The security offered by VPNs has been called into question many times over the years, and that’s not necessarily a bad thing. After all, we shouldn’t blindly believe any company that promises to take care of our data. Actions speak louder than words and all that jazz. This applies to all VPNs, third party servers, or not.
Now, if you’re looking for a short answer to the question in the title, we’d have to say “not really.” Of course, there’s more nuance to the topic, which you can read about below.
Do You Trust Your VPN Provider?
Without being able to audit your VPN provider’s security yourself, you’re reliant on a certain degree of trust.
- By using a VPN, you trust them to stick to the claims made in their terms of service and marketing.
- In turn, VPN providers trust data centers and other third parties to maintain the same security standards as they do.
Let’s elaborate on the first point. When you use a VPN, your data is encrypted – meaning outsiders such as your Internet provider, hackers, or government spy agencies can only see garbled gibberish.
However, you’re now entrusting your VPN provider with the ability to see everything you do online – not unlike your ISP. No-logs VPNs are useful in that sense, as the provider does not store logs of your online activity and connectivity data. At least in theory, as we’ll see in a bit.
No-logs VPN misconception
Just because the VPN does not store your browsing history and the like, that doesn’t mean nobody can monitor it. Say, a rogue employee, or the data center(s) they rent from. After all, your data still needs to pass through the VPN’s servers – which leads us to our next point.
Where Third Party Servers Failed
You’ve probably already heard about how NordVPN was hacked. If not, the gist of it is that a data center they were working with had been breached. Subsequently, NordVPN ended relations with the Finnish data center involved in the debacle.
No user data was exposed, since the hacker only got his hands on some expired TLS keys used for server authentication. At most, this was a breach of trust between NordVPN and their users, as they didn’t reveal the hack had happened for nearly two years after the fact.
One real issue that resulted from the use of a third party server was in the case of the now-defunct EarthVPN. The provider’s website mentioned that they keep no logs. However, the data center they were working with did keep IP transfer logs, which ran against the VPN provider’s claims.
Apparently, these logs were used by the data center for anti-DDoS protection, but police used them to identify an EarthVPN user involved in a bomb threat. While it’s good that the criminal got caught, it still goes to show that VPNs need to research who they work with beforehand.
Does this prove that VPNs which use third party servers are less secure than others? Not exactly, and here’s why.
Top VPNs Still Use Third Party Servers
What happened in the cases above is unfortunate, and online discussions have shown a trend of distrust towards VPNs as a result. However, nobody can deny that top VPN providers offer first-class security without necessarily operating all their own servers.
For example, ExpressVPN servers rely on TrustedServer technology – basically using RAM instead of traditional hard drives. Any existing data on the servers is automatically wiped when they are powered off, providing a great safety net against sudden government seizures and similar scenarios.
And despite their one mishap, NordVPN still manages to be part of the top five. In fact, they’ve done an overhaul of their own systems in response to the hacking incident. Yes, NordVPN now uses RAM-based servers as well.
VPNs That Maintain Their Own Servers
Despite evidence to the contrary, it’s not unusual to feel skeptical towards VPNs that use third party servers. The fact that can’t control every aspect of their security systems might make some users uneasy. Fortunately, there are several VPN providers that run their own servers for this very reason.
For a slightly higher price than the standard subscription, you gain access to the CyberGhost VPN “NoSpy” servers. According to their website, these servers are owned and operated by the provider itself. Otherwise, users can only access their standard offering, which naturally includes third party servers.
It’s worth noting that these servers are located in Romania, where the VPN provider is based. This puts them outside the 5/9/14 Eyes alliances, making them great for privacy. If you mostly use a VPN for unblocking purposes, the usual subscription should be more than enough. Full review here.
The provider’s website claims: “[…] we at IPVanish own and operate our entire network, including the servers.” Considering they boast 1600+ servers worldwide, that’s an impressive feat.
We feel you should know that IPVanish was involved in a data logging incident when they were owned by the Highwinds Network Group. Once again, the user identified through the logging process (a suspected child abuser) deserved to be caught. That doesn’t excuse IPVanish’s logging considering they claimed to be a no-logs VPN, even at the time.
As mentioned in our review, however, IPVanish has since switched owners (J2 Global) and claim they no longer engage in any data logging. It’s up to you to decide how trustworthy those claims are.
While it’s true that VPNs that fully operate their own servers are pretty rare, VyprVPN’s claims that their “approach is unique in the VPN industry” is false. We’ll just chalk it up to an out-of-date landing page. There’s also the fact that it’s pretty difficult to find concrete information about the topic on other providers’ websites.
Nevertheless, it’s impressive that VyprVPN owns and manages over 700+ servers worldwide, considering they don’t rely on any third parties. Read our full VyprVPN review for some detailed specs, as well as which streaming platforms it works with.
As you can see, there are bad apples on both sides of the argument here. VPNs that use third party servers and data centers, which paid the price for not vetting their partners well enough. Then there are no-logs VPNs that operate their own servers, but which went against their no-logs policy at a certain point.
Your best bet is to research any provider you intend to sign up with. Moreover, it’s up to you whether you trust that the VPN operates their own servers. Or whether that’s even worth it when it comes to your data security in the first place.