“No Logs” VPN Provider Shared Logs with FBI

Many Virtual Private Network (VPN) providers offer their services while making claims that they do not log traffic, IP addresses, and other user information. Some VPN providers are being honest when they make the claim that they don’t log IP addresses, but others are not being truthful with their customers. In an affidavit released by the Department of Justice, the FBI accused 24 year old Ryan Lin of Massachusetts of committing acts of cyberstalking and online harassment of another 24 year old Massachusetts woman. The affidavit against Lin was submitted to a federal magistrate by FBI Special Agent Jeffrey Williams.

The FBI alleges that Lin used encrypted and spoofed e-mail accounts and services, as well as a variety of anonymization services. Law enforcement officials believe that Lin is responsible for registering and using multiple social media accounts, e-mail accounts, and mobile phone accounts. According to the FBI’s affidavit, the accounts were accessed “by someone using VPNs, TOR, and proxy computers to hide their true IP address.” Lin is said to have extensively utilized a Protonmail account during the alleged cyberstalking and online harassment. Prosecutors even bring up the fact that Lin had publicly talked about anonymization services such as VPNs.

Ironically, the example that the FBI uses to show that Lin was familiar with online anonymization services is a Twitter message in which Lin declares that there is no such thing as a no logs VPN. “There is no such thing as a VPN that doesn’t keep logs. If they can limit your connections or track bandwidth usage, they keep logs,” Lin tweeted from his former Twitter account, @ryanlindev. Lin was replying to a tweet from the VPN service provider IPVanish that stated how the company had “a strict zero log policy” because the company cares about user privacy. While Lin thought there was no such thing as a “no logs” VPN, some VPNs actually do disable the logging of user information.

Law enforcement agents were able to identify Lin after they had obtained logs from the VPN service provider PureVPN. “We do NOT keep any logs that can identify or help in monitoring a user’s activity. You are Invisible – Even We Cannot See What You Do Online,” the privacy policy page of PureVPN boasts. The PureVPN privacy policy page continues, stating, “We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers.” The page then goes on to contradict itself by stating that PureVPN records the connection times, bandwidth use, the user’s real name, e-mail address, and phone number. The privacy policy also states that PureVPN can change the privacy policy at any time.

Lin had extremely sloppy security practices, which led to his downfall. According to logs provided to the FBI by PureVPN, Lin had accessed his own personal email account with Google and the accounts which were being used for the cyberstalking and online harassment from the same IP address. The PureVPN logs showed that Lin had been logging in from his home internet connection, as well as logging in from an internet connection at a software company he had been working. Law enforcement officers were able to determine that Lin had also used a second VPN service provider, WAN Security, which was also used by whoever was committing the acts of cyberstalking and online harassment. Lin had accessed his personal Google email account and registered an Instagram account while using the WAN Security VPN. Lin had even sent an email to his local police department seeking copies of a police report while connected to one of the VPNs he had allegedly used to commit the harassment.

We encourage readers to check out DeepDotWeb’s Best VPN Service Comparison Chart.