Hello! @cccthats3cs
Thank you very much, those documents are interesting indeed.
All the matter is indeed a risk which we warned our users about according to their threat model since AirVPN's birth. The described investigation techniques may be instrumental to bring to justice criminals without enforcing provider to blanket data retention, and therefore they show once again the correctness of the Court of Justice of the European Union which forbade repeatedly EU Member States to oblige any ISP to perform blanket data retention. We're also pleased to see that
AirVPN made no technical mistake instrumental to the suspect's incrimination and that
a "trap and trace" device had to be physically installed outside AirVPN servers
Unfortunately the same methods might also be used by powerful crime organizations or agencies of regimes hostile to human rights to find out and suppress activists, "dissidents" and limit freedom of expression and information.
For this reason we wrote extensively about how to defeat easily such powerful adversaries (provided of course that your system is pristine, not compromised, an essential pre-requisite). In 2012 we published this for example: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745
Multiple times we warned about the danger of "black boxes" and it's not incidental that "OpenVPN over Tor", for example, has been implemented in our mainstream software since 2011 or 2012 and it is advertised in the home page while Tor is also listed in the "Download" > "Other technologies" section.
Kind regards