If you have been using a VPN for a while, or have been reading up on them, you have undoubtedly heard about VPN Logs. Whether a VPN keeps logs, which kind of logs it keeps, and how long it keeps them has become a marketing battleground. A zero log or no log VPN is a VPN service which stores absolutely no logs.
- What is a VPN Log?
- What Types of Logs Can VPNs Keep?
- Why Do VPN Services Keep Logs?
- Why Do Governments Force VPN Services to Keep Logs?
- What is a zero log VPN (Also called No log VPN)?
- VPN Services That Have Proven They Do Not Keep Logs in the Past
As you’ll see, the world of VPN Logs can be confusing. We believe that by the end of this article, you will have the information you need to understand this murky area.
What is a VPN Log?
A VPN Log is a record of things that happen on the VPN. Running a VPN service is complicated, and there are lots of reasons to keep different types of logs.
If your subscription to the service limits the number of devices you can have connected simultaneously (most do), the service needs a log to keep track of that. Likewise, for any VPNs that still impose monthly bandwidth limits on their users.
Merely keeping things running smoothly is much easier if the service keeps some logs.
From your perspective as a VPN user, the question is what kinds of logs does the service keep, and how long does it keep them. So let’s talk about the types of logs and their importance to you, the user.
What Types of Logs Can VPNs Keep?
There are two types of logs that a VPN might keep: Connection Logs and Usage Logs.
A Connection log is a record of how you connect to the VPN Service. It can contain information such as:
- The IP Address of your device
- The IP Addresses of the VPN server you are connected to
- The times when you connected to and disconnected from the VPN Service
- The amount of data you used while connected
If a VPN service keeps connection logs, the shorter the amount of time it keeps them, the better. A connection log that the service deletes as soon as you end your current session is less problematic than one that is kept for a longer time.
While a log of this kind of data isn’t great from a privacy standpoint, it isn’t a disaster either. For that, you need Usage Logs.
Usage Logs are a record of what you do while you are connected to the VPN Service. They can contain information such as:
- Which websites you visited
- What files you downloaded
- What software you used
As you can see, by themselves usage logs are a privacy disaster. Anyone who can get their hands on these can see all the most critical things we use VPNs to hide. Think about situations like these:
- The local censors discover that you visited a website the government has banned
- Your spouse discovers you are downloading books on divorce
- Your insurance company notices that you are visiting websites about a hereditary disease
- A movie studio discovers that you torrented several of their films
Add in connection logs, and someone can use them to get an excellent view of everything you have done online.
When it comes right down to it, you never want to use a VPN that keeps usage logs, no matter how short the time is that it keeps them.
Why Do VPN Services Keep Logs?
If connection logs and usage logs are such threats to the privacy of their users, why do VPN services keep logs? As you might imagine, there are several reasons. These include:
- Keeping Connection Logs to keep the VPN Service running smoothly. It is tough to maintain a functional service without keeping some minimal logs.
- Connection Logs give the service the ability to limit the number of simultaneous connections to the number in your contract.
- Connection Logs allow the service to monitor the bandwidth you use in those cases where you have a daily, weekly, or monthly limit.
- Usage Logs give the service valuable information about your Internet usage that they can sell to advertisers.
- Some countries force VPN Services to keep Connection Logs and/or Usage Logs.
As you can see, there are lots of reasons for services to keep logs. But none of them benefit you, the user, in any way. The government imposed requirements are particularly bad for your privacy. Let’s talk about them a bit more now.
Why Do Governments Force VPN Services to Keep Logs?
VPNs are all about providing privacy and security for your online activities. Many governments hate this. The idea that their citizens might see things the government doesn’t like, or visit sites the government doesn’t approve of, infuriates them. China, for example, has created the Great Firewall. As this Washington Post article explains,
The problem for the Chinese government is that some VPN services are capable of circumventing the Great Firewall. To deal with this, the government could force any VPN services doing business in China to keep usage logs. The government could then punish anyone who used a VPN to get around its censorship.
Other governments are a party to various international treaties or agreements that attempt to control what you can do online. One example of such a treaty is the Berne Convention, an international treaty to protect copyrights.
Over 170 countries are Berne Convention signatories. Among other things, being a signatory requires that countries recognize copyrights held by the citizens of all other parties to the convention. But by using a VPN to stream or torrent copyrighted material, a citizen of a signatory country could violate this agreement. Requiring VPNs to keep usage logs would allow the government to track down those violators.
What is a Zero Logs VPN?
Answering this question is surprisingly hard. That’s because there is no formal, universally-recognized standard for what “no-logs” means. You might think that it means a VPN keeps no connection logs or usage logs, but VPN services don’t use that simple definition. Here are excerpts from the privacy policies of ExpressVPN and NordVPN, two of the top zero log VPN services in the world:
Like ExpressVPN, NordVPN are also audited by PwC. The reports have consistently claimed that NordVPN’s policy description is ‘fair and accurate’, and hasn’t found any reason to think that NordVPN keeps users’ data on file. Likewise, because NordVPN is based outside of the EU and US, they don’t have to legally comply with any requests for data from authorities.
These policies seem pretty straightforward. But since both services limit the number of simultaneous connections they allow, they must have some way to keep track of that, at least temporarily.
Then there are cases like that of IPVanish, a “No-Logs VPN” that reportedly turned over log information during a court case in 2016. The details of precisely what happened and why are obscured by a change of management after this event, but something smells terrible about this.
Am I Invisible if I Use a No-Logs VPN?
While using a No-Logs VPN can protect you from someone trying to spy on your Internet connection directly, this doesn’t mean you are invisible. As the following video explains, if those out to get you are willing to expend the resources, there are many ways your online activities can be discovered.
Using a VPN to help you commit a major crime is foolish.
Past Results Are No Guarantee of Future Results
Another thing to keep in mind is that past results are no guarantee of future results. The fact that a VPN Service didn’t keep logs in the past is a good sign. But it doesn’t guarantee that it isn’t keeping logs now, or won’t start doing so in the future.
The VPN Service could change ownership, оr current management could change its approach, оr new laws could be passed that force the service to start logging.
Even if none of the above comes to pass, a VPN Service could conceivably start logging your activities at any time.
In countries like the United States, government authorities can force a VPN Service to start logging the activities of their users. This is why we always recommend you avoid VPNs based in countries like the US, UK, Australia etc, because even if they want to not keep logs they may be forced to.
Regardless of the beliefs of the folks running the service, if a bunch of guys with guns and badges shows up waving a government order to begin spying on their users, the service will have no choice but to comply. And considering that the government order will probably ban the service from notifying users that they are being spied on; you may never know that the service is spying on you in violation of its own policies.
This is one main reason why we recommend choosing a VPN Service located outside the United States.
VPN Services That Have Proven They Do Not Keep Logs in the Past
Through one means or another, several VPN services have demonstrated their no-logs credentials. Let’s look at some zero log vpn examples:
One way to show that your service doesn’t keep logs is to get your service audited. NordVPN takes this approach. In 2018 it first proved its claims by bringing in PriceWaterhouseCoopers AG to audit its service. While the full results were not published, this post in the NordVPN blog shows that it passed the test.
Private Internet Access
Private Internet Access (PIA) demonstrated how serious it is about its no-logs policy during two court cases. In 2016 during an FBI investigation into a bomb threat, its management claimed in court that they were unable to supply information about the defendant because the service keeps no logs. In a 2018 hacking investigation, Private Internet Access again confirmed in court that it did not have the information the FBI wanted because it keeps no logs.
PIA recently elaborated on its commitment to keeping no logs, even claiming that the Mandatory Data Retention logs imposed by the EU would not apply to PIA, because they were not a telecommunications or internet service provider, but rather a private network – which doesn’t legally need to respond to subpoenas or court orders.
Furthermore, PIA doesn’t even retain metadata logs, which often include data such as when a certain user opened a VPN tunnel and when they exited it, which can be used to pinpoint when a user accessed a certain web service with some degree of accuracy.
Showing up in court and telling the FBI you don’t have what it wants is impressive. But ExpressVPN one-upped PIA. How? By withstanding the Turkish government.
In 2017, the Russian Ambassador to Turkey, Andrei Karlov, was assassinated. There were allegations that a customer of ExpressVPN used the service in attempts to erase evidence related to the crime. Turkish authorities demanded that ExpressVPN provide them with specific information about its customers to aid in the investigation.
ExpressVPN informed the Turkish authorities that it did not keep any customer connection logs, so could not provide the requested info. Unsatisfied with that, the Turks raided the data center containing ExpressVPN’s local server and seized the physical device.
Despite having the server in their possession, the Turkish authorities were unable to find the information they wanted because there were no logs.
If you are concerned about how private and secure a VPN service is, you need to know about VPN Logs. In this article, we gave you a crash course in the subject, from what a VPN Log is, to why VPN Logging policies are important, to a collection of VPN Services that have shown they do not keep logs in the past.
We urge you to look for a zero log (no log) VPN’s for the best privacy and security online. Since the phrase “no-logs” can be used liberally by VPN Services, we suggest you go beyond the marketing hype. You can rely on our reviews to point out both those VPN Services who have a no-logs track record and those that have had issues in the past.
If you want some recommendations on the best current zero log VPNs then we recommend NordVPN, ExpressVPN and PIA. They have all been battle tested with challenges by governments for information which they never gave up. They are also all based in good jurdisctions and have very privacy oriented teams.