Robbie

Level 28
Verified
Content Creator
While i'm drinking my soft tea to lubricate my wires and circuits, a question has come to my head.

Let's picture a situation, irreal but highly possible in this informatic world we're living.

I'm a cybercriminal. I use a VPN service 24/7, with network lock enabled, so if VPN turns off, it won't leak data. I use the VPN for daily usage, such as social networks, browsing, etc. And as i'm a cybercriminal, i access the deep web once a day to purchase malicious stuff, illegal always. I do not bother turning on the VPN because it already was ON. I always have it ON.

Is there a security risk for this guy using the same VPN server for daily usage (Facebook, Youtube) as well as for illegal Tor stuff? Is there a way the IP given can stay recorded on Facebook servers and compromise this guy when government agencies get the same ip when they analyze the nodes/servers of the Tor site he visited? Should this cybercriminal switch servers when doing risky activities? Or there's no issue at all?

Let's try to forget for this thread the fact that government agencies can track this guy with more things than his IP and they can unmask the VPN.

Discuss.
 

askalan

Level 16
Verified
Malware Hunter
A question to you: Why the darknet markets are existing and lots of darknet dealers not in the jail? Because Tor is safe. Why are some of them in a jail? Because of a mistake.
If you can answer this question then you can answer all your other questions. A possibility to track you will always exist. One human mistake can be enough.
 

NikolayfromRussia

Level 16
Verified
While i'm drinking my soft tea to lubricate my wires and circuits, a question has come to my head.
Don't drink so much a soft tea and no question like this will come to your head :) (I am joking).
Daily I use some vpn services like PureVpn, NordVpn, VyprVpn, Cactus, PrivateVpn and sometimes ibvpn. I use Vpn services not because I am doing some illegal activity but I don't want my Ip to be recorded. I don't know what reply to your questions..... One more think to say some sites can gather information about OS, browser, system language and detect your time zone. I don't know if they can gather your MAC address but I would advice to change your hardware details too (like MAC, harddrive ID, PC name) together with Ip. Because if Vpn service provides logs who used their servers for some cybercriminal activity (let's say 20 users used the same server on the day of crime) the government agencies can analyze gathered information about OS, browser, system language, time zone....
 

Robbie

Level 28
Verified
Content Creator
Don't drink so much a soft tea and no question like this will come to your head :) (I am joking).
Daily I use some vpn services like PureVpn, NordVpn, VyprVpn, Cactus, PrivateVpn and sometimes ibvpn. I use Vpn services not because I am doing some illegal activity but I don't want my Ip to be recorded. I don't know what reply to your questions..... One more think to say some sites can gather information about OS, browser, system language and detect your time zone. I don't know if they can gather your MAC address but I would advice to change your hardware details too (like MAC, harddrive ID, PC name) together with Ip. Because if Vpn service provides logs who used their servers for some cybercriminal activity (let's say 20 users used the same server on the day of crime) the government agencies can analyze gathered information about OS, browser, system language, time zone....
Let's not talk about VPN leaks or VPN handing logs. Just picture that i logged in to my Facebook "Robo Man" where i have my real information. And with the same VPN server (which I THINK it's the same IP) i do illegal stuff. Then is there a possibility government agencies or whoever who has access to Facebook information because of the law, do math and say: "Hey look, this IP here bought 200 high-class guns and weapons in the deep web, and the same IP was used to access to Robo Man Facebook account. It's him." Of course more than one person used that IP from the VPN to access to personal sites but the number is relativately small as to start an investigation.
 

NikolayfromRussia

Level 16
Verified
Let's not talk about VPN leaks or VPN handing logs. Just picture that i logged in to my Facebook "Robo Man" where i have my real information. And with the same VPN server (which I THINK it's the same IP) i do illegal stuff. Then is there a possibility government agencies or whoever who has access to Facebook information because of the law, do math and say: "Hey look, this IP here bought 200 high-class guns and weapons in the deep web, and the same IP was used to access to Robo Man Facebook account. It's him." Of course more than one person used that IP from the VPN to access to personal sites but the number is relativately small as to start an investigation.
I don't know how the government agencies work in this case. I think it is a hard job to find out because users who used a same Ip can live in different countries.... One in US, other in Sweden or Russia. They will have to inform local police/agencies in those countries and ask to arrest suspected guys in cybercrime. Really not easy job requires time, financial expenses and efforts.
 

Bleak

Level 3
Verified
I'd say yes there's a risk, let me explain my point of view on this; if one uses consistent IP for illegal and legal stuff, it may make it easier to trackdown that IP but it won't that IP itself that may lead to the real person's location (unless that VPN service keep logs?) in the case of no logs saved: that IP which got recorded on social sites especially facebook, will usually reveal ALOT if that person is active there with likes/comments/posts, even if you're just watching, you obviously has page likes and FRIENDS!.. actually I believe friends can reveal a lot about you if they're your real life friends, most important is location, as we usually have many friends on facebook that are from same country/city or even local area, works friends etc. you may tell me you've your "Friends" tab set to "Only me", a one way to see your friends' profiles is from likes they have on your posts, sometimes facebook users tell so much about their lives either from posts, or personal info, work, study, location etc, this also reflects on you as they're easily reachable and government can reach them and ask them in person.

Other things that to consider is usernames, see if you're using a consistent username/emails around the web, your local clock can also narrow down to your real location EVEN if you're using VPN, screen resolution, other running tabs can also (and their titles).

TL;DR: Consistently in IPs, usernames, emails, screen resolutions.. isn't really a good idea having doing illegal stuff considering it's easily avoidable since all VPNs offer several different servers locations, and other variables are changeable too.
 

Robbie

Level 28
Verified
Content Creator
"Hello!

In general this guy can't use our service which is not aimed to any usage infringing the legal framework of the EU countries. If the illegal action are perpetrated in a country which has laws incompatible with fundamental rights, then we will of course ignore such laws.

In any case, separation of identity is a must to prevent potential correlation attacks. A cybercriminal who would mix identities and actions on the same IP address etc. would be very naive, to say the least.

Kind regards
AirVPN Support Team"
 

SHvFl

Level 35
Verified
Trusted
Content Creator
If you use a vpn to do weird stuff that involve 3 letter agencies and then you use your normal ip and visit the same places(google,fb,twitter,snapshat) then it's game over and you will get caught regardless if you change ip for the vpn every 3 seconds. Criminals have to have a 100% separation of their online normal activities and their malicious activities.

Most sites record post ip to assist moderation and even this site should do that. Most forums, online platforms,etc will do that.
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Patterns and mistakes will narrow down potential suspects, regardless of the anonymity used. Authorities monitor and track, you know. :)

Just notice how Avast narrowed down the general geographic area of the source of the attack on CCleaner. :)