Jump to content
Not connected, Your IP: 18.188.175.66
Sign in to follow this  
mordants

What AirVPN server to use for Anonomity?

Recommended Posts

Still new to all this Anonomity and Laws and all that but for education purpose how does this work

Let say, you live in USA and use Airvpn USA Server. are you more secure this way or its best you go use Airvpn Netherland, or UK or EU servers?

Since Airvpn does not LOG any IP does it matter?

Share this post


Link to post

Still new to all this Anonomity and Laws and all that but for education purpose how does this work

Let say, you live in USA and use Airvpn USA Server. are you more secure this way or its best you go use Airvpn Netherland, or UK or EU servers?

Since Airvpn does not LOG any IP does it matter?

There are multiple ways of looking at this:

If you connect from the USA to another USA server, you are adding only a small level of security.

If you connect from the USA to another server, outside of US jurisdiction, then you are adding a more substantial level of security; however, there may be an issue with this as well. Say you connect from the USA to the Netherlands but the website you are intending to visit is in the USA--you are essentially going from the USA to the Netherlands to the USA. This is a problem because anyone who is monitoring your connection can see the zig zagging going on--i.e. the NSA.

It is almost always better to use a server outside of your government's jurisdiction to enchance your privacy and security. A warrant will be much harder to procure than a server in your home country.

If your aim is anonymity and naught else--then an onion proxy is your best bet. If you are aim is for "no logging" anonymity (i.e. a VPN) then you want to study the privacy laws of different countries to ascertain which country offers the best privacy. Netherlands, Switzerland, Luxembourg, Sweden, and Romania are good. England, the US, and Germany are not as good.

But never rely on one service-cascading and/or layering services enchances your privacy by magnitudes.

AirVPN does not log but any operator can be compelled by law to log.

Share this post


Link to post

So going from

Using AirVPN (Open)

USA -> Netherland

or

USA -> Germanay

Surfing UK Website

- Downloading You.tube videos

I guess Airvpn does not LOG any IP, but if they are in USA and USA individual ask to provide IP, then they have to..but since its not LOGGED, Logging would have to turned on

- What happen if another security layer was added, if IP function was turned ON by admin it

Initiate: Auto.Delete User Account with email stating (HIDDEN auto email)

- Due to Policy breach, your account was disabled.

- No IP was logged, - No IP Given

Now if IP was provided, those individual would have to find out which ISP it belongs too, then contact the ISP..who may or may not provide info,...I guess it depends on severity...

Seriously, if they going to have issue with people downloading Youtube video...This entire country/world is going to go to shit, imho.

Share this post


Link to post

I guess Airvpn does not LOG any IP, but if they are in USA and USA individual ask to provide IP, then they have to..but since its not LOGGED, Logging would have to turned on

Hello!

With the due respect, are you joking? First of all we're not in the USA, second and more importantly we don't turn on logging because "an USA individual" asks us to.

Kind regards

Share this post


Link to post

i had the same question as the OP actually.

I'm in the USA and would like to connect to a server as close to me as possible. Best choice is obviously the USA servers.

If you guys are based abroad and yet have a server here, then sure, no one will go after you especially since you dont log. But I bet they'll go after whichever company within the USA is hosting your servers; and they likely will hand your info over.

So yeh, I guess its best to avoid the USA servers from within the USA.

Share this post


Link to post

But I bet they'll go after whichever company within the USA is hosting your servers; and they likely will hand your info over.

I'm pretty sure every data center keeps some sort of logs, but even in the worst case scenario all they would have is bulk connection logs of inbound/outbound traffic to and from the VPN server. However as long as the VPN server itself isn't logging, then the inbound/outbound connections cannot be correlated, and therefore it's virtually impossible to pinpoint which client was responsible for a particular activity after the fact. That means, hypothetically, if there were 100 clients connected to the server at the time in question, they'd have to serve warrants to the ISPs of all 100 clients. It would be unprecedented for such a fishing expedition to actually take place, considering the need to establish probable cause to get a court order, among other things.

In short, don't be too worried about the server because, barring extraordinary circumstances, there is nothing for them to "hand over" after the fact and therefore your anonymity will remain strong. A much more plausible threat would be that of real-time surveillance by an authority, i.e. sniffing the exit traffic of the VPN server. In the case of a very serious crime being actively committed, you should assume that ALL of AirVPN servers are vulnerable to this method of attack. Realistically, there's no such thing as "bulletproof" anonymity with a VPN alone, especially if you're up against an adversary with unlimited manpower, technical, and financial resources.

Share this post


Link to post

Just came across this thread....interesting reading.

So is it really true that if a person from say the USA is connected to a USA server, then that data-center could provide the real IP of the person connected?

If so, how does the argument that no logs are kept stand true, with regard to protecting the anonymity of the AirVPN subscriber?

AirVPN does not keep logs, and they can stick with that fact, but if they are using USA data-centers for their servers then the data-center is the weak link and basically AirVPN's promise is not worth the paper it's written on?

Or am I missing something here?

Share this post


Link to post

Just came across this thread....interesting reading.

So is it really true that if a person from say the USA is connected to a USA server, then that data-center could provide the real IP of the person connected?

If so, how does the argument that no logs are kept stand true, with regard to protecting the anonymity of the AirVPN subscriber?

AirVPN does not keep logs, and they can stick with that fact, but if they are using USA data-centers for their servers then the data-center is the weak link and basically AirVPN's promise is not worth the paper it's written on?

Or am I missing something here?

Hello!

Theoretically this can be done on any VPN, proxy, TOR etc. service and without limitations on the customer's country IP address. If you can't afford to run such a risk (or trust us) you need to hide your real IP address to our servers and datacenters even while you're connected. This can be easily done as explained here:

https://airvpn.org/tor

You might also like to read here (partition of trust and further considerations):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

Kind regards

Share this post


Link to post

Dear AirVPN

I’d like to buy your VPN service, because I found some excellent recommendations on web and I believe you offer fantastic service to your customers.:woohoo:

However in last days one question crossed my mind. Please could you explain/answer 1 small question why should I have (hopefully not false) feeling of anonymity when using your service?

Government Agencies/ or some Big copyright holder like Microsoft/ Police from Italy /some EU member state due to some investigation / etc./ might at some point in time reveal that it was commenced a crime using IP from one of AirVPN servers (e.g. pirated windows OS/ p2p movies downloading or uploading / or somebody involved in some crime/ etc./.

So, the police will obtain relevant court order from relevant court without delays or problems and of course, today’s police is not dumb, they soon reveal that crime was done very probably by some of your customer, not by airVPN server administrator.

But IP address of each of your server at any given time might be shared by hundreds if not thousand of users.

Then you might be probably somehow forced (you may also deliberately cooperate with police, I guess it depends on the type of court order, who can say exactly what is/ is not/ in compliance with your terms of service) at least to surveillance logging of IP addressess to distinguish exactly problematic customer among hundreds of customers.

But how to find the one you are looking for? e.g. some ugly "criminal" (not that I am one of them but taken only as an example since I think everyone is claiming they wouldnot help and hide them, eg did you see IT crowd episode with Peter File?) you would have to monitor traffic and your customers for some period of time in close cooperation with police/goverment/ etc to find him/her. And what if police, during the search for somebody else decides that also my activity is despicable and not legal as well?

I think police must pay attention on any breaches of law which is in effect, no matter what people/ your company/ police officers themselves might think about unfair laws or no matter if it is against common sense, it is lawful obligation of police and their “mission/ function”, so my conclusion is that they could arrest me as well. (why they should not?)

It might be a good and easy catch for police, they will have one more criminal to fill their success statistics.

Why is police always watching speeding at some useless places like highways where everybody breaches speed limit?... only because it is easy. The same it is with VPN – police can be sure, once they will acquire ANY court order, they will surely find many "criminals" :woohoo: , very probably they can find some dirt on every VPN user. :woohoo:

The newspapers are full of cases of people who ended in prison only because of some mistake which happened during police investigation.

In my opinion, perhaps all VPN providers are constantly closely watched by different "authorities" (if many VPN were not directly set up and operated by "authorities" themselves). This discussion is surely closely watched too by many "people".

I assume it must have already happened to you (I mean court order, authorities pressure)! so you must have some experience with such cases. :woohoo: Of course you wouldnot admitt it due to many reasons - you would have lost paying customers, you cant admit cooperation and name/s of the authorities because then the secret woulnot be secret anymore :woohoo: ... but maybe you can at least indicate a liitle so that attentive reader can come to conclusion how deep is the conspiracy level with authorities.

Why should we then feel free and anonymous by using your VPN?

Thank you in advance for your answer

Share this post


Link to post

@WinniethePooh

Hello!

There's a clear legal framework in the EU which covers duties and rights of a provider of services in the information society which is a mere conduit of data (see 2000/31/EC articles 12, 13, 14 and 15). Amongst them, there's no obligation to monitor customers traffic (on the contrary, 95/46/EC and 2002/58/EC pose precise prohibition to data monitoring and collection). We don't keep logs so we can't give away information that we do not have.

A court order can't force us to monitor traffic: even if it did, it would not be valid: no court order can force a person to commit illegal actions, as it would be active traffic monitoring, which infringes important privacy laws, secrecy of correspondence and fundamental rights. But let's admit that a collective madness suddenly infect a magistrate and all of AirVPN staff. Even if we complied to a flawed court order our data would have no relevance in a court, because there is absolutely no guarantee of their reliability and/or no manipulation, not to mention guarantees about server integrity. Your premise that we could be forced to actively cooperate with proper authorities in monitoring traffic is simply absurd, under an investigative point of view, because such cooperation would destroy the validity of the investigation itself.

That said, this admin disagrees strongly with some other premises of yours as well, for example you surreptitiously suggest that most VPN users are criminals. Do you have any data to support that? Are you aware that privacy is one of the most fundamental human rights? Do you have any scientific set of data which may support the implication that strong privacy leads to criminal behaviors? We do have scientific research and factual evidence which show, in the contrary, how strong privacy and identity protections enhance freedom of expression.

Finally, if you feel that you must face an adversary with the power to monitor all our servers in real time, you should perform partition of trust. We wrote an article about it:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

Kind regards

Share this post


Link to post

The newspapers are full of cases of people who ended in prison only because of some mistake which happened during police investigation.

In my opinion, perhaps all VPN providers are constantly closely watched by different "authorities" (if many VPN were not directly set up and operated by "authorities" themselves). This discussion is surely closely watched too by many "people".

[...]

I assume it must have already happened to you (I mean court order, authorities pressure)! so you must have some experience with such cases. :woohoo: Of course you wouldnot admitt it due to many reasons - you would have lost paying customers, you cant admit cooperation and name/s of the authorities because then the secret woulnot be secret anymore :woohoo: ... but maybe you can at least indicate a liitle so that attentive reader can come to conclusion how deep is the conspiracy level with authorities.

Hello,

just a question from an Air co-founder: is it reasonable to assume that some government (or organized crime) entity have the will, the persons, the money and the power to "watch closely" petabytes of data transmitted through hundreds of thousands nodes distributed in a hundred or more countries and operated by thousands companies or persons (think of volunteers operating TOR nodes for example) in different jurisdictions? And even if it could be possible, then what about all the remaining traffic outside consumers VPNs? The myth of the global adversary might become true one day, but today is not that day. Even if NSA could become one day a global adversary, they will be forced to have priorities, and anyway they would still have "some problems" with encryption...

About admitting or denying cooperation with any entity, I can assure you that we have had no such problems and we have not cooperated with anyone, but of course you can reply that you don't trust me: so act accordingly, you don't need to trust us to use our services and have anyway a strong anonymity layer. I would recommend also to anyone with such doubts to read carefully the Terms of Service, the Privacy Notice and the cited legal documents inside them. In particular, I would not remain inactive if a proper authority (this is an extreme example, but I find it appropriate) should warn me that, through our servers, aiding or abetting infringements of fundamental rights as enshrined in the ECHR are performed, such as human trafficking, human / children exploitation, privacy violations. If a customer infringes the ToS, we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation.

Kind regards

Share this post


Link to post

<b>Thank you very much for your quick answer. </b> much appreciated!! Now I know you are the best and I am looking to use your service.

I will think twice about every word you said and analyze it very carefully.

Since you deny any kind of possible cooperation, at first glance someone could say it might be even worse than I expected. Maybe you must collaborate both with authorities and the dark side (mafia and organized crime). Maybe you were forced under horrible threat in the beginning and now you only cynically wait who pays more.... who knows. :S

I mean maybe the more we want to be anonymnous by using encrypted VPN tunnel the more attractive we could become in the eyes of both authorities (police) and the opposite side = racketeers, blackmailers, mafia.

Maybe the real anonymity we can experience when we look like that we have nothing interesting to hide, like some boring and dumb BFU on internet whose only aim is to read the Sun/ das Bild/ and order an email newsletter about sales in Ikea store. Thus maybe it would be better avoid VPN and use some public WIFI net, use only decent encryption that is not visible at first sight (eg encrypt files onto images and publish it somewhere on everybodys eyes in photoalbum)

Anyway this is only my current expression of my opinion and in any way it is not meant as negative view on anytning. It is only some conspiracy assuption which might not be true.

Of course I am very positive and engaged and again thank you very much the answer!! :woohoo:

Share this post


Link to post

...

.......... I would recommend also to anyone with such doubts to read carefully the Terms of Service, the Privacy Notice and the cited legal documents inside them. In particular, I would not remain inactive if a proper authority (this is an extreme example, but I find it appropriate) should warn me that, through our servers, aiding or abetting infringements of fundamental rights as enshrined in the ECHR are performed, such as human trafficking, human / children exploitation, privacy violations. If a customer infringes the ToS, we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation.

Kind regards

Thank you pj for your answer

when a starving beggar steals a loaf of bread so that he does not die from hunger is that a crime?

and when he takes several loafs of bread for his starving family, is that a crime? :woohoo:

and what if he has a big family and what if his family does not like bread but something else, like cigarettes, or information or truth?

so that what if a starving man or a polite hacker gets into some system of bad people in order to publish something on wikileaks with a good intention in mind to feed his big family with the truth, is that a crime?

what if some jealous guy hacks someones email box in order to sniff what's going on is that a crime?

and what if a starving man downloads some copyrighted stuff (movies, music, software), to feed only himself is that a crime? :blush:

and what if he feeds his broad family with this stuff, then he might cross the red line or is it still justifiable? :dry: :blush:

and there are many other what if....

no one is harmed physically so it is not forbidden so that it might be allowed?

how can people know ahead (not retrospectively) what is in accordance with ToS and what is behind the allowed threshold?

of course I understand you will not reply on such stupid questions and strange comparisons, of course all these things are not allowed and you will terminate such users in any case and surely you will initiate investigation and you would fully cooperate with police and all key stakeholders, it was just stupid attempt, I will read carefully once again your answer in above mentioned posts.

Share this post


Link to post

...

.......... I would recommend also to anyone with such doubts to read carefully the Terms of Service, the Privacy Notice and the cited legal documents inside them. In particular, I would not remain inactive if a proper authority (this is an extreme example, but I find it appropriate) should warn me that, through our servers, aiding or abetting infringements of fundamental rights as enshrined in the ECHR are performed, such as human trafficking, human / children exploitation, privacy violations. If a customer infringes the ToS, we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation.

Kind regards

Thank you pj for your answer

when a starving beggar steals a loaf of bread so that he does not die from hunger is that a crime?

and when he takes several loafs of bread for his starving family, is that a crime? :woohoo: :blink:

and what if he has a big family and what if his family does not like bread but something else, like cigarettes, or information or truth? :blink:

so that what if a starving man or a polite hacker gets into some system of bad people in order to publish something on wikileaks with a good intention in mind to feed his big family with the truth, is that a crime?

what if some jealous guy hacks someones email box in order to sniff what's going on is that a crime?

and what if a starving man downloads some copyrighted stuff (movies, music, software), to feed only himself is that a crime? :blush:

and what if he feeds his broad family with this stuff, then he might cross the red line or is it still justifiable? :dry: :blush:

and there are many other what if....

no one is harmed physically so it is not forbidden so that it might be allowed?

how can people know ahead (not retrospectively) what is in accordance with ToS and what is behind the allowed threshold?

of course I understand you will not reply on such stupid questions and strange comparisons, of course all these things are not allowed and you will terminate such users in any case and surely you will initiate investigation and you would fully cooperate with police and all key stakeholders, it was just stupid attempt, I will read carefully once again your answer in above mentioned posts.

Hello!

Sorry if I answer to your questions with questions, but you mixed a lot of things: which of the above acts are aiding or abetting a violation of human rights as enshrined in the ECHR? And between them, which ones can be committed through our network? And between them, which ones aid or abet human trafficking and/or human exploitation?

Once you have discerned those, and you have read the ToS (where I'm sure you'll notice also that usage of our service for copyright enforcement through privacy violation or data collection is forbidden), I'll be more than glad to answer more precisely (if it will be still necessary :) ).

Kind regards

Share this post


Link to post

snipped...In particular, I would not remain inactive if a proper authority (this is an extreme example, but I find it appropriate) should warn me that, through our servers, aiding or abetting infringements of fundamental rights as enshrined in the ECHR are performed, such as human trafficking, human / children exploitation, privacy violations. If a customer infringes the ToS, we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation.

Kind regards

Here is where things fall down slightly for me.

Say you have a user who is involved in some level of human abuse and the authorities come to you and you, following your right to exercise legal steps, begin to monitor that user...

You didn't know who that user was when the authorities approached you and since you have kept no logs up until this point, you have no ability to go back to find out who that was. Let us all grant you that trust for the sake of getting it out of the equation.

So, now the only way to comply, is for you to start logging all users to attempt to correlate future offenses of an identical nature.

Now:

- your claim of no logging is completely gone and you can't let your userbase know this.

- you have now logged lesser infractions that can be examined and acted upon.

Here is a straight forward question though. If you were compelled to co-operate with a particular group, would that cover logging behaviour on all of your servers, or just the server in the jurisdiction covered by the court order? Is there such a thing or has there ever been either a 'global' order, or at least a co-ordinated set of localized orders that amount to the same thing?

Share this post


Link to post

snipped...In particular, I would not remain inactive if a proper authority (this is an extreme example, but I find it appropriate) should warn me that, through our servers, aiding or abetting infringements of fundamental rights as enshrined in the ECHR are performed, such as human trafficking, human / children exploitation, privacy violations. If a customer infringes the ToS, we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation.

Kind regards

Here is where things fall down slightly for me.

Say you have a user who is involved in some level of human abuse and the authorities come to you and you, following your right to exercise legal steps, begin to monitor that user...

You didn't know who that user was when the authorities approached you and since you have kept no logs up until this point, you have no ability to go back to find out who that was. Let us all grant you that trust for the sake of getting it out of the equation.

So, now the only way to comply, is for you to start logging all users to attempt to correlate future offenses of an identical nature.

Hello!

No, that's not the only way. It is not necessary at all to log the activities of all users. If the provided information are clear, we can put triggers which activate automatically only under certain conditions given by the proper authorities If the conditions lack sufficient information, there's nothing we can do. No logs either way. Of course, legal triggering might help us terminate an account of someone which uses our services to aid or abet human trafficking/exploitation or privacy violations, but it can't gather evidence that can be used in a court. The rest is up to the competent investigators.

Now:

- your claim of no logging is completely gone and you can't let your userbase know this.

- you have now logged lesser infractions that can be examined and acted upon.

Absolutely not. Also, that would be illegal under our jurisdictional legal framework. If you re-read my post, I wrote:

we reserve the right to follow any legal (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation

(bold added)

The type of action you describe is indiscriminate monitoring which is illegal under the cited legal framework.

Here is a straight forward question though. If you were compelled to co-operate with a particular group, would that cover logging behaviour on all of your servers, or just the server in the jurisdiction covered by the court order? Is there such a thing or has there ever been either a 'global' order, or at least a co-ordinated set of localized orders that amount to the same thing?

See above: logging on one server or on all servers would not be necessary and anyway it would be useless and counter-productive (evidence illegally obtained can't be used in a court). Only a magistrate willing to destroy an investigation would issue a court order which would try to force a citizen to commit a civil or criminal offense. Furthermore, think about it: such an order would pretend to transform the citizen in a police officer in the hope that this citizen can gather relevant evidence; that the citizen himself/herself will not manipulate the evidence before transmitting it to the investigators; and anyway such "evidence" can't be used in a tribunal. Also, the magistrate would assume that the citizen is so highly trained on investigative procedures that his/her actions will not give an early warning to the suspect. It's absurd even before being illegal.

But it's just over-speculation on the wrong basis: we have never received such court orders simply because a court order can't force anybody to commit any civil or criminal offense.

Kind regards

Share this post


Link to post

No, that's not the only way. It is not necessary at all to log the activities of all users. If the provided information are clear, we can put triggers which activate automatically only under certain conditions given by the proper authorities If the conditions lack sufficient information, there's nothing we can do. No logs either way. Of course, legal triggering might help us terminate an account of someone which uses our services to aid or abet human trafficking/exploitation or privacy violations, but it can't gather evidence that can be used in a court. The rest is up to the competent investigators.

Absolutely not. Also, that would be illegal under our jurisdictional legal framework. If you re-read my post, I wrote:

we reserve the right to follow any <strong>legal</strong> (legal under the EU acquis) step necessary to put an end to such infringement and defend our reputation

(bold added)

The type of action you describe is indiscriminate monitoring which is illegal under the cited legal framework.

Excellent. Great information, and much more clear to me now. Hopefully this answers questions for others as well. Understanding the scope of what you must comply with and the illegal nature of indiscriminate logging are important details that I just simply wasn't reading into other conversations that I have been reading here on the forums.

Thank you for sharing how this works.

See above: logging on one server or on all servers would not be necessary and anyway it would be useless and counter-productive (evidence illegally obtained can't be used in a court). Only a magistrate willing to destroy an investigation would issue a court order which would try to force a citizen to commit a civil or criminal offense. Furthermore, think about it: such an order would pretend to transform the citizen in a police officer in the hope that this citizen can gather relevant evidence; that the citizen himself/herself will not manipulate the evidence before transmitting it to the investigators; and anyway such "evidence" can't be used in a tribunal. Also, the magistrate would assume that the citizen is so highly trained on investigative procedures that his/her actions will not give an early warning to the suspect. It's absurd even before being illegal.

But it's just over-speculation on the wrong basis: we have never received such court orders simply because a court order can't force anybody to commit any civil or criminal offense.

Again, thank you for the thorough and concise answer.

Just to continue along these lines just a little more, because now you have sparked my curiosity a bit...

Say then, you were complying with an order to investigate a particular user and you put the necessary triggers in place to identify a particular type of behaviour. Some questions on this:

1) Is it correct to assume that the triggers are 'on' the user accounts, so this way, regardless of which server they connect to, you could identify them and terminate their account?

2) Given that you are not an extension of the law per se, and as such, you cannot gather information that can be used in a court, then how does the termination of the user account help law enforcement? Would it be the case that in addition to the termination, you would have to grant access to the account information and specifically collected logs to the law enforcement agency?

3) Can you please disclose a little bit about the makeup of the activity triggers? For example, thinking about how Tor works... you couldn't simply trigger on anyone using Tor, because that would make up enough of your user base that it would count as indiscriminate logging, correct? That renders that trigger illegal. So, they would have to give you another condition to go by, like the end address. Since the end address cannot be seen without deep infiltration and control of the Tor network, you don't have the proper visibility to make the trigger work. Basically, you would be unable to ever detect the user that you are being asked to identify. Does this sound right? If not, and there is a scenario where you can detect what I am suggesting, can you please spell it out for me?

Share this post


Link to post

Hi pj, sorry for the double-post-bump, but I am hoping that you can address my response here, please.

Thanks

Share this post


Link to post

1) Is it correct to assume that the triggers are 'on' the user accounts, so this way, regardless of which server they connect to, you could identify them and terminate their account?

Hello!

No, it's not correct. Specific triggers can be based on different parameters. We have never instated any trigger so I can't be more specific.

2) Given that you are not an extension of the law per se, and as such, you cannot gather information that can be used in a court, then how does the termination of the user account help law enforcement?

Probably in no way. It is just a law requirement, if you read the references I gave you you have probably noticed that a mere conduit which is properly informed about an infringement committed on its infrastructure must act expeditiously to terminate such an infringement. This is a case where the law obliges the mere conduit to perform an act which can warn the trespasser. In case of child exploitation, the first concern of the authorities should be to identify and find the victim to protect him/her, so in this case there would be concern by the investigators before informing us.

Would it be the case that in addition to the termination, you would have to grant access to the account information and specifically collected logs to the law enforcement agency?

If we kept logs yes. For example, USA legal framework (an admin wrote an extensive article about it, please search for it in this forum) do not oblige providers to keep logs, but say that IF they have kept logs, then they must NOT delete them under request of a federal agency (without a court order) for a maximum of 6 months (after which a court order is necessary) and handle them over in case of a court order. Since we don't keep logs, no, there can not be such an obligation (in this example not even if we were under the USA jurisdiction).

3) Can you please disclose a little bit about the makeup of the activity triggers?

No, I don't think so. There are too many variables and technical difficulties, how to implement triggers (if possible) is necessarily decided on a case-by-case basis.

Kind regards

Share this post


Link to post

Not quite accurate. Just to set the record straight on this, here is a relevant excerpt from this page [http://blog.privacylawyer.ca/2009/01/log-retention-initiatives.html]:

"In addition, US criminal law permits law enforcement to make a written request for the preservation of records for 90 days (renewable for a further 90 days) (US CODE: Title 18, s. 2703(f)):

(f) Requirement To Preserve Evidence.—

(1) In general.— A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.

(2) Period of retention.— Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity."

This, again, assumes that the provider keeps logs, and that the provider is beholden to US law. Thus, neither apply to AirVPN.

If we kept logs yes. For example, USA legal framework (an admin wrote an extensive article about it, please search for it in this forum) do not oblige providers to keep logs, but say that IF they have kept logs, then they must NOT delete them under request of a federal agency (without a court order) for a maximum of 6 months (after which a court order is necessary) and handle them over in case of a court order. Since we don't keep logs, no, there can not be such an obligation (in this example not even if we were under the USA jurisdiction).

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...