How does AirVPN keep track of our statistics without logging?

[SaveSnowden 5]

It seems absolutely impossible to me that AirVPN can keep track of stats for users without logging (not neccessarily logging to a file, but connection monitoring). How is AirVPN tracking these statistics? I really think this is inviting trouble.

[knighthawk 19]

Staff can probably get into the particulars but If you have a vpn session active... there is going to be some data related to that session while it's actually active, that's what would be shown to you in the client section under active sessions some basic data that has to exist during a session {total data sent\received, length of time of session, current send\receive rate}.  It's what's always going to available in ram on a given server during an active connection.  Disconnect and that information is gone, unless you've enabled session achieving, in which case that basic summary data of the session is kept around for awhile.

[Staff 9773]

Hello,

 

we are not going to disclose how we do it in details (call it a trade secret ), anyway the data are gathered without logging and kept in RAM. The "inconvenience" is that all data are lost as soon as one disconnects or for any little trouble in a server, but after all that's exactly what we want.

 

Kind regards

[SaveSnowden 5]

Hello,

 

we are not going to disclose how we do it in details (call it a trade secret ), anyway the data are gathered without logging and kept in RAM. The "inconvenience" is that all data are lost as soon as one disconnects or for any little trouble in a server, but after all that's exactly what we want.

 

Kind regards

 

I find that answer troubling, it hides any potential data logging you might be doing, and also makes it hard for people to assess the security of this setup. There is no "trade secret" that gets around the fact that these statistics can only be collected by constantly keeping track of which user is sending and receiving which packets of data and from which sources. Openvpn will not track that itself, you have to deliberately add extra functionality to do it, all of which is dangerous and unneccessary. This logging should never be collected in the first place on a non-logging vpn, but if you insist on doing it, it should be opt in.

[Baraka 30]

There is no VPN in the world that doesn't collect any info on the clients connecting to their servers. By definition, your real IP is known to the server. Otherwise it wouldn't be possible for you to connect to it. The internet protocol is inherently insecure. Using a top notch VPN service such as Air maximizes your security. Just be aware that no VPN will be anonymous, no matter what anyone tells you. If the government really wants to find out who you are, they will. They can subpoena the hosting provider directly (not Air), or even go after the next router hop and get whatever they want from the access provider. Knowing all this, Air is an easy first choice, by far, for VPN services. Know what a VPN can do for you, and what it can't. Be smart about your usage. That's all.

[Staff 9773]

 

Hello,

 

we are not going to disclose how we do it in details (call it a trade secret ), anyway the data are gathered without logging and kept in RAM. The "inconvenience" is that all data are lost as soon as one disconnects or for any little trouble in a server, but after all that's exactly what we want.

 

Kind regards

 

I find that answer troubling, it hides any potential data logging you might be doing, and also makes it hard for people to assess the security of this setup. There is no "trade secret" that gets around the fact that these statistics can only be collected by constantly keeping track of which user is sending and receiving which packets of data and from which sources. Openvpn will not track that itself, you have to deliberately add extra functionality to do it, all of which is dangerous and unneccessary. This logging should never be collected in the first place on a non-logging vpn, but if you insist on doing it, it should be opt in.

 

 

EDIT: you say "Openvpn will not track that itself" - you're very wrong here. Anyway that's not so important.

 

Hello,

 

it is already opt-in. It is disabled by default for any account. We don't hide any data logging, all that's detected is already published, and anyway that's how the Internet works, so we can't understand any surprise... on the other hand, an important thing that you can do or might like to do is hiding your real IP address to our servers, or hiding to our servers the contents of your communications (respectively with "OpenVPN over TOR" and "TOR over OpenVPN").

 

For additional discussions please revert to the following thread (read the following message we wrote a long ago):

https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

 

Kind regards

[vpnair33 6]

There is no VPN in the world that doesn't collect any info on the clients connecting to their servers. By definition, your real IP is known to the server. Otherwise it wouldn't be possible for you to connect to it. The internet protocol is inherently insecure. Using a top notch VPN service such as Air maximizes your security. Just be aware that no VPN will be anonymous, no matter what anyone tells you. If the government really wants to find out who you are, they will. They can subpoena the hosting provider directly (not Air), or even go after the next router hop and get whatever they want from the access provider. Knowing all this, Air is an easy first choice, by far, for VPN services. Know what a VPN can do for you, and what it can't. Be smart about your usage. That's all.

correct, it's inevitable. once disconnected, any trace of original source IP is gone. (with airvpn at least)

[SaveSnowden 5]

There is no VPN in the world that doesn't collect any info on the clients connecting to their servers. By definition, your real IP is known to the server. Otherwise it wouldn't be possible for you to connect to it. The internet protocol is inherently insecure. Using a top notch VPN service such as Air maximizes your security. Just be aware that no VPN will be anonymous, no matter what anyone tells you. If the government really wants to find out who you are, they will. They can subpoena the hosting provider directly (not Air), or even go after the next router hop and get whatever they want from the access provider. Knowing all this, Air is an easy first choice, by far, for VPN services. Know what a VPN can do for you, and what it can't. Be smart about your usage. That's all.

 

Yes I am aware of all of that but keeping unneccessary connection monitoring for statistics leaves a pile more information available if a server is raided compared to not keeping them at all. The person or people who run AirVPN do not have physical access to these servers so it's not like they are sitting on a hardware killswitch to shutdown the servers right away when the police and kicking down the doors to the data center. All of that information in ram can be salvaged with a cold boot attack and analyzed at their leasure. My problem with this is it makes me question the practices of a "no logging" vpn.

 

 

 

 

Hello,

 

we are not going to disclose how we do it in details (call it a trade secret ), anyway the data are gathered without logging and kept in RAM. The "inconvenience" is that all data are lost as soon as one disconnects or for any little trouble in a server, but after all that's exactly what we want.

 

Kind regards

 

I find that answer troubling, it hides any potential data logging you might be doing, and also makes it hard for people to assess the security of this setup. There is no "trade secret" that gets around the fact that these statistics can only be collected by constantly keeping track of which user is sending and receiving which packets of data and from which sources. Openvpn will not track that itself, you have to deliberately add extra functionality to do it, all of which is dangerous and unneccessary. This logging should never be collected in the first place on a non-logging vpn, but if you insist on doing it, it should be opt in.

 

 

EDIT: you say "Openvpn will not track that itself" - you're very wrong here. Anyway that's not so important.

 

Hello,

 

it is already opt-in. It is disabled by default for any account. We don't hide any data logging, all that's detected is already published, and anyway that's how the Internet works, so we can't understand any surprise... on the other hand, an important thing that you can do or might like to do is hiding your real IP address to our servers, or hiding to our servers the contents of your communications (respectively with "OpenVPN over TOR" and "TOR over OpenVPN").

 

For additional discussions please revert to the following thread (read the following message we wrote a long ago):

https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745

 

Kind regards

 

I didn't opt in but I can see my total traffic (download/upload) in the client area. My question is simply how those statistics can be kept without some kind of connection monitoring (hint: they can't). If I am trying to take down someone seeding a movie release and I have access to these statistics I can find who has an unusually high upload on server X and trace the account fairly easily. Cold boot attacks make it easy to take the contents of ram and analyze it at your leasier so whether you write it to a disk or not, it's still accessible to any interested authorities. I don't get why you are keeping such information when it's easy to track it on the client side if they are interested.

[Tony M 1]

Yes I am aware of all of that but keeping unneccessary connection monitoring for statistics leaves a pile more information available if a server is raided compared to not keeping them at all. The person or people who run AirVPN do not have physical access to these servers so it's not like they are sitting on a hardware killswitch to shutdown the servers right away when the police and kicking down the doors to the data center. All of that information in ram can be salvaged with a cold boot attack and analyzed at their leasure. My problem with this is it makes me question the practices of a "no logging" vpn.

RX/TX stats in linux's TUN driver are controlled via these lines in the kernel source "Linux/drivers/net/tun.c"

 

Linux 2.6.x (TUN 1.5):

tun->stats.tx_packets++;
tun->stats.tx_bytes += len;

tun->stats.rx_packets++;
tun->stats.rx_bytes += len;

Linux 3.x (TUN 1.6):

tun->dev->stats.tx_packets++;
tun->dev->stats.tx_bytes += len;

tun->dev->stats.rx_packets++;
tun->dev->stats.rx_bytes += len;

Disabling completely would also disable the bandwidth quota system since the difference between two snapshots of the totals are taken to determine current speed.

 

Resetting those variables zero after it reaches a certain amount of bytes transferred(easiest) and/or with a timer is a more realistic option that would only break the quota system temporarily after each reset.

 

Anonymizing current speed is impossible without breaking the aforementioned quota system.

 

Anonymizing session time might be possible on UDP connections but probably not TCP, using a similar reset plan.