|Verified No Logs VPNs|
|#1||ExpressVPN with [49% Discount]|
|#2||NordVPN with [70% Discount]|
This guide examines all “no logs” VPN services that have actually been verified and proven true.
What is the best no logs VPN service and which of them are actually trustworthy and proven?
This is a tough question. First, there are dozens of VPNs claiming to be “no logs” without any proof or verification whatsoever. In other words, you just have to take their word at face value.
Second, there have been a few “no logs” VPNs that have collected user data and provided the information to government agencies. Here are three examples:
- PureVPN was caught logging customer data for the FBI.
- IPVanish also collected logs on one of their users and provided the data to the FBI.
- HideMyAss provided logs to US authorities for a hacking case.
There are surely other cases of this happening that have not come to light. We only know about the cases above from court documents that were released to the public detailing how the VPN gave up logs.
So how can you find a true no-logs VPN that is actually worthy of your trust?
Fortunately, there have been a handful of VPN services over the years that have had their ‘no logs’ policies tested under various circumstances. We will examine these different providers below and the exact circumstances under which their ‘no logs’ policies were verified.
Here are the best no logs VPN services:
1. ExpressVPN: Third-party audit & real-world verification
|Based in||British Virgin Islands|
|Logs||No logs (audited)|
|Support||24/7 Live chat|
Overview: ExpressVPN is based in the British Virgin Islands and it’s currently the top recommendation in our comparison of the best VPNs. It offers user-friendly VPN apps with excellent performance, strong security, and great features. If you want to use your VPN for streaming, ExpressVPN has you covered. It is one of the few VPNs that work with Netflix, BBC iPlayer, Disney+, and many other streaming services.
In terms of speeds and security, ExpressVPN leads the pack. I can routinely get around 150 Mbps on nearby servers (with a 160 Mbps connection). It encrypts all traffic with an AES-256 cipher and an RSA-4096 key with Perfect Forward Secrecy. Check out the ExpressVPN review for a detailed analysis and all test results.
Now let’s examine how ExpressVPN’s no-logs policies have been tested and verified.
ExpressVPN implements TrustedServer (RAM-disk servers)
Last year ExpressVPN upgraded its entire server network to run in RAM-disk mode. They refer to this as the TrustedServer feature. This update ensures nothing can be stored on any VPN server as it does away with traditional hard drives. As they explained, this is a major improvement from a privacy and security standpoint:
With our industry-first TrustedServer technology, our VPN servers run only on volatile memory (RAM), not on hard drives. Since RAM requires power to store data, this guarantees that all information on a server is wiped every time it is powered off and on again.
In contrast, the traditional and most common way of running servers relies very much on hard drives, which retain all data until they are erased and written over, a painstaking and error-prone process. This increases the risk that servers could inadvertently contain sensitive user information. If someone were to hack or seize the server, they could gain access to this data. Even worse, hackers who do find their way in might be able to install a backdoor that remains indefinitely.
Read more about the TrustedServer feature here.
Competitor Perfect Privacy also runs all servers in RAM-disk mode, which seems to be the safest and most secure setup.
ExpressVPN has also passed a third-party audit that was conducted by PricewaterhouseCoopers. This security audit verified the TrustedServer feature, no logs policy, and that all privacy protections are being adhered to correctly. Very few VPNs have undergone third-party audits to verify logging policies.
Lastly, ExpressVPN also decided to open source their browser extensions and subject them to a full security audit by Cure53. Cure53 is a well-regarded cybersecurity firm based in Berlin that has also audited other VPNs, such as TunnelBear.
Turkish authorities try to collect logs, then seize ExpressVPN server
In addition to audits, ExpressVPN has also passed a real-world test.
In December 2017, Turkish news outlets reported that police in Turkey attempted to force ExpressVPN to provide customer data for a criminal investigation. However, ExpressVPN did not have any logs to provide authorities, as they explained in a statement.
After failing in their attempts to coerce data from ExpressVPN, the Turkish police then decided to physically seize ExpressVPN’s server, which they obtained from a data center in Turkey. However, this also did not reveal any information because ExpressVPN does not keep any logs on its servers – or otherwise.
ExpressVPN further clarified that all customer data was safe when they issued a statement on the case:
As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators. Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs. We believe that the investigators’ seizure and inspection of the VPN server in question confirmed these points.
Conclusion: As you can see above, ExpressVPN has gone above and beyond most VPN services in terms of securing customer data and validating their own servers, policies, and applications. Here’s a brief overview:
- ExpressVPN’s network and all VPN servers operate in RAM-disk, thereby making it impossible to store logs on any VPN server.
- An outside auditing firm (PWC) confirmed that ExpressVPN remains true to its no-logs policies. Additionally, ExpressVPN passed an independent security audit conducted by Cure53.
- ExpressVPN passed a real-world test when authorities in Turkey first demanded customer logs, then seized an ExpressVPN server. But they still failed to obtain any logs or user data.
If you want to give ExpressVPN a test drive, see the coupon below for three months free.
2. NordVPN: Passed third-party logs audit, upgraded security
|Logs||No logs (audited)|
|Support||24/7 Live chat|
Overview: NordVPN is a no logs VPN service based in Panama. It offers a wide selection of apps, excellent speeds, and more privacy and security features than most other VPNs. In the latest round of testing for the NordVPN review, it performed well in all categories. It now fully supports the WireGuard VPN protocol in all NordVPN apps, offering users faster speeds and upgraded security. I recently hit 445 Mbps with NordVPN in testing out WireGuard vs OpenVPN speeds.
NordVPN uses the strongest encryption standards and also includes built-in leak protection (kill switch) with all VPN apps. Additionally, NordVPN also offers these privacy and security features:
- Double-VPN servers to encrypt traffic over two different locations
- Tor-over-VPN servers that also encrypt traffic through the Tor network
- P2P servers for high-speed downloading and file sharing (NordVPN is currently the best VPN for torrenting)
- Obfuscated servers to hide VPN traffic to look like regular HTTPS encryption and also get around VPN blocks
- CyberSec feature to block ads, trackers, and malware domains
NordVPN is easily one of the best VPNs you will find in terms of privacy features and performance.
NordVPN audited by PWC to verify no logs claims
Similar to ExpressVPN, NordVPN has also completed a full audit to verify the no-logs policy. The audit was PWC AG and the auditors confirmed that NordVPN was fully compliant with its no logging policies.
I carefully examined the auditor’s findings for this guide and can offer this overview:
- NordVPN was audited by PricewaterhouseCoopers. PWC had full access to examine NordVPN’s servers, interview employees, observer operations, inspect configurations, databases, and any other relevant aspect of the VPN service.
- NordVPN does not store connection logs, IP addresses, traffic logs, or any internet activity information.
The audit confirmed NordVPN’s logging policy, which you can read on their website as follows:
NordVPN strictly keeps no logs of your activity online. That means we do not track the time or duration of any online session, and neither do we keep logs of IP addresses or servers used, websites visited or files downloaded. In other words, none of your private and secure data is logged and gathered at any time. As a result, we are not able to provide any details about your behavior online, even if you request it yourself.
NordVPN is based away from the EU and US jurisdiction and is not required to collect your personal data and information– it means nothing is recorded, monitored, stored, logged or passed to third parties.
In addition to the no-logs policies, NordVPN has also implemented big security upgrades and new features.
Additional NordVPN security upgrades and features
Perhaps one of the biggest security upgrades in years, NordVPN now offers full support for the WireGuard VPN protocol. This protocol uses the latest encryption standards and also outperforms all other VPN protocol (based on my own testing). NordVPN’s implementation of the WireGuard VPN protocol is called NordLynx. It uses a double NAT system to ensure the highest privacy standards and it worked very well in my tests.
Other security upgrades with NordVPN:
- All servers in the network are upgraded to run only in RAM-disk mode
- Ongoing security audit and penetration testing conducted by Versprite
- Public bug bounty program
Conclusion: NordVPN’s no logs policies, favorable jurisdiction, strong security, and excellent performance make it a great choice for all types of users. It works well with all streaming services (currently the best VPN for streaming) and also offers many privacy features. With the coupon below, NordVPN is one of the best values available for a no logs VPN.
3. VyprVPN: No logs verified with third-party audit
|Logs||No logs (audited)|
|Support||Chat and email|
Overview: VyprVPN is a no logs VPN service based in Switzerland with secure apps and good performance. It did well in speed tests for the VyprVPN review and has a pretty good reputation. VyprVPN is unique in that they physically own every server in their network (no rentals from third parties), which helps to ensure data security. VyprVPN also offer the Chameleon protocol, which will get around VPN blocks and restrictions. This is important when using a VPN for China.
No logs transition: VyprVPN audited / advised by cybersecurity firm
To verify their no logs policies, VyprVPN underwent an independent audit conducted by Leviathan Security Group. The auditors examined all aspects of VyprVPN’s network to identify areas where logs were maintained that could de-anonymize the user. After fixing a few issues, they re-tested everything and found VyprVPN to be in full compliance with their stated “no logs” policy.
VyprVPN’s security audit is available to the public here and can be referenced publicly. Here are a few sections:
We examined all components of the project according to the threat assessment described below. While vigilance against logging is necessary to complete the process of implementing “No Log”, we feel that this assessment achieved its goal of uncovering weaknesses in Golden Frog’s implementation. The project revealed a limited number of issues that Golden Frog quickly fixed. As a result, it can provide VyprVPN users with the assurance that the company is not logging their VPN activity.
Golden Frog worked to remediate all no-log-related findings concurrently with the assessment. Once it had completed this, we performed a retest and verified that all of the fixes were effective.
Before this change took place, VyprVPN logged connection data (including IP addresses) for 30 days. Now, VyprVPN can be counted among the small number of verified no logs VPN services.
See the VyprVPN review for more information and test results.
4. Perfect Privacy: Real-world verification of no logs
|Support||Email & forum|
Overview: Perfect Privacy is a Switzerland-based VPN that offers advanced online anonymity and security features. It is a no logs service that does not restrict user accounts in any way, giving you an unlimited number of connections. Privacy features include multi-hop VPN configurations, port forwarding, and a TrackStop feature to block ads, trackers, malware, and phishing domains.
From the beginning, Perfect Privacy has focused their service on privacy and anonymity, never keeping logs of any kind and not limiting VPN connections in any way.
Perfect Privacy server seized in the Netherlands
While Perfect Privacy has not undergone a third-party audit, like our other top recommendations, it has passed a real-world test. A few years ago, Perfect Privacy announced that Dutch authorities had seized one of their servers in Rotterdam, Netherlands. Although the reason for seizing the server was never revealed, Perfect Privacy confirmed no customer data was obtained:
Since we are not logging any data there is currently no reason to believe that any user data was compromised.
…We can now conclude that no customer information was compromised due to the seizure. The Rotterdam location will continue to operate using the replacement servers.
RAM-disk servers (no logs possible)
Just like with ExpressVPN and NordVPN, Perfect Privacy runs all their servers in RAM-disk mode. They explain the reasoning for this on their log policy page:
Our infrastructure is built on this philosophy: All our services are running within strongly encrypted RAM disks so that it is technically impossible for data to be stored on hard drives. This also means that no data can be recovered if the power is disconnected.
Nobody can force us to log your data. If that were the case we would rather discontinue Perfect Privacy than to record your data and compromise your privacy.
The main drawbacks with Perfect Privacy is that it is expensive and does not work well for streaming services. Nonetheless, it remains a good option for privacy and security, with a proven no logs policy and Switzerland jurisdiction.
Our Perfect Privacy review has more info and test results.
Other verified no logs VPN services
Since first writing this guide, there have been a few other VPNs that have undergone audits to verify their privacy and security claims.
1. IVPN – No logs VPN based in Gibraltar (audited)
First up is IVPN, a VPN provider based in Gibraltar. IVPN used Cure53 for the audit, which verified the privacy claims as follows: “Based on the findings, it is safe to say that all of the IVPN’s privacy statements could be verified as truthful within the defined scope.”
2. Private Internet Access – Two court cases proving no logs (but beware of new ownership)
Private Internet Access is a United States-based VPN that offers a low-cost, simple, and user-friendly VPN service. While it remains a decent cheap VPN service, it does have some noteworthy drawbacks. Here were a few issues that I discussed in the PIA review.
- PIA sold out to Kape Technologies in November 2019. Kape is a company with a history of producing malware and adware. There are also some strange ties between Kape leadership and foreign surveillance agencies.
- PIA is based in the United States, a Five Eyes surveillance country.
PIA’s no logs claims have been tested and proven in two separate court cases:
- In a 2016 course case, PIA was subpoenaed by the FBI for logs, but PIA testified in court that it had no logs to hand over. This is explained in official court documents.
- Once again, in 2018, another court case put PIA’s no-logs policy to the test. As explained in this news article, Private Internet Access officially testified that it did not have any logs it could hand over to authorities.
Unfortunately, even with these court cases, there’s no way to know if PIA is collecting logs today. In the United States, any business can be forced to collect user data for government, and there are examples of this happening with VPNs and private email services. (We’ll examine this more below.)
3. PureVPN – No-logs audit (after providing logs to authorities)
In an attempt to regain trust among the VPN community after the logging case a few years ago, PureVPN has undergone an audit of its own.
The auditing firm that PureVPN used was Altius IT based in California, which conducted the audit remotely (no on-site investigations). The audit concluded in June 2019 and verified that PureVPN now aligns with its no-logs policies. Whether or not PureVPN can be trusted, after already providing logs to authorities, is a question you must answer.
Jurisdiction and logging policies with VPN services
One thing to consider with any VPN service is jurisdiction: where the VPN is legally based.
Jurisdiction is an important factor to consider because it greatly affects the security of the VPN’s customers. A VPN must abide by the laws in the country in which it is legally based (incorporated). Many countries have laws that can undermine encryption and data security, for example:
Australia and access to encrypted data
Australia has a law that allows governments to force companies to provide access to encrypted data. We discuss this topic at length in our guide on VPNs for Australia. Here’s a brief synopsis of this law:
The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications.
Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.
Right now, the United States is considering similar legislation, which you can read about here.
United States can force companies to hand over logs
The US is also a hostile jurisdiction for privacy. Here, authorities can force companies to hand over data logs and provide access to user information. Here are three examples:
- Lavabit was forced to provide encryption keys to its email service. Rather than comply, the owner shut down the company.
- Riseup, a secure email and VPN service in Seattle, was forced to hand over user data to the FBI and also slapped with a gag order that prevented any disclosure.
- IPVanish, a “zero logs” VPN, provided user logs to the FBI for a criminal investigation.
Choose your VPN carefully and also consider jurisdiction. We recommend going with a VPN service in a safe privacy jurisdiction, such as Panama, the British Virgin Islands, Switzerland, and others.
Conclusion on VPNs with no logs
With high-profile logging cases eroding user trust, such as with PureVPN and IPVanish, it is now more important than ever to verify that a VPN’s claims are actually true.
To be sure, maintaining some connection logs is not necessarily a deal-breaker, especially if it is done in an honest and transparent manner, such as with VPN.ac. The problem, however, is that many VPNs simply use “no logs” as a marketing slogan, without any kind of verification.
Another issue is that there’s no widely accepted definition of exactly what “no logs” means.
In light of all these factors, it’s great to see that there are VPNs taking proactive steps to verify and audit their own policies. This helps to build trust and maintain a higher level of honesty in the industry.
While there will always be bad apples in the VPN world, there are still a small number of trustworthy VPNs that have properly earned the title of “no logs” services.
The table below includes the best no logs VPN services that have been proven and verified:
(30 day refund)
(30 day refund)
(7 day refund)
(30 day refund)
Last updated on June 26, 2020.