No logging! Complete privacy! Anonymous usage!
Pretty common to see these claims when looking for a VPN provider. Makes sense, because in theory, why would anyone who is trying to reduce their exposure on the internet use a service that itself tracks you?
Sometimes I bet, this is actually true. That they actually don’t keep identifiable logs normally that is.
You know what though, if any of the VPN Companies (Or any type of ISP) infrastructure is physically located in the US (you know like when you see a US option to tunnel through) then they have to have the ability to keep identifiable logs.
I mean not a logging example but look at Kim Dotcom and the Megaupload Case (one of my favorite cases to follow). The fact he rented servers in the US is part of the reason things played out the way they did (and still are).
Back to the topic at hand;
It is US Law for any type of ISP (or organization) to immediately start keeping identifiable logs for up to 180 days after receiving the court order. This is all laid out in the Stored Communications Act (SCA).
Ever since I’ve learned this, using a consumer VPN has always seemed quite null to me. If you look at all the big VPN providers, they have at least some infrastructure within US borders. So GG to those.
What I suggest? Obviously a multi-layered approach like almost everything in the realm of cyber security.
TOR Proxy to connect to VPS –> VPS tunneled with VPN. That’s a good start (the more bounces the better) , but don’t expect anything close to fast internet speeds.
Read more about the SCA and other relevant information:
EFF Link HERE
Cornell Law School Link HERE
Cornell Law School Link (Specific to what I spoke about above) HERE
And of course, the tweet that set off this rant! Link HERE