VPNs are valuable tools for people who want to use the Internet securely and maintain their anonymity. They are vital for whistleblowers and people who rebel against Government oppression.
As with any online service, they can also be used for criminal purposes. According to Turkish news sources, this is also what happened following the assassination of Andrei Karlov, the Russian Ambassador to Turkey, exactly one year ago.
Karlov was shot dead in Ankara by Mevlüt Mert Altıntaş, an off-duty Turkish police officer. While that much is clear, the investigation into the assassination is not closed yet.
When the authorities tried to find links to other people that may have been involved, they found out that the policeman’s Gmail and Facebook had been deleted. This happened remotely over a VPN connection, operated by ExpressVPN.
To find out more, the authorities raided the datacenter and seized the server through which the connection went. This all happened last January, but the information just came out today.
Like many other VPN services nowadays, ExpressVPN doesn’t store any logs, and this is what the investigators soon found out as well. An inspection of the server in question yielded no useful information.
Following the seizure, an investigator also reached out to ExpressVPN directly, asking for logs. The VPN provider is incorporated in the British Virgin Islands and only responds to local court orders, but the investigator was informed that they don’t store connection or activity logs.
“As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators,” ExpressVPN writes in a statement.
“Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs. We believe that the investigators’ seizure and inspection of the VPN server in question confirmed these points.”
Speaking with TorrentFreak, the VPN provider mentions that they’ve had physical server seizures in the past, but generally not more than a few times per year.
These seizures are not announced in public, but the company stresses that user anonymity is their highest priority.
“While we don’t have a policy of announcing such incidents, we’ve designed our technology to ensure that VPN servers do not possess logs which would enable a third party to determine sensitive information about our users, such as their VPN activity or connections.
“A physical server seizure is therefore highly unlikely to provide relevant information to someone trying to determine data about specific usage,” ExpressVPN tells us.
Incidents like these show that decent VPNs do what they’re set out to. They safeguard the privacy of users which, like the Internet in general, can be used for good and bad.
It also highlights the importance of the server location. When servers are operated by third-party companies in foreign jurisdictions, they can be easily targeted, or perhaps even worse, monitored.
ExpressVPN told TorrentFreak that after the seizure incident in Turkey, the company decided to no longer use physical servers in Turkey. Instead, they provide a virtual location with Turkey-registered IP addresses pointing to VPN servers hosted in the Netherlands.
The VPN provider regrets that its services were used for unlawful purposes but says that its policies will remain the same.
“While it’s unfortunate that security tools like VPNs can be abused for illicit purposes, they are critical for our safety and the preservation of our right to privacy online. ExpressVPN is fundamentally opposed to any efforts to install ‘backdoors’ or attempts by governments to otherwise undermine such technologies,” the company concludes.
Disclosure: ExpressVPN is a TorrentFreak sponsor