How Anonymous is F-Secure?

Gunslinger
Gunslinger Posts: 5 New Member

A well known website (TorrentFreak) posts lists of the best anonymous VPN services each year. They ask each company the same set of questions to determine how anonymous the service actually is. Im due to renew my  F-Secure subscription and I want to know how you respond to these simple questions before i do....

 

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, what information and for how long?

 

2. What is the registered name of the company and under what jurisdiction(s) does it operate?

 

3. Do you use any external visitor tracking, email providers or support tools that hold information of your users / visitors?

 

4. In the event you receive a takedown notice (DMCA or other), how are these handled?

 

5. What steps are taken when a valid court order or subpoena requires your company to identify an active user of your service? Has this ever happened?

 

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

 

7. Which payment systems do you use and how are these linked to individual user accounts?

 

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide DNS leak protection and tools such as “kill switches” if a connection drops?

 

9. Do you offer a custom VPN application to your users? If so, for which platforms?

 

10. Do you use your own DNS servers?

 

11. Do you have physical control over your VPN servers and network or are they hosted by/accessible to a third party?

 

12. What countries are your servers located in?

 

Comments

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi Gunslinger,

     

    Welcome to our Community!

     

    Please refer to our Freedome privacy policy here which provides a lot of information to your questions.

     

  • Gunslinger
    Gunslinger Posts: 5 New Member

    So, basically the answer is, NOT AT ALL.

    Between Security Cloud, Analytics, and the optional traffic mapper, and the storing of metadata, its quite obvious that you're scanning all my traffic. Your service is neather private or anonymous. Which makes me wonder how secure it is too since you declined to answer the question about encryption. 

    No Mas. Im done. I will not be renewing my subscription due to both privacy and security concerns.

     

    I recommend that anyone reading this do their research. There are good companies out there that actually care about your privacy. This is not one of them, by their own admission. 

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi Gunslinger,

     

    The Freedome privacy policy has information about the anonymity too. Yes, we scan the traffic for malware as explained in the privacy policy. The privacy policy is also linked to our product, so it is available to all our users to read.

     

    About the encryption we use, we’ve got the encryption explained already in the KB article here.

  • Gunslinger
    Gunslinger Posts: 5 New Member

    Yup. I read it. Have you? Seems to me that you collect just about every aspect of a users session for at least some amount of time. Thats not privacy. 

    1. we need to process some metadata (such as: volume, country, IP address) of your traffic when providing the service to you;
    2. as an information security company, we analyze the traffic for suspicious or malicious files and destinations (i.e. URLs);
    3. we automatically screen the traffic to inhibit usage that is against our acceptable use policy; and
    4. the service collects statistics to give you a view of your browsing history via the service, but we do not connect this information to you.

    "we maintain temporary logs that contain the duration of the VPN sessions, the amount of data transferred, the device ID and the public IP address from where the VPN client connects to our service."

     

    "The logs are stored for 90 days prior to deletion"

     

    "The service checks the reputation of your application files. If a file is not known to be safe, the service may send it to Security Cloud to be scanned. Once the file is scanned, Security Cloud sends the scan result back to the service."

     

    "Application stores: number of purchased licenses / purchase history for F-Secure products; price and time of purchase; order number; technical environment (e.g. operating system) of your device; unique identifiers (e.g. Android marketing identifier); service statistics per device; other similar non-sensitive device and service data.

     

    "F-Secure e-store: In addition to above; name, email, language, address, country, zip code, Internet Protocol (IP) address, payment type. More detailed information can be found from our e-store."

     

    "For us to learn when and how you use our service, to enhance it, and to learn how customers find out about the service, the service also collects data on installation success, installation and activation paths, performance, operation environment, connections, data routing, quota, as well as other similar metadata (such as which features are used and how often)."

     

     

  • Gunslinger
    Gunslinger Posts: 5 New Member

    By contrast, here is an example of a company that is not affraid to answer questions. Rather than point me to a prepackaged privacy policy. I have redacted the name of the company. 

     

     

    1. Do we keep logs? What is that? Seriously, we have a strict no-logs policy over our customers. The only information we keep is customers’ e-mail addresses which are needed for our service registration (we keep the e-mail addresses until the customer closes the account).

     

    2. *****VPN is based out of Panama.

     

    3. No tools are used to monitor our customers in any case. We are only able to see the servers’ load, which helps us optimize our service and provide the best possible Internet speed to our users.

     

    4. We use the third-party live support tool, but it is not linked to the customers’ accounts.

     

    5. When we receive any type of legal notices, we cannot do anything more than to ignore them, simply

    because they have no legal bearing to us. Since we are based in Panama, all legal notices have to be dealt with according to Panamanian laws first. Luckily they are very friendly to Internet users.

     

    6.If we receive a valid court order, firstly it would have to comply with the laws of Panama. In that case, the court settlement should happen in Panama first, however were this to happen, we would not be able to provide any information because we keep exactly nothing about our users.

     

    7. We do not have a warrant canary or any other alert system, because as it was mentioned above, we operate under the laws of Panama and we guarantee that any information about our customers will not be distributed to any third party.

     

    8. We do not restrict any BitTorrent or other file-sharing applications on most of our servers.

     

    9. We accept payments via Bitcoin, Credit Card, PayPal, Banklink, Webmoney (Paysera). Bitcoin is the best payment option to maintain your anonymity as it has only the paid amount linked to the client. Users who purchase services via PayPal are linked with the usual information the seller can see about the buyer.

     

    10. We have high anonymity solutions which we would like to recommend to everyone seeking real privacy. One of them is Double VPN. The traffic is routed through at least two hoops before it reaches the Internet. The connection is encrypted within two layers of cipher AES-256-CBC encryption. Another security solution – Tor over VPN. Firstly, the traffic is encrypted within ******VPN layer and later sent to the Tor network and exits to the Internet through one of the Tor exit relays. Both of these security solutions give a great encryption and anonymity combination. The benefit of using these solutions is that the chances of being tracked are eliminated. In addition, you are able to access .onion websites when connected to Tor over VPN. Furthermore, our regular servers have a strong encryption which is 2048bit SSL for OpenVPN protocol, AES-256bit for L2TP.

    In addition to that, we have advanced security solutions, such as the “kill switch” and DNS leak protection which provide the maximum possible security level for our customers.

     

    11. ******VPN has its own DNS servers, also our customers can use any DNS server they like.

     

    12. Our servers are outsourced and hosted by a third parties. Currently our servers are in 26 countries: Australia, Austria, Brazil, Canada, Chile, France, Germany, Hong Kong, Iceland, Isle of Man, Israel, Italy, Liechtenstein, Lithuania, Netherlands, Panama, Poland, Romania, Russia, Singapore, South Africa, Spain, Sweden, Switzerland, United Kingdom and United States.

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi Gunslinger,

     

    Regarding you post, we were able to find the questions in TorrentFreak. We can also see that the questions were also answered in detail for Freedome in the second page of the same link - https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/2/

     

    Please refer to page 2 in the above link and look down for Freedome for the answers. As mentioned above, we have more detailed information in our Privacy Policy as well.

This discussion has been closed.
Product & Pricing Info