Prompted by a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to offer less than expected protection, TorrentFreak decided to ask a selection of VPN companies some tough questions.
With our findings we compiled a report of providers that due to their setup were unable to link their outbound IP addresses with user accounts. Ever since we have received countless emails demanding an update.
Update: New 2014 update is coming soon.
It’s taken a long time but today we bring the first installment in a series of posts highlighting VPN services that take privacy seriously. Our first article focuses on anonymity and a later installment will highlight file-sharing aspects and possible limitations.
We tried to ask direct questions that left providers with little room for maneuver. Providers who didn’t answer our questions directly, didn’t answer at all, or completely failed by logging everything, were simply left out. Sadly this meant that quite a few were disregarded.
This year we also asked more questions, which are as follows:
1. Do you keep ANY logs which would allow you or a 3rd party to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold?
2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?
3. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
4. Which payment systems do you operate and how are these linked to individual user accounts?
The list of providers is a tiny sample of the thousands out there today and is not comprehensive by any means. Providers not covered this time around will be added during the coming weeks. All responses listed below are in the words of the providers themselves and the order of the list does not carry any meaning.
1. We absolutely do not maintain any VPN logs of any kind. We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. These are some of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services.
2. Our company currently operates out of the United States with gigabit gateways in the US, Canada, Germany, France, UK, Switzerland, Sweden, the Netherlands and Romania. We chose the US, since it is one of the few countries without a mandatory data retention law. We will not share any information with third parties without a valid court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs and maintain absolutely no logs.
3. We are in compliance with DMCA as all companies, world-wide, must be. We have proprietary technology and an experienced legal team which allows us to comply without any risk to our users.
4. We accept many payment methods directly, including PayPal, CC, Google, Amazon, Bitcoin, Liberty Reserve, OKPay, and CashU. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required. We only store the minimal information required to provide customers refunds.
1. We do not keep any logs whatsoever.
2. The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event we would even communicate with a third-party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.
3. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.
4. At the moment we only accept Paypal and Bitcoin. We have plans to accept alternative credit card processing in the near future.
BTguard website (with discounts)
1. TorGuard doesn’t store IP’s or time stamps on our VPN/proxy servers, not even for a second. It’s impossible to match what is not there. Since some people tend to misbehave when using a VPN , this raises the obvious question: how do we maintain a fast, abuse-free network? If even our network engineer can’t back track the abuser by IP, then how do we stop it?
Through packet level filtering at the firewall it’s possible to apply rules to an entire shared server, blocking the abuse immediately. For example, let’s say someone decides to use TorGuard to unlawfully promote their Ugg boots business (spam). In order for us to block this one individual, we simply implement new firewall rules, effectively blocking the abused protocol for everyone on that VPN server. Since there are no user logs to go by, we handle abuse per server, not per user.
2. TorGuard recently went through some corporate restructuring and has now moved its parent company to Nevis, West Indies. Our company abides by all International laws and data regulations imposed within our legal jurisdiction. We don’t share any information with anyone regarding our network or its users and won’t even consider communicating with a 3rd party unless they’ve first obtained adequate representation within our legal jurisdiction. Only in the event of an official court ordered ruling would we be forced to hand over blank hard drives. There’s nothing to hand over but an operating system.
3. TorGuard complies immediately (24 hours or less) with all DMCA takedown notices. Since it’s impossible for us to locate which user on the server is actually responsible for the violation, we block the infringing protocol in its entirety, whatever it may be – Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc. This ensures the content in violation is immediately removed from that server and no longer active on our network.
4. We accept all forms of credit card, Visa, Amex, Mastercard, Discover, PayPal , Google Checkout and Bitcoins. We also accept anonymous payments through our pre-paid PIN system. These pre-paid service PIN numbers can be purchased from one of our participating online resellers and redeemed during checkout on our website.
Our client billing area and VPN/Proxy user auth servers are two completely separate systems. This is to ensure the privacy and securities of our customer’s accounts are upheld at all times. While the customer’s chosen payment method will be linked to the client billing area login, this information is kept completely separate from their VPN/Proxy network. In this way, it’s virtually impossible to “connect the dots” of a paying customer with that of someone who is using the servers. This can become a pain for clients as they are required to remember two sets of logins/passwords, but trust us – it’s in the best interest of security.
(Use the promo / coupon code TorrentFreak to get a 20% discount at Torguard.
2. Our company is based on Seychelles. We do not disclose any information to 3rd parties and this can be done only in case of a certain lawsuit filed against our company.
3. If we receive a notice about DMCA infringement, our team of lawyers solves it immediately without any blocking of servers or protocols. We don’t store any content on our servers, users are anonymous, so, there are no problems with it. We promise our customers that they will not have problems with the DMCA.
4. PayPal and CommerceGate.
2) Privacy IO is an Australian Registered business. Under no circumstances will we provide any 3rd party information about our users. We are unable to comply with DMCA or equivalent as we have no access or power to do anything about it. As we keep no logs we can not link it to a user to apply said request. If the law attempts to make us do such things, we will move our business to a location where that can not occur, and if that fails we will close up shop before we provide any information.
3) See answer to question 2
4) At present we only accept PayPal and CC (processed by PayPal), but we are looking into alternative types of payments. We go out of our way to make sure that PayPal transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then nuke that unique key.
1) We do not log any user activity at all. We don’t know what IP addresses our own users connect from. We have a shared IP address for our users, further increasing their anonymity We also generate false traffic.
2) We currently operate out of the United States. The United States does not have any mandatory data retention laws, which allows us not to log anything. If we receive a valid warrant, we will turn over all required records, that we have available; we don’t have any records available, because we don’t log anything.
3) DMCA notices have some legal requirements that basically make them not apply to us. We don’t host any content at all, we only provide bandwidth. Also, a DMCA notice requires the notifier to positively identify an infringing individual – which is impossible given our security model. Basically, it’s impossible to send us a valid DMCA notice.
4) We’re just getting started, so we’re currently simply taking credit cards. Accepting bitcoin is a near term goal for us. We’d also like to start accepting really exotic forms of payment like cash.
1. We store a users E-mail and username, that´s it. This means that we do not store, or have access to, any traffic logs of any kind. By traffic logs we mean, any kind of data that has the potential to, directly or indirectly, match a users original ip or identity with one of our IPs.
2. It is important to remember that we do not store any traffic logs, and therefore it would be physically impossible for us to hand something like that over to a 3rd party. This, next to the encryption, is the core of the entire anonymity aspect of the service. This is possible by the fact that we operate under Swedish jurisdiction and Swedish law.
3. Our no logging policy has never really caused us any trouble since we never have received any official requests to hand over any traffic logs.
4. We accept credit card payments through Paypal and Payson. For Swedish users we also accept payments through sms and phone. We do not store data from these services. However, each of these services store various types and amounts of data related to the payment, and the payment only, which we do have access to. This is what allows us to perform refunds, or to provide adequate support services etc.
1. No. As a privacy service and EFF member, IVPN’s main priority is the anonymity of its users. We use non-persistent logs (stored in memory) on our gateway servers. The logs are only stored for 10 minutes. That time window gives us the ability to troubleshoot any connection problems that may appear, but after 10 minutes no trace of activity is stored.
2. IVPN is based in Malta and is subject to its laws. We also have servers in the UK, US, France and Netherlands. We do not share data with 3rd parties. If law enforcement served us with a subpoena and compelled us to log traffic we would shut down the business before cooperating, and relocate to a new jurisdiction.
3. We ensure that our network providers understand the nature of our business and that we do not host any content. As a condition of the safe harbor provisions they are required to inform us of each infringement which includes the date, title of the content and the IP address of the gateway through which it was downloaded. We simply respond to each notice confirming that we do not host the content in question.
4. We currently accept Bitcoin, Paypal and Payza. No information relating to a customers payment account is stored with the exception of automated Paypal subscriptions where we are required to store the subscription ID in order to assign it to an invoice (only for the duration of the subscription after which it is deleted). We recommend using Bitcoin and manually paying for subscriptions if you wish to keep the source of funding anonymous.
1. We don’t keep any log that can allow a 3rd party to do that.
2. AirVPN operates in Italy. The applicable laws can be those of the countries where the servers are physically located (old issue about jurisdiction vs. applicable law). Since we don’t hold any information (we don’t even require a valid e-mail address) we are unable to share anything that may compromise privacy about VPN usage.
3. DMCAs are just ignored: no private entity claim can be considered a proof of anything (even in light of the paper by the University of Washington “Tracking the trackers – Why My Printer Received a DMCA Takedown Notice”) and the details given in DMCA notices (pertaining to p2p) lack any substantial proof of any infringement. We sometimes ask for a proof of the alleged claim, just to try to see which methods are used to make up an infringement claim, but so far all private entities have poorly failed to respond with any proof or even with technical details on how such claims are fabricated.
4. We accept payment via Bitcoin, Liberty Reserve, PayPal and credit cards. Bitcoin and Liberty Reserve are not linked to accounts: we provide coupon codes (even through independent resellers) that can be used to activate any account. Therefore the link between a payment and an account does not exist.
With PayPal, we don’t keep such information but PayPal does, just like any bank or financial institution. However, a PayPal payment shows that a person sent money to use AirVPN services, but it does not show how the VPN has been used by that person and not even IF that person has ever connected to a VPN server. The same considerations apply to credit cards transactions. Anyway we don’t (and we don’t want to) directly process credit cards, so we don’t keep any credit card database.
Of course, usage of Bitcoin (and if you’re paranoid, Bitcoin over TOR) is recommended.
1. We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and user names but it’s not possible to bind a activity on the Internet to a user. This applies to all our servers except our U.S. servers.
Note: We’re logging IP addresses and time stamp on the incoming connection for our U.S. servers. We offer no anonymity on our U.S. servers.
2. We operate in Swedish jurisdiction. Since we do not log any IP addresses we have nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses and activity on the Internet. Therefore we have no information to share with any 3rd party.
3. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our respone was to close p2p traffic on those countries.
4. No one can bind a payment to a IP you’ll get from us when you connect to our service (Paypal, Payson).
1. No logs are held or kept.
2. We operate in Swedish jurisdiction. We do not give out any information, since we do not have any information to give out.
3. We do not care or get scared about the DMCA.
4. We accept Wiretransfer, Bitcoin and Bankgiro. We only require a working e-mail address to be a customer.
1. We do not keep any logs of VPN activities. It’s our main policy. All of our clients activities are totally safe.
2. Our company operates in Turkey. Boxpn global network covers many major countries; USA, Canada, UK, Panama, Argentina, Iceland, Netherlands, Spain, Sweden, Germany, France, Switzerland, Italy, Turkey, Singapore and Australia with over 200+ servers. We are NOT in relation with any 3rd party companies or government agencies. Hence we don’t keep any logs even with a court order it’s impossible to find information to share related to our vpn network activities.
3. Boxpn network has over 70 servers only for Torrent traffic which are all located in countries where there is no data retention law. We also have special agreements with the data centers to keep our torrent network UP and running, keep our clients safe. So we never receive DMCA complaints. Regarding to non-torrent networks our hardware base firewalls automatically drops the p2p traffic.
4. We accept Paypal and all forms of credit cards; VISA, MASTERCARD, AMEX.
Update: An EarthVPN user was exposed after the police pulled datacenter logs.
1. EarthVPN does NOT log any VPN usage or user activity. Neither us nor third parties are technically possible to match an IP address to an account.
2. Under no circumstances we will provide any personal or private information to the third parties. We are located in the jurisdiction of Northern Cyprus where there is no log/data retention law.
3. EarthVPN has offshore servers on all continents specially optimized for P2P and Torrent traffic.On our P2P/Torrent offshore servers DMCA or any equivalent do not apply. P2P/Torrent traffic is blocked on our NON P2P/Torrent servers so it is impossible to receive DMCA or any equivalent notice for our NON P2P/Torrent servers.
4. We currently accept Paypal, Credit Cards, Bitcoins, Alipay, Unionpay and Webmoney.We make sure that transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then delete that unique key. This way no one can bind a payment to one of our IPs.We suggest to pay via bitcoins for maximum anonymity.
EarthVPN website (use TORRENTFREAKVPN as coupon code for a 25% discount)
2. We operate under Swedish jurisdiction. We will not expose data to third parties. First of all we take pains to not actually possess information that could be of interest to third parties, to the extent possible. In the end there is no practical way for the Swedish government to get information about our users from us.
3. There is no Swedish law equivalent to the DMCA that is applicable to us.
4. We accept Bitcoin, cash (in the mail) and PayPal / credit cards. Our accounts are just numbers with no personal information attached, not even an email address. Still, paying through Paypal allows them to associate the account number with the payment forever. People who do not like that should pay with cash or Bitcoin.
1. We keep connection logs in our system, but they contain only depersonalized data, that allows us to optimize traffic routes and make connection more fast. These logs are stored for 7 days, but they are not interesting for anyone. In the event we are sued we can deliver only this information.
2. Our company based in Cyprus. Our servers are located in Netherlands and USA and we operate under jurisdictions of these countries [for these servers]. We don’t store any information that’s useful to 3rd parties. Any talk about this is possible only by court order.
3. We don’t have any mechanics to block users, we also have no information about which user the complaint is against but we are developing a system to alert our users in case there is a complaint about their activities.
4. We use Plimus Payment System for all user accounts. iPhone / iPad / iPod users can purchase a subscription from an application that can be installed from Apple AppStore. Payment is made through the AppStore billing system. Users of devices based on Android can purchase a subscription from an application that can be installed from Google Play. Payment is made through Google Checkout.
1. On our Privacy servers we don’t log anything that can identify a single user, but on our US, Canada, UK, Germany & Singapore servers where we don’t allow file-sharing. We do log the internal RFC1918 IP that is assigned to the user at a specific time. We never log the real external IP address of the user.
We also hold a username and email address of our subscribers, the times of connection and disconnection to our services along with bandwidth consumption.
2. We now operate under the jurisdiction of Hong Kong because we worry what the lawmakers in USA and Europe may introduce to make things difficult for proxies and VPNs. We will fiercely protect the privacy and rights of our users and we will not disclose any information on our users to anyone, unless forced to by law enforcement personnel that have produced a court order.
3. On our Privacy servers DMCA does not apply (eg USA DMCA to our Swiss server). If we receive a DMCA on our other servers (US, UK, Canada, Germany & Singapore) we generally give the user one warning that they are violating our TOS and their account may be terminated.
4. Our payments systems are PayPal, Bitcoin & Liberty Reserve. We have an internal database linking payment references to user accounts. Bitcoin is the most private way to pay, for other payment systems all private billing information is stored with them.
1. We keep connection logs for debugging purposes, which happens encrypted and off-site. Connection logs contain information for debugging PPTP client issues. We try to store the least amount legally possible anywhere. IP-addresses are encrypted and can only be decrypted by non-support staff to ensure a proper process. For example, to work around issues where the police ruffles up the support staff a bit to get data for an abuse report. In the database we only store the details users give us on sign-up and a limited backlog of payments.
3. Usually we only receive email, therefore we drop anything that has DMCA in the subject. If they want something they need to send us a letter or a fax or send the police. Most of the time we get complaints for running the TPB proxy or the TOR servers.
4. PaySafe, BitCoins, PayPal, PaySon, AlertPay
1. No we do not keep logs. However as per our policy, if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or cpu usage) we may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers).
Once the user is identified, we will terminate the offending user, issue him an e-mail for the reason of termination and wipe the logs from our system.
Turning on logs for troubleshooting is a very last resort and is necessary to ensure the integrity of our services. It has happened very rarely (only a handful of times in our 6 years of operation) and such information was not disclosed to third parties but merely used to terminate the offending user. In any case logs were usually enabled for not more than few hours and only for the particular server that was experiencing abuse.
2. We’re a Malaysian incorporated company which is not subject to any mandatory data retention laws. As we don’t keep logs, there is not much information to share even when requested.
3. Servers hosted in US or categorized as “surfing/streaming’ have P2P disabled on them. As for other servers, they are not subject to DMCA and we have a good working relationship with our server providers.
In the event DMCA notices or similar are given to us, we normally respond that we don’t have such content hosted on our networks and if the provider is adamant, we will terminate our relationship with the server provider and find a new one. We will not reveal the user that generated that DMCA notice (nor can we with no logs taken). Over the years, we have identified server providers that we can work with and understand the nature of our business.
4. We accept BitCoin, Liberty Reserve, Paypal and MolPay (Malaysian online bank-ins) and also direct bank-ins for Malaysian users.
For each order, there is an Order ID that is tied to a user name which is marked as paid or not and the method of payment. BitCoins would be the most anonymous form of payment since all other payment processors would require some identifying information. However to sign up to our service, all is needed is a working e-mail and you are free to use placeholder names etc etc. Only in the event of dispute or chargeback cases (especially with credit cards), additional info is requested which is to be expected when using a credit card (unless a prepaid visa is used).
1. No information is being held at all. Everything runs from a RAM and service does not use HDD.
2. We operate under Panama jurisdiction. We are unable to share any information to anyone because we do not keep anything.
3. They are ignored because we do not comply with those laws.
4. The payment methods are wire transfers, PayPal, 2CHECKOUT. We are currently implementing Bitcoin. Additional payment methods are available upon a contact to us. We only require a working e-mail address to be a customer.
Update: Following EFF’s feedback Proxy.sh has updated its ethical policy and no longer uses Wireshark to respond to abuses as it did before. The updated policy is explained here, and there is also a transparency report where all abuse inquiries are reported.
1. No information whatsoever is being recorded or held in our facilities. Our services are run from RAM and all our system services come with state-of-the-art configuration that ensures nothing is left after usage. The only information we have about our customers is an e-mail address and the name of the payment method.
2. We are based in Seychelles and we do not communicate with external governments or authorities unless when required by law, or when our ethics tell us to do so (note: read this policy for more details), that is precisely when activities such as child pornography or human rights violation are being reported. But once again, there is very little we can actually share about. And we will always keep you informed of such communication, either via our transparency report, our network issues or our warrant canary.
3. We provide a fully transparent and privacy-oriented compliance with laws of jurisdictions in which our servers are located. When the law, or its enforcement, leads to compromising the privacy of our users, we simply shut down the affected servers and move them to another jurisdiction that provides better protection of privacy.
4. We offer more than 85 different payment methods such as Bitcoins, SMS, phone calls, prepaid cards, PayPal, WebMoney, virtual cash, credit cards, bank transfer or yet again OTC (over-the-counter) options such as by going to your local post office. Payments are only linked to the customer’s e-mail address while VPN access accounts are randomly and independently generated.
1. We do not log users’ IPS IP addresses, only the account name. So if your account name is BuBu – there is no way of assigning it to real person or IP address. With that said, we would like to mention that we have other ways of noticing/checking if users are in breach with our ToS and such accounts are shut down and banned imminently.
2. We operate under US jurisdiction as we are not required to store any data regarding users activity. We will not share any information with third parties without a valid court order. And since our users are using share VPN IP it is impossible to match it to a specific person.
3. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users traffic and we use shared IP-addresses, which make impossible to track who downloaded any data from the internet using our VPN.
4. We currently accept payments via PayPal, Credit/Debit card, PayPro. As with other VPN providers our payment system and VPN/proxy/SmartDNS network systems are completely separate. Users identity can not be in anyway assigned to any activity over the internet.
Update: VPN providers can contact TorrentFreak if they want to be included in the upcoming 2014 VPN service review.