PureVPN Assisted FBI in Arresting a User

Last week, the media reported on a rather interesting arrest. The U.S. Department of Justice announced that in early October 2017, 24-year-old Massachusetts resident Ryan S. Lin was detained. Lin was charged with cyberstalking his former roommate (whose name has not been disclosed), as well as her family and friends.

According to reports, starting in April 2016, Lin began harassing the woman both online and offline. He hacked several of her accounts, gaining access to a wealth of personal data, photos, and even medical information. Afterward, he began tormenting his victim in various ways. Using Tor, VPNs, anonymous messaging and email services, and other tools to hide his identity, he created fake accounts in the woman’s name, where he disclosed her home address and personal information, and even claimed she was offering sexual services.

Lin also targeted the woman’s relatives, friends, and colleagues, sending them insults, threats, and even child pornography. Due to his actions, police repeatedly visited the victim’s home, and local schools received threats of shootings or bombings, allegedly from the woman’s acquaintances and relatives.

The Role of PureVPN in the Investigation

The most interesting aspect of this case isn’t the stalker’s elaborate harassment tactics, but rather that the FBI thanked VPN provider PureVPN for helping catch Lin. It was reported that the company’s representatives assisted investigators in determining that Lin accessed one of the fake email accounts used in the attacks from two different IP addresses: his home RCN IP address and the IP address of the company where he worked at the time.

This raised questions about how PureVPN could assist the investigation if their website claims they do not keep any logs or collect any data about their users. For a while, PureVPN representatives remained silent, but this week they clarified what happened.

PureVPN stated that the company does not violate its own rules or user privacy and indeed does not log which websites clients visit or monitor the content they download. However, PureVPN does keep track of the IP addresses clients use to access the service. This information, when combined with logs from other companies, can be used to identify users, which is exactly what happened in Ryan Lin’s case. PureVPN provided a simple example:

“A network log is generated automatically every time a user visits a website. For example, say a user logs into their Gmail account. Each time they log in, the email provider saves this information in a log. If you use a VPN, the Gmail logs will show the IP address provided by PureVPN.

But that’s only part of the picture. If someone requests data from Google about who accessed a user’s account, Google will report that someone using a specific IP address logged in. If the user was connected through PureVPN, it will be a PureVPN IP address. The next step is for the requester (in Lin’s case, the FBI) to ask the VPN provider to match the logs and timestamps from Google with the VPN service’s own network logs.”

Journalists from Torrent Freak noted that PureVPN’s claims of keeping no logs are not entirely true, despite what is stated on their official website. The publication emphasized that most VPN services operate this way nowadays, even though such details can be a matter of life and death. This is why Torrent Freak compiles its own annual list of VPN services, and the first question they ask company representatives is about the collection of IP addresses and timestamps.

Ironically, before his arrest, Ryan Lin had criticized VPN provider IPVanish on Twitter for this very reason. “There’s no such thing as a no-logs VPN,” he wrote. “If they can limit your connection or monitor your bandwidth, they will do it.”