasive laws like the "patriot act" in america is a start. I am sure the guide will have more information
mirimir's guide? I actually have lost track of which country provides friendly laws regarding this. I heard EU is kind of "hot" right now, in a negative meaning.
Question for Mirimir. How might one go about Obfuscating your real IP from the first VPN in your chain. Assuming of course that TOR is not first before the VPN's.
As far as I know, the EU generally is more privacy-friendly than the US. The EU Data Retention Directive was invalidated in April, so now the Data Protection Directive is back in force. So there is no EU-wide requirement for logging, even by ISPs. But of course the UK has its draconian laws. Logging by VPNs is common in the US, even though there's no legal requirement. And then there's the NSA. At this point, one can probably rely on statements in TorrentFreak's 2014 VPN privacy survey. Whatever you connect to directly knows your ISP-assigned IP address. You could connect to a VPN service through an SSH proxy, but then the SSH proxy would know your ISP-assigned IP address. I suppose that one could rent a VPS, semi-anonymously, and run a private SSH proxy, or even obfsproxy. Running an obfsproxy server isn't much harder than running an obfsproxy client. That would hide your VPN from the ISP, obfuscate traffic, and hide your ISP-assigned IP address from the VPN service.
There are two distinct questions. Are vpn providers *legally* required to keep logs? Do vpn providers keep logs even absent a legal requirement? In the US, there is no mandatory data retention law, and a vpn provider is therefore not legally required to keep logs. In the EU, there is the EU data retention directive which was ruled invalid by the CJEU and local laws pertaining to mandatory data retention. National laws on mandatory data retention are still enforce, but most of these only apply to telecommunication and internet service providers. Since the vpn provider does not offer the connectivity to the internet, it's likely not covered by mandatory data retention. But it may still elect to log everything.
USA vs EU: In the EU we have servers in countries where Data Retention Directive (2006/24/EC) implementation has been declared unconstitutional (Romania, Germany) or where its scope does not cover our service (any other Member State). We fully comply to the EU legal framework. USA situation (under this point of view) is even better: in the USA currently there's no mandatory data retention at all, not even for domestic ISPs. Singapore, where we maintain 3 servers, has no mandatory data retention for our service. Source: https://airvpn.org/topic/9358-eu-and-data-retention-laws-with-eu-based-vpn/
@dogbite The EU is generally more progressive then the United States re data retention. While there are no laws in the US requiring data retention. Companies either keep data as a business model or out of fear of what the future could bring (three digit agencies). There is an absolute reason that most from the US who use VPN's chose a service outside of US jurisdiction.
Well yes, so as other citizens shouldn't use VPNs and the servers within the jurisdiction of their own countries. OTOH, most South-east Asian countries are more interested into censorship instead, they don't really do surveillance as far as I'm aware of. But then again, the regulation usually only applies to ISPs.
I have heard though that the data centers do keep logs, sometimes. But what can the data center see? Can they see content? Or only IP addresses associated with websites?
EarthVPN says they don't keep logs but it didn't help this user: “No logs” EarthVPN user arrested after police finds logs http://www.wipeyourdata.com/other-d...rthvpn-user-arrested-after-police-finds-logs/
It's not clear in the EarthVPN case whether the police relied on logs from the datacenter, or logs from the VPN server. The police did impound one of EarthVPN's servers. Maybe the datacenter had enabled logging on all of its servers, and EarthVPN staff didn't disable it. Or maybe datacenter network traffic logs were enough. The point is that it's arguably impossible for users to know whether logs are being kept. And given that, it's safest to assume that they are.