Shellfire

One of the questions that keeps popping up in the e-mails we receive is “Why should I pick a VPN provider based in Germany?”. There are many misconceptions around jurisdictions and privacy laws, and the topic can be complex, so we will try to outline how things currently look from our perspective.

We actually believe that using a VPN “Made in Germany” such as Shellfire VPN has a number of unique benefits that other VPNs cannot provide.

German online privacy laws

Contrary to popular opinion, German online privacy laws are quite protective. Germans are generally quite passionate about their privacy. The topic has been debated fiercely in the media and in court.  Currently, there is a data retention law that requires Internet service providers to store all their users’ connection data (mainly location data and ip addresses) for a period of 4-10 weeks. This data can only be accessed by authorities under very specific circumstances. Internet users who are suspected of having committed serious crimes may have their records accessed by the Police or other federal agencies. However the European Court of Justice has recently ruled against this law. There are also a number of ongoing lawsuits against the practice of data retention, so nobody really knows what the future is going to look like.

Data retention laws do not apply to VPN providers

One thing is clear, though: the current data retention laws in Germany do not apply to VPN providers. This means we do not log any connection data:

“We do not log any connection data and never have.” – Maximilian Behr, CEO Shellfire VPN

In case of serious crimes, a court order could be issued, forcing us to start logging the data of specific user and hand over the data to the authorities. This is very different from the data retention described above, as it only affects specific suspects and does not force us to collect unsolicited data about all our users. We would of course be obliged to comply with such a court order. While we believe that the internet should be a place of freedom, we agree that the authorities need tools to prosecute online criminals.

So far, we have never received such an order. By not logging any user data, we can offer the best possible protection against governments and hackers trying to track your online activity. So even if our servers got hacked, the hackers would not find anything of interest on our hard drives.

GDPR further strengthens the user rights

Since Germany is part of the European Union, the EU General Data Protection Regulation (GDPR) applies. Most people only know the “annoying” effect of the GDPR which forces websites to outline their cookie policy and ask for consent. However, there is a lot more to it: With the GDPR, the EU sets strict to what companies are allowed to do with your personal data. Some VPN companies try to make some extra money by selling user data to third parties. This way, they can often offer a very cheap or even free service, but having your data sold is quite the catch and you shouldn’t fall for it.  While selling customer data is not be forbidden under GDPR per se, an EU-VPN company would have to disclose this to the customer and ask for their consent. Not doing so would entail the risk of a heavy penalty for the VPN provider so you can be assured that we at Shellfire VPN would never take that risk.

“Shellfire VPN will never sell your personal data (that is just not our business) – Maximilian Behr, CEO Shellfire VPN

GDPR also enforces a set of minimum security standards to better protect your data from hackers.

VPN providers may hijack your internet connection

Some VPN  companies even route part of their traffic through their customers’ internet connection. This is often used to allow other VPN users to access streaming providers. However, the connection may also be rented out to other companies. This practice comes with a number of risks like excessive bandwidth usage. In theory, a VPN user might even be blamed for crimes that someone else committed using your ip address.

So why are so many VPN providers offshore-based?

We suspect that one of the main reasons why so many VPN companies are based in offshore jurisdictions is that they try to avoid unpleasant questions about their data protection policies and shady business practices. Another reason is, of course, that many of these jurisdictions are known tax havens.

Therefore, think twice before picking a VPN provider based on a beautiful island in the Caribbean. A VPN Made in Germany should be your first choice instead.