Why Proxy.sh Logged VPN Users

Last weekend Proxy.sh posted a notice on their server status page announcing that they would be monitoring a node in Illinois based on network abuse.  They would be using Wireshark for up to 7 days in an attempt to catch what they termed as a hacker.  As it turned out the member in question was using the Proxy.sh node in Illinois to harass two young girls.  The father contacted their team asking for help to resolve the situation.


Here’s the message posted to the Proxy.sh server status page on September 28th:

We are unfortunate to announce that there have been abuse complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. If you are the hacker, please stop your activities and leave our network. You are not welcome here. Our heaven is reserved to those who are not harmful to other human beings. If you do not leave, we will find you and report your activities to NGO and press officers. For all others, the heaven is still safe for you, dear ones. We will completely remove Wireshark after 7 days and restart the node so that everything is erased (RAM-switch). All other nodes are left unaffected by these actions.

The network monitoring did not last a week.  Instead they had the issue resolved in less than 12 hours.  Here is a statement that Proxy.sh sent in response to a related TorrentFreak article:

“We are very opened about our activities and we do not support or promote activities that may be harmful to human beings. We have been contacted by a family about someone using our network and harassing their daughters. As per stated in our ethics policy, we condemn activities that are harmful to human beings.

We have decided to install a monitor on our Illinois 1 node so as to locate the hacker. Few hours after we announced this move to our public, the hacker came to us to apologise. We then completely removed the Wireshark installation.

This situation shows that we are actually really not logging anything and that we will always tell our members when we have to log one of our nodes or our entire network, either for maintenance and small internal affairs such as this.

The situation also shows that the only solution we have to help law enforcement agencies find problematic use across our network, is to clearly install a logging capacity on it. As a result, we are able to either comply or shut down the servers we have in a particular location (it happened to us in Czech Republic few months ago).

We will only intervene into our traffic when we believe there have been activities infringing our ethical terms – that is when activities harmful to human beings (not corporations or entities) are taking place on our network. In such case, we do not privilege law enforcement agencies but rather communication, transparency and assistance from NGOs.”

The Proxy.sh teams decision to monitor and log network traffic from their node in Illinois will no doubt draw negative attention to the company.  They clearly advertise that the service offers “anonymous and non-logging VPN tunnels” on their homepage.  As a father I appreciate that they helped resolve the harassment but what about other members.  They weren’t likely to read the announcement or know they were being logged.

Where do you draw the line between privacy and safety?  To me the purpose of a VPN is two-fold.  Security is covered on the technical side by offering an encrypted connection.  Privacy is another issue all together.  Can you trust your VPN service?  Proxy.sh dealt with the problem by taking action to help a father protect his daughters from being harassed.  Yet in doing so they went against their own claim of “non-logging” and chose to log the usage on that node.  Can they have it both ways?  That’s ultimately up to their customers to decide.