Police Seize Two 'Perfect Privacy' VPN Servers (torrentfreak.com) 32
An anonymous reader writes from a report via TorrentFreak: VPN provider Perfect Privacy has informed its customers that two of its servers had been seized by the police in Rotterdam, Netherlands. Torrent Freak reports: "The authorities went directly to the hosting company I3D and the VPN provider itself wasn't contacted by law enforcement. 'Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster,' Perfect Privacy says. Despite losing control over two servers, Perfect Privacy assures its customers that no personally identifiable data is present on the seized hardware. Like many other VPNs, the company maintains a strict no-logging policy. 'Since we are not logging any data there is currently no reason to believe that any user data was compromised,' the VPN provider says. 'When the Dutch police contact us with a subpoena, we work with them in a professional manner and ensure their request and our responses are in compliance with the Dutch law,' I3D informs us. 'We think with the affected customer as well, for example by making temporary capacity available so the customer does not suffer extended downtime during the investigation.'"
log (Score:4, Insightful)
Re: (Score:2)
Police will seize the server, hack the root password and set it up as a honeypot on the VPN provider's network.
Re:log (Score:4, Interesting)
I don't follow; if the server is returned, it will be wiped and reloaded.
any isp would do that.
so what's the issue? the police can't just put it back on the air again. if they do, its fraud (not that any cop cares about breaking laws, these days...)
what I don't understand is: what gives the police the right to grab a whole server, when its only 1 customer they are after?
that's huge over-reach.
some day, we need to take control of our world and stop the authoritarians who seem to think all property belongs to THEM instead of the actual owners.
Re: (Score:2, Interesting)
But, the police apparently have the power to seize servers without warrant.
So, they could have done that before, 3 months ago. Then, they turned on logging (and a rootkit to hide what they'd done).
Now. 3 months later, they seize it because it's been logging what they wanted.
If you're using a VPN provider in a country where police can seize servers, without warrant, and the VPN provider isn't physically present to know about it until afterwards, then all bets are off - anything can happen.
Re:log (Score:4, Insightful)
I don't follow; if the server is returned, it will be wiped and reloaded. any isp would do that.
Except these servers are being hosted by a 3rd party. One that could be coerced into NOT doing that (authorities are getting good at this "guilt by association" thing), or the actual hardware itself could have been modified. The 3rd party is just a host, they are absolutely not obligated to comply with any "privacy" deals that Perfect Privacy may have promised to its customers. If you want to do something right you have to do it yourself. I seem to remember hearing that somewhere.
Re: (Score:2)
That's why your openvpn client checks the CA certificate of the server. Which is secured on the server by a strong passphrase and/or disk encryption.
perfect privacy are not amateurs.
Re: (Score:2)
without root access it is rocket science and will stay it. Of course you can freeze ram modules. This may work for 1 of 10 experiments under lab conditions. For a real case you either have some exploit (insecure firewire dma or similiar) or you won't be able to get RAM from the system.
Re: (Score:2)
Re: (Score:2)
I am sure that any VPN calling themselves "Perfect Privacy" wont be allowing these servers to be used again until they are sure they are clean.
Re: (Score:2)
There was no logging before the machines were captured. It's probably turned on now
This assumes that the Feds hadn't tapped the line and were logging the data without the people at Perfect Privacy knowing about it. They could log the data for a while (weeks? months?) which would then give them the justification they needed to be able to secure a warrant and seize the servers.
Re: (Score:2)
openvpn does per default no logging at all. It just has for each phase of connection some hooks, where scripts get data via environment variables. So you can for example add a connect hook, which logs external to internal ip or you can have a disconnect hook, which just logs internal ip to traffic in/out (thus enabling accounting per user). I know no vpn with traffic limit, because they do not want to log anything. ... plausible saying you have nothing can spare you from a raid next
And if you think about it
Re: (Score:2)
*contacted.
Re: (Score:3)
There was no logging before the machines were captured. It's probably turned on now
We're assuming Perfect Privacy doesn't have cryptographically-secure control over its devops? That would be quite an indictment of a VPN provider.
You all missed the part where.. (Score:1)
Is this just harrassment? (Score:2)
Is this just a campaign to make a service that provides true anonymity too expensive to operate? It seems a bit reminiscent of the cock.li drive seizures which themselves seemed designed to disrupt operations as much as possible. [arstechnica.com]
Re: (Score:1)
Re: (Score:1)
...raising prices...
will only drive out the 'good citizens' while the real criminals keep paying whatever price will be asked.
So, if you use a VPN you must be a criminal.