While many VPN providers say they do not log their users' activities in order to protect anonymity, it's not often their claims get tested in the wild. However, a criminal complaint filed by the FBI this week notes that a subpoena sent to Private Internet Access resulted in no useful data being revealed about a suspected hoaxer.

With monitoring and spying now a fact of life on the Internet, millions of privacy conscious individuals have taken to protecting their online identities. Many choose to do so by using companies that offer a Virtual Private Network (VPN) service.

In layman’s terms a VPN replaces the user’s IP address with one under the control of the company, meaning that their own IP is kept private when accessing services online. However, some VPN companies carry extensive logs which mean that when put under pressure they are able to link a user’s account to specific online activity.

This kind of setup is clearly self-defeating from a privacy perspective so in recent years it has become common for VPN providers to disclose their logging practices, as detailed in our annual VPN logging report, for example.

But still, the big question remains: how can a prospective customer be sure that their VPN provider really keeps no logs? In reality the answer to that question is largely a matter of trust, weighed up against the goodwill the company has built up over its time in business.

That being said, an interesting case that appeared in a Florida district court this week has seen one provider’s no-logging policy being officially tested.

The criminal complaint (here) details the FBI’s suspicions that 25-year-old Preston McWaters had conveyed “false or misleading information regarding an explosive device”. In other words, he made a false bomb threat.

The investigating FBI agent goes into some detail on the case, which begins with claims that McWaters stalked former co-worker Devon Kenney by calling her, texting her, sending her messages on Facebook and showing up at her house. In all, it’s estimated that McWaters contacted his former co-worker more than 100 times.

In December a number of hoax bomb threats were sent to a variety of locations including schools and airports, generally in the name of Eric Mead or a variation thereof, via Twitter and email. Eric Mead is the name of Kenney’s current boyfriend and he denies making any of the threats.

So the FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats.

With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere.

“During the course of the investigation, subpoenas and search warrants have been

directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent,” the complaint reads.

“All of the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com.”

By this point in the complaint it’s clear that even without the IP address information the FBI already had enough evidence to pin the threats on McWaters. Nevertheless, they ordered PIA to hand over its logs.

“A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States,” the FBI’s complaint reads.

“However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden.”

In the event the FBI was unable to link McWaters to any payment to the company. However, they did find a payment to another provider.

“Although the investigation has not revealed any payment by McWaters to London Trust, he did make a purchase from AnchorFree Inc [HotspotShield VPN] on October 23, 2015,” the complaint notes.

While McWaters is yet to be found guilty, it’s a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they’ll need to hide a lot more than their IP address to get away with that level of crime.

Nevertheless, there are plenty of decent people using services like PIA’s and those users will be comforted that their privacy remains intact.

“Our company was subpoenaed by the FBI for user activity logs relating to this matter,” London Trust Media Executive Chairman Andrew Lee informs TorrentFreak.

“After scrutinizing the validity of the subpoena and confirming it, we restated as we always do the content of our privacy policy and then we notified the agent that we do not log any user activity. The agent confirmed his understanding of our company’s policy and position and then pursued alternative leads.

“This report makes it clear that PIA does not log user activity and we continue to stand by our commitment to our users.”

—

Disclosure: PIA is a TorrentFreak sponsor