Example blog

Will VPNs be forced to log your traffic?


The heat is on and VPNs are feeling the pressure. More and more governments are cracking down on online anonymity on the one hand, while Hollywood is doing all it can to crack down on piracy. As a result, something unthinkable may become a reality: VPNs that are forced to log traffic. Is this fear realistic or is it just an instinctive panic reaction?

The way a virtual private network works is that it redirects and secures your connection, making it much harder for you to track. However, VPNs are not bulletproof and there is a weak link in this process, and that is their logs. In this case, the logs are a record of who connected to the VPN’s servers and when, as well as a full list of all sites visited and other activity.

Logs would make it very easy for you to track, which is why VPNs pledge not to keep them and are so-called no-log VPNs. As you can imagine, though, the practice of not keeping logs is a thorn in the eye for a number of people and institutions, not the least of which is law enforcement, which would be very much like everybody to be trackable.

Though part of their reasoning, especially in repressive countries like China, may be to keep an eye on what people are up to, in most cases the reasons are a little more prosaic: criminals use VPNs to hide what they’re doing. If there were no VPNs, the police could probably solve cybercrimes much more easily.

The relationship between VPNs and law enforcement is tricky: on the one hand, as companies that promise privacy, they don’t want to share anything with the police. On the other hand, however, like anyone else, they must cooperate with any valid warrants sent to them. It is their legal obligation.

For example, Switzerland-based Proton, the company behind ProtonMail and ProtonVPN, was forced to cooperate with the apprehension of a climate activist when Swiss authorities were asked to execute a French warrant. Although the company tried to challenge the order, the judge ruled against the company and the man was arrested, thanks in part to information provided by ProtonVPN.

However, not all VPN services fight for you equally: for example, PureVPN helped the FBI catch a cyberstalker in 2017 without any warrant pressure. A year earlier, IPVanish provided Homeland Security with another US resident’s logs without batting an eyelid, though it’s worth noting that the company has changed hands since then.

Of course, if you want information about a VPN user, as a cop or lawmaker, you probably don’t want to rely on warrants and goodwill alone. Until recently, the only countries that actively wanted VPNs to log users are repressive places like Russia, China, and other countries where VPNs are borderline illegal.

However, right now, at least one democracy is considering cracking down on VPNs: India. From the end of June 2022, VPNs will have to register and log in users. However, it remains to be seen how effective the law will be as there are many legal issues with its implementation as well as legal challenges to fight, but it is alarming nonetheless. If the new Indian law is successful, there is no doubt that other countries will follow.

Not just cops: VPNs and torrents

In the West, right now, it’s not legislation that can spell the end of VPN privacy: rather, it’s lawsuits. In a bid to crack down on the piracy of their movies, Hollywood has taken VPN providers to court several times. It’s lost all the major lawsuits against major VPN providers so far, but it’s won a number of small victories that may be unsettling signs of things to come.

For example, LiquidVPN, an up-and-coming small provider, was sued for marketing it as a great way to pirate movies and TV shows. The case ended with a $10 million judgment against LiquidVPN and the service was shut down entirely as a result.

LiquidVPN’s case isn’t the only example of Goliath pulverizing David. The same group behind this lawsuit also took on TorGuard, a small independent VPN based in Orlando, Florida. Unsurprisingly, TorGuard couldn’t keep up with that kind of forensic firepower and caved. It will now block all torrent traffic on its US-based servers, which the company confirmed in an email.

The same thing happened to another small provider, VPN Unlimited (part of KeepSolid), which now also blocks all torrent traffic on its US servers. It also prohibits users in the United States from torrenting through the blocks implemented in its protocols, according to company spokeswoman Liza Shambra.

Keep logs?

More disturbing, however, is a similar case where the judge ordered VPN.ht—a really small provider, not only to block torrent traffic, but also to keep logs on its US servers. In a way, this is the most terrifying of the three cases we have discussed as this is the one that really attacks not just what you can do with a VPN—bad enough in itself—but will also attack users’ privacy.

As with all landmark decisions, it remains to be seen if this judgment is just a blip or if we stand at the top of a slippery slope and slowly begin our descent. Regardless of how things turn out, one thing is certain: we will never again take the privacy that VPNs give us for granted.

Source link