Jump to content
Not connected, Your IP: 18.218.73.233
Guest

AirVPN Retaining OS and User Agent Info for At Least 90 Days

Recommended Posts

Guest

I noticed that under Settings > Recently Used Devices, AirVPN reports the OS and User Agent for account logins ( to the AirVPN web site) over the past 90 days, This means they are retaining this information for at least 90 days (and perhaps longer, but not displaying it?).

I understand the possible value in this for the users--we can check to see if any OS/User combo logged into our account that might not be legit. However, I can imagine some among us would prefer such information not be retained once a we have logged out; we signed up for a "no logging" service, after all. Admittedly, there is a difference between the VPN itself and the web site, but again, many here are privacy conscious and maybe this would present an itch for some of us.

Is there a way to clear this history prior to 90 days? Or to opt-out of such logging?

Share this post


Link to post

I imagine this to be a feature of the forums software. I wouldn't go as far as calling this logging.
It might be a good idea to have a switch, but this is a change that must be done on the developer's side and added for all users of the software. Not every user of it is a VPN provider, many will want it to be forcefully enabled. It'd also be among the account security recommended practices, I imagine.

What I can't exactly grasp is how you would trust a random datacenter with your complete traffic while you wouldn't trust the Air website to keep an overview of all your account sessions for a disclosed amount of time… :)


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
7 hours ago, 8b5Y4h2B33n7iU said:

Is there a way to clear this history prior to 90 days? Or to opt-out of such logging?


I agree that retaining even this rudimentary info for 90 days is too long, but only because it shows the date-time of your login.  Otherwise, considering that it doesn't always catch when you logout and isn't even great at identifying some OSs and browsers it's pretty much useless data.

Share this post


Link to post

Hello!

It's a weak way for a user to have a security check on access. Not very useful and surely not privacy concerning. It has nothing to do with logging or not logging client traffic on VPN servers, obviously, and is irrelevant in any context. Enable 2FA instead for a robust, additional account access protection.

Kind regards
 

Share this post


Link to post
9 hours ago, Flx said:
On 12/30/2019 at 3:20 PM, Staff said:

Enable 2FA

Any reason why you picked Google Authenticator over Authy?
You can use any app you like for 2FA, as long as they support TOTP.
If you like using Authy, just scan the QR-code with Authy and add it to your Authy account.

Share this post


Link to post
On 12/31/2019 at 10:20 AM, Dawind said:

You can use any app you like for 2FA, as long as they support TOTP.
If you like using Authy, just scan the QR-code with Authy and add it to your Authy account.

Wonderful. Thanks for explaining the obvious. Do you know the difference between them?
See this-->>https://authy.com/blog/authy-vs-google-authenticator/
 

Share this post


Link to post

Guys, do yourself a major favor IF you are using TOTP.  Don't skip the process of backing up your Authy/Google code before using it.  When I set TOTP (prefer U2F) I create a snapshot and back it up to a remote file.  IF you ever lose your phone, etc....  you can simply import the QR code back into the next phone and you are good to go.  It takes me a few seconds to prepare in advance for such an instance.  They happen all the time, just read around on the internet and you will see people screaming that Google Auth and Authy are terrible.  Its not either, just clueless folks losing their access and having no backup.

Share this post


Link to post

I recommend AndOTP which has a backup and restore feature both to text and to AES-encrypted file, among other things, making it the better choice than Authenticator.

Can anyone please elaborate on my question? Why would you trust a stranger's datacenter with your traffic and not AirVPN's website with retaining that piece of info (which does not identify you in any way, by the way)?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
58 minutes ago, giganerd said:

Why would you trust a stranger's datacenter with your traffic and not AirVPN's website with retaining that piece of info (which does not identify you in any way, by the way)?


The answer to your question seems simple enough: you wouldn't.
But I think OP was only asking why this info was being retained at all rather than raising any concern of trust.
For me the possibly specious basis for not keeping this info is because it's metadata (however rudimentary) reflecting your use of the website.  I think it is reasonable to ask why any session histories should be retained with a "no logs" service.  And I think it's just as reasonable to argue that it's irrelevant info.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...