Last week the popular US-based VPN service LiquidVPN posted a press release on their website, informing customers they would be making a number of changes to their transparency reports, ethics and will be publishing a warrant canary.
This followed an incident where a DDOS attack occurred at a datacenter network that the company has assets in.
“Basically our primary auth database got corrupted and our secondary auth databases network got ddosed and we were down to just the 3rd auth db. So a few accounts got corrupted (about 1 in 50) and had to be re-created,” VPN Creative was told.
Liquid VPN also addressed a story regarding someone attempting to access Bank of America assets.
“During that same time the network that hosted 6 VPN servers and 2 security related servers was receiving complaints about someone attempting to access bank of America assets that should not have been.”
“When we finally found out about the attempts to break into bank of America I made the decision to email all of the subscribers and let them know what was happening and that I would enable basic logging (timestamps, user accounts and IPs) on that server cluster. I told the hacker it was best he move along.”
Although it’s never a good thing when a company dedicated to privacy and the anonymity of its users is forced into a situation like this, it’s understandable why they would comply with the logging request given the circumstances of the situation as a whole. However, LiquidVPN’s planned logging was not intended for the entire network and was only for the affected network in Dallas in the instance.
“I didn’t want to enable logging right away but I wanted to get rid of the hacker so I planned on giving the users 24 hours to read the mail or any of the announcements all over the website, twitter, facebook and reddit before turning on logging in the Dallas portion of the network,” LiquidVPN told us.
“Apparently the hacker didn’t get the memo because more reports came in and they shut down our servers there without giving us a refund for the time we had pre-paid and before logging was ever actually enabled.”
“In an effort to provide the one of the most transparent services on the planet we have decided to travel down the path of full disclosure. We have begun publishing all of our complaints and abuse reports, network status and tickets, a warrant canary and a detailed ethics policy that outlines how we respond to complaints.”
There are still plenty of other VPN services that operate outside of American borders, and you can refer to our VPN Providers list to choose the one that suits your needs best.