Semi-private VPN 'just plain stupid'

Powered by SC Magazine
 

No excuse for handing over alleged LulzSec logs, Pirate Bay founder says.

The co-founder of torrent website The Pirate Bay has torn into virtual private network (VPN) service Hide My Ass! for handing over logs on an alleged LulzSec hacker to the FBI.

Hide My Ass! kept logs on all customers, including the alleged hacker, and had handed those over to British law enforcement following requests from the FBI which was tracking LulzSec.

Cody Kretsinger, 23, the alleged member of the LulzSec group, was charged with conspiracy and unauthorised impairment of a protected computer.

He is accused of participating in a week-long SQL injection attack, ending in early June, against the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.

Hide My Ass! surrendering of logs drew criticism from Privacy International and threats from the loose-knit Anonymous collective, which had affiliations with LulzSec.

The service defended its acquiescence to the requests. In a statement it said users were “naive” to think online criminals would be protected from law enforcement under its service.

"Our VPN service and VPN services in general are not designed to be used to commit illegal activity," Hide My Ass! said.

"It is very naive to think that by paying a subscription fee to a VPN service, you are free to break the law."

Peter Sunde, co-founder of BitTorrent website The Pirate Bay and paid VPN service iPREDator, said Hide My Ass! was wrong to keep logs and hand it over to police.

The Pirate Bay launched iPREDator in 2009 in response to new Swedish laws that gave copyright enforcement organisations more power to demand access to the personal details of alleged file downloaders.

“Having semi-privacy is just plain stupid, and not being upfront about what happens with your data is just plain wrong,” Sunde said.

“We've built our own reputation by really standing up for what we believe in and we fight for the same things still.

"It's obviously all about trust though, and I hope that people will stop trusting Hide My Ass! and other shady outfits.”

Sunde said iPREDator did not store logs and asked users to provide minimal personal details when signing up for the service.

The service was operated in Sweden and governed by local laws (pdf) that iPREDator said required authorities to prove a case could achieve at least a two year jail sentence before user IP addresses could be obtained.

Pirate Bay kicks ass of VPN service for hacker sell-out

Pirate Bay founder says no excuse for handing logs to law enforcement

The co-founder of torrent website The Pirate Bay has torn into VPN service Hide My Ass! for handing over logs on an alleged LulzSec hacker to the FBI.

The VPN service had kept logs on all customers, including the alleged hacker, and had handed those over to British law enforcement following requests by the FBI which had been tracking LulzSec.

Cody Kretsinger, 23, the alleged member of the LulzSec group, was charged with conspiracy and unauthorised impairment of a protected computer.

He is accused of participating in a week-long SQL injection attack, ending in early June, on the Sony Pictures site. The compromise resulted in the theft of data belonging to roughly one million users, some of which was publicly posted.

The move to hand over logs triggered criticism from Privacy International and threats from the loose-knit Anonymous collective, which had affiliations with LulzSec.

Kick My Ass! defended its acquiescence to the requests. In a statement it said users were “naive” to think online crime would be protected from law enforcement under its service.

“xxx”, xxx said.

Peter Sunde Kolmisoppi, co-founder of BitTorrent website The Pirate Bay and paid VPN service iPredator, said Kick My Ass! was wrong to keep logs and hand it over to police.

Having semi-privacy is just plain stupid, and not being upfront about what happens with your data is just plain wrong,” Kolmisoppi said.

“We've built our own reputation by really standing up for what we believe in and we fight for the same things still. It's obviously all about trust though, and I hope that people will stop trusting Hide My Ass! and other shady outfits.”

Kolmisoppi said iPredator does not store logs and requests users provide the bare minimum level of personal information when signing up for the paid service.

The Pirate Bay VPN service was operated in Sweden and governed by local laws that require authorities to prove a case could achieve at least a two year jail sentence before user IP addresses can be obtained.

Copyright © SC Magazine, Australia


Semi-private VPN 'just plain stupid'
 
 
 
Top Stories
Abbott brings back Science minister in cabinet reshuffle
Science tacked onto to Industry title.
 
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1906

Vote
Do you support the abolition of the Office of the Information Commissioner?