New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do VPN services handle misbehaving customers/DMCA?
I guess this is a question in multiple parts, I apologize in advance for my ignorance:
- How does a VPN service not get into trouble with their hosting provider when their customers misbehave? I'm guessing a special agreement has to be in place where the hosting provider is a pass-through for the liability in case of DMCA?
- Do VPN services just cycle through an inventory of egress IPv4s so that other customers aren't affected if one egress IP is blacklisted?
- What are the requirements on a VPN service when they get a DMCA and doesn't know which customer caused it?
Comments
It depends on the VPN series and the gravity of the law breaking act of the VPNs customer. DMCA is on the "milder" law offenses list and most won't bother attempting to sue a VPN company in Singapore, Hong Kong, Russia, Panama, Switzerland over that. I am sure lots of servers are cancelled ever so often behind the scenes but the user wont notice. VPN Providers have been actively supporting feds in cases like child abuse, murder etc though.
"No logs", most of the times means you'll be fine for the DMCA part but not a lottery ticket to commit any kind of crime unknown. There are always some kinds logs. You wont be anonymous.
Thanks so much for the insight!
What are some examples of less mild offenses? How would VPN services deal with those?
Why these countries specifically? What's special about them?
You mean basically the VPN service would shut down the particular "offending" server, but the user won't notice because the IP would be pointed to a different server?
What I was talking about was dl/streaming content. Basically what lots of ppl probably do here to get content for their Plex servers.
I do not want to advise nor support you on the way your are headed but Torrentfreak has a yearly post where they ask how certain VPN providers would handle inquiries regarding their users due to DMCA etc: https://torrentfreak.com/which-vpn-services-keep-you-anonymous-in-2019/
Other than that you can only trust, or not trust your VPN providers privacy policy.
For the most accurate information, it might be best to use the VPN of your choice and see which datacenters they use. Then you could contact those same datacenters and inform them you are considering offering a VPN service -- and you want to know how abuse is handled.
@Clouvider -- would it be inappropriate to ask for your input here? I know some of the best VPN services utilize your network (ExpressVPN comes to mind, and I think MullVad also) so maybe you could offer more information from a provider perspective.
@Ympker I kind of disagree, but not entirely. Some VPN providers are more transparent than others, and I have no reason to disbelieve that they don't log, or log to /dev/null. etc. etc. But when you say "don't trust" I think you have touched on the bigger picture. Most of these guys rent dedicated servers and have zero control regarding how the upstream (e.g. the datacenter) acts. Even If I convinced you that I don't log, I cannot prove that my datacenter isn't logging packets and/or sharing logs with authorizes. So when a VPN provider says "no logs" -- even if it's true, it's certainly not the whole picture. Does that seem reasonable to you?
They don't. Large commercial VPN providers use a select few networks usually that are willing to handle the risk of subpoenas, court orders, etc. I recently went through around 10 of the largest paid VPN providers and probably 8 out of 10 used the exact same networks except in niche/exotic locations, and all are well known for either being abuse ignored or newer networks (possibly shell networks?)
Anyway, it's just what I see, I am no professional with VPN networks.
You are asking him a difficult question which he is unable to answer truthfully.
Commercial VPN providers know their customers will violate copyright laws and upstream providers are of course aware of constant copyright abuse coming from those services. De jure you wouldn't be able to consent this activity, but de facto P2P traffic is a non-issue for the ISP which just needs to forward notices downstream for them to be ignored.
That's a fair point, and nobody can expect them to reveal the private dealings they have with their customers (like a VPN service). Maybe I was lazy in my wording. I was basically asking how they would respond to a query by someone asking to use the server for a VPN service. For example, would they demand the customer to respond to all DMCA notices -- even if such response was "We are VPN service... no copyrighted content has been downloaded to our server/IP address."
In terms of transparency, perhaps proxy.sh is best about this? You can go onto their website and view every single DMCA takedown request, criminal request from police, etc.
Great point about the de jure vs. de factor difference, the ISP you're referring to here would be something upstream of the hosting provider? So the notice would just be passed down from Claimant -> ISP -> Hosting provider -> VPN service operator -> User (if the VPN service provider has any idea)?
Right this was basically what I was curious about. It seems that a VPN service has to have some kind of special understanding with their hosting provider whereby the hosting provider will pass the DMCA to the VPN service, and the VPN service will say: "we'll do our best to contact the offending customer given the information you've supplied". If the VPN service has no idea how to contact the customer, they'll have to drop it on the floor. Is that right?
That's a super insightful observation Mike... I'm guessing since large commercial VPN providers are juicy enough, the hosting provider are willing to "risk it" huh?
Some ISPs forward notices to the VPN provider, some will even ask them to block the port for that specific server (which is useless because the port is random and customers are load balanced between multiple servers in the same network anyway). Some may ask to take other equally useless action to cover their backs.
Other ISPs don't even forward this kind of notices downstream. VPN providers use legitimate providers which are known to be tolerant in regards to soft abuse. Just so you get an idea, the ISP pushing most VPN traffic nowadays is likely M247.
Use route list intead of global.
ISP = hosting provider for this case.
Notice with either reach up to the ISP or to the VPN operator. Most commercial VPN providers will not pass notices to customers (even if they identify them, which they can) because customers would quickly post to Reddit about how the provider is spying on them and not "protecting" them.
The big VPN providers do way worse stuff than ignoring copyright infringement.
This is standard practice. The VPN provider is already aware of which ISPs are fine with this kind of activities.
There isn't much risk, that's the key part of this conversation. P2P abuse is fine with lots of big and legitimate ISPs. Here in LET not many will tolerate it if you're paying $3/month and most don't even run their own networks which is very important, but try being a $10k/month customer and see how things change.
Well, the VPN business makes a lot of money, uses a lot of bandwidth, so it's probably a good amount of revenue for network providers willing to host them. The VPN industry is worth multiple billions of dollars. Just find a less common location (eg. Not
USA, France, etc), you will find multiple providers on this forum host some of the largest VPNs.Huh... Without naming any names, what does this entail?
Because running their own network = having more control when a notice comes in, right?
Ah, I think that's what Mullvad is using.
Glad I found this forum then :-)
I was mostly referring to the bigger picture indeed. My bad for phrasing it wrong. That's why I said that something is almost always logged. Be it by the VPN Provider, Upstream Provider, DC..
@dongcarl do you plan to open a VPN service? Judging by your two recent discussion threads.
Next topics include but not limited to:
"Does small OpenVZ is enough to handle 10k customers?"
"How to open a company in offshore?"
"How to pay for ISPs? Only Bitcoin or it can be traced?"
Yes.
Malware and tax fraud are common in the industry. But I prefer to not discuss this further because while there isn't much they can do against me, I don't want to make enemies either.
It's a difficult topic to talk about, because many ISPs in this forum have big VPN customers or are directly subsidized by VPN providers.
Let me put an example on why it's a sensitive topic here:
I can understand the situation and know of people who took this chance and are now doing well. This will be my last message on this topic for a multitude of reasons and I don't tend to do free consulting anyway