The terms “5 Eyes“, “9 Eyes“, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs.
In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance data. In other words, they are essentially acting as one global-surveillance entity to spy on you and record your activities.
In this guide we’ll explain the different “X” eyes surveillance alliances and why this topic is important when choosing a VPN service.
Five Eyes
The Five Eyes (FVEY) surveillance alliance includes:
- Australia
- Canada
- New Zealand
- United Kingdom
- United States
The history of this alliance goes all the way back to WWII and the UKUSA Agreement. This agreement officially formalized a partnership between the United Kingdom and United States for sharing intelligence. The partnership continued throughout the Cold War and has only strengthened following the “War on Terror” and subsequent “terrorist” events.
Edward Snowden brought renewed focus to the Five Eyes surveillance alliance in 2013 when he exposed the surveillance activities of the US government and its allies.
According to Wikipedia, these are the different “5 Eyes” surveillance agencies working together to collect and record your activities:
It is no surprise that some of the Five Eyes countries listed above are also the worst abusers of online privacy:
- United Kingdom – Since the passage of the Investigatory Powers Act in 2016, internet service providers and telecoms have been recording browsing history, connection times, and text messages. The data is stored for two years and is available to UK government agencies and their partners without any warrant necessary.
- United States – The US government has been implementing Orwellian mass surveillance collection methods with the help of large telecoms and internet service providers (see the PRISM program). Recently internet service providers have been given the legal authority to record user activity and sell this to third parties (and you can’t opt out).
- Australia – Australia has also implemented sweeping data retention laws similar to the United Kingdom. (See the best VPN for Australia guide.)
+ Israel – Israel must be included when discussing the Five Eyes surveillance partners. As many sources point out, it is one of the closest partners with the US government and National Surveillance Agency (NSA). Here are a few examples documenting this:
- Wikipedia claims Israel is an official “observer” to the Five Eyes alliance
- Source – NSA shares raw surveillance data directly with Israel; very close cooperation between US/Israeli surveillance agencies
- Source – “Shady Companies with Ties to Israel Wiretap the USA for the NSA”
- Source – Israeli authorities yield wider surveillance powers than US authorities
+ Singapore, South Korea, and Japan – Singapore and South Korea are also reported to be close partners in the Five Eyes alliance. Japan also appears to be a close surveillance partner with the United States (source; source; source).
+ British Overseas Territories – It should be noted that the different British Overseas Territories also fall under varying degrees of UK influence. While many of these territories exercise some independence, they are still legally connected to the United Kingdom.
Broad authority – The other drawback with these Five Eyes countries is that they have tremendous authority to force companies to hand over data. This is particularly easy for US authorities, where they can also demand non-disclosure through gag orders.
Nine Eyes
The Nine Eyes countries include all of the previous Five Eyes countries plus:
- Denmark
- France
- Netherlands
- Norway
The existence of the Nine Eyes alliance is referenced in Wikipedia and other sources online. It is just an extension of the Five Eyes alliance with similar cooperation to collect and share mass surveillance data.
14 Eyes
The 14 Eyes surveillance countries include all of the previous Nine Eyes countries plus:
- Germany
- Belgium
- Italy
- Sweden
- Spain
As before, the original surveillance agreement was extended to these other countries. The official name of this group of countries is referred to as SIGINT Seniors Europe (SSEUR).
VPN services located in 14 Eyes countries and territories
Note: this list includes VPNs that are located in:
- Five Eyes (United States, United Kingdom, Australia, Canada, and New Zealand)
- Nine Eyes (Five Eyes + Denmark, France, Netherlands, and Norway)
- Fourteen Eyes (Nine Eyes + Germany, Belgium, Italy, Sweden, and Spain)
- Additional partners (Israel, Singapore, South Korea, Japan, and all British Overseas Territories)
AceVPN (USA)
ActiVPN (France)
AirVPN (Italy)
AnonVPN (USA)
Anonymizer (USA)
Avira Phantom VPN (Germany)
AzireVPN (Sweden)
BeeVPN (Denmark)
Betternet (Betternet review) (Canada)
Blockless (Canada)
BTGuard (USA)
Celo (Australia)
ChillGlobal (Germany)
Cloak (USA)
CrypticVPN (USA)
CryptoHippie (USA)
DefenceVPN (Barbados)
Disconnect.me (USA)
ExpressVPN (ExpressVPN review) (British Virgin Islands)
FlowVPN (UK)
FlyVPN (USA)
FoxyProxy (USA)
FrootVPN (Sweden)
FrostVPN (USA)
GetFlix (Canada)
GhostPath (USA)
GooseVPN (Netherlands)
GoTrusted (USA)
GoVPN (Germany)
Hide My IP (USA)
HideIPVPN (USA)
HideMyAss (UK)
Hotspot Shield (USA)
IncognitoVPN (USA)
Integrity.st (Sweden)
Internetz.me (Germany)
IntroVPN (USA)
IPinator (USA)
IPredator (Sweden)
IPVanish (IPVanish review) (USA)
IVPN (Gibraltar)
LibertyShield (UK)
LibertyVPN (USA)
LiquidVPN (USA)
Mullvad (Sweden)
My Expat Network (UK)
MyIP.io (USA)
MyVPN.Pro (USA)
Netshade (USA)
Newshosting (USA)
NolimitVPN (Singapore)
Norton WiFi Privacy (USA)
OctaneVPN (USA)
Opera [Proxy] Browser* (Norway) [Note: Opera is not actually a VPN, but instead a proxy.]
OverPlay (UK)
OVPN.com( Sweden)
Private Internet Access (Private Internet Access review) (USA)
PrivatePackets.io (British Indian Ocean)
PrivateTunnel (USA)
PrivateVPN (Sweden)
ProXPN (Netherlands)
PRQ (Sweden)
RA4W VPN (USA)
RogueVPN (Canada)
RootVPN (Netherlands)
SaferVPN (Israel)
ShadeYou (Netherlands)
SlickVPN (USA)
Speedify (USA)
Spotflux (USA)
Steganos (Germany)
StrongVPN (USA)
SunVPN (USA)
SuperVPN (USA)
SurfEasy (Canada)
TGVPN (UK)
Torguard (USA)
TorVPN (UK)
TotalVPN (UK)
Traceless.me (Germany)
TunnelBear (TunnelBear review) (Canada)
Tunnelr (USA)
TVWhenAway (UK)
Unblock-Us (Barbados)
Unlocator (Denmark)
UnoTelly (Canada)
Unseen Online (USA)
Unspyable (USA)
VikingVPN (USA)
VPN Gate (Japan)
VPN Land (Canada)
VPN Master (USA)
VPN Unlimited (VPN Unlimited review) (USA)
VPN.sh (UK)
VPN4All (Netherlands)
VPNAUS (Australia)
VPNJack (USA)
VPNMe (USA)
VPNSecure (Australia)
VPNShazam (Israel)
VPNUK (UK)
WASEL Pro (Netherlands)
WifiMask (Netherlands)
Windscribe (Windscribe review) (Canada)
WiTopia (USA)
WorldVPN (UK)
Zenmate (Germany)
ZoogVPN (UK)
Credit: This list was compiled with data provided by ThatOnePrivacyGuy and his VPN Comparison Chart.
Does it even matter?
In the end, it’s difficult to determine exactly how much influence a VPN’s jurisdiction has on your privacy and data.
This is especially true when you consider that these surveillance entities operate globally and have the capability to monitor communications around the world. Therefore an “offshore” VPN may not be the silver bullet that some people claim.
Example: US authorities compelled a Hong Kong “no logs” VPN service (PureVPN) to log user data and hand over this information to arrest and prosecute the VPN user (see article). All of this took place with an “offshore” VPN that has a “zero log policy” and promises to make its customers “invisible” to third parties.
This shows that “no logs” marketing claims do not always align with reality. And furthermore, choosing an offshore provider may in fact be worse than choosing a US-based VPN service with good data protection policies and practices.
Ultimately, jurisdiction is just one of many factors to consider when looking for the best VPN service for your specific needs.
If you want additional protection, you may want to consider using a multi-hop VPN chain. Similar to the Tor network, this setup routes your traffic across different VPN server “hops” before exiting onto the internet. Multi-hop VPNs give you a higher level of privacy and online anonymity.
VPN providers offering multi-hop VPN chains include:
- Perfect Privacy (based in Switzerland) – Create self-configurable VPN chains with up to four servers; or use their new NeuroRouting feature, which is a dynamic multi-hop setup that can be used on any device.
- VPN.ac (based in Romania) – Currently offering 18 different double-hop configurations, along with very advanced encryption.
- NordVPN.com (based in Panama) – Currently offering 16 different double-hop configurations, along with an ad-blocker. (See also 77% discount price.)
- ZorroVPN (based in Belize) – Create self-configurable VPN chains with up to four servers (but they do not offer any apps, so you will need to use third-party software).
Stay safe!
It seems that you guys now what you are talking about. I would like to hear a opinion on Mullvad besides that there are part of the fourteen eyes. Looking for a Perfect Privacy alternative
Why ProtonVPN is not on the list? It’s based in a Switzerland and has a cascading VPN option (called Secure Core).
Hi Piotr, yes, ProtonVPN does offer double-hop connections, which they call “secure core” – but this is no different from any other double-hop provider. Unfortunately, ProtonVPN did very poorly in the review and is not recommended for reasons explained here.
Hello Sven,
This sounds so intriguing “you can definitely setup a VPN router to work at all times. And then, for an even higher level of protection, you can connect to the router with your computer, and then connect to another VPN server through your computer, thereby using two different VPNs at the same time. I’m actually testing this out right now with different routers.” If you can get it to work, I hope you will do a how-to guide for it. Since I am using Windows XP I do not know how practical it would be, but maybe I can figure something out.
Chau
Hi Chau, it works fine and is pretty easy to do. The main thing to keep in mind is using nearby servers to minimize latency.
It doesn’t matter!
Or I’d say US provides are safer from the US intels as they are at least protected by US laws!
The US intels don’t care foreign jurisdictions. They don’t have any law to obey outside US and so can operate more freely there.
I remember, after Snowden revelations, many self-proclaimed privacy specialists like “The One Privacy Guy” said Hong Kong was an ideal place for VPN providers to be based in as Snowden chose there. To me, it was obvious that he chose there because of “the enemy of my enemy is my friend” mentality as Hong Kong is a part of China, which is an enemy of the US. So, I called “The One Privacy Guy”‘ a phony because he rated Hong Kong based BlackVPN very highly for that.In fact, long before that, the owner of BlackVPN had admitted they had kept connection logs and called all no log VPNs lairs at Reddit many times. Nevertheless, “The One Privacy Guy”‘ labeled BlackVPN as “No log VPN” and rated it highly. And, later,it revealed that he was a user (and possibly fanboy) of BlackVPN! Back then, many people called me stupid, but now we know who was right about Hong Kong!(You know PureVPN, right?)
Also, I remember, long before then, the exactly same type of FUD or propaganda against US based VPN providers,like “Stay away from US providers and use offshore one!”, was used by FindNot and XeroBank, both of which were Panama based VPN providers and one day suddenly ceased the operations and disappeared. Poor, none of their users caught the con artists. I mean, how could they?—even though the FBI couldn’t touch them because they were an offshore company(What an irony)!
So, don’t say “US VPN providers are bad and offshore ones are better!”.
Also, remember rolling out VPNs is relatively easy and many of VPN providers could be shell companies or one person operations or run by online buddies who have actually never met each other.
So, you’d better not trust VPN providers based in ambiguous offshore countries.(Don’t you remember “Panama papers”?)
Good points Lisie, but it’s a tough call either way. I’d still opt for a provider outside of the US, but jurisdiction is just one of many factors to consider.
Regarding “That One Privacy Guy”, I too am skeptical of many of his claims. See this thread where he is called out for lying by AirVPN staff, but then doubles down on his accusations. He also refuses to update his reviews even if they contain inaccurate information, which is what this thread suggests.
But back to jurisdiction, of course the NSA is a global adversary. But we already know that every large tech company in the US has been forced to cooperate on the surveillance agenda. This has been known for many years now – way before the “Snowden revelations”. A VPN in Switzerland would have a lot more independence and ability to resist NSA influence vs. a VPN in California. Remember Lavabit email?
Sven, I want to thank you for such a fantastic, well-written, and thorough article on a subject I have been researching for a while now. I have used PIA and others. I am constantly amazed by the amount of “Weasel words” used in their “no logs” policies. FWIW, I don’t do anything illegal online, I don’t even want VPN for torrents and stuff like that, I simple want ABSOLUTE Anonymity. Of course I know there is NO way to get that, as IF what someone is doing is high enough priority, all nations and companies will (and perhaps should) give up a user, for example someone planning to kill a few thousand people. The problem I have, and my main motivation for wanting the best VPN I can find, is the fact that western governments DO NOT go after crime, they don’t care about stuff that hurts PEOPLE, only stuff that hurts THE GOVT! This hypocrisy drives me insane, people buy illegal stuff online all the time and they do nothing, meanwhile they go after people expressing simple freedom of speech which is against the flow of the current government or politically correct agendae which are currently fashionable!
I use the internet to research issues of free speech and government corruption. I am therefore very concerned about spying etc. I simply want the most secure VPN service available, while I understand the fact that IF I was wanted badly enough, they could find me. I just don’t want people getting to me without a court order (as I don’t break any laws!)
Before reading your excellent article, I was wondering about NordVPN. I have PIA currently but feel like a change, not really sure why. Nord says two things which encouraged me, and I wonder if you could comment on these two points….
1. Based in Panama – outside the 14 eyes, safer?
2. They have DoubleVPN – I don’t really want to go near Tor network as I am sure that’s the best way to get spied on, but will it help in this case as my entrance is via a Panamanian based VPN?
Also, is it easy to set up a router as you suggested in one of your articles? Can you set a router up to use VPN all the time, and then connect to VPN on machine as well as and when needed?
Sorry, also !!….. do you know how the speeds compare between VPN providers as I like speed!
Thanks
Hi Ed, good points. The hypocrisy throughout the Western world is getting to be ridiculous. They can lock someone up for 10 years for downloading a song in the UK, but they will turn a blind eye to heinous crimes that happen every day. Corruption at the highest levels everywhere you look.
Regarding NordVPN, it definitely has pros and cons – check out the review here. Yes, you can definitely setup a VPN router to work at all times. And then, for an even higher level of protection, you can connect to the router with your computer, and then connect to another VPN server through your computer, thereby using two different VPNs at the same time. I’m actually testing this out right now with different routers. I’m using VPN.ac on the router and Perfect Privacy on my laptop.
Speeds can vary, but NordVPN did not have the best speeds when I ran the results. However, there are so many variables when it comes to speed, it’s tough to make definitive statements.
EEEEEEEEEEEEEEEEEEEEEXACTLY!
“heinous crimes that happen every day” – I more than get your drift, I know exactly what you’re talking about and it’s disgusting that it’s ignored for fear of being called a name, but meanwhile calling someone a name or saying something which might hurt someone’s feelings can land you in handcuffs and worse. It’s a joke.
I don’t think the VPN router option is viable for me, I really don’t know much about routers and settings etc, and would be more likely to make a mistake than I would with software i think. I will definitely keep it in mind for the future though.
For now, PP is the way I am going. I have another question though….
Tails and Tor Browser – It is my thinking that sometimes having a very odd or unusual set up attracts more attention than mixing with the crowd a bit more. For example using a Tor browser via VPN, would that not create a more unique browser fingerprint, by resisting giving any fingerprint?! My current thinking is using a version of Firefox which has some secure options set up, might be a bit less noticeable.
Tails – I was thinking of installing this OS and using all my VPN stuff through that OS. But for reasons given above, I wonder now if that’s more likely to flag something, than just using windows or mac, with good quality VPN.
Any thoughts?
Thanks again, I will be buying through your aff links to say thanks for the useful content.
Hi Ed, thanks! I think using the Tor browser with a good VPN service is one of the best options for more privacy. You blend in with all the other people using the Tor browser, so that’s a big benefit. With Perfect Privacy, you will also blend in with all the other people using the same IP address (they only use shared IP addresses) – another benefit for privacy. The Tor browser is just a hardened version of Firefox that includes many settings/tweaks that protect you from browser fingerprinting and other vulnerabilities. Firefox is also good, but it will need some basic modifications, such as disabling WebRTC.
Hi Sven, thank for you reviews.
I have a question for you…because I could’t find this info..
All VPN providers have their main location (USA, UK, Japan, …) so we can decide how “safe” can be each provider for our privacy…
But what about their servers located in different parts of the world? Can they be influenced by local juridsiction?
I.e, I choose a VPN provider located out of 14 eyes counties, but I connect to one server in US (or UK…).
Is this server under US juridsiction or no? What that VPN provider can be forced to do, considering that that server is in US ?
thanks
Hi Fiore, so the operating jurisdiction will determine what laws the VPN company (business) must comply with. In other words, a Romanian VPN service will not need to comply with an American DMCA (copyright infringement) request. However, a server park (datacenter) would fall under the jurisdiction where it is located. So the answer to your question is yes – servers (datacenter) fall under the jurisdiction where they are physically located. So the VPN provider can’t be forced to do anything, but the police may seize servers in their jurisdiction if they are going after someone. This was the case last year when Dutch authorities seized two Perfect Privacy servers in Rotterdam (no customers were affected due to no logs being saved and the servers being operated in RAM disk mode). Servers could also be monitored externally by authorities, which I would assume is easily within the powers of the NSA or GCHQ – but who knows exactly.
This is where advanced privacy features come into play – such as multi-hop VPN chains and also NeuroRouting.
Hello,
Be careful with swizerland and Perfect Privacy ,they cooperate with Five eyes.
“Tier B countries with which the Five Eyes have “focused cooperation” on computer network exploitation, including Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungry, Iceland, Italy, Japan, Luxembourg, Netherland, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland and Turkey;”
See these articles : https://www.privacyinternational.org/node/51 and https://en.wikipedia.org/wiki/Five_Eyes
Hello. The two Switzerland-based VPNs on recommended on this site are Perfect Privacy and VyprVPN. I would just point out that the reference to “Tier B countries” does not appear to be sourced from anything on either the Wikipedia page or the Privacy International article. I can’t find the original source or any other sources for this statement.
Additionally, it is only suggesting “cooperation” with “computer network exploitation” – but not data collection and sharing. Big difference. If you find any good sources on this “focused cooperation” of “Tier B countries” feel free to drop the links in the comments. Thanks.
Hey! Japan must be added too! Because Japan is a large surveillance country. And Japan is a strong ally with the United States. Trump has held Abe’s birthday party! He also handed the gift directly to Abe.
Hello, indeed, you are correct. I have added it to the list along with some different sources documenting close cooperation between Japan and the NSA. Thanks for the feedback!
Wow! Thank you for listening and correcting me.
Hello Sven, thank you for this overview as I think ppl seem not to care so much about the 5/9/14 eyes when it comes to VPN (my experience so far). I was thinking of getting a VPN (perfect privacy seems to be good choice) and was wondering if it makes sense at all to pay for the VPN service anonymously (like, via Bitcoin etc.)? Wouldnt a good VPN NOT log or store any payment information anyway? As in, you buy an account, but the VPN only sees that it’s paid but no further details. And IF you manage to buy it anonymously somehow, you still connect to the VPN with your REAL IP address, thus the VPN provider can see where you’re located via your IP and ofc it’s linked to a certain account. So what do you think? Buy VPN anonymously or not and trust the VPN?
Hi Jaxxx, good questions – but it’s hard to give definitive answers because some people seek more anonymity than others. Ultimately it depends on your threat level. Keep in mind, a VPN does need to do basic accounting if they are accepting payment in return for subscriptions. You mentioned Perfect Privacy – with that service you can pay via Bitcoin or even send cash in the mail to their accountant in Latvia. You can also use a throwaway email when signing up to acquire your password, and then use different throwaway emails if you need to contact support. Some VPNs don’t allow anonymous payment, others do.
For more anonymity, you can also stack VPNs. In other words, use VPN #1 on your router, and then connect to your router and use VPN #2 on your computer. And for more security/privacy, you can also use VPNs through virtual machines.
Sven, then should you ever filter privatevpn and Mullvadvpn in Sweden? mullvad and privatevpn do not keep logs at all.
Hi Jack, I haven’t tested either of those providers, but things aren’t looking good for the future of online privacy in Sweden – see this article.
Regarding “no logs” – you may be interested in this article.
woooowwwwwwww!
It is too bad. I think the answer is to avoid all 14 eyes.