“No logs” EarthVPN user arrested after police finds logs

It appears that somebody in the Netherlands had the brilliant idea of using EarthVPN trumpeted offhore no logs VPN service to email bomb threats to his school.

Dutch police stunned the VPN account holder with a quick arrest after tracking down the real computer IP behind the VPN, using as evidence VPN connection logs. Although this young man is claiming that somebody stole his VPN account to send the threats he still has been expelled from school for life and charged by police with sending bomb threats.

All of this happened 6 months ago and I am publicising it now because nobody else has reported about it,  going under the radar for too long and fooling VPN users with a false sense of security.

On EarthVPN defence, a representative claimed in the lowendtalk forums that although they do not keep logs, Dutch police had seized one of their servers with a court order and they suspected that the datacenter was keeping IP transfer logs to protect against Distributed Denial Of Service attacks which is how they managed to track down this person.

No logs EarthVPN user arrested

No logs EarthVPN user arrested (Click image to read)

Click screenshot above to read discussion at LowendTalk forum about the incident (requires registration).

Various lessons must be learned here, the first one is that if you live in the Netherlands, using a VPN server also in the Netherlands to send a bomb threat it is not very smart, in fact, sending a bomb threat at all it is never smart wherever you are.

The second lesson to learn is that you have absolutely no way to know for sure how safe a “No logs” claim really is. Trusting your life to a no logs VPN service it is like gambling with your life in the Russian roulette.

The conclusion is that it appears there is not much a VPN company can do if the data center where they host the server with decides to start logging VPN users as it is being claimed happened here.

EarthVPN also claims to have now cancelled the contract with the Dutch datacentre, however this young man has already been suspended for life from school and gotten into problems with his parents. As much as he deserves anything that happens to him if he is guilty, the main issue here is about VPN trust.

Update: In response to a couple of redditors expressing doubts about this incident, let me be clear that this post is only based on facts and zero assumptions.

I will lay out the facts even clearer:

1) Someone in the Netherlands claims to be an EarthVPN customer who has been arrested.

2) Long standing lowendtalk member with dozens of posts “EarthVPN” acknowledges that a server in the Netherlands was seized. The same “EarthVPN” account (never reported stolen) clearly states that identification of this customer might have been possible using datacenter logs.

Comments (5)

  1. anonymous 8 January, 2014
  2. Daniel 9 January, 2014
  3. cryptostorm.is 11 January, 2014
  4. JD 7 February, 2014
  5. William 18 February, 2014