What is the best no logs VPN provider and which of them are actually trustworthy and proven?
This is a tough question since there are so many VPNs claiming to be “no logs” – but there’s no real way that a user can verify a VPN’s logging practices. Even worse, there have been a few “no logs” VPNs that have logged user data and provided the information to authorities. Two examples of this are with PureVPN (logging case) and also IPVanish (logging case).
Fortunately, there are also a few no logs VPN services that have been tested and proven to be truly no logs. We will examine these in detail below. Here are the best no logs VPN services that have been verified to be truly no logs:
- ExpressVPN – As part of an investigation into a crime in Turkey, Turkish authorities demanded user information from ExpressVPN. ExpressVPN denied the data request because they did not have any logs to provide, and they also did not fall under Turkey’s legal jurisdiction (based in the British Virgin Islands). As a final attempt, Turkish authorities then raided the datacenter and seized ExpressVPN’s Turkey server – but they still were not able to obtain any logs or customer data.
- Perfect Privacy – Authorities in Rotterdam, Netherlands were attempting to obtain customer data and seized one of Perfect Privacy’s servers. They were not able to obtain any information and customer data remained secure.
- NordVPN – In November 2018 NordVPN released an audit that successfully verified their “no logs” claims. The audit was carried out by a reputable “Big 4” accounting firm and confirmed NordVPN’s claims and practices.
- VyprVPN – In order to transition to a no logs VPN service, VyprVPN underwent a full audit and consultation from Leviathan Security Group. They have successfully transitioned from a VPN service that kept connection logs to a fully-compliant and verified no logs VPN service, which was independently audited in November 2018.
- Private Internet Access – PIA’s no logs claims have been verified in two separate court cases – one in 2016 and another in 2018.
Now we’ll take a close look at each VPN provider and the respective case that proved their no logs policies to be true.
British Virgin Islands
Overview: ExpressVPN is based in the British Virgin Islands and it’s currently the top recommendation in the best VPN comparison guide. It offers user-friendly VPN apps with excellent performance and security. ExpressVPN is also one of the few VPNs that work with Netflix, BBC iPlayer, and many other services.
No logs: ExpressVPN server seized in Turkey
In December 2017 Turkish news outlets reported that Turkish authorities attempted to force ExpressVPN into handing over customer data for an investigation into a political assassination. According to these reports, Turkish authorities allege that an unknown individual using ExpressVPN deleted evidence on social media related to the investigation.
While the Turkish news article falsely claims ExpressVPN is based in the US (when it’s in fact based in the British Virgin Islands), it does reveal that the authorities’ attempts to collect user data failed:
The prosecution’s contact with the company did not yield results as Express VPN stated that it is not subject to the rules of U.S. and EU laws.
After failing in their attempts to coerce data from ExpressVPN, the Turkish police then decided to physically seize ExpressVPN’s server, which they obtained from a data center in Turkey. However, this also did not reveal any information because ExpressVPN does not keep any logs on its servers – or otherwise.
ExpressVPN further clarified that all customer data was safe when they issued a statement on the case:
As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators. Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs. We believe that the investigators’ seizure and inspection of the VPN server in question confirmed these points.
While the criminal nature of this case is indeed unfortunate, it does further validate ExpressVPN’s commitment to strict customer privacy. The three main items we learned from this are:
- ExpressVPN is truly a no logs VPN provider.
- ExpressVPN does not cave in to government agencies demanding user data.
- ExpressVPN servers do not contain any data that could de-anonymize users.
This commitment to customer privacy is one reason ExpressVPN is currently our top recommendation in the best VPN service report.
Perfect Privacy logs
Overview: Perfect Privacy is a premium, Switzerland-based VPN that offers advanced online anonymity and security features. It is a no logs service that does not restrict user accounts in any way. You get an unlimited number of connections/devices to use with your subscription as well as very advanced privacy features. These features include multi-hop VPN configurations, port forwarding, and an advanced advertisement and tracking blocker called TrackStop.
No logs: Perfect Privacy server seized in the Netherlands
In August 2016 Perfect Privacy announced that Dutch authorities had seized one of their servers in Rotterdam, Netherlands. Although the reason for seizing the server was never revealed, Perfect Privacy confirmed no customer data was obtained:
Since we are not logging any data there is currently no reason to believe that any user data was compromised.
…We can now conclude that no customer information was compromised due to the seizure. The Rotterdam location will continue to operate using the replacement servers.
To further protect customer data in the event of a server seizure, Perfect Privacy runs all their servers in RAM disk mode, as they explain on their log policy page:
Our infrastructure is built on this philosophy: All our services are running within strongly encrypted RAM disks so that it is technically impossible for data to be stored on hard drives. This also means that no data can be recovered if the power is disconnected.
Nobody can force us to log your data. If that were the case we would rather discontinue Perfect Privacy than to record your data and compromise your privacy.
While Perfect Privacy is a higher-priced service, it remains a great option for privacy and security, with a proven no logs policy and Switzerland jurisdiction.
Overview: NordVPN is a no logs provider based in Panama that offers a wide selection of apps for a decent price. In the latest round of testing for the NordVPN review, it performed very well in terms of speed and reliability. NordVPN’s new apps also have excellent leak protection settings as well as advanced privacy features, such as double-hop VPN server configurations.
No logs: NordVPN audited by a major accounting firm
In November 2018 NordVPN announced on its website that it had completed a full audit to verify their logging claims. The audit was conducted by a “Big 4” accounting firm and released to existing NordVPN users (under the member’s area).
Unfortunately, due to strict disclosure rules imposed by the auditing firm, the audit is not available for public release and I cannot directly quote it in this guide. However, after obtaining a full copy of the audit and examining the findings, I can summarize the main points as follows:
- NordVPN was audited by a reputable (Big 4) accounting firm, which had full access to examine NordVPN’s servers, interview employees, observer operations, inspect configurations, databases, and any other relevant aspect of the VPN service.
- The audit officially verified NordVPN to be a “no-log service” as of November 1, 2018 (when the audit was conducted).
- NordVPN does not store connection logs, IP addresses, traffic logs, or any internet activity information.
Because NordVPN limits users to six connections per subscription, it does have a mechanism in place to verify the user’s account and ensure the device connection limit is not being exceeded. This is common for VPN services that implement connection limits (nearly every VPN service) and does not pose any threat to user privacy or security, nor violate the logging claims.
The audit confirmed NordVPN’s logging policy, which you can read on their website as follows:
NordVPN strictly keeps no logs of your activity online. That means we do not track the time or duration of any online session, and neither do we keep logs of IP addresses or servers used, websites visited or files downloaded. In other words, none of your private and secure data is logged and gathered at any time. As a result, we are not able to provide any details about your behavior online, even if you request it yourself.
NordVPN is based away from the EU and US jurisdiction and is not required to collect your personal data and information– it means nothing is recorded, monitored, stored, logged or passed to third parties.
Overview: VyprVPN is a no logs VPN service based in Switzerland with very secure apps and excellent performance. It offers secure and user-friendly apps for many different devices and speed tests for the recent VyprVPN review were also quite good. VyprVPN is unique in that they physically own every server in their network (no rentals from third parties), which helps to ensure data security. They also offer the Chameleon protocol, which will get around VPN blocks and restrictions (important when using a VPN for China).
No logs: VyprVPN audited by a cyber security firm
In September 2018 VyprVPN began working with Leviathan Security Group to transition their service into a full “no logs” VPN service. The auditors examined all aspects of VyprVPN’s network to identify any areas where logs were maintained that could de-anonymize the user. After fixing these issues, they re-tested everything and found VyprVPN to be in full compliance with their stated “no logs” claims.
Unlike with NordVPN’s audit, the VyprVPN’s audit is available to the public here and can be referenced publicly. Here are a few sections:
We examined all components of the project according to the threat assessment described below. While vigilance against logging is necessary to complete the process of implementing “No Log”, we feel that this assessment achieved its goal of uncovering weaknesses in Golden Frog’s implementation. The project revealed a limited number of issues that Golden Frog quickly fixed. As a result, it can provide VyprVPN users with the assurance that the company is not logging their VPN activity.
Golden Frog worked to remediate all no-log-related findings concurrently with the assessment. Once it had completed this, we performed a retest and verified that all of the fixes were effective.
Before this change took place, VyprVPN logged connection data (including IP addresses) for 30 days. Now VyprVPN can be counted among the small number of verified no logs VPN services. See the VyprVPN review for more information and test results.
Private Internet Access logs
Overview: Private Internet Access is a United States-based provider that offers a cheap, simple, and user-friendly VPN service. While it’s not a bad service for the price, it does have some drawbacks. PIA is limited on features and I’ve also seen users complain about their support department – discussed in the PIA review. Nonetheless, it may be worth considering if you don’t mind the US jurisdiction (five eyes) and some of the other minor drawbacks.
No logs: PIA logging claims verified in two court cases
Unlike with ExpressVPN and Perfect Privacy, PIA did not have any servers seized, but instead had their no logs claims verified in court cases. Since providing false information in a court of law is a serious offense, we can consider both of these cases to conclusively verify the “no logs” policy.
The first court case was from 2016 and it involved a man who allegedly made bomb threats while connected to PIA’s VPN. The FBI officially subpoenaed PIA demanding logs of the user, but they simply could not provide anything, as described in official court documents:
A subpoena was sent to London Trust Media [Private Internet Access] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.
In a second case from June 2018, Private Internet Access was again subpoenaed in court for user logs and evidence related to a hacking case. As with the previous court case, Private Internet Access was not able to provide any data, because there were no logs available to hand over. Here is a brief summary from a news article discussing London Trust Media, which is the parent company of PIA:
John Allan Arsenault, general counsel for London Trust Media, a VPN company, testified about how many VPN companies, including his, intentionally don’t retain logs of internet activity of their clients so that they cannot be produced in response to subpoenas from law enforcement or others. London Trust Media operates the brand Private Internet Access (PIA), which owns several IP addresses used to hack Embarcadero Media.
Private Internet Access does not log user activity, such as what files they accessed or changes they made to a website.
Based on these two court cases, Private Internet Access is indeed a no logs VPN provider.
What is the best no logs VPN?
Based on the latest test results, the best no logs VPN available right now appears to be ExpressVPN.
It is an all-around great choice offering excellent speeds, great security, user-friendly apps for all devices, and access to Netflix and other streaming services. While it is on the higher end of the price range, the three months free coupon drops the monthly price down to $6.67.
The second runner up for the best no logs VPN would be Perfect Privacy. Perfect Privacy is one of the most expensive VPNs you will find, but it also offers very advanced privacy features, such as NeuroRouting, TrackStop, multi-hop VPN cascades, and it also gives you an unlimited number of connections.
Ultimately, the “best no logs VPN” will be any of the services that align with your unique needs. Since choosing a VPN service is a very subjective process, it’s difficult to recommend a “best” VPN for everyone.
Conclusion on VPNs with no logs
With high-profile logging cases – such as with PureVPN and IPVanish – eroding peoples’ trust in VPNs, more people than ever want VPNs that do not keep any logs. Fortunately VPNs are reacting to this change in customer sentiment and providing services that fundamentally respect user privacy.
While there will always be bad apples, there are still a small number of trustworthy VPNs that have properly earned the title of “no logs” services.
As a brief overview, here are the no logs VPN services that have been publicly verified:
- ExpressVPN – Based in the British Virgin Islands; $6.67 per month (with discount coupon)
- Perfect Privacy – Based in Switzerland; €8.95 per month
- NordVPN – Based in Panama; $2.99 per month (with discount coupon)
- VyprVPN – Based in Switzerland; $3.75 per month (with discount coupon)
- Private Internet Access – Based in the United States; $2.91 per month
I’ll update this guide if any other VPNs are publicly verified to be no logs in real-world test cases.
December 3, 2018: This guide was updated to include the audit results for both NordVPN and VyprVPN.