Mutt
Professional
- Messages
- 1,459
- Reaction score
- 1,105
- Points
- 113
Ryan Lin was sentenced to 17 years in prison. He was convicted of crimes ranging from cyber harassment, computer fraud and aggravated abuse of identity theft, and distribution of child pornography.
These are all serious crimes that I do not support or approve in any way, but why am I particularly interested in sentencing this criminal?
Because he committed crimes using a VPN called PureVPN.
When Lin signed up for PureVPN, the VPN claimed it did not store user activity logs on its servers, and as a result could offer nothing if law enforcement came knocking on the door.
However, Lin was surprised when he was arrested by the FBI - thanks to the protocols of his PureVPN service that PureVPN had passed on to the FBI.
Now what Ryan Lin has done is just despicable and he deserves every day in jail.
However, behind every criminal like Lin who uses a VPN to commit criminal acts, there are many innocent people who simply want to prevent anyone (including the government) from ever monitoring or eavesdropping on their activities.
So when VPNs like PureVPN claim they don't have journals, they actually do, and when the government knocks on their doors, they put real people at risk.
I've spent a huge chunk of my life working in the cybersecurity field, and I've reviewed almost every major VPN service that exists.
Want to know what I think?
Never sign up for a VPN just based on the claims they make on their site (this is called "marketing sayings" and almost everyone applies just to attract new users).
Instead, pay close attention to the following five things:
1. Jurisdiction of the VPN service provider
Perhaps the most important thing you should look out for before registering to use any VPN service is the jurisdiction of the VPN service provider.
The VPN provider's jurisdiction is more important than any no-log requirement.
When it comes to jurisdiction, there are three key factors that matter:
You should pay special attention to the physical location of the VPN provider you wish to use, as well as the location of the VPN service server, and you should pay special attention to whether it is in the Five Eyes, Nine, or 14 Eyes jurisdiction.
In the Five Eyes countries, the law provides intelligence agencies with access to and exchange of electronic data with other member states as appropriate.
Five Eyes countries can force organizations to disclose any data, as well as require them not to disclose this fact.
They are also some of the worst violators of user privacy.
In countries with Nine, member states can work together, access and share data with each other without regard to privacy laws in individual member countries - this is practically an extension of Five Eyes and the practices are similar.
14 Eyes is a sequel to Nine with similar practices.
Basically, you will be safer if you are using a VPN that is not under the jurisdiction of Five Eyes, Nine Eyes, or 14 Eyes.
For example, while the popular VPN Private Internet Access is located in the Five Eyes member country (USA), NordVPN's competitor is not in any Five Eyes, Nine Eyes, or 14 Eyes country.
As a result, based on jurisdictional information, NordVPN is much safer than private internet access.
Of course, the decision about which VPN service to use should be based on power that surpasses the jurisdiction of the VPN service.
2. Required access and rights
Another piece of information that you should pay special attention to when using a VPN service is the access and permissions required for the VPN service you are using.
This is especially important for mobile VPNs.
In one article, I mentioned the fact that some VPN services share and sell user data.
In an original study referenced online, researchers found that some popular Android VPN requires the following access:
When VPN requires access to read your phone's status and ID, access your app and device history, and access your phone's media, you know something is wrong - you are in a danger zone.
After further research, jyb discovered that this Android VPN, which required all of the above access, is operated by a Chinese big data company that specializes in collecting user data and selling it at the highest price.
3. The company behind the service
One of the main factors to look for when choosing a VPN service is the company behind that service ?.
Is the VPN service run by one person without being tracked, or is it run by a reputable company with a background in protecting privacy?
If your VPN is a one-person service, no matter what the VPN company claims ... run!
Since not much is at stake for the VPN operator, the owner can leave a deposit at any time or even use your data for nefarious actions.
4. VPN service cost
There is no free, good VPN.
At the very least, expect that if you are not paying in rubles (or some other currency), then you are paying with data.
5. DNS leaks
One area that very few VPN users pay little attention to that can make a big difference is the area of DNS leaks.
If you are using a VPN service that leaks your DNS information, consider that you are not using a VPN at all - because tracking you will be as easy as one-two-three.
Unsurprisingly, only a small amount of additional research will reveal the fact that the VPN service that passed Ryan Lin's data to the government has very weak privacy controls.
They have been leaking DNS data for years, but users who are not sensitive to this fact continue to use these services.
A simple Google search will reveal hundreds of resources to help you perform a reliable DNS leak check on your VPN service.
Before relying on a VPN service for critical actions, be sure to do a DNS leak test first.
If there is a DNS leak, run as far as possible.
Conclusion
When you use a VPN service, we are confident that you need complete anonymity.
While it can be difficult to determine which VPN service is reliable based on face value, we think you can't go wrong if you pay attention to the five aforementioned things.
These are all serious crimes that I do not support or approve in any way, but why am I particularly interested in sentencing this criminal?
Because he committed crimes using a VPN called PureVPN.
When Lin signed up for PureVPN, the VPN claimed it did not store user activity logs on its servers, and as a result could offer nothing if law enforcement came knocking on the door.
However, Lin was surprised when he was arrested by the FBI - thanks to the protocols of his PureVPN service that PureVPN had passed on to the FBI.
Now what Ryan Lin has done is just despicable and he deserves every day in jail.
However, behind every criminal like Lin who uses a VPN to commit criminal acts, there are many innocent people who simply want to prevent anyone (including the government) from ever monitoring or eavesdropping on their activities.
So when VPNs like PureVPN claim they don't have journals, they actually do, and when the government knocks on their doors, they put real people at risk.
I've spent a huge chunk of my life working in the cybersecurity field, and I've reviewed almost every major VPN service that exists.
Want to know what I think?
Never sign up for a VPN just based on the claims they make on their site (this is called "marketing sayings" and almost everyone applies just to attract new users).
Instead, pay close attention to the following five things:
1. Jurisdiction of the VPN service provider
Perhaps the most important thing you should look out for before registering to use any VPN service is the jurisdiction of the VPN service provider.
The VPN provider's jurisdiction is more important than any no-log requirement.
When it comes to jurisdiction, there are three key factors that matter:
You should pay special attention to the physical location of the VPN provider you wish to use, as well as the location of the VPN service server, and you should pay special attention to whether it is in the Five Eyes, Nine, or 14 Eyes jurisdiction.
In the Five Eyes countries, the law provides intelligence agencies with access to and exchange of electronic data with other member states as appropriate.
Five Eyes countries can force organizations to disclose any data, as well as require them not to disclose this fact.
They are also some of the worst violators of user privacy.
In countries with Nine, member states can work together, access and share data with each other without regard to privacy laws in individual member countries - this is practically an extension of Five Eyes and the practices are similar.
14 Eyes is a sequel to Nine with similar practices.
Basically, you will be safer if you are using a VPN that is not under the jurisdiction of Five Eyes, Nine Eyes, or 14 Eyes.
For example, while the popular VPN Private Internet Access is located in the Five Eyes member country (USA), NordVPN's competitor is not in any Five Eyes, Nine Eyes, or 14 Eyes country.
As a result, based on jurisdictional information, NordVPN is much safer than private internet access.
Of course, the decision about which VPN service to use should be based on power that surpasses the jurisdiction of the VPN service.
2. Required access and rights
Another piece of information that you should pay special attention to when using a VPN service is the access and permissions required for the VPN service you are using.
This is especially important for mobile VPNs.
In one article, I mentioned the fact that some VPN services share and sell user data.
In an original study referenced online, researchers found that some popular Android VPN requires the following access:
When VPN requires access to read your phone's status and ID, access your app and device history, and access your phone's media, you know something is wrong - you are in a danger zone.
After further research, jyb discovered that this Android VPN, which required all of the above access, is operated by a Chinese big data company that specializes in collecting user data and selling it at the highest price.
3. The company behind the service
One of the main factors to look for when choosing a VPN service is the company behind that service ?.
Is the VPN service run by one person without being tracked, or is it run by a reputable company with a background in protecting privacy?
If your VPN is a one-person service, no matter what the VPN company claims ... run!
Since not much is at stake for the VPN operator, the owner can leave a deposit at any time or even use your data for nefarious actions.
4. VPN service cost
There is no free, good VPN.
At the very least, expect that if you are not paying in rubles (or some other currency), then you are paying with data.
5. DNS leaks
One area that very few VPN users pay little attention to that can make a big difference is the area of DNS leaks.
If you are using a VPN service that leaks your DNS information, consider that you are not using a VPN at all - because tracking you will be as easy as one-two-three.
Unsurprisingly, only a small amount of additional research will reveal the fact that the VPN service that passed Ryan Lin's data to the government has very weak privacy controls.
They have been leaking DNS data for years, but users who are not sensitive to this fact continue to use these services.
A simple Google search will reveal hundreds of resources to help you perform a reliable DNS leak check on your VPN service.
Before relying on a VPN service for critical actions, be sure to do a DNS leak test first.
If there is a DNS leak, run as far as possible.
Conclusion
When you use a VPN service, we are confident that you need complete anonymity.
While it can be difficult to determine which VPN service is reliable based on face value, we think you can't go wrong if you pay attention to the five aforementioned things.
