PureVPN, a popular VPN provider, recently just gave up private logs in order to help the FBI track down an internet stalker.
Ryan Lin, age 24 from Newton, Massachusetts, was arrested on charges that he cyber-stalked his former roommate, Jennifer Smith. Lin was caught posting passwords Smith’s online accounts, posting intimate photos of her, posting fake profiles of her, inciting bomb threats, death and rape threats, and pretty much every possible crime that can be committed online. Suffice to say, this bastard deserved to be caught and jailed. But the methodology used, could be considered questionable.
Lin Leave Footprints
The feds who jailed Lin found that he was using privacy services to hide his tracks, like Tor as well as VPN services to anonymise and encrypt his outgoing internet traffic. However, for some of his online terror campaign, Lin actually used a work computer which left behind footprints for investigators to put two and two together.
There was a list of key details on Lin’s account that helped the feds track him down and isolate him as the source of Smith’s problems. On his work computer, the feds found that he was using a TextNow anonymity texting service, a Proton Mail account and a PureVPN account. “Further, records from PureVPN show that the same email accounts – Lin’s Gmail account and the teleprinter Gmail account – were accessed from the same WANSecurity IP address,” the document stated.
The feds then went to PureVPN to sort out the issue. “Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses,” says the Feds. This basically means that the same IPs were used both at his home address, and work computer, giving a more clear footprint trail of his activity and home base of information.
PureVPN Does Have a “Policy”
Lin, surprisingly, almost foreshaw his own demise at the hands of PureVPN, as he tweeted earlier this year in June that ““There is no such thing as a VPN that doesn’t keep logs. If they can limit your connections or track bandwidth usage, they keep logs.”
If Lin is found guilty, he can serve up to 5 years in prison. So is this method that PureVPN used okay? PureVPN’s policy indeed states that they “will only share information with authorities having valid subpoenas, warrants [and] other legal documents…provided we have the record of any such activity.
In many cases, there are those who would argue that it’s not okay. In the case of the San Bernardino shootings, Apple never revealed or unencrypted the phones and their information, and there have been incidents where an Amazon Echo device listening in on a crime could have proved invaluable to solve crimes, but Amazon did not provide the FBI keys to the data without forcing them through several legal hoops. In this case, PureVPN seemed willing to give up data to the feds to help Lin be caught.
Is PureVPN Wrong to Give Up User Logs?
Now PureVPN isn’t our highest-rated VPN (the users on this site also don’t like it), and they’ve done some sketchy things in the past with marketing and potential data leaks. But who is to say that any VPN company wouldn’t give up user logs to help the FBI in a situation like this, where the FBI had evidence that the user was using their service?
I believe that VPNs are great anonymity tools to protect user privacy at large, but I don’t think they should be used as a tool for criminals. However, there is a fine law with law, and while Lin was clearly guilty in this case, in some other countries some laws simply don’t need to exist. Like in China, where you can get in trouble for selling VPNs.
What do you think? Was PureVPN right to give away data on Lin?