The leaks resulted in a massive takedown operation targeted at sites that host and link to the controversial images.

As a hosting provider and search engine Google inadvertently plays a role in distributing the compromising shots, much to the displeasure of the women involved.

Several celebrities threatened legal action against Google for its “unlawful activity,” demanding tgat the company should zap all their images. Others, including Jennifer Lawrence and Kate Upton, used DMCA requests to remove the images from the public eye.

The famous UK actress, model and TV presenter Kelly Brook now joins this group as one of the latest Fappening victims.

Brook’s pictures leaked onto the Internet early October and last week she asked Google to remove three links to her pictures from search results, claiming that she holds the copyrights to the selfies.

The images are allegedly hosted on thefappening.so, and according to Google’s transparency report the request is still “pending”. However, during this week something unusual happened.

For reasons unknown, Google has decided to remove all URLs of thefappening.so from its search results. Whether the pages were removed because of the leaked pictures, or for another reason, is unknown.

Kelly Brook is not the only celebrity to ask Google to remove thefappening.so links, Argentinian singer Melina Lezcano did the same last week.

TorrentFreak asked Google whether the removal of the entire domain name is due to its content or if there’s another reason, but we have yet to receive a response.

Whatever the reason, Brook and Lezcano’s takedown requests are moot. Whether they will be relieved is doubtful though, as most of the Fappening photos are still being shared through thousands of other sites.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Pirate Bay users also have a great interest in anonymity. A survey among the site’s users previously revealed that nearly 70% already had a VPN or proxy or were interested in signing up with one.

For this last group The Pirate Bay has an interesting promotion running. For the past few days the site has replaced its iconic logo with an ad for FrootVPN, a new startup that offers free VPN accounts.

The promo has has been seen by millions of people, many of whom very interested in the costless offer.

Since VPNs are certainly not free to run, many people are wondering if there’s a catch behind this rather generous offer. Previously TPB advertised an adware ridden client so this suspicion is understandable.

TorrentFreak contact the Pirate Bay team for more information, and they informed us that the FrootVPN promotion is not a paid ad. It’s merely a friendly plug for a startup run by some guys they know.

While that’s assuring, it doesn’t explain how they can offer their service for free. We contacted the FrootVPN operators to find out more, and they told us that they started the free VPN to counter the commercialization of the VPN business.

“The whole idea behind FrootVPN was to provide a free simple VPN service without any bandwidth limitations. Of course the maintenance isn’t free but we had some resources over from our other projects from which we were able to launch FrootVPN.”

“We are a bunch of guys who support freedom of speech and don’t like the idea that VPN providers charge so much money for just a simple proxy, especially since the bandwidth costs nowadays is so cheap,” FrootVPN tells us.

While a free VPN sounded like a good idea, the VPN service has become a victim of its own success. They gained 100,000 users in less than a week and admit that it’s not sustainable to keep the service free forever.

“The word has spread rapidly and we thank all our promoters including TPB for supporting us. We got 100,000 users within a week, which we never expected. However, this does indicate that we will be forced to charge something for the service in order to maintain it,” FrootVPN says.

FrootVPN’s VPN servers are currently hosted at Portlane, who have been very helpful in accommodating the growth. During the weeks to come they hope to increase their capacity and FrootVPN has already bought several new servers to keep the quality of the service on par.

“We have 20x servers running currently with 2x10Gbps total capacity. We have now additionally bought 40x more servers and 4x10Gbps bandwidth from Portlane which will be ready within a week or two. We hope that after this upgrade the quality of our service will be much better,” they say.

While they may have to charge a few dollars in the future, one of the main motivations of the FrootVPN team remains in line with The Pirate Bay’s original philosophy. That is, to provide tools that help to bypass censorship and promote freedom of speech.

“FrootVPN supports freedom of speech and want the Internetz to be an uncensored place,” they say.

Although free VPNs are often not the fastest, especially not when they are growing with tens of thousands of users per day, FrootVPN says it will try to keep up. In any case, “free” is an offer that’s hard to refuse for those who are on a tight budget.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Last week these rightsholders were joined by luxury brand owner Richemont, which successfully obtained orders to block sites selling counterfeit products. The outcome of that particular case had delayed decisions in other blocking applications, including one put forward by the record labels. Today the High Court ended its hiatus by processing a new injunction.

The application was made by record labels 1967, Dramatico Entertainment, Infectious Music, Liberation Music, Simco Limited, Sony Music and Universal Music. The labels represented themselves plus the BPI (British Recorded Music Industry) and PPL (Phonographic Performance Ltd) which together account for around 99% of all music legally available in the UK today.

Through their legal action the labels hoped to disrupt the activities of sites and services they believe to be enabling and facilitating the unlawful distribution of their copyright works. In this case the key targets were the 21 torrent sites listed below:

(1) bittorrent.am, (2) btdigg.org, (3) btloft.com, (4) bts.to, (5) limetorrents.com, (6) nowtorrents.com, (7) picktorrent.com, (8) seedpeer.me, (9) torlock.com, (10) torrentbit.net, (11) torrentdb.li, (12) torrentdownload.ws, (13) torrentexpress.net, (14) torrentfunk.com, (15) torrentproject.com, (16) torrentroom.com, (17) torrents.net, (18) torrentus.eu, (19) torrentz.cd, (20) torrentzap.com and (21) vitorrent.org.

As usual the UK’s leading Internet service providers – Sky, Virgin, TalkTalk, BT and EE – were named as defendants in the case. The ISPs neither consented to nor opposed the application but participated in order to negotiate the wording of any order granted.

In his ruling Justice Arnold noted that the sites listed in the application function in a broadly similar way to The Pirate Bay and KickassTorrents, sites that are already subjected to blocking orders. Perhaps surprisingly, efforts by some of the sites to cooperate with rightsholders meant little to the Court.

“All of [the sites] go to considerable lengths to facilitate and promote the downloading of torrent files, and hence infringing content, by their users,” Justice Arnold wrote.

“Although a few of the Target Websites pay lipservice to copyright protection, in reality they all flout it. Although a few of the Target Websites claim not to, they all have control over which torrent files they index.”

Also of interest is that Court didn’t differentiate between sites that allow users to upload torrents, those that store them, or those that simply harvest links to torrents hosted elsewhere.

“Thirteen of the Target Websites (bittorrent.am, btdigg.org, btloft.com, nowtorrents.com, picktorrent.com, torrentdb.li, torrentdownload.ws, torrentexpress.net, torrentproject.com, torrentroom.com, torrentus.eu, torrentz.cd and vitorrent.org) do not permit uploads of torrent files by users, but gather all their links to torrent files using ‘crawling’ technology. No torrent files are stored on these websites’ own servers,” Justice Arnold explained.

“Nevertheless, the way in which the torrent files (or rather the links thereto) are presented, and the underlying technology, is essentially the same as in the cases of the other Target Websites.”

The Judge also touched on the efficacy of website blockades, citing comScore data which suggests that, on average, the number of UK visitors to already blocked BitTorrent sites has declined by 87%.

“No doubt some of these users are using circumvention measures which are not reflected in the comScore data, but for the reasons given elsewhere it seems clear that not all users do this,” Justice Arnold wrote.

Speaking with TF the BPI said that the 21 sites had been selected for blocking on the basis that they are amongst the most infringing sites available in the UK today. BPI Chief Executive Geoff Taylor said that having them rendered inaccessible would help both the music industry and consumers.

“Illegal sites dupe consumers and deny artists a fair reward for their work. The online black market stifles investment in new British music, holds back the growth of innovative legal services like Spotify and destroys jobs across Britain’s vital creative sector,” Taylor said.

“Sites such as these also commonly distribute viruses, malware and other unsafe or inappropriate content. These blocks will not only make the internet a safer place for music fans, they will help make sure there is more great British music in years to come.”

Finally, and mirroring a decision made in the Richemont case, Justice Arnold said that Internet subscribers affected by the block will be given the ability to apply to the High Court to discharge or vary the orders. Furthermore, when blocked site information pages are viewed by ISP subscribers in future, additional information will have to be displayed including details of the parties who obtained the block.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

As a hosting provider and search engine Google inadvertently plays a role in distributing the compromising shots, much to the displeasure of the women involved.

More than a dozen of them sent Hollywood lawyer Marty Singer after the company. Earlier this month Singer penned an angry letter to Google threatening legal action if it doesn’t remove the images from YouTube, Blogspot and its search results.

“It is truly reprehensible that Google allows its various sites, systems and search results to be used for this type of unlawful activity. If your wives, daughters or relatives were victims of such blatant violations of basic human rights, surely you would take appropriate action,” the letter reads.

While no legal action has yet been taken, some celebrities have also sent individual DMCA takedown requests to Google. On September 24 Jennifer Lawrence’s lawyers asked the search engine to remove two links to thefappening.eu as these infringe on the star’s copyrights.

This means that both the thefappening.eu main domain and the tag archive of Jennifer Lawrence posts no longer appear in Google’s search results.

Whether this move has helped Lawrence much is doubtful though. The site in question had already redirected its site to a new domain at thefappening.so. These links remain indexed since they were not mentioned in the takedown request.

The good news is that many of Lawrence’s pictures are no longer hosted on the site itself. In fact, the URLs listed in the takedown request to Google no longer show any of the infringing photos in question, so technically Google had no obligation to remove the URLs.

A prominent disclaimer on the site points out that the operator will gladly take down the compromising photos if he’s asked to do so. Needless to say, this is much more effective than going after Google.

Photo via

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The report is produced by the UK Government’s Intellectual Property Office and provides an overview of recent achievements and current challenges in the fight against piracy and counterfeiting. Increasingly, these threats are coming from the Internet.

“One of the key features in this year’s report is the continuing trend that the Internet is a major facilitator of IP crime,” the Crime Group writes.

The report notes that as in previous years, Hollywood-funded industry group FACT remains one of the key drivers of anti-piracy efforts in the UK. Over the past year they’ve targeted alleged pirate sites though various channels, including their hosting providers.

Not all hosts are receptive to FACT’s complaints though, and convincing companies that operate abroad is often a challenge. This includes the United States where the majority of the investigated sites are hosted.

“Only 14% of websites investigated by FACT are hosted in the UK. While it is possible to contact the hosts of these websites, there still remains a considerable number of copyright infringing websites that are hosted offshore and not within the jurisdiction of the UK.”

“Analysis has shown that the three key countries in which content is hosted are the UK, the USA and Canada. However, Investigating servers located offshore can cause specific problems for FACT’s law enforcement partners,” the report notes.

The figure above comes as a bit of a surprise, as one would expect that United States authorities and industry groups would have been keeping their own houses in order.

Just a few months ago the US-based IIPA, which includes MPAA and RIAA as members, called out Canada because local hosting providers are “a magnet” for pirate sites. However, it now appears they have still plenty of work to do inside U.S. borders.

But even when hosting companies are responsive to complaints from rightsholders the problem doesn’t always go away. The report mentions that most sites simply move on to another host, and continue business as usual there.

“In 2013, FACT closed a website after approaching the hosting provider on 63 occasions. Although this can be a very effective strategy, in most instances the website is swiftly transferred onto servers owned by another ISP, often located outside the UK.”

While downtime may indeed be relatively brief the report claims that it may still hurt the site, as visitors may move on to other legitimate or illegitimate sources.

“The [moving] process usually involves a disruptive period of time whereby the website is offline, during which users will often find an alternative service, thus negatively affecting the website’s popularity.”

While hosting companies remain a main target, tackling the online piracy problem requires a multi-layered approach according to the UK Crime Group.

With the help of local law enforcement groups such as City of London’s PIPCU, copyright holders have rolled out a variety of anti-piracy measures in recent months. This includes domain name suspensions, cutting off payment processors and ad revenue, website blocking by ISPs and criminal prosecutions.

These and other efforts are expected to continue during the years to come. Whether that will be enough to put a real dent in piracy rates has yet to be seen.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Their case involves former members of now-defunct file-sharing links forum Dancing Jesus. The site was taken down in 2011 following an investigation carried out by the BPI and IFPI, with assistance from the US Department of Homeland Security.

Two people were arrested by City of London Police, the owner of the site and the forum’s top uploader. Homeland Security assisted UK police by seizing a Dancing Jesus server hosted in the United States.

The trial, which began on October 6, took place at Newcastle Crown Court. One defendant, site owner and admin Kane Robinson of South Shields, had already pleaded guilty to illegally distributing music back in January 2014.

Richard Graham, the site’s alleged top uploader, went into the trial with a “not guilty” plea, but after evidence was presented in court earlier this week the Leicestershire man changed his plea to guilty.

“The guilty verdict confirms that posting illegal online links to music is a criminal offense which economically harms musicians and the labels that support them,” said David Wood, Director of BPI’s Copyright Protection Unit.

“Pre-release piracy, in particular, robs musicians of artistic control, leaving them with no say in when and how their music – which has taken blood, sweat and tears to produce – is released.

The case is significant in a number of ways, not least the scale of online infringement connected to the pair’s guilty plea. Add in the fact that Dancing Jesus was particularly well-known as a venue to obtain pre-release content and this becomes the most important UK music industry case since the failed 2010 prosecution of the infamous OiNK BitTorrent tracker.

Graham and Robinson will be sentenced under the Copyright, Designs and Patents Act 1988. Their fate will be determined by Judge Sherwin early next month.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

An official copy of the album was posted on the cloud hosting service Mega, which is linked from Dotcom’s homepage. This has never caused any issues, until a few weeks ago, when various copyright holders started sending unusual takedown requests to have the content removed.

IFPI, representing the major music labels, submitted several DMCA notices to Mega claiming that the file infringed the rights of various artists. This resulted in a game of whack-a-mole in which the album was removed and reinstated a few times. Currently it’s unavailable yet again.

When we previously covered the issue, Mega stressed that the takedown requests were clearly mistaken. The company accused IFPI of not doing their homework and doubted the accuracy of their notices in general.

However, since the takedown notices kept targeting the same link, there was a good chance that these mistakes were orchestrated in some way. Assuming that someone was making IFPI and others believe that the link pointed to albums of other artists, we decided to do some research.

Eventually we stumbled upon a series of Pastebin pages where the URL of Dotcom’s album is linked to titles of other artists. Several of the artists mentioned in the pastes are the same as the one’s IFPI listed in their DMCA notices, so this would explain the mistakes.

The above is concerning for several reasons. First of all, it shows that IFPI and others don’t verify the legitimacy of their takedown notices. This means that pranksters can easily get them to censor legitimate content.

Secondly, Mega usually can’t check the validity of a claim, or it simply doesn’t know whether or not a user has permission to publish it. So they have very little options to stop the abuse.

“Mega aims to process all takedowns promptly, within a few hours. It is impossible to verify the claims as the files are encrypted so we don’t know the contents (unless the full link is provided with the key included), and we can’t verify if the person has a valid ownership/license or not,” a Mega spokesperson told us.

Despite these restrictions, the cloud hosting provider says it’s setting up a system where repeated takedowns can be flagged to prevent this type of abuse in the future.

“We are improving our systems to monitor the takedown process and will eventually be able to identify repeated incorrect notices,” Mega says.

Until then, Dotcom’s album will most likely disappear from Mega a few more times. Luckily for the fans, there’s also a copy hosted on the soon-to-be-released music service Baboom.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Instead of buying their own hardware The Pirate Bay decided to serve its users from several cloud hosting providers scattered around the world. This saved costs, guaranteed better uptime, and made the site more portable and thus harder to take down.

The operational change also had a downside. Before the move the notorious torrent site had a dedicated page displaying its hardware and server setup, which was something true geeks kept a close eye on.

Today the site no longer owns any crucial pieces of hardware. However, it’s worth taking a look at the virtual setup the site is running on now. TorrentFreak asked the Pirate Bay team for an update and they were happy to oblige.

At the time of writing the site uses 21 “virtual machines” (VMs) hosted at different providers. This is up four machines from two years ago, in part due to the steady increase in traffic.

Most of the VMs, eight in total, are used for serving the web pages. The searches take up another six machines, and the site’s database currently runs on two VMs.

The remaining five virtual machines are used for load balancing, statistics, the proxy site on port 80, torrent storage and for the controller.

In total the VMs use 182 GB of RAM and 94 CPU cores. The total storage capacity is 620 GB, but that’s not all used. Needless to say, that is relatively modest considering the size of the site.

- 8 web
- 6 search
- 2 database
- 1 lvs
- 1 stats
- 1 for proxy site on .80,
- 1 torrents
- 1 control

All virtual machines are hosted with commercial cloud hosting providers, who have no clue that The Pirate Bay is among their customers. All traffic goes through the load balancer, which masks what the other VMs are doing. This also means that none of the IP-addresses of the cloud hosting providers are publicly linked to TPB.

According to the Pirate Bay team the current setup works pretty well. Although small issues pop up every now and then, the site has had no major downtime recently.

If the police come knocking in the future the cloud servers can of course be disconnected. However, with the site’s current setup it would be fairly easy to continue operating from another provider in a relatively short time.

For now, the most vulnerable spot appears to be the site’s domain. Just last year the site burnt through five separate domain names due to takedown threats from registrars.

But then again, this doesn’t appear to be much of a concern for TPB as the operators have dozens of alternative domain names standing by.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

A few days ago Google received a request to remove links to Kate Upton’s stolen photos The request was not sent by Upton but by her boyfriend Jason Verlander, who also appears in a few of the leaked images.

The notice includes hundreds of URLs of sites such as thefappening.eu where the photos are hosted without permission.

It’s quite unusual for Google’s takedown team to be confronted with a long link of naked celebrity pictures. This may explain why it took a while before a decision was reached on the copyright-infringing status of the URLs, a process that may involve a cumbersome manual review.

Yesterday the first batch was processed and interestingly enough Google decided to leave nearly half of all URLs untouched. The overview below shows that with 16 of the 444 links processed, only 45% were removed.

The big question is, of course, why?

Verlander’s takedown request

Google doesn’t explain its decision keep the links in question in its search results. In some cases the original content had already been removed at the source site, so these URLs didn’t have to be removed.

Other rejections are more mysterious though. For example, the thefappening.eu URLs that remain online all pointed to stolen images when we checked. Most of these were not nudes, but they certainly weren’t posted with permission.

One possible explanation for Google’s inaction is that Verlander most likely claimed to own the copyright on the images, something he can only do with pictures he took himself. With Upton’s selfies this is hard to do, unless she signed away her rights.

While browsing through the reported URLs we also noticed another trend. Some sites have replaced Upton’s leaked photos with photos of other random naked women. Google’s takedown team apparently has a sharp eye because these were not removed by Google either.

Chilling Effects, who host Google’s takedown requests, just posted a redacted version of the original notice with Upton’s name removed. Unfortunately this doesn’t offer more clues to resolve this takedown mystery, so for now we can only guess why many of the links remain indexed.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim.

Following a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to be not so private, TorrentFreak decided to ask a selection of VPN services some tough questions.

By popular demand we now present the third iteration of our VPN services “logging” review. In addition to questions about logging policies we also asked VPN providers about their stance towards file-sharing traffic, and what they believe the most secure VPN is.

Last update: October 7, 2014 (added partial Russian translation)

—

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

3. What tools are used to monitor and mitigate abuse of your service?

4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

5. What steps are taken when a valid court order requires your company to identify an active user of your service?

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

7. Which payment systems do you use and how are these linked to individual user accounts?

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

—

What follows is the list of responses from the VPN services, in their own words. Providers who didn’t answer our questions directly or failed by logging everything were excluded. Please note, however, that several VPN companies listed here do log to some extent. The order of the lists holds no value.

Private Internet Access

1. We absolutely do not log any traffic nor session data of any kind, period. We have worked hard to meticulously fork all daemons that we utilize in order to achieve this functionality. It is definitely not an easy task, and we are very proud of our development team for helping Private Internet Access to achieve this unique ability.

2. We operate out of the US which is one of the few, if only, countries without a mandatory data retention law. We explored several other jurisdictions with the help of our professional legal team, and the US is still ideal for privacy-based VPN services.

We severely scrutinize the validity of any and all legal information requests. That being said, since we do not hold any traffic nor session data, we are unable to provide any information to any third-party. Our commitment and mission to preserve privacy is second to none.

3. We do not monitor any traffic, period. We block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.

4. We do not host any content and are therefore unable to remove any of said content. Additionally, our mission is to preserve and restore privacy on the Internet and society. As such, since we do not log or monitor anything, we’re unable to identify any users of our service.

5. Once again, we do not log any traffic or session data. Additionally, unlike the EU and many other countries, our users are protected by legal definition. For this reason, we’re unable to identify any user of our service. Lastly, consumer protection laws exist in the US, unlike many other countries. We must abide by our advertised privacy policy.

6. We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet.

7. Bitcoin, Ripple, PayPal, Google Play (Mobile), OKPay, CashU, Amazon and any major Gift Card. We support plenty of anonymous payment methods. For this reason, the highest risk users should definitely use Bitcoin, Ripple or a major gift card with an anonymous e-mail account when subscribing to our privacy service.

8. We’re the only provider to date that provides a plethora of encryption cipher options. We recommend, mostly, using AES-128, SHA1 and RSA2048.

Private Internet Access website

TorGuard

1. TorGuard does not store any IP address or time stamps on any VPN and proxy servers, not even for a second. Further, we do not store any logs or time stamps on user authentication servers connected to the VPN. In this way it is not even possible to match an external time stamp to a user that was simultaneously logged in. Because the VPN servers utilize a shared IP configuration, there can be hundreds of users sharing the same IP at any given moment further obfuscating the ability to single out any specific user on the network.

2. TorGuard is a privately owned company with parent ownership based in Nevis and our headquarters currently located in the US. Our legal representation at the moment is comfortable with the current corporate structuring however we wouldn’t hesitate to move all operations internationally should the ground shift beneath our feet. We now offer VPN access in 23+ countries worldwide and maintain all customer billing servers well outside US borders.

We would only be forced to communicate with a third-party in the event that our legal team received a court ordered subpoena to do so. This has yet to happen, however if it did we would proceed with complete transparency and further explain the nature of TorGuard’s shared VPN configuration. We have no logs to investigate, and thus no information to share.

3. Our network team uses commercial monitoring software with custom scripts to keep an eye on individual server load and service status/uptime so we can identify problems as fast as possible. If abuse reports are received from an upstream provider, we block it by employing various levels of filtering and global firewall rules to large clusters of servers. Instead of back tracing abuse by logging, our team mitigates things in real-time. We have a responsibility to provide fast, abuse-free VPN services for our clients and have perfected these methods over time.

4. In the event of receiving a DMCA notice, the request is immediately processed by our abuse team. Because it is impossible for us to locate which user on the server is actually responsible for the violation, we temporarily block the infringing server and apply global rules depending on the nature of the content and the server responsible. The system we use for filtering certain content is similar to keyword blocking but with much more accuracy. This ensures the content in question to no longer pass through the server and satisfies requirements from our bandwidth providers.

5. Due to the nature of shared VPN services and how our network is configured, it is not technically possible to effectively identity or single out one active user from a single IP address. If our legal department received a valid subpoena, we would proceed with complete transparency from day one. Our team is prepared to defend our client’s right to privacy to the fullest extent of the law.

6. BitTorrent is only allowed on select server locations. TorGuard now offers a variety of protocols like http/socks proxies, OpenVPN, SSH Tunnels, SSTP VPN and Stealth VPN (DPI Bypass), with each connection method serving a very specific purpose for usage. Since BitTorrent is largely bandwidth intensive, we do not encourage torrent usage on all servers. Locations that are optimized for torrent traffic include endpoints in: Canada, Netherlands, Iceland, Sweden, Romania, Russia and select servers in Hong Kong. This is a wide range of locations that works efficiently regardless of the continent you are trying to torrent from.

7. We currently accept payments through all forms of credit or debit card, PayPal, OKPAY, and Bitcoin. During checkout we may ask the user to verify a billing phone and address but this is simply to prevent credit card fraud, spammers, and keep the network running fast and clean. After payment it is possible to change this to something generic that offers more privacy. No VPN or Proxy usage can be linked back to a billing account due to the fact we hold absolutely no levels of logging on any one of our servers, not even timestamps!

8. For best security we advise clients to choose OpenVPN connections only, and if higher encryption is called for use AES256 bit. This option is available on many locations and offers excellent security without degrading performance. For those that are looking to defeat Deep Packet Inspection firewalls (DPI) like what is encountered in countries such as China or Iran, TorGuard offers “Stealth” VPN connections in the Netherlands, UK and Canada. Stealth connections feature OpenVPN obfuscation technology that causes VPN traffic to appear as regular connections, allowing VPN access even behind the most strict corporate wifi networks or government regulated ISPs.

TorGuard website

IPVanish

1. IPVanish has a no-log policy. We keep no traffic logs.

2. IPVanish is headquartered in the US and thus operates under US law.

3. IPVanish has no monitoring in place. To elaborate, IPVanish does not sniff or monitor any user’s traffic or activity for any reason.

4. IPVanish keeps no logs of any user’s activity and responds accordingly.

5. IPVanish, like every other company, has to follow the law in order to remain in business. Only US law applies.

6. P2P is permitted. IPVanish in fact does not block or throttle any ports, protocols, servers or any type of traffic whatsoever.

7. PayPal and all major credit cards are accepted. Payments and product use are in no way linked. User authentication and billing info are help on completely different and independent platforms.

8. OpenVPN generally provides the strongest encryption algorithm, so that is the recommended encryption protocol. IPVanish also allows a choice between TCP and UDP, and UDP is generally recommended for better speed.

IPVanish website

BTGuard

1. We do not keep any logs whatsoever.

2. The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event in which we would even communicate with a third-party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.

3. If serious abuse is reported we enable tcpdump to confirm the abuse and locate the user. These dumps are immediately removed. If the user is abusing our service they will be terminated permanently but we have never shared user information with a 3rd party.

4. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.

5. We take every step within the law to fight such an order.

6. Yes, all types of traffic our allowed with our services.

7. We accept PayPal and Bitcoin. All payments are linked to users accounts because they have to be for disputes and refunds.

8. 256-bit AES is the most secure. However 128-bit blowfish is plenty good. If you’re concerned about surveillance agencies such as the NSA, their capabilities are shrouded in secrecy and claiming to be able to protect you is offering you nothing but speculation. As far as what’s publicly available for deciphering encryption, both of the encryptions I mentioned are more than sufficient.

BTGuard website

Privacy.io

1. We do not log any information on our VPN servers. The only scenario is if a technical issue arises, but we request permission from the user first, and we only do it for the duration of the job, and then it is removed.

2. We are in the process of moving jurisdictions away from Australia at present as we are unsure what our current government plans to do in regards to our privacy. We have not decided where yet.

3. Only SMTP port 25 is filtered to mitigate spam, but we are working on some tools to make it easier for users to send mail.

4. Any DMCA request is ignored, as we have no logs to do anything about them.

5. Same as above, as we do not log, so we are unable to provide any information. If the law attempts to make us do such things, we will move our business to a location where that cannot occur, and if that fails we will close up shop before we provide any information.

6. All protocols are allowed with our service, with the only exception of SMTP port 25 currently being filtered.

7. At present we only accept PayPal and CC (processed by PayPal), but we are looking into alternative types of payments. We go out of our way to make sure that PayPal transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then nuke that unique key. Bitcoin and Litecoin are also on the agenda.

8. At present we offer 128 bit for PPTP and 256 bit for OpenVPN, We plan to offer stronger encryption for the security conscious.

Privacy.io website

VikingVPN

1. No. We run a zero knowledge network and are unable to tie a user to an IP address.

2. United States, they don’t have data retention laws, despite their draconian surveillance programs. The only information we share with anyone is billing information to our payment gateway. This can be anonymized by using a pre-paid anonymous card. If asked to share specific data about our users and their habits, we would be unable to do so, because we don’t have any logs of that data.

3. That is mostly confidential information. However, we can assure our users that we do not use logging to achieve this goal.

4. In the event of a DMCA notice, we send out the DMCA policy published on our website. We haven’t yet received a VALID DMCA notice.

5. We exhaust all legal options to protect our users. Failing that, we would provide all of our logs, which do not actually exist. If required to wiretap a user under a National Security Letter, we have a passively triggered Warrant Canary. We would also likely choose to shut down our service and put it up elsewhere.

6. Yes. Those ports are all open, and we have no data caps.

7. We currently only take credit cards. Our payment provider is far more restrictive than we ever imagined they would be. We’re still trying to change payment providers. Fortunately, by using a pre-paid credit card, you can still have totally anonymous service from us.

8. A strong handshake (either RSA-4096+ or a non-standard elliptic curve as the NIST curves are suspect). A strong cipher such as AES-256-CBC or AES-256-GCM encryption (NOT EDE MODE). At least SHA1 for data integrity checks. SHA2 and the newly adopted SHA3 (Skein) hash functions are also fine, but slower and provide no real extra assurances of data integrity, and provide no further security beyond SHA1. The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks.

VikingVPN website

IVPN

1. IVPN’s top priority is the privacy of its customers and therefor we do not store any connection logs or any other log that could be used to associate a connection to a customer.

2. IVPN is incorporated in Malta. We would ignore any request to share data unless it was served by a legal authority with jurisdiction in Malta in which case we would inform them that we don’t have the data to share. If we were served a subpoena which compelled us to log traffic we would find a way to inform our customers and relocate to a new jurisdiction.

3. We use a tool called PSAD to mitigate attacks originating from customers on our network. We also use rate-limiting in iptables to mitigate SPAM.

4. We ensure that our network providers understand the nature of our business and that we do not host any content. As a condition of the safe harbor provisions they are required to inform us of each infringement which includes the date, title of the content and the IP address of the gateway through which it was downloaded. We simply respond to each notice confirming that we do not host the content in question.

5. Assuming the court order is requesting an identity based on a timestamp and IP, our legal department would respond that we don’t have any record of the user’s identity nor are we legally compelled to do so.

6. We ‘allow’ BitTorrent on all servers except gateways based in the USA. Our USA network providers are required to inform us of each copyright infringement and are required to process our response putting undue strain on their support resources (hundreds per day). For this reason providers won’t host our servers in the USA unless we take measures to mitigate P2P activity.

7. We currently accept Bitcoin, Cash and PayPal. No information relating to a customers payment account is stored with the exception of automated PayPal subscriptions where we are required to store the subscription ID in order to assign it to an invoice (only for the duration of the subscription after which it is deleted). Of course PayPal will always maintain a record that you have sent funds to IVPN but that is all they have. If you need to be anonymous to IVPN and don’t wish to be identified as a customer then we recommend using Bitcoin or cash.

8. We recommend and offer OpenVPN using the strongest AES-256 cipher. For key exchange and authentication 4096-bit RSA keys are used.

IVPN website

PrivatVPN

1. We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user.

2. We operate in Swedish jurisdiction. Since we do not log any IP addresses we have nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses and activity on the Internet. Therefore we have no information to share with any 3rd party.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

5. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

6. Yes, we allow Torrent traffic.

7. PayPal, Payson and Plimus. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

8. OpenVPN TUN with AES-256. On top is a 2048-bit DH key.

PrivatVPN website

PRQ

1. No. Wo do not log anything and we only require a working e-mail address to be a customer.

2. Swedish. We do not share information with anyone.

3. Not disclosed.

4. Put it in the trash where it belongs!

5. None, since we do not have any customer information and no logs.

6. We host anything as long as it’s not SPAM related or child porn.

7. Visa/Mastercard, Bitcoin, PayPal. No correlation between payment data and customer data.

8. We provide OpenVPN services (along with dedicated servers and other hosting services).

PRQ website

tigerVPN

1. Absolutely not! We built tigerVPN to purge all data once the transmission of a IP package was completed successfully. Its impossible to trace back any customer. On top of that we decided to use shared IPs in order to further randomize and anonymize our customers. The combination of having absolutely no logs at all and multiple customers per IP, wipes our customers digital footprint

2. We are a limited liability company in Slovakia. Slovakia does not have any data retention programs and furthermore encourage ISP’s to protect their customers privacy on the net. We are not required to share any information with 3rd party hence it would be illegal thanks to the law of telecom secrecy.

3. Since we don’t keep logs, we can’t monitor abusive behavior, which is the price for building a customer secure environment!

4. We can’t comply since we can’t identify customers, therefore it’s pointless to follow any requests. We have a specific folder for these eMails ;-)

5. Same as above. We seriously can’t tell which customer did what, when, where, at any given time.

6. It’s allowed on all servers although we gently ask our customers to use either Romania or Netherlands. Some infrastructure service providers do not want file sharing so it happened to us that we were asked to move our servers due to file sharing. We found some reliable partners in Romania and Netherlands which tolerate p2p so we kindly ask our customers to use these server parks.

7. Customers can pay with Visa, Mastercard and Debit. On top of that we also use PayPal. We use hash keys and tokens to identify a payment but it’s not logged or linked to the customer. We had to do this anyway hence we are a PCI Level 1 compliant merchant. Therefore we are not allowed to store any card or payment data with the records of our customers. These keys are pointless for anyone else so there is no chance to build a connection.

8. We offer PPTP, L2TP and OpenVPN, while out of nature OpenVPN comes with the highest encryption and algorithm. L2TP and OpenVPN are 256bit SSL encrypted while PPTP comes with a solid 128bit. Although our customers are individual and have their own sense of why and what to use, we recommend L2TP as solid protocol. It’s less geeky and more secure than PPTP, but our customers can pick any of them in all the 47 network nodes around the globe.

tigerVPN website

Mullvad

1. No. This would make both us and our users more vulnerable so we
certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users share each address, both for IPv4 and our upcoming IPv6 support.

2. Swedish jurisdiction. Under no circumstance we will share information with a third-party. First of all we take pains to not actually possess information that could be of interest to third parties, to the extent possible. In the end there is no practical way for the Swedish government to get information about our users from us.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. There is no such Swedish law that is applicable to us.

5. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our
users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

6. Yes.

7. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

8. We use OpenVPN. We also provide PPTP because some people want it but we strongly recommend against it. Encryption algorithms and key lengths are important but often get way too much attention at the expense of other important but harder to measure things such as leaks and computer security.

Mullvad website

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.