This week one of the leading VPN providers PrivateInternetAccess had their no-log claims put to the test after the FBI sent a subpoena requesting information on an alleged bomb-hoaxer.
How true are “no-log” claims?
VPN providers are quick to advertise how secure they are, how they can increase your privacy and increasingly the fact that they store no-logs.
Most of the leading VPN providers are clear and honest about what they store from minimal logs to completely logless and there are plenty of decent VPN providers out there who value honesty. Although there are plenty of good services that adhere to the claims they make there are also others who claim no logs but until it is actually put to the test it's difficult to determine how valid those claims are.
This week PrivateInternetAccess one of the cheapest, most well known and subscriber heavy VPN providers had their service put to the test after receiving a subpoena for information from US law enforcement agency, the FBI.
The subpoena revolves around a case centring on Preston McWaters, a 25 year old from the US who is accused of stalking and harassing a female ex-coworker. McWaters is accused of well over 100 different incidents of contact from facebook to text messages and even claims of turning up at the female's house unannounced.
The story took an unusual twist after bomb threats were made to numerous locations including schools and airports bearing the name “Eric Mead” who is the boyfriend of the alleged female McWaters is accused of harassing.
The FBI contacted both Facebook and Twitter which were the platforms used to make the hoax bomb threats to garner more information on the perpetrator which including other evidence was beginning to point in the direction of McWaters.
When an IP Address just isn't enough
Armed with IP Address information gained from the social media giants the FBI began to track down the suspect.
An IP Address is a unique identifier connected to your internet connection that for all intense and purpose links you to your online activity.
The IP Address associated with the hoax bomb threats was found to be belonging to PrivateInternetAccess, a VPN company that allows users to disguise their online identity and assume an alternative IP Address. This allows an individual to carry out tasks online without associating it with themselves, in essence, a privacy barrier between a user and their online actions.
Case notes filed at the United States District Court for the Southern District of Florida show that PrivateInternetAccess responded to the subpoena with the only response a no-log VPN could. They could confirm the server cluster used was “from the east coast of the United States” and what payment methods they offer but as they store no logs on user activity they weren't able to provide information linking any user to any action.
It has often been debated about the security of using a VPN service based in the United States of which PrivateInternetAccess are. The tale of McWaters shows that while using a US based VPN provider on US servers from within the US the FBI were still unable to garner any real details from PrivateInternetAccess.
It has to be noted that the FBI already had sufficient other physical evidence to request an arrest warrant for McWaters and the case wasn't fully hinged on any details that PrivateInternetAccess could or could not divulge. How a more serious case may be handled is unknown but for now it goes to show in this instance that PrivateInternetAccess live up to their claims and would make a good choice for all privacy-conscious individuals.
Handcuff image courtesy of nixxphotography at FreeDigitalPhotos.net