When I read the TorrentFreak article on VPN security, most of the big providers say they keep no logs whatsoever.
However, the smaller companies appear to give a more frank and honest answer, going into detail of why they have to keep logs. For example, one provider says if they do not keep logs they will infringe data retention laws and have their servers cut off due to copyright infringement claims.
I ask because I have seen cases of people using the big name VPNs getting letters despite the “no log” claim. How can the big VPNs get away with a no log policy when the others cannot? It seems a big fishy.
General consensus is that the following VPN’s are good: Viking, PIA, NordVPN, Proxy.sh, and AirVPN
But to be honest, you can never be sure. You should always assume you might potentially be being logged. If you need to be truly truly anonymous, that’s what Tor is for.
Edit: also, Mullvad. Forgot about them, but ya highly recommended.
Edit 2: Yes, keep the comments coming. It’s good for potential VPN users to see the dirt and people’s opinions.
If someone (an end user) gets forwarded a DMCA notice (or similar, there are other orders for other nations) then the VPN is logging, or their VPN is misconfigured. The only ways that an end user can be identified is via the company volunteering the information (meaning they log) or if the person issuing the notice can see the real unmasked IP address.
We had to set up a stringent legal framework and our network topology had to be a certain way in order to protect us from DMCA liability, and the liability from forwarding claims to customers via no-log policies. It is still a constant headache for us, as having no logs can make some things extremely difficult.
Your guess is as good as ours. Basically there’s no way to know.
If you’re torrenting “Big Booty Whores 13” then you’re fine.
If you’re doing something so illegal you need to worry about Government intervention then using a commercial VPN wasn’t going to protect you anyway.
I ask because I have seen cases of people using the big name VPNs getting letters despite the “no log” claim. How can the big VPNs get away with a no log policy when the others cannot? It seems a big fishy.
The jurisdiction the company is based in. Also the server used and jurisdiction of it (if VPN provider doesn’t log it doesn’t mean that the data centre they use may not).
A lot of the time the person who gets the DMCA letters didn’t set it up properly or just used a proxy that came with the VPN instead of encrypting all of their traffic with openvpn.
You can’t trust all the providers on the TorrentFreak list as a lot of them are pretty terrible. Some of them say that they log or that they will monitor the server etc.
PIA and AirVPN are my two personal favorite VPN providers. PIA is US based and AirVPN is based out of Italy.
I myself would sign up with one of them. I’ve been with PIA for 3 years and have never got a dmca notice or any kind of warning from them.
About as likely as this question being asked again.
I wouldn’t go with NordVPN, because they censor servers. They block P2P on their US servers (and say they do it by law, yet PIA, AirVPN, Mullvad and a few others all allow P2P on their US servers) it seems that they are just very lazy when it comes to handling DMCA notices. They do allow P2P on their CA servers, but if a provider is willing to block a whole protocol that isn’t even illegal, then i wouldn’t trust them. I just don’t trust Proxy.sh and never will after using wireshark over something as simple as someone harassing a girl. That shit happens every day on YouTube, you don’t see them giving out logs.
I would remove proxy.sh and add mullvad.
As others have pointed out, proxy.sh sold out one of their users and enabled logging to catch them.
Airvpn is based out of Italy, thus being subject to their country’s data retention law, which requires at least a year of logs for most issues.
The jurisdiction doesn’t mean as much as people think. If the VPN provider has openvpn set up to not log and is using shared ips even the data center wouldn’t be able to tell who did what, even if they did log the server. The problem is that most providers actually lot and monitor servers and just say that they don’t to try and steal money from people.
Or they’re just stacking them up over the years and they’ll send out like 10,000 subpoenas at once. How horrible would that be?
Or they just went the lavabit route and demanded their certificates so they can MITM or splice the data off their network and look at it in real time.
At least you frankly admit that this is pure imaginary speculation, unlike most anti-PIA randoms in this sub.
PIA routes p2p traffic to Canada when you are connected to US-servers.
Duh, Mullvad! Just slipped my mind. Edited my post to include it. Although why would you remove Proxy.sh?
That Data retention law is only for ISPs, not for virtual ISPs. So they don’t have to log anything. ISPs in Italy would have to log, but having OpenVPN set up properly with shared ips would make it so that the data center wouldn’t know who did what at what time.
Still always fun making a jurisdictional nightmare for your adversary (be it government or copyright trolls). If you’re in the US (which has strict copyright laws) you use a US server (which most VPN providers discourage or block P2P on US servers so they can maintain good relations with data centres and not have server shut down) from a US VPN provider and they do keep logs it’s easier for them to come after you with a DMCA notice. Meanwhile if you where in the US and use a VPN provider from Malta then utilise a server in Canada even if they kept logs it’s far harder for your adversary to come after you and your privacy becomes better maintained when different jurisdictions have different legal structures. What applies in one jurisdiction may not in an other, a legal notice may not be valid in all those jurisdictions even if it is it requires cooperation of regulators in each involved jurisdiction. So it still makes a difference.
Entirely possible- and most companies almost certainly cave quietly to this sort of tactic, so it’s entirely likely to be very widespread- but doesn’t change the underlying point: the surveillance state can get you, the IP chasers can’t. It’s not worth applying that tool to IP enforcement.
At least not now.
How is being US based a bad thing? People seem to think that, because of the NSA the US is a bad place for a VPN provider now. The US is still one of the best places to base a VPN provider out of, because they have 0 data retention laws. The NSA isn’t going to give a shit about you torrenting a movie or anything you might do as long as you aren’t looking up how to build bombs and looking for materials to build them or looking to buy a bunch of military weapons.
PIA has proven over and over again that they care about peoples privacy and have said in the past that they would shut down and move if they were asked to log or give up personal information from the US government or any of their agencies.
Every country in the world spies on their people, the US just happen to have someone leak that they do this, but using shared ips and not logging with the amount of users that PIA has makes their network one of the strongest out there, but there is a good chance that thousands of people are using the same ip as you at any time, making it almost impossible for the data to be traced back to you, if PIA is indeed not logging servers. PIA has been around for a while and someone did post a request for data from a judge or something on here last year asking PIA for personal data of a user and they just put that they don’t keep any logs so they don’t have any of the users information to give up. If they were keeping logs and handing it over, they would have been outed years ago, because of how many users use them. They are one of the biggest VPN providers in the world.