PureVPN was caught logging user data in October 2017

In October 2017 Ryan Lin was arrested on charges of cyberstalking his former roommate. Ryan had been using PureVPN, a “no-log” VPN service that had apparently turned over logs to authorities.

If we take a look at PureVPN’s privacy policy page from May 2016 (unfortunately it looks like they had a 301 redirect on the site during 2017, which breaks the Wayback Machine), we can see that they boldly claim to be a no-log service and claim “Even we can’t see what you do online.”

This is in direct conflict with the information from the case of Ryan Lin. The privacy policy from 2016 states that PureVPN doesn’t retain any logs and goes to great lengths to talk about how laws in Hong Kong do not require them to retain any data.

When subpoenaed by the FBI, PureVPN had log/on off times, bandwidth used, and the source IP of the user at minimum.

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,”

You should not trust a VPN service that logs. You definitely should not trust a VPN service that logs and lies about it to their customers.

The current version of the PureVPN Privacy Policy does disclose that they log connection information and bandwidth used, but they claim it is only limited to the name of the internet provider, which “location” (but not specific server) you used, and the day but not the time of day.

But after this huge breach of trust with the community, can we trust any claims about what they are logging now?