Security/logging question with forwarded ports

[mcampbell 0]

If I have a port forwarded for uTorrent (for example), can that be used combination with the current logs that Air keeps in order to identify a subscriber to your service in any way?

[Staff 9899]

If I have a port forwarded for uTorrent (for example), can that be used combination with the current logs that Air keeps in order to identify a subscriber to your service in any way?

Hello!

No, it's not possible to make such a correlation because there are no logs.

However, if you forward the SAME port on your router while connected, certain correlation attacks from an adversary who has the ability to monitor your line or knows in some way your real IP address are possible. Just do not forward the same ports on your router and such attacks can't succeed.

Please do not hesitate to contact us for any further information on such an important subject.

Kind regards

[mcampbell 0]

"There are no logs"

But you do log when I, as a subscriber, log in to your service, and when I log out. And you know what ports I have forwarded, and I am the ONLY one that can have a *given* port forwarded due to the shared IP, right?

Is it not possible for a court to say "On date <aa/bb/cccc> someone using IP <iii.iii.iii.iii> on port <qqqqq> did <something>. Who was that?" If they know the IP, they can find out via the login/logout record who was on that IP at that time (many people), and then with your database of who has which ports forwarded, who *exactly* it was from that list of many people.

I'm sure I have something wrong here and at least one of my assumptions is not true. Can you walk me through it?

[Staff 9899]

"There are no logs"

But you do log when I, as a subscriber, log in to your service, and when I log out. And you know what ports I have forwarded, and I am the ONLY one that can have a *given* port forwarded due to the shared IP, right?

Hello!

Log in and log out time and date can be activated, deleted and completely disabled by you. They are not data which can be used in a court, for example. Anyway, as long as you don't put in your account data any information which can be exploited to disclose your identity, you are protected even against a catastrophic account database leak from us.

Is it not possible for a court to say "On date someone using IP on port did . Who was that?" If they know the IP, they can find out via the login/logout record who was on that IP at that time (many people), and then with your database of who has which ports forwarded, who *exactly* it was from that list of many people.

If those data were authenticated by a proper authority and recognized as reliable by a court, and that authority could get its hands on our database (which is not in any VPN server), and the user had kept the login and logout dates and times active, and that authority could wiretap in real time all of our servers, then it could make such correlation regardless of forwarded ports or not. Please note that our system is designed to defeat even such an adversary:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

In general, an authority needs our cooperation to try to disclose an identity in ex-post investigations. As you probably know from our ToS, we will cooperate with all our resources with proper and competent authorities when the alleged crime is a violation or an attempted violation of human rights as enshrined in the ECHR. In particular, we will not tolerate usage of our systems for aiding or inciting human trafficking, child exploitation and privacy infringements.

Kind regards

[mcampbell 0]

Thanks, this was very helpful.