Internet privacy worries are at an all-time high, and VPNs are being hailed as the all-in-one answer to keeping internet service providers, governments, hackers, websites, and advertising out of our online lives. Believe the hype; a VPN can protect you from all of those threats and more.
This can be accomplished by encrypting your internet traffic and redirecting it to a distant server before continuing to its destination. Your ISP can only see the fact that data is traveling through its network; it cannot see the content or destination of the traffic. Once your traffic leaves that server, websites and applications are unable to track it back to the VPN server.
But what about the VPN service providers themselves? What prevents them from mining your data, monitoring your online activities, and selling it to other parties or utilizing it for other criminal purposes?
Simply put, nothing. A VPN provider can monitor and record each user’s browsing activity and information. However, all reliable VPNs adhere to a critical policy: no logging.
What is a VPN with no logs?
Logless VPNs do not retain a record of their users’ activities—at least not in any way that might be used to identify them. Regrettably, the word “log” is not totally precise. There are two sorts of logs, and many VPNs claim to have a “no logs” policy but really adhere to just one.
Users should be primarily interested in traffic logs, which are sometimes called “use logs.” They save the content of all your internet traffic—which websites you visit, which emails you send, and which searches you make. A VPN service that retains this data is not doing its function and should be avoided at all costs.
Then there are logs of metadata. Additionally, they are called session logs, connection logs, or diagnostic logs. The metadata records do not include the substance of your internet traffic, but rather describe your VPN use. Occasionally, metadata logs are innocent and only include non-personally identifiable information, such as the amount of bandwidth or data used, the timestamps of when the service was used, and the servers to which you connected.
We are particularly interested in metadata logs that include users’ originating IP addresses. If a VPN logs your source IP address, your activities may very well be tracked back to your device.
If you’re using a VPN to protect your privacy—which you should be—you should avoid services that keep traffic and/or source IP records. This information is often included in the provider’s privacy statement.
If you’re pressed for time, have a look at our concise guide to the most logless VPN below. We’ll discuss it in further detail later.
Best VPN with no logs
We’ve suggested the top logless VPN according to the following criteria:
- There are no traffic logs.
- There are no source IP logs.
- Protection against DNS leaks.
- IP addresses that are shared.
- Accepts payment in Bitcoin.
NordVPN is our top recommendation for a log-free VPN. It follows a genuine no-log policy, which means that no traffic or metadata records are kept. Those who want to avoid leaving a paper trace may pay using Bitcoin. NordVPN is headquartered in Panama, a country that does not have strict data retention rules. Users who want to be particularly careful may connect to privacy-optimized servers that employ Tor over VPN and multiple VPNs. Torrenting is permitted, and NordVPN can unblock a broad variety of geo-restricted streaming services, including Netflix, Hulu, and others. Apps for Windows, MacOS, iOS, and Android are available.
VPNs with a log-keeping history
Due to their lax logging policies, HMA was implicated in the arrest of a Lulzsec hacker. HMA cooperated with a court order requiring them to provide over-information on one of its customers, Cody Kretsinger. Kretsinger was a hacker who utilized HMA to mask his identity during a cyber assault on Sony Pictures. HMA asserts that it never retains the content of customers’ internet traffic. But it does maintain thorough metadata records that include users’ actual IP addresses, which was sufficient to place Kretsinger in prison.
VyprVPN is an excellent VPN with one caveat: it tracks source IP addresses. This has resulted in several customers complaining about getting letters requesting they cease torrenting, despite the fact that they do it exclusively while connected to the VPN.
VPNBook maintains a track of source IP addresses and connection timestamps that are destroyed weekly. However, in early 2013, cyber group Anonymous accused VPNBook of acting as a law enforcement honeypot. According to Anonymous, user records “appeared in court discoveries and indictments of some Anons who face prosecution for their involvement in #Anonymous activities.”
How to determine the trustworthiness of your VPN
Regardless of their privacy rules, utilizing a VPN that purports to be logless demands some level of confidence. There is just no way to predict whether a business will keep its promise or how it will react to a court order. Additionally, VPN providers are subject to internal misuse and external pressure.
However, it is simply not in the best interests of the most reputable VPN providers to maintain records. It exposes businesses to government demands, necessitates time and money for data collection and storage, and may irrevocably harm their reputations, resulting in commercial loss.
While you can never be certain that a VPN will not track your activity, there are a few significant indicators to look for in those that do not. The following is a list of critical policies and services to review before signing up with any VPN company.
What you need to check to determine whether your VPN is safe is as follows:
Policy on torrenting
The torrenting policy of a VPN company is often a reliable predictor of whether the provider retains any identifying records. When a VPN user uses BitTorrent to unlawfully download pirated information, there is a strong probability that someone acting for the copyright owner may notice and act. This may be accomplished via the use of a settlement letter requesting money or through the use of a DMCA takedown request.
Depending on the jurisdiction where the VPN service operates, they may be legally required to transmit these letters and demands to the user. However, if the provider does not keep track of who downloaded what, they will have no way of knowing who to transfer the information to, and the request will fail to complete. However, a VPN that does log may pass such letters or demands to its subscribers or may issue its own cease-and-desist notification.
Country in which the company was formed
Certain nations mandate all internet service providers, including VPNs, to maintain records for a set length of time and make them accessible to legal authorities upon request. This was the situation with HideMyAss, a VPN operator located in the United Kingdom that has become known for its logging procedures, which are required by the British government. The HMA’s records purportedly resulted in the arrest of a UK-based Lulzsec hacker who was allegedly utilizing the company’s services.
This is why many VPNs are located in apparently inconvenient places. ExpressVPN, for example, is established in the British Virgin Islands (which are not part of the United Kingdom), whereas NordVPN is incorporated in Panama.
Although the United States does not have any such data retention rules that relate to VPNs, a healthy dosage of suspicion should be used nevertheless. As Edward Snowden has shown, it is not unusual for US law enforcement and intelligence services to collaborate with technology firms to spy on consumers behind closed doors.
Dedicated physical servers
The VPN we suggest leases or owns actual server hardware. This provides them with complete control over who has access to the information stored on the server. Certain VPN providers save money by using virtual servers, which introduce another undesirable participant into the equation. If a provider controls merely a virtual server, the physical operator might reasonably install a network analysis instrument to record traffic and information.
Thus, for individuals worried about privacy, physical servers are required. However, the question of whether such servers should be owned or leased is debatable. Both positions have their merits. Obviously, having a physical server provides the most control over access. Renting a server may enable hackers to install backdoors prior to the VPN firm leasing it or to steal user data left on the server after the lease expires. However, if a data center’s policy on traffic recording changes unexpectedly, it’s far simpler to terminate the lease for a server in that data center and move to another.
IP addresses that are shared
Shared IP addresses have been the de facto standard for the majority of commercial VPN services in recent years. A shared IP address works as follows: when you join a VPN, your public IP address is changed to the VPN server’s public IP address. There might be dozens or even hundreds of other VPN users connecting to that server, all with the same IP address. This almost eliminates the possibility of tracing any of those users’ behavior back to a single individual, unless the VPN maintains records.
Additionally, VPNs often employ dynamic IP addresses, which implies that these shared IP addresses change on a periodic basis. Shared IP addresses benefit both users and VPN providers since they promote anonymity while also being less expensive to maintain for the VPN provider.
Only a few VPN providers provide dedicated IP addresses. This is often static or unchangeable, and may be allocated to a single user. This is advantageous in a few circumstances, such as setting up a peer-to-peer gaming network or frequently entering into a banking website that needs a unique IP address. However, for most users, shared, dynamic IP addresses are the best option.
Protection against DNS leaks
When you visit a website, your browser initiates a DNS request that converts the domain name (“www.privacyexplore.com”) to a numerical IP address. Occasionally, these queries are sent outside the VPN tunnel to your ISP’s DNS servers. This implies that even when the VPN is active, your DNS queries might still expose the websites you are accessing to your ISP.
This is why the VPN, we suggest, has applications that include built-in DNS leak prevention. They guarantee that DNS queries are sent via VPN and not to your ISP’s DNS servers.
This, however, does not always work. Windows 10 machines, in particular, have a problem with IPv6 DNS queries being delivered via an unencrypted ISP network, even when linked to VPNs that promise to guard against DNS leaks. We suggest deactivating IPv6 in your network settings to remedy this.
FAQs for VPN logging
How can I determine whether or not my VPN keeps logs?
You may learn more about your VPN’s logging policies by reading its privacy statement. It should declare expressly that no records of your online actions, IP addresses, or the IP addresses of the servers to which you connect are kept.
Which logs should I be concerned about?
The most worrying logs are those of your online activity—web history, search queries, and purchases, for example. This may be used to eavesdrop on you directly, and any VPN that logs this information should be avoided at all costs.
Identifying metadata logs is the second priority. This includes identifying information and information that may be used to confirm your internet actions. This category includes your IP address, the IP addresses of servers to which you connect, and connection timestamps.
Finally, diagnostic logs are available. This is mostly irrelevant since it cannot be used to trace your location or activities. The dates (not the hours) on which you connected, the last place to which you connected, and the quantity of data sent are not considered private by the great majority of users.