When it comes to VPN logs, there’s a lot of confusion.
Countless VPN providers are making the “no logs” claim for marketing purposes, but in reality they’re keeping some form of logs.
In this guide we’ll cover the different types of VPN logs, the reasons for keeping logs, and what you can do to further protect your online privacy.
Types of VPN logs
There are three different types of VPN logs (also discussed in the Ultimate VPN Guide).
Usage (browsing) logs – These logs basically include online activity: browsing history, times, IP addresses, metadata, etc. From a privacy standpoint, you should avoid any VPN that collects usage data.
No logs – There are very few VPNs that truly meet the “no logs” criteria. Having a truly no logs policy is very difficult to implement. This is especially the case when VPNs need to enforce restrictions such as bandwidth or the number of devices being used per subscription.
Reasons for logging
There are many reasons for maintaining some form of logs – and they are not necessarily bad.
1. Limiting the number of devices
One of the biggest reasons for maintaining logs is to limit the number of devices used with a subscription. Nearly every VPN imposes limits (3, 5, 6…) on the number of simultaneous connections that can be used with a subscription. Enforcing connection and device limitations may require some form of logging.
One alternative possibility is when a VPN tells you there’s a device limit, but they don’t/can’t strictly enforce it, due to a no logs policy.
Another example is Perfect Privacy, which has a truly zero logs policy, and allows users an unlimited number of device connections. According to Perfect Privacy, no logs = no restrictions (a very high standard).
2. Limiting bandwidth
Bandwidth restrictions also require logging. To limit the amount of bandwidth used with a given account, logging is obviously necessary. Therefore if any VPN has bandwidth limits and also claims to be a “no logs” VPN, this should raise some questions. One example of this is Trust.Zone, which claims to be “no logs” yet records user bandwidth.
3. Logging with rental servers (VPS)
Many VPNs utilize rental servers (virtual private servers) instead of dedicated servers. A VPS is much cheaper than a dedicated (premium) server, but this creates some problems from a privacy standpoint. (Side note: that’s why most VPNs emphasize the quantity of their server network, rather than the quality of their servers.)
The problem is that rental servers will often maintain logs of server activity. This is especially true in jurisdictions that require logging and/or data retention. Furthermore, local authorities can possibly force a server host to log data. In this case, the “no logs” policies of a foreign VPN company means absolutely nothing – local authorities would go directly to the datacenter to get whatever they need.
One example of this was a man in the Netherlands who was arrested despite using a “no logs” VPN provider. The police simply went to the server host (i.e. the landlord) and got all the data they needed to find and arrest the man (who was accused of making bomb threats).
Key point: Even if a VPN is fulfilling it’s “no logs” promise, all your data may still be getting logged by the server host.
4. National spying agencies force companies to log
Spying agencies, such as the NSA and GCHQ, are increasingly forcing companies to log and/or hand over private customer information. All big tech companies in the US have been facilitating NSA spying since at least 2010 – see the PRISM Program. The Investigatory Powers bill in the UK mandates all data be logged and maintained for 12 months. Targeting a particular company or server network is especially easy.
Even worse, logging requests are often accompanied with “gag orders” – making it illegal for the company to disclose what they’re being forced to do. This is why the jurisdiction of your VPN provider is so important – one of the main criteria used to rank VPNs on this site.
5. Troubleshooting problems and optimizing VPN performance
Logging connection data is often justified by VPN providers for fixing problems with their service and optimizing their network. While running a fast, secure, and reliable VPN service does not necessarily require logging, most VPNs will at least maintain some minimal connection logs to keep everything working well.
Contradictory claims and false promises
While connection logs are not necessarily bad, making false or contradictory statements only adds to the confusion when selecting a VPN.
VPN logs = grey area
The reality is that it’s basically impossible to ever verify if these “no logs” claims are true.
Further adding to this confusion is that some VPNs have convoluted definitions of what “no logs” actually means. And of course, there’s no standard that can be used and no widely-accepted definition.
Foreign jurisdiction – Making matters even worse, many VPNs operate in overseas jurisdictions and can never be held liable for dishonesty and false advertising. If a VPN service in Hong Kong or the British Virgin Islands lies to customers in America, there’s not much that can be done.
Foreign (overseas) businesses will never be held liable for violating false advertising laws and deceiving customers. There are simply beyond the law. While this is often good for privacy, it is also a drawback for accountability.
This is why trust is so important.
If you find a VPN that makes contradictory or misleading statements about their policies, it raises questions about their honesty and trustworthiness.
Important considerations with logs
Transparency – The key is to find a VPN that’s open and transparent about the logs they keep, what exactly is recorded, and how this information is used and disposed. Two examples of transparency when it comes to logging policies are VPN.ac and VyprVPN. Both clearly state that they keep connection logs, why they keep them, and how they are deleted.
No logs, no restrictions – It’s very difficult for a VPN to be “no logs” while also enforcing limitations, such as bandwidth or device limitations. This is especially the case with bandwidth. The fewer limitations a VPN enforces, the more trustworthy their “no logs” claims appear (in my opinion). Perfect Privacy arguably has the best no logs policy in my opinion because they have no restrictions in terms of bandwidth or device connections.
Avoid VPNs with rental servers (VPS) – Aside from examining the VPN’s policies, you should also look into their server network details. Look for a server status page that explains the type of servers they use (dedicated or virtual). When a VPN is renting servers (VPS), it’s likely that the server host is keeping logs, even if they VPN service is making “no logs” promises.
Servers on RAM disk mode – Servers in RAM disk means that the server operating system and all databases are running in temporary memory, instead of stored on a hard drive. This means that if the power is cut to the server, all the data is gone. Perfect Privacy had servers in Rotterdam seized by authorities. But because there were no logs and the servers were operating in RAM disk mode, no customer data was compromised.
Use a multi-hop VPN service – Using a VPN service that provides multi-hop (cascade) VPN connections will significantly increase your online anonymity. With this setup, you can create a VPN chain with multiple “hops” (like the Tor network). Therefore if one server is being monitored, your privacy won’t be compromised. VPNs offering this feature include:
- Perfect Privacy (up to 4 hops on all servers)
- ZorroVPN (up to 4 hops on all servers)
- VPN.ac (18 double-hop VPN server configuration)
Conclusion on VPN logs
With VPN logs, the main thing to look for is honesty and transparency, rather than “no logs” marketing slogans on the homepage.
In terms of the big picture, other important considerations are jurisdiction and test results.
To see which VPNs did the best in these categories, check out the Best VPNs list.