A cyberstalker was recently caught in a case in the United States after it was revealed that the PureVPN service was somehow involved. The revelation has thrown the extent of privacy of VPN services into question.
It’s not completely clear what details PureVPN retained or indeed handed over, or if in fact all legal channels were followed to force PureVPN into handing over said details. After all the investigation was in the United States and PureVPN is registered in Hong Kong and run out of Pakistan.
What is clear is somehow law enforcement were able to tie a user’s VPN connection to his actions. The most likely culprit was time stamps of his connection.
In this guide we’re looking at the 5 critical features you should consider in a VPN provider after the PureVPN incident so you can decrease your chances of falling victim to the same outcome.
1. Don’t break the law using a VPN
Don’t break the law using a VPN, don’t break the law using a VPN, don’t break the law using a VPN.
It’s simple, a VPN is a very effective way of protecting your online privacy but it has its limitations. If you think a VPN will protect you from law enforcement, especially if you’re doing something as serious as stalking, terrorism, hacking or anything else then you’re in for a shock.
A VPN from a recommended provider like IPVanish is there to protect you from unnecessary tracking by companies, thwart mass government snooping, hide your IP address from nefarious hackers – it is not there to aid you to break the law and get away with it.
2. Use a provider that offers Shared IP Addresses
The most likely way US law enforcement was able to track the user in question is because PureVPN record time stamps of what time users connect, the home IP Address they connect from and the VPN IP Address they’re assigned.
While it’s unlikely they had records of what he actually did while connected, he was probably the only user assigned that IP Address at that given time and whatever services he accessed had records of that IP Address accessing.
Using a VPN service that offers Shared IP Addresses such as VPN.ac ensures that other users are assigned the same IP Address at the same time, thus making it more difficult to pinpoint one user to one activity.
As an extra precaution you should also check server status pages of your VPN provider to ensure that the server you’re connected to has other traffic using it, if it is showing 0% when you go to connect then it means you’re the only user using that server resulting in you being the only one assigned that IP Address.
Best to choose the 3rd server (fr1B.vpn.ac) which is 13% in use.
3. Use a provider that has Transparency Reports
Using a provider that publishes Transparency Reports will let you see how they respond to information requests, even those from law enforcement.
VPN provider Proxy.sh published a request received in 2015 from the Columbia County Sheriff’s Office. It requested information on a user who was alleged to have been assigned one of Proxy.sh’s IP Addresses while making hoax calls to the fire department.
Proxy.sh claim they responded by stating it is impossible for them to locate one individual user because they are “non-logging” and multiple users are accessing one public IP Address.
You’ll still need to give the provider an element of trust, but if you have the choice between one that publishes transparency reports and one that doesn’t, we recommend the one that does.
4. Use a provider with a clear logging policy
The majority of VPN services keep some logs. While most don’t log what you do while connected, most will log the time you connected and disconnected and what IP Address you were assigned.
Use a VPN service that is honest about this such as VPN.ac who clearly state they keep connection logs for 24 hours. The good news is they claim to hold those logs encrypted in an undisclosed location and will wipe them after 24 hours.
The result should be that any requests (law enforcement or otherwise) made after 24 hours would be impossible to honour.
VPN.ac’s logging policy is more honest than most.
However, even VPN.ac themselves state that any claim requires an element of trust. As they call out other providers who boldly claim “no-logs” and are clear about what they do and don’t log you can mostly assume they’re trustworthy… we think.
5. Be careful of the wording used regarding logging
VPN services are like everything else. Creative wording can be used to enhance the appeal.
Providers use a whole host of words such as “Zero traffic logs” and “No activity logs” which all mean one thing, they don’t keep logs of what you do while connected.
It doesn’t mean however, they don’t keep logs full stop and the fact they explicitly state “traffic” and “activity” probably suggests they do keep connection logs, such as the time you connected, your IP address etc.
Thankfully we appear to be moving away from bold claims of just “No Logs” but there are still a handful of providers out there that do claim this and it may be entirely true but as history has shown you also have to consider it may not be true too.
The PureVPN incident has come as a shock to many but it need not be.
Remember No. 1, don’t break the law using a VPN. What you should be mainly concerned about is, are there any stories of your VPN provider handing over details to random companies, hackers, or other interested 3rd parties?
If there aren’t and you have no reason to suspect they would then you shouldn’t worry too much.
Law enforcement needs to collate IP address information with two sources, the illegal act or what they connected to to carry out that act and the VPN service. This means law enforcement have to request information from two sources.
Most VPN providers will assist law enforcement if they are legally required to, even if that’s to tell them they don’t have any information to provide. However, any VPN provider worth its salt won’t comply with any random request from none law enforcement bodies.
Our recommendation is, do your homework, choose a provider that is honest about what they log. Most importantly don’t give up on VPN services completely because some protection is better than none.
And finally, if you want to break the law, be smart about it, don’t rely on a VPN to protect you.