Using a VPN offers many advantages, but one of the most important is that it can greatly improve your online privacy. The problem, however, is that your VPN provider can always monitor what you get up to on the internet, and will always know your true IP address. This is why I am always careful to make clear that using a VPN provides privacy, but not anonymity. Many good VPN services go to great lengths to address this issue, using methods such keeping no logs and using shared IPs to greatly improve their customer’s privacy. Hide My Ass (HMA), however, as the recent arrest of one its customer’s amply demonstrates, is not one of these.
In Galveston County, Texas, disgraced judge Chris Dupuy has been arrested and forced out of office for harassing an ex-girlfriend, and another woman he was once interested in. He placed fake adverts featuring the women in the Escorts section of the Backstage.com website, complete with photos.
“The ads featured the women’s photos, and made clear that at least one of them was “VERY FETISH FRIENDLY. To add insult to injury, the women weren’t even portrayed as high-class: The “sexy nurse” charged a mere $70 per half hour.”
It goes without saying that this is a despicable thing to do, but it is the method by which Dupuy was caught that I find interesting,
“Hardcastle [a Harris County Sheriff’s investigator] explained that he had worked backwards from the ads to trace masked IP addresses in Venezuela, Colombia and Germany. The sophisticated software allowing the user to conceal his location had a decidedly unsophisticated name: hidemyass.com.”
Notice the words “sophisticated software”. This means that Dupuy was not using the free HMA web proxy, but had a paid account and was using the HMA VPN client. The fact that HMA’s Venezuela and Colombia servers are only available to paid users clinches the evidence.
Not the fist time Hide My Ass has done this!
No further details are available, but it seems clear that Hide My Ass is back to its old tricks. In 2011 the UK-based company handed over internet records and personal details of one of its customers, Cody Kretsinger, to the police. Kretsinger was a LulzSec member accused of hacking the Sony Pictures website, and received a prison sentence for his involvement in the crime.
Hide my Ass is a UK company, and is therefore required to keep extensive connection (metadata) logs,
“When you use our VPN service the only data we collect is as follows:
- a time stamp when you connect and disconnect to our VPN service;
- the amount data transmitted (upload and download) during your session;
- the IP address used by you to connect to our VPN; and
- the IP address of the individual VPN server used by you.”
This is a problem that is only likely to get worse when the upcoming Investigatory Powers Bill, aka the “Snoopers Charter”, comes to force. Referring to the “LulzSec Fiasco”, Hide My Ass later released the following statement,
“Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription service to a VPN service you are free to break the law without any consequences.”
Fortunately, other VPN providers care a great deal more about protecting their users’ privacy. Please do not get me wrong – I do not condone the actions of criminals (and those of ex-Judge Dupuy are particularly nasty), but I am also a passionate believer in the right of ordinary people to privacy.
This is because privacy is a pre-requisite to freedom of thought and freedom of expression – the cornerstones of a free society. When people feel they cannot openly discuss topics, and that their every conversation is being recorded and passed on to the government, a “chilling effect” occurs on free speech.
Hide My Ass is therefore a service to be avoided by privacy lovers at all costs. For a list of services that do go to great lengths to protect their users’ privacy, plus a discussion on how they achieve this, please check out 5 Best Logless VPNs.