Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."

Re: So

[JohnFen]

And WANSecurity.

But the take-home lesson here shouldn't be that if you avoid those you're good. The lesson is that in the end, you're taking every provider's word for security. Certainly some are good and some aren't, but there is literally no way for you to be able to tell which ones are good.

Re:Good reminder

[JohnFen]

That's not the reasoning. Some are surely trustworthy. The underlying problem is that you literally have no way to tell which ones those are.

Re: Good reminder

Yes, actually it is solid logic. But feel free to keep getting robbed/raped/scammed for the rest of your idealistic and retarded life.

Re:Get a VPN they said ...

[AmiMoJo]

It also forces the security services to actively target you and expend some extra effort to get your data.

In some countries, e.g. the UK, ISPs are required to log and hand over such data pretty much on demand to the police, and of course you have outfits like GCHQ and the NSA doing mass surveillance.

A VPN increases to cost to spy on you from nearly zero to something that will discourage casual snooping and a lot of abuse. It's not perfect but it's a useful line of defence.

Roll your own

[DaMattster]

You could roll your own VPN by purchasing a VPS and routing your traffic through it but even that will only give you a little bit more privacy. At some point the data that you send will have to be decrypted in order to be sent out to the internet at large. Authorities can see the point at which the decryption is taking place and trace it back to that end-point IP address. It is a trivial matter to see who the IP address belongs to. The VPS provider could then be issued a subpoena to get your information. The whole VPN thing is really misunderstood. It's really a way to make it harder for an ISP to grab and monetize your browsing data or even a way to protect your identity on an untrusted network.

She is not the only victim here.

[140Mandak262Jamuna]

Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division. “This kind of behavior is not a prank, and it isn't harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession. No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today's arrest will deter others from engaging in similar criminal conduct.”

This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.

This guy is evil, he should be punished so severely others don't even fantasize doing such things.

Re:She is not the only victim here.

[Yosho]

This guy is evil, he should be punished so severely others don't even fantasize doing such things.

Unfortunately, severely punishing somebody for a crime has a negligible effect on discouraging anybody else from committing the same crime. I guarantee that at no point did this person ever think, "I wonder what happened to others who have stalked and harassed people? What's my risk vs. reward ratio here?"

Re:She is not the only victim here.

[JohnFen]

Citing "deterrence" is very often a thin disguise over the real intent: vengeance.

Re:So don't use PureVPN

[gweihir]

I did quote directly from their privacy policy. No idea why you think I missed anything here, this is literally on their site.

If indeed "records" and "logs" are different legally (no idea whether they are), then "no logs of your activities" would not even be a lie. There would just be records of your log-ins and log-outs, but no logs. It is also possible, that the log-in and log-out does not count legally as "activity" within the context of the service. And to make the deception complete, "complete security" is a term without meaning, i.e. it gives you no assurances whatsoever.