IPVanish “No-Logging” VPN Led Homeland Security to Comcast User

[steven36]

IPVanish, a VPN provider that for years claimed a strict no-logging policy, led Homeland Security to a suspect using a Comcast IP address, court papers filed in 2016 reveal. StackPath, the new operator of IPVanish, informs TorrentFreak that they won't speak on behalf of the former team who have long since left the company. Assurances of security have been promised for the future, however.

 

 

On May 4, 2016, Scott Sikes, a Special Agent with the Department of Homeland Security, was engaged in a child abuse investigation.

 

Acting undercover, Sikes was monitoring a channel on Internet Relay Chat (IRC) when a suspect posted a link. When Sikes opened it he discovered an image of child pornography.

 

Sikes struck up a one-on-one chat session with the suspect who subsequently posted three more links, each containing the same kind of material. It was later discovered that the suspect had posted 17 other links leading to similar abuse imagery.

 

Having captured the suspect’s IP address (209.197.26.72), Sikes traced it back to Highwinds Network Group, a cloud storage, CDN, and colocation company that is perhaps best known among file-sharers for its massive Usenet-related business.

 

Homeland Security followed up by issuing a Summons for Records on Highwinds, demanding that it hand over the details of the user behind that IP address at the times the IRC user posted the links.

 

Although not directly mentioned by name in court documents, at the time Highwinds owned the VPN provider IPVanish, a company that has repeatedly claimed to carry zero logs relating to its customers’ activities. It appears that the suspect tracked by Homeland Security was an IPVanish customer but any hope he would remain anonymous was soon dismissed.

 

On May 26, Highwinds responded to the summons, confirming that the IP address belonged to its VPN service. Initially, the company told HSI that to protect customer data, “we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

 

However, after Sikes contacted Highwinds again, the company suggested that HSI submit a second summons requesting more detailed subscriber information.

 

On June 9, 2016, HSI served a second summons on Highwinds, requesting “any data associated with IRC traffic using IP 209.197.27.72, port 6667.” On June 21, Highwinds came up with the goods.

 

In a response to HSI, Highwinds provided information which allowed HSI to identify the suspect connecting to the VPN server, connecting to the IRC server, and then disconnecting from the VPN server. Highwinds also handed over the suspect’s name (Vincent Gevirtz), his email address, plus details of his VPN subscription.

 

Also made available to HSI was Gevirtz’s real IP address (Comcast 50.178.206.161) “as well as dates and times [he] connected to, and disconnected from, the IRC network,” times which coincided with the activity being investigated by HSI.

 

HSI then issued a summons on Comcast, requesting customer information on the IP address in question. Comcast responded three days later with a slightly different name – Julian Gevirtz – plus an address in Indiana. Vincent Gevirtz was subsequently found at that address with his parents and later admitted to the conduct carried out in the IRC channel. He further admitted to having shared images of abuse online for at least seven years.

 

While there will be few people disappointed that Gevirtz was tracked down by HSI, there was considerable uproar yesterday when the court documents were posted to the /r/piracy discussion page on Reddit.

IPVanish has always been extremely vocal about its no-logging policies but the court documents in the Gevirtz case appear to show that the company logged extensively, apparently down to what services were accessed and when.

 

So, with this apparent contradiction in hand, TF contacted StackPath, the company that bought Highwinds and therefore IPVanish back in 2017. How can its “zero logs” policy exist alongside the handing over of so much information?

 

“We are glad you asked. That lawsuit was from 2016 – long before StackPath acquired IPVanish in 2017,” said Jeremy Palmer, Vice President, Product & Marketing.

 

“IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. I can’t speak to what happened on someone else’s watch, and that management team is long gone. But know this – in addition to not logging, StackPath will defend the privacy of our users, regardless of who demands otherwise.”

 

It’s pretty clear from this statement that StackPath doesn’t want to get into what went before and at least to a degree, that’s understandable. That being said, these things must have some kind of paper trail – logs if you like – that document what went on and who was responsible. So we asked again, this time tacking on some more questions to try and nail things down.

 

We began by asking about the general logging policies of IPVanish before StackPath took over. Clearly, if the old policy was to log (as the court papers suggest), at some point StackPath must’ve seen those policies and realized they were incompatible with their new approach to privacy. If that was the case, what were the old policies and when were they revised to StackPath standards?

 

“I can’t speak on behalf of the former executive or legal team (involved in this issue) as they are no longer part of Highwinds Network Group, and haven’t been since the acquisition,” Palmer reiterated.

 

“It’s impossible for me to speculate or comment about what may have happened under different ownership/management. We don’t keep VPN logs [now]. We value our customer’s privacy above everything else.”

 

The problem here is that at least as far as the IPVanish privacy statements go, the old policies are exactly the same as the new ones – no logs. Clearly, something has to give. At this point, Palmer provided us with a statement from StackPath CEO Lance Crosby.

 

Crosby is an industry heavyweight, there is little doubt about that. Founder, CEO and Chairman of Softlayer until its sale to IBM in 2013, Crosby was also former COO of ThePlanet. He doesn’t offer any clear proof but says that the HSI case could’ve been a one-off.

 

“At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/future intent to save logs existed,” Crosby says.

 

“The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level. Your privacy is paramount and we will fight any persons or government agencies seeking to infringe upon such.

 

“I can’t speak to what happened on someone else’s watch but Technology is my life and I’ve spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further — security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals’ rights to privacy, especially our customers,” he concludes.

 

While having Crosby’s word on a no-logging future carries weight, we are sadly no closer to finding out what happened back in 2016. There is no mention in the court documents of the one-time logging scenario outlined above although that is certainly possible. The big question of whether it could happen again is up for debate.

 

Moving forward, IPVanish says it is committed to its ‘no-logging’ policy and says that the difference today is a “completely different management team” and a CEO who is “a strong privacy advocate” who “built StackPath on this foundation.”

 

IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

 

Source

 

 

[tao]

46 minutes ago, steven36 said:

IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users.

Power is power!  

What can powerless do?

Power has always been sought since the beginning of humanity.

That's why there is always a fight to become and remain a Super-Power.

[steven36]

IPVanish is over advertised trash that they pay blogs that post unofficial kodi addons and vpn review sites and ad revenue for posting there spam . It's like any other product  that gets a lot of PR it brainwashes the masses into thinking its good when it's  not kind of like how  Facebook got all there users they even made a movie about that site .

[tao]

59 minutes ago, steven36 said:

IPVanish is over advertised trash

Gee, @steven36:  Leave them a little rope.  

 

Note added after the unnecessary, unwanted, unwarranted, and puzzling reaction: 

"Just give them a little rope" is an idiom.  It's not a command. 

 

Thank you.

[steven36]

People in the Kodi community flags them as spam . They pay blogs to promote there vpn  blah blah blah, you need  to buy IPVanish  to stream kodi safely . Witch it's fiction  there has never been one case of them ever taking anyone to court from streaming from filelockers . It's noting but a civil matter in the USA and they only go after the site owners witch is hardly ever. .

[steven36]

18 minutes ago, sva said:

Gee, @steven36:  Leave them a little rope.  

Why dont you leave me alone ? I  was not even talking to you, stop trying to tell people what to do! Youre nothing but a pest that follows me around and quotes me it's harassment!

[tao]

3 minutes ago, steven36 said:

Youre nothing but a pest that follows me around and quotes me it's harassment!

The day you stop badmouthing so much will be the day. 

[steven36]

1 minute ago, sva said:

The day you stop badmouthing so much will be the day. 

If you dont have nothing to add to the topic get lost .  You're not a mod and now you are personal attacking me . If i'm not attacking you or breaking no rules it's none of you're business what i do.

[tao]

1 minute ago, steven36 said:

it's none of you're business what i do

and it's none of you're business what i do

2 minutes ago, steven36 said:

get lost

show me the way. after all you call me a follower.

 

People who complain unnecessarily may receive some blow-back.  No use complaining. 

 

[Note: Making a comment on the post is not harassment. It's not against any rules. Is it?]

[steven36]

17 minutes ago, sva said:

and it's none of you're business what i do

show me the way. after all you call me a follower.

 

People who complain unnecessarily may receive some blow-back.  No use complaining. 

 

[Note: Making a comment on the post is not harassment. It's not against any rules. Is it?]

You come up in the this topic to try to get something started with me is all.  If you dont like something i say there is  a report button up there . If the mods finds something I say offensive they will remove it . Stop spamming the site,  i done told you before when you use to comment with poems instead of you're own words  . It's OK to debate the post but it's never OK to debate the poster and so far you had nothing to add but power is power witch dont add nothing too the topic really because you dont even elaborate,  the rest was debating the poster in the topic but not the topic itself.

 

To me you're not worth wasting my time writing out a report on  and i'm not going to ruin  my day in chat with the staff over someone trying  dictate what i say . I will just say what i feel like and if you dont like it  tough . I could care less what you say as long as you're not  harassing me , you're the one with a problem no one was talking to you i was on topic.

[tao]

16 minutes ago, steven36 said:

If you dont like something i say there is  a report button up there . If the mods finds something I say offensive they will remove it

Do the same buddy.

16 minutes ago, steven36 said:

power is power

Let me elucidate, i.e., explain or clarify.

 

Power is power means that the government has tremendous power as far making VPN providers give them data about a wanted user. What could IPVanish do?  Not all companies have billions of dollars to go to courts against the government.

 

If it was not clear, I hope it's now. Even with my poems -- in the past -- my aim was to help -- not hurt.  And, the medium of poetry is one of the best in expressing what may not be available to prose.

 

If the aim is to understand, and there is no presumption that "another is posting just to attack me", and if there is a willingness to ask for clarification if one didn't understand the response, believe you me, such misunderstandings will be behind us.  Otherwise, quoting rules, moderators, administrators, guidelines, reporting-a-post a billion times will not solve a thing. 

 

Cheers! 

[steven36]

17 minutes ago, sva said:

Do the same buddy.

Let me elucidate, i.e., explain or clarify.

 

Power is power means that the government has tremendous power as far making VPN providers give them data about a wanted user. What could IPVanish do?  Not all companies have billions of dollars to go to courts against the government.

 

 

 

Cheers! 

Well if the Government has such powers you say they do, witch there only been known of a few vpns ever doing this in the  history of the internet,  they should not false advertise that they can offer a service that dont log. What they can do is be honest and transparent  and watch no one buy there vpn when they find out the truth . 

 

It's like hidemyass  made the same false claims they did  and they  help put a hacker in prison it was also over advertised trash in 2011 like IPVanish is today they sure have plenty of money to pay bloogers and youtubers to monetize there vpn.  

[Rainmaker]

Back on topic, hopefully...

 In my opinion, anyone who tells you they don't keep any logs is lying.

 

\\ R

[steven36]

37 minutes ago, Rainmaker said:

Back on topic, hopefully...

 In my opinion, anyone who tells you they don't keep any logs is lying.

 

\\ R

If a vpn has never had any cases where they have provided logs.. There is no reason to call them a lair tell proved otherwise . The proof is in the pudding if they practice what they preach because  what is said in court is a matter of public record .

 

You take  IPVanish just going to there website ought to tell you they don't practice what they preach  there website is full of 3rd party trackers that mine you're data.

Quote

- Several Google domains
- Cloudflare
- zdassets
- qualys
- zendesk
- zopim

 That's the reason i never bought Cyberghost they started using 3rd party CDNs in there VPN like Cloudflare witch do keep logs for awhile. I been using a vpn since 2011 and never had any problem but i dont use vpns to commit felonies  but hackers use vpns everyday that do and  there is only a handful of cases ever made the news about vpns helping out the law. Most hakers get caught due to poor cybersec.

[Rainmaker]

There might be sites that actually don't keep logs, but I don't trust any of them.

 

\\ R

[steven36]

1 hour ago, Rainmaker said:

There might be sites that actually don't keep logs, but I don't trust any of them.

 

\\ R

That's the best way to be  .. But really is best to not do nothing to begin that would get the Feds after you and it would not be a problem . VPNs do protect you from BitTorrent  trolls  from sending you're ISP the info they need to send you a warning ..Also they  prevent you're ISP from being able to throttle you, or they can bypass high latency from a server being to far away, also they can bypass geo restriction as long as they dont blacklist you're vpn ip yet, i have 2 vpns even lol, so if they block one i just use the other one.

 

If you done something were the law had to get info from a vpn,  if  you was not using a vpn there is a 100% chance they could prove it came from you're ip . If you do nothing to protect  you're privacy you will have no privacy that's for sure . Don't let the fear of the unknown make it easier on big tech to track you down because the Government is not why i use a vpn  no way .  I downloaded and  shared from 2001-2011 without a vpn. Using big tech's services is how they track most users down even if they used a vpn,  they messed up and didn't use a vpn when emailing and things . Something had to tip the law off to began with that they was using such and such vpn because they could be 100s of users on one ip.

 

PIA   has been tested in court and  they would not hand logs over .

 

VPN Provider’s No-Logging Claims Tested in FBI Case

https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/

 

They proved they practice what they preach, tell they have been tested in court of law  you never know .  

 

Here is info on a 100+ VPNs logging polices  in all the cases  before that  were some vpns helped the law if you read the fine print  these vpns  all keep some logs so there was no false advertising .

https://thebestvpn.com/118-vpns-logging-policy/

 

What makes this case so bad IPVanish got caught flat out lying this has never happened before .

Quote

 

IPVanish

Strict no logging

Statement from their website: “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.”

 

 

 

[straycat19]

If you want a VPN who won't give your data to law enforcement then you better run your own, because they may say they don't keep logs but they do and even if they didn't they can provide your IP any time you are actively on line at the request of law enforcement.  Big brother is always watching and people are always willing to help, just like one of the developers of TOR gave the FBI information so they could track TOR users several years ago.

[steven36]

1 hour ago, straycat19 said:

If you want a VPN who won't give your data to law enforcement then you better run your own

how could this be so ? that would be a dead giveaway  because  the vpn  servers would be in you're name on a dedicated ip . The ip would come back registered to you . Were if you buy some vpn trough bitcoin they dont ask for a name and they could be 100s of people on any given ip at once. Smart hackers dont use vpns at home to commit crimes no way  they go to some internet cafe  or hijack someone else wifi and use a vpn + the Tor browser. And most of the time they not be on Windows ether.So any exploits wrote for windows the FBI has made wont work, Only dumb hackers use them at home  were most likely  you may need to pay bills are do emails with you're real ip .

Quote

 AdmiralAsshat on May 26, 2017 [-]

The problem with a home-grown VPN is that you lose some of the plausible deniability that's gained from a shared VPN. If you have a VPN connected to a privately-owned AWS instance, the IP coming from that AWS instance is easily traced back to you. Whereas if your external IP is coming from a cluster that is shared by thousands of other people using that VPN, it is more difficult for someone to tie that specifically back to you

Quote

 

 masmullin on May 26, 2017

> AWS instance is easily traced back to you.

Define "easily" as used in this context. Easy is a product of whom your enemy is.

Is your enemy your ISP? If that's the case, I don't think it's "easy" for them; they would have to pay Digital Ocean or Amazon to get your data, and probably isn't really that valuable to them.

Is your enemy the MPAA? If that's the case, I still don't think it's particularly "easy" for them. Unless you are a MAJOR pirate distributor, the extra effort(money) to track you down isn't worth it.

Is your enemy the NSA or the FBI? If that's the case, then yes, it's trivially easy for them to Subpoena digital ocean or amazon to get your data.

 

 

To escape Big Brother using you're own vpn would not be worth a hill of beans . Only reason I would see you would want to use you're own if you was some company that was using a vpn for legit means to secure data transfers or if you wanted to bypass geo restrictions to  stream TV or netfilx from overseas.    Witch i can get around most geo restrictions  with a paid vpn anyways it just depends on you're vpn provider some even give you dedicated ips for streaming and you can switch to non dedicated ips for other stuff.

 

[EternalPurple]

21 hours ago, steven36 said:

how could this be so ? that would be a dead giveaway  because  the vpn  servers would be in you're name on a dedicated ip . The ip would come back registered to you . Were if you buy some vpn trough bitcoin they dont ask for a name and they could be 100s of people on any given ip at once. Smart hackers dont use vpns at home to commit crimes no way  they go to some internet cafe  or hijack someone else wifi and use a vpn + the Tor browser. And most of the time they not be on Windows ether.So any exploits wrote for windows the FBI has made wont work, Only dumb hackers use them at home  were most likely  you may need to pay bills are do emails with you're real ip .

 

To escape Big Brother using you're own vpn would not be worth a hill of beans . Only reason I would see you would want to use you're own if you was some company that was using a vpn for legit means to secure data transfers or if you wanted to bypass geo restrictions to  stream TV or netfilx from overseas.    Witch i can get around most geo restrictions  with a paid vpn anyways it just depends on you're vpn provider some even give you dedicated ips for streaming and you can switch to non dedicated ips for other stuff.

 

 

I agree. I thought about running my own VPN, but it isn't really an option. For myself I trust NordVPN because there weren't any scandals, they say that they keep no logs and they are outside the 14 eyes jurisdiction (IPVanish was based in the US soooo..... I wouldn't trust anyone based in the US or such). For streaming and torrenting, it is more than enough and I personally trust them. But to each their own I guess...

[steven36]

36 minutes ago, EternalPurple said:

 

I agree. I thought about running my own VPN, but it isn't really an option. For myself I trust NordVPN because there weren't any scandals, they say that they keep no logs and they are outside the 14 eyes jurisdiction (IPVanish was based in the US soooo..... I wouldn't trust anyone based in the US or such). For streaming and torrenting, it is more than enough and I personally trust them. But to each their own I guess...

Tell Nord  has been proved  different i give them  the benefit of the doubt  even though i have this  VPN  for  1 and 1/2 years left and  there are some things i dont like about it, it's really heavily advertised  they even have TV commercials for it and there windows software  has always been buggy and my friend complain about not being able to get updates to  work on windows 10  and still they not fix it  and they stuck using a old version of the software witch is not good. So they have shitty costumer support.. Also there is no client for Linux so when i use it  i just use it with the  open vpn software client . I only use it when something may be blocked on my other vpn  because my other vpn it has a good client for Linux and windows. This  the 2nd time i had Nord  i had it back a few years ago once before . Linux plays nice using 2 vpns like this and most of the time Windows don't uless you set it up with VM so i only have Nord on my Linux installs.

[DKT27]

Relax guys. Keep it constructive here.