VPN providers that do not log - how do they locate abuse?

Here is an explanation from one VPN admin.

http://www.hackforums.net/showthread.php?tid=1115515&pid=15027333#pid15027333

 

A lot of abuse comes from debricking a modem also.

 

Requires an account to view the content. Any way you can copy and paste what is there or provide a page that doesn't require users to login? Thanks

 

Deja Vu ZXY Wrote: Thank you for the quick response.
So basically i read out of your answers that it's all possible due to the large user base and i assume it's possible.
I am considering purchasing your service so thats why i asked these questions.
By the way i changed my post and added one more question, but since you were probably typing answers you didn't see the change:
"How is the IP address or account suspension monitoring possible if you keep everything anonymous and have "0 control over users actions"?"
And now i got another one. The service keeps no logs etc, but lets say some agencies come to sniff around and if a user has dedicated IP address then the user also has username linked to it. How are you keeping that anonymous? I'm guessing it is kept private and how the system is built, but i would love to hear your answer.


look you gotta understand that i asked myself the same questions of your questions BEFORE we even started and went in .. and seeing the background we came from ( warez scene ) and over 10 years experience in this, i knew how to keep things anonmyous or atleast to the extend you can define it as 'anonymous' and 'safe'...

i asked myself, how would we be we going to do his efficiently .. without steppin in more and more unneeded problems in the future...( i dont believe in short term strategies for a few months ... )

that is what i asked myself each and every day.. exactly the same questions beforehand .. and step by step we improved so much and changed so much of the structure that i can say now... im at a 90% satisfaction rate..

a vpn service, a good one only works out if your structure and concept is 100% on point.. thats why i always smirk seeing these new kids and their 2 months VPN plans.. thinkin its big cash in this....

it is NOT...quality costs money.... any IP, bandwidth COST money....every month...

either they desperate for a quick 200$ or they dont have any real plans and dont even have a clue of how much new problems they will stumble into in the next months, as soon as this getting bigger... from account setup creation, NEW fresh server deploy that have to be secure and handled quickly ( you cant sit there 1-3 days installing the needed softwares and settings by yourself you need an automatic routine )... handling abuse, handling support, handling invoices to be paid on time... hardware out of the line events...technical or script issues.. better dont have payment problems either .... the list is just endless..

but their plan isnt to grow or to expand... their plan can be to just make a quick 200$ profit... you feel me....

but back to your questions...

the IP monitoring wasnt possible up until some weeks ago, shared IPs simply got suspended, EVERYONE that were assigned to the abuse shared IP had his account either suspended OR moved onto another country, depended on the abuse report and content and was already automatic

but it was like blind fightin an enemy ... when the abuses went outta hands, i knew we have to react somehow to survive and adjust this in the future ...

so what we did was to think about how can we get it done without adding a possible new security risk, or to keep logs..

we sat there for 10 days to find a better real efficient solution ... to atleast lower the mass of possible username accounts on an abuse event, ONLY for us...INTERNAL ...not for everyone else..

so we thought of a good idea to check for an abuser internal with a set of a random flag on a VPN username and an encrypted script/file placed in an outsourced country, way offroad from the actual countries/website/validation/script servers ... its now stored, which just for the principle i dont like so i will maybe change it to have it send by mail .. with a password on the .tar file ... we will see... unimportant...

that only we can decrypt.. i dont need to mention that this file is placed in a completely outsourced country on a entirely encrypted disk .. and isnt possible to decrypt and read it, no authority could ever get ahold of this file and even then, it first has to be decrypted to make it human readable and contains only the ID of where to set the flag anyways ... its inside a truecrypt container in a hidden volume and some other security measures went along with it, since im ****in PARANOID myself..

this dont give you a log type of status, it sets a red flag, a little sign on the IP of the initial abuse report.. sounds pathetic... but it does what it has to do... helps to avoid being forced to suspend ALL accounts on a shared IP...

with this you can atleast decrease the amount of usernames that were POSSIBLY doin the abuse... since then we dont have to suspend all shared accounts any more... and this without adding a security risk....or to keep an IP log....

in most cases this isnt even needed either ... some shared IPs only have 5 clients on it...

out of those 5... 2 of them already expired, another one signed up later than abuse event date...so theres only 2 left over, you can now suspend the accounts or move them to a country where they are more lax on the abuse topic ..

and your sniffing theory is again only theory .. reality looks different..

in real abuses, serious abuses, what COULD happen is that the server, lets say UK gets raided.... im saying this is possible it never happaned .. but it is possible ... but on the UK itself are no log files or usernames stored.... the validation happens wayy outside in a exotic funny country in a longg chain...

even if they raid the UK... all they gonna find is the openVPN installation folder, some firewall rules and NO logs inside.. and that is it... it is utterly useless....

validation process, includes country, username and expiry check and another check...

this validation server itself is in an exotic real offshore country again ... stores username, transaction ID, email...this server is again encrypted ..

so to even get access this database is a longggg road to go... it wouldnt even be worth it to take all this effort into this over some random abuses that happen on ANY vpn provider worldwide anyways... on some more on some less....

if an authority thinks about checking an assigned IP to a username, they have to first find and get the validation server ( and they better not shut it down to take the disk with them... or they wont ever access this disk again ) .. nobody is going to even try to decrypt this lousy disk, encrypted with true crypt, in the first place...

it is not reality...

no authority works this way and puts so much effort into this, as long as you dont 24/7 host child porn, or support lulzsecurity to hack the pentagon ... it is out of reality...

and if they passed all this chain and try to check the username .. all they going to find is a email and transaction assigned to this username so yes from this YOU COULD think

'hey that is a trace and a bust'...

but its just theory...again... ppl use fake infos on paypal ... liberty dont even process names .... i know ppl close, that been busted in big cases, huge warez sites busted with millions of damage....tax fraud included ( searched by international warrant ) which is taken really serious in some countries in europe...

in all those cases, as soon as authorities seen their disks were encrypted they gave up on the same day, a good friend of mine is now in exactly this situation and not over 500$ either, we talk about different dimensions here ...

what you need is a real evidence that this username did an abuse on this and that day... you need an IP log of the event AND the username...

since this dont exist nowhere.. all you would have in the long chain of gathering infos, is a username and a email and a transaction ID ...

that is nothing... the abuses that happen, 80% arent even worth it to put any further effort into this .. its the regular abuses that happen on ANY vpn provider...

even strongVPN, cyberghost has abuses... daily.... day in and day out.... they cant protect theirself from this either, they are not anythin special.. its even worse they DO keep logs.. cuz they dont care about any individual.. their income is the mass... the usual torrent seeder at most...and they are not ashamed to admit they keep logs...

authorities cant and wont raid your full service and raid 20 servers over 10 different countries where they dont even have any say in...

we dont do anything ilegal in the fist place ..

what we have to do and always will do, is to keep abuses on an acceptable level, whatever it means on each country... or any innocent client would suffer in the end..

they want reactions.. if you dont do it.. the server is shutdown....this is what we do, anythin else is out of my interest...

 

I can't understand what he is saying.

 

He is saying that an investigating authority has to have (1) an IP log of an abuse event and (2) link an assigned IP to a username. The usernames, transaction IDs (payment receipts) and email addresses are stored encrypted on a validation server in a country separate from the (no-log) servers that you use. Assuming an investigator could somehow get access to the contents of this validation server, what would he have? A bunch of pseudonyms, possibly anonymous email accounts created through Tor, payment receipts from Liberty Reserve or prepaid cards, and no logs.

When the German police grabbed the hard disk drives of Perfect Privacy in Erfurt (because of Anonymous doing DDoS) all they got was hashed passwords and pseudonyms. Why? Because these servers kept no logs.

 

Thank you so much for explaining that to me. And wow, I did not know that Anonymous had used Perfect Privacy. I have had one of their accounts before. I have also had a torrentfreedom account. No one seems to ever mention them anymore.

Since Perfect Privacy is a U.S. company, and since Anonymous has used their service to Hack, I can only imagine the kind of pressure that they may be receiving from the government.