VPNs are Lying About Logs

[reactor]

Do you believe what your VPN says about its logging policies?

 

Be careful.

 

A recent court case in Massachusetts has once again proven that some VPNs with “zero log” policies are indeed keeping logs and handing this information over to authorities.

 

In this guide we’ll examine the recent case and other examples to illustrate what’s going on and how you can protect yourself.

Here’s what you need to know.

Law enforcement vs “no logs”

PureVPN was recently caught red-handed.

The Department of Justice just published a complaint involving a cyberstalking case. The case involved a US resident who was allegedly stalking and harassing people while using PureVPN.

The relevant section of the complaint appears at the bottom of page 22:

While it is difficult to determine exactly what details these “records” (logs) contained, it is clear that enough information was provided for law enforcement officials arrest the PureVPN user on cyberstalking charges.

The FBI complaint above clearly appears to contradict the PureVPN privacy policy – notably this section here:

The PureVPN user above was clearly not “invisible”.

But this isn’t the first time law enforcement agencies have rained on the “no logs” VPN party.

According to a post on WipeYourData, a user of the “absolutely no logs” EarthVPN service was arrested with the help of “connection logs” obtained by police. While the post is short on details, it states Dutch police used these “connection logs” to arrest the EarthVPN user for allegedly making bomb threats.

When the story broke, EarthVPN allegedly blamed the datacenter where the server was located, but commenters suggested that the VPN may have handed over information to police. (There’s no way to know for sure and the original report is short on details.)

And finally, there’s also the case with HideMyAss.

According to Invisibler, HideMyAss, the UK-based VPN service, appears to have cooperated with US authorities in handing over logs in a hacking case. This lead to the arrest of a hacker in what is known as the “LulzSec fiasco”.

There are likely more examples that we will never know about where VPNs have handed over customer data (logs) to authorities.

Contradictory “no logs” claims

Further adding to the confusion is that there is no standard definition of “logs” or “no logs” used across the VPN industry. As you will see below, many VPNs come up with their own convoluted definitions.

Here are two examples where the marketing claims seem to contradict the privacy policies.

Example 1: Betternet

Betternet privacy policy:

Betternet may collect the connection times to our Service and the total amount of data transferred per day… Betternet uses third-parties (the “Third Party”) for advertisement. Third Party may use technologies to access some data including but not limited to cookies to estimate the effectiveness of their advertisements.

Example 2: PureVPN

PureVPN has a “Zero Log policy”.

Now returning again to the PureVPN privacy policy, notice the first and second-to-last sentences:

Nothing to see here folks…

Apparently keeping “connection and bandwidth” is part of PureVPN’s “zero log policy”.

It seems many people will just look for the “no logs” claims on the homepage and never read the fine print in the privacy policy.

These contradictory claims are fairly common with VPNs.

Red flags with VPN logs

How do you know if you can trust what your VPN says about logs?

There is no concrete answer here, but you can watch out for these red flags:

• Contradictory statements – Compare the marketing statements to the privacy policy. If they contradict each other, you may have a problem.
• Restrictions + “no logs” – If a VPN is enforcing restrictions, this often requires some form of logging. While connection restrictions can perhaps be implemented in real time, bandwidth restrictions require logging.
• Jurisdiction – VPNs in certain jurisdictions, such as the US and UK, may be compelled to hand over information to government authorities. VPNs in the US, for example, can be forced to monitor/log their users by government authorities while being prohibited from disclosure (gag orders).

VPN logs are generally a grey area.

Reading the fine print will help you sort through the noise.

 

How to protect yourself

Here are five ways to protect yourself from a VPN service or server that may be compromised:

• Verified “no logs” claims – There have been two examples where “no logs” claims have prevailed over law enforcement. Private Internet Access had their “no logs” claims tested and verified in US court last year. In another example, Perfect Privacy had two of their servers seized in Rotterdam (also reported by TorrentFreak). According to Perfect Privacy, customer data remained safe due to the server configuration and their strict “no logs” policies.
• Multi-hop VPN – One way to protect yourself if a VPN server is compromised is through a multi-hop VPN configuration. A multi-hop configuration will help to mask incoming and/or outgoing traffic. Both ZorroVPN and Perfect Privacy offer self-configurable multi-hop VPN chains with up to four servers. VPN.ac offers 18 different double-hop configurations.
• VPN + Tor – If done correctly, using a VPN in combination with the Tor network can further protect users (but performance will drop significantly).
• Multiple VPN services – Using more than one VPN service at the same time will also provide more anonymity. A simple way to implement this setup would be to use one VPN on a router, and then connect to that network through another VPN on your computer/device. Implementing this technique with virtual machines is another option. (The main drawback will again be performance.)
• Privacy-friendly jurisdiction – Choosing a VPN that is outside the 5/9/14 Eyes surveillance countries may offer further protection. Nonetheless, this is no silver bullet. As we saw with PureVPN, being operated in Hong Kong does not mean they won’t cooperate with US authorities.

VPN logs are not necessarily a bad thing. It all depends on your threat model and how much privacy and online anonymity you seek to achieve.

Many VPN providers keep some logs and clearly explain this on their website. Two examples of logging transparency are AirVPN and ExpressVPN (ExpressVPN recently revised its website to further clarify their policies). But there are other VPN services that keep or “retain” data, while falsely claiming to be “no logs” on their homepage (red flag).

The key is to understand what’s going on with these policies, look for honest and transparent providers, and take extra precautions if you want to achieve higher levels of online anonymity

 

https://restoreprivacy.com/vpn-logs-lies/

[nIGHT]

Very informative.

I, too, would like to build a vpn service with "no logs zero logs no ads multihop multivpn services attached" but worried (aside from the technical aspect and high cost) that it will just be used by terrorist and pedobears.

 

[Radpop]

PureVPN isn't any Premium VPN provider. In paper, it offers large number of server locations and many unusual security features. In reality, speed performance is bad or mediocre, and many security techniques fail. It have been leaking DNS, even with DNS leak protection turned on. VPN’s most basic function is to hide your own IP address and PureVPN have failed in that.

 

If you read BestVPN review (0.9/5) and reader's responses in it from 2016 to October 2017, you can't ignore the huge number of complaints BestVPN has received about this VPN service.

[nsan3]

A refreshing read indeed.

 

So like is "Perfect Privacy" & "Zorro VPN" the only real No-Logging VPNs without any smoke screens ???

 

Heard that "Perfect Privacy" generates a password from their end instead of users being allowed to do so. If that is indeed true, then its a letdown.

 

Please give us your thoughts on the same. Thanks.

[dcs18]

Quote

VPNs are Lying About Logs

The title is misleading, it should've been — Some VPNs are Lying About Logs

[steven36]

PureVPN didn't even lie about logs it says they  log in there privacy policy  and Hide My ASS don't ether  they says they do

 

 

 

Quote

 

If you use our VPN service:

• What data we collect: We will store a time stamp and IP address when you connect and disconnect to our VPN service, the amount data transmitted (up- and download) during your session together with the IP address of the individual VPN server used by you. We do not store details of, or monitor, the websites you connect to when using our VPN service. We collect aggregated statistical (non-personal) data about the usage of our mobile apps and software.
• Why we need this data and how we use it: We need this data to can monitor the performance and usage of our VPN Service, for example it enables us to sort server nodes by the number of users connected, to limit your account to one concurrent IP address per VPN connection (to prevent shared accounts), resource analytics (to carry out usage analysis for administrative purposes) and to prevent abuse and fraud.
• How long do we store this data: This data is stored on our system for between 2 and 3 months unless we are required, for legal reasons or under exceptional circumstances (including our own investigations of fraud or abuse), to retain this data for an extended period. For more information about logging on our VPN Service, please see our separate VPN Logging Policy.

 

https://www.hidemyass.com/legal/privacy

People are just too dumb too read the privacy policy before they buy stuff  is all .. If  I bought a VPN  and they say they don't do no logs at all and something happen I would sue them and that's the reason these VPNs  that has helped the FBI  out say they log in there privacy policy is too protect themselves from being sued  .

[xBatmaNx]

how is PIA. private internet acces

[Radpop]

NordVPN is one of the best VPN providers, definitely. You get excellent quality in cheap price, if you search on coupons. They are not hard to find. NordVPN had an ipv6 dns leak some months ago but they fixed it. 

 

[steven36]

A lot of vpn review sites like  thebestvpn.com  , torrentfreak  etc. spread misinformation there  is a difference  in  just  not keeping  logs  once you established  a connection  than keeping no logs what so ever.  Just keeping time stamps or even if the vpn limits there traffic they keep logs of how much traffic  you're using . And any kind of logs can be helpful to the police  if you get on law enforcement's radar  .  This is what happens when you believe everything  you read  and don't read a vpns privacy policy for yourself .

 

Not keeping  logs  once you established  a connection is enough for most people  it just depends on you're needs  . Some just use VPNs for work to have a encrypted connection this is what VPNs were really made for,  some just use them too bypass Geo restrictions to stream media and too access sites and If you just p2p  up tell now no one has ever been caught using these type vpns,   But be warned  some vpns  will ban you   if you cause them to get DMCAs that just depends on witch one you have.

 

Only hardcore criminals  like hackers that broke into the Government ,  Cyber stalkers and idiots who make threats on the internet in countries that have laws against it that  law enforcement even bothered with. So if you  are some kind of activist or journalist you would not want too use a vpn that kept timestamps you would want one that has no logs what so ever. That's what happen  too Anonymous  and  how the FBI caught the real Anonymous years ago was with vpn logs  so this is nothing new  really.

[Radpop]

One thing is important: VPN must hide your real address.  Then, if you want to do reasonable decision, you have to first think, what you want from VPN provider: Ultimum privacy? High speed? Cheap price? Great customer service? Available server locations? Or something else? 

 

Case NordVPN, they all lie?

 

[steven36]

When it comes too DNS  leaks , ip6 leaks ETC.  if you're real IP is leaking that is due to  the end user poorly configuring there OS too mitigate  leaks , some VPN clients do a good job of doing this on there own and some don't .  This goes back too people that don't know what there doing and maybe should have someone who does set there VPN up for them or get someone on the forums too help you fix you're leaks. Not all vpns  even come with 3rd party software  some just use open vpn client .

[hacker7]

9 hours ago, steven36 said:

When it comes too DNS  leaks , ip6 leaks ETC.  if you're real IP is leaking that is due to  the end user poorly configuring there OS too mitigate  leaks , some VPN clients do a good job of doing this on there own and some don't .  This goes back too people that don't know what there doing and maybe should have someone who does set there VPN up for them or get someone on the forums too help you fix you're leaks. Not all vpns  even come with 3rd party software  some just use open vpn client .

So i see that you are using Cyber.? And i'm sure that U did your research before using it.!

How would you compare their policy about logs with other vpn providers.? 

[steven36]

12 minutes ago, hacker7 said:

So i see that you are using Cyber.? And i'm sure that U did your research before using it.!

How would you compare their policy about logs with other vpn providers.? 

No i don't use that  one no more I don't  like too talk about what i use.. its no ones business but mine I'm not trying to sell you a vpn  i get nothing if you  buy what i use. but I will talk about the ones I use too use and why i left .

 

As far as NORD VPN i used before for like a year  it it's not a bad vpn but it just was not the the best one for me. Google  and cloudflare blocked  a lot of NORD ips and some of there servers were slow  and they were not good at fixing bugs  . The biggest thing i didn't like about Nord was it left too many ports open when doing test  . It open up ports my router has closed.

 

Only reason I  used Cyberghost  before it was a free giveaway too test it  and I dont really like it  and have  bought a few others since .

 

This is security and privacy news not  lets promote the VPN  I pay for I never promote witch  VPN to buy  tha'ts something the end user should decide for themselves . If something was to happen and you promoted it you would be eating crow.

[hacker7]

Quote

 

No i don't use that  one no more I don't  like too talk about what i use.. its no ones business but mine I'm not trying to sell you a vpn  i get nothing if you  buy what i use. but I will talk about the ones I use too use and why i left .

 

I'm not trying to buy a vpn I was just curies about the cyber cuz i heard Israel is trying or already bought it for personal gain that's all 

 

Quote

As far as NORD VPN i used before for like a year  it it's not a bad vpn

You are giving them Too much credit @steven36 NORD is useless no doubts about that ! Slow,leaks,open ports and do stuff it ain't supposes to.

[steven36]

21 minutes ago, hacker7 said:

I was just curies about the cyber cuz i heard Israel is trying or already bought it for personal gain that's all 

I  never bought that VPN  I tested it before I don't like it because it installs root certificates , Stores cookies  in IE and has no Linux version. Also they had a problem with there servers once were they missed up and deleted peoples keys before and always shows too many  devices  on a key say you have 5 device key you only be using 2 devices it will say there 4 or 5 users if you sign in and look . It's really a doggy vpn.

[Radpop]

Cyberghost is piece of... VPN.AC is also Romanian VPN provider, it could easily be the best one of Romanian suites, but I've no experience of it. They have developed excellent IP info and leak test suite. You can use it in trial time or anytime to test if VPN is really VPN or is it leaking your address.

 

I recently had Nord one year licence and I've nothing to complain. Their customer service is the best one, I didn't need it even once. I disabled ipv6 when I noticed leak.

[hacker7]

9 hours ago, steven36 said:

I  never bought that VPN  I tested it before I don't like it because it installs root certificates , Stores cookies  in IE and has no Linux version.

Yeah and seance my ips been restricted for unknown reasons and i can't react for posts but i will give you this for you respond

[steven36]

1 minute ago, hacker7 said:

Yeah and seance my ips been restricted for unknown reasons and i can't react for posts but i will give you this for you respond

Well I put more info up there by now if you care too look .

[hacker7]

9 hours ago, steven36 said:

. It's really a doggy vpn.

[steven36]

1 hour ago, Radpop said:

I've disabled ipv6 when I noticed leak.

disabling ipv6 want help you with ports leaking I tested it on Linux without there software using open vpn  and Windows using there 3rd party client  always they cause one of the anonymity test  too score lower because it detected open ports it bypassed my Routers firewall  and the NSA used a a virus before that attacks through open ports  . And some blackhats are still using it and no telling what 0day virus is out there now because M$ just patched another 0day patch Tuesday. I think the Government is telling them ahead of time .

 

I like it when i check my ip and it pass all test lol

 

Quote

 

When you examine NordVPN on the surface, it appears to be a good choice. But after thoroughly testing NordVPN for this review, I discovered many problems. The main issues identified through testing and analysis were:

• IP address leaks (IPv6)
• WebRTC leaks
• Fluctuating speeds across the NordVPN server network
• Problems with dropped connections
• Overloaded NordVPN servers (see screenshots below)
• Mediocre support (delayed responses, difficult to get a refund)

NordVPN is not recommended due to all the privacy and security issues identified in the review. This appears to be another case of a VPN service that is heavily marketed by third parties, but does not do well in actual testing.

 

https://restoreprivacy.com/nordvpn-review/

1.WebRTC leaks  is a browser problem and can be mitigated easy.

2. IP address leaks (IPv6) It's is also easy to mitigate the IP address leaks (IPv6)

3. I used it for a year so I tested it much more then he did  and he never found the open ports problem witch is the VPN problem it's self

4. Also using them because there not USA based is FUD too and just a marketing scheme . The United States and Panama share nearly 150 years of history and strong cooperation.

[bb2018]

I have vpn unlimited free trial 30 days  and my trick trial reset ?