Jump to content
Not connected, Your IP: 3.129.39.85
Sign in to follow this  
kkatarn

Privacy

Recommended Posts

Hello Team,

I must say I've been very impressed with the speed of the connection and functionality of the client wrapper :cheer:

I can tell because I'm on 100 MBit/s down, 10 MBit/s up fiber-to-the-home line with my ISP. My router/firewall equipment actually manages to deliver at about 75 MBit/s down and 10 MBit/s up from that. Right from the beginning AirVPN fired away with about 20 MBit/s down and about 9 MBit/s up - very decent speeds for a VPN.

Now to my question

You state that "AirVPN fully complies with the European Union directives which protect your privacy: Directive on Data Protection (95/46/EC) and Directive concerning the processing of personal data and the protection of privacy (2002/58/EC)".

I've actually started to read the directives online ... but since I'm not a lawyer or masochist I got frustrated with all the cross-references to other directives

That said, I do have the following question:

Could you spill out a little bit more in layman's terms what you do and don't do in terms of protecting your customers privacy, especially in the following cases:

- real or alleged accusations of copyright infringement, letters from right-owners asking you for customer information

- real or alleged accusations of uploading "secret" or "dangerous" whatever material to sites like WikiLeaks, asking you to give information about the customers involved ... well, I imagine what should kept secret or is considered dangerous varies widely depending on which government (agency) one asks

- real or alleged accusations of child pornography ... what child pornography is or isn't probably doesn't vary so widely as with the previous point, but still I think in Japan it is viewed and handled differently than in France or the U.K.

- copyright holders asking you to turn over information about who is using the service for faking their geographic whereabouts, e.g. connect to a U.K. server to watch BBC tv online or an U.S. to watch Hulu whatever

- government officials, agencies, the police ... whoever ... showing up @ your place telling you to turn over all available data for any of the above mentioned "OR ELSE"

By the way ... I'm not saying that I'm much into any of this but I can't rule out completely downloading a TV episode here and there which I'm not supposed to do or connect to a different country to watch their TV services :blush:

Thank you very much in advance,

Kyle

Share this post


Link to post

kkatarn wrote:

Hello Team,

I must say I've been very impressed with the speed of the connection and functionality of the client wrapper :cheer:

I can tell because I'm on 100 MBit/s down, 10 MBit/s up fiber-to-the-home line with my ISP. My router/firewall equipment actually manages to deliver at about 75 MBit/s down and 10 MBit/s up from that. Right from the beginning AirVPN fired away with about 20 MBit/s down and about 9 MBit/s up - very decent speeds for a VPN.

 

Hello! Congratulations for you fantastic home fiber line. We are glad to know that you achieve such good speeds with our VPN - but we would say that they are a little more than "very decent": as a matter of fact we are not aware of other public VPNs which are capable of that performance. :)

Now, about your question:

Could you spill out a little bit more in layman's terms what you do and don't do in terms of protecting your customers privacy, especially in the following cases:

- real or alleged accusations of copyright infringement, letters from right-owners asking you for customer information

 

These communications or letters have no legal value and therefore we don't even bother with them. According to data protection laws, we might even be unable to have the proper logs, and in any case we refuse to commit an illegal action, as it would be to disclose personal data to a private entity.

Please note that according to art. 15 of e-commerce Directive (2000/31/EC) it is explicitly forbidden to all EU Member States to impose on any service provider of electronic communication a general obligation of surveillance on the users of the service.

Obviously if an entity performs an accusation on the basis of data obtained in breach of privacy and data protection laws we reserve the right to sue that entity in order to protect our customers and our business.

Also, please note that any infringement is "alleged". An infringement may or may not become "real" only after a due, impartial process, with proper judicial overview, presumption of innocence, right to be heard (including the right to a legal representation), and the right to appeal against any decision of a magistrate.

- real or alleged accusations of uploading "secret" or "dangerous" whatever material to sites like WikiLeaks, asking you to give information about the customers involved ... well, I imagine what should kept secret or is considered dangerous varies widely depending on which government (agency) one asks

See above.

- real or alleged accusations of child pornography ... what child pornography is or isn't probably doesn't vary so widely as with the previous point, but still I think in Japan it is viewed and handled differently than in France or the U.K.

About any alleged crime which violates human and fundamental rights (as enshrined in the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union) we are willing and glad to cooperate with authorities, under the condition that we receive a court order signed by a magistrate who has competence in our jurisdiction.

- copyright holders asking you to turn over information about who is using the service for faking their geographic whereabouts, e.g. connect to a U.K. server to watch BBC tv online or an U.S. to watch Hulu whatever

This is not even an infringement...

-

government officials, agencies, the police ... whoever ... showing up @ your place telling you to turn over all available data for any of the above mentioned "OR ELSE"

We are sorry we can't reveal all the security systems, which anyway are put in place to protect against criminals, not against authorities which are supposed to operate within the boundaries of the law. We can only state that access to server(s) is not possible from the locations where the person responsible of the server(s) etc. lives and works, so no pressure can be put on him/her in order to (inter alia) force him/her to reveal access passwords, and even in that case access would not lead to data leak.

However, please note that illegal behaviour from authorities would mean that data acquired with that behaviour cannot be used in a trial.

By the way ... I'm not saying that I'm much into any of this but I can't rule out completely downloading a TV episode here and there which I'm not supposed to do or connect to a different country to watch their TV services :blush:

This is neither our competence nor our duty to determine, therefore there's no need for you to specify.

Thank you very much in advance,

Kyle

Thank you for your questions! Feel free to inquire further if our answers are not satisfactory or for any additional information.

Best regards,

AirVPN admins

Share this post


Link to post

Thank you for your questions! Feel free to inquire further if our answers are not satisfactory or for any additional information.

Your answers are very good an to the point for a lazy customer to be like me who get's a headache when confronted with long law texts from the bureaucracy ... as in EU-Directives

One add-on to my question about alleged copyright infringements comes to mind, though. You say:

These communications or letters have no legal value and therefore we don't even bother with them. According to data protection laws, we might even be unable to have the proper logs, and in any case we refuse to commit an illegal action, as it would be to disclose personal data to a private entity. "..."

Is your answer the same if it's not some letter from a Hollywood film-company or P2P hunters but a court order requesting cooperation/information from your side. Obviously you can't hand over what you don't have (detail logs) but what if a court requests forcefully to turn on surveillance logging for an IP address?

Hello! Congratulations for you fantastic home fiber line. We are glad to know that you achieve such good speeds with our VPN - but we would say that they are a little more than "very decent": as a matter of fact we are not aware of other public VPNs which are capable of that performance.

TUVPN and TorrentFreedom/CryptoCloud come close and are capable > 15 MBit/s downloads as well but lack behind (~ 50%) with upload every time I checked. Those are, of course, not statistically relevant studies but only point-in-time checks I do sometimes. The number of customers downloading from and uploading to a particular connection point might be an issue here, too. Anyhow, very promising service of yours and a good solution you found to port-forwarding :-)

Otherwise I can't wait to see your pricelist coming online and become a paying customer. I'd even rather have you give the option to pay more for a plan with full speed, unlimited bandwidth than capping either of those when limits are reached.

Likely customer,

Kyle

Share this post


Link to post

kkatarn wrote:

Is your answer the same if it's not some letter from a Hollywood film-company or P2P hunters but a court order requesting cooperation/information from your side. Obviously you can't hand over what you don't have (detail logs) but what if a court requests forcefully to turn on surveillance logging for an IP address?

If the court order pertains to alleged copyright infringement on no-commercial scale, we would appeal against it. However, you are describing an extremely unlikely scenario, in which judicial authorities of different countries are already performing investigation on a person and in which THEY give us an information about this person (his/her IP address) and authorize/delegate/force a private actor (us) to turn on future surveillance/spying techniques on that person.

What's more, all the operation would require several international judicial rogatory letters, which, for personal copyright infringements on no-commercial scale (which are not, in most countries, criminal infringements), appears to be a purely fantastic hypothesis.

Otherwise I can't wait to see your pricelist coming online and become a paying customer. I'd even rather have you give the option to pay more for a plan with full speed, unlimited bandwidth than capping either of those when limits are reached.

Thank you! You will be informed about solutions dedicated to customers with high bandwidth demands like you very soon!

Kind regards,

AirVPN admins

Share this post


Link to post

Hello admins,

Thanks for your answer. I've got a good feeling about your views on privacy.

However, you are describing an extremely unlikely scenario, in which judicial authorities of different countries are already performing investigation on a person and in which THEY give us an information about this person (his/her IP address) and authorize/delegate/force a private actor (us) to turn on future surveillance/spying techniques on that person.

Actually in my question I meant something different - and the misunderstanding is surely due to my lack of command of the English language as a non-native speaker

"...but what if a court requests forcefully (with a court order) to turn on surveillance logging for an IP address of one of your servers, which at any given time might be shared by hundreds if not thousand users?

This question is based on the following thought: Government Agencies might at some point in time understand ... probably with some teaching from the industry ... that whatever alleged falsehoods they're after are not actually committed by the IP of one your servers, and so they could get the idea that having a log of the incoming IPs along with port usage would be a nice thing...

I think it's not completely unlikely that you will receive such a request, question is if European Law (for now) allows you to deny it?

Thanks in advance for your continued patience with my line of questioning ;-)

Cheers,

Kyle

Share this post


Link to post

kkatarn wrote:

Hello admins,

Thanks for your answer. I've got a good feeling about your views on privacy.

However, you are describing an extremely unlikely scenario, in which judicial authorities of different countries are already performing investigation on a person and in which THEY give us an information about this person (his/her IP address) and authorize/delegate/force a private actor (us) to turn on future surveillance/spying techniques on that person.

Actually in my question I meant something different - and the misunderstanding is surely due to my lack of command of the English language as a non-native speaker :)

"...but what if a court requests forcefully (with a court order) to turn on surveillance logging for an IP address of one of your servers, which at any given time might be shared by hundreds if not thousand users?

This question is based on the following thought: Government Agencies might at some point in time understand ... probably with some teaching from the industry ... that whatever alleged falsehoods they're after are not actually committed by the IP of one your servers, and so they could get the idea that having a log of the incoming IPs along with port usage would be a nice thing...

I think it's not completely unlikely that you will receive such a request, question is if European Law (for now) allows you to deny it?

Thank you for the clarification. It is a different question indeed, and a quite complex one.

We must consider that a court order would never force a private actor to commit illegal acts. Monitoring activity of that kind would break various laws on privacy and data protection, as clarified by several court sentences throughout European Union, and monitored citizens (who, in this scenario, cannot be charged of any criminal infringement) have the right to be informed about that activity. However, there might be cases (pertaining to public safety and/or threats to national security) in which monitoring activity, authorized by a magistrate, can be performed, but only by competent authorities, not by private entities. On top of that, data collected by a private actor who offers a VPN service cannot be considered reliable in a judiciary proceeding without a proper validation, supervision etc. by competent authorities.

Under no circumstance alleged copyright infringement on no-commercial scale may be considered a threat to national security or public safety.

Kind regards,

AirVPN admins

Share this post


Link to post

wow. your country is really good having such kind of law unlike our in the third world countries.

and real great to have such decent speed while here in our country most of us just have at most of 1mbps but most of the time its just 300kbps.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...