EarthVPN, PureVPN and HideMyAss immediately come to mind; all of whom should have added that they are only zero logs companies if the authorities don’t come knocking. But surely IPVanish is not like any of these. It is an incredibly reliable and well-known VPN provider with many famous YouTubers endorsing it online. It, therefore, came as a big surprise when news broke that it had released Logs concerning one of its users to Homeland Security leading to a search warrant being issued to raid a certain Mr.Vincent Gevirtz’s residence.
THE HEART OF THE MATTER
Connecting to a VPN is supposed to encrypt your connection to the internet. The basic meaning of encryption is it to conceal your data be it by changing it into codes or any other representation that a third party cannot decipher. And even though every VPN is successful at this to a degree, some connection information can be used to determine the services and requests that are coming from an IP address. This information also includes the time stamps for these requests and one can immediately see that when logs of these are kept, the very purpose of a VPN is annulled.
Back in 2016, Homelands Security (HSI) issued a Summons to Highwinds Network Group (then parent company of IPVanish), requesting for the details of a user they believed was patronizing their services. In a prompt response, IPVanish made it clear that they have not and do not keep any usage information and “therefore, we do not have any information regarding the referenced IP.”
Till date, no one knows what the HSI had on the company but when they contacted IPVanish again, Highwinds suggested that Homeland submit a second summons on the same issue. This they did and in two weeks, IPVanish gave them everything they had asked for – the user’s name, email address and all the details of his subscription.
Apparently, the suspect (Gevirtz) was using the network to share pornographic images involving underage girls and had posted three links after having a chat with Scott Sikes who was undercover for Homeland. With the information acquired from IPVanish, the evidence was enough to mount a legal assault on him.
By no means do we mean to condone the actions of Mr. Gevirtz. He deserves the punishment that will be given him if found guilty and it is for the good of the population that such infringements are brought to book. It is however not in the place of companies like IPVanish to breach the trust of its users even for the worthiest of causes.
The backlash after the incident was severe and IPVanish has since been acquired by a new company. Problem solved? Not quite. It has come to light that the new company, StackPath did not only acquire IPVanish but its parent company as well. With Highwinds still around, questions are still being asked if the logging has truly stopped.
In a Reddit thread where the motives of the new owners were questioned, someone with the username ‘lavosby’ and claiming to be the CEO of IPVanish gave the following reply:
“We don’t typically jump into Reddit or other forums but this topic is too important to me. I’m the CEO of StackPath and we acquired IPVanish in February 2017 (more than a year after the lawsuit from 2016). With no exception IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. Most important, StackPath will defend the privacy of our users regardless of who demands otherwise. I can’t speak to what happened on someone else’s watch but Technology is my life and I’ve spent my career helping customers build on and use the cloud on their terms. StackPath takes that even further—security is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals’ rights to privacy, especially our customers.”
The company was later approached by TechRadar to answer a few questions.
Asked if there were any further information that was not yet in the public domain about what happened in 2016, the VP of StackPath, Jeremy Palmer stated that as the issue happened before they acquired Highwinds, there was nothing more he could add to it. He then went on to stress that there was “no records of any logs being stored” during the due diligence and independent audit they carried out prior to acquisition.
According to him, under StackPath, any request or court order will meet the same answer:” … that we have no information to provide, which is absolutely true.”
He also claimed that the Highwinds engineering team were not part of the acquisition and that the new team have made sure that no one can read the data passing through the IPVanish network, not even them.
The allegations have certainly hit a nerve and with good reason. For a VPN company, the smallest hint of dishonesty may see you overlooked for a competitor. If the users want privacy, hence opting for a paid VPN service, then absolute privacy is what they should get. There should also be a way to verify a provider’s claim of zero-logging; we should have to wait for a showdown with the government before we can know who to truly trust.