A man from Boston, Massachusetts, has been jailed for 17-years for a range of cyberstalking campaigns after his VPN handed over user logs which detailed his online activity.
This case, however, has blown that claim out of the water after prosecutors confirmed that PureVPN handed over detailed information about Lin’s online activity and permanent IP Addresses, which helped prosecutors force a guilty plea in the face of overwhelming evidence.
The case of Ryan Lin
In April, Lin pleaded guilty earlier this year to seven counts of cyberstalking, nine counts of making hoax bomb threats, five counts of distribution of child pornography, three counts of computer fraud and abuse, and one count of aggravated identity theft.
This week, he was jailed for seventeen years with an additional five years of supervised release. The crimes for which Lin was convicted were deeply unpleasant and, on a personal level, he is likely to receive very little sympathy.
He admitted to hacking into the online accounts of a female housemate and sharing deeply personal private information about her medical and sexual history, including the fact that she had had an abortion, as well as naked photos, with hundreds of people who knew her.
Lin also targeted the woman with anonymous messages, hoaxes, and created numerous fake online profiles in her name soliciting various sexual fantasies which caused unknown men to turn up at her home.
He also admitted undertaking other cyberstalking campaigns against six other women, which included sharing child porn images and making hoax bomb threats against homes, schools, and businesses.
How PureVPN handed over user logs to the FBI
Without a doubt, Lin deserves his sentence for his heinous crimes, but it is the manner by which the FBI came about their evidence which is the biggest takeaway from the story.
As we reported last year, case documentation proved beyond doubt that PureVPN had not only retained details of Lin’s online activity but had also willingly handed these details over to the FBI.
This included details of what Lin was doing online, which Gmail accounts he was accessing, and confirmation of the original IP Addresses being used by his PureVPN account.
We have approached PureVPN for comment but they have not commented at the time of publishing. If they do respond, we will update this article accordingly.
What this means for VPN users
We would never recommend that anyone uses a VPN to try and hide illegal activity. But when people sign up for a VPN which claims to keep no user logs, they are entitled to think that they can trust that claim.
With PureVPN, this is now demonstrably not the case and it would be advisable for any VPN users who want to ensure privacy online not to choose PureVPN as their provider.
We would, however, caution against using this story to attack all VPNs. PureVPN may have been caught out, but that doesn’t mean that every other VPN is guilty of breaching user trust in the same way.
Nevertheless, they are not the only well-known provider which has been either proven or accused of logging and handing over user data, so it is important to seek out a reliable and trustworthy VPN if you want to stay private online.
Our top recommendations for a reliable and trustworthy VPN are ExpressVPN and NordVPN. Both are located offshore in countries which do not require the retention of any type of user data. This means that when ExpressVPN and NordVPN say they keep no user logs, they mean it.
They also both use shared IP Address. This means there are multiple users connected to the same IP Address and, even if they did want to keep user logs, identifying which user is connecting to which site would be extremely difficult.