Can the Police Track your VPN? Many Think So

I wanted to find out how police could track an IP address and what could be done to make tracking very difficult for the police to carry out.

Can the police track your VPN? The police can only track a VPN if the VPN keeps logs or leaks information, as this will have the real IP address of the VPN user and their browsing history. The police can contact the owner of the IP address, the ISP, and using a court order ask for the user details associated with the IP address.

Using a VPN to mask online activities from the police, requires careful consideration of the type of VPN chosen. As some VPNs can leak information or keep detailed logs, leaving a trail of information for the police to follow.

In the following parts of this article, I will look at how people can stop the police from being able to track them when they use a VPN.

1. Avoid FREE VPNs

By avoiding using FREE VPNs, better protection is possible as these free VPNs can give away browsing secrets. They can be poor at hiding IP addresses and use weak or no encryption at all.

These free VPNs may also come laden with malware and adware, that can be used to not only maliciously infect devices but can also be used to work out the real IP address. By using malicious scripts running in the user’s web browser, it’s possible to get a lot of information about the user including their real IP address.

Bandwidth stealing VPNs

Some of the free VPNs will use the computer where their VPN software is installed as service point, so users connecting using the free VPN who live in the same area, will not connect to the free VPNs servers directly.

Instead they will connect to other users in the area and piggback themselves on their connection. This might give away the IP of the VPN users as they become the VPN provider instead of the VPN customer.

Bandwidth stealing^[1] saves the VPN company costs in data transfers, as each connection made to and from the VPN service offered, can carry a charge based on the amount of data transferred. But it opens up the person using these VPNs to having their information divulged.

2. Use reputable VPNs

By using a reputable VPN, people can protect their identities as they know reputable VPN companies sales rhetoric is all about privacy and protecting their customers (check my latest list of reputable VPNs here).

So the user’s IP address will only be visible to the VPN provider and none of the websites the user connects to, will see their real IP address including their ISP. Instead the police will see one of the random IP addresses the VPN service assigned to the VPN users.

So if the VPN assigned IP address is used maliciously and the police want to trace the IP address involved, they will only have the IP address of the VPN service.

If the VPN doesn’t disclose (as they may be in a location where different laws apply) who was using the assigned VPN IP address at the time of the crime. As they don’t want their reputation to be soured (as they are no longer seen as protectors of privacy) then the police will be unable to do anything else to trace the IP address.

3. Use VPNs that don’t log

VPN services can store information (logs) about their customer’s IP address and the times their customer used their VPN service, along with all the websites they visited including the time of each of the visits.

This could give away any internet activities to anyone who could get access to those logs, so looking for a VPN with a no log policy is essential. This is a VPN with a policy of not storing any logs of the IP address of their customers, as well as all the websites they visited including the date and time of each of the visits.

The police will have to contact the VPN to get information about which IP address involved in any activity under investigation. Along with who was using this IP address at the date and time requested by the police.

The only way the VPN service can help the police will be by keeping logs and then sharing details of their logs with the police. However if a VPN doesn’t keep logs, then this is going to be difficult to do.

A word of warning one of the VPN providers^[2] who professed at not keeping logs, actually did at the time. When asked for these logs by the police, so they could track down a criminal. They gave the police the logs of all the this criminals activities including which sites they’d visited, what time they had visited them and so on.

4. Use VPNs with a Kill Switch

If you forget to start up your VPN software after logging into your computer, tablet or smart phone then you are going to be wide open to being tracked. As your real IP address will be publicly visible to your ISP, the internet and therefore so will the names of the websites you are visiting.

What about if they’ve switched on the VPN and left it running overnight while you are download some files? During the night your VPN connection fails?

Both of these actions of failing to start your VPN when you log on and your VPN failing may stop your computer from sending traffic securely over the VPN connection. As all traffic going from your computer to it’s destination will go across an unencrypted route, that is the normal route without the VPN.

By dropping to using this unencrypted route, the IP address assigned by the ISP becomes visible and therefore the protections offered by employing a VPN are temporarily suspended. Until the VPN connection is reinstated. All activities like websites being visited, can now easily be tracked by the ISP and logged by the ISP.

So a VPN is only as good as when it’s working and stopping all internet communications when the VPN fails is a must to protect the identity of the user.

Many VPNs comes with a Kill Switch, providing a level of protection against dropped VPN connections and VPN failures..

To keep the VPN protections in place, a number of the VPNs include Kill Switch functionality. The VPNs Kill Switch cuts internet connectivity when the VPN connections fails, stopping any communication from the computer.

A warning will normally come up, advising that the Kill Switch is stopping all internet connectivity as the VPN connection has failed. The VPN will then periodically check to re-establish the connection to it’s VPN service.

5. Use VPNs with leak protection

VPNs with a good reputation for protecting against leaks are a must, as they provide protection against giving away online identities as well as what’s being done online.

Some VPNs can leak information like DNS or are not robust enough to protect from other leaks from happening like WebRTC leaks.

What is a DNS leak?

DNS (Domain Name Service) is an important internet service that makes finding internet resources easier by mapping the names of the internet resources such as websites to their IP addresses.

That way, it becomes easier for people to remember the website name instead of having to remember a series of numbers for each of the websites they visit. It’s like a directory service containing lists of names and their IP addresses.

Every time a website name is entered into a web browser, the computer asks the DNS resolvers of the ISP to identify the website’s IP address. The ISP DNS service returns the IP address information and the information is then routed to this IP address.

Notice how the ISP DNS is being used for this communication and by doing this the logs of all communications made using the ISP DNS will be logged with the IP address, which criminals will want to avoid.

By using a VPN they will be using the DNS provided by their VPN so their ISP will not be able to log what websites they are visiting but if the VPN doesn’t use it’s own DNS, then it will use the ISPs DNS and as a result will leak information about all the websites the criminal is visiting.

VPNs with DNS leak protection will take measures to ensure only their secure DNS is used and if this DNS service is not available (it fails or becomes overloaded) then there will be no dropping down to use the ISPs DNS.

What is a WebRTC leak?

WebRTC stands for Web Real-Time Communication and this is used by the web browser for voice calls, video chats and instant file sharing (using peer to peer networking P2P within the web browser).

A WebRTC leak is when the real IP address becomes visible outside of the VPN as the connections made from the web browser to the intended website are made directly.

Which browser supports WebRTC?

Mozilla Firefox, Google Chrome and Opera all support WebRTC for their desktop browser versions and their smartphone versions on Android only. The other browsers including Apple’s Safari and Microsoft Internet Explorer don’t support WebRTC or have a more locked down instance of WebRTC.

How do I disable WebRTC in Firefox, Chrome and Opera?

Whilst there are ways to disable WebRTC in some browsers, there web browsers like Google Chrome and Opera that don’t have configurations to disable WebRTC unless a plugin or extension is used. Criminals will most likely look for a VPN that automatically disables any WebRTC communication.

6. Don’t use VPN Proxies

By avoiding using VPN proxy services is another tactic to protect online identities. As the VPN proxy owners can see the real IP address and what website are being visited. They can then use this information to inject advertisements into the web pages sent back from websites.

Many will also log this information and this could be used by the police to track the person behind an IP address down. Anonymous proxies like the HTTP proxy only anonymise web traffic so any communication made from outside the web browser from the computer will not be anonymised. A SOCKS proxy will need to be considered for non browser web traffic.

Is using Free Proxy safe?

No, using a free proxy is not safe as anyone with malicious intentions can set up a free proxy service and use this to try to steal your sensitive information like password credentials or sell your website visiting habits to marketers.

The owners can also give police your real IP address along with your website viewing habits including the times when you were visiting these websites.

Even the police could set one up and try to catch people doing malicious activities. They’d have full visibility of real IP addresses along with web browsing activities.

7. Don’t use VPN web browser extensions or plugins

Using a VPN browser extension or plugin will only protect the web traffic and not all communication leaving a computer, tablet or smartphone to the internet. This additional communication can give away the IP address, allowing police to trace it.

Are VPN extensions safe?

Whilst many VPN extensions provided by the leading VPN providers could be considered safe, many others are not safe and are downright malicious.

With many poorly configured extensions leaking IP addresses, sensitive information as they might not necessarily encrypt all the data passing through, or even if they do encrypt, they could be using outdated easily crackable cryptography.

Many VPN services provide extensions and plugins for popular web browsers and these allow for connections made from a web browser to a website to hide the real IP address. They also offer encryption to protect the traffic between the web browser and the website. However, they won’t protect internet traffics that’s not web traffic.

8. Use a VPN across all devices

It’s important when it comes to keeping anonymous on the internet to ensure all devices used including smartphones, tablets, laptop, desktop computers, are all using a reputable VPN to connect to the internet.

As only using VPN on one device, can leave the other devices to give the IP address away, allowing the police to trace it, if needs be.

Many paid for reputable VPNs come with multiple device accounts allowing each account to have upto a number of devices. The one I use has a five device limit, so I have my smartphone, laptop, tablet and desktop computer easily covered by this licensing restriction from the VPN I use.

When will police track an IP address?

The police will track an IP address once they have been given authority (depending on jurisdiction) such as a court order or warrant. They will use the court order to force the owner of the IP address (the Internet Service Provider – ISP) to give them the details of who was using the IP address on a particular date and time.

The police generally can not obtain the details of the user of an IP address without some form of legal undertaking like a court order. The only way they can get a court order is with some form of proof, that a malicious act has been committed.

How long does it take for police to trace an IP address?

The length of time it takes for the police to track who was using the IP address is wholly dependent on them being able to get a legal undertaking, a court order, warrant etc.

The Internet Service Provider who owns the IP address will act quickly in giving police the information needed when they are presented with a court order to do so.

All in all, depending on the severity of the offence associated with the IP address, it could take a few hours to a few days for police to track down the IP address user.

Conclusion

The police can find it difficult to trace an IP address to find out the details of who was using the IP address, if a VPN is used. The VPN however mustn’t create any logs and have IP address leak protection.