Results 1 to 7 of 7
  1. #1
    GerrysamHD's Avatar
    Join Date
    Nov 2014
    Gender
    male
    Location
    The Matrix
    Posts
    1,084
    Reputation
    52
    Thanks
    401
    My Mood
    Cheerful

    VPNs and Data logging - What VPN services aren't telling you

    Can you think of any popular VPN service out there that doesn’t have a big “NO LOGGING” tag attached right on front of it?

    Off the top of my head, I honestly can’t think of any such VPNs. While it is true that some providers actually follow a strict no-logging rule, this isn’t always the case and many providers falsely advertise that they avoid any form of data logging.

    This begs the question: can one ever be sure if all the claims of a VPN provider are actually real? This is not an easy question to answer.

    I’m probably embarking on a dead alleyway to attempt an answer to this question, but reviewing dozens of VPN services over the years has made me privy to some manipulative tactics that providers routinely employ to their advantage.

    I believe the time has come to address this peculiar elephant strolling in the hallways of the VPN industry.

    The Truth (or rather half-truth) about VPN logging
    It isn’t unheard of in marketing to use ambiguous messages to influence consumer behavior and boost sales. The VPN industry is no stranger to these tactics. This is most evident in the language that VPN providers use to describe their stance on logging, which are in most cases only half-truths.

    Since one of the main reasons VPNs have a demand is their supposed ability to provide online privacy to users, phrases such as “zero logs service” are prominently written on a VPN’s main landing pages.

    What most users don’t realize is that these phrases aren’t exactly accurate. In fact, VPN providers take advantage of the fact that broad phrases like “data logging” can mean more than one thing, depending on the context.

    You see, every time you are connected to the Internet, VPN service providers can see a bunch of information pertaining to you. This may or may not include your IP address, DNS, bandwidth usage, connection timestamps, and even the websites you are visiting. In short, there are dozens of different types of logs on user details that a service provider can maintain

    If you want a quick look about the types of logs different providers keep, you can check out VPN comparison table for details.

    In a fair world, the term “zero logging” would logically mean that the provider doesn’t keep ANY type of logs whatsoever, no matter if it contains information about what device a user is accessing, their web activities, the IP addresses, their names, addresses, date of birth, marital status, religion, grandpa’s favorite cigar, the name of your cat’s firstborn etc.But the front page taglines on official websites of VPN services often ignores these nuances and the blanket statements relating to their logging policies are seldom accurate representations of their actual policies.

    In fact, the more detailed statements about a VPN provider’s privacy policy often contradict the “no logging” claim so carelessly made in the VPN’s promotional pages and ads.

    I reached x0rz, a security researcher with a keen eye for privacy and cybersecurity issues prevailing on the web, for a comment and he brilliantly summed up the problem in these words:

    “The “zero logs” term is often misleading. The VPN server will most likely keep some kind of logs (if you take a default OpenVPN server, you’ll get logs of connections/disconnections), either for technical (you need to know who is connecting to what in order to prevent abuse) or lawful reasons (may be mandatory in some countries). What they probably mean is “traffic logs” but even that term is vague and doesn’t mean anything if they don’t provide technical tools to enable privacy (for example the “blind operator mode” with kernel module to prevent abuse from malicious sysadmins). I’d like to see more transparency among VPN providers. It’s a matter of trust.”
    To be fair, you can’t fault VPN services for keeping some types of logs. It is impossible to run a software service, manage it properly, and resolve customer queries without any data logging. As x0rz accurately points out, it is technically impossible to refrain from the practice of logging altogether.

    The problem, however, arises when VPN companies don’t really bother to explain what it really means to be a “no logs” service and do, in fact, take advantage of user’s ignorance to pretend to be something they are not.

    Let me now demonstrate how statements made by VPN companies about logging can be misleading.

    Speedify — contradictory statements about logging?

    Speedify is a US-based VPN service that markets itself as an online privacy solution, among other things

    The provider clearly mentions on its homepage that it “… does not log IP addresses, websites, or data that you send or receive…”

    You only need to head over to the privacy policy page to immediately witness a contradiction in the statement and learn, much to your dismay, that the provider actually does keep IP address logs:

    Privacy Policy
    On the same page, the provider has a highlighted statement that reads:
    Statement
    Okay, now things are getting a little clearer. It turns out that Speedify indeed does not keep a track of your web activities or the IP addresses of the websites that you visit. The front page claim that “Speedify does not log IP addresses” is actually meant for website IP addresses, not user/device/client-side IP addresses, which is actually stored by the provider as the red highlighter underlined above shows.

    And since logging of your IP address easily puts your privacy at risk, Speedify is not truly a “zero logs” provider.

    This is what I meant by half-truths and vague statements that VPN companies spin, and which end up misleading customers.

    It is entirely possible that the provider wasn’t intending to be conniving and the ambiguity is simply a result of laziness. But either way, they do deserve blame for a lack of professionalism.
    Le VPN — no logs kept… or do they?

    Le VPN is another VPN service that is guilty of a similar misdirection. The provider doesn’t shy away from giving “no logs” as one of its salient features:
    Salient Features
    But if you dig deeper and open the privacy policy page, you will learn that Le VPN keeps timestamps and IP address logs when you connect and disconnect to their VPN servers:
    Logs
    So much for the “no logs kept” claim.

    Again, it bears mention that the provider gives plausible reasons for why they need to keep these logs (administrative purposes), but surely these guys could simply have written “no traffic logs” instead of the sweeping, categorical term “no logs” in the list of features mentioned in the homepage (screenshotted above the last above).

    How VPN logging policies should actually be
    As I have mentioned before, if you’re looking for a VPN service that keeps no logs whatsoever, then I’m afraid you’re not going to find one. But what we can and should strive to find is a service that at least doesn’t store any personally identifiable information of the user.

    As such, it would make sense to narrow down what we exactly mean by the term “zero logs” and the definition that I propose is this:

    “A zero logs service is one that keeps NO personally identifiable information of their users”.

    Going by this definition, the situation with the VPN industry isn’t entirely gloomy. There are some VPN providers that are staying true to their word about keeping the privacy of their users safe.

    The first important thing that inspires trust in a VPN’s logging policy is obviously how consistent the statements of the providers are. That is to say, if the “no logs” promotional tag is actually corroborated by the privacy policy statements as far as personally identifiable information is concerned.

    If the VPN provider doesn’t intentionally use ambiguous language in promotional pages and the privacy statements are consistent with a clear disclosure of what types of data are being logged, then I would consider the VPN company worthy of trust.

    The best example of such a VPN service is ExpressVPN. If this provider makes guarantees of keeping no logs, its privacy policy also supports this claim:
    Privacy Policy
    In fact, the company was the beneficiary of a blessing in disguise when its servers were seized by Turkish agencies investigating the assassination of Russian Ambassador Andery Karlov. The agency had intelligence that the suspect used ExpressVPN to delete incriminating evidence about the assassination.

    The investigators found no actionable information on ExpressVPN’s servers, which proves that the provider indeed doesn’t keep logs of user activity or other information that could be used to expose their identity.

    Although it is extremely unfortunate if the service was actually used to sabotage an investigation, it is at the same time a testament that ExpressVPN’s is committed to the protection of user privacy by an abstention from keeping potentially exposing logs on users.

    Another great example of transparency and honest marketing is a small VPN provider that has only just finding its feet in the VPN industry: Anon.AF.

    The provider has “zero traffic logs” as one of its stated cores values:
    Core Values
    Notice the use of the term “traffic” here. The truth is, Anon.AF keeps IP addresses and timestamps because it is a France-based service and is bound by french laws to do so.

    But the point is, the provider doesn’t keep traffic logs and it never promises anything more than that.

    This in itself is extremely reassuring and shows that the provider actually respects users. In fact, they get down to the specifics to further clarify what they actually do log and what they don’t:
    Specifics
    It is refreshing to see a provider for a change that doesn’t spin a web around vague promotional language and keeps it simple by deliberately avoiding confusingly elaborate terms of uses.

    I hope more VPN providers take a cue from Anon.AF and strive to attain the same level of honest transparency that these guys have admirably demonstrated.

    Final Thoughts
    The revolution of digital technology has had many important consequences on modern life. While there is no argument that could possibly discredit the benefits the world is enjoying because of technology, its impact on our privacy is probably one of the less desirable by-products that we are compelled to deal with.

    VPN services are fighting a hard battle to wrest some control on privacy from the clutches of the government agencies and corporations, and give it back to the users.

    But it is only with a sincere commitment to the serving of user needs and the adoption of a policy of transparent honesty that we can ever hope for this battle to be won by those on the side of the masses and not the ruling few.


    Orignal Article from Hackernoon.com, and can be viewed here.
    Last edited by GerrysamHD; 4 Weeks Ago at 12:44 PM. Reason: Correction to change images to links as images not appearing.

  2. #2
    davidmichaels's Avatar
    Join Date
    Jul 2018
    Gender
    male
    Posts
    16
    Reputation
    10
    Thanks
    1
    Hey thanks a lot.

    Recently I was using a well branded VPN (won't disclose the name here) it leaked my IP and I was banned form a certain community because it disclosed my original location.

    Though I am not a spammer I was in cyber security community.

    Can you clear me how come that VPN leak my ip and location though it claimed about being totally secure.

  3. #3
    Silent's Avatar
    Join Date
    Jan 2015
    Gender
    male
    Location
    Melbourne, Australia
    Posts
    4,592
    Reputation
    1849
    Thanks
    7,733
    My Mood
    Bitchy
    Quote Originally Posted by davidmichaels View Post
    Hey thanks a lot.

    Recently I was using a well branded VPN (won't disclose the name here) it leaked my IP and I was banned form a certain community because it disclosed my original location.

    Though I am not a spammer I was in cyber security community.

    Can you clear me how come that VPN leak my ip and location though it claimed about being totally secure.
    Disclosed, as in, gave it to the community, or it was an unintentional leak? I'm willing to bet it was a mistake on your behalf.


    lechr.com - Lechr VPN.
    mpgh.wiki - Official MPGH Wiki.
    fkya.net - Fuck ya' trump
    ecry.net - Upcoming email provider focusing on privacy
    lo1a.com - Official website of Lo1a
    b1sh.com - Bitch don't touch it.
    lechr.net - Lechr VPN mirror.



     







    dd/mm/yyyy
    Member - 31/1/2015
    Premium - 12/9/2016
    Call of Duty minion - 05/11/2016
    BattleOn minion - 28/2/2017
    Battlefield minion - 30/5/2017
    Other Semi-Popular First Person Shooter Hacks minion - 21/9/2017
    Publicist - 7/11/2017 - 2/8/18
    Cock Sucker - 1/12/2017 - Unknown
    Minion+ - 6/3/18
    Fortnite minion - 8/5/2018
    Head Publicist - 8/10/18

  4. #4
    InfamousProto's Avatar
    Join Date
    Jun 2019
    Gender
    male
    Posts
    15
    Reputation
    10
    Thanks
    0
    I agree with those sentiments. It's tough though because even if person X uses a vpn, when they log into amazon or use google or something there's going to be information still linked to them. Because most people aren't smart enough to keep everything separate.

  5. #5
    Crack3r.shop's Avatar
    Join Date
    Jul 2019
    Gender
    male
    Posts
    14
    Reputation
    10
    Thanks
    0
    My Mood
    Devilish
    This is why you do research before purchasing VPN's.

  6. #6
    ikramshahbaz's Avatar
    Join Date
    Jul 2019
    Gender
    male
    Posts
    15
    Reputation
    10
    Thanks
    0
    use vyper vpn

  7. #7
    julesjules's Avatar
    Join Date
    Jun 2017
    Gender
    male
    Posts
    15
    Reputation
    10
    Thanks
    0
    I wonder how NORDVPN, the most peddled one by youtubers, is. They wouldn't even know themselves, I bet.

Similar Threads

  1. Replies: 28
    Last Post: 10-12-2018, 08:57 PM
  2. Replies: 32
    Last Post: 09-19-2018, 06:16 AM
  3. What VPN do you use and recommend
    By Palesantos in forum General
    Replies: 24
    Last Post: 10-24-2016, 01:53 PM
  4. What VPN service do you recommend?
    By akwuh_ in forum Suggestions, Requests & General Help
    Replies: 23
    Last Post: 08-25-2016, 04:58 AM

Tags for this Thread