When law enforcement knocks on a VPN's door, what happens?

Privacy & Security Posted on June 8, 2012

When law enforcement knocks on a VPN's door, what happens?

Virtual Private Networks (VPNs) are fast becoming one of the last refuges for internet users who want to ensure their web browsing is kept private. This year barely a week has gone by without unpopular, anti-online privacy, legislation, pushed by powerful entertainment industry lobbies, making headlines. Either that or leaks on government plans for increased surveillance of citizens, defended by sexed-up threats from pedophiles and terrorists. If current trends continue, it’s looking more and more likely that VPN usage will break out from its current niche and start to capture the attention of more mainstream spheres.

However, the security of your privacy and personal data rests solely on the privacy policy of your VPN – and not all VPN privacy policies are created equally. In fact, many VPNs leave your personal data exposed to governments, law enforcement and copyright lawyers in exactly the same way as your ISP does.

Data retention

This was brought into sharp focus around a year ago when a member of hacking group Lulzsec was handed over to the authorities. Lulzsec member ‘Recursion’ used UK-based VPN HideMyAss to hack News Corp and Sony, among others. What Recursion didn’t know was that HideMyAss keeps logs of IP addresses and timestamps. All it took was a UK court order to compel HideMyAss to hand over the data and Recursion (real name Cody Kretsinger) was delivered to the FBI.

Obviously no VPN wants criminal activity to take place on its service. But what’s the point of using a VPN if they retain enough of your personal data to facilitate your identification in the real world? What’s the difference between a copyright holder forcing an ISP to identify you based on unsubstantiated allegations of copyright theft, and that same court order being applied to a VPN? Yet that’s exactly the kind of threat many big name VPNs expose their customers to. Last year TorrentFreak posted a great round-up of VPNs who retain customer data and those who don’t. If a VPN retains your data then it has no option other than to comply with court orders to hand it over.

When the authorities come knocking

Here at IVPN we have a vested interest in highlighting this issue and obviously we wouldn’t be writing about it if we weren’t confident in our own privacy policy. So what happens if the authorities come knocking at our door looking to identify an individual? Well typically law enforcement would serve us a subpoena, demanding that we trace the identity of an individual connected to our network based on a timestamp and the IP address of one of our servers.

All VPNs have the ability to track users and log their data. We don’t keep any connection logs, this reduces our liability and ensures your absolute privacy. Make sure you are very clear on your VPN providers logging policy as many do log which can be a major risk for you, even if for short periods.

What about stuff like billing and customer registration details? We don’t require your name or physical address, just an email address– nothing else. If you pay with PayPal then we have to store your PayPal subscription ID but there’s no way of linking any of your connection related data to your payment details because it doesn’t exist. So in effect, your privacy is ensured and there’s no way that anyone can find out what you do online. At the very most you can only be identified as a customer through your email address or PayPal subscription ID.

If you’re thinking of signing-up to a VPN make sure that you read its privacy policy and terms of conditions very closely. Because you may not be buying the level of protection and anonymity you think you are.

For more information, take a look at our own privacy policy. To learn more about how VPNs work, read our FAQs.

Privacy
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.

4 Comments

john weston

18.11.2013

What has happened to Focus VPN? We are not able to view or contact the company, since last weekend.

Asus Router Support

01.04.2018

Sometimes we need to protect yourself then we need to hide our identity like same when we need to hide our digital identity so we can hide our digital identity on the internet by using the VPN.

KJ Peterson

13.07.2019

But what if that person has committed a crime, and using a VPN to help cover up their activities. VPN services should be required to retain user information which can be given to any court in the event that a VPN is being used to help cover up a users illicit activities.

Mildred D. Amaral

22.07.2019

VPN always secure our connection through encryption module security and protection you don’t want to someone watching you or spying your log or data. Fastest VPN Help the people’s and they will feel free to surf in the internet.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

IVPN TunnelCrack vulnerability assessment Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.
Most people don't need a commercial VPN to work from home securely Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.