IPVanish delighted users a couple of days ago when it announced that it has increased its simultaneous connections allotment from 5 to 10 per account. The service also added live chat support to its website, giving users the ability to have their questions and troubleshoot issues answered in real-time.
The good times didn’t last long though, as recent reports show that the provider may have supplied the United States Department of Homeland Security with details on one of its customers. This is particularly troublesome as the company claims to adhere to a strict no logs policy. Here are the details:
The story begins when a Reddit user pointed out that recently published court documents revealed that the VPN provider has at least in the past logged information about users, namely connection sites, connection timestamps, disconnection timestamps, Real IP address, full name, email, username, and end-of-business date.
On May 4, 2016, a US investigator was able to trace back an IP address linked to a person suspected to be involved in posting links to child pornography back to a company called Highwinds Network Group, which owned IPVanish at the time.
After receiving an initial, non-legally binding summons, Highwinds Network Group claimed that it was unable to assist in the investigation, citing it’s no logs policy. But after a second summons was received, the company did share data that identified the suspect.
It’s very hard to tell, and here’s why: IPVanish changed owners in February of 2017; the provider was acquired by StackPath, another Content Delivery Network. In light of the revelation, its current CEO claimed that soon after the acquisition, the StackPath team, along with a third party, performed due diligence on the platform and found that no logs, nor a logging system existed.
So did IPVanish change its system and forgo logging before it was acquired? Or is it just a matter of time before another court case implicates StackPath?
A few words on this incidents. It is a very noble thing to help apprehend any person involved in criminal activities, particularly something as despicable as child pornography. That’s not the real issue here. The problem is that the company lied about its policy. I’m ok with company divulging information in extreme circumstances, such as this scenario, in fact, it is the right thing to do. What I do mind is the dishonesty. A company should do what it thinks is right, communicate it clearly with the audience, and let the consumer decided.