@KickMyAss: No, you’re not right!

Originally stated by HideMyAss just as a ‚Lulzsec  fiasco‘, the arrest of two anonymous members by the US-American FBI is becoming more and more a serious affair about their little helper, a so called anonymizer, who knows his users way too much. Much more than any provider should, be it in or outside a data retention country, and certainly much more than it could be good for its image.

What happened? After the arrest of two assumed hacktivist, one of them named the provider of a Virtual Private Network (VPN) as the service he used to hide his activities, e.g. for hacking into company websites like Sony Network, the FBI assumes. The name of the company mentioned is HideMyAss (HMA), a well known commercial, British based VPN provider, whose task it is to hide users identities while they are surfing the Internet. Very fast it became pretty clear, that the arrest could have only taken place after HMA handed over personal data to the FBI.

While it’s perfectly understandable, that a company helps law enforcement to catch criminals, the ‚Lulzsec  fiasco‘ lead to some general questions, whereas the most important is: Where the heck did the data come from, that had been handed over from HMA to the FBI? After all, HideMyAss calls itself an anonymizer, a service, that hides its users on the Internet to keep them safe from spying eyes of any origin, be it commercial or governmental nature. As soon as HMA noticed, this is going to be a question, that might shatter the base of the service, it reacted and posted a statement on its website, saying that HMA is no service for hiding criminal activities. “It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.”

If you now think, that doesn’t say very much, you’re right. The HMA statement doesn’t answer the question disappointed HMA users might had in mind, it just justified the actions taken – regardless that nobody would actually thing otherwise. All VPNs will hand over their data to the police after a court order. That’s part of the constitution.

The real problem is: There shouldn’t be any data in the first place. It’s crucial for a VPN service to do its best to keep its user anonymous. That’s why services like this exist: To protect citizens, human rights activists, freedom fighters, and basically all people, being in danger of losing their civil rights in an strictly observed Internet. And it’s plainly a lie, that so called ‚hardcore privacy services‘ are strongly monitored. It’s the other way around: Because they are ‚hardcore privacy services‘, they can’t be supervised. The truth is also:

  • Hardcore privacy services‘ like CyberGhost prohibit any criminal activity. It’s part of our terms of business and of our basic attitude.
  • Of course we cooperate with legal enforcements after a court rule.
  • BUT WE DON’T MONITOR OUR USERS! WE DON’T LOG DATA LIKE IP ADDRESSES OR ANY OTHER DATA THAT MIGHT IDENTIFY AND THEREFORE ENDANGER AN USER

A lot of people have many, many reasons to stay anonymous on the Internet, e.g. normal citizens, who are afraid of being controlled and supervised by their respective governments, politicians in evil countries, human rights activists all over the world, whistleblowers, journalists and, yes, even secret services. The more safe a VPN service is, the more safe its users are.