ExpressVPN

EarthVPN user arrested after cops find logs

A student in Holland was arrested in June last year (2013) after issuing a bomb threat to his university. Although the act was in itself reprehensible, and the young man deserves everything he gets (for the record he claims that he is innocent and someone else used his VPN account), the key issue as far as we are concerned is that he was using EarthVPN when he made the threat, a service which promises not to keep any logs of users’ online activities.EarthVPN logo

The story is not new, but online interest in it has grown recently, with many observers accusing EarthVPN of being another Hide My Ass (referencing the notorious 2011 case where HMA cooperated with the UK and US authorities to help catch a LulzSec hacker who used its service to hide his identity). As many irate commentators have pointed out, a VPN that does not protect its user’s privacy is no VPN at all.

The situation here however seems to be rather different. An an EarthVPN spokesperson issued the following explanation:

Let me clarify some false accusations. We do not keep logs and neither provide 3rd party as there are no logs to provide.

As this issue seems to be related within netherlands what we can disclosure is one of our server in netherlands have been seized recently with a court order.There are no logs kept on the servers so it is technically impossible to match a user of his activities.

What we can only suspect is the datacenter have IP transfer logs as we were also having DDOS protection.

After this circumstance happened we have cancelled our contract with the datacenter.’

While there is no way of confirming these facts, they do sound very plausible. This does however bring up the very serious issue of how trustworthy local datacenters are, and how can they be prevented from handing over their logs when presented with a court order (subpoena etc.), whatever the VPN provider says.

While this can be partially addressed with explicit contractual agreements between the datacenter and VPN provider, a much more robust and fundamental solution is to use shared IP addresses so that it is all but impossible to determine which of the dozens or hundreds of users using that IP is responsible for any particular online action or behavior. Had EarthVPN been using shared IPs, then the datacentre would have had no meaningful information to hand over to the police, so EarthVPN must have been using dynamic (or unlikely but possible) static IPs.

In our view there is no excuse for a VPN provider not to use shared IPs, and EarthVPN’s failure to do so (assuming its version of events is reliable), is unforgivable. It is also not the first time that EarthVPN has been embroiled in controversy over its technical (in)competence, as the spat over its possible exposure of both its public and private keys in its OpenVPN .crt file demonstrates (links for this can be found at the end of our EarthVPN review).


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


2 responses to “EarthVPN user arrested after cops find logs

  1. They did it again?
    I read something likethis quite a while ago(https://airvpn.org/topic/10048-voxility-and-other-data-centre-logging/).
    Anyway, this is why I told you that it is unfair to say offshore VPN providers are better than US-based ones.
    Most of offshore VPN providers are fishy or unprofessional at best, like this one, proxy.sh, Golden, Findnot, and Xerobank, just to name a few.
    Remenber, they were (and still are, if they’re still around) very vocal in criticizing US-based VPN providers.
    So, the attacks on US-based VPN providers are getting to sound to me like the FUD created by their offshore competitors.
    Also, many of offshore VPN providers are offshore just on paper!
    I’m surprised to see PureVPN labeled as HK based on your website, although they used to claim that they were a Geman company.
    BlackVPN is also claiming that they are HK based but they also have admitted that none of their operatives live there.
    (As far as I can remember now, Cyberghost is the only companay that REALLY moved the whole operations out to a offshore country).
    Anyhow, you seriously think the HK gov will face off against the NSA for them, don’t you?
    IMO, it is pretty ridiculous for you to assume HK based companies are safe from the NSA as Snowden was, although they are NOT nearly as valuable to the HK gov as Snowden is.
    Generally speaking, an offshore company is often dubious, and probably illegal “paper” or “shell” company.
    In fact, if you look at Digital Point forum, in which most offshore VPN providers use to promote the services at startup, you can easily tell most of them are a one person operation(I remember one of them turned out to be one high school kid operation running from his parent’s basement), or are run by a small group of people who have never met but online, and most of them don’t work full-time!
    Also, I’ve seen many offshore companies suddenly cease the operations and dissapear w/o telling anyone and without refunding anyone.
    Even long established offshore VPN prividers like anonX, FindNotand Xerobank did that!
    So, how could you reccomend offshore VPN providers over BBB certified StrongVPN?
    I mean, when you pick one from offshore VPN providers, there are a lot of other things you should be concerned about before you begin to think about the NSA.
    Also, US Intel or LEA will come after you wherever you are.
    If you think I’m wrong, ask Kim.com!
    I’m sure that all VPN providers are 10-ish company at most and none of VPN provider is nearly as rich as Kim is.
    So, I don’t think any VPN providers can afford to face off against US Intel or LEA, especially in order to defend a less than $100/year subscriber, whatever country they are based on.
    Plus, I heard that most of us seem to be misunderstood but actually it would be a lot easier for the NSA to do things which only the Patoriot act could allow them to do to non-US citizens than to US citizens as they don’t need any laws or constitution to follow to do such acts to non-US citizens.
    So, a US based VPN provider like PIA who has a big presence in the US privacy adovacacy comunity(I’m very impressed to learn how much they have spent to donate US privacy adovacacy groups: https://www.eff.org/thanks http://www.internetdefenseleague.org/members https://rally.stopwatching.us/companies.html http://shop.fightforthefuture.org/products/private-internet-access-vpn http://www.internetdeclaration.org/content/additional-signers ), has an ABA-certified company lawyer (http://www.frontrangelegalservices.com/about/our-attorneys/john-arsenault/ I don’t think most of VPN providers have a company lawyer!) and , unlike AirVPN and Witopia, is willing to answer a pre-sales question about legally murky stuff(I mean, I don’t think you have much to worry about from the CIA, FBI, NSA, unless you break a US law and still if you have things to hide from them, less than $100/year is too cheap!) would give a more sense of privacy, security, and safety, IMO.

Leave a Reply

Your email address will not be published. Required fields are marked *