It has reported that the VPN service EarthVPN may have unknowingly been keeping logs of a user who attempted to email a bomb threat to his school in order to get out of an exam. Although the incident itself took place back in June of last year, a blog was posted on January 7th on WipeYourData claiming that the Dutch-based VPN blew the cover of one of its thousands of users.
Much like the Harvard “bomber” who attempted to use Tor to cover his tracks, the student believed this method of concealing his identity was a 100% foolproof method of communicating online without the cops being any the wiser.
EarthVPN has come out to publicly deny these accusations, claiming that their company does not keep detailed logs of its users or their activity, and that the server in the Netherlands was seized under a court order against their will. In a statement, they surmise that the police must have checked the datacenter’s IP logs, which are normally designed to protect their servers against standard DDOS attacks.
“Let me clarify some false accusations. We do not keep logs and neither provide 3rd party as there are no logs to provide.There are no logs kept on the servers so it is technically impossible to match a user of his activities. What we can only suspect is the datacenter have IP transfer logs as we were also having DDOS protection. After this circumstance happened we have cancelled our contract with the datacenter.”
From this information alone it seems they were able to trace the location and credit card information of the student, which they used to make an arrest shortly after the threat was first emailed in.
To prevent this sort of thing from happening to you, always be sure to check the logging policies of your VPN provider before signing up or handing over your details. And if you really want a true sense of anonymity, double up your offerings give yourself a dual-layer of protection that’s just that much more difficult for global law enforcement agencies to crack.