1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?
2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?
3. What tools are used to monitor and mitigate abuse of your service?
4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
5. What steps are taken when a valid court order asks your company to identify an active user of your service?
6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
7. Which payment systems do you use and how are these linked to individual user accounts?
8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?
1. Yes. When a user connects we log the time stamp of their connection plus the internal IP address assigned (which can be mapped to a shared external IP address). This information is kept for 7 days on our Privacy locations and 30 days on our TV locations (USA, UK, Canada & Singapore). We NEVER log a users real IP address however we cannot guarantee that this information is not logged by someone else (such as the data center, NSA or GCHQ).
2. BlackVPN operates under the jurisdiction of Hong Kong since it has no Mandatory Data Retention laws and a strong Bill of Rights which protects its citizens’ freedom of speech. China and Hong Kong care little about copyright enforcement or US/UK demands – which was tested recently when Hong Kong rejected demands for the extradition of Edward Snowden. The ancient proverb still holds true today: The enemy of my enemy is my friend.
Only once we receive a valid court order from a Hong Kong court will we share any information with a 3rd party.
3. We have no way of detecting abuse other than complaints from 3rd parties which contain a BlackVPN IP address and a time stamp. If the complaint relates to a Privacy location then it must be less than 7 days old for us to act on it. Otherwise our only solution is to temporarily blacklist that site/service for all BlackVPN users until the offender goes away.
This is why we’ve had to permanently block SMTP (for sending email) on all of our servers – we have no way of knowing which user is spamming so unfortunately we have to block it for everyone.
We host our own website analytics software (Piwik) which is configured to only log the first two octets of an IP address (e.g. 188.8.131.52) plus our own support system (OSticket) which always logs 0.0.0.0 as the IP address. Fraud is monitored and managed by our payment providers (PayPal and CardPay). No other tools or logging (such as WireShark) have ever been used to monitor or spy on our users.
4. These are ignored on our Privacy locations as we have chosen countries which do not enforce them or downloading for personal use is legal. On our TV locations we warn all customers who were sharing that IP address at the time and will ban repeat offenders from our TV locations.
5. We have NEVER received a valid court order to identify any user. We have received requests from various European law enforcement agencies asking us to assist them without even having a local court order. Our response has always been to ask for a valid court order from Hong Kong, but so far none of them have complied.
If and when we do receive a valid court order then we will immediately comply and hand-over any information that we have – including connection timestamps, payment records and email addresses. We’re not here to help anyone get away with a serious crime but we are here to help users evading unjust censorship or copyright violations.
6. Yes it is allowed on our Privacy locations but not ALL locations. In the USA and UK the data centers that we work with are also under extreme pressure from the copyright cartel and lawmakers, so if we don’t take action our servers will soon get cut off.
7. PayPal, Credit Cards and Bitcoin. For each transaction we record the BlackVPN user ID, time stamp, payment method and the payment providers transaction ID so that we can process refunds and fix errors when the automatic process fails. Our payment providers don’t know which transaction belongs to which VPN account – that would require a Hong Kong court order for us to divulge.
8. OpenVPN is the best choice when available on your device. It’s easy to check that your VPN provider is using strong encryption algorithms and keys (like 256bit keys and AES encryption) by looking at the OpenVPN configuration files supplied by your VPN provider. Also it can be configured to use TCP on port 443 which makes it harder to block as the traffic looks like standard SSL traffic.
OpenVPN is slightly more effort to set up than L2TP/IPsec or PPTP (download and install a client for Windows, OS X, Linux, Android 4+ and IOS 5+) but it should be the default way for most people to connect to their VPN. We have been using OpenVPN securely (2048 bit RSA keys and AES-256) since our beginning in 2009 so previous traffic should still be secure from decryption.
1. Anonymizer does not log ANY traffic that traverses our system, ever. We do log when a user connects, and the IP address they connected from(which is needed for customer support and ensure system optimization), but we purge that log every 24 hours. But that’s it. We don’t log when users disconnect, how much data they used, where they went, at anytime, ever. We would also like to point out that all of our customers exit out and share the same IP, which changes on a daily basis, and we don’t even track that. If asked what IP we used last week, we wouldn’t have any way to know for certain.
2. Anonymizer Inc operates under US jurisdiction. We never share information with third parties except those required to furnish services necessary to provide you with the products and services offered by us, and even then it is limited to the information needed for the third-party to furnish those services. The main example of this would be our credit card processor.
3. We can’t. We don’t monitor or log traffic or user activity. When we receive reports of abuse, we have no way to isolate or remediate it because we don’t monitor. It’s problematic at times, but we feel strongly about keeping our contract of ‘no monitoring’ with our customers, even when it’s inconvenient for us.
4. Since Anonymizer does not log any traffic that comes over our system, we have nothing to provide in response to DMCA requests. None of our users have ever been issued a DMCA take down notice or European equivalent. We’re over 18 years old now, and if not the oldest service out there, certainly one of the oldest, and we’ve never turned over information in a DMCA request.
5. Anonymizer Inc only responds to official valid court orders in which we comply with information that we have available. Since we do not log any traffic that comes over our system, we have nothing to provide in response to requests associated to service use. If a user paid by credit card we can confirm that they purchased access to our service only. There is, and would be, no way to ever connect a specific user to specific traffic.
6. BitTorrent and other file-sharing traffic is allowed on all of our servers. Due to not logging or monitoring any traffic on our system it would be impossible for us to know if any user were to be engaging in file sharing or BitTorrent activities on our service.
7. Anonymizer Inc. uses Stripe for any credit card payments. There is a record of the payment for the service and the billing information associated to the credit card to confirm the service has been paid for. We also offer Cash and will soon offer crypto-currancy options to include Bit-coin. Cash payment options will not store any details(e.g. Billing address and customer name) of the transaction beyond the account username and the service being payed for by cash; there would be no way for us to connect an individual to a specific account.
8. We would recommend OpenVPN for a user that is looking for the most secure connection. We feel it is the most reliable and stable connection protocol currently. Our OpenVPN implementation uses AES-256. We also offer L2TP, which is IPSEC.
1. We keep limited session logs for all of our services which include VPN, HTTP, SOCKS5 and Smart DNS Proxy. Session logs record the time and date of the user’s session connection and disconnection, the IP address used for the session, and a numerical representation of how many bytes were transferred. These logs are typically kept for 3 days, usually less, after which they are purged. The main reason we retain this data is to prevent fraud and abuse. Since we used Shared IPs on our servers, and do not log activity, it is very hard if not impossible to know what a user is doing.
2. We operate under the laws of the SAR of Hong Kong, which has no data retention law whatsoever. We DO NOT sell, rent or share user information with any 3rd party for business and/or marketing reasons. No exceptions.
We do cooperate with proper legal processes that are valid under the laws of Hong Kong. Bluntly, you have to convince a Hong Kong judge that you have a valid claim under Hong Kong law. It’s expensive and time consuming, and guarantees our subscribers are protected from spurious actions and government “witch hunts.” By that point in time, the very limited session logs would have been deleted.
3. For reasons of security, we don’t disclose our exact security systems and processes. Additionally, we do not monitor what activity users do when using our services, regardless of the service used (VPN, HTTP, SOCKS5, Smart DNS Proxy).
As mentioned earlier, our main concern is preventing fraud and abuse from ever happening, and the primary way we fight that is by preventing them from successfully signing up and using our network in the first place.
4. IronSocket operates under the laws of the SAR of Hong Kong and is not subject to the DMCA or its European equivalent. We only provide VPN and Proxy connectivity services, and do NOT host any user uploaded content on any of our servers.
While IronSocket is not subject to DMCA, some of our hosting partners are. If they receive and escalate a DMCA notice to us, we reply to the provider that we do not log our user’s activity, we utilize shared IP addresses, and it is next to impossible to determine any activity of our users. We then confirm P2P is not being used on servers where P2P is not allowed.
5. We cooperate with proper legal processes valid under Hong Kong jurisdiction. The first step is to determine the validity of the court order, and if valid, determine if we have any data available to identify the active user of our service. To be blunt, we offer a service with many privacy enhancing features including; no activity logs, very limited personal information collected upon registration (email and password only), and we accept several payment options that enhance anonymity (cash, Bitcoin, PayGarden). On top of that we employ shared IP addresses so that activity is aggregated and specific user activities are obscured.
6. We allow Torrent/P2P file-sharing traffic on specific servers that have been optimized for file sharing performance. The list of servers that allow P2P file sharing can be found here: https://ironsocket.com/network
We do not allow BitTorrent/P2P on all of our servers due to the legal pressures on the data centers we use in the US, UK, Canada, and other countries. It is not worth the risk to our users and the company to allow file sharing across all servers.
7. We accept payments in cash, credit cards via PayPal, Bitcoin and PayGarden. We do not retain specific payment information, such as credit card information, linked to individual user accounts. That is maintained by the credit card processor, not us. If you wish to pay “anonymously” we recommend cash (no personally identifiable information retained by us), Bitcoin (we only retain the Bitcoin address) and PayGarden (this provider accepts gift cards which can be purchased for cash in the United States from 100’s of retailers.)
8. We recommend the IronSocket VPN network; based on OpenVPN, a full-featured SSL VPN. Our users are given the encryption options of Strong, Light and None. We recommend using the default Strong encryption setting, which utilizes AES 256-bit Data Encryption with SHA256 Message Authentication, using a 4096-bit key for secure authentication.
1. We try to store the least amount of data legally possible anywhere. We keep a record of when you logged in for debugging, which happens encrypted and off-site in a different jurisdiction. IP addresses are encrypted and can only be decrypted by non-support staff to ensure a proper process. For example, to work around issues where the police ruffles up the support staff a bit to get data for an abuse report.
In the database we only store the details users give us on sign-up and a limited backlog of basic payment information (no PSP processor TX-IDs). We do not run a ticket system, all support emails are deleted after 3 months. Inactive accounts are deleted after 3 months. We do not track you on our website or keep any website logs. We do not rent servers and have control over our network infrastructure. Our primary objective is to protect your anonymity from legal abuse, but not to cover up ethically serious crimes. As stated in the past we are open to an audit of our infrastructure and processes by a trustworthy 3rd party.
2. We only operate servers in Sweden. This includes understanding jurisdictional limitations and engineering our environment according to them, not making claims we cannot hold when things get serious. Offenses penalized by anything less than prison time do not qualify for such a request.
For a valid request IPredator then has to hand over the subscription information entered by you, which is all that we are required to do.
3. We only use email to handle abuse related support issues. If a user decides to abuse one of our machines for a DOS attack we use rate limiters on the switches to mitigate this. So far no other tools are needed to deal with abuse.
4. For some reason they do not arrive, so we can’t tell you.
5. Please see question 2.
6. Besides filtering SMTP on port 25 we do not impose any restrictions on protocols our users can use on the VPN, quite on the contrary. We believe our role is to provide a net-neutral access.
7. We offer PayPal, Bitcoins, Payza, and PaySon fully integrated. OkPay, Transferwise, WU, PerfectMoney, Webmoney and Credit Cards on request. An internal transaction ID is used to link payments to their payment processors. We do not store any other data about payments associated with the users account.
8. At the moment OpenVPN with elliptic curve cryptography, ephemeral Diffie-Hellmann key exchange, and AES 128/256 seems to be the best default choice. Other configs are available on request.
1. We do not log, keep logs, protocol surfing behaviors or record content, visited websites or IP addresses of our users! Why? People in non-democratic countries are in real danger, just for expressing their opinions. If we implemented backdoors, deep packet inspections or store information about our users and share those with authorities regardless their origins, we would risk the lives of people. We will not do that! Ever!
2. We are a Romanian company and operate under the laws of Romania inside the European Union (good thing!). We do not hold information, so we cannot share information! The same mechanisms that offer protection to respectable citizens, journalists and other persons against data espionage and more serious deeds make it impossible for us to identify or track users suspected of having committed crimes using the CyberGhost VPN network.
There is only the theoretical possibility to intercept them, based on a court order, to record future surfing on a specific account (for example, to survey the activities of a terrorist cell). However, such operations require that, in addition to the court request, the relevant investigation authorities communicate us a connection IP or log-in data. In practice, this theoretical hypothesis is almost completely void of significance, and we have never used it.
We think that company headquarters like ours in the European Union is a very good solution for users: It offers a high legal standard in private data protection for the user and a possibility to operate absolutely transparent for us. We believe that US Lavabit owner Ladar Levison was right as he said, after he shut down is encrypted e mail service: “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
3. As we said, we do not log, keep logs, protocol surfing behaviors or record content, visited websites or IP addresses of our users. Theoretically, we could do that. By implementing special logging tools a server can be monitored in general. However, the data flow from and to a certain user needs some more analysis to be done – which CyberGhost VPN explicitly refuses to do. To underline this, the company will always agree to be inspected by network specialists or net activists like EFF at any time on its own costs. We also announced a public Google hangout where we connect to a server of the audits choice and go in public through all settings, so everybody can see that there is no logging enabled or installed. Torrentfreak editors are welcome to ask questions live.
In case we are ordered to monitor a certain user account by a court in favor of preventing or unweave a crime, we will of course agree. No anonymization service stands outside the law. However, these orders are very rare. CyberGhost VPN itself never got asked up to now. The reason is quite simple: To be able to monitor a single account, CyberGhost VPN needs data about the account in question from the court, which is only available, if the respective owner already is under surveillance. The data CyberGhost VPN stores (the amount of traffic and its timestamps) cannot be used to identify a user – which finally means, that the use of an anonymization service by a suspect doesn’t offer any additional evidence as already known.
4. CyberGhost VPN has decided to publish a Transparency Report detailing only the number of the requests to disclose individual users’ personal data received since its founding in 2011 up to the present day. The requests have been made by authorities, companies and individuals in relation to suspected offenses carried out through CyberGhost VPN. The company has not and could not in any circumstance provide user data to those who request it, because this would be in breach of CyberGhost VPN’s mission to protect its users, and because no user data records exist.
Since CyberGhost VPN does not keep any records, the report does not list additional procedures following the requests. A review of the legality of the requests has not taken place either.
5. First we would do is to review the legality of the court order with our local and international team of lawyers and search for possibilities to lodge an appeal to make sure that we operate on legal ground and that “Lady Justice is blind” and no procedural error happened.
After we have left no stone unturned we would follow the court order. We do not stand outside the legal system – and we don’t want to.
If the specification of the court order would not be covered from our own Terms and Conditions (for example, because the court wants – for what reasons ever – find out the activities of a whistleblower like Edward Snowden) and our conscience would not allow to follow the court order, then we would shut down CyberGhost VPN and try to find a legal way to inform the public.
6. None of the current P2P technologies are illegal per definition, but we have to block P2P protocols on our Free servers due to strategic reasons. We think this is traffic that unnecessary slows down the Free service and we want to keep the “lines free” for people that need a Free VPN to access and surf the web.
However, we do have Premium servers that allow the use of P2P networks – except those in countries where we are forced by providers to block torrent traffic, e.g. in the USA.
7. In order to enable a separation of the payment data from the data of the VPN user account, the invoicing and payment procedure is performed exclusively by third party resellers. All transactions performed via our internet website and our clients are conducted by our business partner cleverbridge AG who operates in the European Union. Cleverbridge AG supports customer payment in 29 currencies, representing 75 percent of the world’s population.
We also added anonymous ways to pay for our service. Bitcoin payments are conducted by our business partner Paybilla, who also operates in the EU. And costumers in Germany, Austria and Switzerland can buy CyberGhost VPN anonym by paying cash in a retail store.
8. We recommend our users to use the Open VPN protocol that is integrated in our native clients for Windows, Mac and Android.
1. No we do not keep logs. However as per our policy, if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or CPU usage) we may turn on logs temporarily to identify abuse of our services (such as DoS or spamming through our servers). Once the user is identified, we will terminate the offending user, issue him an e-mail for the reason of termination and wipe the logs from our system.
Turning on logs for troubleshooting is a very last resort and is necessary to ensure the integrity of our services. It has happened very rarely (only a handful of times in our 7 years of operation) and such information was not disclosed to third parties but merely used to terminate the offending user. In any case logs were usually enabled for not more than few hours and only for the particular server that was experiencing abuse.
2. We’re a Malaysian incorporated company which is not subject to any mandatory data retention laws. As we don’t keep logs, there is not much information to share even when requested.
3. Without disclosing too deeply into our methods, to identify abuse cases we generally look for abnormal activity in the traffic, sustained spikes in traffic, data packets and reports that we receive. It is always an evolving battle and a balance between maintaining our user’s privacy and preventing abuse.
4. In the event DMCA notices or similar are given to us, we normally respond that we don’t have such content hosted on our networks and if the provider is adamant, we will terminate our relationship with the server provider and find a new one. We will not reveal the user that generated that DMCA notice (nor can we with no logs taken). Over the years, we have identified server providers that we can work with who understand the nature of our business.
5. In the event there is a request for account data, BolehVPN’s policy is to notify members of requests for their data unless it is prohibited from doing so by statute or court order. In any case, as BolehVPN does not store any user identifiable data in relation to customer’s usage of the VPN, there is little data that can be given over and beyond the date that you paid and your payment details.
It is noted that we do not require you to specify a real name during account signup and only require a working e-mail address. For your protection, we may contact you to ask for further details should there be any disputes arising from your payment.
6. All P2P/file-sharing activities are allowed through our FullyRouted and Proxied servers, but not through our SurfingStreaming servers. SurfingStreaming servers are generally limited due to local laws or datacenter policy or have limited bandwidth capacity. These configurations are generally only there to help users access geo-restricted content as opposed to full-blown P2P.
7. We accept BitCoin, Darkcoin, PayPal and MolPay (Malaysian online bank-ins) and also direct bank-ins for Malaysian users. Orders are merely marked as paid or not paid, the date and method of Payment. No other payment details are attached to the VPN account in our customer portal system. Depending on the payment provider chosen, the payment provider may of course retain certain details.
8. We believe that OpenVPN is the most secure VPN protocol available currently. Because of Snowden’s revelations, IPSEC may not be as secure as once thought. We also implement a modified version of OpenVPN that scrambles the packets (we call it xCloak) making it harder to identify as VPN traffic.
All our servers use the same encryption, 128 bit AES, as this provides the best blend of security and performance. Of course most experts consider 256 bit AES as more secure but we are confident that 128 AES is sufficiently secure. It is noted that 256 bit AES has a weaker key schedule than 128 bit AES. We are however currently evaluating CAMELLIA as an alternative to AES.
If we were to choose the most secure algorithm, we would pick either TwoFish or ThreeFish which are independently developed by Bruce Schneier and other well-known security specialists but this is not currently available in OpenVPN.
2. We run our business as a Seychelles company. It is one of the safest and nicest places in the world. There haven’t been any lawsuits in Seychelles regarding online copyright infringement yet.
3. According to our Terms and Conditions it is not recommended to use the service for any illegal purposes, for example, for transmission or receipt of illegal material. But because we have a no logs policy we don’t monitor and store any information about users’ online activity.
4. If we receive a DMCA notice, our team of lawyers solves it immediately without blocking any servers or protocols. We don’t store any content on our servers, and users are anonymous. We promise our customers that they will not have DMCA related problems.
5. We have never received requests from any court. It is impossible to release personal information because we actually don’t have it.
6. BitTorrent and all traffic of such type is allowed on all of our servers.
7. CommerceGate and PayPal. We don’t store any information about user card details, all transactions are processed at the payment system side. The payment system just uses the username registered on our web-site and the filled in purchase form to link the payment to concrete user.
8. The most secure VPN protocol we provide for our service is OpenVPN. There are many benefits to using OpenVPN, one of them is an ability to use more bit count encrypted.
2. We operate from the Republic of Seychelles and our staff members are residents in the following countries: Germany, Bulgaria, Switzerland, Ukraine, Philippines, Laos, Seychelles, Argentina and Croatia. We will only share information we hold with a third party when we are obliged by the law to do so, and only if we are able to alert our users in advance or in real time through our Transparency Report. If we are told that we cannot disclose anything, we will attempt to circumvent this illegitimate censorship with our Warrant Canary and ultimately, cease operations in the concerned jurisdiction.
3. When we need to respond to an abuse that our network is provoking or being victim of, we will simply block the related ports or protocols and see if the problem has been resolved by doing so. If not, we might temporarily install on the specific node a Wireshark or a TCPDump instance and we will play with various settings, mostly involving iptables, to mitigate the problem. We will never keep any logs generated during such interventions. We will always let know our members about such interventions through our Network Alerts, either in advance of several days or in real time, depending on the urgency of the matter. Our system will also tweet in real time about such interventions.
4. When we receive a DMCA takedown notice or any other similar copyright-related abuse notice, we will shut down the port related to the infringement, reset our customers’ accounts in order to prevent them from forwarding this port any further and we will publish a public report about both the notice and our intervention in our Transparency Report (https://proxy.sh/report) as well as at the Chilling Effects Clearinghouse. Our system will also tweet in real time about such interventions.
5. When we receive a valid court order asking to identify an active user of our services, we explain that we are technically unable to do so and we provide in return an open access of the related server to the competent domestic authority who may have more adequate forensic capacities to undertake such identification. We also publish a notice to our users into our Network Alerts that this node is now open to inspection by local and (potentially) international authorities. Our system will tweet in real time these notices. We will also consider shutting down the node and eventually ceasing full operations from the concerned jurisdiction depending how the intervention is carried out and the level of guarantee to privacy that is left offered after the intervention.
6. We do not undertake any segregation of usage type among our servers. Users are completely free and responsible to do whatever they want, including BitTorrent and any file-sharing activity. They are only subject to the restrictions we put to our network, which are limited to ports blocking and IP/range/domain destination blacklisting, initiated by our responses to abuse.
7. We accept no less than 90 different payment methods, including but not limited to PayPal, VISA, Mastercard, Discover, American Express, Maestro, UnionPay, WebMoney, SMS and phone payments, PaySafeCard, Ukash, Neosurf, Allopass, clickandbuy, Alipay, giropay, iDeal, bank transfers and various additional OTR methods as well as e-wallets. Of course, we also support Bitcoin payments. There is no link between user accounts and their payments, except a simple nomination known as either “Money” or “Bitcoin”. Invoice numbers and timestamps have sufficient discrepancies to not permit any relationship between panel/VPN accounts and payments. Moreover, we do not hold and manage directly the various payment methods offered: we use administrative and financial third parties such as our incubator, Three Monkeys International, and our processor, PaymentWall.
8. While we always recommend our most tech-savvy customers to get in touch with us to try out our latest encryption experimentations (Serpent, ECC-curve25519, etc.), we recommend the generally security-aware customers to use SHA-512/AES-256-CBC/DH-RSA-4096 combination (4096-bit RSA with strong cypher and strong auth security) made available across most of our network. For all our ‘normal’ customers, we still enforce SH1/AES-256-CBC/DH-RSA-4096 combination (4096-bit RSA with strong cypher and sufficient auth security) on them, which provides decent security and optimal stability. Both our system and software are designed in such a way that we will continuously increase our encryption levels when necessary. We also provide TOR bridges, exit nodes and OpenVPN compatibility as well as OpenNIC log-free DNS, SSH and SSL tunnels, to leverage the power of the OpenVPN encryption schemes our customers may use.
1. We do not log users’ IP addresses. Since we are a company registered in the US we are not required to maintain such logs. Our logs only check account name (this is chosen by the user) and if a connection was established with the VPN server. This is the only way for us to help users in case of technical problems (we can check if there was any connection), also this helps us to refund money if a new customer was not able to connect to any of our servers. This information is automatically overwritten with new data after 3 days.
There is no way for any third-party to match a user IP to any specific activity on the internet.
2. We operate under US jurisdiction. The only way we would share our information is under court order (as would any other company).
3. We would have to get into details of each individual point of our ToS. For basics like P2P and torrent traffic on servers that do not allow for such transmissions or connecting to more than 3 VPN servers at the same time by the same user account. But we do not monitor users’ traffic. Also, since our users use shared IP addresses, there is no way any third party could connect any online activity to a user’s IP address.
As it would put us and our other user at risk we do not comment on our internal policies in this regard.
4. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make it impossible to track who downloaded any data from the internet using our VPN.
5. We would reply that we do not have such measures that would us allow to identify a specific user.
6. This type of traffic is welcomed on our German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK and Canada servers as stated in our ToS – the reason for this is due to our agreements with data centers. We also have specific VPN plans for torrent users.
7. We currently accept payments via PayPal, Credit/Debit card, PayPro. Bitcoin acceptance is currently being tested. If it proves popular with our users it will stay with us.
8. We would recommend OpenVPN and SSTP protocols.
1. No. We cannot locate an individual user by IP address and timestamp. There are no logs written on our gateways. Our gateways utilize shared IPs, so there can be more than one customer using an IP which further adds to privacy.
The gateway servers keep the currently authenticated customers in the server’s RAM so they can properly connect and route the traffic to those customers. Obviously, if a server is powered down or restarted, the contents of the RAM are lost. We keep gateway performance data such as CPU loading, I/O rates and maximum simultaneous connections so that we can manage and optimize our network.
Our business structure is divided into two independent companies that do not share information. One company manages the network and hardware. A separate independent company operates the website that customers use. Customer data is not shared between the two – only a token – so, in addition to not being able to locate a user by IP address and timestamp, the company that might receive such a request has no customer data to provide since customer data resides in another independent company.
3. Spam emails were our biggest issue and early on we decided to prevent outgoing SMTP. Otherwise, the only other abuse tools we use are related to counting the number of active connections authenticated on an account to control account sharing issues.
4. If we receive a DMCA takedown notice or its equivalent and the customer’s current session during which it was generated is still active, we put the account on hold and notify the customer.
5. As a US company, we would comply with a successfully executed subpoena issued by a court of competent jurisdiction in a request for specific information. There would likely be little useful information we could provide. The US does not have data retention requirements. If the subpoena were to be of a vague, general or fishing nature, we would likely push back and request specificity.
6. We operate with net neutrality, with the exception of outgoing SMTP.
7. Bitcoin, Credit/Debit Cards, PayPal. Our billing and account management systems are separate and use a token method. We are organized such that one company manages our network and another independent company with different beneficial ownership manages customer interaction. This divided arrangement provides another layer of anonymity. Bitcoin allows maximum anonymity since all that is needed is an email address. There are plenty of options for anonymous email addresses. Disposable/reloadable credit cards are another anonymity enhancing tool.
8. We recommend OpenVPN / AES-256. We offer IPsec as well, but typically OpenVPN offers more flexibility over IPsec. We also offer PPTP for compatibility with older devices, but would not recommend it if OpenVPN is an option. Our OpenVPN client also offers DNS leak protection.