Are there actually any VPNs that aren't required by law to keep IP logs?

Discussion in 'privacy technology' started by DesuMaiden, Sep 7, 2014.

  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I think all VPNs are required to keep ip logs. Is that true or not? I think there are VPNs that don't keep ip logs. They are just hard to find.
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Some dont keep logs.

    I believe torrentfreak has a guide on what vpns are best to use
     
  3. guest

    guest Guest

    They said they don't keep logs but we don't really know if they actually do logging and how long they keep the logs (if they keep logs). All VPN services definitely know your real public IP address and related activities when you use their service I believe, unless you take some extra steps to obfuscate your true identity to hide even from the VPN.
     
    Last edited by a moderator: Sep 8, 2014
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    True.

    Choosing a VPN in a country that does not have invasive laws like the "patriot act" in america is a start.
    I am sure the guide will have more information
     
  5. guest

    guest Guest

    mirimir's guide?

    I actually have lost track of which country provides friendly laws regarding this. I heard EU is kind of "hot" right now, in a negative meaning.
     
  6. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Question for Mirimir. How might one go about Obfuscating your real IP from the first VPN in your chain. Assuming of course that TOR is not first before the VPN's.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    As far as I know, the EU generally is more privacy-friendly than the US. The EU Data Retention Directive was invalidated in April, so now the Data Protection Directive is back in force. So there is no EU-wide requirement for logging, even by ISPs. But of course the UK has its draconian laws. Logging by VPNs is common in the US, even though there's no legal requirement. And then there's the NSA. At this point, one can probably rely on statements in TorrentFreak's 2014 VPN privacy survey.

    Whatever you connect to directly knows your ISP-assigned IP address. You could connect to a VPN service through an SSH proxy, but then the SSH proxy would know your ISP-assigned IP address. I suppose that one could rent a VPS, semi-anonymously, and run a private SSH proxy, or even obfsproxy. Running an obfsproxy server isn't much harder than running an obfsproxy client. That would hide your VPN from the ISP, obfuscate traffic, and hide your ISP-assigned IP address from the VPN service.
     
  8. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    There are two distinct questions.

    Are vpn providers *legally* required to keep logs?

    Do vpn providers keep logs even absent a legal requirement?

    In the US, there is no mandatory data retention law, and a vpn provider is therefore not legally required to keep logs.

    In the EU, there is the EU data retention directive which was ruled invalid by the CJEU and local laws pertaining to mandatory data retention.

    National laws on mandatory data retention are still enforce, but most of these only apply to telecommunication and internet service providers.


    Since the vpn provider does not offer the connectivity to the internet, it's likely not covered by mandatory data retention.

    But it may still elect to log everything.
     
  9. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    USA vs EU:

    In the EU we have servers in countries where Data Retention Directive (2006/24/EC) implementation has been declared unconstitutional (Romania, Germany) or where its scope does not cover our service (any other Member State). We fully comply to the EU legal framework.

    USA situation (under this point of view) is even better: in the USA currently there's no mandatory data retention at all, not even for domestic ISPs. Singapore, where we maintain 3 servers, has no mandatory data retention for our service.

    Source: https://airvpn.org/topic/9358-eu-and-data-retention-laws-with-eu-based-vpn/
     
  10. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    @dogbite The EU is generally more progressive then the United States re data retention. While there are no laws in the US requiring data retention. Companies either keep data as a business model or out of fear of what the future could bring (three digit agencies). There is an absolute reason that most from the US who use VPN's chose a service outside of US jurisdiction.
     
    Last edited: Sep 8, 2014
  11. guest

    guest Guest

    Well yes, so as other citizens shouldn't use VPNs and the servers within the jurisdiction of their own countries. OTOH, most South-east Asian countries are more interested into censorship instead, they don't really do surveillance as far as I'm aware of. But then again, the regulation usually only applies to ISPs.
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have heard though that the data centers do keep logs, sometimes. But what can the data center see? Can they see content? Or only IP addresses associated with websites?
     
  13. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's not clear in the EarthVPN case whether the police relied on logs from the datacenter, or logs from the VPN server. The police did impound one of EarthVPN's servers. Maybe the datacenter had enabled logging on all of its servers, and EarthVPN staff didn't disable it. Or maybe datacenter network traffic logs were enough.

    The point is that it's arguably impossible for users to know whether logs are being kept. And given that, it's safest to assume that they are.
     
Loading...