Monday, September 26th 2011

HideMyAss.com... Doesn't

UK-based www.hidemyass.com bills itself as a service offering complete online privacy, for a fee. However, that soon evaporates when the law comes knocking... just when you need them most. This is how alleged LulzSec member Cody Andrew Kretsinger, 23, of Phoenix, Arizona is now facing potential time in court over accusations of hacking using the service. However, HideMyAss claim on their home page:
In this day and age of hackers, censorship, online identity theft, people spying and monitoring your online activities, your online privacy has never been so important. Our aim is to provide easy to use services that help protect your online identity and privacy. Our free web proxy is a secure service that allows you to surf anonymously online in complete privacy. For more advanced features our Pro VPN service adds increased security and anonymity on to your existing internet connection.
Which can be taken as considerably misleading by some, as it gives no hint of a clause in their contract that means this bold claim is actually not strictly true.


However, the company defends their actions in a blog post:
It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.
Twitter accounts affiliated with Anonymous were unsurprisingly vociferous in their criticism of HideMyAss's business practices and assistance of a federal investigation, dubbing the service SellMyAss, and arguing that HideMyAss users are less likely to trust it and more likely to look for alternatives. "Question @HideMyAssCom: Was it worth to rat out one guy who allegedly hacked #PSN in exchange for all your business? You will find out soon," AnonymousIRC said.

So why aren't all those Egyptians who used the service recently to evade their country's censorship blocks being handed on a plate to the authorities?
We follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt. If a request for information is sent to us from overseas, we will not accept this request unless it is sent through the appropriate UK channels and a UK judge warrants a court order or a court summons that forces us to provide this information. We are not intimidated by the US government as some are claiming, we are simply complying with our countries legal system to avoid being potentially shut down and prosecuted ourselves.

Regarding censorship bypassing, some have stated it is hypocritical for us to claim we do not allow illegal activity, and then claim our service is used in some countries to bypass censorship illegally. Again we follow UK law, there isn’t a law that prohibits the use of Egyptians gaining access to blocked websites such as Twitter, even if there is one in Egypt ... though there are certainly laws regarding the hacking of government and corporate systems.
What this boils down to is that someone would have to be very naive to register with a credit card, thereby positively identifying themselves and expect the company not to keep track of their IP addresses and full logs of their activity to prevent themselves getting shut down by law enforcement. The only way the company can protect themselves is by sacrificing their paying customers, as they see fit. Not quite such an anonymous service is it? Seems that some LulzSec members are not so clever after all and should have read the terms and conditions...

Sources: The Register | TG Daily | HideMyAss blog
Add your own comment

47 Comments on HideMyAss.com... Doesn't

#1
damric
Aren't there enough free proxies, like vidalia? I don't understand why someone would pay for this service.
Posted on Reply
#2
qubit
Overclocked quantum bit
Even free ones still keep logs and will be happy to keep logs and nail their users to save their own ass.
Posted on Reply
#3
m4gicfour
This isn't really so surprising, is it? At least I can respect HideMyass.com's legal stance. It's a lot better than a lot of companies out there: We follow the laws of the country we reside in. If somebody broke a law in your country using our service, you'll have to deal with the legal system of our country.

Most of these sorts of companies will fold at the first DMCA C&D order they get, regardless of the fact that DMCA doesn't apply unless you're incorporated in the US. :rolleyes:
Posted on Reply
#4
1Kurgan1
The Knife in your Back
All I got to say is dumbass. I loved how all the messages from Lulsec were extremely cocky like no one would ever catch up with them. Wonder what this guy is thinking now, 23 years old, how much jail time is he facing, just going to waste the best years of his life away to be a smartass on the internet.
Posted on Reply
#5
PopcornMachine
I doesn't seem to me that any web service company is going to help someone break the law. Not going to stay business very long that way.

Very naive to think they would.
Posted on Reply
#6
EarthDog
by: qubit
Even free ones still keep logs and will be happy to keep logs and nail their users to save their own ass.
Thats news? As in this statement (not the article, I appreciate it being posted!) :D
Posted on Reply
#7
[H]@RD5TUFF
by: 1Kurgan1
All I got to say is dumbass. I loved how all the messages from Lulsec were extremely cocky like no one would ever catch up with them. Wonder what this guy is thinking now, 23 years old, how much jail time is he facing, just going to waste the best years of his life away to be a smartass on the internet.
Exactly, the script kiddies thought they were leet haxors . . . not so much it seems.
Posted on Reply
#8
qubit
Overclocked quantum bit
by: EarthDog
Thats news? As in this statement (not the article, I appreciate it being posted!) :D
I was responding to damric. :)

Oh, and you're welcome. :toast:
Posted on Reply
#9
Easy Rhino
Linux Advocate
by: 1Kurgan1
how much jail time is he facing, just going to waste the best years of his life away to be a smartass on the internet.
you mean being an internet smart ass is not a life fulfilling goal? :mad:
Posted on Reply
#10
LAN_deRf_HA
Couldn't you just use a free proxy based in a country that doesn't comply with your country's law enforcement? Save money and don't go to jail...
Posted on Reply
#11
H82LUZ73
LOL kinda funny the logo for hidemyass is a jackass like the LulzSec member who got his handed to him:roll::roll::laugh::slap:.Are these the guys who hacked the EA member database and Sony a few months back?
Posted on Reply
#12
Gzero
Yep, and now I get constant spam of the likes: Your wow account... Your runescape account...

all linking to address in .in

The internet can be crap at times. :p
Posted on Reply
#13
LordJummy
This is unfortunate, but definitely not HMA's fault. They have a very specific set of rules.

The responsibility ultimately falls on the kid. He decided to do bad stuff. If you don't properly cover up your tracks it's your own fault :(
Posted on Reply
#14
qubit
Overclocked quantum bit
by: LordJummy
This is unfortunate, but definitely not HMA's fault. They have a very specific set of rules.

The responsibility ultimately falls on the kid. He decided to do bad stuff. If you don't properly cover up your tracks it's your own fault :(
Well, I think their marketing practice is very deceptive and possibly lying. Just look all round their site at how they big up that everything you do is "private". Yeah, sure. :rolleyes:

While they have to protect themselve by "cooperating" with law enforcement, I'm sure they could do more than just hand their customers on a plate to the authorities. I'm sure there are ways to make records that little less available, or you know, they get "lost". It can all be done plausibly.

Think about it, by providing an anonymizing service like that, they know full well that their number one clients will be people that want to do stuff like that, so they're being quite hypocritical. Let this shit happen and take the punter's money while you're at it. However, the minute law enforcement turns up, just rat them out! :wtf: Nah, they're an accessory to these activities, however indirect they try to be.

Frankly, in this story, I blame both HMA and the hacker for being at fault, in different ways.
Posted on Reply
#15
1Kurgan1
The Knife in your Back
by: Easy Rhino
you mean being an internet smart ass is not a life fulfilling goal? :mad:
Oh it is, just ask Mailman :laugh: But it's not worth jail time.

by: qubit
Well, I think their marketing practice is very deceptive and possibly lying. Just look all round their site at how they big up that everything you do is "private". Yeah, sure. :rolleyes:

While they have to protect themselve by "cooperating" with law enforcement, I'm sure they could do more than just hand their customers on a plate to the authorities. I'm sure there are ways to make records that little less available, or you know, they get "lost". It can all be done plausibly.

Think about it, by providing an anonymizing service like that, they know full well that their number one clients will be people that want to do stuff like that, so they're being quite hypocritical. Let this shit happen and take the punter's money while you're at it. However, the minute law enforcement turns up, just rat them out! :wtf: Nah, they're an accessory to these activities, however indirect they try to be.

Frankly, in this story, I blame both HMA and the hacker for being at fault, in different ways.
I don't see what is misleading, any security they speak of is protecting you from identity theft and hacking. They are trying to protect people from a guy like that, not allow a guy like this to do stupid shit while being anonymous (funny to use that word here).

Think of it like torrents, nothing wrong with them, they are even becoming decently popular for developers to use. But what people use them for is illegal.
Posted on Reply
#16
Wile E
Power User
by: qubit
Well, I think their marketing practice is very deceptive and possibly lying. Just look all round their site at how they big up that everything you do is "private". Yeah, sure. :rolleyes:

While they have to protect themselve by "cooperating" with law enforcement, I'm sure they could do more than just hand their customers on a plate to the authorities. I'm sure there are ways to make records that little less available, or you know, they get "lost". It can all be done plausibly.

Think about it, by providing an anonymizing service like that, they know full well that their number one clients will be people that want to do stuff like that, so they're being quite hypocritical. Let this shit happen and take the punter's money while you're at it. However, the minute law enforcement turns up, just rat them out! :wtf: Nah, they're an accessory to these activities, however indirect they try to be.

Frankly, in this story, I blame both HMA and the hacker for being at fault, in different ways.
I disagree. Their service explicitly states that it is not to be used for these activities. It's to make you anonymous to the people that are doing the hacking and data mining, not to allow you to hack.

I think the company is 100% in the right.

I don't feel this is a news worthy story at all.
Posted on Reply
#17
1Kurgan1
The Knife in your Back
by: Wile E
I don't feel this is a news worthy story at all.
I think it's news worthy, simply because since their attacks started I wanted to see these morons asses nailed to the wall.
Posted on Reply
#18
Easy Rhino
Linux Advocate
by: Wile E


I don't feel this is a news worthy story at all.
maybe not on this site, but it is certainly making the rounds on slashdot and others.
Posted on Reply
#19
reverze
the point of these lulsec guys was to show how easy it was for someone to steal whole databases from high profile sites. they claimed the only way to prove the lack of security was to draw attention and release those databases.

if you claim these guys werent smart for using a vpn service, then think about all those professionals, be it state run agencies, or companies hiring hackers to harm competitors, or stealing your personal info without you knowing it.

As lulsec said from the beginning, like them or not, is that they admit and go public, how many hundreds or thousands dont?
Posted on Reply
#20
1Kurgan1
The Knife in your Back
by: reverze
if you claim these guys werent smart for using a vpn service, then think about all those professionals, be it state run agencies, or companies hiring hackers to harm competitors, or stealing your personal info without you knowing it.

As lulsec said from the beginning, like them or not, is that they admit and go public, how many hundreds or thousands dont?
It wasn't smart, it was obvious. Who in there right mind would go after massive companies and not attempt to hide themselves behind as many VPNs as possible. Was pretty obvious all of them would be running it, and just a matter of time before authorities got a hold of the information they needed to track these people down.

Like them or not they didn't go public (they hid), and they didn't come through on how big they were talking. When the heat got hot, they backed off and called it quits (smart), but they called bigger shots than what they actually pulled off. They talked out of their ass and then ran, but they toyed around for too long, left too much of a trail, just will take more time to hunt down more of that trail, more will be arrested. Has nothing to do with intelligence, infact I would call them stupid. Has to do with gall, these people got inflated sense of self and felt they were unstoppable, doubt this guy who was most likely at 23 finally starting to setup a life that would be decent for himself. I'm 25 and finally looking at getting into finally starting a career and putting my life together, arrested at 23 is a shame, I know I would feel robbed.
Posted on Reply
#21
TheGuruStud
What a nub. It's easy to be untraceable, but he uses a VPN service with his name on it LOL.

I couldn't be that dumb if I tried.
Posted on Reply
#22
phanbuey
by: qubit
Even free ones still keep logs and will be happy to keep logs and nail their users to save their own ass.
That's a good thing.

by: Wile E
I disagree. Their service explicitly states that it is not to be used for these activities. It's to make you anonymous to the people that are doing the hacking and data mining, not to allow you to hack.

I think the company is 100% in the right.

I don't feel this is a news worthy story at all.
^ This ^
Posted on Reply
#23
v12dock
by: 1Kurgan1
All I got to say is dumbass. I loved how all the messages from Lulsec were extremely cocky like no one would ever catch up with them. Wonder what this guy is thinking now, 23 years old, how much jail time is he facing, just going to waste the best years of his life away to be a smartass on the internet.
Haha, it's funny my friend gamed / worked with Ryan Cleary. And when he got caught he said "That kid was always shady"
Posted on Reply
#24
Fatal
HideMyAss.com... Doesn't
With a title like that I thought TPU was going to start reviewing a clothing line or something. :laugh: I don't see how these fools think they can hack stuff and not get caught seeing as though they don't know when to quit.
Posted on Reply
#25
Fx
I cant believe he used HMA to do that. smart enough to hack but lacks common sense

he got what he deserves
Posted on Reply
Add your own comment