When law enforcement knocks on a VPN's door, what happens?
Privacy & Security Posted on June 8, 2012
Virtual Private Networks (VPNs) are fast becoming one of the last refuges for internet users who want to ensure their web browsing is kept private. This year barely a week has gone by without unpopular, anti-online privacy, legislation, pushed by powerful entertainment industry lobbies, making headlines. Either that or leaks on government plans for increased surveillance of citizens, defended by sexed-up threats from pedophiles and terrorists. If current trends continue, it’s looking more and more likely that VPN usage will break out from its current niche and start to capture the attention of more mainstream spheres.
However, the security of your privacy and personal data rests solely on the privacy policy of your VPN – and not all VPN privacy policies are created equally. In fact, many VPNs leave your personal data exposed to governments, law enforcement and copyright lawyers in exactly the same way as your ISP does.
Data retention
This was brought into sharp focus around a year ago when a member of hacking group Lulzsec was handed over to the authorities. Lulzsec member ‘Recursion’ used UK-based VPN HideMyAss to hack News Corp and Sony, among others. What Recursion didn’t know was that HideMyAss keeps logs of IP addresses and timestamps. All it took was a UK court order to compel HideMyAss to hand over the data and Recursion (real name Cody Kretsinger) was delivered to the FBI.
Obviously no VPN wants criminal activity to take place on its service. But what’s the point of using a VPN if they retain enough of your personal data to facilitate your identification in the real world? What’s the difference between a copyright holder forcing an ISP to identify you based on unsubstantiated allegations of copyright theft, and that same court order being applied to a VPN? Yet that’s exactly the kind of threat many big name VPNs expose their customers to. Last year TorrentFreak posted a great round-up of VPNs who retain customer data and those who don’t. If a VPN retains your data then it has no option other than to comply with court orders to hand it over.
When the authorities come knocking
Here at IVPN we have a vested interest in highlighting this issue and obviously we wouldn’t be writing about it if we weren’t confident in our own privacy policy. So what happens if the authorities come knocking at our door looking to identify an individual? Well typically law enforcement would serve us a subpoena, demanding that we trace the identity of an individual connected to our network based on a timestamp and the IP address of one of our servers.
All VPNs have the ability to track users and log their data. We don’t keep any connection logs, this reduces our liability and ensures your absolute privacy. Make sure you are very clear on your VPN providers logging policy as many do log which can be a major risk for you, even if for short periods.
What about stuff like billing and customer registration details? We don’t require your name or physical address, just an email address– nothing else. If you pay with PayPal then we have to store your PayPal subscription ID but there’s no way of linking any of your connection related data to your payment details because it doesn’t exist. So in effect, your privacy is ensured and there’s no way that anyone can find out what you do online. At the very most you can only be identified as a customer through your email address or PayPal subscription ID.
If you’re thinking of signing-up to a VPN make sure that you read its privacy policy and terms of conditions very closely. Because you may not be buying the level of protection and anonymity you think you are.
For more information, take a look at our own privacy policy. To learn more about how VPNs work, read our FAQs.
Suggest an edit on GitHub.
4 Comments
john weston
18.11.2013
Asus Router Support
01.04.2018
KJ Peterson
13.07.2019
Mildred D. Amaral
22.07.2019