“No Logs” IPVanish Releases Logs To Homeland Security

IPVanish is a highly respected US-based company that has always declared to have a strict no logs policy. It appears to be a lie.
Keep in mind that the logs go back to an incident that took place in June 2016, and IPVanish was then acquired by a company that maintains that no records are stored.

The Zero Logs Claim

Looking at the Internet Archive Wayback Machine, it can be clearly seen that both before and after the incident, IPVanish asserted that no logs were kept at all: “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.”

The Incident

On 4 May 2016, a  US Department of Homeland Security investigator was talking undercover to a suspect who posted some links to child pornography. The special agent traced the IP address which linked the suspect back to Highwinds Network Group, a CDN company which launched in the Usenet industry and which owned IPVanish at the time.

Upon getting a non-lawfully binding summons, Highwinds confirmed that the IP address was theirs, but said that it would not be able to help with the investigation because:
“To protect customer data, we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

This lacks consistency with the upcoming part of the court affidavit used for the subsequent trial.
“Highwinds Network Group suggested the HSI submit second summons requesting subscriber information more detailed in nature.”

Homeland Security Investigations (HSI) complied and was rewarded with a set of detailed connection logs that evidently identified the suspect.

It’s proof that IPVanish were indeed keeping logs contrary to “zero logs” policy claim. It gets murkier as Highwands seemed to have freely cooperated with HSI in handing them over.

Trust Expectations

Mr. Gevirtz is a genuinely despicable human being and its good news he was caught. But users want VPNs to provide privacy for legal reasons and expect them to uphold the privacy claims they make. The most important being no logs.

A Different Company Owns IPVanish Now

The whole issue is made more difficult by the fact that StackPath acquired Highwinds (and therefore IPVanish) in February 2017. Replying back to a Reddit discussion on the matter, Stackpath CEO, Lance Crosby, made the following post: “IPVanish has always marketed itself as a “no logging” VPN. At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/ future intent to save logs existed. The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level.”

Image result for jeremy palmer
                     Jeremy Palmer

IPVanish’s Vice President of Product & Marketing, Jeremy Palmer agreed with the statement.

The problem lies in the fact that even though a different company now owns it, many of the senior IPVanish staff have been with the company for years.

The United States of Surveillance 

Back in 2013, NSA whistleblower Edward Snowden revealed the mind-boggling scope and ambition of United States’ mass surveillance program. It represents a case of “collect it all,” and even though much digital ink has been spilled on the issue, no real progress has come of it.

America has no mandatory data retention laws, but it looks like US government flexing its muscles always gets what it wants.

This was what might have happened with IPVanish.

Is IPVanish Trustable?

Maybe PureVPN and Hide My Ass have similarly been nabbed lying about the logs they keep. Until a method to independently audit providers’ no logs claims is set up, the only way to know for sure if a VPN service is trustworthy about its logging policy is when it proves those claims in court.

But what you can about is that a VPN will protect your privacy much more than your ISP will. In IPVanish’s case, the fact that a different company runs it now provides something of a get-out clause to the actions of its past management.

But, then again, many senior staff members were also senior staff members when it took place. And anyway it’s America.


Why Millenials are Lukewarm About Privacy

Millennials seem least bothered that Facebook and other companies are using their data for profit, according to a piece by New York Post. The story suggested that millennials have accepted the fact that to maximize the advantages, sacrifices need to be made.

Millennials are comfortable to be an “open book” for all to see. The opinion piece states that the previous generations guarded their privacy. But, then again the previous generation had fewer privacy threats as compared to millennials.

You could argue that the millennials have been handed a crazy and dangerous world and so social media is their outlet and a much-needed distraction from modern life. Hence, they seem indifferent about their personal information being leaked to the masses.

Who would have imagined that social media platforms could learn our likes and dislikes, political preferences, religious affiliations, sexual orientations and so on? If a law enforcement team want to know my activities on a given day, it is readily accessible from the data uploaded to social media sites.

The article gives it back to the millennials who were outraged at Cambridge Analytica for using their information. If you are too carefree about your personal information, these things can happen. The question is: Is Cambridge Analytica any different from other companies? Every tech giant monetizes your information. So, all in all, they are all the same.

Millennials aggravate it by being only too willing to provide such information through their daily contents, photos, etc. The opinion piece questions whether the previous generations would have been so forthcoming as compared to the millennials.

What do you think? Is it a fair assessment of the current state of affairs?

How to Delete Your Data & Account from Social Media and Other Platfroms

With news focusing on online privacy a lot these days, the public has become aware of the mindboggling amount of information that social media sites gather about them. Facebook has your name, address, and much other information. The same applies to Twitter and Google. Read on to discover how to delete your Facebook, Google permanently, and Twitter accounts as well how to remove data from these services.

Deleting a Facebook Account

In the top right click the privacy icon. At the end of the second paragraph, there will a link to delete your account, but this is after a long blurb. Your account will be cleared and permanently removed after 2 weeks when you select it in the form that will be given to you.

Deleting a Twitter Account

Log in, click your profile icon in the top right, next settings, next scroll to the bottom and click Deactivate My Account. Input your password to confirm, next click the Deactivate button. Cached versions of your tweets may be retained by Google and other search engines, and unfortunately, there is no way to delete it.

Deleting a Google Account

Online privacy with Google is far-fetched, but at least they have made it easy to delete your accounts and data. Sign in, click on Google apps, then my account, then under account preferences click on ‘Delete your account or services,’ then delete Google account and data. Google will ask you for your password to verify it’s you. Then you’ll be taken to the Delete account page where you can delete your account. To stop Google from uploading your location remove your account from the mobile device be it Android or any other OS.

Permanently delete your accounts if you no longer want to give away your personal data through social media and is privacy-conscious.


Forecasting Online Privacy After Facebook’s Senate Investigation

Mark Zuckerberg was brought before the United States Senate for an investigation into how his company handles its users’ confidential data a few weeks back. It seems apart from Mr. Zuckerberg being shred into by enraged Senators nothing much came out of it. In this report, we’ll hypothesize on how internet privacy rules may or not change as a result of this trial.

Reactive Encouragement by Social Media

It was apparent, and in the days since the Senate investigation, it has happened as expected. Facebook, Instagram, Reddit, Twitter, and other social media sites have put up notifications and statements to comfort you that they do care about your privacy and security. Facebook’s “Privacy Commitments” and Security Check-Ups have been appearing more on users’ timelines, Twitter displayed a notice at the page top, and other websites are doing the same. It is merely a knee-jerk PR move since the users now all of a sudden care about their online privacy. Before you know it, the public will have moved on to the next issue as it’s highly doubtful whether anything groundbreaking will come out of this.

Short Notice from Lawmakers Prior to Moving On

Political figures at all levels are speedily capitalizing on the latest controversial issue by taking a leaf out of the Senate’s denouncement of Facebook’s practices. Hollow clichés and assurances can be found on the Twitter feed of ex-presidential candidates, governors, and even down to local city council members. But, like social media platforms, it’s unlikely these political figures will do anything of value to back up their claims. The only thing that has come of it is that Net Neutrality has gained a slight momentum, but no new laws were passed or introduced.

How Can I Take Action on this Matter?

How can you emphasize and muster support for online privacy as public attention is fading away quickly? Write to your government representatives at every tier as this is the first and most natural step. Start with your city council, mayor, and state representatives and senators, then move up to the governor, federal representatives and senators, and a Change.org petition if need be. Do it yourself! Don’t wait on others.

Millions of accounts went dark in a week as #deletefacebook movement garnered tremendous support. One less account equals one less revenue from ads and selling your data.

To close, it’s apparent nothing significant has come out of Facebook’s investigation, but there are still things you can do even though it’s losing public attention.