VPN service disclosed user IP to French authorities

[DogeX 8]

Hello 

In the article, it is reported that a 16-year-old residing in Yvelines, France, was arrested for sending false bomb threats to their school via email. In an attempt to remain anonymous, the teenager utilized a VPN service. However, this precaution proved insufficient to evade apprehension, as the VPN service cooperated with authorities, enabling them to trace the actions back to the individual.

Here is the article (in French)

In a situation similar to this, would AirVpn cooperate with authorities ?

Edited ... by OpenSourcerer
Rephrase mentions of competitor with more neutral words

[go558a83nk 371]

Anybody is obliged to cooperate with the proper authorities but if there are no logs then....

All this really tells you is that this VPN service keeps logs.

Edited ... by OpenSourcerer
Rephrase mentions of competitor with more neutral words

[fishbasketballaries 17]

1 hour ago, DogeX said:

However, this precaution proved insufficient to evade apprehension, as the VPN service cooperated with authorities, enabling them to trace the actions back to the individual.

This article doesn't reveal how the teen was caught, nor what VPN provider was used.

[DogeX 8]

2 minutes ago, fishbasketballaries said:

1 hour ago, DogeX said:

However, this precaution proved insufficient to evade apprehension, as the VPN service cooperated with authorities, enabling them to trace the actions back to the individual.

This article doesn't reveal how the teen was caught, nor what VPN provider was used.

The information provided suggests that the individual in question was apprehended with the cooperation of the VPN company. Notably, it's mentioned that the VPN service in question was based in Switzerland, and towards the end of the discussion, there's a reference to Proton VPN.

[fishbasketballaries 17]

16 minutes ago, DogeX said:

The information provided suggests that the individual in question was apprehended with the cooperation of the VPN company. Notably, it's mentioned that the VPN service in question was based in Switzerland, and towards the end of the discussion, there's a reference to Proton VPN.

Perhaps DeepL's machine translation is failing me here, but it looks to me like the article only mentions that most bomb threats targeting airports are sent from IP addresses in Switzerland. Then they point out that Proton is a Switzerland based company who, in the past, has provided user identities to courts, but it does not say that this bomb threat was sent from Switzerland or whether Proton unmasked the perpetrator.

[OpenSourcerer 1468]

I can confirm Mr. fishbasketballaries' information via translation as well. There is no suggestion that the VPN provider in this case was ProtonVPN.
Mr. DogeX, please check and recheck the information you get next time before you post.

[Staff 10123]

Hello!

Maybe different info mixed up? The French activist (a member of Youth For Climate / Fridays For Future, a climate strike movement initiated by activist Greta Thunberg) framed by Proton AG through IP address logging and disclosure, has become a famous case, but the logging by Proton occurred via another Proton service, ProtonMail, which claimed no logging:
https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/

Now the service advertising has been changed and does not mention anymore "no logging", on the contrary it specifies that it may log IP addresses of customers according to legal requests. Although the company is the same and the jurisdiction is the same, Proton AG claims that ProtonVPN can not be forced to log IP addresses of customers as it happened with ProtonMail because the relevant Swiss law pertaining to VPN service is different.

Kind regards
 

[iwih2gk 95]

7 hours ago, Staff said:

Hello!

Maybe different info mixed up? The French activist (a member of Youth For Climate / Fridays For Future, a climate strike movement initiated by activist Greta Thunberg) framed by Proton AG through IP address logging and disclosure, has become a famous case, but the logging by Proton occurred via another Proton service, ProtonMail, which claimed no logging:
https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/

Now the service advertising has been changed and does not mention anymore "no logging", on the contrary it specifies that it may log IP addresses of customers according to legal requests. Although the company is the same and the jurisdiction is the same, Proton AG claims that ProtonVPN can not be forced to log IP addresses of customers as it happened with ProtonMail because the relevant Swiss law pertaining to VPN service is different.

Kind regards
 

Another evidence of how great TOR over VPN is.  I use this method for Proton and for Tutanota on my accounts.  Its so easy to do with Eddie I can't ever see not using TOR over AirVpn.

[Guest]

I believe most ProtonVPN customers sign up with an ProtonMail e-mail address.
Not sure how that plays out in terms of privacy with ProtonMail's IP address logging practices.
Different laws for e-mail and VPN services is perhaps the reason why Proton now allows ProtonVPN account creation by registering an external email address instead of one from ProtonMail.

[ImShadow 0]

On 10/24/2023 at 5:14 PM, iwih2gk said:

Another evidence of how great TOR over VPN is.  I use this method for Proton and for Tutanota on my accounts.  Its so easy to do with Eddie I can't ever see not using TOR over AirVpn.

Like VPN -> Tor or Tor -> VPN, Because they both suck and one is a lot worse than the other. Tor has a small bandwidth for their network & VPNs work fine enough.
use Tor and your VPN when you're doing Browser things but I'd still download things on a separate browser. if you really want a good browser & VPN use Mullvads browser & AirVPN as it's secure enough, if you wanna get crazy edit the Eddie configs a lot or checkout wiresock for wireguard bro.

[Moat 11]

On 10/24/2023 at 2:05 PM, Staff said:

Hello!

Maybe different info mixed up? The French activist (a member of Youth For Climate / Fridays For Future, a climate strike movement initiated by activist Greta Thunberg) framed by Proton AG through IP address logging and disclosure, has become a famous case, but the logging by Proton occurred via another Proton service, ProtonMail, which claimed no logging:
https://beebom.com/protonmail-logged-ip-address-should-you-worry-privacy/

Now the service advertising has been changed and does not mention anymore "no logging", on the contrary it specifies that it may log IP addresses of customers according to legal requests. Although the company is the same and the jurisdiction is the same, Proton AG claims that ProtonVPN can not be forced to log IP addresses of customers as it happened with ProtonMail because the relevant Swiss law pertaining to VPN service is different.

Kind regards
 

I've said it, I'll repeat it, even if Fred is right:

"Most people don't want to hear the truth because they don't want their illusions destroyed" - Friedrich Nietzsche

Regardless of what Proton or any Swiss service claims, Swiss law OBLIGES any "telecommunication company" to intercept and keep "ANY DATA" in "UNENCRYPTED FORMAT" which transits in or out of its country borders, for "AT LEAST 6 MONTHS" for the event law enforcement "ASKS". The asking part is without need for a court order or investigation warrant. The unencrypted part is where the telecommunications company becomes liable for any alleged wrongdoing which they can not provide the information unencrypted of. You can blame Swiss based services to not clearly advertise this. You can't blame them for complying, it is their arse or the wrongdoers... The pressure point is who "stores" the data. For example VPN keys at for example Proton, anyone?

Since it can be asking without warrant or court order, it does not oblige law enforcement to do anything with it …  They can let you stink for years, and when it matters to the Swiss use that as a pressure point to obtain something else they suddenly may want from you. Classic Swiss.

Now it is particular: any connection going through the border. So if you are in Switzerland and your connection and data stays in Switzerland, well, the obligation does not exist. (as if a company will bear the cost burden to differentiate …) No, its just the Swiss don't like their secrecy shit kept, because if so and if ever used in court the public prosecutor has to order the destruction and inadmissibility of the evidence and it becomes an awkward display. Imagine if someone took it to ECHR, the only leg would be national security, no longer national interest or catching bad guys.

AVPN (may) does not log connections, and (may) does have a good contract with their Swiss data center. 

Reality is the Swiss data center has to log anything which crosses the border for the Stasi . You're only a little safer if the keys can not be found in Schwein-e-land.

Not saying the other countries are better, but Swiss services (dare I misbehave and suggest crooks?) like Proton, crap away from them as far as you can.

If you like the Swiss funny concept of privacy and security, pay attention to certificates of web sites like Zoho being "safe" and "private" because hosted and served from Sierre for example

There is no such thing as privacy online, only making life a bit more difficult to those who wish to know the colour of your underpants, when you last did your laundry, and what detergent you used...

[Staff 10123]

12 hours ago, Moat said:

Reality is the Swiss data center has to log anything which crosses the border for the Stasi .

Hello!

Sorry, but your message contains FUD and fantasy. The Swiss Federal law about the Surveillance of the Post and Telecommunications enforces 6 months of metadata and e-mail headers retention to ISPs with more than 100 M CHF of revenue per year for at least two years in a row or receiving more than 100 requests of information in a single year. All the exemptions and obligations here. Furthermore, your alleged retention obligation of encrypted transiting data in unencrypted form not only is not required, but it is also physically impossible when the ISPs don't have the decryption keys, i.e. always, for any practical purpose (impossible every time end-to-end encryption is used). In this case the law does not try to enforce something impossible, at least.

Kind regards
 

[OpenSourcerer 1468]

15 hours ago, Moat said:

"Most people don't want to hear the truth because they don't want their illusions destroyed" - Friedrich Nietzsche

We were reading some parts of him in class and I cannot remember ever reading anything remotely similar. And true enough, Nietzsche never wrote or said anything of the sort. That is a really bad paraphrase of what Nietzsche really was writing in some of his works.
Get your quotes in order, and please do the mimimum of research before posting. The AirVPN forums are not an open stage for conspiratory thinking.

[QStack 0]

I'm sorry to bump this post again, but I feel I can add some information/sources that might be useful to other people who find this post, as I did.

With Proton, there are currently two known activists who have used Proton, been caught and had the story published in the media.
People tend to think only of the French activist, but often they mix information from the French and the more unknown Catalan activist.

1. The activist from French (Proton)
TLDR:
1. Activist used Proton Mail without VPN. The police resquested information from Switzerland via Fedpol, Proton had to provide the information they had according to Swiss law. They don't have much, as they don't fall under the telecommunication law (no yet, see below).
2. If the activist had used a VPN or accessed Proton Mail via Tor, this probably wouldn't have happened.
3. The activist's name was already known before they got the information from Proton.

2. The activist from Catalonia

3. Swiss Federal law about the Surveillance of the Post and Telecommunications The current law as it is right now, is broken already. (4 part story, only first two are free available).
Planned is a new Revision of the current Surveillance Act. They asked Proton Chef about it.
From the Tagesanzeiger:
- Enable retroactive monitoring in order to be able to identify users on the internet.
- Companies must inform the ÜPF service which email service a user last accessed.
- Real-time monitoring of so-called edge data, which is data that contains information about the use of telecommunications services - i.e. with whom, when, for how long and from where a person has communicated.
- Tech companies must cooperate fully with the authorities once they reach the threshold of more than 1 million users and CHF 100 million in yearly revenue from the past 2 years (This is already part of the current law). With 12 million and 100 million users respectively, this applies to Threema and Proton. For Proton Mail, this would mean that you've set up the two-way password so that the emails themselves are encrypted with your own key, so Proton can't share any emails from your mailbox with the government. (I'm still not sure if they would have to with the revision of this law, but better safe than sorry)

If you think it's bad enough that the US and the UK are currently the top surveillance states, the Swiss will be even higher up the list if this new revision goes through. The Swiss people voted 'yes' to the Telecommunications Act in the first place, so if there's a referendum, it's likely that people will vote 'yes' again because people really think 'I have nothing to hide' and 'the Swiss government can be fully trusted'. Not even the article about how the current law has already been abused and how people were misinformed before the referendum has caused much media attention and outrage.

[OpenSourcerer 1468]

11 hours ago, QStack said:

2. The activist from Catalonia

 

Quote

Proton provides privacy by default and not anonymity by default because anonymity requires certain user actions to ensure proper [operational security] such as not adding your Apple account as an optional recovery method, which it appears was done by the alleged terror suspect.

He deserved everything that came his way.
Shows once again that there is a difference between privacy and anonymity – of which Proton only offers the former.