No longer operating under the illusion that the internet offers a mask of anonymity, increasing numbers of people are turning to VPN software to protect their privacy and mask their identity online.
But a recent case shows that the FBI used the logs of PureVPN to track down a user believed to be an internet stalker. This may make PureVPN users think twice about just how anonymous they really are, particularly when the company claims: "We do NOT keep any logs that can identify or help in monitoring a user's activity."
Just before the weekend, the Department of Justice revealed that a Massachusetts man had been arrested and charged with cyberstalking a former roommate as well as her friends, family and associates. Ryan Lin is accused of stalking Jennifer Smith online, as well as posting intimate photos of her, doxing her, and setting up fake profiles linking her with sexual fetishes.
Lin is said to have "carried out a relentless cyber stalking campaign," and he is alleged to have used Tor, anonymized online testing services and PureVPN in an attempt to protect his identity. Unfortunately, for Lin, he appears to have made the mistake of using a work computer in his alleged stalking campaign, and even though this had been formatted after his employment was terminated, the FBI was still able to gather data from the hard drive. As shown in a document shared by The Register, this includes:
Artifacts indicated that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer.
What will be of concern to anyone who believed that PureVPN offered complete anonymity is the FBI statement that:
Further, records from PureVPN show that the same email accounts -- Lin's Gmail account and the teleprtfx Gmail account -- were accessed from the same WANSecurity IP address.
While it's fair to say that this is an interesting case, what's most interesting is the revelation that PureVPN's claim of "no logs" is not, strictly speaking, true.