Now, THAT is the correct question. A server that keeps no logs is a fairly secure server from which to run a VPS. Ditto proxies. When shopping for something of this sort, the important question to ask is, "What logs do you keep, and how long do you retain them?" Every server makes and keeps logs - there is no getting around that. The lifetime of the logs should depend on administrative necessity. Generally, logs should be flushed every 24 hours. Performance logs, security logs, things that pertain to the ongoing health and security of the server should be retained for as long as necessay - sometimes, for months. But every publicly facing server should routinely delete logs that aren't central to the server's main mission. VPS and proxy servers main mission being to protect the anonymity of it's users.
Shouldn't it be considered a fraud, to advertise they you will protect a user's identity, then maintain logs which can be seized by any government agency that demands them?
From an evidentiary standpoint, a defendant in a lawsuit is fine (in terms of spoliation) when logs are deleted per an established retention/deletion policy, but as soon as they are put on notice that they are a party in a pending official proceeding, they would have to put in place a "litigation hold" and thus preserve "any information that might be relevant" to the opposing party. So, in this case, even if they did delete all their logs every 24 hours, as soon as they were put on notice (served, subpoenaed, etc.) they would have an on-going duty to keep the relevant logs. Now, that doesn't help the FBI in proving past acts, but it would mean HideMyAss would have to release any information from that point forward that the FBI requested, unless they were able to object to the request and get the court to agree that they should not have to do so, either due to excessive burden (time or financial), or that it is privileged data. Unfortunately, the trend is that it is becoming increasingly difficult to withhold data under either objection.
Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker