If my understanding of VPNs is right, all VPNs do is shift the consequences of illegal traffic from me (end-user) to the VPN provider. My ISP doesn’t know the content of my traffic, but the VPN providers do. It would “sort of” act like the provider is making the browsing requests, not me. So how come they don’t get in trouble instead?
If I were to do some piracy torrenting based on a VPN server in the U.S., what stops law enforcements or content creators from investigating directly with them? Most answers I’ve seen is that some VPN providers have a no-logs policy, meaning even if they wanted to cooperate with law enforcers, they couldn’t. If that’s the case, why do ISP’s do? Could there be an ISP that doesn’t store logs too, and wouldn’t snitch on me with any illegal traffic? I would presume there are laws for ISPs to monitor their traffic, but why wouldn’t these laws also apply to VPN providers?
The answer is: loopholes. ISPs generally cannot be punished by activities done by their customers. It’s the same concept about how a prank caller is the one facing trouble and not the telephone maker, mobile network, ie the providers of the service. Take that concept a bit further, if you hit someone with a car, you’re at fault as the driver, not the car manufacturer (if there were no grossly negligent defects in the car that caused the accident.)
The biggest loophole in the USA is the section 230 that’s been mentioned. It was originally designed to prevent the Internet from being stifled when compared to ‘traditional media’, but now is the reason the Interest has become a cesspool because the rules that kept traditional media liable do not apply. Repealing section 230 is long overdue. It’s not about individual privacy rights or other such non-sense as people with alternative agendas push–it is about restoring order by making publishers liable for what they publish. This is important because if facebook was liable for the teenage girls that committed suicide by reading content on their site that they published, then facebook would prevent those suicides. It opens a whole can of worms of liability for publishers who would rather make the ‘easy money’ by allowing cesspool to continue and them to profit off of it. Responsible publishers on the internet are rare because revenues are a lot less when you’re not involved with copyright infringement, slander and libel, and all sorts of negligent acts as this stuff brings more traffic hence more revenue. Who cares if people are fighting on facebook as long as it is profitable to facebook, right? The EU with GDPR took a stand with this ‘wild wild west’ attitude, probably because the revenues from these companies simply goes to the USA, but I think GDPR does a very good job to give a level playing field to both publishers and consumers.
And for the record I’m a publisher who at the inception of my site put in rules to prevent problems when 230 was going to be repealed. I could have made a lot more money (had more traffic) by not having these rules in place, but I never wanted some loophole to allow someone to somehow ‘weaponize’ my site to do harm to someone else–to me that was an ethical area I didn’t even want to approach–my work being used to harm someone else while I profited from it. And what is sad is that some of the largest ‘Internet’ companies do exactly that probably millions of times a day.
I have friends who received a notice from their ISP that they were watching/downloading pirated content, and if they were caught doing it again, they would cancel their contract. Why would they even do that, if they don’t store the logs nor are liable for what end-users do over the internet?
In the example above, I believe a friend got a letter from their ISP, that HBO said s/he was streamimg a TV show illegally. If ISP’s are not responsible, why would they even care? And second, if they don’t store the logs, why would they even bother tracing back the IP address it belonged to? Things like this do happen quite often, so it doesn’t seem to make too much sense to me.
This, and the previous response, are very thorough and accurate.
Another aspect is that most VPNs use shared public IP addresses, so when a copyright owner contacts the VPN saying, “your IP x.x.x.x was seeding our property on x date at x time”, the VPN can truthfully respond, “we had 103 users using that IP at that time, (even if we wished to assist your investigation) we have no data that could indicate which user is responsible for that particular traffic.”