IPVanish “No-Logging” VPN Led Homeland Security to Comcast User
#1
[Image: spy.jpg]On May 4, 2016, Scott Sikes, a Special Agent with the Department of Homeland Security, was engaged in a child abuse investigation.

Acting undercover, Sikes was monitoring a channel on Internet Relay Chat (IRC) when a suspect posted a link. When Sikes opened it he discovered an image of child pornography.

Sikes struck up a one-on-one chat session with the suspect who subsequently posted three more links, each containing the same kind of material. It was later discovered that the suspect had posted 17 other links leading to similar abuse imagery.

Having captured the suspect’s IP address (209.197.26.72), Sikes traced it back to Highwinds Network Group, a cloud storage, CDN, and colocation company that is perhaps best known among file-sharers for its massive Usenet-related business.

Homeland Security followed up by issuing a Summons for Records on Highwinds, demanding that it hand over the details of the user behind that IP address at the times the IRC user posted the links.

Although not directly mentioned by name in court documents, at the time Highwinds owned the VPN provider IPVanish, a company that has repeatedly claimed to carry zero logs relating to its customers’ activities. It appears that the suspect tracked by Homeland Security was an IPVanish customer but any hope he would remain anonymous was soon dismissed.

On May 26, Highwinds responded to the summons, confirming that the IP address belonged to its VPN service. Initially, the company told HSI that to protect customer data, “we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

However, after Sikes contacted Highwinds again, the company suggested that HSI submit a second summons requesting more detailed subscriber information.

On June 9, 2016, HSI served a second summons on Highwinds, requesting “any data associated with IRC traffic using IP 209.197.27.72, port 6667.” On June 21, Highwinds came up with the goods.

In a response to HSI, Highwinds provided information which allowed HSI to identify the suspect connecting to the VPN server, connecting to the IRC server, and then disconnecting from the VPN server. Highwinds also handed over the suspect’s name (Vincent Gevirtz), his email address, plus details of his VPN subscription.

Also made available to HSI was Gevirtz’s real IP address (Comcast 50.178.206.161) “as well as dates and times [he] connected to, and disconnected from, the IRC network,” times which coincided with the activity being investigated by HSI.

HSI then issued a summons on Comcast, requesting customer information on the IP address in question. Comcast responded three days later with a slightly different name – Julian Gevirtz – plus an address in Indiana. Vincent Gevirtz was subsequently found at that address with his parents and later admitted to the conduct carried out in the IRC channel. He further admitted to having shared images of abuse online for at least seven years.

While there will be few people disappointed that Gevirtz was tracked down by HSI, there was considerable uproar yesterday when the court documents were posted to the /r/piracy discussion page on Reddit.

IPVanish has always been extremely vocal about its no-logging policies but the court documents in the Gevirtz case appear to show that the company logged extensively, apparently down to what services were accessed and when.

So, with this apparent contradiction in hand, TF contacted StackPath, the company that bought Highwinds and therefore IPVanish back in 2017. How can its “zero logs” policy exist alongside the handing over of so much information?

“We are glad you asked. That lawsuit was from 2016 – long before StackPath acquired IPVanish in 2017,” said Jeremy Palmer, Vice President, Product & Marketing.

“IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. I can’t speak to what happened on someone else’s watch, and that management team is long gone. But know this – in addition to not logging, StackPath will defend the privacy of our users, regardless of who demands otherwise.”

It’s pretty clear from this statement that StackPath doesn’t want to get into what went before and at least to a degree, that’s understandable. That being said, these things must have some kind of paper trail – logs if you like – that document what went on and who was responsible. So we asked again, this time tacking on some more questions to try and nail things down.

We began by asking about the general logging policies of IPVanish before StackPath took over. Clearly, if the old policy was to log (as the court papers suggest), at some point StackPath must’ve seen those policies and realized they were incompatible with their new approach to privacy. If that was the case, what were the old policies and when were they revised to StackPath standards?

“I can’t speak on behalf of the former executive or legal team (involved in this issue) as they are no longer part of Highwinds Network Group, and haven’t been since the acquisition,” Palmer reiterated.

“It’s impossible for me to speculate or comment about what may have happened under different ownership/management. We don’t keep VPN logs [now]. We value our customer’s privacy above everything else.”

The problem here is that at least as far as the IPVanish privacy statements go, the old policies are exactly the same as the new ones – no logs. Clearly, something has to give. At this point, Palmer provided us with a statement from StackPath CEO Lance Crosby.

Crosby is an industry heavyweight, there is little doubt about that. Founder, CEO and Chairman of Softlayer until its sale to IBM in 2013, Crosby was also former COO of ThePlanet. He doesn’t offer any clear proof but says that the HSI case could’ve been a one-off.

“At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/future intent to save logs existed,” Crosby says.

“The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level. Your privacy is paramount and we will fight any persons or government agencies seeking to infringe upon such.

“I can’t speak to what happened on someone else’s watch but Technology is my life and I’ve spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further — security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals’ rights to privacy, especially our customers,” he concludes.

While having Crosby’s word on a no-logging future carries weight, we are sadly no closer to finding out what happened back in 2016. There is no mention in the court documents of the one-time logging scenario outlined above although that is certainly possible. The big question of whether it could happen again is up for debate.

Moving forward, IPVanish says it is committed to its ‘no-logging’ policy and says that the difference today is a “completely different management team” and a CEO who is “a strong privacy advocate” who “built StackPath on this foundation.”

IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.
[Image: Torrentfreak?d=yIl2AUoC8zA][Image: Torrentfreak?i=JbVPBQolCcY:bWr0UakgqxY:D7DqB2pKExk]
[Image: JbVPBQolCcY]

Originally Published: Tue, 05 Jun 2018 10:11:42 +0000
source
Reply
#2
To be honest I'm not surprised by any of the information in this article. As I did my research prior to getting a VPN service myself I found out that actually commiting an offence like this which is illegal that the VPN is hosted in (Company the country is based in) means that if this is an offence there it means they have the power to investigate the crime. For something like Child pornography what do you expect really it's taking things to a whole different level, something which using a VPN will simply NOT protect you at all which is why this article is of no surprise at all to me.

If you are protected by using a VPN service that are based in a country where there is very laid back laws as far as File Sharing like the kind of thing that goes on at The Pirate Bay then you have nothing to worry about. It is only countries really like the USA and UK that have gone beserk in recent times forcing users of the internet onto VPN services to protect themselves. Granted also other countries are the same but it seems the USA and UK are the worst of the lot.

I would say that if you have a fetish in Child Pornography and you go online often to share things then you have a lot to worry about really because it is illegal everywhere and the chances of being caught are very great so choose this kind of activity and be sure to face the consequences.
Reply
#3
Maybe a good idea to consider a company that is outside your own country. Might make it harder for them to find you.
Reply
#4
this is a good idea
Reply
#5
I thought it was bad that IPVanish required so much information about their customers, and the fact that they don't like virtual pre-paid cards.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Do You Take Your VPN Security Seriously? Ernesto 26 111,528 Jul 10, 2024, 12:56 pm
Last Post: PuppyVeal
  Researchers Issue Security Warning Over Android VPN Apps Ernesto 2 44,954 Nov 25, 2019, 01:40 am
Last Post: dlord1968
  Pirate Bay Led Hollywood The Way, Co-Founder Says Ernesto 4 23,193 Jul 28, 2015, 04:56 am
Last Post: The_Abee



Users browsing this thread: 1 Guest(s)