The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on October 10, 2017

PureVPN’s ‘non-existent’ logs used to track, arrest alleged internet stalker

PureVPN’s ‘non-existent’ logs used to track, arrest alleged internet stalker
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

PureVPN, one of many virtual private network providers claiming not to keep logs or identifying information of its users was instrumental in the arrest of a Massachussetts man on Friday. The logs, which PureVPN claims don’t exist, were used to track and arrest 24-year-old Ryan Lin.

Lin is accused of stalking ex-roommate, Jennifer Smith, also 24.

According to PureVPN’s privacy policy:

We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers.

Yet, according to documents obtained by The Register, these logs do, in fact, exist. And not only do they exist, they were instrumental in bringing an alleged criminal to justice.

The document reads:

 Further, records from PureVPN show that the same email accounts–Lin’s gmail account and the teleportfx gmail account–were accessed from the same WANSecurity IP address.  Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.

Tracking activity from April of this year most certainly required PureVPN to have kept some kind of log, logs it presumably maintains to this day — regardless of what the terms of service would have you believe.

In fairness, the man snagged by the FBI is almost certainly a scumbag who belongs in jail, if the allegations are true. This is a man who once accessed Smith’s “Rover” account — an online pet sitting service that matches sitters with pets — and told a current pet-sitting client of hers: “Hey I’m so sorry to tell you this but Wink [a cat] is dead. I had a panic attack suddenly and smothered Wink to death. I’ll pack her remains in a ziploc [sic] bag and you can come pick her up. Sorry!”

Imagine getting that message on vacation from the person watching your pets.

Worse, Lin allegedly doxed Smith, cyberstalked her friends and family, released sexually explicit photographs online, published private journal entries detailing sexual encounters, and created a fake profile for her on a BDSM site that facilitates sexual encounters — stating she was interested in enacting a rape fantasy.

This is not a nice guy we’re talking about, allegedly.

Still, PureVPN has an obligation to keep these details private, as much as we want people like Lin held accountable for their actions. The bulk of privacy-conscious individuals aren’t Lin, nor do they seek additional anonymity for malicious reasons. Instead, the most common reasons, according to market-research firm GlobalWebIndex, are:

  • To access entertainment content from iTunes, Netflix, YouTube, etc.
  • To access networks and sites restricted in certain countries
  • To retain anonymity while browsing
  • To communicate with friends and family abroad

And so on…

As many as one in four web users rely on a VPN, and unless you believe more than 800 million people worldwide are using one for nefarious reasons, that’s a lot of privacy-conscious individuals that could be let down by companies like PureVPN. Lin aside, for PureVPN to deceive customers into believing they hold some level of anonymity online, while secretly logging their actions, is criminal.

We’ve reached out to PureVPN for comment, but the request has gone unanswered.