When it comes to VPN logs, there’s a lot of confusion.
Countless VPN providers are making the “no logs” claim for marketing purposes, but in reality they’re keeping some form of logs.
In this guide we’ll cover the different types of VPN logs, the reasons for keeping logs, and what you can do to further protect your online privacy.
Types of VPN logs
There are three different types of VPN logs (also discussed in the Ultimate VPN Guide).
Usage (browsing) logs – These logs basically include everything you do online: browsing history, times, IP addresses, metadata, etc. From a privacy standpoint, you should avoid any VPN that collects usage data.
Connection logs – Connection logs typically include dates, times, connection data, and sometimes IP addresses. Typically this data is used for optimizing the VPN network and potentially dealing with user problems or terms of use issues (torrenting, illegal activities, etc.). Many VPN providers keep connection logs, even while claiming to be a “no logs” VPN service.
No logs – There are very few VPNs that truly meet the “no logs” criteria. Having a truly no logs policy is very difficult to implement. This is especially the case when VPNs need to enforce restrictions such as bandwidth or the number of devices being used per subscription.
Reasons for logging
There are many reasons for maintaining some form of logs – and they are not necessarily bad.
1. Limiting the number of devices
One of the biggest reasons for maintaining logs is to limit the number of devices used with a subscription. Nearly every VPN imposes limits (3, 5, 6…) on the number of simultaneous connections that can be used with a subscription. Enforcing connection and device limitations requires some form of logging.
One alternative possibility is when a VPN tells you there’s a device limit, but they don’t/can’t strictly enforce it, due to a no logs policy.
Another example is Perfect Privacy, which has a truly zero logs policy, which allows users an unlimited number of device connections. In other words, they couldn’t keep their “no logs” promise and restrict devices at the same time. (No logs = no restrictions)
2. Limiting bandwidth
Bandwidth restrictions also require logging. To limit the amount of bandwidth used with a given account, logging is obviously necessary. Therefore if any VPN has bandwidth limits and also claims to be a “no logs” VPN, you can be sure they’re not being honest.
3. Logging with rental servers (VPS)
Most VPNs utilize rental servers (virtual private servers) instead of dedicated servers. A VPS is much cheaper than a dedicated (premium) server, but this creates some problems from a privacy standpoint. (Side note: that’s why most VPNs emphasize the quantity of their server network, rather than the quality of their servers.)
The problem is that rental servers will maintain logs of server activity. This is especially true in jurisdictions that require logging and/or data retention. Furthermore, local authorities can possibly force a server host to log data. In this case, the “no logs” policies of a foreign VPN company means absolutely nothing – local authorities would go directly to the datacenter to get whatever they need.
One example of this was a man in the Netherlands who was arrested despite using a “no logs” VPN provider. The police simply went to the server host (i.e. the landlord) and got all the data they needed to find and arrest the man (who was accused of making bomb threats).
Key point: Even if a VPN is fulfilling it’s “no logs” promise, all your data may still be getting logged by the server host, which is why you should avoid VPNs that use virtual servers. This is why server quality is so important.
4. National spying agencies force companies to log
Spying agencies, such as the NSA and GCHQ, are increasingly forcing companies to log and/or hand over private customer information. All big tech companies in the US have been facilitating NSA spying since at least 2010. The Investigatory Powers bill in the UK mandates all data be logged and maintained for 12 months. Targeting a particular company or server network is especially easy.
Even worse, logging requests are often accompanied with “gag orders” – making it illegal for the company to disclose what they’re being forced to do. This is why the jurisdiction of your VPN provider is so important – one of the main criteria used to rank VPNs on this site.
5. Troubleshooting problems and optimizing VPN performance
Logging connection data is often justified by VPN providers for fixing problems with their service and optimizing their network. While running a fast and reliable VPN service does not necessarily require logging, most VPNs will at least maintain some minimal connection logs to keep everything working well.
Contradictory claims and false promises
The biggest problem right now is that more and more VPNs are using the “no logs” phrase as a marketing slogan, when it is in fact not true at all. Typically they’ll make a “no logs” claim boldly on their web page, but then disclose all the data they “keep” when you read the fine print, privacy policies and terms.
This problem is also covered in the ExpressVPN review, PureVPN review, and Betternet review. Here is PureVPN’s privacy policy:
While connection logs are not necessarily bad, making false or contradictory statements only adds to the confusion when selecting a VPN.
The reality is that it’s basically impossible to ever verify if these “no logs” claims are true. But if you find a VPN that makes contradictory or misleading statements about their policies, it raises questions about their honesty and trustworthiness.
Important considerations with logs
Transparency – The key is to find a VPN that’s open and transparent about the logs they keep, what exactly is recorded, and how this information is used and disposed. Two examples of transparency when it comes to logging policies are VPN.ac and VyprVPN. Both clearly state they keep connection logs, why they keep them, and how they are deleted.
No logs, no restrictions – It’s very difficult for a VPN to be “no logs” while also enforcing limitations, such as bandwidth or device limitations. This is especially the case with bandwidth. The fewer limitations a VPN enforces, the more trustworthy their “no logs” claims appear (in my opinion). For example, VPNArea’s network allows 6 simultaneous connections from anywhere in the world (i.e. they’re not logging/monitoring the source IP address). Most VPNs would block your account with multiple connections from all over the world (because this would indicate you’re sharing your account). Another option is an unlimited number of device connections (Perfect Privacy).
Avoid VPNs with rental servers (VPS) – Aside from examining the VPN’s policies, you should also look into their server network details. Look for a server status page that explains the type of servers they use (dedicated or virtual). When a VPN is renting servers (VPS), it’s likely that the server host is keeping logs, even if they VPN service is making “no logs” promises.
Servers on RAM disk mode – Servers in RAM disk means that the server operating system and all databases are running in temporary memory, instead of stored on a hard drive. This means that if the power is cut to the server, all the data is gone. Perfect Privacy had servers in Rotterdam seized by authorities. But because there were no logs and the servers were operating in RAM disk mode, no customer data was compromised.
Use a multi-hop VPN service – Using a VPN service that provides multi-hop (cascade) VPN connections will significantly increase your online anonymity. With this setup, you can create a VPN chain with multiple “hops” (like the Tor network). Therefore if one server is being monitored, your privacy won’t be compromised. VPNs offering this feature include:
- Perfect Privacy (up to 4 hops on all servers)
- ZorroVPN (up to 4 hops on all servers)
- VPN.ac (six double-hop VPN server configuration)
Conclusion on VPN logs
With VPN logs, the main thing to look for is honesty and transparency, rather than “no logs” marketing slogans. In terms of the big picture, considerations that are even more important are jurisdiction and test results.
To see which VPNs did the best in these categories, check out the Best VPN List.
Leave a Reply