PSA: PureVPN provided evidence from logs for the FBI for a bust

tl;dr if you rely on PureVPN to cover your OPSEC arse, you just might be in for an unpleasant surprise. It seems the first paragraph in their privacy conditions might need to be updated. I use privatevpn but now wonder if they're any different from purevpn - they claim not to keep logs just like purevpn but they probably can put traces on certain customer accounts and then start keeping those logs for LE.

Sigh.

Here's the deal:

Security VPN logs helped unmask alleged 'net stalker, say feds PureVPN assisted investigation of man charged over 16-month harassment campaign By Richard Chirgwin 8 Oct 2017 at 22:10 4 Reg comments SHARE ▼

Virtual private network provider PureVPN helped the FBI track down an Internet stalker, by combing its logs to reveal his IP address.

The Department of Justice announced on Friday the arrest of Ryan Lin, a 24-year-old from Newtown, Massachusetts, on charges that he cyber-stalked a former room-mate.

According to the complaint [PDF] against Lin in the Massachusetts District Court, Lin's campaign against Jennifer Smith included doxxing (including posting passwords to her online accounts), posting intimate photos with the suggestion they were of Smith (though without her face), rifling her personal journal and emailing private information to her contacts, posting fake profiles of her to sites "dedicated to prostitution, sexual fetishes, and other sexual encounters", bomb threats, tricking a friend of Smith's into calling the police to her house, death and rape threats, and sending "images that likely constitute child pornography" to her family and friends.

Lin used various privacy services to maintain his cover: logging in via Tor, to conceal his IP address; VPN services; anonymised international texting services; and offshore private e-mail providers.

However, the complaint revealed, he made a fundamental error by using a work computer for some of his campaign, and even though he'd been terminated and the OS reinstalled on the machine, there were footprints left behind for investigators to associate Lin with the 16-month campaign against Smith.

Key details turned up by investigators included:

Lin's most-visited Website was the TextNow anonymous texting service;
Lin had a Proton Mail account;
There were "artefacts" indicating he used PureVPN; and
Similar artefacts suggesting he'd accessed his Gmail account from the machine.

"Further, records from PureVPN show that the same email accounts - Lin's Gmail account and the teleprtfx Gmail account - were accessed from the same WANSecurity IP address," the document stated.

And that's where the surprise came in - at least for those that believed a VPN is a complete protection: "Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses" (those IP addresses were at Lin's work and home addresses).

As the investigators note, Tweets from Lin showed he knew there was some risk of logging from VPN providers. As recently as June, he posted a Tweet critical of provider IPVanish about its logging claims:

"There is no such thing as a VPN that doesn't keep logs. If they can limit your connections or track bandwidth usage, they keep logs." 

If found guilty, Lin faces up to five years in prison and up to three years of supervised release. ®


Comments


[34 Points] CookyDough:

Thanks for posting this! PureVPN's "privacy policy":

We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers. Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a “connection” and the total bandwidth used during this connection is called “bandwidth”. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.

The Information We Collect

Personally Identifiable Information (PII) includes all such information which can be directly linked to an individual e.g. Name, telephone number or email address.

This information may include, but not limited to:

  • Names (For account creation purpose)
  • Email address (For the creation of an account and/or to contact you with offers and discounts)
  • Phone number (For particular users from certain countries ONLY)

    There are "No Mandatory Data Retention Laws" in Hong Kong.

yada yada

Information Sharing and Disclosure

PureVPN specifically chose Hong Kong (HK) for its headquarter because there are "No Mandatory Data Retention Laws" in Hong Kong

We are therefore, not legally obliged to store user data and share it with anyone. Since PureVPN is committed to freedom, and doesn't support crime, we will only share information with authorities having valid subpoenas, warrants, other legal documents or with alleged victims having clear proof of any such activity. It goes without saying that we will only do so in the best interest of our customers and our company. When and if a competent court of law orders us or an alleged victim requests us (that we rigorously self-assess) to release some information, with proper evidence, that our services were used for any activity that you agreed not to indulge in when you agreed to our Terms of Service Agreement, then we will only present specific information about that specific activity only, provided we have the record of any such activity.


[23 Points] CookyDough:

PrivateInternetAccess.com was supposedly unable to help the FBI in a similar cyber stalking case. https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/

They did eventually catch the guy through Walmart CCTV footage of him purchasing burner mobile phones and his use of the phones.

Disclaimer: I'm not advocating for or against PIA. They are UK based, that's 1 of the 5 Eyes countries (of the "14 Eyes" countries), which PrivacyTools.io recommends against using VPNs from.


[11 Points] None:

[removed]


[5 Points] RIP_THROWAWAY_9000:

Thoughts on ExpressVPN ?


[5 Points] None:

I read into this and usually no log VPNs will not keep logs on individuals unless they are subpoenaed by the government for logs to be taken on individuals using a server. Legally VPNs have to do so, these are done without the individual ever knowing they are being logged.


[5 Points] ameliaenterprise:

Why use a VPN at all with Tor? It's advised against even by the people at the Tor Project.


[4 Points] DNrick_sanchez:

ive only ever used torguard

and idont use vpns with tor, the tor team even recommends against it

now if you have a VM vpn from there into another VM and down the rabbit hole we go

vpn that dont take crypto is a red flag

a vpn thats in a country with a good relationship governmentwise with your country of residence is another red flag, fuck vpns, use bridges or proxies there are many options out there


[3 Points] ecstasais:

Although I'm strongly against VPN for Tor usage recommendations, this article has no relevance. They were dealing with clearnet user. Yes, VPN service providers may log connetion details but when it comes to Tor then there's nothing their logs can show, except where vpn tunnel originated from, and on the other end that it's connecting to Tor. That's where the visibility ends.

Being a vpn service provider doesn't give you a magic "unmask all se-sa-me" wand, ffs


[3 Points] dankstix:

any thoughts on nordvpn? they say they dont keep logs but idk now....


[3 Points] ClubLifeDrugs:

scary to think about


[3 Points] None:

after all security is just an illusion. bridges and proxies are "probably" safe


[3 Points] hellfinger:

FYI ( I think that only a few are reliable) (good) -ExpressVPN: Express VPN International Ltd. British Virgin Islands (BVI) -CyberGhost VPN: CyberGhost S.R.L. – Roumania -NordVPN: Tefincom co S.A. – Panama -VPNTunnel: Edelino Commerce Inc. – Seychelles -ibVPN: Amplusnet S.R.L. – Roumania -Astrill VPN: Seychelles

(not good) HIdeMyAss: AVG – Nederland PIA: London Trust Media, Inc. – USA IPvanish: Mudhook Marketing Inc. – USA VyprVPN: Golden Frog, Inc. – Sweden PureVPN: GZ Systems Ltd, Hong Kong Freedome VPN: F-Secure Corp. – Finland Buffered VPN: Buffered Kft – Hungary SwitchVPN: India PrivatVPN: Privat Kommunikation Sverige AB – Sweden


[1 Points] RedditAccount28:

God damnit Lin


[1 Points] zzgoogleplexzz:

A VPN I highly recommend to all is CrypticVPN. I've been using it for years with no issues.


[1 Points] n1lux:

Use hide.me VPN - zero knowledge policy and offshore servers. Payment in BTC possible.


[1 Points] JburnaDNM:

The hypocrisy of a VPN cannot be anymore ironic. Mind fucking blown.


[1 Points] JesusHatesFagssss:

How about strongvpn? Apparently they don't keep logs. I believe they used to years ago and not allow torrent downloading. But that has changed I believe


[1 Points] Blow-that-Doge:

www.cryptostorm.is best in the business


[0 Points] None:

[deleted]