A great VPN can help protect you, but choosing the right one is no easy task. This case once again illustrates the fundamental issue when choosing a VPN service: trust.Staying safe online isn't easy. In addition to not logging, StackPath will defend the privacy of our users, regardless of who demands otherwise. We can’t speak to what happened on someone else’s watch, and that management team is long gone. IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. That court case was from 2016 – long before StackPath acquired IPVanish in 2017. What we can verify, however, is that IPVanish was claiming to have a “strict zero-logs policy” at the exact time they were logging user data and handing it over to US authorities.Īfter requesting a response from IPVanish, they provided Restore Privacy with this statement: Of course, there is no way to verify if this was true or if IPVanish is truly a “no logs” VPN service today. “We can only surmise, this was a one time directed order from authorities.” In explaining these logging events, lavosby stated: It now appears that both Highwinds and IPVanish are operating under Stackpath. Indeed, I found this blog post verifying how Highwinds was acquired by Stackpath in 2017. Later in the same thread, the user “lavosby” explained that IPVanish was acquired on Februby Stackpath. You can even see on their homepage from June 2016 – exactly when this case was unfolding – that IPVanish was claiming to be have a “strict zero-logs policy”: During this incident and in both privacy policies you can see that IPVanish was making the following claim: “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.” Using the WayBack Machine we can see IPVanish’s privacy policy both before the incident ( April 2016) and just after the incident ( August 2016). IPVanish has a long history of claiming to be a “zero logs” VPN provider. Comcast then provided additional information on the suspect user to authorities, who then served a federal search warrant on Vincent Gevirtz and his residence in Muncie, Indiana. The second bullet is significant for this case because it demonstrates that IPVanish is (or was) keeping detailed logs of user activity, which clearly contradicts the “zero log policy” they claim to have.Īfter getting the connection and usage logs from IPVanish’s parent company Highwinds Network Group, DHS authorities were able to easily identify the user through his Comcast IP address and location in Muncie, Indiana. dates and times that the suspect user connected to, and disconnected from, the IRC network.source IP address of the suspect user (50.178.206.161).However, we will only include the relevant sections below relating to IPVanish and its logging practices.įrom page 23 (22 of 28) of the affidavit:Īccording to the affidavit, IPVanish also provided DHS authorities the following user data: You can find the criminal affidavit here (also archived here). The full affidavit includes graphic descriptions of the material sent by “suspect user” to the DHS agent. This specific case involved child abuse and pornography with the US Department of Homeland Security agents investigating an IPVanish user in 2016. IPVanish has claimed to have a “ strict zero logs policy” for many years ( example here).US authorities (Department of Homeland Security) were targeting a US resident (state of Indiana).
0 Comments
Leave a Reply. |