1. We absolutely do not log any traffic
nor session data of any kind, period. We have worked hard to
meticulously fork all daemons that we utilize in order to achieve
this functionality. It is definitely not an easy task, and we are
very proud of our development team for helping Private Internet
Access to achieve this unique ability.
2. We operate out of the U.S. which is one
of the few, if only, countries without a mandatory data retention
law. We explored several other jurisdictions with the help of our
professional legal team, and the US is still ideal for privacy-based VPN services.
We severely scrutinize the validity of
any and all legal information requests. That being said, since we do
not hold any traffic nor session data, we are unable to provide any
information to any third-party. Our commitment and mission to
preserve privacy is second to none.
3. We do not monitor any traffic,
period. We block IPs/ports as needed to mitigate abuse when we
receive a valid abuse notification.
4. We do not host any content and are
therefore unable to remove any of said content. Additionally, our
mission is to preserve and restore privacy on the Internet and
society. As such, since we do not log or monitor anything, we're
unable to identify any users of our service.
5. Once again, we do not log any traffic
or session data. Additionally, unlike the EU and many other
countries, our users are protected by legal definition. For this
reason, we're unable to identify any user of our service. Lastly,
consumer protection laws exist in the US, unlike many other
countries. We must abide by our advertised privacy policy.
6. We do not discriminate against any
kind of traffic/protocol on any of our servers, period. We believe
in a free, open, and uncensored internet.
7. Bitcoin, Ripple, PayPal, Google Play
(Mobile), OKPay, CashU, Amazon and any major Gift Card. We support
plenty of anonymous payment methods. For this reason, the highest
risk users should definitely use Bitcoin, Ripple or a major gift
card with an anonymous e-mail account when subscribing to our
privacy service.
8. We're the only provider to date that
provides a plethora of encryption cipher options. We recommend,
mostly, using,
Private Internet Access website
BTGuard
1. We do not keep any logs whatsoever.
2. The jurisdiction is Canada. Since we
do not have log files, we have no information to share. We do not
communicate with any third parties. The only event in which we would
even communicate with a third-party is if we received a court order.
We would then be forced to notify them we have no information. This
has not happened yet.
3. If serious abuse is reported we
enable tcpdump to confirm the abuse and locate the user. These dumps
are immediately removed. If the user is abusing our service they
will be terminated permanently but we have never shared user
information with a 3rd party.
4. We do not have any open incoming
ports, so it's not possible for us to "takedown" any broadcasting
content.
5. We take every step within the law to
fight such an order.
6. Yes, all types of traffic our allowed
with our services.
7. We accept PayPal and Bitcoin. All
payments are linked to users accounts because they have to be for
disputes and refunds.
8. 256-bit AES is the most secure.
However 128-bit blowfish is plenty good. If you're concerned about
surveillance agencies such as the NSA, their capabilities are
shrouded in secrecy and claiming to be able to protect you is
offering you nothing but speculation. As far as what's publicly
available for deciphering encryption, both of the encryptions I
mentioned are more than sufficient.
BTGuard website
TorGuard
1.
TorGuard does not store any IP address or time stamps on any VPN and
proxy servers, not even for a second. Further, we do not store any logs
or time stamps on user authentication servers connected to the VPN. In
this way it is not even possible to match an external time stamp to a
user that was simultaneously logged in. Because the VPN servers utilize
a shared IP configuration, there can be hundreds of users sharing the
same IP at any given moment further obfuscating the ability to single
out any specific user on the network.
2. TorGuard is a privately owned company
with parent ownership based in Nevis and our headquarters currently
located in the U.S. Our legal representation at the moment is comfortable
with the current corporate structuring however we wouldn't hesitate to
move all operations internationally should the ground shift beneath our
feet. We now offer VPN access in 23+ countries worldwide and maintain
all customer billing servers well outside US borders.
We would only be forced to communicate with
a third-party in the event that our legal team received a court ordered
subpoena to do so. This has yet to happen, however if it did we would
proceed with complete transparency and further explain the nature of
TorGuard's shared VPN configuration. We have no logs to investigate, and
thus no information to share.
3. Our network team uses commercial
monitoring software with custom scripts to keep an eye on individual
server load and service status/uptime so we can identify problems as
fast as possible. If abuse reports are received from an upstream
provider, we block it by employing various levels of filtering and
global firewall rules to large clusters of servers. Instead of back
tracing abuse by logging, our team mitigates things in real-time. We
have a responsibility to provide fast, abuse-free VPN services for our
clients and have perfected these methods over time.
4. In the event of receiving a DMCA notice,
the request is immediately processed by our abuse team. Because it is
impossible for us to locate which user on the server is actually
responsible for the violation, we temporarily block the infringing
server and apply global rules depending on the nature of the content and
the server responsible. The system we use for filtering certain content
is similar to keyword blocking but with much more accuracy. This ensures
the content in question to no longer pass through the server and
satisfies requirements from our bandwidth providers.
5. Due to the nature of shared VPN services
and how our network is configured, it is not technically possible to
effectively identity or single out one active user from a single IP
address. If our legal department received a valid subpoena, we would
proceed with complete transparency from day one. Our team is prepared to
defend our client's right to privacy to the fullest extent of the law.
6. BitTorrent is only allowed on select
server locations. TorGuard now offers a variety of protocols like
http/socks proxies, OpenVPN, SSH Tunnels, SSTP VPN and Stealth VPN (DPI
Bypass), with each connection method serving a very specific purpose for
usage. Since BitTorrent is largely bandwidth intensive, we do not
encourage torrent usage on all servers. Locations that are optimized for
torrent traffic include endpoints in: Canada, Netherlands, Iceland,
Sweden, Romania, Russia and select servers in Hong Kong. This is a wide
range of locations that works efficiently regardless of the continent
you are trying to torrent from.
7. We currently accept payments through all
forms of credit or debit card, PayPal, OKPAY, and Bitcoin. During
checkout we may ask the user to verify a billing phone and address but
this is simply to prevent credit card fraud, spammers, and keep the
network running fast and clean. After payment it is possible to change
this to something generic that offers more privacy. No VPN or Proxy
usage can be linked back to a billing account due to the fact we hold
absolutely no levels of logging on any one of our servers, not even
timestamps!
8. For best security we advise clients to
choose OpenVPN connections only, and if higher encryption is called for
use AES256 bit. This option is available on many locations and offers
excellent security without degrading performance. For those that are
looking to defeat Deep Packet Inspection firewalls (DPI) like what is
encountered in countries such as China or Iran, TorGuard offers
"Stealth" VPN connections in the Netherlands, UK and Canada. Stealth
connections feature OpenVPN obfuscation technology that causes VPN
traffic to appear as regular connections, allowing VPN access even
behind the most strict corporate wifi networks or government regulated
ISPs.
TorGuard website
Privacy.io
1.
We do not log any information on our VPN servers. The only scenario is
if a technical issue arises, but we request permission from the user
first, and we only do it for the duration of the job, and then it is
removed.
2. We are in the process of moving
jurisdictions away from Australia at present as we are unsure what our
current government plans to do in regards to our privacy. We have not
decided where yet.
3. Only SMTP port 25 is filtered to mitigate
spam, but we are working on some tools to make it easier for users to
send mail.
4. Any DMCA request is ignored, as we have
no logs to do anything about them.
5. Same as above, as we do not log, so we
are unable to provide any information. If the law attempts to make us do
such things, we will move our business to a location where that cannot
occur, and if that fails we will close up shop before we provide any
information.
6. All protocols are allowed with our
service, with the only exception of SMTP port 25 currently being
filtered.
7. At present we only accept PayPal and CC
(processed by PayPal), but we are looking into alternative types of
payments. We go out of our way to make sure that PayPal transactions are
not linked to the users, we generate a unique key per transaction to
verify payment for the account is made, and then nuke that unique key.
Bitcoin and Litecoin are also on the agenda.
8. At present we offer 128 bit for PPTP and
256 bit for OpenVPN, We plan to offer stronger encryption for the
security conscious.
Privacy.io
website
VikingVPN
1.
No. We run a zero knowledge network and are unable to tie a user to an
IP address.
2. United States, they don't have data
retention laws, despite their draconian surveillance programs. The only
information we share with anyone is billing information to our payment
gateway. This can be anonymized by using a pre-paid anonymous card. If
asked to share specific data about our users and their habits, we would
be unable to do so, because we don't have any logs of that data.
3. That is mostly confidential information.
However, we can assure our users that we do not use logging to achieve
this goal.
4. In the event of a DMCA notice, we send
out the DMCA policy published on our website. We haven't yet received a
VALID DMCA notice.
5. We exhaust all legal options to protect
our users. Failing that, we would provide all of our logs, which do not
actually exist. If required to wiretap a user under a National Security
Letter, we have a passively triggered Warrant Canary. We would also
likely choose to shut down our service and put it up elsewhere.
6. Yes. Those ports are all open, and we
have no data caps.
7. We currently only take credit cards. Our
payment provider is far more restrictive than we ever imagined they
would be. We're still trying to change payment providers. Fortunately,
by using a pre-paid credit card, you can still have totally anonymous
service from us.
8. A strong handshake (either RSA-4096+ or a
non-standard elliptic curve as the NIST curves are suspect). A strong
cipher such as AES-256-CBC or AES-256-GCM encryption (NOT EDE MODE). At
least SHA1 for data integrity checks. SHA2 and the newly adopted SHA3
(Skein) hash functions are also fine, but slower and provide no real
extra assurances of data integrity, and provide no further security
beyond SHA1. The OpenVPN HMAC firewall option to harden the protocol
against Man-in-the-Middle and Man-on-the-Side attacks.
VikingVPN website
IVPN
1.
IVPN's top priority is the privacy of its customers. We use
non-persistent logs (stored in memory) which are deleted after 10
minutes. That tiny window gives us the ability to troubleshoot
connection issues, whilst still making it practically impossible for any
3rd party to match an IP to a time-stamp.
2. IVPN is incorporated in Malta. We would
ignore any request to share data unless it was served by a legal
authority with jurisdiction in Malta in which case we would inform them
that we don't have the data to share. If we were served a subpoena which
compelled us to log traffic we would find a way to inform our customers
and relocate to a new jurisdiction.
3. We use a tool called PSAD to mitigate
attacks originating from customers on our network. We also use
rate-limiting in iptables to mitigate SPAM.
4. We ensure that our network providers
understand the nature of our business and that we do not host any
content. As a condition of the safe harbor provisions they are required
to inform us of each infringement which includes the date, title of the
content and the IP address of the gateway through which it was
downloaded. We simply respond to each notice confirming that we do not
host the content in question.
5. Assuming the court order is requesting an
identity based on a timestamp and IP, our legal department would respond
that we don't have any record of the user's identity nor are we legally
compelled to do so.
6. We 'allow' BitTorrent on all servers
except gateways based in the USA. Our USA network providers are required
to inform us of each copyright infringement and are required to process
our response putting undue strain on their support resources (hundreds
per day). For this reason providers won't host our servers in the USA
unless we take measures to mitigate P2P activity.
7. We currently accept Bitcoin, Cash and
PayPal. No information relating to a customers payment account is stored
with the exception of automated PayPal subscriptions where we are
required to store the subscription ID in order to assign it to an
invoice (only for the duration of the subscription after which it is
deleted). Of course PayPal will always maintain a record that you have
sent funds to IVPN but that is all they have. If you need to be
anonymous to IVPN and don't wish to be identified as a customer then we
recommend using Bitcoin or cash.
8. We recommend and offer OpenVPN using the
strongest AES-256 cipher. For key exchange and authentication 2048-bit
RSA keys are used (which RSA claims are sufficient until 2030).
IVPN website
PrivatVPN
1.
We don't keep ANY logs that allow us or a 3rd party to match an IP
address and a time stamp to a user our service. The only thing we log
are e-mails and user names but it's not possible to bind an activity on
the Internet to a user.
2. We operate in Swedish jurisdiction. Since
we do not log any IP addresses we have nothing to disclose.
Circumstances doesn't matter in this case, we have no information
regarding our customers' IP addresses and activity on the Internet.
Therefore we have no information to share with any 3rd party.
3. If there's abuse, we advise that service
to block our IP in the first instance, and second, we can block traffic
to the abused service.
4. This depends on the country in which
we're receiving a DMCA takedown. For example, we've received a DMCA
takedown for UK and Finland and our response was to close P2P traffic in
those countries.
5. If we get a court order to monitor a
specific IP then we need to do it, and this applies to every VPN company
out there.
6. Yes, we allow Torrent traffic.
7. PayPal, Payson and Plimus. Every payment
has an order number, which is linked to a user. Otherwise we wouldn't
know who has made a payment. To be clear, you can't link a payment to an
IP address you get from us.
8. OpenVPN TUN with AES-256. On top is a
2048-bit DH key.
PrivatVPN website
PRQ
1.
No. We do not log anything and we only require a working e-mail address
to be a customer.
2. Swedish. We do not share information with
anyone.
3. Not disclosed.
4. Put it in the trash where it belongs!
5. None, since we do not have any customer
information and no logs.
6. We host anything as long as it's not SPAM
related or child porn.
7. Visa/Mastercard, Bitcoin, PayPal. No
correlation between payment data and customer data.
8. We provide OpenVPN services (along with
dedicated servers and other hosting services).
PRQ website
tigerVPN
1.
Absolutely not! We built tigerVPN to purge all data once the
transmission of a IP package was completed successfully. Its impossible
to trace back any customer. On top of that we decided to use shared IPs
in order to further randomize and anonymize our customers. The
combination of having absolutely no logs at all and multiple customers
per IP, wipes our customers digital footprint
2. We are a limited liability company in
Slovakia. Slovakia does not have any data retention programs and
furthermore encourage ISP's to protect their customers privacy on the
net. We are not required to share any information with 3rd party hence
it would be illegal thanks to the law of telecom secrecy.
3. Since we don't keep logs, we can't
monitor abusive behavior, which is the price for building a customer
secure environment!
4. We can't comply since we can't identify
customers, therefore it's pointless to follow any requests. We have a
specific folder for these eMails)
5. Same as above. We seriously can't tell
which customer did what, when, where, at any given time.
6. It's allowed on all servers although we
gently ask our customers to use either Romania or Netherlands. Some
infrastructure service providers do not want file sharing so it happened
to us that we were asked to move our servers due to file sharing. We
found some reliable partners in Romania and Netherlands which tolerate
p2p so we kindly ask our customers to use these server parks.
7. Customers can pay with Visa, Mastercard
and Debit. On top of that we also use PayPal. We use hash keys and
tokens to identify a payment but it's not logged or linked to the
customer. We had to do this anyway hence we are a PCI Level 1 compliant
merchant. Therefore we are not allowed to store any card or payment data
with the records of our customers. These keys are pointless for anyone
else so there is no chance to build a connection.
8. We offer PPTP, L2TP and OpenVPN, while
out of nature OpenVPN comes with the highest encryption and algorithm.
L2TP and OpenVPN are 256bit SSL encrypted while PPTP comes with a solid
128bit. Although our customers are individual and have their own sense
of why and what to use, we recommend L2TP as solid protocol. It's less
geeky and more secure than PPTP, but our customers can pick any of them
in all the 47 network nodes around the globe.
tigerVPN website
Mullvad
1.
No. This would make both us and our users more vulnerable so we
certainly don't. To make it harder to watch the activities of an IP
address from the outside we also have many users share each address,
both for IPv4 and our upcoming IPv6 support.
2. Swedish jurisdiction. Under no
circumstance we will share information with a third-party. First of all
we take pains to not actually possess information that could be of
interest to third parties, to the extent possible. In the end there is
no practical way for the Swedish government to get information about our
users from us.
3. We don't monitor our users. In the rare
cases of such egregious network abuse that we can't help but notice
(such as DoS attacks) we stop it using basic network tools.
4. There is no such Swedish law that is
applicable to us.
5. We make sure not to store sensitive
information that can be tied to publicly available information, so that
we have nothing to give out. We believe it is not possible in Swedish
law to construct a court order that would compel us to actually give out
information about our
users. Not that we would anyway. We started this service for political
reasons and would rather discontinue it than having it work against its
purpose.
6. Yes.
7. Bitcoin (we were the first service to
accept it), cash (in the mail), bank transfers, and PayPal / credit
cards. Payments are tied to accounts but accounts are just random
numbers with no personal information attached that users can create at
will. With the anonymous payments possible with cash and Bitcoin it can
be anonymous all the way.
8. We use OpenVPN. We also provide PPTP
because some people want it but we strongly recommend against it.
Encryption algorithms and key lengths are important but often get way
too much attention at the expense of other important but harder to
measure things such as leaks and computer security.
Mullvad
website
BlackVPN
1.
Yes. When a user connects we log the time stamp of their connection plus
the internal IP address assigned (which can be mapped to a shared
external IP address). This information is kept for 7 days on our Privacy
locations and 30 days on our TV locations (USA, UK, Canada & Singapore).
We NEVER log a users real IP address however we cannot guarantee that
this information is not logged by someone else (such as the data center,
NSA or GCHQ).
2. BlackVPN operates under the jurisdiction
of Hong Kong since it has no Mandatory Data Retention laws and a strong
Bill of Rights which protects its citizens' freedom of speech. China and
Hong Kong care little about copyright enforcement or US/UK demands - which was tested recently when Hong Kong rejected demands for the
extradition of Edward Snowden. The ancient proverb still holds true
today: The enemy of my enemy is my friend.
Only once we receive a valid court order
from a Hong Kong court will we share any information with a 3rd party.
3. We have no way of detecting abuse other
than complaints from 3rd parties which contain a BlackVPN IP address and
a time stamp. If the complaint relates to a Privacy location then it
must be less than 7 days old for us to act on it. Otherwise our only
solution is to temporarily blacklist that site/service for all BlackVPN
users until the offender goes away.
This is why we've had to permanently block
SMTP (for sending email) on all of our servers - we have no way of
knowing which user is spamming so unfortunately we have to block it for
everyone.
We host our own website analytics software
(Piwik) which is configured to only log the first two octets of an IP
address (e.g. 63.122.0.0) plus our own support system (OSticket) which
always logs 0.0.0.0 as the IP address. Fraud is monitored and managed by
our payment providers (PayPal and CardPay). No other tools or logging
(such as WireShark) have ever been used to monitor or spy on our users.
4. These are ignored on our Privacy
locations as we have chosen countries which do not enforce them or
downloading for personal use is legal. On our TV locations we warn all
customers who were sharing that IP address at the time and will ban
repeat offenders from our TV locations.
5. We have NEVER received a valid court
order to identify any user. We have received requests from various
European law enforcement agencies asking us to assist them without even
having a local court order. Our response has always been to ask for a
valid court order from Hong Kong, but so far none of them have complied.
If and when we do receive a valid court
order then we will immediately comply and hand-over any information that
we have - including connection timestamps, payment records and email
addresses. We're not here to help anyone get away with a serious crime
but we are here to help users evading unjust censorship or copyright
violations.
6. Yes it is allowed on our Privacy
locations but not ALL locations. In the USA and UK the data centers that
we work with are also under extreme pressure from the copyright cartel
and lawmakers, so if we don't take action our servers will soon get cut
off.
7. PayPal, Credit Cards and Bitcoin. For
each transaction we record the BlackVPN user ID, time stamp, payment
method and the payment providers transaction ID so that we can process
refunds and fix errors when the automatic process fails. Our payment
providers don't know which transaction belongs to which VPN account - that would require a Hong Kong court order for us to divulge.
8. OpenVPN is the best choice when available
on your device. It's easy to check that your VPN provider is using
strong encryption algorithms and keys (like 256bit keys and AES
encryption) by looking at the OpenVPN configuration files supplied by
your VPN provider. Also it can be configured to use TCP on port 443
which makes it harder to block as the traffic looks like standard SSL
traffic.
OpenVPN is slightly more effort to set up
than L2TP/IPsec or PPTP (download and install a client for Windows, OS
X, Linux, Android 4+ and IOS 5+) but it should be the default way for
most people to connect to their VPN. We have been using OpenVPN securely
(2048 bit RSA keys and AES-256) since our beginning in 2009 so previous
traffic should still be secure from decryption.
BlackVPN
website
Anonymizer
1.
Anonymizer does not log ANY traffic that traverses our system, ever. We
do log when a user connects, and the IP address they connected
from (which is needed for customer support and ensure system
optimization), but we purge that log every 24 hours. But that's it. We
don't log when users disconnect, how much data they used, where they
went, at anytime, ever. We would also like to point out that all of our
customers exit out and share the same IP, which changes on a daily
basis, and we don't even track that. If asked what IP we used last week,
we wouldn't have any way to know for certain.
2. Anonymizer Inc operates under U.S.
jurisdiction. We never share information with third parties except those
required to furnish services necessary to provide you with the products
and services offered by us, and even then it is limited to the
information needed for the third-party to furnish those services. The
main example of this would be our credit card processor.
3. We can't. We don't monitor or log traffic
or user activity. When we receive reports of abuse, we have no way to
isolate or remediate it because we don't monitor. It's problematic at
times, but we feel strongly about keeping our contract of 'no
monitoring' with our customers, even when it's inconvenient for us.
4. Since Anonymizer does not log any traffic
that comes over our system, we have nothing to provide in response to
DMCA requests. None of our users have ever been issued a DMCA take down
notice or European equivalent. We're over 18 years old now, and if not
the oldest service out there, certainly one of the oldest, and we've
never turned over information in a DMCA request.
5. Anonymizer Inc only responds to official
valid court orders in which we comply with information that we have
available. Since we do not log any traffic that comes over our system,
we have nothing to provide in response to requests associated to service
use. If a user paid by credit card we can confirm that they purchased
access to our service only. There is, and would be, no way to ever
connect a specific user to specific traffic.
6. BitTorrent and other file-sharing traffic
is allowed on all of our servers. Due to not logging or monitoring any
traffic on our system it would be impossible for us to know if any user
were to be engaging in file sharing or BitTorrent activities on our
service.
7. Anonymizer Inc. uses Stripe for any
credit card payments. There is a record of the payment for the service
and the billing information associated to the credit card to confirm the
service has been paid for. We also offer Cash and will soon offer
crypto-currancy options to include Bit-coin. Cash payment options will
not store any details (e.g. Billing address and customer name) of the
transaction beyond the account username and the service being paid for
by cash; there would be no way for us to connect an individual to a
specific account.
8. We would recommend OpenVPN for a user
that is looking for the most secure connection. We feel it is the most
reliable and stable connection protocol currently. Our OpenVPN
implementation uses AES-256. We also offer L2TP, which is IPSEC.
Anonymizer website
Ipredator
1.
We try to store the least amount of data legally possible anywhere. We
keep a record of when you logged in for debugging, which happens
encrypted and off-site in a different jurisdiction. IP addresses are
encrypted and can only be decrypted by non-support staff to ensure a
proper process. For example, to work around issues where the police
ruffles up the support staff a bit to get data for an abuse report.
In the database we only store the details
users give us on sign-up and a limited backlog of basic payment
information (no PSP processor TX-IDs). We do not run a ticket system,
all support emails are deleted after 3 months. Inactive accounts are
deleted after 3 months. We do not track you on our website or keep any
website logs.
We do not rent servers and have control over our network
infrastructure. Our primary objective is to protect your anonymity from
legal abuse, but not to cover up ethically serious crimes. As stated in
the past we are open to an audit of our infrastructure and processes by
a trustworthy 3rd party.
2. We only operate servers in Sweden. This
includes understanding jurisdictional limitations and engineering our
environment according to them, not making claims we cannot hold when
things get serious. Offenses penalized by anything less than prison time
do not qualify for such a request.
For a valid request IPredator then has to
hand over the subscription information entered by you, which is all that
we are required to do.
3. We only use email to handle abuse related
support issues. If a user decides to abuse one of our machines for a DOS
attack we use rate limiters on the switches to mitigate this. So far no
other tools are needed to deal with abuse.
4. For some reason they do not arrive, so we
can't tell you.
5. Please see question 2.
6. Besides filtering SMTP on port 25 we do
not impose any restrictions on protocols our users can use on the VPN,
quite on the contrary. We believe our role is to provide a net-neutral
access.
7. We offer PayPal, Bitcoins, Payza, and
PaySon fully integrated. OkPay, Transferwise, WU, PerfectMoney, Webmoney
and Credit Cards on request. An internal transaction ID is used to link
payments to their payment processors. We do not store any other data
about payments associated with the users account.
8. At the moment OpenVPN with elliptic curve
cryptography, ephemeral Diffie-Hellmann key exchange, and AES 128/256
seems to be the best default choice. Other configs are available on
request.
Ipredator website
BolehVPN
1.
No we do not keep logs. However as per our policy, if we do notice any
unusual activity on our servers (high bandwidth loading, high number of
connections or CPU usage) we may turn on logs temporarily to identify
abuse of our services (such as DoS or spamming through our servers).
Once the user is identified, we will terminate the offending user, issue
him an e-mail for the reason of termination and wipe the logs from our
system.
Turning on logs for troubleshooting is a
very last resort and is necessary to ensure the integrity of our
services. It has happened very rarely (only a handful of times in our 7
years of operation) and such information was not disclosed to third
parties but merely used to terminate the offending user. In any case
logs were usually enabled for not more than few hours and only for the
particular server that was experiencing abuse.
2. We're a Malaysian incorporated company
which is not subject to any mandatory data retention laws. As we don't
keep logs, there is not much information to share even when requested.
3. Without disclosing too deeply into our
methods, to identify abuse cases we generally look for abnormal activity
in the traffic, sustained spikes in traffic, data packets and reports
that we receive. It is always an evolving battle and a balance between
maintaining our user's privacy and preventing abuse.
4. In the event DMCA notices or similar are
given to us, we normally respond that we don't have such content hosted
on our networks and if the provider is adamant, we will terminate our
relationship with the server provider and find a new one. We will not
reveal the user that generated that DMCA notice (nor can we with no logs
taken). Over the years, we have identified server providers that we can
work with who understand the nature of our business.
5. In the event there is a request for
account data, BolehVPN's policy is to notify members of requests for
their data unless it is prohibited from doing so by statute or court
order. In any case, as BolehVPN does not store any user identifiable
data in relation to customer's usage of the VPN, there is little data
that can be given over and beyond the date that you paid and your
payment details.
It is noted that we do not require you to
specify a real name during account signup and only require a working
e-mail address. For your protection, we may contact you to ask for
further details should there be any disputes arising from your payment.
6. All P2P/file-sharing activities are
allowed through our FullyRouted and Proxied servers, but not through our
SurfingStreaming servers. SurfingStreaming servers are generally limited
due to local laws or datacenter policy or have limited bandwidth
capacity. These configurations are generally only there to help users
access geo-restricted content as opposed to full-blown P2P.
7. We accept BitCoin, PayPal and MolPay
(Malaysian online bank-ins) and also direct bank-ins for Malaysian
users. Orders are merely marked as paid or not paid, the date and method
of Payment. No other payment details are attached to the VPN account in
our customer portal system. Depending on the payment provider chosen,
the payment provider may of course retain certain details.
8. We believe that OpenVPN is the most
secure VPN protocol available currently. Because of Snowden's
revelations, IPSEC may not be as secure as once thought. We also
implement a modified version of OpenVPN that scrambles the packets (we
call it xCloak) making it harder to identify as VPN traffic.
All our servers use the same encryption, 128
bit AES, as this provides the best blend of security and performance. Of
course most experts consider 256 bit AES as more secure but we are
confident that 128 AES is sufficiently secure. It is noted that 256 bit
AES has a weaker key schedule than 128 bit AES. We are however currently
evaluating CAMELLIA as an alternative to AES.
If we were to choose the most secure
algorithm, we would pick either TwoFish or ThreeFish which are
independently developed by Bruce Schneier and other well-known security
specialists but this is not currently available in OpenVPN.
BolehVPN
website
NordVPN
1.
We do not keep any logs - no traffic logs, no timestamps, nothing. All
of our logs are pointed directly to /dev/null so as much as third
parties would want it is impossible to trace the user itself. In
addition, our service has only a minimal configuration which does not
give away any information about the user.
2. We operate under the jurisdiction of
Panama. There is no data retention law in Panama hence we are allowed
not to keep logs legally. We do not share any information with 3rd
parties under any circumstances.
3. No tools are used to monitor our users at
any case. However, we hope our users understand that any abusive action
they perform through our servers could lead to the shutdown of the
datacenter or the server in the particular country. At this point, we
strongly believe our users understand what this could lead to and will
not perform any abusive action on our servers.
4. All these notices are ignored as it has
no law compliance with us. We are not a torrent hosting or promoting
company. Furthermore, all our servers where P2P program usage is allowed
operate in countries where there are no data retention laws. It is in
our future plans to start announcing all these notices we receive just
to prove our privacy policy. We care about the actual privacy of our
users.
5. If we receive a valid court order at
first it has to comply with the laws of Panama. In that case, the court
should be settled in Panama and even if that happens we will not be able
to provide any information because we keep exactly nothing about our
users.
6. As stated above, the usage of BitTorrent
and other file-sharing applications are allowed on certain servers.
BitTorrent and other file-sharing applications are allowed on certain
servers. We allow P2P traffic on servers that are located in the
countries where there are no laws forbidding P2P traffic.
7. We accept payments via Bitcoin, PayPal,
Paysera, WebMoney. Bitcoin is the best way of paying to maintain your
anonymity as it has only the paid amount linked to the client. Users who
purchase services via PayPal are linked with the usual information the
seller can see about the buyer. Clients who subscribe to our services
via Paysera are linked with their full name. However, even the VPN
account is linked with the payment system account it is not linked with
the performed activities on our servers.
8. Recently, we have added high anonymity
solutions which we would like to recommend to everyone seeking real
privacy. One of them is Double VPN. The traffic is routed through at
least two hops and then reaches the Internet. The connection is
encrypted within two layers of cipher AES-256-CBC encryption. Another
security solution - Tor over VPN. Firstly, the traffic is encrypted
within NordVPN layer and later sent to the Tor network and exits to the
Internet through one of the Tor exit relays.
Both of these security solutions give a
great encryption and anonymity combination. The benefit of using these
solutions is that the chances of being tracked are eliminated. In
addition, you are able to access .onion websites when connected to Tor
over VPN.
Finally, our regular servers also have a strong encryption
which is 2048bit SSL for OpenVPN protocol, AES-256bit for L2TP.
Currently we are working on even higher security solutions which will be
accessible through our software in the second quarter of 2014.
NordVPN
website
TorrentPrivacy
1.
We don't store any logs, it's impossible to track users' activity
through the TorrentPrivacy VPN.
2. We run our business as a Seychelles
company. It is one of the safest and nicest places in the world. There
haven't been any lawsuits in Seychelles regarding online copyright
infringement yet.
3. According to our Terms and Conditions it
is not recommended to use the service for any illegal purposes, for
example, for transmission or receipt of illegal material. But because we
have a no logs policy we don't monitor and store any information about
users' online activity.
4. If we receive a DMCA notice, our team of
lawyers solves it immediately without blocking any servers or protocols.
We don't store any content on our servers, and users are anonymous. We
promise our customers that they will not have DMCA related problems.
5. We have never received requests from any
court. It is impossible to release personal information because we
actually don't have it.
6. BitTorrent and all traffic of such type
is allowed on all of our servers.
7. CommerceGate and PayPal. We don't store
any information about user card details, all transactions are processed
at the payment system side. The payment system just uses the username
registered on our web-site and the filled in purchase form to link the
payment to concrete user.
8. The most secure VPN protocol we
provide for our service is OpenVPN. There are many benefits to using
OpenVPN, one of them is an ability to use more bit count encrypted.
TorrentPrivacy website
Proxy.sh
1.
We do not keep any logs and we do not record any IP-address, headers or
anything. In terms of time stamp, we only record those associated with
support tickets creation and update (invoices and renewals are only
recorded by date) for management purposes. The only personal information
we do record is an email address and a payment type, that corresponds to
either the word "Money" or "Bitcoin".
This is made clear in our privacy
policy. Our system will also hold services credentials, namely the
account password and network login/password pair. All this data can be
permanently removed at any time on customer's request. All other data
and information involved in our operations (connections, traffic, etc.)
is neither monitored nor recorded.
2. We operate from the Republic of
Seychelles and our staff members are residents in the following
countries:
-
Germany
-
Bulgaria
-
Switzerland
-
Ukraine
-
Philippines
-
Laos
-
Seychelles
-
Argentina
-
Croatia
We will only share information we
hold with a third party when we are obliged by the law to do so, and
only if we are able to alert our users in advance or in real time
through our
Transparency Report.
If we are told that we cannot disclose anything, we will attempt to
circumvent this illegitimate censorship with our
Warrant Canary and ultimately,
cease operations in the concerned jurisdiction.
3. When we need to respond to an abuse that
our network is provoking or being victim of, we will simply block the
related ports or protocols and see if the problem has been resolved by
doing so. If not, we might temporarily install on the specific node a
Wireshark or a TCPDump instance and we will play with various settings,
mostly involving iptables, to mitigate the problem. We will never keep
any logs generated during such interventions. We will always let know
our members about such interventions through our
Network Alerts, either in
advance of several days or in real time, depending on the urgency of the
matter. Our system will also tweet in real time about such
interventions.
4. When we receive a DMCA takedown notice or
any other similar copyright-related abuse notice, we will shut down the
port related to the infringement, reset our customers' accounts in order
to prevent them from forwarding this port any further and we will
publish a public report about both the notice and our intervention in
our Transparency Report (https://proxy.sh/report) as well as at the
Chilling Effects Clearinghouse. Our system will also tweet in real time
about such interventions.
5. When we receive a valid court order
asking to identify an active user of our services, we explain that we
are technically unable to do so and we provide in return an open access
of the related server to the competent domestic authority who may have
more adequate forensic capacities to undertake such identification. We
also publish a notice to our users into our Network Alerts that this
node is now open to inspection by local and (potentially) international
authorities. Our system will tweet in real time these notices. We will
also consider shutting down the node and eventually ceasing full
operations from the concerned jurisdiction depending how the
intervention is carried out and the level of guarantee to privacy that
is left offered after the intervention.
6. We do not undertake any segregation of
usage type among our servers. Users are completely free and responsible
to do whatever they want, including BitTorrent and any file-sharing
activity. They are only subject to the restrictions we put to our
network, which are limited to ports blocking and IP/range/domain
destination blacklisting, initiated by our responses to abuse.
7. We accept no less than 90 different
payment methods, including but not limited to PayPal, VISA, Mastercard,
Discover, American Express, Maestro, UnionPay, WebMoney, SMS and phone
payments, PaySafeCard, Ukash, Neosurf, Allopass, clickandbuy, Alipay,
giropay, iDeal, bank transfers and various additional OTR methods as
well as e-wallets. Of course, we also support Bitcoin payments. There is
no link between user accounts and their payments, except a simple
nomination known as either "Money" or "Bitcoin". Invoice numbers and
timestamps have sufficient discrepancies to not permit any relationship
between panel/VPN accounts and payments. Moreover, we do not hold and
manage directly the various payment methods offered: we use
administrative and financial third parties such as our incubator, Three
Monkeys International, and our processor, PaymentWall.
8. While we always recommend our most
tech-savvy customers to get in touch with us to try out our latest
encryption experimentations (Serpent, ECC-curve25519, etc.), we
recommend the generally security-aware customers to use
SHA-512/AES-256-CBC/DH-RSA-4096 combination (4096-bit RSA with strong
cypher and strong auth security) made available across most of our
network. For all our 'normal' customers, we still enforce
SH1/AES-256-CBC/DH-RSA-4096 combination (4096-bit RSA with strong cypher
and sufficient auth security) on them, which provides decent security
and optimal stability. Both our system and software are designed in such
a way that we will continuously increase our encryption levels when
necessary. We also provide TOR bridges, exit nodes and OpenVPN
compatibility as well as OpenNIC log-free DNS, SSH and SSL tunnels, to
leverage the power of the OpenVPN encryption schemes our customers may
use.
Proxy.sh website
HideIPVPN
1.
We do not log users' IP addresses. Since we are a company registered in
the US we are not required to maintain such logs. Our logs only check
account name (this is chosen by the user) and if a connection was
established with the VPN server. This is the only way for us to help
users in case of technical problems (we can check if there was any
connection), also this helps us to refund money if a new customer was
not able to connect to any of our servers. This information is
automatically overwritten with new data after 3 days.
There is no way for any third-party to match
a user IP to any specific activity on the internet.
2. We operate under U.S. jurisdiction. The
only way we would share our information is under court order (as would
any other company).
3. We would have to get into details of each
individual point of our ToS. For basics like P2P and torrent traffic on
servers that do not allow for such transmissions or connecting to more
than 3 VPN servers at the same time by the same user account. But we do
not monitor users' traffic. Also, since our users use shared IP
addresses, there is no way any third party could connect any online
activity to a user's IP address.
As it would put us and our other user at
risk we do not comment on our internal policies in this regard.
4. Since no information is stored on any of
our servers there is nothing that we can take down. We reply to the data
center or copyright holder that we do not log our users' traffic and we
use shared IP-addresses, which make it impossible to track who
downloaded any data from the internet using our VPN.
5. We would reply that we do not have such
measures that would us allow to identify a specific user.
6. This type of traffic is welcomed on our
German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK
and Canada servers as stated in our ToS - the reason for this is due to
our agreements with data centers. We also have specific VPN plans for
torrent users.
7. We currently accept payments via PayPal,
Credit/Debit card, PayPro. Bitcoin acceptance is currently being tested.
If it proves popular with our users it will stay with us.
8. We would recommend OpenVPN and SSTP
protocols.
HideIPVPN website
SlickVPN
1.
We do NOT have the ability to match an IP address with a time stamp to
derive the identity of any user of our service. We utilize shared IP
addresses, so it is not possible to match a user to an external IP. In
addition, all of our gateways operate from RAM, so no data is written to
disc. In case of theft or forceful shutdown, all data is lost.
2. We maintain server locations in various
countries but we are a U.S.-operated corporation so therefore we are not
subject to data retention laws.
3. We do not allow outgoing SMTP which could
open us up to SPAM issues. We do not actively check our service for
abuse at the account level, instead we check at the server level. The
difference is checking a server for real-time abuse instead of checking
logs for historical abuse.
4. We do not have logging, but if a DMCA
complaint is received while the offending connection is still active, we
stop the session and notify the active user of that session.
5. We obviously have to comply with valid
court orders, but without logging we can not identify users of past
activity. We also offer the ability to sign up anonymously using
BitCoin.
6. Yes
7. We accept PayPal, Credit Cards, and
Bitcoin. We only store the minimal billing information required to
provide customers refunds. We suggest users most concerned about privacy
should sign up with Bitcoins and use an anonymous email address.
8. OpenVPN with AES256
SlickVPN
website
OctaneVPN
1.
No. We cannot locate an individual user by IP address and timestamp.
There are no logs written on our gateways. Our gateways utilize shared
IPs, so there can be more than one customer using an IP which further
adds to privacy.
The gateway servers keep the currently
authenticated customers in the server's RAM so they can properly connect
and route the traffic to those customers. Obviously, if a server is
powered down or restarted, the contents of the RAM are lost. We keep
gateway performance data such as CPU loading, I/O rates and maximum
simultaneous connections so that we can manage and optimize our network.
Our business structure is divided into two
independent companies that do not share information. One company manages
the network and hardware. A separate independent company operates the
website that customers use. Customer data is not shared between the two
- only a token - so, in addition to not being able to locate a user by
IP address and timestamp, the company that might receive such a request
has no customer data to provide since customer data resides in another
independent company.
2. We are U.S.-based company. Our privacy
policy prevents us from sharing customer confidential information with
3rd parties. The only situation where this occurs is in connection with
supplying enough information for our fraud detection / payment
processors to approve payment transactions. The US does not have laws
requiring data retention.
3. Spam emails were our biggest issue and
early on we decided to prevent outgoing SMTP. Otherwise, the only other
abuse tools we use are related to counting the number of active
connections authenticated on an account to control account sharing
issues.
4. If we receive a DMCA takedown notice or
its equivalent and the customer's current session during which it was
generated is still active, we put the account on hold and notify the
customer.
5. As a US company, we would comply with a
successfully executed subpoena issued by a court of competent
jurisdiction in a request for specific information. There would likely
be little useful information we could provide. The US does not have data
retention requirements. If the subpoena were to be of a vague, general
or fishing nature, we would likely push back and request specificity.
6. We operate with net neutrality, with the
exception of outgoing SMTP.
7. Bitcoin, Credit/Debit Cards, PayPal. Our
billing and account management systems are separate and use a token
method. We are organized such that one company manages our network and
another independent company with different beneficial ownership manages
customer interaction. This divided arrangement provides another layer of
anonymity. Bitcoin allows maximum anonymity since all that is needed is
an email address. There are plenty of options for anonymous email
addresses. Disposable/reloadable credit cards are another anonymity
enhancing tool.
8. We recommend OpenVPN / AES-256. We offer
IPsec as well, but typically OpenVPN offers more flexibility over IPsec.
We also offer PPTP for compatibility with older devices, but would not
recommend it if OpenVPN is an option. Our OpenVPN client also offers DNS
leak protection.
OctaneVPN website
IPVanish
1.
IPVanish has a no-log policy. We keep no traffic logs.
2. IPVanish is headquartered in the U.S. and
thus operates under US law.
3. IPVanish has no monitoring in place. To
elaborate, IPVanish does not sniff or monitor any user's traffic or
activity for any reason.
4. IPVanish keeps no logs of any user's
activity and responds accordingly.
5. IPVanish, like every other company, has
to follow the law in order to remain in business. Only US law applies.
6. P2P is permitted. IPVanish in fact does
not block or throttle any ports, protocols, servers or any type of
traffic whatsoever.
7. PayPal and all major credit cards are
accepted. Payments and product use are in no way linked. User
authentication and billing info are help on completely different and
independent platforms.
8. OpenVPN generally provides the strongest
encryption algorithm, so that is the recommended encryption protocol.
IPVanish also allows a choice between TCP and UDP, and UDP is generally
recommended for better speed.
IPVanish website
LiquidVPN
1.
Absolutely not. We have customized our AAA (authorization, accounting
and authentication) database so that there is very little data actually
stored within the database. We have developed our own version of RADIUS
for this very reason. Furthermore we use Mikrotik and our own heavily
modified Gentoo kernel to completely silencing logging across all of our
systems.
2. We operate from within the USA. There are
only three instances where any information we collect would ever be
shared. They are:
1. Billing Disputes (charge-backs/fraud)
- Once a subscriber files a charge-back or billing dispute we will attempt
to email them to verify and/or resolve the dispute. If we do not hear
back from them within 7 days and they have an accumulated total of over
1GB of data transfer on our network then we will forward any information
we have collected over to the credit card processor or PayPal in an
attempt to resolve the dispute and to aid in any fraud investigation.
2. Court Order - If we receive a valid court
order we will work closely with the law offices of McDonald Hopkins who
specialize in Data Privacy and Network Security law and if applicable
our ethics group. Then based on their evaluations make a decision on how
to respond to the court order and publish it in a transparency report.
3. Ethics Violation - In the unlikely event
that a complaint comes to us with a report from an attorney and an IT
forensics analyst providing considerable proof that an ethics violation
has taken place which will likely result in the harm of another human
being our ethics team will publish the reports and original violation in
a transparency report. They will review the complaint and if enough
evidence exists to persuade them that an actual violation has indeed
taken place they will update the transparency report with our intended
course of action. We may start closing ports, creating null routes or
adding layer 7 filters on the node in question. In some circumstances we
may do nothing at all and in extreme cases we may even shut down the
node to help mitigate the damage. The ethics group will then forward any
information about the case to law enforcement agencies and qualifying
NGOs.
Be it a court order, abuse report or ethics
violation our
code of ethics will be followed at all times.
3. Currently we use Zabbix to monitor the
performance and load of our network it will notify us of anything it
considers abnormal. We use OSSEC to monitor firewall logs, detect
root-kits, login attempts and do system integrity checks. We use Layer 7
filters to mitigate most forms of abuse. Some filters are created on
demand and are based on the type of abuse we are attempting to stop
while others will run constantly searching for patterns.
4. When we receive take down notices we do
the following:
- Verify that the claim is valid, not a
duplicate and provides all of the required information laid out in 17
U.S.C. § 512(c)(3).
- Post the notice in a
transparency report along with our intended course of action.
Ranging from nothing, blocking ports, null routes, blocking files, rate
limiting P2P or simply leaving the jurisdiction. We then create a layer
7 firewall rule that enables the step above.
Finally we respond to the take down notice
letting the sender know that we do not condone the use of our VPN
service to violate copyright laws and reassure them that we do not store
any content our users upload or download on our servers and that our
service is completely automated.
We inform them that LiquidVPN is solely
a transitory digital network communications provider as defined in 17
u.s.c 512(a) and that we are unable to delete any content that may be
infringing or even identify a particular user that may be violating the
copyrights of the media in question. We assure them that we have taken
all of the steps within our power to stop the distribution of the media
in question.
5. It really depends on the scope of the
court order, reason for the order and jurisdiction the order is coming
from. I would love to say it's a black and white thing and that we would
pull out of the jurisdiction no matter what but that's just not true. If
the court order is about an offence that violates our
ethics policy and provides reasonable proof of the violation our
ethics team will publish the order and any proof provided. The ethics
team will be responsible for the decision to comply, fight or leave the
jurisdiction. If they have determined the complaint is a violation and
are able to comply by handing over the records of the offender then we
will forward over all of the information we have regarding the user in
question.
If the order does not know who the user is
and they are asking for a more far-reaching type of access that will
jeopardize the privacy of the users we contractually bound to protect
and for the sake of argument have included a gag order then the ethics
team will carefully go over the court order and decide if it is possible
to fight it in court. If we must close down some or all of our network
and relocate to another jurisdiction we are contractually bound to do so
by our ethics policy. Users would either be directly alerted or
indirectly alerted by the tripping of the
warrant canary.
6. We do not believe in restricting P2P on
our network because of how great of a file transfer service it is. So
all servers are P2P-enabled but we only allow legal P2P in the USA and
UK. Meaning we sometimes have to take measures in the USA and UK that
render all P2P including legal P2P unavailable for a length of time. We
allow ALL types of P2P in Romania, Netherlands, Germany and likely by
the time anyone sees this Canada.
7. We accept Bitcoins, Cash, Check and
PayPal. We only require an email address, password, first name and
country to sign up for service so there is not a lot of information
actually linked to a user's account. With that being said, we do
maintain a record of the data mentioned above along with the order #'s,
total VPN logins and used bandwidth per account.
8. Well LiquidVPN has developed a technology
called IP Modulation. It is a block of public IP addresses shared
between all of the OpenVPN servers in a cluster (2+) that are handing
out shared IP addresses. Everyone connected to these servers will share
the same pool of public IP addresses and the IP addresses continuously
and randomly rotate between users the whole time you are connected. It
allows users to have all of the benefits of shared IP addresses, plus
makes any kind of tracking from an external IP address much harder
because there are potentially people from 2 or 3 servers grouped
together and all broadcasting data on 30+ public IP addresses. I like to
think of it as a game changer for privacy.
So if it were me I would connect to one of
the modulating OpenVPN servers that offer AES-256-CBC cipher and SHA512.
With the optional IPS firewall enabled. If I am on a Laptop or PC with a
good processor I might elect to use one of the configurations that
include TLS-DHE-RSA-WITH-AES-256-CBC-SHA but using
TLS-DHE-RSA-WITH-AES-256-CBC-SHA with IP modulation requires a LOT of
processor power so it is only really recommended for certain users.
LiquidVPN website
AirVPN
1.
No, we don't keep any log that might be exploited to reveal customers'
personal data during connections, including real IP address. For example OpenVPN logs are sent to /dev/null (Air is based on OpenVPN). Our
privacy policy is available here:
https://airvpn.org/privacy
On top of that our VPN servers do not
maintain any account database.
2. Italy. We do not share any information
with any 3rd party.
3. Automatic triggering based on patterns to
detect and if possible block as soon as possible various types of
attacks (for example UDP floods) against or from our servers.
4. They are ignored. Now and then we reply
asking for a more substantiated proof and asking to disclose the
technical method according to which a takedown notice has been prepared,
but so far none of the entities we queried disclosed such information,
in absence of which the notices pertaining to p2p are simply vague and
unproven claims from some private entity.
5. No help can be given about past
connections because we don't log, monitor or inspect our clients
traffic, and we don't and can't require a proof of identity from our
customers. However, if the court order pertains to presumed actions
which infringe our Terms of Service and in particular that in any way
violate, directly or indirectly, or aid the violation of, the ECHR, we
can try to help the court in the best way we can with subsequent
investigations and if possible with the help of proper and competent
authorities.
6. Yes. p2p protocols are perhaps a set of
the most exciting protocols invented in the last 12-13 years, so they
are actively encouraged on every server. We do not discriminate against
any application or protocol, in compliance with our mission and to stay
a mere conduit of data.
7. We accept Bitcoin, many credit cards,
PayPal. Each payment is linked to an account only in order to provide
service delivery and to comply to our refund policy.
8. We put into practice the recommendations
of security expert and best practices on our setup, based exclusively on
OpenVPN with the following features:
-
Data Channel: AES-256-CBC
-
Control Channel: HMAC SHA1
-
RSA keys size: 2048 bit
-
PFS (Perfect Forward Secrecy): yes.
TLS re-keying is performed by
default every 60 minutes through DHE as well as at each new connection.
As an additional option the re-keying time interval can be lowered by
the client unilaterally.
The client key is used to authorize the
access to the system, not to encrypt the data channel, so that even if
an adversary catches the client private key, the client traffic can't be
decrypted.
AirVPN website
VPN.S
1.
We do log connections to the servers for providing troubleshooting
support to our customers, but these logs are securely and automatically
deleted once every 24 hours. Manual weekly reviews are done to ensure
the automated process has been carried out as intended by our systems.
2. The company (VPNSecure Pty Ltd) is
registered in Australia. The following customer information is stored
"username / password / email address", we do not share this information
with any third party.
3. We mitigate SPAM email sending, we employ
simple Port blocking to standard email ports, customers with Dedicated
IPs can enable email sending. In extreme cases we may employ a simple
"string" match in our firewall which does not Log any traffic it simply
denies the forwarding traffic containing the string parameter in our
firewall.
4. Requests in regards to DMCA are answered,
unfortunately we are unable to determine which user is responsible for
the DMCA notice and therefore cannot provide any further information to
these notices.
5. Requests from law enforcement are sent
directly to our Legal team. Requests are always different and are
handled as per the request made, but generally we are unable to provide
any definitive information due to the reasons outlined in questions 1 &
4.
6. Torrents are allowed over our network.
7. We provide PayPal / AlertPay / Perfect
Money / Bitcoin / Cashu / Skrill / Credit Card. We recommend that customers use anonymous
payment methods such as Bitcoin (preferred) or Perfect Money. The
Transaction ID is stored against the "username" to help mitigate chargebacks and reversals from main stream payment providers.
8. OpenVPN is recommended since it's the
most flexible and secure VPN protocol available, using 2048 bit Keys,
available over both UDP and TCP. We have also planned a traffic
obfuscation feature to further protect detection of VPN traffic for our
customers.
VPN.S
website
VPN.ac
1.
We keep connection logs for one day only, in order to help us
troubleshoot some common problems: invalid logins, router VPN
pass-through issues, etc. These include source IPs, connection start/end
time and bandwidth usage. However, we do not log any traffic data.
2. Our company is legally registered in
Romania. We won't share anything with any 3rd party unless we are forced
to do so under a Romanian court order/subpoena, and this has not yet
happened. EU Data Retention Directive (2006/24/EC), widely
misinterpreted and used as a reference, does not apply to us, since we
are not an ISP or a telecom provider.
3. We do not monitor anything, but we can
obviously intervene to stop ongoing abuse, such as spamming, mass-scan
etc, if demanded by our hosting partners. We can do this without logging
or monitoring anything simply by blocking malicious traffic on affected
servers using iptables.
4. We use shared IP addresses, so it is
virtually impossible to identify users involved in copyright
infringement - even if we wanted to do that. There is nothing to share
both due to technical limitations and to our commitment to respect
customers' privacy. We reply that the content is not stored on servers.
5. This has not yet been the case, so we do
not really know. Were such to happen, we would work closely with our
lawyers and consider all options available.
6. We allow file-sharing only in certain
locations. We don't allow it everywhere, especially in US locations,
because it would create some problems - not only for us, but to other
customers expecting us to deliver a reliable service.
7. Mainly Paypal and Bitcoin, but also
Credit/Debit and lots of prepaid cards, virtual currencies and other
methods. Personally identifiable information, such as names, may be
provided by customers upon placing an order.
8. We offer AES-256 cipher for data
encryption, PFS (hourly rekeying), SHA512 HMAC with 4096-bit RSA keys,
generated the right way: offline on a secure machine, using multiple
sources of entropy.
DNS queries are encrypted between VPN nodes
and DNS resolvers. Resolvers generate millions of DNS queries to
existing domains, mixing this script-generated "noise" with legitimate
queries of our VPN users, to ensure that potential
wiretapping/monitoring against our DNS resolvers will be totally
ineffective.
VPN.ac website
Perfect Privacy
1.
No. Our service and its infrastructure was designed in a way so that we
can not possibly track users even if we wanted to. We keep no connection
logs whatsoever.
2. Our servers are operated in accordance
with the law of the respective country (???) they are located in. If we are
required by law (court orders) to cooperate we will do so to the extent
that is possible: Since we do not store any data that can be used to
track or identify users, this cooperation is usually limited to a brief
correspondence.
3. We do not monitor any activity except for
general usage and bandwidth of our servers so we can provide this
information on our server status page. Should abuse occur it is dealt
with on an individual basis.
4. Because we do not host any data related
to copyright violations, DMCAs do not directly affect us. Should a
company try to use a DMCA to get to our users we kindly explain that as
a VPN we have no information about who is responsible for which traffic.
5. As answered above, we do comply with
court orders when required by law. By experience, our initial reply
explaining that we are an anonymizing service and do not have any data
that could be used to identify our users, is enough to settle the issue.
6. Yes, BitTorrent and other file-sharing is
allowed on almost all servers (some datacenters, especially US-based
ones block torrent traffic).
7. We offer a variety of payment options
ranging from anonymous methods such as sending cash, Bitcoin or
PaySafeCard. However, we also offer payment with Credit Card and PayPal
for users who prefer that option. We keep no data about the payment
except for when the payment was received which is linked only to an
anonymous account number.
8. While we offer a range of connection
possibilities we would recommend using OpenVPN with 256 bit AES
encryption.
Perfect Privacy website
Unspyable
1.
We keep no logs whatsoever.
2. USA and UK VPN services are provided via
our USA offices which also includes our billing system. Our offshore VPN
network (Cyprus, Czech Republic, Hong Kong, Iceland, Netherlands,
Norway, Panama, Russia, Sweden and Switzerland) is physically isolated
from our USA operations and shares no connection to it.
We will not provide any information to
anyone unless they are an authority having jurisdiction, in which case
we would cooperate with them. However, since we keep no logs of anything
we have very little to provide them. Anything we have to provide them
such as customer names can be gotten from the customer's credit card
company or the payment processor much more efficiently. Bitcoin is one
of our payment options and can help minimize access to such information.
3. We don't monitor anything. If we receive
notice of criminal activities we will use non-invasive techniques
(without logging) to try to determine who the user is and terminate
their access. None of the previous paragraphs applies to P2P activities
which are allowed on all servers except in the USA and UK where packet
filtering is used.
4. Our offshore servers where P2P is allowed
are in countries and datacenters that do not forward such notices. If we
were to receive such a notice we would reply to it appropriately. Since
we don't log anything our reply would not include any information on the
user.
5. If we were to receive a request from an
authority having jurisdiction we would cooperate with them. However
since we keep no logs of anything we have very little to provide them.
Anything we have to provide them such as customer names can be gotten
from the customer's credit card company or the payment processor much
more efficiently and without us even knowing about it. Bitcoin is one of
our payment options and can help minimize access to such information.
6. It is allowed on what we define as our
offshore servers (see question 2). It is not allowed on USA and UK
servers due to the issues involved. There is no benefit to the user to
use USA or UK servers over the offshore servers for P2P. Therefore we do
not believe this to be any limitation to our users.
7. Bitcoin, Amazon Payments and PayPal. Our
online authentication servers contain no customer personal information.
We keep customer email addresses offline in case we need to contact the
customer for some reason. We do not keep any other personal information
regarding the transactions. Obviously the payment providers have a
record of the transaction as well that is beyond our control.
8. We recommend OpenVPN with 256 AES and
2048 bit RSA. For maximum privacy we recommend our multi hop servers.
However, due to the multiple hops they will not be the fastest for P2P
or streaming applications.
Unspyable website
Hide.me
1.
We have developed our system with an eye of our customer's privacy, so
we created a distributed VPN cluster with independent public nodes that
do not store any customer data or logs at all. Link:
https://hide.me/en/legal#privacy
2. We're a Malaysian incorporated company
which is not subject to any mandatory data retention laws. We strictly
do not log any personal data to avoid legal liability, and to ensure
your online privacy. Furthermore we do not store any logfile on our VPN
servers, it's not our job to monitor or filter your data.
3. We only offer our services based on our
ToS, and we have a zero tolerance on any kind of abuse. Nevertheless it
is not our job to monitor or control our user's activities, that's also
a main reason why we don't throttle or block any kind of traffic.
4. Since we don't store any logs and/or host
copyright infringing material on our services, we'll reply to these
notices accordingly.
5. The company is incorporated in Malaysia.
If a court order is received from a recognized legal authority with
jurisdiction over hide.me then the company shall comply with that order.
However, the company cannot be compelled to hand over information which
it does not have. When a customer signs up we request as little
information as possible; a valid email address. If it ever becomes
required by law for us to keep a persistent log of our customers
connections or any personal data relating to their network activity, we
will immediately notify our customers and do everything in our power to
move jurisdictions or close the service to protect those who entrust
their privacy to us.
6. BitTorrent is allowed on all locations
without restrictions. However, we encourage our users to avoid the US/UK
locations for their filesharing activities.
7. We support over 80 international payment
methods, including Paypal, Credit Cards, Bank transfer, PaySafeCard and
UKash.
All payments are handled by external payment providers and are linked to
a temporary payment ID. This temporary payment ID can not be connected
to the users VPN account/activity. After the payment is completed, the
temporary payment ID will be permanently removed from the database.
8. Our most secure VPN connection is IPsec
over IKEv2 (AES-256 / SHA-512) and OpenVPN with AES-256 using a 4096-bit
SHA-512 HMAC authentication. We strongly recommend IKEv2 since it's performaning really fast and is more reliable than OpenVPN.
We are one of the few providers that support a wide range of protocols:
OpenVPN, IPSec (IKEv1 & IKEv2), L2TP/IPSec and PPTP.
Link: https://hide.me/en/features/protocols
Hide.me website