Man jailed for cyber-stalking after PureVPN hand over user logs


A man from Boston, Massachusetts, has been jailed for 17-years for a range of cyberstalking campaigns after his VPN handed over user logs which detailed his online activity.

Ryan Lin, 25, from the Newton area of Boston had been a customer of PureVPN, a Hong Kong-based VPN provider currently operated out of Pakistan, which claims to retain no user logs whatsoever in their privacy policy.

This case, however, has blown that claim out of the water after prosecutors confirmed that PureVPN handed over detailed information about Lin’s online activity and permanent IP Addresses, which helped prosecutors force a guilty plea in the face of overwhelming evidence.

The case of Ryan Lin

In April, Lin pleaded guilty earlier this year to seven counts of cyberstalking, nine counts of making hoax bomb threats, five counts of distribution of child pornography, three counts of computer fraud and abuse, and one count of aggravated identity theft.

This week, he was jailed for seventeen years with an additional five years of supervised release. The crimes for which Lin was convicted were deeply unpleasant and, on a personal level, he is likely to receive very little sympathy.

He admitted to hacking into the online accounts of a female housemate and sharing deeply personal private information about her medical and sexual history, including the fact that she had had an abortion, as well as naked photos, with hundreds of people who knew her.

Lin also targeted the woman with anonymous messages, hoaxes, and created numerous fake online profiles in her name soliciting various sexual fantasies which caused unknown men to turn up at her home.

He also admitted undertaking other cyberstalking campaigns against six other women, which included sharing child porn images and making hoax bomb threats against homes, schools, and businesses.

How PureVPN handed over user logs to the FBI

Without a doubt, Lin deserves his sentence for his heinous crimes, but it is the manner by which the FBI came about their evidence which is the biggest takeaway from the story.

As we reported last year, case documentation proved beyond doubt that PureVPN had not only retained details of Lin’s online activity but had also willingly handed these details over to the FBI.

This included details of what Lin was doing online, which Gmail accounts he was accessing, and confirmation of the original IP Addresses being used by his PureVPN account.

This is completely at odds with PureVPNs Privacy policy which still states that “We Do Not monitor user activity, nor do we keep any logs”. PureVPN has never issued any sort of response to the case, despite the fact that they are clearly named in court documents and the evidence that their privacy policy is false is beyond question.

We have approached PureVPN for comment but they have not commented at the time of publishing. If they do respond, we will update this article accordingly.

What this means for VPN users

We would never recommend that anyone uses a VPN to try and hide illegal activity. But when people sign up for a VPN which claims to keep no user logs, they are entitled to think that they can trust that claim.

With PureVPN, this is now demonstrably not the case and it would be advisable for any VPN users who want to ensure privacy online not to choose PureVPN as their provider.

We would, however, caution against using this story to attack all VPNs. PureVPN may have been caught out, but that doesn’t mean that every other VPN is guilty of breaching user trust in the same way.

Nevertheless, they are not the only well-known provider which has been either proven or accused of logging and handing over user data, so it is important to seek out a reliable and trustworthy VPN if you want to stay private online.

Our top recommendations for a reliable and trustworthy VPN are ExpressVPN and NordVPN. Both are located offshore in countries which do not require the retention of any type of user data. This means that when ExpressVPN and NordVPN say they keep no user logs, they mean it.

They also both use shared IP Address. This means there are multiple users connected to the same IP Address and, even if they did want to keep user logs, identifying which user is connecting to which site would be extremely difficult.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.


  1. Herpigi

    Nothing can save you if you choose a sketchy provider. Well, first of all I don’t think it’s wrong that he’s jailed, he deserved it. But a VPN provider who says they DO NOT keep logs it also not a respectable one. This is just pure lying to your customers. Anyway, there are a few more steps to take towards Cyber Security, even if you’re using a trustworthy VPN service. I found a useful article on Medium about what other tools should be used.

Leave a Reply

Your email address will not be published. Required fields are marked *