PureVPN keeping logs?

Discussion in 'privacy general' started by DrearyMushroom, Oct 7, 2017.

  1. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    4
    Location:
    The Internet
    https://www.bleepingcomputer.com/ne...after-vpn-providers-shared-logs-with-the-fbi/

     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Well, now we know to avoid those. Along with HMA, EarthVPN and another that escapes my mind. Anyone remember? It's the one whose ISP gave up traffic logs, which allowed investigators to identify a user.
     
  3. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,837
    Location:
    US
    Ron, my apologies for the mess. Thank you for reposting.

    Going back to subject, I don’t mind VPNs that corporate with LE, just put it out in your TOS. There are plenty of people who just care about protection from advertising. They lied and they should never be trusted again, even for the most basic protection.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,891
    Location:
    Among the gum trees
    Email I received today:

    "Dear Valued Customer,

    There is nothing more important to us than providing you peace of mind through our secure, reliable networks. We work hard every day to earn your trust, and are committed to living up to your expectations for online freedom and privacy.

    PureVPN welcomes and respects the free will of its users to use the Internet as they desire – securely and anonymously. We firmly believe that activities such as file sharing, downloading, streaming, messaging, calling, and secure and private browsing are unquestionable rights of every Internet user. The very reason we chose Hong Kong as our home is because of its very liberal, broad and privacy-friendly laws.

    In light of recent news reports, we felt it was important to reach out to clarify our privacy policy and to set the record straight about our role in helping stop an aggressive cyber stalker. To do so, it’s important to clarify some technical terms which may be confusing or too broad at times.

    Within the context of a VPN service there are two types of logs: Browsing Logs & Network (Troubleshooting and/or Optimization) Logs. Browsing logs are extremely personal and private to users, and we believe no one should collect or have access to these logs, since they have the potential to directly invade users’ privacy. Our “No Log” policy ensures our commitment to this belief.

    Network logs, on the other hand, are purely for troubleshooting and optimization, with no information about the browsing habits or other private activities of users. These logs, among other system logs such as bandwidth consumed, contain mostly the timestamps of users (identified by their non-VPN IP address), connection initiation, and disconnection times. As stated in our Privacy Policy, these are the logs that we collect and store for business and service optimization purposes.

    For additional information we have provided a more detailed explanation here.

    We have never shied away from our core philosophy of protecting the individual privacy of our customers. Because of this, we have taken a very clear, proactive stance against cyberstalking, and believe that our actions in this situation simply reaffirm that commitment.

    Our commitment to privacy goes even further. Unlike other organizations, having selected Hong Kong as our base of operations, our users enjoy a unique, inherent privacy advantage. Other organizations, who operate in USA, UK, Canada, Australia or similar other regions, are involuntarily subjected to infamous mass surveillance programs like PRISM, ECHELON, XKeyscore, Tempora and others. Thus, PureVPN users are significantly safer.

    Please don’t hesitate to contact us with any further questions or concerns, and we look forward to continuing to provide you with the same level of service that you have come to expect from your trusted VPN partner.

    Regards,
    PureVPN"
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    tl;dr -- "We don't retain logs, except for some logs that we don't really consider to be logs. And we are happy to share those with investigators."
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    So from their explanation, providers that do not save this so called "network logs" are still giving their users higher level of privacy. If I were their customer, I would start looking for one.
     
  7. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,837
    Location:
    US
    There should be a bookmarked thread with blacklisted VPN providers.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    That's an excellent idea :thumb:

    That would include EarthVPN (user compromised by datacenter logs), HMA (retained logs, and provided them under UK court order) and PureVPN (retained logs, and shared them with investigators).

    Then there was that VPN that outed a user voluntarily, because they didn't approve of something he did. Harassment? Anyone remember which VPN that was?

    I also recall that some VPNs install browser root certificates, so the can MitM HTTPS. And ones that replace native ads with their own. Anyone remember what VPNs were involved?

    For Android VPNs, there's this: http://www.icir.org/vern/papers/vpn-apps-imc16.pdf We have ones that track users, forward traffic through other users' devices, don't actually encrypt traffic, break HTTPS and alter content, and/or install malware :eek:
     
    Last edited by a moderator: Oct 20, 2017
  9. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    85
    Proxy.sh I think.

    Some other shameless vpn providers are listed here.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Yes, that was it. Thanks :)
    :thumb:
     
  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
    here are some naughty loggers:
    expressvpn, vyprvpn, vpn.ac, ipvanish, bolehvpn.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    What does BolehVPN log? Do you have references for any of those claims?
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,868
    Me too. I have always thought they were on our "good guy" list. Never used them but I have them mentally logged as one I would think fondly of!

    Anybody; do tell if you have any links to where they have logged, please.
     
  14. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,703
    Location:
    UK
    I'm not an expert in this field but Bolehvpn's Terms of Service has this to say:
    If they monitor general traffic, surely there must be some sort of logging going on.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Well, one can look at throughput by connection in real time, without keeping any logs.

    I mean, no VPN can plausibly claim that it can't identify which user has established a particular connection. Because connections must be authenticated. So when VPNs say that they don't retain logs, that doesn't mean that they won't look at what they consider abuse, or excessive use.

    AirVPN doesn't try to eliminate persistent high-throughput connections. Rather, it brags about them. And that has raised the same issue, that they must be logging something. As I recall, they say that they don't log anything that could identify users.
     
  16. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    428
    Location:
    Far East
    Basically, every VPN provider logs just like every AV company collecting your privacy info.

    The question is whether those logs are acceptable to you.
     
  17. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,837
    Location:
    US
    I would say maybe a lot of them but not all.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Yeah, I doubt that they're all logging. But the safest assumption is that they're all logging. That's why it's best to use nested VPN chains.
     
  19. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
  20. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
    ditto.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    I don't have a problem with that. If people are creating unacceptable problems for them, they have the right to figure out who they are, and nuke their accounts. What's dangerous is retaining logs, which become discoverable. That, and the risk of being forced to log by some adversary.
     
  22. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    Yes, having the technical ability to do so almost certainly tempts people to do wrong things - whether on their own initiative or corporate or government.

    One only has to think of mass surveillance, where things like Netflow and Rmon boxes led to the current state of affairs.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Well, there's no way to run a VPN where logging is impossible. Because it's all under your control. I mean, you see traffic from/to users, and you see traffic to/from websites. You could, I suppose, sandbox stuff under different control points. But then, users would need to trust that you'd actually done that ;)
     
  24. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
    you may be (partially) right but who defines "unacceptable problems" in each and every case? what is the precise definition of "unacceptable problems", unacceptable for whom? what guarantees that they don't and won't retain logs of dissidents under persecution in authoritarian countries such as china, iran, syria, turkey, malaysia, saudi arabia, etc.?
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    The VPN service provider decides, obviously.

    And yes, there's no way to know.

    But think about it. Maybe the ones (such as PureVPN) that cry "no logs" the loudest are more worrisome.
     
Loading...