Reading Time: 2 minutes

The popular VPN brand, IPVanish, is not the “no-logging” VPN it claims to be. Court files reveal that a user of IPVanish suspected of involvement in child pornography was successfully traced by Homeland Security in 2016. The individual was using the VPN to mask his real IP address which belonged to Comcast.

Highwinds Network Group, the company that owns IPVanish, merged with StackPath in February 2017, more than a year after the lawsuit. The CEO of StackPath claims that it would be unfair to hold current management responsible for the actions of the previous team that has left the company.

Lance Crosby, the company CEO, provided a statement on Reddit explaining his stance on the issue:

Homeland Security Special Agent, Scott Sikes, began the investigation on the suspect after encountering child pornography images on an IRC (Internet Relay Chat) channel. He uncovered further evidence of similar material posted by the same user after going undercover.

The agent traced the IP address of the user to Highwinds Network Group, the operator of IPVanish at the time. Following this discovery, Homeland Security requested IPVanish to disclose details of the user. After some initial resistance, IPVanish complied with Homeland’s request and provided thorough details about the user. These included name, e-mail and real IP address, among much else.

These are the details furnished by the company to Homeland Security:

User details

The name of the suspect was found to be Vincent Gevirtz, a Comcast user. Homeland Security then contacted Comcast for information and obtained the home address of the suspect. He was found at the address and pleaded guilty of committing illegal activities on IRC.

The case raises question as to the extent to which a VPN company is bound to protect privacy of individuals. Although assisting justice is the moral as well as legal responsibility of all institutions, this incident calls into question the credibility of IPVanish’s privacy policy.

Reassurances of the current management of IPVanish that such incidents will not reoccur are hard to believe. The privacy policy of IPVanish has stayed the same irrespective of management, which claims that the company does not keep user logs.

privacy policy

However, if this statement was true, how could the company have provided Homeland Security with all the data on the suspect? Can we really trust the guarantees of privacy provided by the new operator of IPVanish? Only time will tell whether users will retain their trust on IPVanish as a true “no-logging” VPN service. Likewise, you can read our exclusive IPVanish review to know about the service other attributes in detail.

Although there is no excuse for engaging in criminal activity, data-logging is a serious concern for the everyday user. The case reveals that VPN providers can fraudulently claim to follow zero-logging policy as a selling point. So how can users ensure their privacy if VPN providers can violate their own privacy policy?

Unfortunately, there is no foolproof method of securing your privacy online, with or without a VPN. Nonetheless, users should remember this important point that IPVanish is a US-based VPN provider. As such, it falls within the jurisdiction of the Five Eyes alliance, which are countries known for poor privacy regulations.

For this reason, VPNs located within Five Eyes countries (the US, the UK, Canada, Australia, and New Zealand) are always risky, as they might log your data and provide it to surveillance agencies. However, offshore VPNs have a much better reputation in this regard. This is because they are usually beyond the jurisdiction of Five Eyes. Therefore, they have no obligation to comply with their demands and leak user information.

Hence, one way you can decrease the likelihood of your data being logged is by the use of an offshore VPN provider. However, users should exercise caution when using any VPN service. This case has proved that even those providers with “no-logging” policy might actually be recording your data without your knowledge.