Part 3



VPNS THAT KEEP SOME LOGS

TIGERVPN

1. Since hundreds of people share the same IP, our accounting data (start time – end time, & generated Traffic) does not allow any further breakdown. We save those records for 3 days (in line with our 3 day money back guarantee) and only keep the traffic per month value until the next billing cycle starts.

2. Tiger At Work is a Limited Liability Company with operation in Slovakia.

3. We don’t use any tools for monitoring or mitigation.

4. We use Freshdesk as Support Software, however no data is stored in that 3rd party app as it’s a read only tool for us. E.g. when a customer submits a ticket via our App we reply and he gets that message within the app. The only thing stored in the “cloud” is the conversation itself. We aim to keep all data inhouse, which is what we did for hardware, software and infrastructure.

5. We’ve never received a DMCA takedown notice, however, our architecture won’t allow us to single out a customer. We hope that our premium product does not attract too many “issues” and we hope that our customers keep within the safe range.

6. This has never happened, so let’s not paint the devil on the wall.

7. As we can’t single out our customers, we can’t notify or warn them.

8. We usually allow torrents, but not in Amsterdam and the US.

9. We are one of the few PCI complaint merchants, so we can handle all payment data for credit card transactions ourselves on our own servers. Meaning that we don’t use tools like Chargify or other POS systems. We only save a token which is a system to system key and it does not link any card data to our customers. A similar token system is used with PayPal, but here the payment is processed with them. We also allow Bitcoin transactions, that’s the ultimate secure payment source, we also roll out prepaid cards which you will be able to buy in shops and internet cafes in cash soon.

10. Our Apps are set per default in OpenVPN mode, which is the algorithm we approve and recommend. Our Win + Mac + Android apps are equipped with kill switch functionality, however we need to fine tune them a bit over the next couple of weeks.

11. Yes we use our own DNS servers

12. We are in full control of our equipment, hardware and upstream. We operate 55 locations in 40 countries from Australia to Emirates, HongKong to Denver, London to Serbia. We have a lot of locations covered.

tigerVPN website

SWITCHVPN.TO
switchvpn1. SwitchVPN does not monitor, record, store any kind of users activity or IP addresses so it’s impossible to pin point any user at any time.

SwitchVPN uses Shared IP address, which means the same Public IP is being used by other users too making it further inpossible to track any user. In order to maintain our top notch service, troubleshoot any performance issues and protect the service from getting abused, we log only the duration of VPN connections, bandwidth consumed and VPN server connected. This by no means allow us to match an IP address and a time stamp. These logs are regularly recycled and destroyed automatically.

2. SwitchVPN operates under Indian jurisdiction.

3. We have firewalls and filters in place to block spamming and filters on US servers to block P2P activity to prevent DMCA notices.

4. We use Zopim Live Chat for Live Support and Ticket system.

5. SwitchVPN does not keep logs and assigns its customers with Shared IP address which makes it impossible to indiviually identify an indiviual with copyright abuse or other online activity.

6. As we do not hold any logs and also we use shared IPs, its impossible to identify any user at any time.

7. We are Indian based company, so not applicable.

8. We allow BitTorrent on all servers except VPN servers based in US. However we request our clients to use Netherlands, Romania, Russian and other servers which tolerate P2P and are specially optimized for P2P usage.

9. We accept all the leading payment methods like Bitcoin, Perfect Money, PayPal, Credit Card, PaySafeCard, Skrill, WebMoney and AliPay.

10. We recommend our clients to use OpenVPN with 256 AES, 2048bit RSA, SSTP ( 2048bit Encryption) and L2TP Over IPsec which also uses 256bit AES Encryption for most secure VPN connection

11. Yes, we have started implementing our own DNS Servers on some of our servers which is in beta and we would apply it on all of our servers in future.

12. We have full control over our VPN Servers and network. We own our hardware with multiple datacenters and we only outsource servers where there is complete privacy and no logging. We have servers located in 29 Countries ie. USA, United Kingdom, Germany, Netherlands, Canada, Sweden, Czech Republic, Singapore, Malaysia, Hong Kong, Latvia, Luxembourg, Switzerland, France, Italy, Romania, Russia, Japan, Belgium, Spain, Denmark, Poland, Australia, Brazil, Ireland, Iceland, India, Chile and Austria.

SwitchVPN.to website

VPN UNLIMITED
vpnunlim1. We do not keep the logs of the websites our customers visit, we only store the data related to the amount of traffic downloaded by the user. This information is available to be viewed in his account only. Also, it is crucial to point out that every time a customer logs into VPN Unlimited, the system assigns a dynamic IP-addresses. They are not static and there is no way that we can log the exact IP-addresses or particular time stamps of VPN Unlimited customers.

2. VPN Unlimited is owned by New York based company, Simplex Solutions Inc.

3. As we have mentioned before, we do not keep any visited websites but we keep traffic data logs. However, if we notice any spam related activities or other illegal actions, the user’s account will be blocked without any extensive or preliminary warning.

4. Our support team uses Zendesk to address the issues from our customers, but we do not store or give the users’ personal information to third parties.

5. All our servers are located in datacenters, operated under jurisdictions of countries they are located in. We use Bittorrent and SMTP traffic filters to minimize such threats. But in any case, we do not provide information about our customers to copyright holders or any other third parties.

6. To this date, we have not received any court notices; therefore, no actions were done. As we do not log any of the customers’ information or session data, VPN Unlimited customers are protected by legal definition. Also, there are consumer protection laws in the US that can be used to protect our customers too.

7. We do not have any system such as a “warrant canary” for our users. There has been no situation that has required such measures.

8. The primary goal of VPN Unlimited is not to download torrents, but to offer online security. There are limited cases when our technical team had to decrease the connection speed because of torrenting.

9. We accept PayPal payments as our primary payment system as well as using your Apple or Amazon ID account from the Purchasing tab inside the app. Soon we will be able to accept Bitcoins and process the payments via some national payment systems. We ensure that all the mentioned above payment system offer 99.99% security.

10. VPN Unlimited uses the best security options via a high level of data encryption. The most secure VPN connection and encryption algorithm lies in transmitted data through iOS or Mac Os X’s built-in IPSec client using strong AES-CBC-128 encryption. Windows users are protected with the use of AES-256 with SHA1 and OpenVPN protocol. We are working on such tools as “kill switches” and plan to implement them into VPN Unlimited in one of the upcoming updates.

11. We use our own DNS servers that forward domain data from Google DNS. Forwarding makes any kind of user tracking impossible, but Google DNS is uncensored, fast and stable.

12. We rent our servers from numerous well-known companies like LeaseWeb, OVH, RedStation, ServerCentral, IBM SoftLayer, etc. Servers are located in 13 countries which are: Canada, France, Germany, Luxembourg, Netherlands, Romania, UK, USA, Panama, Hong Kong, Singapore, Japan, Ukrain and Finland.

VPN Unlimited website

FACELESS

faceless1. For each user we keep only number of sessions, and bandwidth use (uploaded and downloads). Those logs are kept for one week. It is possible to match an IP and time stamp during one day.

2. The company operates under Cyprus jurisdiction.

3. There are no any specific tools. We just react on any possible reports from our hosting provider.

4. No. We use our internal server email system for supporting our customers.

5. We block an activity for an IP and a port specified in the notice.

6. We will provide an email address and logs we physically have at the
time an order arrives. It will be done only if the order is in force in the country where the server is located.

7. No, we don’t have any kind of warrant canary.

8. Yes, file-sharing traffic is allowed on all our servers.

9. VISA, MasterCard, and PayPal via Plimus.com. Payments are linked to user accounts via order IDs.

10. We recommend RSA-1024. It’s more than enough for everybody. Nobody will be able to decrypt it before the whole universe collapses.

11. No, we use Google public DNS.

12. They are hosted by a third party: Leaseweb, IWeb and Infobox in the USA, The Netherlands and Russia.

Faceless website

BLACKVPN

1. Yes we keep connection logs which contain the time of connection and the internal IP address assigned. This information is kept for 7 days on our Privacy VPNs and 30 days on our TV VPNs (USA, UK & Singapore). We NEVER log a user’s real IP address, only the shared BlackVPN IP address they were assigned.

2. BlackVPN operates under the jurisdiction of Hong Kong which has no mandatory Data Retention laws. This helps to impede the requests from international law enforcement and spy agencies like NSA/GCHQ. China is not interested in policing the internet outside its Great Firewall and does not interfere with Hong Kong in this regard.

3. Since we do not monitor or log any VPN activity we have no internal tools for detecting abuse on our VPN servers. Instead we respond to abuse complaints from 3rd parties (which usually contain an hostname/IP + port) by temporarily blocking access to that hostname/IP or port.

In rare cases we may monitor a specific IP/port that is being abused via the traffic going through our VPN firewalls (using iptables) in order to warn or ban the offending user. The last time this happened the user responsible found that their computer was infected with malware which was causing the abuse without their knowledge.

4. We run our own mail servers for @Blackvpn.com, host our own support systems (osTicket and Live Helper Chat – which have both been configured not to log IPs), plus host our own website analytics (Piwik). We use a 3rd party email service only for sending generic emails in bulk (such as security alerts, renewal reminders, updates from blackVPN, etc.) which contain no identifying information. We also use a 3rd party system for our blog (medium.com @BlackVPN) and of course our social media.

5. On our Privacy VPNs these are ignored because they are located in countries which do not enforce DMCA notices (or equivalent copyright alerts). On our TV VPNs we warn any customers who were sharing that IP address at the time and will ban repeat offenders from the TV VPNs.

6. To identify an active user of our service we legally require a valid court order from a Hong Kong court. So far this has never happened. We have received requests from various international law enforcement agencies asking us to assist them, however our response has always been to ask for a valid court order from Hong Kong. Recently we were asked by Hong Kong police to come to Hong Kong in person to make a statement regarding an investigation by the UK authorities. With the help of the EFF we found new legal counsel in Hong Kong who quietly resolved the issue with the Hong Kong police, resulting in the UK authorities withdrawing their request. Any future requests from international authorities will be handled by our lawyers in a similar way.

7. Hong Kong does not have an equivalent to America’s NSLs and is unable to legally issue a gag order. Since none of the BlackVPN team are in Hong Kong it’s difficult for them to intimidate us that way.

We do not have a warrant canary as we’ve never seen one used effectively. In the worst case scenario we would simply “do a Lavabit” and hit the kill switch to shutdown all our systems until the authorities or the offender went away.

8. Yes it is allowed on our Privacy VPNs but not allowed on our TV VPNs (USA, UK and Singapore). Extreme pressure is being applied to the network providers in these countries to minimise copyright infringement so if we don’t take action our servers will soon get cut off.

9. We accept PayPal, Credit Cards (via CardPay) and Bitcoin (via BitPay). All payment information is stored by our payment providers and is linked to a blackVPN account via their own transaction IDs.

10. OpenVPN is the only protocol that can be considered secure after recent leaks show the NSA can decrypt PPTP and IPSec protocols (source). Since our beginning in 2009 all openVPN connections have been forced to use the AES-256-CBC cypher for maximum security and after the recent Heartbleed bug we switched to new 4096-bit Diffie-Hellman keys too. We encourage the use of open source software such as OpenVPN and Tunnelblick, neither of which have a kill switch or DNS leak protection. Our VPN routers use firewall rules to only allow internet access while the VPN connection is established, which is a more reliable solution than a “kill switch”.

11. Yes we run our own DNS servers however we use censurfridns.dk (which does not log or censor DNS queries) as a DNS forwarder.

12. We do not have physical control over our VPN servers and network since we lease bare-metal dedicated servers in various data centres around the world for our VPNs and infrastructure. Management of these servers is performed ONLY by the blackVPN founders – no employees of the company have access to the VPN servers or infrastructure. Our VPN servers are located in the USA, UK, Canada, Netherlands, Switzerland, Luxembourg, Estonia, Lithuania, Russia, Ukraine, Panama and Singapore. Other infrastructure servers (such as databases, mail servers, etc) are hosted in places with strong privacy protection laws such as Iceland, Switzerland or the Netherlands.

BlackVPN website

ANONYMIZER
anonimizer1. Anonymizer does not log ANY traffic that traverses our system, ever. We do log when a user connects, and the IP address they connected from (which is needed for customer support and ensure system optimization), but that log purges every 24 hours. We don’t log when users disconnect, how much data they used, where they went, at anytime, ever. We would also like to point out that all of our customers exit out and share the same IP, which changes on a daily basis, and we don’t even track that. If asked what IP we used last week, we wouldn’t have any way to know for certain.

2. Anonymizer Inc. operates under US jurisdiction. The US is still one of the best countries to operate privacy services out of due to a lack of mandatory data retention laws.

3. We can’t. We don’t monitor or log traffic or user activity. When we receive reports of abuse, we have no way to isolate or remediate it because we don’t monitor.

4. Anonymizer uses a ticketing system for support tracking but does not request verification of a user actually having access with us unless it is needed specifically in support of the ticket. Anonymizer uses a bulk email service for our email marketing system but does not store any details about the users account beyond their email address.

5. Since Anonymizer does not log any traffic that comes over our system, we have nothing to provide in response to DMCA requests. None of our users have ever been issued a DMCA take down notice or the European equivalent. We’re over 18 years old now, and if not the oldest service out there, certainly one of the oldest, and we’ve never turned over information of that kind.

6. Anonymizer Inc. only responds to official valid court orders in which we comply with information that we have available. Since we do not log any traffic that comes over our system, we have nothing to provide in response to requests associated to service use. If a user paid by credit card we can confirm that they purchased access to our service only. There is, and would be, no way to ever connect a specific user to specific traffic. There has been instances were we did receive valid court orders and followed our above procedures. We have never identified details about a customer’s traffic or activities.

7. Anonymizer does not use a warrant canary or similar solution to gag orders as we feel they are largely ineffective and offer a false sense of security.

8. Any traffic is allowed on our servers. Due to not logging or monitoring any traffic it would be impossible for us to know if any user were to be engaging any specific kinds of activity on our service.

9. Anonymizer Inc. uses a payment processor for our credit card payments. There is a record of the payment for the service and the billing information associated to the credit card to confirm the service has been paid for. We also offer Cash and will soon offer crypto-currency options to include Bitcoin. Cash payment options do not store any details (e.g. Billing address and customer name) of the transaction beyond the account username and the service being paid for by cash; there is no way for us to connect an individual to a specific account.

10. We would recommend OpenVPN for a user that is looking for the most secure connection. We feel it is the most reliable and stable connection protocol currently. Our OpenVPN implementation uses AES-256. We also offer L2TP, which is IPSEC. Anonymizer’s client software has the option to enable a kill switch that prevents any web traffic for exiting your machine without going through the VPN.

11. Yes, we operate our own DNS.

12. We own ALL our hardware, and have full control of our servers. No third party has access to our environment. We don’t leverage VPS or third party hosts, which we feel would be compromising our customer’s security.

Anonymizer website

IRONSOCKET
ironsocket1. We keep limited session logs for all of our services which include VPN, HTTP, SOCKS5 and Smart DNS Proxy. Session logs record the time and date of the user’s session connection and disconnection, the IP address used for the session, and a numerical representation of how many bytes were transferred. These logs are typically kept for 72 hours, usually less, after which they are purged. The main reason we retain this data is to prevent fraud and abuse. Since we use Shared IPs on our servers, and do not log activity, it is very hard, if not impossible, to know what a user is doing.

2. We operate under the laws of the SAR of Hong Kong, which has no data retention law whatsoever.

3. For reasons of security, we don’t disclose our exact security systems and processes. Additionally, we do not monitor what activity users do when using our services, regardless of the service used (VPN, HTTP, SOCKS5, Smart DNS Proxy).

4. No. We do not use any external email providers. We also do not use any third party support tools. We utilize Facebook and Twitter as a means of social contact with users and we provide light support for general questions however any account specific issue must go through our ticket system. At no time do we ever link a user’s social media account to an IronSocket account.

5. IronSocket is not subject to the DMCA or its European equivalent. We do NOT host any user uploaded content on any of our servers. While IronSocket is not subject to DMCA, some of our hosting partners are. If they receive and escalate a DMCA notice to us, we reply to the provider that we do not log our user’s activity, we utilize shared IP addresses, and it is next to impossible to determine any activity of our users. We then confirm P2P is not being used on servers where P2P is not allowed.

6. We cooperate with proper legal processes valid under Hong Kong jurisdiction. The first step is to determine the validity of the court order, and if valid, determine if we have any data available to identify the active user of our service. Because of our privacy policy, terms of service, and anonymous payment methods, it would be almost impossible to identify any user engaging in any specific activity while using any one of our services. This situation has never happened.

7. As of February 2015, IronSocket has never been compelled by court order, secret or otherwise, to share any business or customer information with any government or law enforcement agency. We do not currently have this posted on our website but it will be included in our transparency report section which is scheduled to be published to our website later this year.

8. We allow Torrent/P2P file-sharing traffic on specific servers that have been optimized for file sharing performance. The list of servers that allow P2P file sharing can be found here. We do not allow BitTorrent/P2P on all of our servers due to the legal pressure on the data centers we use in the US, UK, Canada, and other countries.

9. We accept payments in cash, credit cards via PayPal, Bitcoin via BitPay and gift cards via PayGarden. We do not retain specific payment information, such as credit card information, linked to individual user accounts. That is maintained by the payment processor, not us. If you wish to pay in an anonymous fashion we recommend paying by cash, Bitcoin, or gift card. These methods provide the highest levels of anonymity for users.

10. We recommend the IronSocket VPN network; based on OpenVPN, a full-featured SSL VPN. Our users are given the encryption options of Strong, Light and None. We recommend using the default Strong encryption setting, which utilizes AES 256-bit Data Encryption with SHA256 Message Authentication, using a 4096-bit key for secure authentication.

11. Yes, we use our own DNS servers. We currently provide DNS servers in 8 different regions for increased redundancy and improved query speeds. We push our own DNS server IP addresses to our VPN clients.

12. Our global network of VPN and Proxy servers are all self-managed and are hosted in a number of third party datacenters. We vet all datacenter relationships prior to engaging in business, and regularly re-evaluate them to assure security practices, personnel, and policies are established, trained, and enforced. We have servers located in the following countries: Argentina, Australia, Brazil, Canada, Cyprus, Denmark, Egypt, France, Germany, Hong Kong, Iceland, India, Indonesia, Ireland, Italy, Japan, Luxembourg, Mexico, Netherlands, New Zealand, Norway, Panama, Philippines, Romania, Russia, Saudi Arabia, Singapore, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Ukraine, United Kingdom, and United States.

IronSocket website

VPN.AC

vpnac1. We keep connection logs for 1 day to help us in troubleshooting customers’ connection problems but also to identify attacks (e.g. bruteforce). This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred.

2. Our company is incorporated in Romania since 2009. Data retention has been declared unconstitutional in our country and even before of Constitutional Court’s decision, it wasn’t applying to VPN service providers.

3. We do not monitor traffic. We monitor bandwidth usage per server but that’s a different topic. Abuse issues are solved effectively by adding firewall rules on-the-fly, even automatically, without monitoring or logging actual traffic.

4. Support (ticketing, livechat) is operated in our own environment. Email is not used to transmit information provided by users, such as part of ticketing conversations. We only provide a notice that a reply has been made and is available in our online ticketing system, after logging in. We also don’t use any 3rd party tracking services like Google Analytics. Backups, APIs and everything else related to our service are hosted in our own environment and we make use of strong encryption for storing them.

5. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users.

6. It never happened. In such event, we would rely on legal advice.

7. No. We may consider using one at a later date, but at this moment we believe its effectiveness and legality are questionable, and we don’t want to have one just as “yet another feature” for marketing & PR purposes. Having a warrant canary or not, the customer still has to trust the provider for using the service.

8. Yes, it is allowed.

9. Mostly PayPal, bitcoin, credit/debit cards, pre-paid cards (including anonymous vouchers).

10. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE) is used by default in most cases. We also provide support for ECC keys (secp256k1) and RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use mostly AES-256 and AES-128. Yes, we provide tools and instructions for setting up “kill switches” and solving DNS leaking issues.

11. We use our own DNS resolvers, outside of USA for good reasons. We also generate millions of DNS queries artificially on a daily basis and they are mixed with the queries coming from users.

12. We have physical control of our servers in Romania. In other countries we rent or collocate our hardware. We have some measures in place to prevent and alert us in case of unauthorized physical access – but that’s realistically limited, though. Some of the hosting providers we host with are LeaseWeb, Voxility, Private Layer, Softlayer, UK2, QuadraNet, Root SA, Ecatel, NForce, Sweden Dedicated, OVH, Online.net in the following countries: Netherlands, Germany, Romania, Luxembourg, Switzerland, Sweden, France, USA, Canada, UK, Mexico, Japan, Australia, Singapore and Hong Kong.

VPN.ac website

SEED4.ME

seed4me1. We do not analyze or DPI traffic. We also do not keep logs on VPN nodes. General connection logs are stored on a secure server for 7 days to solve network issues if there are any. These logs are deleted after seven days if there are no network problems.

2. Taiwan. We are not aware of any legislation requiring us to share client information and we are not aware of any precedents in Taiwan where client information was disclosed. We do not hold much information anyway. On the other hand, we do not welcome illegal activities which potentially harm other people.

3. We use simple firewall rules to block peer-to-peer file sharing on servers where the DMCA applies. Still, users can use torrents in Russia and Ukraine.

4. Currently we utilize Google Apps. We do not store any sensitive information there, only support issues.

5. In case of abuse we null route the IP to keep ourselves in compliance with the DMCA. Currently we use simple firewall rules to block torrents in countries where the DMCA applies.

6. We will act in accordance with the laws of the jurisdiction, only if a court order comes from a jurisdiction where the affected server is located. Fortunately, as I said before, we do not keep any logs on VPN nodes, on the other hand – we do not encourage illegal activity. This has never happened.

7. No.

8. Yes, torrents are allowed in Russia and Ukraine.

9. We accept Bitcoin, PayPal, Visa, MasterCard, Webmoney, Yandex.Money, Bank transfer and In-App purchases in our iOS App. We do not store sensitive payment information on our servers, in most cases payment system simply sends us a notification about successful payment with the amount of payment. We validate this data and top up the VPN account.

10. L2TP (2048 bit) for Desktop and 2048 bit IPSec in our App will be a good choose. Our App (https://**********/seed4me) has Automatic protection option that guarantees for example that all outgoing connections on open Wi-Fi will be encrypted and passed through secure VPN channel. We don’t provide a kill switch for Desktop. We are still compatible with free software that prevents unsecured connections after VPN connection goes down.

11. We use Google and users can override these settings with their own.

12. We have VPN clusters in the US, UK, Hong Kong, Singapore, Russia, Netherlands and Ukraine. All servers are remotely administered by our team only, no outsourcing. No data is stored on VPN nodes (if the node is confiscated, there will not be any data). We prefer to deal with trustworthy Tier-3 (PCI-DSS) data centers and providers to ensure reliable service with high security.

Seed4.me website

BLACKLOGIC

blacklogic1. We keep logs only for payment fraud prevention reasons. We do not monitor what our clients do online. We keep port mapping logs for 72 hours.

2. Canada

3. SMTP/S ports are closed. All ports which could be used for P2P are closed on the US servers. Port mapping logs can trace back to the specific user account.

4. We have our own email system, and don’t outsource email hosting. For online chat we use Zopim.

5. The port in question is closed for 48 hours.

6. We know our clients and don’t accept any suspicious clients. No court orders were ever received

7. As mentioned above, we haven’t received any court orders since 2007.

8. We don’t allow P2P on American servers. Other servers are still fine.

9. Credit Cards, PayPal, WebMoney and Western Union.

10. OpenVPN (256 symmetric AES encryption, and 2048 bit certificates). VPNWatcher app is one of the recommended tools for “kill switches.”

11. Yes, we have our own DNS servers

12. All Canadian VPN servers are owned and controlled by our company. Other servers are dedicated servers rented from multiple datacenters.

Blacklogic website

IBVPN

ibvpn1. We do not spy on our users and we don’t monitor their Internet usage. We do not keep logs with our users’ activity. However, in order to avoid abuses that may occur during the 6-hour trial we record and keep for 7 days the time, date and location VPN connection was made, connection duration and bandwidth used during the connection.

2. We are located in Romania, which means we are under EU jurisdiction.

3. Due to security concerns and in order to avoid servers’ attacks, we cannot disclose these tools.

4. We do not use external e-mail providers. To provide quick support and a user friendly service experience, our users can contact us via live chat but activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ account.

5. So far we have not received any DMCA notice or other European equivalent for any P2P server from our server list. For the rest of the servers, we have filtering systems that prevent P2P and file sharing activities in order to protect us and our users from DMCA notices. In case such a notice is received we simply reply that measures have been taken in order to prevent future abuses.

6. As stated in our TOS, we do not support criminal activities, and in case of a valid court order we must comply with EU law under which we operate and provide the limited information we may have. It would be illegal not to. So far, however, we have not received any valid court order.

7. As we are located in the EU we do not have a warrant canary or a similar solution to alert customers to gag orders.

8. We allow BitTorrent and other file-sharing traffic on specific servers located in the Netherlands, Luxembourg, Sweden, Russia, Hong Kong and Lithuania. Based on our legal research, we consider that it is NOT safe for our users to allow such activities on servers located, for example, in the United States or United Kindgom.

9. We accept various payment methods like Credit cards, PayPal, prepaid credit cards, Payza, SMS, iDeal, Ukash, OOOPay and many more. Payments are performed exclusively by third party processors, thus no credit card info, PayPal ids or other identification info are stored in our database. For those who would like to keep a low profile we accept BitCoin, LiteCoin, WebMoney, Perfect Money, PaySafeCard, CashU, Ukash.

10. The most secure VPN connection is Open VPN, which provides 256 bit Blowfish algorithm encryption. Yes, Kill Switch has been implemented with our VPN Clients. When enabled, the Kill Switch closes all applications (that are running and have been added to the Kill Switch app list) in case of an unwanted VPN disconnection.

11. At this time we use a combination of public and private servers. To improve our service, we have started the process of switching to our own DNS servers (few months ago) and our goal is to complete this process by the beginning of March.

12. We do not have physical control over our VPN servers, but we have full control to them and all servers are entirely managed personally by our technical staff. Admin access to servers is not provided for any third party.

ibVPN website

VPN BARON
vpnbaron1. Our users share the server IPs making it impossible to link any user to a particular action. On the server, no traffic logs are recorded. We monitor only the number of simultaneous user connections on our network as whole, and do not link the user to a particular server. This helps us avoid infinite simultaneous connections from a single user.

2. We’re under Romanian jurisdiction, inside of the European Union. EU takes privacy issues more seriously than the US, as many already know.

3. We’ve implemented strict firewall/traffics shaping rules or our Linux servers in order to avoid abuses. If any abuses go through, we just add a new rule that deals with the new issue. This security does not affect the regular VPN usage in any bad way.

4. Our VPN network is separated from the administrative part. As any service that deals with customers, we use emailing software that uses our local server (not a 3rd party server). The information that can be provided by/to users has no incriminating value, being mostly standard OpenVPN troubleshooting, install help and various enquires.

5. None of our users have ever been issued a DMCA notice, being unable to detect which user has caused it due to our no traffic logging policy. On our end, if the issue is persistent and our server provider insists that we deal with it, we wipe that particular server and replace it with a new one from a different provider. Rinse and repeat.

6. This didn’t happen so far. Court orders usually imply something serious and we’re requested by law to assist. We don’t have much to offer. We can answer if a particular email address \ name (could not be a real name, we don’t check) has an active account on our administrative part.

7. We do not. As we haven’t received any warrants or court orders there was no need. However, we’ll certainly do our best to protect our users.

8. Yes. All P2P traffic is allowed.

9. We use Bitcoins, PayPal and Credit Cards (processed by PayPal). Again, the administrative part is very separated from our VPN service. With each paid invoice the administrative part updates the subscription’s expiration date on the VPN service. We recommend using Bitcoins for the most anonymity a payment method could offer. Bitcoin payments cannot be traced to a particular individual.

10. OpenVPN protocol offers by default excellent security on any type of encryption, and after a certain point, adding more encryption has diminishing returns while making a huge impact on user’s internet speed. It makes little difference if a package is cracked in 10,000 years or 20,000 years. We currently use by default BF-CBC 128 bit key, TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA. In the future update, we’re allowing users to select their preferred type of encryption. We regularly check for DNS leaks. If the VPN connection drops, all traffic will be halted.

11. We’re using Google DNS. It’s fast, secure and google does a great job keeping it safe against any type of attacks. There is a huge list of Security Benefits on their page that might be of interest to anyone who’d like to find out more.

12. We’re big fans of cloud servers. They can be created or destroyed in seconds. We feel that the ease of replacing a server is essential to any privacy service, adding an extra bump to anyone trying to track the activity of our users. Our servers located US and Europe and our main providers at this time are Digital Ocean and Vultr.

VPN Baron website

ACEVPN
ace1. We do not log established accounts nor log traffic. We respect their privacy. We do not store any personal information on VPN servers. IPs are shared among users and our configuration makes it extremely difficult to single out any user. To mitigate abuse and fraud, we log time of connect and disconnect for new signups from certain IP ranges. This information is purged after two weeks.

2. We are registered in the US.

3. We use a proprietary pattern and rules based risk management system to screen for fraud and to mitigate abuse.

4. We use Google apps for email. Emails are deleted regularly.

5. If we receive DMCA takedown, we block the port mentioned in the complaint. IP’s are shared by other users and our configuration makes it extremely difficult to single out any user. We do not share any information with 3rd parties.

6. To date we have not received court order. We only store billing information which the payment processor or bank or credit card issuer has.

7. We publish transparency report quarterly.

8. We have special servers for P2P that are in datacenters that allow such traffic. These servers also have additional security to protect privacy when P2P programs are running. There are several legal uses of P2P.

9. We use Paypal, Google, Stripe and Square for processing payments. We store billing information on a secure server separate from VPN servers and do not store any financial information.

10. For high security needs we suggest using our IPSEC IKEv2 VPN. Our IPSEC IKEv2 VPN servers use Suite B cryptographic algorithms. Yes, we do provide kill switches if a connection drops. Our servers are tested for DNS leak. Encryption varies depending on VPN protocol. We support the following protocols and encryption. IPSEC IKEv2 – 384 bits ECC (Equivalent to RSA 7680 bits) and AES 256 bit encryption. OpenVPN – We have servers running on port 53, 80, 443, 1194, 8292. RSA 4096 bit and AES 256 bit encryption supported. L2TP VPN – AES 256 bit encryption. Stealth VPN – RSA 2048 bit and AES 256bit encryption. Makes VPN traffic look like https traffic. PPTP VPN – Avoid if you can!

11. We operate our own DNS servers (Smart DNS) for streaming videos. For VPN, we use Google and Level3 DNS.

12. We control our servers and network. We have servers in 18 countries and over 36+ locations / datacenters. USA, Canada, UK, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland, Latvia, Luxembourg, Romania, Denmark, Ireland, Hong Kong, South Korea and Australia.

Acevpn website

NOLIMITVPN
nolimit1. At NolimitVPN, we have developed a custom activity tracker. We only log the user authentication on the network, the P2P activity and the SMTP activity (to avoid any kind of abuse). The activity tracker is based on “magic IDs” (temporary and rolling IDs) so we are able to match a server IP to a customer account during 48 hours. We do not log the traffic content of our VPN users.

2. We are currently based in Singapore and we plan to move the company to Hong Kong in a near future for more convenience.

3. We have developed custom tools (mainly parsers) based on tcpdump.

4. We use Zopim for the live chat on the website and we use Mandrill to send automatic emails to our VPN users. Every other emails are processed through our mail server.

5. At NolimitVPN, we do everything we can to protect the anonymity and the privacy of our customers, in case of complaint we do not transmit any information. But we warn the user about the complaint and we suggest him to use a private tracker to download torrent files. If too many DMCA complaints are received and if the user has been warn many times (more than 3 times), we can suspend his account (this never occurred).

6. This has never happened. Anyway, if a legal court order is received, we would be forced to give them the logs of our activity tracker. But as mentioned above our activity tracker does not log any legal information (IP address and timestamp) that could be valid for authorities.

7. No.

8. We allow torrents as long as we do not receive a DMCA complaint. If too many DMCA complaints are received and if the user has been warned many times (more than 3 times), we can suspend his account (this has never occurred).

9. We use Stripe but we do not record the billing address on our servers, every information linked to the payment is stored on Stripe servers. We do the maximum to store the minimum information about our customers.

10. Currently we support two protocols, PPTP (with 128bits encryption over MPPE) and L2TP (with 256bits encryption over IPsec). Thus, we recommend to use the L2TP protocol (which provides the same encryption level than OpenVPN). We provide to our users a Windows script that automatically connect and reconnect you if your connection drops. We plan to integrate OpenVPN protocol before the end of the year.

11. We do not have our own DNS for now, instead we use OpenDNS. We plan to integrate our custom DNS before the end of the year.

12. As our company is young (only 1 year old), we currently have two servers provider: DigitalOcean and Vultr. We have the following servers locations: Netherlands, France, United Kingdom, Germany, Singapore, Japan, United States and Australia.

NolimitVPN website

EXPRESSVPN
expressvpn1. We only keep generic log information for the purpose of understanding how to improve our service. The type of information we collect includes login IP addresses, choice of server location, and aggregate amount of bandwidth transferred. This gives us the statistics we need to manage our servers properly and provide a service for our customers that is free of network congestion or bottlenecks.Kindly be assured that we DO NOT COLLECT any information you access or download, names of websites visited, your emails, chats, VOIP calls, etc. We are trusted by thousands of customers to maintain their privacy. ExpressVPN hides your IP address and encrypts your Internet traffic. We do not monitor or log your activities.

2. Jurisdiction is in the British Virgin Islands which is a US territory so US laws apply.

3. None from our end. As mentioned we do not monitor your usage or what you access. However if someone does report abuse of the service then we will act as necessary. ExpressVPN does not condone the abuse of the service. Please read our terms of service.

4. We do use Zendesk for support.

5. They will be handled as DMCAs are normally handled. Customers are not notified.

6. We will comply. So far I am not aware of any incident occurring.

7. Sorry but I do not have information on that.

8. Yes it is allowed. Read our TOS for further details.

9. We accept payment via: Visa, Mastercard, American Express, Discovery, Paypal, Bitcoin, WebMoney Alipay UnionPay CashU Yandex Money Ukash Giropay iDEAL SOFORT Maestro Carte Bleue Interac Online MINT FanaPay and OneCard.

10. ExpressVPN provides customers with 256 Encryption with Blow Fish Cipher ‘BF-CBC. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date.

As for Kill switch – we do have that option on our latest versions. You can Set it to block all non-VPN traffic. This ensures that your real internet connection is not being used, and also that your ISPs DNS servers are not being used. So if somehow you get disconnected from our servers, basically there will be no Internet connection.

11. We do not have our own DNS servers – we use Google DNS or OpenDNS.

12. We have some VPN servers which are our own and some which are outsourced. We do not provide those details for security purposes.

ExpressVPN website

—

Is your favorite VPN not listed? Feel free to ask them to get in touch. We will gladly add any VPN provider with limited or no logs and a good privacy policy.







Source torrentfreak.com