Does your VPN keep logs? 140 VPN logging policies exposed
/
Almost every VPN provider you come across will have some sort of claim regarding logs. Providing a service without registration is often seen as a major selling point. Many users view VPNs as a way to improve privacy and increase anonymity. It makes sense that they simply don’t want to switch from the ISPs that track them to another company that does the same thing.
Although it would be nice and simple if all VPNs simply kept no logs at all, the truth is that many of them do keep some logs. These may include logs of websites visited (rarely) or usage logs such as when the VPN was connected and the amount of bandwidth used. There are various reasons for keeping records. For example, bandwidth can be logged if there is a cap on each user per month. In some cases, records are kept to support a business model that requires additional data. For example, a service provider may benefit from advertisements placed on frequently visited websites.
What all this means for users is that they may not get the privacy they hope for. If there’s one thing you should look for in a VPN’s privacy policy, it’s the logging policy. Before you choose a service provider, you should know exactly what information will be recorded and what it will or can be used for.
In this guide, we will explain the different types of logs that VPN providers may keep and how they can be used. We will also explain the significance of the VPN providers location in terms of the Five Eyes and 14 Eyes countries. We will then look at each provider’s logging policy to reveal exactly their approach.
Hint: No-logs VPNs are very popular among torrent software, but not all VPNs allow torrenting activities on their network. We have a report on the best VPNs for torrenting here and an article discussing the legality of torrenting here.
Note: Keep in mind that this article will convey our interpretations of logging policies, some of which can be difficult to decipher. We are happy to correct inaccurate information if it is detected. Furthermore, policies are subject to change over time, and while we strive to revisit this article periodically, we cannot virtually track every change as it occurs.
Types of records and how to use them
VPN logs are data that service providers keep in connection with the use of their service. When it comes to what they can store, you need to remember that your provider has access to all of your internet activities. So everything your ISP would normally see is now technically accessible by your VPN provider. Of course, if the service providers actually log and store all this data, they will not provide a very attractive service, and no doubt they will lose a lot of customers. Instead, the lack of records is one of the main selling features that many providers broadcast in an effort to win over consumers.
Basically, the fewer records, the more attractive the service. Which brings us to the commonly used claims of “no logs,” “no logs,” or “no logs.” Of course, you can’t take these claims at face value. Many providers assure that they keep no logs, but in fact, most of them keep some kind of log. The ambiguity arises because there are different types of records they may keep. You need to dig into the privacy policies and/or terms of service to see what information, if any, is being logged.
Another thing to keep in mind is how long the records are actually stored. Some providers delete data automatically after 24 hours while others may store it for longer periods, even indefinitely. Of course, from the user’s point of view, the former is better.
One thing to note before getting into different types of logs is that you will often find an indication in the privacy policies of tracking and cookies on the provider’s website. This is completely separate from using a VPN and is a normal part of any online business.
Now, let’s take a look at the different types of logs you may encounter when searching for service providers.
contact records
These may be referred to as metadata, diagnostic logs, or usage logs. They may include timestamps, the VPN server used, and the amount of bandwidth consumed. Sometimes this data is associated with an individual account but in other cases it is only collected on an aggregate basis.
These records are typically used to improve and maintain operations. On an individual user basis, the provider may need to keep track of the number of simultaneous connections or how much data is transferred per day or per month. It also makes sense for a service provider to want to know how many people are using a particular server simultaneously and the load being put on that server, in order to improve the service.
When it comes to privacy, data collected on an aggregate basis does not pose a serious risk. Connection logs associated with a single user are a bit more complicated. It really depends on the nature of the records and whether they are linked to any personally identifiable information (PII). If the logs are associated with a user account, that might still be fine. Some service providers enable you to open an account without providing any personally identifiable information. For example, an account created with a disposable email address and paid for via Bitcoin cannot be traced back to an individual if no personally identifiable information is needed.
One important thing to note here is the definition of PII. Some providers state that they do not ask for personally identifiable information (PII) but rather log the user’s IP address. This may be connected to the account at registration or recorded as part of the connection logs. This brings us to the next type of log.
IP address records
IP address logs are where a lot of so-called “no logs” service providers run into problems. An IP address can easily be attributed to an individual, or at least one wifi router, and should really be considered personally identifiable information. The IP address connected with a timestamp will likely associate actual activity with the individual. In fact, this was the scenario in some cases that we will mention while going through our VPN list.
One of the main reasons to use a VPN is to hide your IP address. When this information is recorded and stored, it is likely to be exposed to third parties. At best, it can be obtained by annoying advertisers who strive to create a profile around each user. At worst, it could fall into the hands of malicious hackers, copyright trolls, or government agencies.
Traffic logs
Finally, but perhaps most importantly, we have the traffic logs. When it comes to VPNs, these are the worst kind of logs. They include the contents of Internet traffic, such as browsing history, files downloaded, purchases made, messages sent, and software used. Really, no one should even consider a VPN that has been reported to keep these kinds of logs. It really defeats one of the main purposes of having a VPN in the first place – privacy.
There are various reasons for keeping these records, but the main reason is profit. This is why it is so important to be especially careful with free VPN services. These providers have to make money somehow and the data is valuable. Data that contributes to building a profile about an individual user is particularly relevant and may be sold to advertisers or other third parties. In the worst case, hackers or snoopers can get their hands on these logs, leaving you vulnerable to attacks. In particular, leaked personal information can easily lead to identity theft.
Canary Islands memo
Another term worth noting before moving forward is “canary note”. These are advertised by some service providers as a way to help maintain privacy. The canary order is usually a single web page, usually updated once per month, that states that confidential government subpoenas are not issued to the provider. By default, if the manifest is removed, this indicates that a subpoena has been issued and alerts users as such.
Of course, if the provider was completely without logs, they wouldn’t have data to hand over anyway. As such, many providers with true no-logs policies would argue that a canary arrest warrant is pointless. In addition, the fact that they are often updated once a month makes them less useful. However, we will mention the Canary command as a convenience to the providers in this post.
VPN Policies Revealed
Now that we’ve covered the types of records that providers might keep and what they might be used for, you’ll have a better idea of what to look for when reviewing the logging policies of different providers. It’s time to stumble across and reveal exactly what these are tracking and storing, to help you decide which one might be best for you.
a
AceVPN (USA) 3/4
Based in 5 eyes or 14 eyes? Yes, 5 eyes (0 points)
Traffic logs: no (2 points)
Contact records: number
IP address records: no (1 point)
Does AceVPN’s ‘No Logs’ Claim Hold Up? Well, its privacy policy states “We do not spy on our users nor monitor their internet use. If we have reasonable grounds to suspect that an end user is involved in criminal activities, we reserve the right to notify law enforcement agencies.” This sounds good but is a bit vague as it doesn’t actually define “internet usage”.
On the FAQ page, it states that “We do not log period. There is no metadata logging, no traffic logging, and no bandwidth usage tracking.” This means that this provider is free of traffic logs and connection logs.
AirVPN (Italy) 3/4
Based in 5 eyes or 14 eyes? Yes, 14 eyes (0 points)
Traffic logs: no (2 points)
Contact records: Yes, but they are aggregate records
IP address records: no (1 point)
In AirVPN’s FAQ section, in response to the question “Do you keep session logs or any other type of log that can be used to track identity and internet activity?” The response is “No, we don’t keep logs of this kind.” As such, we can conclude that no traffic logs are stored.
In the Privacy Policy, it states that “Aircraft servers and software procedures only obtain personal data that is absolutely necessary for the technical operation of the Service, for example an IP address.”
This may be cause for concern. However, it later states that “data is aggregated anonymously for statistical reports on server usage, CPU stress, and technical issues, for service improvement and bug fixing and as a countermeasure against network attacks.” This means that all connection logs are aggregated which means that they will not be associated with an individual user.
Anunin (UK) 3/4
Based in 5 eyes or 14 eyes? Yes, 5 eyes (0 points)
Traffic logs: no (2 points)
Contact records: number
IP address records: no (1 point)
On its homepage, this VPN claims “always anonymous, nothing logged”. The privacy policy states: “We never keep logs of online activity or store private information about an individual user’s activities on our network. Information related to payments may be logged, in accordance with payment processor regulations.” This seems fine as it appears that no traffic or connection logs are stored.
Anonymous VPN (Seychelles) 4/4
Based in 5 eyes or 14 eyes? no (1 point)
Traffic logs: no (2 points)
Contact records: Yes
IP address records: no (1 point)
Anonymous VPN has some bold claims:
“No logs at all. We are very serious about this. We do not store any logs of your online activity. So if payment starts and governments ask us to hand over our users’ logs, we say to them ‘Sorry, we can’t help you because we don’t keep logs.’” simplicity.”
Delving into the privacy policy, we found that this provider really does not keep any traffic logs, so your browsing history will never be logged. It keeps connection logs, including server location, timestamps, and the amount of data transferred.
Astrill VPN (Seychelles) 4/4
Based in 5 eyes or 14 eyes? no (1 point)
Traffic logs: no (2 points)
Contact records: Yes
IP address records: no (1 point)
In the FAQ sections, Astrill VPN states that it logs connection data, including IP and connection time while…
[ad_1]
Don’t forget to share this post with friends !
