Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Network Bitcoin Privacy Security The Internet News Hardware Technology Your Rights Online

VPN Provider's No-Logging Claims Tested In FBI Case (torrentfreak.com) 67

An anonymous reader writes from an article published on TorrentFreak: [A] criminal complaint details the FBI's suspicions that 25-year-old Preston McWaters had conveyed "false or misleading information regarding an explosive device." The FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats. With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere. "During the course of the investigation, subpoenas and search warrants have been directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent," the complaint reads. "All the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com. A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States," the FBI's complain reads. "However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden."

While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.

This discussion has been archived. No new comments can be posted.

VPN Provider's No-Logging Claims Tested In FBI Case

Comments Filter:
  • by Anonymous Coward

    Looks to me like they have nothing for the FBI. No logs, nothing identifying anyone in particular.

    This is what they promised.

    • by KGIII ( 973947 )

      If nothing else, this is great marketing for them - assuming it turns out to be true. I'll watch and consider changing/adding them.

  • by Anonymous Coward on Saturday March 12, 2016 @06:51PM (#51686685)
    1. It protects your freedoom to have your information private and not snooped on by others, or the government.
    2. It protects criminals' freedom to have their information private and not snooped on by others, or the government.
    Can't have one without the other, people. If you give up one, you give up both.
    • No, that's wrong. (Score:4, Insightful)

      by mrchaotica ( 681592 ) * on Sunday March 13, 2016 @06:25AM (#51688841)

      You can certainly give up on legitimate uses of encryption, but criminals aren't going to quit using it themselves.

      Therefore, the choice is not whether to give up freedom in return for safety, but whether to give up freedom in return for nothing of value at all. Unless you're a totalitarian sociopath, it's an easy choice!

  • Indeed (Score:5, Insightful)

    by nospam007 ( 722110 ) * on Saturday March 12, 2016 @06:55PM (#51686703)

    "And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime."

    Yes, they have to go to a local starbucks.

    • by watice ( 1347709 )
      what about the cameras there?? that wouldn't nearly be enough. not to mention you have to buy something, and if you forgot cash in the car but have your credit card, welp.
      • Go inside? Buy something? With a credit card?

        Are you crazy? If you go there to commit a crime, you just _walk_ by with a gadget in your pocket.

  • by Ynot_82 ( 1023749 ) on Saturday March 12, 2016 @06:57PM (#51686709)

    Love their service.
    Especially their API, which allows you to script stuff like port forwarding.
    Got a nice little cronjob that automates the whole thing.
    Highly recommended

    • Heck yeah. PIA is awesome. Glad to see that they are keeping their promise! :D

      • Re:+1 for PIA (Score:4, Interesting)

        by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Sunday March 13, 2016 @03:40AM (#51688483)

        Just remember to cycle your connection periodically - at least once a day if not longer.

        Even if a VPN provider doesn't log, if the authorities are fast enough, they can query who might be on a machine at a particular time and request that information be saved.

        All VPN providers will "log" to that extent - they need to know you're logged in after all, so if you're logged into a machine for days at a time, they do have that information available while you're connected. By cycling your connection (disconnect then reconnect), you destroy any record that you were previously on and only have information when you were on now.

        Also, don't be an idiot and use a machine as the only person on it. There are actually things called "real time DMCA" where they can deliver DMCA notices to users. But only if they can identify the user - so if you're the only person using a VPN server, makes life easy. Ditto if you use port-forwarding and such since while you're connected, that port is yours and can be accounted for.

        The "no logging" part of any VPN means that the moment you disconnect, all trace of your activities as well as the fact you even logged in, are gone. But while you are connected, a temporary "log entry" is created for book-keeping and system upkeep purposes, and those "logs" can be subpoenaed. So cycling often (once a day or so) makes it harder to track you.

        • Thanks for the info. I don't use my VPN all the time (in fact it's usually off, like right now), so it shouldn't be a problem. But good to know anyway.

    • by AmiMoJo ( 196126 )

      I'd be extremely careful using a company based in London though. The laws in the UK and the fact that the UK seems very welling to extradite people to the US makes me nervous. That's why many VPN services locate themselves in countries with clearer, more robust laws governing VPN providers. Ideally they should be in a different country to their actual servers too.

  • by ShooterNeo ( 555040 ) on Saturday March 12, 2016 @07:06PM (#51686723)

    I read the affidavit for a warrant for the guy's arrest.

    To summarize : He used PIA, but bought 2 tracfones that he used to make harassing twitter posts. They have surveillance of someone looking like him at the register, his car leaving, bank withdrawals for the exact amount of money used to buy the phones in cash, and 3 separate sets of recordings. Walmart security(who seem to be pretty on the ball, surprisingly) even got a picture of his license plate when he visited a second time.

    They also have the phones geolocated when they were used, they checked that he went to the closest walmart to his house, they found 2 chargers in his car for the phones, the username and password for a PIA account listed in his wallet, cell tower locations to his home and work...pretty solid.

    I didn't see any of the gaps I normally see when I read about police investigations, it almost sounds like the Feds made sure they had the right man. Really, the only fault I have with the authorities is the hysterical response to bomb threats. Evacuating a building because some random made an anonymous threat? That's no way to run a railroad. Most of the damage he did was because the authorities fucked up.

    • And all of that is circumstantial evidence. The thing they don't have is direct evidence that he made the posts.

      • The IP of the phone used to make those posts traces to a tracphone that the man is known to have purchased with cash. They know he bought the phone because of the bank withdrawals, the car used, and the walmart video.

        So, a twitter acount makes threats. Twitter gives the IP of the computer posting the messages and the phone number of the phone used for the account. Phone number goes to a tracphone. Tracphone bought at walmart, on the same day the man withdrawals the exact amount of cash used to puchase t

        • by naasking ( 94116 )

          This is the very definition of circumstantial. It's enough to justify further investigation, at best.

          You haven't presented evidence that he made those posts with that phone that he was seen purchasing. For all you know, he could have lost it or had it stolen right after leaving Walmart, or lent it to someone, or it might not have even been his phone at all and he's just unlucky. This is why circumstantial evidence isn't nearly sufficient for conviction. Coincidences happen all the time.

          If the phones that ma

          • by Raenex ( 947668 )

            This is why circumstantial evidence isn't nearly sufficient for conviction.

            You're wrong. If a jury decides that enough circumstantial evidence exists to prove guilt "beyond a reasonable doubt", then that's enough for conviction.

            You were probably around during the Hans Reiser [wikipedia.org] trial. No body, but plenty of circumstantial evidence. The prevailing Slashdot mood was defending Reiser, but based on the evidence I figured he was guilty as hell and was glad when he got convicted. It was even sweeter when he took a deal, admitted to the crime, and disclosed the location of the body.

        • No, it's not close to direct evidence. It is circumstantial evidence. Words have meaning.

      • Enough circumstantial evidence will secure a conviction (without something exculpatory in defense), at some point it stops being a just series of coincidences. People do get convicted on nothing but circumstantial evidence all the time. The standard is "beyond a reasonable doubt", not "beyond all doubt".
    • Airtight circumstantial evidence is indistinguishable from parallel construction.
      --
      With age comes a modicum of cynicism.

      • I've been amazed how basically any prosecution isn't neutered simply by the presence of parallel construction.

        We know the gov is doing this. How is any charge not immediately suspect? Reasonable doubt would seem to be met....
        • The problem is that a judge and/or jury has to (a) understand what parallel construction is, and (b) care.

    • I for one would rather be evacuated from a building for a hoax than be left in a building that one time in a thousand it isn't. Whats that old saying? Better an ounce of prevention than pounds of flesh splatted all over the street, or something like that :)

    • by RubberDogBone ( 851604 ) on Sunday March 13, 2016 @05:35AM (#51688731)

      The FBI and other police are all well aware of course that serious bombers with actual plans and devices almost never make THREATS.

      No, they act. They attack. They detonate their device and then later take credit for it, if at all. They do not phone ahead.

      People who phone ahead are making empty threats or they are late for work or out sick and want to be away from their job for the day without penalty. There is a LOT of "hey I don't want to have THAT meeting with my boss today so I'll just phone in a bomb threat and then I won't have to deal with the boss!" bullshit.

      • by Anonymous Coward

        Used to work as a security guard at a local skyscraper years ago. We actually had forms printed for bomb threats. Complete with questions to ask in order of importance. You would be surprised how many people will answer with their name or address when asked.

    • And will still all be decided by 12 people who were too thick to get out of jury service :|
  • by Anonymous Coward

    I find the tone of the comment at the end odd. While not condoning the actions, I'd figure Slashdot and its readers would be much more interested in the de-anonymysing dimension of the story than the he got what he deserves mentality of that comment.

  • So the FBI can be clever and persistent. Good.

    Of course there are some operatives who make them look like knobheads. Why don't law enforcers stick to being the good guys?

    Power induces moral blindness and complete WTF

  • "Thankfully"? Not only, that it's not neutral, but it's even against freedom. A VPN is there to protect your privacy and freedom of speech. If the cannot protect the guilty, they cannot protect the innocent, either. Read the Tor Projects's summary on why anonymity needs to be universal and why the "bad guys" will always have ways to be anonymous, while the good ones trust software like tor or providers like PIA, i.e. instead of using hacked windows pcs to cloak their origin. So a logging vpn only encourages

Keep up the good work! But please don't ask me to help.

Working...