In an unusual move, and one which has divided opinion among the VPN community, VPN provider Proxy.sh on Saturday announced that it would install a traffic sniffer in order to catch or deter ‘hacking activities’,
“We are unfortunate to announce that there have been abuse complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. If you are the hacker, please stop your activities and leave our network. You are not welcome here. Our heaven is reserved to those who are not harmful to other human beings. If you do not leave, we will find you and report your activities to NGO and press officers,” Proxy.sh continued. For all others, the heaven is still safe for you, dear ones. We will completely remove Wireshark after 7 days and restart the node so that everything is erased (RAM-switch). All other nodes are left unaffected by these actions.”
Although many, including TorrentFreak who said that Proxy.sh had ‘quite amazingly shot itself in the foot’, have been quick to condemn this action, others have been more understanding, and a debate has opened up on where the limits of humans who run a VPN service ethics lie, in the face of potential human right abuses that may be shielded by their service.
In the event, the wiretap was removed after about a day, after the situation appears to have been resolved. Proxy.sh have clarified things somewhat in the following statement,
“We received a very emotional message from a family about someone harassing one of their members. We wanted to identify the person and have him sorted out in a peaceful way. Fortunately, shortly after we posted our announcement, he came to us to apologize and now everything is sorted out. We have of course removed Wireshark from U.S. Illinois 1 and we will always keep you updated when we need to monitor one of our nodes either for maintenance or some internal affairs such as this one. We are happy to seriously protect anyone who is not harmful to other human beings.”
Proxy.sh have until this incident enjoyed a good reputation and growing popularly thanks to its robust no logs policy, low pricing, the fact that it has been known to close down nodes rather than submit to compromising government pressure, but this news will likely put many customers off.
Supporters however point to the fact that Proxy.sh was transparent in its actions by clearly announcing its intentions, that it removed the Wireshark monitor as soon as the issue had been resolved, and that it was not the authorities that Proxy.sh threatened to involve, but NGOs (Non-Governmental Organizations) and ‘press officers’.
While a dedication to privacy is itself an ethical position, so is preventing harm to others (and in fact many ethical individuals are likely to be dedicated to both these principles). Which begs the question, where should a VPN provider stand when presented with evidence of their service being used to cover human rights abuses (such as propagation of child pornography)?