Update – May 25, 2018
The Story Unfolds
We have a well-documented, proactive stance on cyberstalking. Several organizations have appreciated and applauded our stance in the recent past, which is a source of pride for us. Having said that, a recent cyber stalking incident was extensively reported in leading tech publications, where a certain individual was arrested on suspicion of masterminding a cyberstalking campaign against a young woman and her family.
Despite the actions of the accused, fingers pointed towards PureVPN for all the wrong reasons. To avoid further confusion for our customers, and to prevent a skewed and false portrayal of PureVPN, we believe now is the right time to initiate communications.
As a VPN provider, PureVPN was unfortunately dragged into this incident because of a lack of clarity on network logging mechanisms implemented throughout the industry.
Two Broad Logging Types
It’s important to clarify important technical terminologies before moving forward. Doing so will help us address the terms that might come across as confusing or at times, too broad.
There are two types of logs within the context of a VPN service:
- Browsing Logs:
Browsing logs are extremely personal and private to users, which are not maintained at PureVPN.
Our No Log policy directly complements our commitment to the basic human right to privacy.
- Network Logs
(Also known as Troubleshooting, Maintenance, Speed, or Connectivity Logs).
Network logs, on the other hand, are created and maintained to troubleshoot and optimize a service. These logs contain no traces of browsing habits or other private user activities. These logs, among other system logs such as bandwidth consumed, contain mostly the user timestamps.
What Is A Timestamp?
When speaking of networking logs, you will often notice mention of timestamps; timestamps associate with IP address, connection initiation and disconnection from the VPN providers servers.
Do Network Logs Expose You?
The answer is no. It is such by design. They simply can’t.
If we were to say that the entire picture is a glimpse of what you were doing online, network logs maintained by PureVPN make up no picture by themselves. They are just random numbers and reveal nothing. If a user intentionally indulges in attacking, hacking, abusing, threatening or other similar unanimously unethical activities (as also detailed in our Terms of Service) the victim (any organization providing a service online) of such attacks would then identify these instances in their network logs. If someone indulges in such activities and if an official complaint is filed, authorities then reach out to us with a valid court order or subpoena (in some cases alleged victims or authorities directly themselves) providing us the counterpart network logs from the attacked service’s servers.
Just to reiterate, we absolutely, under no circumstances, monitor, collect or share information related to browser activities or browsing habits.
Think of it like this: A network log is automatically generated every time a user visits a website. For the sake of this example, let’s say a user logged into their Gmail account. Every time they accessed Gmail, the email provider created a network log.
If you are using a VPN, Gmail’s network log would contain the IP provided by PureVPN. This is one half of the picture. Now, if someone asks Google who accessed the user’s account, Google would state that whoever was using this IP, accessed the account. If the user was connected to PureVPN, it would be a PureVPN IP.
The person or organization inquiring about the user’s account will then trace the IP back to data centers where the VPN provider’s servers are hosted. The data center will point them to the VPN provider and trail finally leads to the VPN provider. The inquirer would then share timestamps and network logs acquired from Google and ask them to be compared with the network logs maintained by the VPN provider.
Now, depending on the VPN provider’s policy, they might ask for a warrant or subpoena before sharing information with whoever is asking. The information shared by the VPN provider will be a timestamp, containing the information about when an IP connected to which server and the non-VPN IP of the user. This correlation and the comparison of two network logs, maintained by two independent organizations leads to the possible path towards confirmation.
TLDR; to confirm someone’s real IP, two different set of Network Logs are required: one from the VPN provider and the other from the server where the IP visited, browsed or downloaded something. Any one set of Network Logs on its own is pretty much useless since it contains no valuable information. The two must be compared and verified for any link to be confirmed.
PureVPN Protecting Against Surveillance Programs Like PRISM
Unlike organizations who are legally bound to the laws of and mass surveillance programs in US, UK, Canada, Australia and similar regimes, PureVPN helps avoid jurisdictions affected by the infamous mass surveillance programs like PRISM, ECHELON, XKeyscore, Tempora and others. Keeping this in mind:
Do you think VPN Providers and other organizations based in any of those affected jurisdictions can really live upto their so-called Zero-Log policy?
In order to obtain the network logs from our end, any law enforcement agency must come to us through the consumer privacy-friendly, non-spying jurisdiction of Hong Kong. In order for the case to be considered and acted upon, any charges or allegations must be in accordance with the laws of Hong Kong. Since Hong Kong is not part of any of those infamous surveillance programs those requests will simply be blocked even before it reaches us.
Continue To Trust Us With Your Privacy, Trust Us To Make The Right Call
Please don’t hesitate to contact us with any further questions or concerns, and we look forward to provide you with the same level of service that you have come to expect from your trusted partner in privacy.