• Determining of one individual VPN user’s data is impossible for German software company Steganos
  • VPN services interweaves users’ data irreversibly
  • Legal admissibility of user data disclosure upon court order stays questionable

dataretentieMass data retention is supposed to make a comeback in Germany in a slightly rearranged form. Providing anonymization services such as Steganos Online Shield VPN and OkayFreedom VPN, we declare data retention to be unfeasible concerning our VPN users: Both services interweave metadata of a huge number of users in a way that cannot be untangled. Therefore, an individual user cannot be identified with one IP-address and personal data can neither be determined nor passed to state or police.

In case of a reintroduction of mass data retention in Germany, investigation authorities could request Steganos to pass data regarding one IP-address, a given date and a certain time for purposes of an individual’s criminal prosecution. Yet, it would be impossible to identify any user of Steganos Online Shield VPN as well as of OkayFreedom VPN with a certain IP-address, as an individual user’s set of data is irreversibly mingled with the sets of data of all other users who are connected to our VPN network at that time. We were only able to pass a list of user-IPs, who have been connected to a certain VPN-IP at the given time. This means that Steganos cannot retrace any individual user with that information, but only give out an amount of IP-addresses from several internet providers (T-Online, 1&1, Unitymedia, etc.) that could contain the person sought.

“If the release of these data upon court order is legally admissible, is still totally unclear. By being forced to grant access to information of other internet users who have been connected to the VPN network at the same time, these users’ personal right to privacy would be heavily infringed. All of them would be placed under general suspicion. Thus, it would stay questionable, if we had to comply with the order”, states Gabriel Yoran, Managing Director of Steganos Software GmbH.

VPN service conceals real IP-addresses

As provider of anonymization services such as Steganos Online Shield VPN and OkayFreedom VPN we make sure that every data traffic is directed from the user’s device to a Steganos VPN server via an encrypted tunnel. The VPN server assigns a new IP-address for identification and establishes communication with the websites the user wants to visit. There are two big advantages: All data that are exchanged between user and VPN server are encrypted and cannot be accessed by third parties. Furthermore, users can just be traced back to their VPN server. Instead of their real IP-addresses one can only see the VPN service’s IPs.

No data retention for users of VPN server

Steganos Online Shield VPN and OkayFreedom VPN neither store called up addresses or contents, nor the IP-addresses that are allocated to the user by the VPN service. Also the users own IP-address, with which Steganos Online Shield VPN and OkayFreedom VPN is used, is not being saved – according to current privacy policy regarding both products.