Month: March 2016

VPN Provider’s No-Logging Claims Tested in FBI Case

spyWith monitoring and spying now a fact of life on the Internet, millions of privacy conscious individuals have taken to protecting their online identities. Many choose to do so by using companies that offer a Virtual Private Network (VPN) service.

In layman’s terms a VPN replaces the user’s IP address with one under the control of the company, meaning that their own IP is kept private when accessing services online. However, some VPN companies carry extensive logs which mean that when put under pressure they are able to link a user’s account to specific online activity.

This kind of setup is clearly self-defeating from a privacy perspective so in recent years it has become common for VPN providers to disclose their logging practices, as detailed in our annual report, for example.

But still, the big question remains: how can a prospective customer be sure that their VPN provider really keeps no logs? In reality the answer to that question is largely a matter of trust, weighed up against the goodwill the company has built up over its time in business.

That being said, an interesting case that appeared in a Florida district court this week has seen one provider’s no-logging policy being officially tested.

The criminal complaint (here) details the FBI’s suspicions that 25-year-old Preston McWaters had conveyed “false or misleading information regarding an explosive device”. In other words, he made a false bomb threat.

The investigating FBI agent goes into some detail on the case, which begins with claims that McWaters stalked former co-worker Devon Kenney by calling her, texting her, sending her messages on Facebook and showing up at her house. In all, it’s estimated that McWaters contacted his former co-worker more than 100 times.

In December a number of hoax bomb threats were sent to a variety of locations including schools and airports, generally in the name of Eric Mead or a variation thereof, via Twitter and email. Eric Mead is the name of Kenney’s current boyfriend and he denies making any of the threats.

So the FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats.

With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere.

“During the course of the investigation, subpoenas and search warrants have been
directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent,” the complaint reads.

“All of the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com.”

By this point in the complaint it’s clear that even without the IP address information the FBI already had enough evidence to pin the threats on McWaters. Nevertheless, they ordered PIA to hand over its logs.

“A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States,” the FBI’s complaint reads.

“However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden.”

In the event the FBI was unable to link McWaters to any payment to the company. However, they did find a payment to another provider.

“Although the investigation has not revealed any payment by McWaters to London Trust, he did make a purchase from AnchorFree Inc [HotspotShield VPN] on October 23, 2015,” the complaint notes.

While McWaters is yet to be found guilty, it’s a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they’ll need to hide a lot more than their IP address to get away with that level of crime.

Nevertheless, there are plenty of decent people using services like PIA’s and those users will be comforted that their privacy remains intact.

“Our company was subpoenaed by the FBI for user activity logs relating to this matter,” London Trust Media Executive Chairman Andrew Lee informs TorrentFreak.

“After scrutinizing the validity of the subpoena and confirming it, we restated as we always do the content of our privacy policy and then we notified the agent that we do not log any user activity. The agent confirmed his understanding of our company’s policy and position and then pursued alternative leads.

“This report makes it clear that PIA does not log user activity and we continue to stand by our commitment to our users.”

Disclosure: PIA is a TorrentFreak sponsor

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.


Source: TorrentFreak

Australian Movie Giant Considering Legal Action Against Pirates

spongepirateEarlier this week a leading Australian anti-piracy outfit announced a rebranding exercise. Previously known as the IP Awareness Foundation (IPAF), the Hollywood affiliated group became Creative Content Australia, a name more closely associated with the support of artists.

At the same time the group announced several additions to its upper management, including the appointment of Graham Burke as chairman. Burke is the co-chief of Australia-based movie giant Village Roadshow and his aggressive stance towards piracy Down Under has been notable in recent years.

However, this week Creative Content Australia said its upcoming anti-piracy scheme would be education-based and would seek to target more casual downloaders. Re-educating hardcore pirates is not its aim, the group said. So does it necessarily follow that other file-sharers will be getting a free pass? Apparently not.

In an interview published by Crikey today (subscription), Burke (wearing his Village Roadshow hat) said that his company could take legal action against pirates in the future.

Noting that his company is already monitoring people sharing Village Roadshow content via peer-to-peer networks, Burke confirmed that his company could go down the legal route to identify pirates.

“It’s something we’re having a closer look at,” he said.

Given the recent failure of the Dallas Buyers Club case in Australia it was widely believed that Aussie companies would stay away from trying to mass identify pirates through the courts. However, Burke suggests that Village Roadshow would take a more considered approach.

“If we were to pursue it, we’d be doing it on the basis of a fair and reasonable approach. I think [Dallas Buyers Club] have a different approach,” he said.

According to the Crikey report Burke wouldn’t be drawn on when any case might be launched, instead noting that the option was “under active consideration”. That being said, Burke’s comments will come as a surprise to those who recall remarks he made during the summer of 2014.

“We don’t want to sue 16-year-olds or mums and dads,” Burke said. “It takes 18 months to go through the courts and all that does is make lawyers rich and clog the court system. It’s not effective.”

Perhaps the movie boss has something cheap, quick and effective up his sleeve now. If he has he could license it to Dallas Buyers Club, whose case enjoyed none of those qualities.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.


Source: TorrentFreak