AirVPN Retaining OS and User Agent Info for At Least 90 Days

[Guest]

I noticed that under Settings > Recently Used Devices, AirVPN reports the OS and User Agent for account logins ( to the AirVPN web site) over the past 90 days, This means they are retaining this information for at least 90 days (and perhaps longer, but not displaying it?).

I understand the possible value in this for the users--we can check to see if any OS/User combo logged into our account that might not be legit. However, I can imagine some among us would prefer such information not be retained once a we have logged out; we signed up for a "no logging" service, after all. Admittedly, there is a difference between the VPN itself and the web site, but again, many here are privacy conscious and maybe this would present an itch for some of us.

Is there a way to clear this history prior to 90 days? Or to opt-out of such logging?

[OpenSourcerer 1435]

I imagine this to be a feature of the forums software. I wouldn't go as far as calling this logging.
It might be a good idea to have a switch, but this is a change that must be done on the developer's side and added for all users of the software. Not every user of it is a VPN provider, many will want it to be forcefully enabled. It'd also be among the account security recommended practices, I imagine.

What I can't exactly grasp is how you would trust a random datacenter with your complete traffic while you wouldn't trust the Air website to keep an overview of all your account sessions for a disclosed amount of time…

[nexsteppe 24]

7 hours ago, 8b5Y4h2B33n7iU said:

Is there a way to clear this history prior to 90 days? Or to opt-out of such logging?

I agree that retaining even this rudimentary info for 90 days is too long, but only because it shows the date-time of your login.  Otherwise, considering that it doesn't always catch when you logout and isn't even great at identifying some OSs and browsers it's pretty much useless data.

[Staff 9972]

Hello!

It's a weak way for a user to have a security check on access. Not very useful and surely not privacy concerning. It has nothing to do with logging or not logging client traffic on VPN servers, obviously, and is irrelevant in any context. Enable 2FA instead for a robust, additional account access protection.

Kind regards
 

[Flx 76]

16 hours ago, Staff said:

Enable 2FA

Any reason why you picked Google Authenticator over Authy?

[Dawind 4]

9 hours ago, Flx said:

On 12/30/2019 at 3:20 PM, Staff said:

Enable 2FA

Any reason why you picked Google Authenticator over Authy?

You can use any app you like for 2FA, as long as they support TOTP.
If you like using Authy, just scan the QR-code with Authy and add it to your Authy account.

[Flx 76]

On 12/31/2019 at 10:20 AM, Dawind said:

You can use any app you like for 2FA, as long as they support TOTP.
If you like using Authy, just scan the QR-code with Authy and add it to your Authy account.

Wonderful. Thanks for explaining the obvious. Do you know the difference between them?
See this-->>https://authy.com/blog/authy-vs-google-authenticator/
 

[iwih2gk 93]

Guys, do yourself a major favor IF you are using TOTP.  Don't skip the process of backing up your Authy/Google code before using it.  When I set TOTP (prefer U2F) I create a snapshot and back it up to a remote file.  IF you ever lose your phone, etc....  you can simply import the QR code back into the next phone and you are good to go.  It takes me a few seconds to prepare in advance for such an instance.  They happen all the time, just read around on the internet and you will see people screaming that Google Auth and Authy are terrible.  Its not either, just clueless folks losing their access and having no backup.

[OpenSourcerer 1435]

I recommend AndOTP which has a backup and restore feature both to text and to AES-encrypted file, among other things, making it the better choice than Authenticator.

Can anyone please elaborate on my question? Why would you trust a stranger's datacenter with your traffic and not AirVPN's website with retaining that piece of info (which does not identify you in any way, by the way)?

[nexsteppe 24]

58 minutes ago, giganerd said:

Why would you trust a stranger's datacenter with your traffic and not AirVPN's website with retaining that piece of info (which does not identify you in any way, by the way)?

The answer to your question seems simple enough: you wouldn't.
But I think OP was only asking why this info was being retained at all rather than raising any concern of trust.
For me the possibly specious basis for not keeping this info is because it's metadata (however rudimentary) reflecting your use of the website.  I think it is reasonable to ask why any session histories should be retained with a "no logs" service.  And I think it's just as reasonable to argue that it's irrelevant info.

 

[Flx 76]

Answer from Staff: "We don't know, we're sorry. We will ask the management." on  "Any reason why you picked Google Authenticator over Authy?" That is the only answer I got from them.