Vyprvpn is NOT as secure as stated

Level1Techs INBOX.deb
#1
In the tek :0099 you stated that vyprvpn stores all personal data overseas, I just want to state that that is NOT the case as verified by a vyprvpn employee I strongly urge that you correct this error in the next episode of "the tek" as well as with an overlay on the current video, the security of data is paramount to a large percentage of your viewers and I am sure they would appreciate the correction.

Here is my conversation with a representative:

Hello Brandon,

Here is a copy of the chat transcript.

[10:21:19 AM] Jessica: Allow me to introduce myself as your chat representative...
[10:21:26 AM] Jessica: Hello Brandon,
[10:21:30 AM] Jessica: How may I assist you?
[10:21:59 AM] Brandon: Hello, I was told by a friend that your vpn service hosts all personal data oversees is this correct?
[10:22:05 AM] Brandon: overseas*
[10:23:07 AM] Jessica: We have server clusters all over the world, but not all are located overseas. We are located in Austin, TX.
[10:24:17 AM] Brandon: right, but from what I understood the servers in the us are just routing servers and don't have any personal data, is that not correct?
[10:25:47 AM] Jessica: For more information about what is actually collected, please visit the following link:
[10:25:50 AM] Jessica: http://www.goldenfrog.com/privacy
[10:25:56 AM] Jessica: This information is not stored overseas.
[10:27:38 AM] Brandon: Do you know of any VPN services that store all data overseas?
[10:28:58 AM] Jessica: I'm afraid I do not. I am sure a Google search would turn something useful up. There are many sites that compare providers, I wouldn't be surprised if that was a feature that is highlighted in the comparison sites.
[10:29:38 AM] Brandon: Will I be emailed a transcript of this conversation?
[10:30:46 AM] Jessica: If you would like, yes. I can do that.
[10:31:08 AM] Brandon: Yes please, thank you for your time.
[10:31:22 AM] Jessica: You're more than welcome and thank you for your interest, Brandon. Have a great day.


Thank you,

Jessica
Golden Frog Support

#2

Take it as you will

Jeff: We log the time connected and amount of data transferred, this is maintained for use with billing, troubleshooting, service offering evaluation, TOS issues, AUP issues, and for handling crimes performed over the service. We maintain this level of information on a per-session basis for at least 90 days. We may keep upload & download bytes at an aggregate level for longer periods of time.


Jeff: What Golden Frog Does Not Collect From VyprVPN Sessions:


Jeff: Beyond counting the number of bytes uploaded and downloaded, Giganews...


Jeff: *Does not perform deep packet inspection of your traffic, except where requested by the customer for firewall purposes.


Jeff: *Does not perform shallow packet inspection of your traffic, except where requested by the customer for firewall purposes.
Jeff: *Does not discriminate against devices, protocols, or application. Golden Frog is network neutral.


Jeff: *Does not throttle your Internet connection.


Jeff: *Does not rate limit Internet connection.


Jeff:


Alex: I understand that you keep logs for security purposes. I would just like to know if my personal information (so my name, billing details) are being kept on US servers. I am not worried about logs that tie my customer number to select activity going on US server, just the personal information.


Jeff: ahh ok


Jeff: the personal info is stored in our data systems this info is not viewable by anyone except you


Jeff: our company is based out of Switzerland


Alex: So customer information is stored on servers based in Switzerland?


Jeff: yes

#3

Well one of the two reps is either dead wrong or lying, meaning they have either dishonest or poorly trained employees. Either way they are not a company I would trust with my data.

#4

Well you didn't ask the rep the same questions. The second rep said that there IS data stored in the US, and listed what it was. but the more personal information is stored overseas.

The first rep told you to use google, So I doubt she knew very much at all.

#5

The problem with many paid VPN services is that their business model is basically asking you to trust them with your data. While it can help prevent your ISP from seeing your traffic, it does not mean that you are not personally being monitored.

With services like this in order to keep the liability under control, they will keep info about what you are doing, just in case you go out and do some black hat stuff, or go out and download CP. if the VPN service keeps no records, then they will be held liable for all of the traffic, unless they have a method in place for passing liability.

 

If you want the most trustworthy VPN service, then set up a VPN server in your own home, and use it for the more common purpose of securing your traffic when using a public hotspot or other untrusted connection.

Other than that, regardless of what paid 3rd party VPN service that you use, use it with the expectation that they are monitoring your traffic.

#6

"With services like this in order to keep the liability under control, they will keep info about what you are doing, just in case you go out and do some black hat stuff, or go out and download CP. if the VPN service keeps no records, then they will be held liable for all of the traffic, unless they have a method in place for passing liability."

In some countries VPN providers are forces to keep logs, even so they might advertise with "no logs".

Also the VPN providers would not necessarily be held responsible for your actions. It can be kinda complicated.

#7

In addition to what vmN wrote, it's not the case that the exit node is always held liable for the traffic. For example, some people run Torr exit nodes from their homes and have been caught up in legal charges. Upon explaining what Torr was and then being faced with the prospect of determining guilt beyond reasonable doubt for a criminal offense that someone likely did not comment, police tend to drop the charges.

VPNs are a relatively new concept legally and they don't quite fit anything previously legislated perfectly so, as far as the US is concerned, there simply isn't any case law, at all, specifically specifying that VPNs must keep records actually. Vyper interprets the laws a bit broadly and has opted to keep records.

Other vpn providers, like PIA, say to themsleves something like, "Well, US law is made up of the laws themselves and case law. No existing laws actually say anything about VPNs, there's no case law on them and charges tend to be dropped if there isn't a way to criminally prove the endpoint is the source. So yeah, let's make it impossible to tell who is who from connections and then let's not keep records. We can make money by giving people what they want until the law catches up. *evil laugh*"