June 5, 2013 was when the world first heard from Edward Snowden. This year, it’s our turn to show our commitment to protecting your privacy and digital rights by going “no logs”.
No More Connection Logs.
We used to keep connection logs with timestamps of when you connected and disconnected from our service — for 7 days on our Privacy VPNs and for 30 days on our TV VPNs.
Now we delete that information when you disconnect.
We cannot hand over any logs — or your real IP address —
to law enforcement because we don’t have it.
What Has Changed?
Mostly it’s a change in philosophy of how we maintain your privacy while also acting to prevent abuse that can shut our VPN servers down.
Instead of keeping connection logs to deter abuse, we’ll rely on reacting to incoming abuse reports by temporarily blocking access to those sites and services that are being abused.
We may also monitor connections to the IPs being abused in order to locate and ban the abuser. We’ll keep the monitoring in place until the abuse stops, usually just a few days.
Most blackVPN users won’t be affected as we will only monitor the website(s) and service(s) being attacked in order to find the culprit.
That’s our open and honest explanation of how we mitigate abuse while respecting your privacy — with no logs.
Why Change?
We started out in 2009 with the ambition to be one of the most private and secure VPNs available — and in many ways we’ve succeeded. We’ve never received a court order forcing us to hand over any customer details and we’ve also resisted some serious pressure from international law enforcement (we have the emails and lawyers bill to back that up).
However we failed to be recognised as one of the most private and secure VPNs because of one important issue: our connection logs. Although these were automatically removed after a short period — and keeping these connection logs has not proved harmful to any of our users — the perception that we have logs that in theory CAN be handed over to law enforcement has turned some people away.
We kept the connection logs as a deterrent against serious abuse, but now we’ll switch to real-time monitoring of abuse instead of relying on the connection logs.
Why We’re in Hong Kong
We’re legally free to keep as little information on our customers as we choose — plus there are no mandatory data retention laws to force us to monitor or log the activity of our users.
The Metadata We Do Not Have
We do not have activity or traffic logs.
We never log your internet activity or browsing history. There is no web metadata for us to hand over — unlike what your ISP might be required to keep.
We do not have DNS logs.
We run our own DNS servers for DNS lookups where absolutely nothing is being logged.
We do not have connection or session logs.
Without connection/session logs — which kept a record of who was connected and when — we cannot match an IP-address and a time stamp to a user of our service.
We do not log your real IP address.
We never store your unique public IP address which is assigned by your internet provider (or mobile or wifi hotspot). This is the most unique thing that can be used to identify who you are and where you are in the world.
Try it here: whatismyipaddress.com
What information do we keep and why?
Even though our VPN servers have no logs that can reveal your real IP address, they do need to send information to a central system to limit the number of simultaneous connections per account — as all VPN services need to do.
Account data.
Every VPN provider needs to have a separate account for each user to control access to their service.
We store your username, hashed password, the expiry dates for each VPN location and the date the account was created.
Email address you used to sign-up to our service.
We need this to send you your account details and to keep you informed of serious security issues so you can stay safe — such as when the Heartbleed bug was discovered.
We also send the occasional announcements and special offers, but we try to keep it to a minimum.
Payment information.
Since we have a 100% no-questions-asked refund policy we need to know which transaction matches to which account.
We keep a link to the payment providers transaction ID, payment email, transaction date, price and VPN package selected.
Third Party Systems We Use
We try and use as few 3rd party systems as possible and to host our own services and tools where we can, in order to keep our customers information as private as possible. We minimise the information we share with these systems, however cannot control what information they also record.
How we keep your
real IP address private.
Our VPN servers never log
your real IP address.
We strip your real IP address from OpenVPN status logs so that we can still get useful information about the number of users connected — without logging real IPs anywhere.
For L2TP + PPTP we turn logging off to keep your real IP address private.
We make sure that whatever happens, no IPs are saved in the servers system log (thanks to the syslog-ng patch from RiseUp). So if the machine is seized the logfiles will be completely useless to identity anyones real IP address.
Our support system never logs
your real IP address.
We host our own version of OSTicket for our ticket support system — which has been modified to never log your real IP address when you create or respond to a support ticket via our website.
Our Live Chat widget never logs
your real IP address.
We host our own version of Live Helper Chat for our live chat widget — which has been modified to never log your real IP address when you chat with our support staff. All visitor location information is disabled in our Live Chat system.
Our website analytics never logs your real IP address.
We host our own version of Piwik for our website analytics — which has been modified to mask your real IP address when you visit our website.
We were testing Google Analytics on our website to optimise our Adwords spending — but we’ve removed that now.
We built our own internal
support tools too.
Here’s what our internal customer support tool looks like for our support staff… Basic.
We support open source
software and tools.
We don’t have any secret stealth VPN technology or require people to use a proprietary client to connect to our VPN service.
We support open source VPN clients and protocols like OpenVPN for Windows and Tunnelblick for OS X. We also support using SSL Tunnels to hide the OpenVPN connection in an extra layer of encryption.
We provide easy installers that are packaged with our VPN connections — but you are also free to install the open source versions of each tool yourself and grab the configuration files from our website.
“People and companies all over the world will come together to implement the technological solutions that can put an end to the mass surveillance programs of any government. This is the beginning of a moment where we the people begin to protect our universal human rights with the laws of nature rather than the laws of nations.”
— Edward Snowden
