Jump to content
Not connected, Your IP: 54.158.251.104
mehāniskākaravīrs935

Is my data safe on from Canadian data retention on AirVPN Servers?

Recommended Posts

Now, I am fully aware that this question has been asked time and time again, but is it really safe to use Canadian servers? AirVPN has stated in the past that they fully conform to data retention laws in Canada. Which surely must mean that they keep data that the Canadian government by law requires them to such as timestamps, log in/log off times, ip etc. could some light be shed on the legal situation with Canadian servers to clarify the situation? More importantly what is and what is not collected by AirVPNs Canadian servers and what impact it has on our privacy. AirVPN constantly states that they would never host a server where they would put our privacy at risk; however in situations like this that statement alone compared with the legal situation at hand is no firm gurantee that we are actually as safe on Canadian servers as we are anywhere else. Quote from support and source link below

 

"We follow laws on data retention in every country we have servers in, so any information which contradicts the non-obligation to log anything MUST be documented at least with the citation of the EXACT law which supposedly would force us to log. Please be sure that we don't work superficially or with misleading information on this critical issue like a lot of "false" anonymity layers providers do."

 

https://airvpn.org/topic/3930-misleading-false-airvpn-does-log/?hl=%2Bcanada+%2Bdata+%2Bretention

Share this post


Link to post

I'm afraid that isn't much of an answer. Sure if they encountered something that would violate our privacy they would shut down Canadian servers. If you read my entire post you would see that staff has OPENLY admitted to abiding by data retention in Canada. My question is simply what data are they retaining to abide by Canadian law and how does that effect user privacy

Share this post


Link to post

You have nothing much to worry about.

The original law is bound to ISPs and local providers with physical, local presense in Canada.

 

https://www.loc.gov/law/help/online-privacy-law/canada.php

 

Since Air operates two datacenters (Amanah and Yesup) in Canada, Air is bound, as a customer,

to respect any local civil law in that jurisdiction, such as the ISPs mentioned above.

This tells nothing about direct logging policy, and this is why any foreign customer like Air, which is

located outside of this jurisdiction, is not directly bound to these laws. In this case those ISPs act like

a transit provider, without direct intervention as a legal entity.

So the only thing you might want to take into account is a local Canadian law, that might force local ISPs

to log some kind of metadata (actually any country can have such laws), but what should make you feel

safe is the non-logging policy of Air, which is not bound to the Canadian law by jurisdiction.

And all Air servers are physically administered by Air, with logging disabled, and some counter-measures

against physical tampering, should it ever happen in the worst case scenario.

 

* Note, I am not a lawyer, so this advice is rather technical than legal.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

A thread like this surfaces several times a year.  What I stress is also a very obvious FACT.  Adversaries do quite often monitor and log connections coming into VPN service centers.  Air or any other reliable VPN provider cannot prevent that from happening.  Adversaries (LE) enjoy a "priviledged" position on internet hubs/nodes/gateways, etc....  They know what IP's are connecting so get it solidly in your mind;  your incoming IP's are almost surely being logged but not by Air.  Its how this all works.

 

They cannot see what you are doing if you are smart about your activity.  The most noteable thing you can do is to employ a partition of trust among several providers and use end to end encryption when going past the final exit node.

 

My opinion:  I consider it OPERATOR ERROR to use a one hop VPN (without partition of trust) and then leave encryption when going past your exit node to a final destination.  Such an action cannot be protected even by the best vpn provider, which Air is!

Share this post


Link to post

A thread like this surfaces several times a year.  What I stress is also a very obvious FACT.  Adversaries do quite often monitor and log connections coming into VPN service centers.  Air or any other reliable VPN provider cannot prevent that from happening.  Adversaries (LE) enjoy a "priviledged" position on internet hubs/nodes/gateways, etc....  They know what IP's are connecting so get it solidly in your mind;  your incoming IP's are almost surely being logged but not by Air.  Its how this all works.

 

They cannot see what you are doing if you are smart about your activity.  The most noteable thing you can do is to employ a partition of trust among several providers and use end to end encryption when going past the final exit node.

 

My opinion:  I consider it OPERATOR ERROR to use a one hop VPN (without partition of trust) and then leave encryption when going past your exit node to a final destination.  Such an action cannot be protected even by the best vpn provider, which Air is!

It would be absolutely foolish for anyone to do something illegal without taking extra hops,Tor etc. all i look for is basic privacy in my digital life. To me that means that no one is tracking the websites I view on daily usage, no one I sending me DMCA's and no one is eavesdropping on my connection or censoring it. If I or anyone else were to do something significant to someone, AirVPN simply isn't enough to cover a trail when authority's are on a digital manhunt. All I ask is that the things I listed above are provided.

Share this post


Link to post

Understood!  For me, my circuits configure almost automatically and I see no reason to operate with under 4 hops even to view weather in my favorite holiday spot.  Different strokes for different folks.

 

btw - DMCA's are the result of illegal activity!

Share this post


Link to post

You have nothing much to worry about.

The original law is bound to ISPs and local providers with physical, local presense in Canada.

 

https://www.loc.gov/law/help/online-privacy-law/canada.php

 

Since Air operates two datacenters (Amanah and Yesup) in Canada, Air is bound, as a customer,

to respect any local civil law in that jurisdiction, such as the ISPs mentioned above.

This tells nothing about direct logging policy, and this is why any foreign customer like Air, which is

located outside of this jurisdiction, is not directly bound to these laws. In this case those ISPs act like

a transit provider, without direct intervention as a legal entity.

So the only thing you might want to take into account is a local Canadian law, that might force local ISPs

to log some kind of metadata (actually any country can have such laws), but what should make you feel

safe is the non-logging policy of Air, which is not bound to the Canadian law by jurisdiction.

And all Air servers are physically administered by Air, with logging disabled, and some counter-measures

against physical tampering, should it ever happen in the worst case scenario.

 

* Note, I am not a lawyer, so this advice is rather technical than legal.

Do you own or rent the "data centers" in Canada? If you rent them how can you be certain the data integrity is not compromised if you don't own the data center? If you own it, I can see maintaining more control of the data...but you cannot control what the landlord does or does not do that you are renting from.

 

Please enlighten me in this regard.

 

Thank you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...