Public Pastes
Pastebin PRO Accounts SPRING SPECIAL! For a limited time only get 50% discount on a LIFETIME PRO account! Offer Ends April 8th!
SHARE
TWEET

Zenmate Q&A

a guest Apr 18th, 2015 437 Never
  1. 1. Do we keep ANY logs which would allow you to match an IP-address and a time
  2. stamp to a user of your service? If so, exactly what information do you hold
  3. and for how long?
  4.  
  5. We do not store user IP addresses.
  6.  
  7.  
  8. 2. Under what jurisdiction(s) does your company operate?
  9.  
  10. As a Berlin based company we operate under German law. ZenMate was originally founded in Manchester, England, but was quickly relocated to Berlin in order to take advantage of Germany’s much stricter Data Protection laws so we would never be forced to collect information on our users for the authorities.
  11.  
  12.  
  13. 3. What tools are we using to monitor and mitigate abuse of our service?
  14.  
  15. Only HTTP(S) and DNS traffic is allowed. In case of complaint of abuse from
  16. third party we have a awesome team of lawyers that know how to respond. In
  17. short, we say that we do not have any IPs and there is nothing we can do.
  18.  
  19.  
  20. 4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?
  21.  
  22. We don’t use Google Apps to store any personally identifying information provided by our users. We do use ZenDesk for support, but the amount of information they might be able to hold is limited to the emails which you directly send to our support channels.
  23.  
  24.  
  25. 5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
  26.  
  27. As a German company we’re not subject to DMCA takedown requests. If we receive abuse notifications, we respond that we cannot give any information on our users as we do not have such information on user or connection data. Further, at no point in our service is it possible to manually filter data transmissions or censor the bit stream between the user and the connected website or service. According to German law, we are not responsible for our user’s actions and are not legally required to take action.
  28.  
  29.  
  30. 6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?
  31.  
  32. If we are presented with a valid court order to identify a user of our service, we are unable to comply with this request. We don’t store or log any personal information on our users which could be used by the authorities to identify our individual users or what they’re doing while using our service. We have received requests from the authorities before, but have never provided information on our users following these requests.
  33.  
  34. The short of it is - We don’t know who you are or what you’re doing online. Your personal information is protected not only from 3rd parties and the authorities, but from misuse by us as well. As we don’t log personally identifying information in the first place, we can’t sell or analyze your data.
  35.  
  36.  
  37. 7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?
  38.  
  39. We don’t currently have a ‘warrant canary’, but is something we might consider in the future. However, as a German company it is less critical than for US based companies as under German law, the authorities cannot compel us to collect identifying information on our users in the first place.
  40.  
  41. We are also considering releasing a bi-annual Transparency Report which would outline the number of legal requests we receive and how we handle these.
  42.  
  43.  
  44. 8/9. The questions only said "[not applicable]".
  45.  
  46.  
  47. 10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?
  48.  
  49. Please check out this FAQ entry: https://support.zenmate.com/hc/en-us/articles/201259141-What-kind-of-encryption-is-ZenMate-using-is-it-
  50.  
  51. We do not have any kill switch, but our clients automatically re-connect to the VPN server in case of connection failures.
  52.  
  53.  
  54. 11. Do you use your own DNS servers? (if not, which servers do you use?
  55.  
  56. We do DNS caching on our nodes, falling back to root DNS servers if the requested hostname is not known. This behavior has not yet been pushed on all of our servers. On servers not implementing this behavior, we use 74.82.42.42 (Hurricane Electric) and 8.8.8.8 (Google). However, given that many different users are accessing our servers, there is little room for targeted surveillance for the aforementioned entities.
  57.  
  58.  
  59. 12. . Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?
  60.  
  61. Please check out this FAQ article for more info about our locations: https://support.zenmate.com/hc/en-us/articles/202451472-What-s-new-What-are-the-differences-of-ZenMate-Premium-and-Freemium-
  62.  
  63.  
  64. 13. If your VPN is just a browser plugin that you have to click to connect to, why are users prompted to enter an email? The email doesn't have to be valid and there's no confirmation but it's still required to connect. Why is this?
  65.  
  66. In the new update of ZenMate (which is already available for the Opera extension and the Android App) you will no longer be required to log in to use the extension. You will only need to have an account when you upgrade to a premium account.
  67.  
  68.  
  69. If you have any further questions I strongly advice you to look through our FAQ page https://support.zenmate.com/hc/en-us and our full Privacy policy https://zenmate.com/privacy-policy/
RAW Paste Data
Top