[MISLEADING / FALSE] AirVPN does log?

[Hennry 0]

Got this from: http://www.wilderssecurity.com/showthread.php?s=6e8f149699a3b0bd25aabbee06a6d7c0&t=331316

Full post is at: http://www.dslreports.com/forum/r27288554-Zero-logs-

A follow-up post has the following list (full quote):

Good countries for VPN:

Argentina - No data retention law

Brazil - No data retention law

Bulgaria - Data retention law not applicable to VPN providers

Cyprus - Data retention law declared unconstitutional (?)

Czech Republic - No data retention law (declared unconstitutional)

Hong Kong - No data retention law (?)

Iceland - No data retention period specified (?); good privacy laws

Japan - No data retention law

Luxemburg - Data retention law not applicable to VPN providers

Netherlands - Data retention law not applicable to VPN providers

Panama - No data retention law

Romania - Data retention law declared unconstitutional

Serbia - Data retention law not applicable to VPN providers (?)

Sweden - Data retention law going into effect in May 2012, but (presumably) not applicable to VPNs

Taiwan - No data retention law (?) + seemingly good privacy laws

Ukraine - No data retention law

"Questionable" Countries:

Australia - No data retention law, but internet regulations are strict & they're on RSF's Internet Surveillance 2012 watch list

Belgium - Data retention law not implemented, but has fairly strict laws & some internet censorship issues (esp. anti-p2p)

Canada - No data retention law, but anti-privacy legislation is rapidly gaining traction

Egypt - No data retention law (?), but privacy laws are dubious & they're on RSF's Internet Surveillance watch list

France - Data retention law not applicable to VPNs, but has strict laws & they're on RSF's Internet Surveillance watch list

Germany - Data retention law declared unconstitutional, but server raids & gov't surveillance are prevalent

Israel - No data retention law, but gov't surveillance is suspected (conflict zone)

Italy - Data retention law not applicable to VPNs, but internet regulations are fairly strict & there are some censorship issues

Malaysia - No data retention law, but has some censorship/server raid issues & they're on RSF's Internet Surveillance watch list

Mexico - No data retention law, but there are concerns about gov't corruption & some internet censorship issues

New Zealand - No data retention law, but there are concerns about gov't surveillance

Russia - No data retention law (?), but they have some censorship issues & they're on RSF's Internet Surveillance watch list

Singapore - Minimal data retention law, but has fairly strict internet regulations & some censorship issues

South Africa - No data retention law, but internet regulations are strict

South Korea - No data retention law, but they have some censorship issues & they're on RSF's Internet Surveillance watch list

United States - No data retention law, but server raids and gov't surveillance are prevalent

Bad Countries for VPN:

Afghanistan - Suspected surveillance by allied forces (war zone)

Armenia - Internet censorship

Austria - Data retention law

Bahrain - Internet censorship

Belarus - Internet censorship

Burma (Myanmar) - Internet censorship

China - Internet censorship + data retention law

Cuba - Internet censorship

Denmark - Data retention law

Estonia - Data retention law

Ethiopia - Internet censorship

Finland - Data retention law

Greece - Data retention law

Hungary - Data retention law

India - Internet censorship + data retention law

Indonesia - Internet censorship

Iran - Internet censorship + data retention law

Iraq - Suspected surveillance by allied forces (war zone)

Ireland - Data retention law

Kuwait - Internet censorship

Latvia - Data retention law

Liechtenstein - Data retention law

Lithuania - Data retention law

Malta - Data retention law

Morocco - Internet censorship

North Korea - Internet censorship (internet infrastructure is virtually non-existent here anyway)

Norway - Data retention law

Oman - Internet censorship

Pakistan - Internet censorship

Palestinian Territory - Internet censorship

Poland - Data retention law

Portugal - Data retention law

Qatar - Internet censorship

Saudi Arabia - Internet censorship

Slovakia - Data retention law

Slovenia - Data retention law

Spain - Data retention law

Sudan - Internet censorship

Switzerland - Data retention law

Syria - Internet censorship

Thailand - Internet censorship + data retention law

Tunisia - Internet censorship

Turkey - Data retention law + internet censorship

Turkmenistan - Internet censorship

United Arab Emirates - Internet censorship

United Kingdom - Data retention law

Uzbekistan - Internet censorship

Vietnam - Internet censorship

Yemen - Internet censorship http://www.dslreports.com/forum/r27288551-

So, is it true that you have to log by some of the countries law?

[Jinsong 5]

No, it's not.

First of all, you shouldn't be quoting random forum postings that don't have well-documented sources. This is one of the ways how misinformation gets spread around the internet.

However, even assuming it's reasonably accurate (which it may or may not be), you can conclude that Air VPN servers in United States, Germany, Netherlands, and Sweden do not need to retain logs, and evidently there's no log retention requirement for their U.K. servers either; otherwise Air VPN would not be operating there.

[Staff 9972]

So, is it true that you have to log by some of the countries law?

Hello!

That's absolutely and totally false.

It's very sad to see how someone spread misinformation, when the author of the article himself clearly stated MORE THAN TWO YEARS AGO that his considerations must NOT be used as an authoritative source:

http://www.wilderssecurity.com/showpost.php?p=2108920&postcount=3

We follow laws on data retention in every country we have servers in, so any information which contradicts the non-obligation to log anything MUST be documented at least with the citation of the EXACT law which supposedly would force us to log. Please be sure that we don't work superficially or with misleading information on this critical issue like a lot of "false" anonymity layers providers do.

Kind regards

[Hennry 0]

Thanks for the official response. It wasnt my intention to mislead people, but to clear the air out. Now i'm not worried anymore . Thanks!

[jimjenkins 0]

Even though the VPN provider might not be obliged to store logs on their users in a given country I still think data retention is a pretty big red flag and the Wilder's post should not be dismissed so quickly as misleading.

The airvpn crucis vpn server hosted in Italy has 6 users at the moment. According to http://en.wikipedia.org/wiki/Telecommunications_data_retention#Italy, Italian legislation requires "Internet service providers must retain all data for at least 12 months. The law does not specify exactly what traffic data must be retained".

Please correct me if I am wrong, but even though airvpn might not give up any information about incoming and outgoing connections to and from the crucis server, that doesn't mean that law enforcement agencies can't simply get this information directly from the Italian ISP hosting the crucis server (which presumably stores this information for 12 months).

With 6 users passing through this VPN a LE agency can probably narrow their search down easily based on connection origin, connection time, packet size and frequency. They then should be able to match an incoming connection to an outgoing connection that passed through this VPN without any assistance from airvpn. Obviously this becomes more difficult with more users passing through the VPN but I think its something to consider.