Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Enjoy internet freedom and anonymity (terms and conditions apply)

Anonymous proxy service HideMyAss.com - "a leading online privacy website" according to its own homepage - today admitted handing over user logs to law enforcement agencies.

We commend companies running privacy-protecting services. We need more like them. But we also need them to keep their word. Their website claims "Our free web proxy is a secure service that allows you to surf anonymously online in complete privacy" and their pro paid-for version promises that users can "Enjoy internet freedom and anonymity knowing that your sensitive web traffic is securely hidden behind 18,000+ IP addresses located in 32 countries."

When a company's entire business model is built around selling privacy, such a brazen volte-face comes as a bit of a shock. A blog post published today on the HideMyAss website declared: "It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences." But rather confusingly, it goes on to boast of the site's involvement in the recent Egyptian revolution "for which our service played a key role for protesters gaining access to websites such as Twitter which were blocked by the government". Protesters who were, at the time, breaking the law. HideMyAss.com are by no means the only people to set themselves up as supra-legal arbiters of morality, but their colleagues tend to be backed up by PhDs, decades of experience and senior political positions. HideMyAss.com's only credential is a logo of a donkey wearing a fedora and a pair of sunglasses.People are becoming more and more aware that when you use the internet you are entrusting your private email, search and web browsing history to a plethora of companies. It's up to these companies to stand up for user rights when third parties, including governments, ask for access to users' private information. And many do. In 2006 Google resisted a US Department of Justice subpoena for search logs, and now publishes a transparency report showing the number of government requests for information about their users. More recently Twitter successfully unsealed a secret demand for information about Twitter users allegedly associated with Wikileaks.

Government agencies are increasingly leveraging access to online data - after all, it's far quicker and cheaper than breaking into someone's home to read their post. But although a few of the major players have taken ethical stances over the past few years, there is not yet a prevailing culture of companies standing up for their users when third parties demand personal data. All internet-users should have the right to know when the government is seeking their data and to contest its disclosure, but as it stands they are completely reliant on individual companies for notification of access requests. What makes HideMyAss.com's behaviour so upsetting is their professed view that a legitimate "online privacy website" is not one that does what it says on the tin and actually protects privacy, but one that lures its customers with false promises of "complete privacy", takes their money and then casually hands over their data. The least they could do is sound slightly ashamed of themselves.

*Edit*

AirVPN have published an explanation of the efforts they've made to ensure their VPN service protects privacy. Extract below.

When we built our infrastructure we had in mind access from people who live in freedom of expression extremely hostile areas, where identity disclosure can lead to critical threats to physical safety and to personal freedom. Therefore we have planned solutions designed to give higher security and stronger anonymity layers which can be used by anyone.

These solutions have been designed so that you don't need to have "faith" in what we say (for example, when we say "we don't keep logs", how can you trust us if you're outside activists circles?), but to be inherently secure, regardless of what you think of us and regardless of which pressures we might receive from enforcement or criminal entities."

Comments

Submitted by Anonymous (not verified) on

enjoy internet n leave the rest.everythin' is fair in love n war.so does internet.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

Well, I'm glad I found this. I have been in the market for a VPN for some time. HMA was at the top of my list. None of this info was made plain to me before their 9/23 blog post. If it is the ToS I certainly missed it.

My usage habits are such that I am confident using the internet un-shielded, thus far, but various bills and laws coming on-line recently have motivated me to at least be aware of my choices and have a plan in place when the time comes.

After all, I've just been a basement dwelling armchair activist for most of my internet career. The time that we in the west have to do more may or may not be approaching and we need more than double talk from organizations that made a name for them selves fomenting needed revolution where it was easy.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by bob in canada (not verified) on

You can't trust any corporation with your privacy.

As soon as your privacy comes in conflict with their corporate interests, guess what wins?

In terms of social networking, the Diaspora* Project is probably the best thing on the immediate horizon http://joindiaspora.com

Longer term, if you're interested in privacy we should be deploying "Freedom Boxes" such as are being worked on by the Freedom Box Foundation

http://www.freedomboxfoundation.org

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Noam (not verified) on

In the response kickmyass made about this shameful act, they said:

"regardless of what you think of us and regardless of which pressures we might receive from enforcement or criminal entities."

When the United States of America is the biggest terrorist state in display, you should be a little be more careful of who you define as "criminal entities".

They have a point on tracking down paedophiles and illegal drug dealing network cartels. But that is what cyber-vigilantism and ethical hacking is all about. Right now, as I type this, a goverment might be reading what I say by just paying money to my ISP provider, with no intention from their part of making justice any better. It really bothers me they know what I like to read, watch, listen. They even have a way of knowing what I could like. But they are never certain of what I think. they do know I think they are a terrorist state, at least, and I hope they know the war crimes they have commited will make them burn in hell (I am talking about the United States of America).

If the united states of america really wanted to end war and all the terrorist and criminal networks, they would do it. They have the money and the resources to do it. But they just don't want to because of the interest behind it all. The greed of a few praised by the few parasites they are feeding, and they think they are heroes who are fighting terrorism. I am myself a parasite if I didn't do anything about it and if i kept myself from not protesting about it in an effective way.

But yeah, returning to the point of this article, this is just corruption, and it is cheap bullshit and a cheap argument to say they are doing it to protect the people from criminals, when the people who they are giving the information to are corrupt, and they, themselves, the providers, are being corrupt by not guaranting the "anonimity" their service provide. It is obvious that the governments who ask for information from this site are not searching for paedophiles or drug dealers. If you ask me, knowing how the things are: It is more like they are searching for protesters who have daughters so their soldiers can go inside their houses and rape them. Like they did in Fallujah. That would sound much more like what they want the info for. Knowing what type of criminals the united states of america support.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

Wow you are a nut job!

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

i need to enjoy internet freedom.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

People who spam and troll are the least of it. The real problem is those who use these services to sell things and exchange things like:

Child pornography<br />
Movies showing a person being tortured to death (snuff films)<br />
Killers for hire<br />
Etc.

Unfortunately, the internet has been the greatest enabler of this kind of thing in addition to having an effect on politics.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by th3p4tri0t (not verified) on

This article is very naive HMA never lied to anyone. It is clearly stated that they will turn over logs upon request and that it is against the terms of service to break the law. No deception. Every argument in your article has been refuted already. If you have a problem, don't use HMA, but don't rage that they are liars, because that is itself a lie.

th3p4tri0t

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

what about hotspot shield? it is free and has always worked good to me.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

Amazes me all these idiots supporting a company selling privacy, yet gave away its users information with no fight. Its no different from the government coming in your house and watching your screen whilst you surf the internet. I dont pay my taxes and be an upstanding member of society to have the government watch my every move.

Unless they have grounds for illegal activity in the country THEY are hosting FROM, hidemyass shouldnt be giving away this information.

The question is, did the government have grounds? Or was the information just handed over? Things were handled rather differently with Twitter, and that's because they aren't a bunch of scamming wankers selling privacy and bullshitting their user base. Makes me sick.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Martin (not verified) on

@macmiller Who decides what is legal and illegal? Your country? another one, some random person at the ISP?

What is legal elsewhere may be illegal in country 'a'. Most people in other countries believe country A is deranged. Does country A's law apply?

VPNs are a valuable tool and should be secure. Handing over server logs is not disgusting, it's a legal requirement. KEEPING the logs in the first place, is profoundly disturbing and stupid

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous Serb (not verified) on

tl;dr

Anonymity should be preserved. Does it threaten anyone? no. The only thing I see here is people getting butthurt over internet trolls (the so called 'cyber bullies') since they're just too damn sensitive and emotional. Seriously no one should be harmed in any way by a non-constructive insult.

The other thing, being the truth. The 'people above' hide the dust under their carpet, and now that someone found a way to expose it, they're going as far as ruining your privacy in order to dispose of the people who did it. THAT is bullying. If you've done something wrong you should be punished for it. Isn't the world aiming toward democracy?

Fuck you, and your hypocrite ways.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous Pole (not verified) on

What can you possibly know about bullying? I am running a website which allows comments. And for four years by now, I am being harassed by some sick fuck hiding behind proxies — copy-pasting same inflammatory comments all the time, 50-100 every fucking day. I am tired of being forced to delete his „9/11 was great and there should be another attack to commemorate it's 10th anniversary” crap every day, yet I cannot get rid of him. I was even forced to enable comment moderation because of this idiot, so normal people are suffering because of some cunt using anonymizing services.

I really am full of respect for people behind projects such as Tor, enabling freedom of speech where it is limited. But I think there should be some mechanisms to block the bullies, idiots and law-breakers. Giving such powerful tools to all these jackasses should not be the price to pay for the freedom of expression.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

I think you need to understand that VPN services have to operate legally. If you receive a court summons you cannot simply ignore it, if you do then you can say goodbye to your business. Lulzsec hacked into Sony and compromised thousands of customer accounts that even contained the full name and date of birth of each customer, they also DDOS'd government websites, broken into NATO, defaced national news agency websites, etc. I'm not sure ANY VPN service will allow this activity, do you?

I think there is confusion between privacy and the law. Privacy protection is not about hiding people from highly illegal activities. Do you honestly think such services exist? What do you expect these companies to do? They can't ignore such requests unless they want to be shut down.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by eric (not verified) on

There are many services who make far less grandiose claims about "complete privacy" whose architecture inherently prevents them from being able to track or log users' activity. AirVPN and the Tor Project both offer similar services we'd happily recommend.

Eric King,<br />
Human Rights and Technology Advisor, Privacy International

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by MacMiller (not verified) on

@Emma: You should be ashamed of yourself for not knowing of what you're talking about. It seems you'd like the web be flooded with child porn, pedophiles, spammers and other cybercrimes.<br />
You also seem to forget that every provider that doesn't comply with authorities will get their services and servers closed down immediately. Is that what you want?<br />
And you don't see any difference between revolutionists in Egypt and pedophiles? All should be handled the same way?<br />
Grow up and start to think!

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Frazier McGinn (not verified) on

"You also seem to forget that every provider that doesn't comply with authorities will get their services and servers closed down immediately."

Counterexample: Mafia

"It seems you'd like the web be flooded with child porn, pedophiles, spammers and other cybercrimes."

The web is already flooded with child porn and pedophiles without privacy. Government doesn't use privacy invasion to protect you, mam. Just take a look at what's been done with the Patriot act. It was written to fight terrorism, but is used instead to lock up non-violent drug users for simple-posession.<br />
http://visiontoamerica.org/4038/patriot-act-used-for-drugs-not-terrorism/

You seem to be under the impression that laws are both just and effectively enforced.

"And you don't see any difference between revolutionists in Egypt and pedophiles? All should be handled the same way?"

You fail to understand the underlying problem. They can't be differentiated online until *after* their privacy is violated. If you pass a well intended law to catch kitten-smashing-neo-nazi-coke-dealing-slave traders online, you enable the monitoring and persecution of the little old lady down the street who disagrees with a corrupt politician.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

Wow you are brainwashed. All the things you listed are common excuses the government uses to expand it's big brother police-state. It mainly effects regular people and not the things you mentioned.

there is no government like no government

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Anonymous (not verified) on

All HMA traffic is hidden behind their 'secure' IP addresses but that means from the web-sites that YOU VISIT. Not hidden from them. They tell the users they collect their IP addresses upon connecting to the service. No surprise.

[N.B. This comment was automatically migrated, without edits, from our old website. The timestamp above is the date of migration, not original posting.]

Submitted by Larry (not verified) on

If HMA really did disclose the fact that they kept logs, I am shocked that Recursion was dumb enough to use it; the man is smart enough to hack the PS3 network, but not smart enough to use a serious VPN provider?

As far as those here who somehow think anonymity is a terrible thing due to drugs, kiddie porn, etc. - do you think the 5th amendment (in the USA) is terrible, because hey, if you have nothing to hide, you don't need to take the 5th? How about we get rid of requiring the government to prove "beyond a reasonable doubt" that an alleged murderer is guilty? Hey, that would have kept OJ from going free, and murder is worse than snorting coke, last I checked. And even as repulsive as kiddie porn is, the sickos that view it are not actually molesting the children themselves; if someone gets off watching 9/11 footage, are they the ones that are responsible for flying the planes into the twin towers?

What I find especially absurd is HMA's claim that protesters in oppressive countries are safe, because HMA will only give them up if they violate UK law. I mean, given that one individual was able to hack a network run by Sony, isn't it pretty obvious that a *government* may be able to do the same with a small operation like HMA? The only way to protect these people is to NOT KEEP ANY LOGS.

Hell, if you live in the USA, you already have a lot more protection with regards to speech than in the UK; if you say something about someone that they don't like, it is a LOT easier to be sued for "libel" in the UK.

Sorry guys, the HMA thing was inexcusable. Freedom vs. security is often a tricky balance, but in this case it is a no-brainer.

Add new comment