UK VPN service Hide my Ass has admitted that it hands over the details of its users if the FBI shows up with a court order.
This will be news to those who thought that using the VPN would give them a degree of anonymity when they were mounting cyber attacks on others.
The news comes after HMA started getting letters from users saying that its service was being used by hacktivisit groups like Lulzsec.
Writing in the company bog, the outfit said that when Lulzsec IRC chat logs were released, HMA was one of the VPN services the hackers used.
At the time HMA did noting. There was no evidence to suggest wrongdoing and nothing to identify which accounts were used.
But soon afterwards the outfit got a court order asking for information relating to an account connected to the leak.
It added that its VPN service and VPN services in general were not designed to be used to commit illegal activity and it was naive for hackers to think that by paying a subscription fee to a VPN service they were free to break the law without any consequences.
Even hardcore privacy services which claim you will never be identified are more likely to have their entire VPN network monitored and tapped by law enforcement, HMA pointed out.
The company set itself up in 2005 as a way to bypass censorship of the world-wide-web. It still thinks that the world-wide-wibble should not be censored.
If a spook shows up with a court order they will be given the logging times that people connect and disconnect from the service. It does not monitor the traffic once it is running. However it does mean that it is possible to locate abusive customers.
The outfit added that since it is a UK-based outfit it will only obey UK law. If a government wants log details, then it will have to prove that it is breaking British law, rather than its own.