The heat is on and VPNs are feeling the pressure. More and more governments are cracking down on online anonymity, for one thing, while Hollywood is doing its best to crack down on piracy. As a result, something unthinkable can become a reality: VPNs that are forced to log traffic. Is this fear realistic or is it just an instinctive panic reaction?
What is the registry?
The way a virtual private network works is that it redirects and secures your connection, which makes it that much harder to track you down. However, VPNs are not bulletproof and there is a weak link in this process, namely their logs. In this case, the logs are a record of who connected to the VPN’s servers and when, as well as a complete list of all visited sites and other activities.
The logs would make it very easy to trace, which is why VPNs promise not to keep them and are what is called a log-free VPN. However, as you can imagine, the practice of not keeping records is a thorn in the side of a number of people and institutions, including law enforcement, who would very much like everyone to be traceable.
While part of their reasoning, especially in repressive countries like China, may be to monitor what people are doing, in most cases the reasons are a bit more prosaic: criminals use VPNs to hide what they’re doing. If it weren’t for VPNs, the police could probably solve cybercrimes much more easily.
VPN and the police
The relationship between VPNs and law enforcement is complicated: On the one hand, as companies that promise privacy, they don’t want to share anything with the police. On the other hand, however, like anyone else, they must cooperate with any and all valid orders sent to them. It is your legal duty.
For example, Switzerland-based Proton, the company behind ProtonMail and ProtonVPN, was forced to cooperate with the arrest of a climate activist when Swiss authorities were asked to execute a French warrant. Although the company attempted to fight the order, the judge ruled against the company and the man was arrested, thanks in part to information provided by ProtonVPN.
However, not all VPN services will help you in the same way: for example, PureVPN helped the FBI catch a cyberstalker in 2017 without the pressure of a warrant. A year earlier, IPVanish provided Homeland Security with the records of another US resident without batting an eye, though it should be noted that the company has since changed hands.
Of course, if you want information about a VPN user, such as a police officer or legislator, you probably don’t want to rely on court orders and goodwill alone. Until recently, the only countries that actively wanted VPNs to log users were repressive places like Russia, China, and other countries where VPNs are almost illegal.
Right now, however, at least one democracy plans to crack down on VPNs: India. Starting from the end of June 2022, VPNs will need to register and register users. However, it remains to be seen how effective the law will be, as there are many legal problems with its implementation, as well as judicial challenges to face, but it is alarming nonetheless. If India’s new law is successful, there is no doubt that other countries will follow.
Not just cops: VPN and torrenting
In the West right now, it’s not legislation that can be the death knell for VPN privacy: instead, it’s lawsuits. In an attempt to crack down on piracy of its movies, Hollywood has taken VPN providers to court several times. So far, it has lost every major case against the big VPN providers, but has won a number of minor victories that may be worrying signs of things to come.
For example, LiquidVPN, a small up-and-coming provider, was sued for its marketing, which promoted it as a great way to hack movies and TV shows. The case ended with a $10 million judgment against LiquidVPN, and the service was shut down entirely as a result.
The LiquidVPN case is not the only example of Goliath pulverizing David. The same group behind that lawsuit also went after TorGuard, a small independent VPN based in Orlando, Florida. Unsurprisingly, TorGuard couldn’t stand up to that kind of judicial firepower and collapsed. It will now block all torrent traffic on its US-based servers, something the company confirmed in an email.
The same thing happened to another small provider, VPN Unlimited (part of KeepSolid), which now also blocks all torrent traffic on its US servers. It also prohibits US users from downloading torrents through blocks implemented in the US. its protocols, according to company spokeswoman Liza Shambra.
More worrying, however, is a similar case in which the judge ordered VPN.ht, a Really small provider, not only to block torrent traffic, but also to keep logs on their US servers. In a way, this is the scariest of the three cases we’ve discussed, as it’s the one that actually attacks not just what you can do with a VPN, which is bad enough in itself, but it will also attack the privacy of users.
As with all historic decisions, it remains to be seen if this trial is just a blip or if we’re standing at the top of a slippery slope and slowly starting to slide down. Regardless of how things turn out, one thing is for sure: we will never again take the privacy that VPNs give us for granted.