A strict no-log VPN policy is essential to ensure anonymity and privacy. The best zero log VPN providers even did an independent audit to prove their no-log claims. This assures that they truly do not keep any personally identifiable information. But why No-Log policy is so important? Which VPN does not keep any logs?
Do VPN providers keep logs
Running a VPN service with a huge amount of servers without any logging is not possible. VPN companies probably still have a time frame where they do log something. They mostly do that to see what’s happening on their network or implementing new features.
Even if it does not sound good, but there’s nothing to worry about. These logging activities most of the time are very temporary. The best no-log VPN providers delete everything after finished their technical work.
It is important to know that a country’s law where a VPN company operates matters for your privacy.
It is not a deal-breaker to pick a VPN that is based in a country that belongs to data-sharing alliances such as 5/9/14 Eyes. Trustworthy VPN companies generally find their way to follow their zero-log policies.
Best Audited No-Log VPNs
ExpressVPN has proven again that it’s one of the best no-log VPNs in the industry. It has done an independent audit by the PricewaterhouseCoopers experts.
The auditors tested the innovative TrustedServer technology too. This is an extremely privacy-focused feature. It allows servers to run only on a RAM-disk and without a hard-drive. This means that a server can not store any logs and all data is wiped completely every time it is restarted.
Another ExpressVPN’s app security audit was done by another cybersecurity firm Cure53. It did not find any high or critical security issues.
“Nothing was found to fundamentally impact the core security and privacy” – ExpressVPN stated.
ExpressVPN stays on the top as the most privacy-focused and secure no-log VPN provider.
NordVPN has done an independent audit by “the BIG 4” auditing firm PricewaterhouseCoopers. This zero log VPN service could back up the claims about no-logging on their servers. The audit proved that no information was collected that could identify the users.
NordVPN did the audit without any precedence, hoping that other VPNs will follow the practice. This raised the transparency and trustworthiness of their service.
A security research group VerSprite audited NordVPN’s apps for security. They tested all apps – Android, iOS, Windows, and Mac. The results showed no critical vulnerabilities, 7 high-level, 6 medium-level, and 7 low-level. All issues that were fixed immediately after the audit was done.
NordVPN is based in Panama, which a privacy-friendly jurisdiction. The friendly privacy laws allow this service to keep zero logs. NordVPN is one of the best all-rounded services for privacy in the industry.
VyprVPN was the first VPN provider ever that did an independent audit. Advised by Leviathan security group VyprVPN turned to a completely zero-log VPN service. The group announced the results publically.
The independent audit proved that this Switzerland based VPN does not keep any logs. Leviathan group posted the public extensive research and indicated the areas need fixing. VyprVPN fixed the issues immediately and became a no-log service.
The service still stays compliant with its zero-log claims. It does not collect any personally identifiable information.
VyprVPN might be lesser-known, but still a great VPN service. It works great with streaming services and unblocks content from internet-restricted countries.
Surfshark comes as an honorable mention. Well-known Cure53 auditors did the independent audit for Surfshark’s browser extensions. Like ExpressVPN, this VPN is based in The British Virgin Islands which is great for the no-log policy.
But, the audit’s scope was not very extensive. The results do not prove that they do not collect any personal information. Even though the extensions found to be secure, but neither apps nor servers were tested.
This provider clearly states that it does not keep any data that could identify its users.
Surfshark is a rising VPN service. It has already proven itself by the privacy-focused features. Even though you can only trust what they say, it is still much better than some of the older players in the market.
What do VPN logs show
Almost all VPN providers state that they have a no-log policy. Some of them just play with words. There are types of logs that they still can keep. Depending on the types of logs they can show you different kinds of information. This data is mostly generalized, but sometimes it can identify your browsing activities.
Here’s what VPN logs can show:
Connection logs can show the basic and most general information. These types of logs are pretty shallow and do not tell much about what exactly you did online. VPN providers usually bundle this data and use it for optimizing the bandwidth and load. You can not tell anything specific with these types of logs. Connections logs do not compromise your privacy.
Here’s what connection logs can show:
- Your IP address
- The websites you’re trying to reach domain name
- The website’s IP address
- The connection timestamp
- The amount of data transferred
Usage and traffic logs
These logs are the ones that tell most about your online activities. This is the data that authorities ask for evidence in case of criminal activity.
Usage logs can tell which websites you visited and when. They can show if you used torrenting or even tried accessing the Tor network.
Your privacy is at risk if the VPN collects such logs. VPN providers usually sell this data to advertisers or hand over to authorities. From these logs, you can be identified and linked to specific VPN users and online activities.
Every process that takes place on a VPN server can be monitored in real-time. These real-time logs are either stored in a database or discarded. For example, in Linux OS pointing logs to /dev/null discards them permanently.
Every VPN provider has the power to turn on real-time monitoring. They can show the technical parameters such as the amount of data that travels via the VPN network.
General information about the customers
Your VPN provider keeps general information about the user. This information is mostly related to payments or credit cards.
This information might include:
- Your account username (email)
- Password (encrypted and secured)
- Payment history
- Payment details (Credit Card details, PayPal)
For more privacy, some VPNs offer to pay with cryptocurrencies. Paying with Bitcoin you gain more anonymity since it’s harder to link your VPN user account to a real person.
Mostly all VPN apps generate logs on the client-side. This means that this information is stored on your device. Every time you encounter technical issues customer support asks for client-side logs. They are used for debugging and VPN app activity.
A VPN no-log policy does not include these logs since they are out of the VPN provider’s control. Only you can edit or delete those files from your device. Client-side logs mostly contain technical and under-the-hood information. These logs report authentication problems, crashes, and so on.
What is VPN Warrant Canary
A Warrant Canary is a single page a VPN provider has to warn its users about the compromised service. This page clearly states that no one has contacted them or taken any secret legal action.
The law does not allow to openly communicate about the issued secret subpoena. But, in case a service is compromised a Warrant Canary method is used. A transparent VPN provider tries to inform its users that they might be monitored. They remove the clear statement from their Warrant Canary page. This leads to the assumption that a warrant has been issued against the service.
VPN no-log policy scams
Let’s take as an example a VPN that advertises zero-log as its feature:
But, after some search, we can find their actual log keeping policy and it states as follows:
As we can see that a VPN advertises Zero-logs, but the truth is not really as it seems. Some VPNs actually keep connection and usage logs (including the websites you visit) and monitoring their user’s activity which is not what you want if you care about your privacy.
Due to common false claims about no-log policy, some top-notch VPNs did an independent third-party audit to prove their claims that they do not keep any personally identifiable information.
Why strict no-log VPN policy is important
A strict no-log policy is a way to tell a VPN provider is trustworthy and values your privacy. VPN logs can reveal your browsing habits, identity, websites visited, and connection times. That’s why it is important to get rid of them and protect your privacy.
A VPN provider that keeps your browsing activity logs is like another ISP. It would not provide you any privacy whatsoever.
A VPN provider must ensure your privacy. The service must prevent authorities, surveillance agencies, and advertisers from snooping on you. Keeping logs on the servers would defeat the whole purpose of why VPNs were created in the first place.
A strict no-log VPN policy is important to ensure your ultimate privacy and anonymity when using a VPN. Any data collected could identify who you are, what websites you visit, or what files you download.
Unfortunately, a tendency in the VPN industry is that everyone says they keep no logs, when in fact, they do. Some more transparent VPN providers such as ExpressVPN went to the extent of doing a third party independent audit to prove their claims. While there are more VPNs that truly do not keep logs, but the ones mentioned did the audit and can be trusted the most.