NEWS

Hide My Ass User Arrested

Using a VPN offers many advantages, but one of the most important is that it can greatly improve your online privacy. The problem, however, is that your VPN provider can always monitor what you get up to on the internet, and will always know your true IP address. This is why I am always careful to make clear that using a VPN provides privacy, but not anonymity. Many good VPN services go to great lengths to address this issue, using methods such keeping no logs and using shared IPs to greatly improve their customer’s privacy. Hide My Ass (HMA), however, as the recent arrest of one its customer’s amply demonstrates, is not one of these.

In Galveston County, Texas, disgraced judge Chris Dupuy has been arrested and forced out of office for harassing an ex-girlfriend, and another woman he was once interested in. He placed fake adverts featuring the women in the Escorts section of the Backstage.com website, complete with photos.

“The ads featured the women’s photos, and made clear that at least one of them was “VERY FETISH FRIENDLY. To add insult to injury, the women weren’t even portrayed as high-class: The “sexy nurse” charged a mere $70 per half hour.

It goes without saying that this is a despicable thing to do, but it is the method by which Dupuy was caught that I find interesting,

Hardcastle [a Harris County Sheriff’s investigator] explained that he had worked backwards from the ads to trace masked IP addresses in Venezuela, Colombia and Germany. The sophisticated software allowing the user to conceal his location had a decidedly unsophisticated name: hidemyass.com.

Notice the words “sophisticated software”. This means that Dupuy was not using the free HMA web proxy, but had a paid account and was using the HMA VPN client.  The fact that HMA’s Venezuela and Colombia servers are only available to paid users clinches the evidence.

Not the fist time Hide My Ass has done this!

No further details are available, but it seems clear that Hide My Ass is back to its old tricks.  In 2011 the UK-based company handed over internet records and personal details of one of its customers, Cody Kretsinger, to the police. Kretsinger was a LulzSec member accused of hacking the Sony Pictures website, and received a prison sentence for his involvement in the crime.

Hide my Ass is a UK company, and is therefore required to keep extensive connection (metadata) logs,

When you use our VPN service the only data we collect is as follows:

  • a time stamp when you connect and disconnect to our VPN service;
  • the amount data transmitted (upload and download) during your session;
  • the IP address used by you to connect to our VPN; and
  • the IP address of the individual VPN server used by you.

This is a problem that is only likely to get worse when the upcoming Investigatory Powers Bill, aka the “Snoopers Charter”, comes to force. Referring to the “LulzSec Fiasco”, Hide My Ass later released the following statement,

Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription service to a VPN service you are free to break the law without any consequences.

Fortunately, other VPN providers care a great deal more about protecting their users’ privacy. Please do not get me wrong – I do not condone the actions of criminals (and those of ex-Judge Dupuy are particularly nasty), but I am also a passionate believer in the right of ordinary people to privacy.

This is because privacy is a pre-requisite to freedom of thought and freedom of expression – the cornerstones of a free society. When people feel they cannot openly discuss topics, and that their every conversation is being recorded and passed on to the government, a “chilling effect” occurs on free speech.

Hide My Ass is therefore a service to be avoided by privacy lovers at all costs. For a list of services that do go to great lengths to protect their users’ privacy, plus a discussion on how they achieve this, please check out 5 Best Logless VPNs.


Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

More

7 responses to “Hide My Ass User Arrested

  1. Thanks for highlighting the “not so good” VPN providers in this article. Whilst I am only interested in the 1st world problem of accessing my wife’s favourite US Netflix TV shows and don’t think I am at risk of being pursued by NSA (or equivalent local authorities) I do appreciate the information that there are different levels of VPN “privacy”. I also followed your link to “5 Best logless VPN’s” and read both it and the comments.

    In the comments you replied to a query about Nord being ranked #1 on this list when users had their IP addresses leaked?

    You admitted it was an old article (from 2013?) and you had been meaning to update it …. and yet here it is being referenced as a source of recommendation in this current (April 2016) article?

    Why continue to reference the article when you know it is outdated and inaccurate?

    My suggestion is to either update the article or remove the link to ensure your readers are getting the most accurate information on this subject.

    Cheers

    1. Hi Storm1700,

      The actual order of our “5 Best” lists is a group decision, and final say rests with the management. The fact that NordVPN is based in Panama persuaded the rest of the BestVPN team to keep NordVPN in top place. I personally do not think NordVPN should have the number 1 spot, mainly because it can be very slow and it simply does not pay attention to the the details of privacy in the way that AirVPN and BolehVPN do. That said, it is a good service with a good regard for privacy. The issues that our reader had with leaked IPs could be for a number of reasons that are not directly related to NordVPN, (please see A Complete Guide to IP Leaks). A bigger issue, IMO, is that NordVPN sends users’ passwords via plaintext email. This can (and should!) be changed in the website’s user account area, but is nevertheless very bad form.

    1. Hi Guy,

      I don’t think it needs it. A simple court order is sufficient to require that a communications provider hand over any information it has.

Leave a Reply

Your email address will not be published. Required fields are marked *