In the latest of logging scandals, we have IPVanish assisting Homeland Security in tracing a Comcast user, who was accused of indulging in child abuse and pornographic activities! Being a VPN review site, it is obvious that we are completely against the action of revealing logs to government authorities. However, when such cases arise of cyberstalking, harassment, and now child pornography, it makes you question whether you should put morality before policy for VPN businesses.
Now, we are all aware of the fact that IPVanish has long been claiming that it is a “No Logs” VPN provider, which offers you the utmost level of security. What most may not know though is that the service has actually never been safe. Since the provider is based in the US, a country that is part of the Five Alliance, you could never leverage complete anonymity in reality. The laws demand for Data Retention! The same goes for other providers.
Everyone logs session/connection information (with a very few exceptions). It is only the test of time and circumstances where the authorities get involved, when we finally learn the truth. Nevertheless, these recent cases of VPNs lying about their logging policy have only made the selection process easier for prospects. IPVanish now joins the likes of EarthVPN, HideMyAss, Private Internet Access (PIA), and PureVPN, all of which have provided logs to the authorities in various criminal cases.
Details of the IPVanish Logging Case
This specific case dates back to 2016, where an IPVanish user came under investigation of the US Department of Homeland Security, over the involvement of child pornography and abuse! You can read the complete affidavit of the case at Court Listener and Web Archive. For details relevant to IPVanish and its logging practices, read the sections below:
The parent company of IPVanish that goes by the name “Highwinds Network Group” received a “summons for records” from the Department of Homeland Security, which focuses strictly on the release of user information, hence it did not come with a “national security letter”, subpoena, or search warrant with the accompanying gag order. IPVanish responsed to the summons of records two weeks later, on May 26, 2016, stating that they do not keep any logs, so they cannot provide any assistance.
When special agent “Scott Sikes”, followed up on the request, the parent company of IPVanish told the authorities to “submit a second summons requesting subscriber information more detailed in nature.”, which they did on June 9, 2016, requesting all data associated with “IP 188.8.131.52, port 6667.” After about twelve days later, IPVanish provided the following logs regarding the suspected user involved in child abuse and pornography to the DHS authorities:
Upon analyzing the affidavit further, we learned that IPVanish also provided comprehensive logs on the dates and times the user connection/disconnected from the IRC network, along with the IP Address of the user (184.108.40.206). Once HSI received all the important data, it was only a matter of time they identified the suspect, by tracing his Comcast IP address in Muncie, Indiana, which eventually lead to the authorities conducting a search warrant.
Vincent Gevirtz was found at home with his parents, later admitting to the conduct carried out by the IRC Channel, along with the sharing of “abuse images” for at least seven years. You can look at the court documents here for further information on the criminal. However, since we are a VPN reviewing service, we should reiterate that the entire time this case went down, IPVanish mentioned that it “does not collect or log any traffic or use of its Virtual Private Network service”. Below is an excerpt from IPVanish’s homepage from back in June 2016.
All these details created a massive uproar on Reddit, where many users of IPVanish have ended up shocked at the leaking of private information, while others focus more on the side of morality and the criminal finally being caught. If there were no logs, then this would not have been possible. However, on the basis of the fake promise that IPVanish follows a strict “zero logs” policy, many users feel outraged by the incident learning all their activities have been recorded!
IPVanish Acquired by StackPath
After the case made its way onto Reddit, a user going by the name “lavobsy”, claiming to be the IPVanish CEO issued the following statement.
He explains that the IPVanish’s previous owners are long gone and now the provider is under control of StackPath (after the acquiring in February 2017). “With no exception IPVanish does not, has not, and will not log or store logs of our users as a StackPath company”. This shows that StackPath does not want to get into what happened before, which is understandable. However, there is no way for us to really know whether IPVanish will protect user-data, leaving us and all users at a cliffhanger!
Who Should You Believe?
In light of all these logging scandals, VPN users have never been more scared than before, realizing that even despite paying to keep their identity secure – they are constantly monitored! If not by the government authorities, then by the very services, they place their trust in for protecting all private information. So, how can users leverage anonymity online, with all these phony services?
The answer is actually quite simple: only go for providers with an established reputation of keeping no logs, verified by criminal cases. For instance, there is Perfect Privacy (based in Switzerland), which had two servers seized in Rotterdam. However, thanks to its zero logs policy, no customer data was revealed and the seizure was not disclosed by the Dutch authorities.
We also have ExpressVPN, the British Virgin Islands provider, which had its servers seized in Turkey, following the assassination of the Russian Ambassador of Turkey. Upon digging into the matter, the authorities found that the police officer’s Facebook and Gmail were deleted, right after the assassination of the Ambassador. Digital traces revealed, the action was done over ExpressVPN. Here is the official testimonial of the provider, following the refusal of assistance.