Which VPN Providers Really Take Anonymity Seriously?

[HardOCP News]

Do you think anyone was surprised to learn that LulzSec members were tracked down this way? Honestly folks, how many VPN providers do you think would risk jail or a lawsuit to protect you?

Last month it became apparent that not all VPN providers live up to their marketing after an alleged member of Lulzsec was tracked down after using a supposedly anonymous service from HideMyAss. We wanted to know which VPN providers take privacy extremely seriously so we asked many of the leading providers two very straightforward questions. Their responses will be of interest to anyone concerned with anonymity issues.

 

[Serpent]

I'm actually surprised by the number of vpn saying they don't log at all. I somehow doubt that they are being completely truthful though.

But I've never used these services... only one that I do use is Hostizzle and that's for every day stuff.

 

[Dekoth-E-]

So basically, if you are gonna be doing "questionable" shit, be sure your VPN service terms and conditions protect you.

 

[TwistedAegis]

This is for anonymous downloading of Linux distros, right?

 

[Cerulean]

It is politically correct to say you do not keep logs. Now whether you actually do keep logs or not is an entirely different thing. The only way to find out is by being an employee of that company for long enough to figure out whether they actually do keep logs.

Storage is extremely inexpensive and cheap. Keeping logs isn't difficult.

 

[DeathCloud]

If it is a free service it will rat you out plain and simple. If it is a company in the US it will rat you out as well. It need to be located over sea's or not even worth using.

 

[mrgstiffler]

They may not keep logs, but they can see active connections. Once the investigators find out what service is used, you can bet they'll be able to track it back to you if you continue to use it. They may not be able to prove what you did in the past, but that wont really matter.

 

[messerchmidt]

be behind 7 proxies, tor, and then a vpn...problem solved

 

[figgie]

Anonimity,

the biggest lie there is. If it comes from somewhere (the source), it can be traced back. Really not hard at all. IP header changed, easy to tell.

Messerchmidt, you can do 1000 proxies, tor, and n+1 vpn jumps. All it does is complicate the trace not make it impossible.

 

[Xrave]

Did they really expect any of those companies to say they keep log histories to identify the user?

 

[NKDietrich]

Did they really expect any of those companies to say they keep log histories to identify the user?

Some of them did.

They could lie and say they don't keep logs, I suppose, but they'd be outed the second someone had legal action taken against them because of those logs, and their customer base would evaporate over night.

 

[Sycraft]

None of them would go to jail for you, and none of them will ultimately protect you. Even if they don't log, that won't really help. Reason is the authorities will simply get a wiretap warrant. They'll come in and set up a server that will log all the traffic they need itself, secretly and transparently. The provider will comply, they'll have no choice.

This isn't me speaking theoretically by the way, I've worked at a NOC when wiretap warrants were served. The FBI is very professional about it, we just set up a port channel that replicated everything they were interested to off to the box they put in the data centre. While the tap was going on, it was all under a gag order. After it was done, they collected their hardware and were on their way.

 

[NKDietrich]

Anonimity,

the biggest lie there is. If it comes from somewhere (the source), it can be traced back. Really not hard at all. IP header changed, easy to tell.

Messerchmidt, you can do 1000 proxies, tor, and n+1 vpn jumps. All it does is complicate the trace not make it impossible.

Computers only remember what they are told to remember. If a system routing network traffic does not keep long-term logs of activity, that's it. Your attempts to locate the end user have failed. There is nothing inherent to a VPN that requires your IP address to be known after your activity has stopped. Once you end your session, the system no longer has need for any data about that session, including your IP address. Once that data no longer exists in memory, it's gone if it hasn't been written to disk.

If any and all connections could be "easily traced" then there'd be a lot more criminals behind bars.

 

[NKDietrich]

Just to add, that doesn't prevent surveillance, but for simple privacy where you're just nabbing music or software, it's pretty solid protection. Governments and copyright orgs don't have the time or manpower to do more than send a form email asking a service provider to give up your info, given the number of emails they send out.

 

[jctusmc03]

HMA logs for sure. My roommate and I were using it for a while and we got a letter in the mail for a movie he downloaded. Their speeds were also really slow. We dropped it a few days ago and got a refund.

 

[Hornet]

I'm pretty sure anyone using a VPN service to carry out their hacking activities are breaking the VPN's TOS so why would anyone in their right mind expect these companies to protect the hackers?

 

[ianken]

They may not keep logs, but they can see active connections. Once the investigators find out what service is used, you can bet they'll be able to track it back to you if you continue to use it. They may not be able to prove what you did in the past, but that wont really matter.

THIS.

Hello, we're from the (security apparatus of your nation). If you wish to remain in business you'll allow us to place this device in your data center.

Then game over. Any anonbot that thinks they can hide perpetually is a fool...