- A no-logging VPN provider that claimed no user activity is tracked by the company allowed Homeland Security to track down a child abuse suspect using a Comcast IP address.
- According to the new operators of the VPN, an old team in charge of the VPN are responsible for the information being handed to Homeland Security.
- IPVanish has assured its users that their privacy will be protected in the future following the incident.
VPN Provider IPVanish seems to have broken a strict no-logging policy after one of its users was tracked down by Homeland Security following child abuse suspicions. The user was using a Comcast IP address to post child abuse imagery on the internet.
VPN Operator Stackpath claimed that an older team managing the service was responsible for handing out information for the investigation to Homeland Security and the current team chose not to comment on the situation. The VPN did, however, promise not to let such security breaches happen again.
The investigation was carried out by Homeland Security Special Agent Scott Sikes. Sikes used an IRC (Internet Relay Chat) to track the child pornography suspect. He went undercover and found incriminating evidence against the suspect.
Homeland Security tracked the IP address of the user and received a court summons to reveal the identity of the suspect. It is likely that the IPVanish obliged to Homeland Security’s requests and blew the anonymity of the VPN user. Despite claims by the VPN that they do not log user information, handing out information to Homeland Security would not be possible without logging.
The information provided by IPVanish allowed Homeland Security to track suspect Vincent Gevirtz through his Comcast IP address 18.104.22.168. Information on his network activity was also provided to law enforcement to help incriminate the suspect.
There has been a massive uproar in the internet community following the incidents with internet users speaking out against the VPN provider. Court documents reveal that IPVanish logged its users extensively despite the no-logging policy. The service provider defended itself claiming there was a change in ownership and the current management does not partake in any logging activity.