Never mind its speed, customer service, or price – the most persuasive claim for any virtual private network provider can appeal to potential customers that when you use its service it is a log of your web activity. Does not have. Our directory of recommended VPN services and every leading service in the wider market globally claims to be the “no-logs” provider.
However, the problem with the claim of no-logs is that you cannot prove negative. Verifying that there is no VPN logging is impossible from outside user activity. This is why some VPNs employ external auditors – or even journalists – to investigate their networks and see if they can find anything. This is a good idea, but even once you’re rumored through an internal server, stumbling across a troop of logs doesn’t mean they’re not there.
Even the best VPN has a core problem with it – despite all the audits and transparency many companies go through, it is still a user-trust business. No matter how much we rely on a particular VPN to help our internet browsing, it is almost impossible to verify if the VPN actually holds no logs. And we engage in that service, knowing that all our data is essentially delivered to a single company, which has servers whose activity no expert can verify.
The reality is that all VPN providers have to keep some logs of your activity in one way or another to ensure that the service remains, and to continue operating at maximum speed. If you are using a VPN only to watch area sports or streaming services, you may not be concerned about the record of your VPN traffic. But for political dissidents, lawyers, journalists and leakers, distinguishing between two types of user logs kept by VPN companies is important for personal safety when deciding what you should invest in.
Read more: Best VPN Services of 2020
The first type of log that VPN providers hold is sometimes called a connection log. At best, these are limited and reasonably anonymous logs that help the VPN provider monitor the workload of each server so that they can manage traffic, prevent service misuse, and keep their network running . Any VPN service that limits the number of simultaneous connections per user (which is almost all of the reviews we’ve done, except SurfFork) would have to contain some of these types of logs to enforce the customer limit.
Connection logs may include:
- The time you connected to VPN and for how long.
- Basically the IP address you are connected to
- Which server are you connecting to within the VPN
- Any diagnostic data that you agree to send to the VPN after the crash
Because data retention laws vary by country, a VPN provider may need to keep certain types of connection logs for a particular period of time to make them available to law enforcement officers if they are sub-veneed. Are.
Make no mistake, some of these types of logs can easily identify your home as a source of Internet traffic, compromising your privacy. Because of this, some companies, such as ExpressVPN, vow to never keep the connection logs.
It is worth looking at the type of time it takes to maintain your VPN claims, and for how long. For example, if your VPN IP address keeps a connection log, it is best for one provider to look elsewhere.
More types of VPN user logs are commonly called usage logs. These are what a VPN company means when it calls itself a “no-logs provider”. Usage logs, sometimes called traffic logs, are literally created records that describe your IP address and track its activity on the websites you visit. If a VPN service is caught keeping this type of log, it is at the very least a PR disaster, and possibly an existential challenge.
Some things that can be discovered about you through your usage log may include:
- A list of all the websites you’ve visited
- The contents of any message you send or receive when it is not encrypted
- Which apps and services are on your device (if there is VPN funnel web traffic for all connected apps on your device)
- If your IP address is being logged, your physical location
Suffice it to say, there is information being logged by ISPs and advertisers, prompting many users to subscribe to a VPN for the first time. Hence finding out that your VPN is logging the same information on you, substituting one bad actor for another.
Read more: See red flags when choosing VPN
7 free ‘no logs’ Hong Kong VPNs who were keeping logs
The same happened earlier this month, when Hong Kong-based VPN provider UFO VPN was found by Compitech to have detailed information on its users. A database of usage logs – including account credentials and potentially user-identifying information – was exposed. To make matters worse, six more VPNs – all of which were apparently sharing a common “white label” infrastructure with UFOs – were reportedly logging data according to The Register.
While all criminals bill themselves as no-log VPNs, they were also free VPNs – another reason why you should always avoid using free VPNs.
Law enforcement test
One of the obvious ways a VPN provider can prove that no usage keeps logs is by its servers seized by the authorities. Exactly the same happened with ExpressVPN in 2017, when the investigation into the assassination of Russia’s Ambassador Andrei Korlov in Turkey in 2016 led Turkish authorities to seize a server of ExpressVPN, which allegedly talks about crime Was looking for logs. The authorities came empty-handed, which enhanced ExpressVPN’s no-logs reputation.
The same trial by fire happened to IPVanish and PureVPN in 2016 and 2017 respectively – but with different results, of course. In the case of IPVanish, federal law enforcement came knocking with a warrant (or, more accurately, summons from the Department of Homeland Security Records), and the VPN’s “zero-logs” policy was put to the test. IPVanish provided information to authorities that led to the identification and arrest of a child predator. A similar incident the following year revealed that PureVPN collaborated with the FBI to track a hunter using its service. In other words: Both “no logs” appeared providing logs to VPN officers.
Read more: How to identify a good VPN: 3 features to watch out for
There is no such thing as online anonymity
To be clear here, my beef is not with a VPN company that helps police catch a child abuser or stocker through usage logs, assuming the expected warrant or subtype is secured. It is possessed by a VPN company lying to its customers about its underlying policies. VPNs are international operations. The lie that helps law enforcement catch criminals in the US is the same lie that helps law enforcement in China arrest a person for using a VPN.
If you take only one thing from this article, let it be: Total anonymity does not exist on the Internet. Do not allow any company to assume that you are working on the Internet completely anonymously. In most cases, the efficient choice and operation of a VPN is the best way to improve your privacy and can be very difficult to get hold of, but no VPN (or any software) can really make you disappear.
You may also consider using the private browsing tool Tor instead of a VPN, but be warned: Tor is browser-based and therefore is not encrypted by default as much as any Internet connection your computer is making at any given time is. So any internet-connected background program or app – whether seemingly messaging apps, torrenting apps, or even unseen micro-apps that help a big piece of software function – works outside the Tor browser Doing it can leave traces of your private data. If you do not properly configure both to work together, using Tor with a VPN can eventually weaken both types of privacy as well.
If you are in a country with anti-VPN and anti-encryption policies, beware of home-based proxy servers as a treatment; Without proper occlusion technique, your traffic will look like two children inside a trench coat trying to sneak into an R-rated movie.
Tips for choosing a secure VPN
To improve your privacy, look for VPN headquarters out of the reach of a country with data retention laws and international intelligence sharing agreements that it supportsAnd obfuscation touts the RAM-only server network, and avoids or limits the use of virtual servers. Virtual servers may be necessary in some cases, such as the current use of ExpressVPN in Turkey, but they are generally considered less secure than “bare-metal” physical servers.
The shadow of VPN supply chains has been well documented. So you can improve your privacy by selecting a VPN that owns 100% of its servers (a rare claim, and still to prove rare), and only by connecting to the servers you monitor. Have been. to protect. Most VPNs lease server space from third-party contractors out of financial need worldwide, but each of those server warehouses presents potential potential risks.
At any given time, a location of older server management software in a country’s far-reaching server (which varies from contractor to contractor) can cause potential detection risks. We saw this when NordVPN saw a single server contractor agreement in October 2019, leading to its recent RAM-only conversion. Here is a less charitable explanation of that risk: Any person who has administrative access to those servers can, under the right type of persuasion, possibly activate some form of monitoring.
In the best case, that monitoring only reveals traffic that maintains the base level of HTTPS encryption, and will not reveal the server you came from or the server you were heading. In the worst case, your traffic is naked and using a VPN can get you into more trouble than the search you tried to hide with the VPN.
For more information on VPNs, check all the VPN terms you should know, and you should never rely on free VPNs.