Discussion in 'privacy general' started by DrearyMushroom, Oct 7, 2017.
Well, now we know to avoid those. Along with HMA, EarthVPN and another that escapes my mind. Anyone remember? It's the one whose ISP gave up traffic logs, which allowed investigators to identify a user.
Ron, my apologies for the mess. Thank you for reposting.
Going back to subject, I don’t mind VPNs that corporate with LE, just put it out in your TOS. There are plenty of people who just care about protection from advertising. They lied and they should never be trusted again, even for the most basic protection.
Email I received today:
"Dear Valued Customer,
There is nothing more important to us than providing you peace of mind through our secure, reliable networks. We work hard every day to earn your trust, and are committed to living up to your expectations for online freedom and privacy.
PureVPN welcomes and respects the free will of its users to use the Internet as they desire – securely and anonymously. We firmly believe that activities such as file sharing, downloading, streaming, messaging, calling, and secure and private browsing are unquestionable rights of every Internet user. The very reason we chose Hong Kong as our home is because of its very liberal, broad and privacy-friendly laws.
Within the context of a VPN service there are two types of logs: Browsing Logs & Network (Troubleshooting and/or Optimization) Logs. Browsing logs are extremely personal and private to users, and we believe no one should collect or have access to these logs, since they have the potential to directly invade users’ privacy. Our “No Log” policy ensures our commitment to this belief.
For additional information we have provided a more detailed explanation here.
We have never shied away from our core philosophy of protecting the individual privacy of our customers. Because of this, we have taken a very clear, proactive stance against cyberstalking, and believe that our actions in this situation simply reaffirm that commitment.
Our commitment to privacy goes even further. Unlike other organizations, having selected Hong Kong as our base of operations, our users enjoy a unique, inherent privacy advantage. Other organizations, who operate in USA, UK, Canada, Australia or similar other regions, are involuntarily subjected to infamous mass surveillance programs like PRISM, ECHELON, XKeyscore, Tempora and others. Thus, PureVPN users are significantly safer.
Please don’t hesitate to contact us with any further questions or concerns, and we look forward to continuing to provide you with the same level of service that you have come to expect from your trusted VPN partner.
tl;dr -- "We don't retain logs, except for some logs that we don't really consider to be logs. And we are happy to share those with investigators."
So from their explanation, providers that do not save this so called "network logs" are still giving their users higher level of privacy. If I were their customer, I would start looking for one.
There should be a bookmarked thread with blacklisted VPN providers.
That's an excellent idea
That would include EarthVPN (user compromised by datacenter logs), HMA (retained logs, and provided them under UK court order) and PureVPN (retained logs, and shared them with investigators).
Then there was that VPN that outed a user voluntarily, because they didn't approve of something he did. Harassment? Anyone remember which VPN that was?
I also recall that some VPNs install browser root certificates, so the can MitM HTTPS. And ones that replace native ads with their own. Anyone remember what VPNs were involved?
For Android VPNs, there's this: http://www.icir.org/vern/papers/vpn-apps-imc16.pdf We have ones that track users, forward traffic through other users' devices, don't actually encrypt traffic, break HTTPS and alter content, and/or install malware
Proxy.sh I think.
Some other shameless vpn providers are listed here.
Yes, that was it. Thanks
here are some naughty loggers:
expressvpn, vyprvpn, vpn.ac, ipvanish, bolehvpn.
What does BolehVPN log? Do you have references for any of those claims?
Me too. I have always thought they were on our "good guy" list. Never used them but I have them mentally logged as one I would think fondly of!
Anybody; do tell if you have any links to where they have logged, please.
I'm not an expert in this field but Bolehvpn's Terms of Service has this to say:
If they monitor general traffic, surely there must be some sort of logging going on.
Well, one can look at throughput by connection in real time, without keeping any logs.
I mean, no VPN can plausibly claim that it can't identify which user has established a particular connection. Because connections must be authenticated. So when VPNs say that they don't retain logs, that doesn't mean that they won't look at what they consider abuse, or excessive use.
AirVPN doesn't try to eliminate persistent high-throughput connections. Rather, it brags about them. And that has raised the same issue, that they must be logging something. As I recall, they say that they don't log anything that could identify users.
Basically, every VPN provider logs just like every AV company collecting your privacy info.
The question is whether those logs are acceptable to you.
I would say maybe a lot of them but not all.
Yeah, I doubt that they're all logging. But the safest assumption is that they're all logging. That's why it's best to use nested VPN chains.
their own tos §4:
I don't have a problem with that. If people are creating unacceptable problems for them, they have the right to figure out who they are, and nuke their accounts. What's dangerous is retaining logs, which become discoverable. That, and the risk of being forced to log by some adversary.
Yes, having the technical ability to do so almost certainly tempts people to do wrong things - whether on their own initiative or corporate or government.
One only has to think of mass surveillance, where things like Netflow and Rmon boxes led to the current state of affairs.
Well, there's no way to run a VPN where logging is impossible. Because it's all under your control. I mean, you see traffic from/to users, and you see traffic to/from websites. You could, I suppose, sandbox stuff under different control points. But then, users would need to trust that you'd actually done that
you may be (partially) right but who defines "unacceptable problems" in each and every case? what is the precise definition of "unacceptable problems", unacceptable for whom? what guarantees that they don't and won't retain logs of dissidents under persecution in authoritarian countries such as china, iran, syria, turkey, malaysia, saudi arabia, etc.?
The VPN service provider decides, obviously.
And yes, there's no way to know.
But think about it. Maybe the ones (such as PureVPN) that cry "no logs" the loudest are more worrisome.