When you use a VPN, you expect it to keep your privacy intact, right?
Well, some of you might only use it to unblock geo-restricted Web content, but let’s face it - privacy plays an important part in that case too. It makes sure your ISP doesn’t see what you’re watching online, so they can’t throttle your bandwidth - or, worse, report you to the authorities for bypassing firewalls.
In both situations, using a VPN that knows how to respect your privacy is mandatory. So, how do you know that a VPN fits the bill?
Pretty simple - it shouldn’t store usage logs and connection logs, which are basically information about your online browsing.
What Are VPN Usage Logs?
Usage logs store sensitive data about a VPN user’s browsing habits. Usually, they can contain information like:
- Your Web browsing history;
- What Web applications and software you used;
- Your IP address;
- Various metadata;
- What files you uploaded and/or downloaded.
Quite a lot of data, right? Kind of makes using a VPN to secure your online experience pointless.
True, you can argue that usage logs aren’t that bad if the provider is trustworthy and has a good track record of respecting users’ privacy. But things can (and likely will) go wrong.
For example, hackers could breach your VPN’s data center, potentially getting access to your data. Or maybe an upset employee goes rogue and intentionally leaks the data found in the usage logs. Or, you know, the authorities could simply force VPN providers to hand over the usage logs.
What Are VPN Connection Logs?
Unlike usage logs, connection logs don’t store any directly identifiable information. Normally, they contain info such as:
- When you connect to the server;
- How long you use a specific server;
- How often you connect to a server;
- Your inbound IP address (when you connect to the server);
- Your new outbound IP address (when you connect to the web through the server);
- How much data you use per connection.
Normally, a lot of VPN providers will store connection logs because they need that kind of information to troubleshoot and optimize their services.
Why Do Some Providers Keep Connection and Usage Logs?
We already mentioned the troubleshoot/optimize services bit, but VPN providers might also store logs to:
Comply with the Law
If the VPN provider has its HQ in a country that has no problem trampling online privacy rights, they’ll have to comply with the country’s laws - no matter how extreme they are.
For instance, if the VPN you’re using is based in the US, they likely keep logs which they share with surveillance agencies like the NSA. Even if the provider were to refuse to share data, the NSA could just break into the data centers they use. They already did that with Google and Yahoo, so a VPN provider needs to take serious precautions.
Other examples of countries with severe data retention laws include Australia, the UK, Russia, Ireland, France, and Germany. And interestingly enough, many of these countries form the 5/9/14 Eyes Alliance.
Sell User Data to Advertisers
Some providers might use the data they gather with usage logs and connection logs to make a profit by selling it to advertisers. In turn, said advertisers use the data to create personalized profiles so that they can track you with ads on the Web.
Hotspot Shield was at the center of such a scandal back in 2017. And if you check the privacy policies of many free VPNs, you’ll normally see they mention that they share user data with third parties (usually, that means advertisers).
Enforce Bandwidth Caps
Free VPNs often use this to make sure users don’t go over the data limit that’s assigned to them. Paid VPNs might also enforce bandwidth caps during free trials or to make sure users comply with their money-back guarantees.
Obviously, in such a situation, connection logs about how much data you use up when running the VPN are a must.
If the provider says they don’t use any bandwidth caps, though, you don’t need to worry about this.
Control How Many Devices You Connect
VPNs normally let you connect a limited number of devices simultaneously - usually five or ten. To make sure people respect that rule, they need to keep some logs. It’s hard to say exactly what info they store, so you’d have to ask your own VPN provider about that.
The only way a provider wouldn’t keep logs, for this reason, is if they allow unlimited simultaneous connections.
Sometimes, It’s the Data Centers Who Keep Logs
A VPN provider might have no intention of keeping logs. However, they might rent VPS (Virtual Private Servers) from data centers. Many providers actually do that because it’s cheaper than getting bare-metal servers and opening new locations all across the world.
But the problem is that some data centers might be located in countries with problematic privacy laws. If that’s the case, the data center could keep logs to comply with the law (or for many other reasons) without telling the provider.
A good example of that is what happened to an EarthVPN user - he thought he was using a no-log VPN, so he did what any other reasonable person would do: make bomb threats.
Okay, so not “reasonable” but “extremely unreasonable and downright crazy.”
But that’s not the focus. What matters is that despite using a VPN with a no-log policy, the police still had no problem forcing the data center in the Netherlands (whose server the guy was using) to hand over logs with relevant info. Apparently, said data center was keeping IP transfer logs as a way to protect servers against DDoS attacks, and EarthVPN was not aware of that.
Sadly, the link to the original story doesn’t seem to work anymore, but you can still read about it here.
Are VPN Connection Logs the Lesser Evil?
At first glance, connection logs seem much safer and less intrusive than usage logs.
But if you’re looking to enjoy complete privacy, they’re still not good enough. If a connection log contains your IP address, for example, that still means somebody can find out:
- What country you live in;
- What city you live in;
- Who your ISP is;
- And what your ZIP code is.
And IP addresses are the kind of info hackers love to sell on the dark web, or use to break into PCs remotely. In fact, they could just target your ISP with social engineering and phishing attacks.
And here’s another problem with connection logs - many VPN providers are not transparent about them. They act like storing connection logs is not a big deal, so users don’t need to know about them.
The end result? They write eye-catching copy on their homepages about how they keep “zero logs” while their Privacy Policies tell a completely different story.
Here’s just one example - Speedify. If you check the privacy tab on their homepage, you’ll see a claim saying that:
“Speedify does not log IP addresses, web sites, or data that you send or receive while connected to the service …”
Sounds good, but whoops - if you check their Privacy Policy, you get this little paragraph:
What they’re actually referring to in their homepage copy are website IP addresses. So, Speedify doesn’t see what IP addresses you connect to while using their servers. But they still collect your real IP address when you use their service.
Overall, pretty deceiving marketing tactics that just make you lose your trust in the provider. If they’re lying about logs, what else are they hiding from you?
The Ideal Solution - A VPN With No Connection and Usage Logs!
If you want to really make sure your privacy is safe on the web, you need to use a VPN with a no-log policy. There’s really no other solution.
Providers with such policies usually have their HQs in privacy-friendly countries and regions like:
- The British Virgin Islands
- Switzerland
- Panama
- Moldova
- Romania
- Gibraltar
Besides that, no-log VPNs make sure they only work with reliable, trustworthy data centers. So that they don’t have any surprises - like the data center keeping logs behind their backs.
Also, zero-log VPNs go to great lengths to keep no logs even if they are located in sensitive regions like the US or the UK. Generally, that involves getting third party audits to prove they are the real deal.
All in all, such a VPN will make sure your privacy isn’t compromised even if hackers breach their servers, or if the authorities seize their servers.
NordVPN is a good example. Even though one of their servers got breached, the cybercriminal didn’t get away with anything since there were no activity logs on it. In addition, as you can see in our NordVPN review, this provider also goes through regular independent audits.
The same goes for ExpressVPN. Turkish authorities even seized one of their servers but weren’t able to find anything useful on it thanks to their no-logs policy. You can learn more about this case, as well as other technologies that eliminate any unneeded data logging, by reading our hands-on ExpressVPN review.
On the other hand, there’s PureVPN. Back in 2017, they actually shared data logs with the FBI despite claiming they had a “zero logs policy.”
True, the reasons were justified (it was a cyberstalking case), but consider this - what if a provider like that shared user logs about how you downloaded torrents using their VPN service with copyright agencies or lawyers in a country like the US?
The outcome would be pretty grim.
On the bright side, PureVPN recently had a third party (Altius IT) audit their services, proving they now finally keep zero logs.
Finding the Right No-Log VPN Can Be Tough!
With hundreds of providers on the market, that’s not surprising at all. Normally, you’d need to round up the most popular VPN services, and closely scan their Privacy Policies and reviews to make sure they have a real no-BS no-log policy.
Something like that would take you at least a few hours. Anything less would simply result in you picking a provider that claims to keep zero logs while they do the exact opposite.
Don’t worry, though - we’re gonna make things simple for you. So, here’s our in-depth guide to the best no-log VPNs on the market - that protect your privacy to the point of not even logging your real IP address.