General questions

[vfgbgsbgfvfcwed 0]

Hello admins and community,

I am thinking about using AirVPN. I have a few questions.

First of all, English is not my natural speaking language. I apologize for any spelling mistakes.

It is important to me to use a non log VPN. I am not interested in committing any crimes. Nevertheless, it cannot be ruled out that other AirVPN users do exactly that. I have read through all the terms of service and so on. Unfortunately, I can no longer find the passages, but something was said about AirVPN recording servers in the event of violations, i.e. saving data if necessary. Have I understood this correctly or have I misunderstood?

I don't want my data to be logged just because a user thought he had to screw up.

How does AirVPN deal with such requests? Is it actually logged then? What happens with such requests from authorities?

There is also a lot of monitoring. User data transfer etc. I find this somewhat critical because something is logged. How is this implemented so that no user activity is recorded?

Is it allowed to use AirVPN with a router and thus bypass the device limit?

I think the use of ram disks is very good. But what if something is plugged into the server? E.g. USB sticks, cables, keyboards or similar? Are the servers protected against such "attacks"? Ram disks help against taking the servers but not against someone sitting down at the server and looking in.


I think I have asked all the important questions. Thank you very much and sorry for the long text.

With kind regards

[Staff 9764]

12 hours ago, vfgbgsbgfvfcwed said:

I think the use of ram disks is very good. But what if something is plugged into the server? E.g. USB sticks, cables, keyboards or similar? Are the servers protected against such "attacks"? Ram disks help against taking the servers but not against someone sitting down at the server and looking in.

Hello!

The other questions are answered in the ToS, specification page and Privacy Notice, therefore we invite you to read those documents, further clarifications may come from the community or from us if necessary:
https://airvpn.org/tos The Terms of Service
https://airvpn.org/privacy The privacy notice and terms, scroll down for additional safety measures according to best practices as well as GDPR prescriptions
https://airvpn.org/specs Specs overview

In AirVPN, the problem you mention is not related to USB specifically, because USB support is disabled on the kernel of our servers and any reboot to make the server re-start to run a different kernel in order to plug secretly USB devices will cause the server to be rejected by the infrastructure, but adversaries don't need to plug in USB peripherals. A more effective attack comes from outside the server and a defense against this attack is not possible on the server itself (simply because the adversary does not interfere with or touch the server), it must come from a pro-active action by the user. Please see here:
https://airvpn.org/forums/topic/57163-pen-register-connection-logging-on-airvpn-server-janfeb-2020/

Kind regards
 

[vfgbgsbgfvfcwed 0]

Hello,

I have found the article again.
https://airvpn.org/forums/topic/3451-logs-raids-and-monitoring/?do=findComment&comment=3455

If I understand correctly, AirVPN will carry out investigations if you wish.

I can understand that. I wouldn't want my service to be used for anything illegal either and your actions in all honor what you do is far from my understanding of "Defense of net neutrality, privacy and against censorship."

Your mission statement is "An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship."

Anyone who talks about "defenses", "net neutrality", "privacy" and "against censorship" unfortunately, and I really mean unfortunately, also means the bad guys. As already mentioned I don't use a VPN for forbidden things but net neutrality, privacy and against censorship is a statement a promise to your users and the people who trust you. If you start investigations then it affects everyone who uses your service both the good and the bad. Everyone will be stripped and looked at as I understand it.

How can you start investigations without the good guys getting caught?

How do you ensure the safety of everyone else?

What options do you have or use?

With kind regards

[Staff 9764]

16 hours ago, vfgbgsbgfvfcwed said:

If I understand correctly, AirVPN will carry out investigations if you wish.

Hello!

No, you did not understand correctly at all.. we have no power or authority to conduct investigations. Investigations can be carried out by the relevant authorities using the proper procedures, and what we can do is to cooperate with the relevant authorities and only in accordance with the orders of the competent courts.
 

Quote

Anyone who talks about "defenses", "net neutrality", "privacy" and "against censorship" unfortunately, and I really mean unfortunately, also means the bad guys.

We can't see how infringing privacy (which is a fundamental right), net neutrality and enforcing censorship can help the good guys and/or support crime prevention. We challenge you to publish a proper impact assessment and/or research which shows how the "good guys" are protected by censorship, blocks and general violations of privacy and net neutrality.

On the contrary, reports and studies on blanket and indiscriminate privacy violations by various bodies and police forces around the world show the opposite, i.e. that data retention is ineffective in fighting serious crime and at the same time is incompatible with fundamental rights, in particular (as pointed out in 2019 by the EU Council too in official document) the rights to privacy, protection of personal data, non-discrimination and presumption of innocence. Indeed, such considerations led the Court of Justice of the European Union to strike down the Data Retention Directive with retroactive effect, and also to prohibit the EU Member State from enforcing a blanket data retention obligation on Internet Service Providers.

The Court of Justice declares the Data Retention Directive to be invalid
https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf

The Members States may not impose a general obligation to retain data on providers of electronic communications services
https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf

The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security
https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf

As for the protection provided by a layer of anonymity, which is an additional and specific method of enhancing privacy, both the United Nations Special Rapporteur and the United States Supreme Court have recognised it as one of the essential tools for exercising freedom of expression. You can find the links on the same AirVPN mission page you mentioned.
 

Quote

Everyone will be stripped and looked at as I understand it.

In 14 years no AirVPN user has ever had his/her identity compromised due to AirVPN behavior or technical failure but of course any server can be wiretapped without AirVPN knowledge, legally or illegally. In order to defeat adversaries who have the power to eavesdrop on servers through black boxes (external to the server: these boxes can't see the traffic content of course, but they can correlate incoming packets to outgoing packets, which is in some cases a relevant information), we have written repeatedly, please check here:
https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

Kind regards