If it was the norm for ISPs to claim this, maybe this argument would work. For now, we have many documented cases of ISPs selling your information, and they don't even try to claim that they don't keep logs, while many major VPN services (see link above) explicitly claim to never store logs.
We also have multiple documented cases of "no-log VPNs" submitting their logs to law enforcement. I even linked to one case in my post. What's your point here, exactly? Because my point was you have to trust either party.
Oh, and btw, here in Europe, it is actually illegal for ISPs to give connection data away for non-law-enforcement purposes. It's sad that there are some US-American ISPs that have a record of selling some information, but the world does not evolve around the USA.
Which case are you talking about? You have no links in the "no-log" section.
Other fatal flaws in that section, fwiw
>Starting with the obvious, if you pay for a VPN service, they have to keep your user account and associated payment information and your payment history. So, unless you are using a fake identity and an anonymous credit card (is that even possible these days?), your VPN account will be linked to your actual identity.
Plenty of VPNs accept bitcoin, and prepaid anonymous debit cards are widely available.
>Most VPNs limit the number of devices that can be connected at the same time. For that to work, well, they have to store a piece of information stating which device is connected, and what VPN account it is associated with. They have to associate your VPN session with your VPN account, as counting the number of sessions per account would be impossible otherwise.
This is addressed in the link above. Besides, it's possible to limit simultaneous connections without storing anything to disk.
>What's your point here, exactly? Because my point was you have to trust either party.
The difference is that no major ISPs are claiming not to log.
Sure. And that's why people who want anonymous Bitcoin use mixing services. Such as Bitcoin Fog:[0]
> In December 2013 the site was used to launder a part of the 96,000 BTC from the robbery of Sheep Marketplace.
> In February 2015, a total of 7,170 bitcoin was stolen from the Chinese exchange Bter.com and traced back to cryptocurrency-tumblers like Bitcoin Fog.
> We also have multiple documented cases of "no-log VPNs" submitting their logs to law enforcement.
That's true. And so some of us go out of our way to name names. For example:
EarthVPN - user compromised by datacenter logs
HMA - retained logs, and provided them under UK court order
Proxy.sh - outed someone voluntarily, because they didn't like something he did
PureVPN - retained logs, and shared them with investigators
> Because my point was you have to trust either party.
That's true. Except when it isn't. If you use nested VPN chains, you don't need to trust any of the individual VPNs. It's not as anonymous as Tor, because it's static, and far less complicated to compromise. But it's at least 10x faster. And you can hit Tor through them, which protects you from evil entry guards.
That claim doesn't mean that ISPs do not collect data. It means that your VPN providers must be blindly trusted, like ISPs. IIRC when the UK introduced a law asking all ISPs to keep all user activities in logs, at least some of them complained that the costs were too high to put it in practice. Make of that what you want. Trust or not trust?
I... find it really unlikely that any no-log VPN companies exist for any significant period of time without logging.
I don't just mean law enforcement, though that's probably a problem too, (though I have less experience with that one) I'm also talking about the normal abuse an ISP gets. Spammers, etc... From experience, your upstream will shut you down if your customers aren't well behaved.
>Why couldn't you have a flagging system in real-time that shuts down accounts but doesn't save the data to disk?
That's what I described with the deep packet inspection. You could hook up an IDS and block users based on the IDS output, but like I said, the sort of people who like no log VPNs will not like that. At one point I set that up at my VPS company a long time ago, (of course, I was very up front about it and told my customers, and I was surprised that customers were really, really angry about it, so I took it down within a day or two. Sorry guys, I mean, I should have stuck with the traditional route of only examining packet headers.)
If you act in the usual way for an ISP and only examine packet headers, then you will need to react to complaints about your users. Those complaints can roll in up to a week after the abuse happened.
I could believe a VPN service that said it kept logs for a week. That seems possible. (of course, there's still the legal issues, but I personally haven't seen those, while I have been almost disconnected by my upstream for customer abuse before)
It gets worse, too, if I use shared IP addresses. So, the way my VPS company was setup, everyone had a static IP. And that was really pretty easy; an abuse report comes in saying that a certain IP did something at a certain time. As all my customers had their own IPs, all I had to do was make sure the IP hadn't been moved to a different customer recently, and I knew who to go after. Aside from that ill considered day-long experiment with the IDS, I didn't do any network logging at all outside of total packet/byte counts (outside of troubleshooting) because I didn't really have to in order to go after abuse. I knew what IP was owned by who.
But, in a shared-IP system? this is way worse. All your users are behind a NAT, right? so you get that same abuse complaint a few days after a thing happened saying that IP X did this thing at time Y to target IP Z. Well, all your customers are coming out of IP X, so that doesn't help you. In a NAT system, to manage abuse complaints without deep packet inspection, you need to log the headers from every connection. User X connected to IP Y on port Z, etc... It's the only way to trace back the abuse to the customer.
(Things get dramatically easier if every customer has it's own IP; then you just need to record who had what IP when. I don't know how many "no log" VPNs use NAT vs giving each active user their own IP. Of course, things get even easier with IPv6)
>PIA absolutely does not keep any logs, of any kind, period. While this does make things harder in some cases, specifically dealing with outbound mail, advanced techniques to handle abuse issues, and things of that nature, this provides a high level of security and privacy to all of our users. Logs are never written to the hard-drives of any of our machines and are specifically written to the null device, which simply acts if the data never existed.
Bull. Shit.
Find me a major ISP that publicly claims they don't log any data.
Anyone making a claim remotely similar to those made in https://torrentfreak.com/which-vpn-services-keep-you-anonymo...
If it was the norm for ISPs to claim this, maybe this argument would work. For now, we have many documented cases of ISPs selling your information, and they don't even try to claim that they don't keep logs, while many major VPN services (see link above) explicitly claim to never store logs.