VPN privacy policies decoded: StrongVPN

Privacy & Security Posted on June 14, 2013

VPN privacy policies decoded: StrongVPN

This post is part of a series reviewing the privacy policies of popular VPN services. The aim is to find out whether the VPN takes customer privacy seriously. This is not intended as a review of a VPN service, which would need to take into account a number of other factors. For more privacy guides and our criteria for reviewing them, click here.

StrongVPN is one of the bigger VPN services on the market. It’s based in the US and has servers across Europe and Asia. But how does its privacy policy stack-up?

Logging practices

When it comes to logging data StrongVPN follows a similar policy to Hide My Ass and records the following:

“1.time, date and location vpn connection was made 2. duration of the vpn connection 3. bandwidth used during the connection”

StrongVPN says it does not monitor the websites you visit or the files you download “in normal course of duties”. But it states that “if there’s a violation” it will use its logs “to determine which account is in violation.”

“After lengthy analysis of this data, we will terminate the service and/or take further action.”

So while StrongVPN doesn’t necessarily log websites, it’s likely that it will use connection logs to highlight suspicious accounts, and then start logging your browsing activity to confirm if you are in violation of its terms. This is why it adds the “normal course of duties” disclaimer. This also leaves open the possibility that StrongVPN spies on your web browsing based on erroneous suspicions.

More importantly,  as far as well can tell, StrongVPN does not say how long it holds onto its customers’ data, which is a pretty serious oversight for a privacy service and should set alarm bells ringing.

StrongVPN is very clear about its policy on DCMA. It says it maintains a log of DMCA Notices and will “identify customers or account holders who may be engaging in repeated copyright infringement.” 

Cookies and ad data

StrongVPN participates in the Truste privacy program, which is welcome. But it also admits to collecting information on customers through various means for advertising purposes. It says is willing to hand this data over to anyone it likes. Here’s what the policy says: 

“StrongVPN.com may use personally identifiable information collected through our Web site to contact Users regarding products and services offered by StrongVPN.com and its trusted affiliates, independent contractors and business partners, and otherwise to enhance Users’ experience with StrongVPN.com and such affiliates, independent contractors and business partners. StrongVPN.com may also use information collected through our Web site for research regarding the effectiveness of the Web site and the marketing, advertising and sales efforts of StrongVPN.com, its trusted affiliates, independent contractors and business partners.”

“Trusted affiliates, independent contractors and business partners” could mean pretty much anyone. Of course many websites happily hand over data to third parties for advertising purposes. What StrongVPN is doing is not uncommon at all. But is this really appropriate behaviour for a company that is offering a privacy service?

To sum up…

StrongVPN’s privacy policy leaves a lot to be desired. It’s written clearly,  but there’s no information on how long it stores your data, which is big problem. There’s also no information on what happens if law enforcement requests data, or if laws in its jurisdiction regarding VPNs change. Also, while StrongVPN says it does not log the websites your visiting, it leaves open the possibility it will log your web browsing if you come under suspicion. 

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

1 Comments

Wanter

30.07.2015

StrongVPN no longer keeps any logs, article needs updating
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.