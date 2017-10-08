Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) 62
An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
Good reminder (Score:2)
This is a good reminder that you shouldn't put much faith in the claims made by service providers.
Re: (Score:2)
That's not the reasoning. Some are surely trustworthy. The underlying problem is that you literally have no way to tell which ones those are.
Re: (Score:2)
Examples; LavaBit & the original axcrypt
Re: Good reminder (Score:1)
Yes, actually it is solid logic. But feel free to keep getting robbed/raped/scammed for the rest of your idealistic and retarded life.
Re: (Score:2)
Re: (Score:2)
The more you can verify, the less you need to rely on trust. But how do you verify that a VPN provider is well-behaved?
Re: (Score:2)
One website scammed me, so all websites cannot be trusted. Therefore, to show I trust all websites, I shall disable all firewalls.
Re: So (Score:4, Informative)
And WANSecurity.
But the take-home lesson here shouldn't be that if you avoid those you're good. The lesson is that in the end, you're taking every provider's word for security. Certainly some are good and some aren't, but there is literally no way for you to be able to tell which ones are good.
Misleading (Score:2)
Most of the damning info came from a laptop, and all the VPNs did was confirm an IP address for his residence was used to connect to one of their IP addresses during the same time frame "someone" logged into both the victim's e-mail account and the abuser's e-mail account -- both from the same VPN address.
PureVPN lists what data it records and states it cooperates with investigations. The only thing I can find that they gave to investigators that wasn't explicitly stated in the TOS was that they gave the o
Re: (Score:2)
Yes, this is a good and important point.
Encrypting your actual payload data is insufficient (metadata is often just as revealing as payload data). That's why the more skilled hackers and criminals use multiple VPNs along with services that decorrelate access times.
Re: (Score:2)
And WANSecurity.
But the take-home lesson here shouldn't be that if you avoid those you're good. The lesson is that in the end, you're taking every provider's word for security. Certainly some are good and some aren't, but there is literally no way for you to be able to tell which ones are good.
I'd primarily use a VPN provider to make life harder for the RIAA, MPAA, Sony, HBO, and the rest of that ilk and to make it harder for them to identify me and then sue me for damages because they themselves forced me to torrent their movies and music because of their own artificial trade barriers (and I'd preferably use a VPN service headquartered in Europe to make it that little bit harder since most of these corps are US based which significantly increases the legal complexities). I have no delusions abou
Re: (Score:2)
Please don't post your sexual fantasies. There are forums where that may be appropriate but this isn't one.
Get a VPN they said ... (Score:2)
... you'll be anonymous, they said.
I'm bookmarking this article for reference material for the VPN fanbois.
Re: (Score:3)
Re: (Score:2)
That's all a VPN does for you , which is irrelevant to what Pure VPN says it does [purevpn.com] for others.
PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security? That's why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities
.
Emphasis mine.
Re: (Score:2)
Except that, according to TFA, Pure is lying when they say that.
Re: (Score:2)
It also forces the security services to actively target you and expend some extra effort to get your data.
In some countries, e.g. the UK, ISPs are required to log and hand over such data pretty much on demand to the police, and of course you have outfits like GCHQ and the NSA doing mass surveillance.
A VPN increases to cost to spy on you from nearly zero to something that will discourage casual snooping and a lot of abuse. It's not perfect but it's a useful line of defence.
Re: (Score:2)
Get a VPN they said
... you'll be anonymous, they said.
You will be anonymous until the VPN gets a warrant for specific information.
If you want to be entirely anonymous then you will need to set up proxies using multiple hacked IoT devices in nations that will not cooperate.
Re: (Score:2)
If you want to be entirely anonymous then you will need to set up proxies using multiple hacked IoT devices in nations that will not cooperate.
So say you.
Where do you publish your guarantee, and how do we know you're not outright lying like Pure VPN is?
Re: (Score:2)
VPNs aren't meant to keep people anonymous. They just obscure the origin IP address enough to where an average site may not know for certain who is visiting and law enforcement would have to request account connection details -- time and origin of connection, user name, actual name, length of time of connection, bandwidth usage, etc. Sure, VPNs don't usually record what sites you visit, but the sites themselves keep detailed logs that include the IP address of the VPN used... which in this situation corre
Re: (Score:2)
VPNs aren't meant to keep people anonymous.
Yes, this is exactly correct. VPNs don't disguise endpoints or decorrelate access times.
Personally, I use a VPN solely so that I don't have to worry quite as much when I'm connecting through WiFi access points that I don't control (open access points, workplace WiFi, etc.).
I'm not even trying to hide from my ISP (since, at some point, my datastream is going to be exposed to an ISP anyway -- at least this way, I know which one I'm exposed to). So, I don't use a third party VPN. I run my own VPN server, and m
So don't use PureVPN (Score:1)
Alright then.
Re: (Score:2)
Pure VPN says, in writing, that they do not log.
What VPN would you suggest, and how do you know they actually do what they say they do
... in writing?
Re: (Score:2)
What VPN would you suggest, and how do you know they actually do what they say they do
... in writing?
PIA. [privateint...access.com] They've also been tested in court as keeping no logs at all. [torrentfreak.com]
Vendors used (Score:2)
He also used a secure email and Tor but no indication that logs or info was pulled from those.
--For the karma whoring.
Re: (Score:2)
VPN safe if you used established ones (Score:1)
https://torrentfreak.com/vpn-s... [torrentfreak.com]
Never heard of these VPN services, but if you stick to VPNs that have been reviewed and tested for privacy over the years they are fine. See above link for good reviews..noticed PUREVPN was never reviewed?
Re: (Score:2)
That list doesn't really mean anything, though. All they've done is ask providers questions and ranked them according to the provided answers. There has been no independent verification of the provider's practices or technical security, so there's no way to tell if the answers were complete and honest.
Re: (Score:2)
How do you know that reviewed VPNs don't keep logs?
Re: (Score:2)
I just looked over PureVPN's site and policies and they make no claim about logging one way or the other.
Not true. TFA links to Pure's page where they specifically claim that they do not log your activities. That page has even been quoted a couple of times by other commenters.
Re: (Score:2)
... they make no claim about logging one way or the other.
You just blew it [purevpn.com] in an obvious way.
PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security? That's why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities
.
Emphasis mine.
Shame on you.
Idiot deserves to get arrested. (Score:2)
Re: (Score:2)
Down vote this post to oblivion, please.
Roll your own (Score:2)
Re: (Score:1)
The best defense is not to do dumb stuff in the first place.
Re: (Score:2)
The best defense is not to do dumb stuff in the first place.
That doesn't protect you from other entities doing dumb or abusive stuff, though.
She is not the only victim here. (Score:5, Informative)
Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division. “This kind of behavior is not a prank, and it isn't harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession. No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today's arrest will deter others from engaging in similar criminal conduct.”
This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.
This guy is evil, he should be punished so severely others don't even fantasize doing such things.
Mocking NK (Score:2)
This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.
This guy is evil, he should be punished so severely others don't even fantasize doing such things.
Agreed. And I also think we should prevent certain morons from mocking North Korea on Twitter, too.
Re: (Score:2)
This guy is evil, he should be punished so severely others don't even fantasize doing such things.
Unfortunately, severely punishing somebody for a crime has a negligible effect on discouraging anybody else from committing the same crime. I guarantee that at no point did this person ever think, "I wonder what happened to others who have stalked and harassed people? What's my risk vs. reward ratio here?"
Right to Privacy has Limits (Score:1)
Virtual (Score:1)
1 almost or nearly as described, but not completely or according to strict definition.