Labels
Posted by Andrew Campbell

"No Log" VPNs Not Safe for Much longer

 


VPN is becoming (already is) an essential tool for anyone who wants to surf the internet and have an their traffic encrypted and shielded from snooping eyes.

There are lots of service providers and it can seem overwhelming when selecting the right VPN provider.  

*Pro tip: Don't even consider a VPN provider if they keep logs.

What are VPN logs?  It's in the name, when you use their service they keep track of what you did and where you went (on the internet).  Obviously if we are paying for a VPN service we must have some interest in privacy so why should we care if they keep logs?  The problem is that when someone (authorities) requests these logs the company must hand over the logs.  Effectively all that privacy you are paying for is undone.  Hence the advice, use a "no-log" VPN service provider.

This is good advice, but what happens when those "no-log" providers still have data on you?  Everything you do online leaves a footprint to a degree even if that footprint is encrypted.

Pirate Bay has long been a spot on the internet to acquire various digital items that you want to torrent.  I'm not going to discuss the ethics of this right now ;)

Pirate Bay has been shutdown before [3] and there are a lot of people that have an interest in Pirate Bay being gone forever.  However those folks who tend to the Pirate Bay are not interested in losing that traffic.  Pirate Bay utilizes the services of OVPN a "zero-log" VPN service.

On a surface level if I was hosting a torrent site, ya I would want stuff encrypted and I would not want any logs.  However their is an anti-piracy group (Rights Alliance) who are actively trying to acquire information on OVPN for the purpose of shutting down Pirate Bay [1].

This is where the problem arises.  If a "no-log" has no data on it's users then how could anyone find a specific user?  If a "no-log" were brought to court, what could they actually turn over? 

Well that is what is happening right now, Rights Alliance, the anti-piracy group mentioned earlier, is trying to bring OVPN to court.  They have hired a supposedly resourceful and successful pen-testing company to find out as much it can about OVPNs users.

While there are no logs to be handed over, OVPN does have a database of users and they do have servers that are connected to users (the entire nature of their business).  As well OVPN is able to see who is connected to what IP address at any given moment. The pent-testing company fully understands the relationship between data and information.  When data it is collected and correlated it becomes information and information has power.

Why is this a big deal?

if OVPN, a "no-log" VPN service provider, is brought to court and loses why couldn't this happen to other "no-logs"?  If Pirate-Bay goes down because of the collection of this data, which it has to do in order to have it's service, It is conceivable that any "no-log" could be brought to court and a user could be handed over using the exact same methodology.

Our online privacy is constantly at risk.  Freedoms are not necessarily lost all at once, they are handed over bit by bit.

This is something to keep an eye on.

Reference:

[1] https://hothardware.com/news/ovpn-says-it-has-no-data-to-turn-over-in-legal-case 

[2] https://hothardware.com/news/hong-kong-vpn-leak 

[3] https://www.engadget.com/2014-12-16-pirate-bay-shutdown-explainer.html

Labels:

Popular Posts