VPN Providers and Logs. Working with Law Enforcement Requests.
What is this scary word "logs," which in the imagination of some users embodies the most terrifying thing for their anonymity that could possibly exist? Are the services that claim their VPN does not keep logs lying? I will discuss all of this in the article, but I warn you right away: this is my point of view, and I, like all mortals, can be wrong.
Most of the fears users have regarding VPN logs are based on myths, and most of the promises made by VPN services not to keep logs are lies. Logs vary; not all of them include user information. For example, error logs should be enabled on a VPN server. If something happens to the server, the administrator must examine the logs to understand the cause of the problems; it could be a hack aimed at attacking the service's clients, and it is in the users' interest for these logs to be enabled.
On the other hand, some users believe that the presence of logs on VPN servers means that the owners of the VPN servers save all their correspondence, logins, passwords – this is a myth. Logs only imply the retention of information about when/who/where. For example, the date and time, the user's IP address, the IP address of the website server they connected to via VPN – these are logs. Obtaining passwords, correspondence, and authorization data implies traffic interception combined with HTTPS spoofing – and that is already criminal activity.
Why Does a VPN Service Need User Activity Logs?
The main reason is the ability to control compliance with the service's rules and prevent clients from systematically harming the servers. For example, if you start using a VPN without logs and engage in "bad deeds" that lead to problems for the VPN provider, they will not be able to identify and block you.
The second reason is to deflect blame. In the event of problems with law enforcement, the VPN provider is interested in pointing to the real culprit, avoiding taking the hit themselves, as the owner of the VPN formally rents the servers and is responsible for all actions taken from the IP addresses they have obtained.
Recall the story of hacker Cody Kretsinger, who hacked the Sony Pictures website. In erasing his tracks, he destroyed his hard drive, but the popular VPN provider he used, HideMyAss!, reportedly provided all his data to the FBI. Later, the Russian resource "Lenta.ru" contacted a representative of HideMyAss! and received the comment: "All VPN services store information about those who use them. Those who claim they do not are simply lying."