VPN privacy policies decoded: Boxpn

Privacy & Security Posted on July 28, 2013

VPN privacy policies decoded: Boxpn

This post is part of a series reviewing the privacy policies of popular VPN services. The aim is to find out whether the VPN takes customer privacy seriously. This is not intended as a review of a VPN service, which would need to take into account a number of other factors. For more privacy guides and our criteria for reviewing them, click here.

Boxpn is a VPN service owned by Cakinberk Telekom, a company based in Turkey. The platform has a wide range of servers across the US and Europe. But how does its privacy policy stack-up?

Boxpn has a straightforward and very short privacy policy, which covers the basics relatively well and suggests the company does take its users' privacy seriously. Boxpn says it “does not collect any information of it’s clients activities on any network [sic]. Hence no information is collected, there is no information to provide any 3rd parties.” which is clear and to the point.

Logging

However, as we’ve seen with other VPN privacy policies, Boxpn is also a bit vague on its logging practices. Here’s what it says:

“boxpn global network firewalls and security softwares only collect network utilisation data which is strictly necessary for the technical functioning of the service, for example IP address and hardware utilisation."

As we’ve explained previously, collecting and storing network data is a very common practice for VPNs, because it allows us to optimise the network and troubleshoot any problems. So it’s fine that Boxpn is doing this. However, the key issue is what data is being stored and – more importantly – how long is that data being stored for?

For example, with Hide My Ass we found out server connection times were being stored for two years. Such a long period of data retention is not really necessary for troubleshooting a network and only really makes sense if you want to provide a third party with historical information to track users' web activity. Most VPNs serious about privacy will not store this data for any more than a week or so and ideally less than 24 hours. We can give Boxpn the benefit of the doubt, but on this point, it should be clearer.

Cookies and ads

When it comes to advertising data and cookies Boxpn says this:

“boxpn will not sell, rent, or give away any of your personal information without your consent. It is our overriding privacy principle that any personal information you provide to us is just that: private. We do not presume that you are granting us permission to share your personal information with third parties wanting to sell you products or services that you have not requested."

Unlike some of the other VPNs we’ve looked at, this paragraph shows Boxpn is serious about the collection of ad data. However, we did run Ghostery on Boxpn’s site and found a couple of ad trackers present, such as Doubleclick, which collects anonymous data. Doubleclick does not necessarily share data with third parties, but it can if the publisher (i.e. Boxpn) is part of an ad network. The Guardian sums this up pretty well here.

When it comes to entities trying to obtain user data Boxpn says this:

“Pressure from private actors to obtain any data (including but not limited to IP address of users) if it’s an illegal act and boxpn, in order to protect its business and the users' privacy, reserves the right to inform the competent authorities and prosecute the private entities responsible for such illegal acts [sic]."

Due to the grammatical errors this paragraph isn’t very clear. As we point out in our guidelines, clear English is essential for any privacy policy. The paragraph appears to be copied from AirVPN’s privacy policy and should read:

“Pressure from private actors to obtain any data (including but not limited to IP address of users) is an illegal act and Air, in order to protect its business and the users' privacy, reserves the right to inform the competent authorities and prosecute the private entities responsible for such illegal acts."

So despite the grammatical inaccuracies Boxpn’s policy, once understood, is on the side of its users.

To sum up…

Overall Boxpn does seem to take privacy seriously, but it could be more clear with regards to how long it logs data and in other sections. There’s also no information on what happens if laws change in Boxpn’s jurisdiction regarding VPN services.

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

1 Comments

Wong

29.01.2015

I will say about my experience .

Earlier, I tried a lot of VPN including paid . Connection problems , low speed were commonplace. but by far the best in my case , was the boxpn . Not without problems, but it’s the best of what I’ve tried, with best cost/quality ratio.

IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.