ExpressVPN

Proxy.sh causes controversy by snooping on server traffic

proxyshIn an unusual move, and one which has divided opinion among the VPN community, VPN provider Proxy.sh on Saturday announced that it would install a traffic sniffer in order to catch or deter ‘hacking activities’,

We are unfortunate to announce that there have been abuse complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. If you are the hacker, please stop your activities and leave our network. You are not welcome here. Our heaven is reserved to those who are not harmful to other human beings. If you do not leave, we will find you and report your activities to NGO and press officers,” Proxy.sh continued. For all others, the heaven is still safe for you, dear ones. We will completely remove Wireshark after 7 days and restart the node so that everything is erased (RAM-switch). All other nodes are left unaffected by these actions.”

Although many, including TorrentFreak who said that Proxy.sh had ‘quite amazingly shot itself in the foot’, have been quick to condemn this action, others have been more understanding, and a debate has opened up on where the limits of humans who run a VPN service ethics lie, in the face of potential human right abuses that may be shielded by their service.

In the event, the wiretap was removed after about a day, after the situation appears to have been resolved. Proxy.sh have clarified things somewhat in the following statement,

We received a very emotional message from a family about someone harassing one of their members. We wanted to identify the person and have him sorted out in a peaceful way. Fortunately, shortly after we posted our announcement, he came to us to apologize and now everything is sorted out. We have of course removed Wireshark from U.S. Illinois 1 and we will always keep you updated when we need to monitor one of our nodes either for maintenance or some internal affairs such as this one. We are happy to seriously protect anyone who is not harmful to other human beings.

Proxy.sh have until this incident enjoyed a good reputation and growing popularly thanks to its robust no logs policy, low pricing, the fact that it has been known to close down nodes rather than submit to compromising government pressure, but this news will likely put many customers off.

Supporters however point to the fact that Proxy.sh was transparent in its actions by clearly announcing its intentions, that it removed the Wireshark monitor as soon as the issue had been resolved, and that it was not the authorities that Proxy.sh threatened to involve, but NGOs (Non-Governmental Organizations) and ‘press officers’.

While a dedication to privacy is itself an ethical position, so is preventing harm to others (and in fact many ethical individuals are likely to be dedicated to both these principles). Which begs the question, where should a VPN provider stand when presented with evidence of their service being used to cover human rights abuses (such as propagation of child pornography)?


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


9 responses to “Proxy.sh causes controversy by snooping on server traffic

  1. I see what you are saying Ohana.
    I would think if you are in search for a VPN that would not easily cooperate with the US, you would have to look for a VPN that is based in a country, and has VPN servers in countries, who do not have a “mutual legal assist treaty” with the US. Proxy.sh is a candidate in that respect, which may draw many users who have done their research and are possibly trying to hide something. But being that proxy.sh is that candidate, then you could predict that the NSA may pay more attention to the traffic of that particular VPN provider and we do know that the NSA does have the capabilities of wire trapping incoming and outgoing traffic. So what is there to do? It’s like being between a rock and a hard place.

  2. ### I’m sorry, this is the 3rd attempt to post this comment. Please let me know here if you get this message. ###
    Hi DouglasThanks a lot for your reply!
    >> That does seem very surprising behaviour on AirVPN’s part.
    I also totally didn’t expect such a response from AirVPN, but I do expect it from a VPN provider, as they seem to tend to avoid or evade a question they are not ready to answer.
    AAMOF, I also tried to get a paid VPN service after bluethougt left the company and became MIA(…I’m sure that he was ForeverNotYours at PingFu, who also became MIA recently).
    At that time, most VPN providers looked very fishy, as many of them came from Digital Point’s forum, where most VPN providers seemed OPO and disappeared w/o any notice(, usually after they took money…).
    Plus, I’m the type of person who always want to make sure of the legality of my anonymous service use, which is sometimes not very clear.
    So, it might not be very logical to you but, I decided to trust a VPN provider only if I saw some lawyer work at present in their service.
    So, I contacted 20-ish VPN providers and asked them about whether it was legal to access a service like Hulu or Pandora from outside the U.S. via their VPN or not, cuz it was obvious that the surge of new VPN providers back then had something to do w/t Hulu’s launch and they advertised access to such a service via their VPN.
    However, only StrongVPN, which was most reputable (and only BBB certified) company at that time(…I don’t think HMA had started their VPN service then yet) and Banana VPN, whose founder used to work for Paypal, gave me the answer that most VPN providers seems to currently give to the same question.
    Of the rest of them, only BolehVPN gave the serious response.
    The others gave a crap like “Please see Hulu’s TOS page”(, which I thought was funny, cuz it was pre-sale question and how could I access it w/o a VPN?…LOL), and the “rude” answer from WiTopia above!
    Also, I found the legal stuff of most of the 20-ish providers almost identical to StrongVPN’s one.
    Anyway, as for AirVPN, now I don’t think they have prepared to answer a type of question I asked, as the US federal law I inquired about was not the DMCA.
    Also, when I first read their statement about the DMCA, it reminded me of Cryptocloud’s statement.
    I don’t know which one made it first, but I can see Crypocloud certainly has some association w/t a lawyer, because of its co-founder(…LOL), while I don’t
    have actual proof that AirVPN has one(…I know they are insisting that they have, though).
    Otherwise, AirVPN might care less for issues and customers which are not related to P2P.
    I mean, I believed that they could’ve answered my question better or would’ve tried to answer it at least .
    I expected them to give such a serious response that BolehVPN had gave, as I mentioned above, even though they didn’t know the answer…
    As for PIA, it might be too early to tell, cuz I haven’t contacted them yet, but their referring me to their legal team earned earned my trust, to some extent.
    Also, I’m not sure if this(h**p://www.reddit.com/r/VPN/comments/1nhi5w/pia_question_when_pia_supplies_the_client_a/ccir2ff) is their official statement or not, but if so, it sounds really great to me!
    Plus, their price and reputation firstmost me to resume my VPN hunting and I’m care less about PRISM probably cuz my country is not one of 5 eyes, I’m nobody and, more importantly, my 1st language is not English!(…LOL. I consider myself a “hard core” privacy concerned person, but I’ve been using free VPN solutions since I canceled my subscription w/t Http-Tunnel, no matter what other privacy concerned people say. I guess you got an idea what kind of person I am…)!
    If I can clear my suspicion of PIA, mentioned above, they seem to be the best choice for me…
    BTW, I have no sympathy for proxy.sh as they clearly betrayed their users, no matter what they say…
    I can’t believe they monitored the users’ traffic w/o receiving something like a court order(…I thought they’d got raided by some law enforcement like FBI when I posted my 1st comment).
    I wonder how they could tell if the family’s claim was true?
    PS: Oh No! Not Again! Another provider, EarthVPN, who tried to steal users from PIA at Reddit, seemed to got hacked!
    Edit to PS: Well, this could be FUD. However, they indeed got raided, according to this discussion(h**ps://airvpn.org/topic/9958-importance-of-partition-of-trust-for-critical-data-exchanges/)…

    1. Hi Ohana. As far as companies’ response to questions regarding as Hulu etc., I am guessing that the legal situation is somewhat murky (at best), and they simply don’t want to go there. In practice it would be very difficult for Hulu, Pandoras etc. to stop people using VPN to access their services so they probably don’t bother, but VPN providers would rather avoid saying that to do so is strictly speaking illegal (I stress again that this is a just a guess). I agree with you that PIA is a good choice as long as you don’t mind (in my personal view at least) that they must have been compromised by the NSA.

  3. Hi Douglas
    Thank you very much for the reply!
    AAMOF, AirVPN was also at the top of my list, because, to me, a good support forum has represented a good anonymous service since Http-Tunnel (in the bluethought era) and the founder, Paolo Brini, seems a decent man.
    However, when I asked about some U.S. federal law and how it could affect our use of their U.S. servers, they were like “We are not lawyers and not even US citizens. Do your HW by yourself”(…Well, they were a little more polite, though), and evaded my question.
    I didn’t totally expect this, as they seemed legally savvy, as far as I could tell from their support forum.
    So, I told them that I wanted to get a response from Paolo or one of the forum admins, then they flagged me as a spammer…
    This reminds me of WiTopia’s rude reply to my question similar to this, saying like “We won’t give you free legal advices!”(…Well, they were JUST LIKE THAT!).
    BTW, PIA’s tech support referred me to their legal folks, which I haven’t contacted yet.
    Anyway, taking AirVPN’s advice, I guess I’d better use a US-based company as I know a VPN server would give the best results from where I live and so I’m likely to use their US servers most often.

    1. Hi Ohana,

      That does seem very surprising behaviour on AirVPN’s part. Hmmm, maybe this calls for some investigation…

      1. >> Hmmm, maybe this calls for some investigation…
        Yes, please!
        I’d like you to write about “Which VPN Service Providers Really Take the US law Seriously?”.
        I know the US law upset many VPN users.
        I learn that from my experience!
        I mean, when I brought it up at the forum, many of which members are most likely to be affected by the law.
        It really upset most of them and they treated me like a troll…Sad!

  4. I’m sorry, but I wrote the last comment in a hurry and I think I made a lot of mistakes in grammar(English is not my first language).
    I hope it makes a sense…

    1. Hi ohana,

      Everything made perfect sense! Speaking personally as a non American who has never done anything likely to interest the NSA, I oppose NSA intrusion on principle, and have a rock-solid ethical belief in the right to privacy. While I do not read PIA’s hand in anything to do with Proxy.sh, I do believe that it must have been compromised by the NSA (if Google, Microsoft et al. have been, then it beggars belief that such a high profile anonymity service has not). PIA serves me fine, and I am sure that for anything non-NSA related it is excellent at maintaining privacy, so I shall finish my 1 year subscription with them then change to a different, non-US based service (most likely at this point AirVPN)…

  5. Hi,
    Hi,
    I’m usually not a US-based VPN paranoia and PIA is at the top of my VPN shopping list, but am I the only one who feel this suggests that PIA is behid it and they could be a NSA mole, honeypot or something, as some paranoia says.
    Proxy.sh seems to be taking over in popularity from PIA at Reddit recently and then their US server got raid, which is too perfect to me.
    I still want PIA because of the price, the reputation of speed.
    Also, they seem a serious company and not a one guy operation.
    Since I don’t live in the US and an English-speaking country, and I’m just nobody and I don’t think I’ll do anything to get attention from NSA while I’m on VPN and Net, I’m not concerned about NSA right now, but this is too fishy!
    Am I too paranoid, or not enough?
    Should I ignore this and just sign up to them, or not?
    What do you guys think about this?

Leave a Reply

Your email address will not be published. Required fields are marked *