![]() What we can verify, however, is that IPVanish was claiming to have a “strict zero-logs policy” at the exact time they were logging user data and handing it over to US authorities.Īfter requesting a response from IPVanish, they provided Restore Privacy with this statement: Of course, there is no way to verify if this was true or if IPVanish is truly a “no logs” VPN service today. “We can only surmise, this was a one time directed order from authorities.” In explaining these logging events, lavosby stated: It now appears that both Highwinds and IPVanish are operating under Stackpath. Indeed, I found this blog post verifying how Highwinds was acquired by Stackpath in 2017. Later in the same thread, the user “lavosby” explained that IPVanish was acquired on Februby Stackpath. You can even see on their homepage from June 2016 – exactly when this case was unfolding – that IPVanish was claiming to be have a “strict zero-logs policy”: During this incident and in both privacy policies you can see that IPVanish was making the following claim: “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.” Using the WayBack Machine we can see IPVanish’s privacy policy both before the incident ( April 2016) and just after the incident ( August 2016). IPVanish has a long history of claiming to be a “zero logs” VPN provider. Comcast then provided additional information on the suspect user to authorities, who then served a federal search warrant on Vincent Gevirtz and his residence in Muncie, Indiana. The second bullet is significant for this case because it demonstrates that IPVanish is (or was) keeping detailed logs of user activity, which clearly contradicts the “zero log policy” they claim to have.Īfter getting the connection and usage logs from IPVanish’s parent company Highwinds Network Group, DHS authorities were able to easily identify the user through his Comcast IP address and location in Muncie, Indiana. dates and times that the suspect user connected to, and disconnected from, the IRC network.source IP address of the suspect user (50.178.206.161).However, we will only include the relevant sections below relating to IPVanish and its logging practices.įrom page 23 (22 of 28) of the affidavit:Īccording to the affidavit, IPVanish also provided DHS authorities the following user data: You can find the criminal affidavit here (also archived here). The full affidavit includes graphic descriptions of the material sent by “suspect user” to the DHS agent. This specific case involved child abuse and pornography with the US Department of Homeland Security agents investigating an IPVanish user in 2016. IPVanish has claimed to have a “ strict zero logs policy” for many years ( example here). ![]() US authorities (Department of Homeland Security) were targeting a US resident (state of Indiana).IPVanish is a US-based VPN service ( Five Eyes).The facts of the IPVanish logging caseīefore jumping into the facts of the case, it is important to note that: IPVanish now joins the likes of PureVPN, HideMyAss, and EarthVPN, which have all provided logs to authorities in various criminal cases – see VPNs are lying about logs for a discussion of these cases. This yet another case where a VPN service’s “no logs” claims did not stand up to law enforcement actions. While nobody here is defending the actions of criminals, it is important to recognize when a VPN service fails to uphold their “zero logs” policy and commitment to customer privacy. The popular “no logs” VPN service IPVanish appears to be embroiled in a logging scandal whereby user logs were provided to authorities who were investigating a criminal case.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |