SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
A Massachusetts man was arrested late last week on suspicion of conducting a cyberstalking campaign against a female former roommate, her friends, and family. Court documents reveal that logs, obtained by the FBI from privacy service PureVPN, helped the prosecution. Until now, PureVPN had always maintained it carried no logs - almost.
[...] if one drills down into the PureVPN privacy policy proper, one sees the following:
Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a ‘connection’ and the total bandwidth used during this connection is called ‘bandwidth’. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.
This seems to match what the FBI says – almost. While it says it doesn’t log, PureVPN admits to keeping records of when a user connects to the service and for how long. The FBI clearly states that the service also captures the user’s IP address too. In fact, it appears that PureVPN also logged the IP address belonging to another VPN service (WANSecurity) that was allegedly used by Lin to connect to PureVPN.
I think I'll stick with PrivateInternetAccess who've had their lack of logging stand up in court.
Source: https://torrentfreak.com/purevpn-logs-helped-fbi-net-alleged-cyberstalker-171009/
(Score: 2, Insightful) by pipedwho on Tuesday October 10 2017, @08:43AM
This looks more like the FBI already suspected him and knew who he was from other evidence they'd gathered. He was her roommate after all. They'd also suspected that the cyber-stalking efforts and posts had most likely come from a single person. So once they had this 'other' evidence whatever it may have been (possibly he said something to someone or directly to the woman, or she caught him doing/saying something), the FBI started to correlate his online activity with time stamps on the 'harassment' postings.
So after tracking his connections from his ISP to his VPN provider, and showing that 'coincidentally' on a few occasions that he logged in to the VPN provider during those instances, they'd made a fair correlation that supported their existing evidence. The logs from the VPN provider would have then added further detail and points of interest to this evidence even though it may have only been login/logout times.
So it's doubtful that the FBI back tracked him through the VPN provider, although that is definitely possible if they'd poured over the logs and noticed that his account logged in and out right before and after each 'incident'. If he did this enough times, the probability of this being a false positive would quickly asymptote towards zero, and certainty becomes pretty much guaranteed. A large amount of circumstantial evidence can be as good or better than a single piece of direct evidence.
So the moral of the story is that if you're going to use a VPN provider, stay connected, don't just do a fly-by connect/disconnect for any dodgy activities. Although, if the provider isn't big enough, it's still possible that a negative correlation on all other accounts may imply a positive correlation on yours. ie. even if you stay logged in, if your account is the only one that was logged in during every instance being tracked, it may still point the finger, albeit with less certainty.