“No Logs” IPVanish Releases Logs To Homeland Security

IPVanish is a highly respected US-based company that has always declared to have a strict no logs policy. It appears to be a lie.
Keep in mind that the logs go back to an incident that took place in June 2016, and IPVanish was then acquired by a company that maintains that no records are stored.

The Zero Logs Claim

Looking at the Internet Archive Wayback Machine, it can be clearly seen that both before and after the incident, IPVanish asserted that no logs were kept at all: “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.”

The Incident

On 4 May 2016, a  US Department of Homeland Security investigator was talking undercover to a suspect who posted some links to child pornography. The special agent traced the IP address which linked the suspect back to Highwinds Network Group, a CDN company which launched in the Usenet industry and which owned IPVanish at the time.

Upon getting a non-lawfully binding summons, Highwinds confirmed that the IP address was theirs, but said that it would not be able to help with the investigation because:
“To protect customer data, we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

This lacks consistency with the upcoming part of the court affidavit used for the subsequent trial.
“Highwinds Network Group suggested the HSI submit second summons requesting subscriber information more detailed in nature.”

Homeland Security Investigations (HSI) complied and was rewarded with a set of detailed connection logs that evidently identified the suspect.

It’s proof that IPVanish were indeed keeping logs contrary to “zero logs” policy claim. It gets murkier as Highwands seemed to have freely cooperated with HSI in handing them over.

Trust Expectations

Mr. Gevirtz is a genuinely despicable human being and its good news he was caught. But users want VPNs to provide privacy for legal reasons and expect them to uphold the privacy claims they make. The most important being no logs.

A Different Company Owns IPVanish Now

The whole issue is made more difficult by the fact that StackPath acquired Highwinds (and therefore IPVanish) in February 2017. Replying back to a Reddit discussion on the matter, Stackpath CEO, Lance Crosby, made the following post: “IPVanish has always marketed itself as a “no logging” VPN. At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/ future intent to save logs existed. The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level.”

Image result for jeremy palmer
                     Jeremy Palmer

IPVanish’s Vice President of Product & Marketing, Jeremy Palmer agreed with the statement.

The problem lies in the fact that even though a different company now owns it, many of the senior IPVanish staff have been with the company for years.

The United States of Surveillance 

Back in 2013, NSA whistleblower Edward Snowden revealed the mind-boggling scope and ambition of United States’ mass surveillance program. It represents a case of “collect it all,” and even though much digital ink has been spilled on the issue, no real progress has come of it.

America has no mandatory data retention laws, but it looks like US government flexing its muscles always gets what it wants.

This was what might have happened with IPVanish.

Is IPVanish Trustable?

Maybe PureVPN and Hide My Ass have similarly been nabbed lying about the logs they keep. Until a method to independently audit providers’ no logs claims is set up, the only way to know for sure if a VPN service is trustworthy about its logging policy is when it proves those claims in court.

But what you can about is that a VPN will protect your privacy much more than your ISP will. In IPVanish’s case, the fact that a different company runs it now provides something of a get-out clause to the actions of its past management.

But, then again, many senior staff members were also senior staff members when it took place. And anyway it’s America.

 

July Onwards Chrome Will Mark HTTP Sites as ‘Not Secure’

From July Google Chrome will mark all HTTP sites as “not secure.” This is according to Emily Schechter, Chrome security product manager. Starting with version 68, Chrome will warn users with an additional notification in the address bar.

Google has been influencing users to move away from unencrypted sites for years, but this is arguably the most direct one yet. Google search engine started down-ranking unencrypted sites in 2015, in 2016 Chrome team gave a similar warning for unencrypted password fields.

Due to increased HTTPS adoption, the Chrome team felt it was the right time to make the announcement. From the top 100 sites on the web, 81 of them default to HTTPS, and an enormous amount of Chrome traffic is already encrypted. Schechter said “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,’. He also said, “we think that in July the balance will be tipped enough so that we can mark all HTTP sites.”

HTTPS encryption secures the tunnel between your browser and the website you are visiting. Lacking that encryption will mean anyone with access to your ISP or router could intercept data sent to sites or infuse malware into otherwise clean pages.

The move towards a more secured web will be a big win for online security. With July just around the corner, the hope is that all web traffic will leverage robust encryption algorithms to keep your data secured.

Why Millenials are Lukewarm About Privacy

Millennials seem least bothered that Facebook and other companies are using their data for profit, according to a piece by New York Post. The story suggested that millennials have accepted the fact that to maximize the advantages, sacrifices need to be made.

Millennials are comfortable to be an “open book” for all to see. The opinion piece states that the previous generations guarded their privacy. But, then again the previous generation had fewer privacy threats as compared to millennials.

You could argue that the millennials have been handed a crazy and dangerous world and so social media is their outlet and a much-needed distraction from modern life. Hence, they seem indifferent about their personal information being leaked to the masses.

Who would have imagined that social media platforms could learn our likes and dislikes, political preferences, religious affiliations, sexual orientations and so on? If a law enforcement team want to know my activities on a given day, it is readily accessible from the data uploaded to social media sites.

The article gives it back to the millennials who were outraged at Cambridge Analytica for using their information. If you are too carefree about your personal information, these things can happen. The question is: Is Cambridge Analytica any different from other companies? Every tech giant monetizes your information. So, all in all, they are all the same.

Millennials aggravate it by being only too willing to provide such information through their daily contents, photos, etc. The opinion piece questions whether the previous generations would have been so forthcoming as compared to the millennials.

What do you think? Is it a fair assessment of the current state of affairs?

How to Delete Your Data & Account from Social Media and Other Platfroms

With news focusing on online privacy a lot these days, the public has become aware of the mindboggling amount of information that social media sites gather about them. Facebook has your name, address, and much other information. The same applies to Twitter and Google. Read on to discover how to delete your Facebook, Google permanently, and Twitter accounts as well how to remove data from these services.

Deleting a Facebook Account

In the top right click the privacy icon. At the end of the second paragraph, there will a link to delete your account, but this is after a long blurb. Your account will be cleared and permanently removed after 2 weeks when you select it in the form that will be given to you.

Deleting a Twitter Account

Log in, click your profile icon in the top right, next settings, next scroll to the bottom and click Deactivate My Account. Input your password to confirm, next click the Deactivate button. Cached versions of your tweets may be retained by Google and other search engines, and unfortunately, there is no way to delete it.

Deleting a Google Account

Online privacy with Google is far-fetched, but at least they have made it easy to delete your accounts and data. Sign in, click on Google apps, then my account, then under account preferences click on ‘Delete your account or services,’ then delete Google account and data. Google will ask you for your password to verify it’s you. Then you’ll be taken to the Delete account page where you can delete your account. To stop Google from uploading your location remove your account from the mobile device be it Android or any other OS.

Permanently delete your accounts if you no longer want to give away your personal data through social media and is privacy-conscious.

 

Telegram Messenger Know-how and Accessibility

In the last few months Telegram Messenger, a messaging app has garnered immense popularity, especially within the cybersecurity community. It offers entirely end-to-end encrypted messaging and is available for both iOS and Android.

Telegram Founder

In the last few months Telegram messenger, a messaging app has garnered immense popularity, especially within the cybersecurity community. It offers entirely end-to-end encrypted messaging and is available for both iOS and Android. VKontakte, a Russian social network created in 2006 was what brought him to the limelight. He and his brother co-founded Telegram in 2013.

Durov currently lives in Dubai as he left Russia in 2014 because he rejected handing over information about pro-Ukrainian activists to the Russian government.

Telegram Encryption

First of all, encryption protocol is open-source, but the moment changes are made it is updated. Next, many security conscious users are left nervous as server-side encryption is wholly closed-source and proprietary.

It makes many security professionals wonder as to why Telegram uses its protocol which is not proven to be safe like other more reputed protocols.

The messages are not default encrypted which an average user may not know if so enable this option if you are going to use the app.

Telegram Banned by Russia

Russia has banned the use of Telegram as it felt necessary to crack down on things like terrorism.

The court banned Telegram, but it has not been able to block the app. Twitch and Spotify have instead faced the cut in the process. More than 19 billion IP addresses have been banned, but Telegram seems to find a way around it.

Cryptocurrency Next on Telegram’s Plan

Telegram having made a hefty $1.7 billion so far this year have the finances to invest in emerging technologies. One of their ongoing projects is to develop a blockchain themed app that will bolster the security of their service.

Best Telegram Alternatives

Telegram’s security choices are something many find difficult to digest, but thankfully there are some worthy alternatives.

The Signal app is the most popular alternative as it uses open-source whisper encryption tool. It ensures the app isn’t doing something untoward with your messages. Though not as immersive as Telegram, it holds up pretty well.

Closing

Telegram may not be the most secure messaging app, but it is a great app nonetheless. Telegram is an excellent choice if you are looking for a smooth app with encrypted communications.

For optimal security, Telegram may not be the best option for you.

Telegram adoption, however, is a step in the right direction as it’s showcasing that people are more serious about their online privacy than ever before.

 

Forecasting Online Privacy After Facebook’s Senate Investigation

Mark Zuckerberg was brought before the United States Senate for an investigation into how his company handles its users’ confidential data a few weeks back. It seems apart from Mr. Zuckerberg being shred into by enraged Senators nothing much came out of it. In this report, we’ll hypothesize on how internet privacy rules may or not change as a result of this trial.

Reactive Encouragement by Social Media

It was apparent, and in the days since the Senate investigation, it has happened as expected. Facebook, Instagram, Reddit, Twitter, and other social media sites have put up notifications and statements to comfort you that they do care about your privacy and security. Facebook’s “Privacy Commitments” and Security Check-Ups have been appearing more on users’ timelines, Twitter displayed a notice at the page top, and other websites are doing the same. It is merely a knee-jerk PR move since the users now all of a sudden care about their online privacy. Before you know it, the public will have moved on to the next issue as it’s highly doubtful whether anything groundbreaking will come out of this.

Short Notice from Lawmakers Prior to Moving On

Political figures at all levels are speedily capitalizing on the latest controversial issue by taking a leaf out of the Senate’s denouncement of Facebook’s practices. Hollow clichés and assurances can be found on the Twitter feed of ex-presidential candidates, governors, and even down to local city council members. But, like social media platforms, it’s unlikely these political figures will do anything of value to back up their claims. The only thing that has come of it is that Net Neutrality has gained a slight momentum, but no new laws were passed or introduced.

How Can I Take Action on this Matter?

How can you emphasize and muster support for online privacy as public attention is fading away quickly? Write to your government representatives at every tier as this is the first and most natural step. Start with your city council, mayor, and state representatives and senators, then move up to the governor, federal representatives and senators, and a Change.org petition if need be. Do it yourself! Don’t wait on others.

Millions of accounts went dark in a week as #deletefacebook movement garnered tremendous support. One less account equals one less revenue from ads and selling your data.

To close, it’s apparent nothing significant has come out of Facebook’s investigation, but there are still things you can do even though it’s losing public attention.