IPVanish breaks its “no logs” policy

IPVanish is one of the most popular VPN services available and one of its main appeals is the fact that it claims that it doesn’t keep any logs. Unfortunately, recent events indicate that the provider may not live up t its claims. In June 2016, IPVanish was involved in an incident in which logs were handed over to authorities in the United States. Before we move on to the details of the story, it is worth noting that after this happened, IPVanish was acquired by a new company, which states that it can confirm that no logs are kept at all. Still, the revelations have caused concern among VPN users and even before the mentioned incident took place, IPVanish was already saying that it was a no logs VPN solution.

What happened?

In May 2016, an investigator from the US Department of Homeland Security was chatting undercover with someone who shared links to child pornography. After tracing the IP address used by the suspect, the investigator found out that it was associated to Highwinds Network Group, the company that owned IPVanish back then. Highwinds was contacted and it eventually confirmed that the IP address belong to it, although it claims that it would not be able to provide additional details since it didn’t keep any usage logs. However, in the court affidavit used for the trial that followed, it was mentioned that Highwinds advised Homeland Security Investigations to send a second non-legally binding summons with more details about the request for subscriber’s information. Of course, HSI did this and it received connection logs that helped to identify the suspect.

This means that contrary to its claims, IPVanish had been keeping logs. Furthermore, it handed over the information to HSI willingly. Clearly, in a case related to child pornography, we are actually glad that IPVanish had information that helped to catch the suspect. Still, the fact that the company seems to have been misleading customers all along, raised serious doubts about its reliability. Customers who just want to protect their privacy and particularly those who live under repressive regimes, have reasons to fear that the information that they thought that was safe, could eventually be exposed. One of the main reasons why many people use a VPN is to keep their privacy, which is why providers that promise to keep no logs whatsoever are the most appealing. It is understandable that the news about IPVanish would make many users feel somehow betrayed.

IPVanish under new ownership

As we mentioned before, things have changed since the incident and currently IPVanish is under new management. In February 2017, StackPath acquired the VPN service and the new CEO, Lance Crosby referred to the controversy stating that once StackPath acquired IPVanish, it reviewed every aspect of the service and its software and it assured customers that no logs were found and that this is how it has been, and how it will always be. Crosby said that it was only possible to assume that what happened in May 2016 was an exception that was a result of a direct request from authorities. StackPath insisted that under its watch, no logs would be kept at all.

Under the threat of online surveillance

In 2013, Edward Snowden revealed the extent of the surveillance programs carried out by the NSA and other government organizations. The information exposed showed that in the US, data from all citizens is collected. While the issue was discussed widely, the situation has not really changed. Although there are no mandatory data retention laws in the US, we have heard of companies being forced to hand over information about their customers. We can imagine that VPNs have also been subject to this pressure and since IPVanish is based in the United States, it is more likely to be targeted successfully by US agencies. However, it is worth noting that Private Internet Access is also based in the US and in the past, it had stayed true to its no logs claims, even after being requested to hand over data. It simply didn’t have information to provide.

Should you trust IPVanish?

The incident with IPVanish highlights not only the issue with trusting no logs claims, but also the fact that there is a dark side to VPNs. Unfortunately, not only people who want to protect their privacy are interested in the encryption and anonymity that a VPN provides. Criminals can also take advantage of these features. It also has to be said that IPVanish is not the only provider that has handed over data, in spite of claiming that they didn’t keep logs. HideMyAss and PureVPN have been involved in similar situations. Although the fact that IPVanish eventually handed over details, casts doubts on its reliability and the fact that it is based in the US also raises concerns. If you are not doing anything illegal, you probably have no reason to worry, but if you want complete privacy, you may want to consider a VPN based outside the US and which has a good privacy record.