We live in a world, where everything we do online, is monitored, tracked and stored in data centers without us even knowing about it.
Apps want to know our location, browsers want to store cookies, and websites want to shove targeted ads all up in your face.
Think about it…
Even tools designed to protect our privacy, are actually storing a lot of personal information. I’m talking about VPN logging policies.
Believe it or not, dozens of VPNs advertising “no logs”, actually store quite a bit of user data.
So on that note, we’ll dive deep into VPN logs, and find out what a legitimate no logs policy actually looks like.
What VPN Logs Even Mean?
When it comes to VPN logs, there can be quite a bit of confusion. It is exactly why some VPN providers get away with logging user data.
To clear up all the misconceptions, I’ve segregated VPN logs in to three types. Let’s check out each of them in detail, shall we? Before we head on, check out our glossary of common terms used for online privacy to keep yourself well aware.
First up, let’s talk about “usage or browsing logs”. As the name suggests, these logs basically keep tabs on your online activities.
More specifically, VPNs that keep usage logs, actually store your browsing history, IP addresses, connection timestamps and more.
For anyone concerned about their privacy, such VPNs should be avoided at all costs. Usually, free VPN services are the ones to collect and sell VPN logs to third parties.
Next up we have “connection logs”. This type of logs are generally less invasive and only store minimal data such as date/time, connection data, and in some rare cases, IP addresses.
But as I said, connection logs aren’t something you should be too worried about. This type of log is usually kept for network optimization and troubleshooting.
Last but not least, we have “no logs”. This is pretty self-explanatory, but just for the sake of it, no logs simply mean that the VPN service is not keeping any logs.
That being said, guaranteeing 100% no logs can actually be quite difficult. Since VPN services need to store bandwidth usage and number of connected devices at the very least, some logs are necessary.
Bear in mind that even trustworthy VPN providers that claim no logs, do in fact store some data.
Before we take a look at what a legitimate no logs policy looks like, let’s check out a few VPN providers that we’re actually called out for falsifying their claims.
Let’s start with PureVPN…
PureVPN Helped FBI Catch a Cyber Stalker
Despite advertising no logs, PureVPN was surrounded in quite a bit of controversy in 2017 when their claims turned out to be farfetched.
When news broke out that PureVPN helped the FBI in catching a cyberstalker named Ryan Lin, many customers including the VPN community questioned their so-called no logs policy at the time.
From the FBI’s official reporting on the criminal investigation, it was made clear that PureVPN actually provided two originating IP addresses of the alleged stalker.
Through the provided IPs, the FBI was able to piece in the information and identify the Gmail address used by Lin to carry out some of the threats. All this wouldn’t, of course, be possible if PureVPN actually didn’t store any logs.
IPVanish, Child Abuse & US Department of Homeland Security
Back in 2016, the US Department of Homeland Security approached IPVanish in order to gain information about a suspect involved in and child abuse and pornography.
The criminal affidavit issued by DHS demanded IPVanish to provide date and time records associated with the suspected user’s IP address (188.8.131.52).
At first, the parent company of IPVanish – Highwinds Network Group responded to DHS’s request by simply stating they “do not log any usage information.”
However, when the DHS issued a second request to IPVanish demanding information about the suspect, IPVanish handed over the following information:
Not only that, but IPVanish also handed over the suspect’s source IP address and the date times when the suspect connected and disconnected from IPVanish’s servers.
With so much information on hand, the DHS then issued a federal search warrant for Vincent Gevirtz and his residence in Muncie, Indiana.
Again, all this wouldn’t be possible if IPVanish lived up to their claims of no logs policy.
What actual No logs policy looks
What Actual No Logs Policies Look Like
As I said earlier, guaranteeing zero logs is actually impossible and I’ve already told you why. Even reputable VPNs store some basic information to ensure the quality of service.
So now you might be wondering, what actually is a no-log VPN? Well to make it easy for you, any VPN service that does not collect usage and connection logs is safe to use.
Now that we’ve gotten that out of the way, let’s look at some VPN providers that actually won’t hand over your personal information to the authorities.
Not only that, but they also don’t collect connection logs like IP addresses, outgoing IP addresses, connection timestamps and session durations.
This is what a true no-log policy looks like…
But how can you tell whether ExpressVPN is actually true to their claims?
Well, let me tell you a true story. Soon after the assassination of the Russian Ambassador, Andrei Karlov back in December of 2017, Turkish investigators seized ExpressVPN’s servers linked to the assassination.
However, since ExpressVPN didn’t log usage or activity logs in the first place, the Turkish authorities weren’t able to find any data to support their investigation.
Soon after the seizure, ExpressVPN issued an official statement clarifying that no customer data was compromised during the incident.
The reason why ExpressVPN can operate without storing any logs whatsoever is that they’re headquartered in the British Virgin Islands (BVI), and uses TrustedServer technology.
Since BVI has no mandatory data retention laws and trusted servers only run on RAM-disk mode, any stored information on ExpressVPN servers gets wiped out every time they’re powered off and on again.
Perfect Privacy is another VPN service that has actually proven to be a legitimate no logs VPN service. This VPN provider showed up in 2008 and has since then guaranteed zero data logging.
Perfect Privacy explicitly mentions that they don’t store any sort of logs other than just basic information such as login credentials, email addresses, and account expiration dates.
They also boast about the fact that they can’t be forced to give up user information simply because they’re based in Switzerland.
Similar to ExpressVPN, Perfect Privacy also uses strongly encrypted RAM disks to insure everything is wiped out the moment their servers restart.
But these claims are no marketing stunts. In fact, much like ExpressVPN, their Perfect Privacy has also been tested in real-world scenarios.
If you don’t know what I’m talking about, back in August of 2016, one of the Perfect Privacy’s servers got seized in the Netherlands because of some undisclosed reason. However, Perfect Privacy claimed that no customer data was compromised.
According to their official response, “Since we are not logging any data there is currently no reason to believe that any user data was compromised.”
Last but not least, we’ll look at NordVPN. This is another behemoth in the VPN industry that’s known to offer a legitimate no logs policy.
Not only that, but much like ExpressVPN, NordVPN also doesn’t store connection time stamps, session information, used bandwidth, traffic logs, IP addresses or other data.
Lastly, the fact that NordVPN is headquartered in Panama means the company doesn’t have to comply with any mandatory data retention laws.
To further strengthen the legitimacy of their no logs policy, NordVPN even conducted a third-party audit by PricewaterhouseCoopers back in 2018. The official audit report confirms that NordVPN is an actual “no-log service” that doesn’t collect any usage or connection logs whatsoever.
You can find the complete audit report in the member’s section of NordVPN’s website.
Some VPNs to Avoid
As I said earlier, no logs policy is widely misused in the VPN industry. Despite logging extensively, there are tons of VPN providers in the industry that falsely advertise no logs.
Here are a few VPN providers that are infamous for storing user logs:
|HideMyAss||Browsec VPN||Bitdefender VPN||AppVPN|
|Sabre VPN||Betternet||Astrill||Thunder VPN|
|HotSpot Shield||TouchVPN||Buffered||VPN 360|
|Safe Connect VPN||Kaspersky VPN||VPN Unlimited||VPN Gate|
|Hotspot VPN||HexaTech||Avast Secureline||TurboVPN|
|AVG VPN||VPN In Touch||Encrypt Me||ZenMate|
|Seed 4 Me||X-VPN||F-Secure Freedome||DotVPN|
|Hoxx VPN||Hide My IP||Speedify||Opera VPN|
How Long Do VPN Logs Usually Last?
When it comes to VPN logs, there’s no predefined criterion that VPN providers follow. I say this because while some providers keep logs for 24 hours, other providers may choose to store logs for as long as six months or even a year. After the designated period ends, VPN providers typically purge all stored data.
Are VPNs Illegal?
No! VPNs are not illegal to use. However, some countries actually ban the use of VPNs because of all sorts of reasons. For instance other than China and few Middle Eastern countries like Iran, VPNs are legal to use all over the world.
As long you’re committing anything illegal with the help of a VPN, you should have reason to worry about anything.
Can Police Track VPN?
Ideally speaking, No! However, if your VPN provider keeps logs of your online activities, then law enforcement agencies can easily track your whereabouts. This is why it always pays off to use reliable VPNs that actually guarantee a no-logs policy.
When it comes to VPN logs, there’s no proper definition of what exactly is a “no logs policy”. Some providers might not store usage logs but might still store connection logs.
It’s all very confusing, but with a little bit of transparency at the service provider’s end and a bit of research from you, shortlisting which VPN to trust can be quite easy.
If you’re in search of a trustworthy VPN, it always a good idea to read through privacy policies and see if your provider’s claims are actually true. And if you want to learn about cybersecurity, definitely check out this cybersecurity guide.