This article has been just updated: January 16, 2024

Virtual Private Network (VPN) services are widely used as a means of maintaining online privacy and anonymity. They accomplish this feat by masking your IP address. Your Internet traffic is routed through one of the service’s VPN servers.zero log vpn

Websites that you contact see the VPN server’s IP address rather than your public IP address, essentially making the connection anonymous. If the website you are accessing logs connections, they will only have evidence of the VPN server making contact, not your computer or device.

Does your VPN Keep Logs?

In order to maintain your privacy and protect your identity, the VPN service should not keep any logs of your activity. If any logs are kept, they should only be for troubleshooting purposes and should not be made available to any third-party. Authority figures or investigators should not be able to access these logs in an effort to determine the real identity of the VPN’s users.

Most VPNs advertise the fact that they do not keep any logs of you or your online activity. Sadly, many things that are advertised fall short of the hype.


Let’s take a closer look at the logging policies that might be instituted by VPNs and try to determine if they are truly protecting you to the level you expect. Failure to do so can put you at serious risk depending on the purposes for which you are using a VPN. We will look a little deeper into what exactly a VPN is logging later in the article.

First, let’s take a look at which VPNs keep logs and which do not. We are not offering an opinion on whether the logs are kept for valid reasons or if turning them over to the authorities in certain situations may be warranted in the pursuit of justice.

These are questions for a greater discussion about online privacy and its impact on society in general. We are simply pointing out VPNs that do or do not keep logs of their user’s activity.

 

Which VPNs Do and Do Not Keep Logs?

It can be difficult to wade through the advertising and determine if a VPN really is enforcing a no logging policy. Sometimes, the truth comes out due to legal actions that reveal the true logging policy which a VPN follows.

Instances of VPN Logging Being Exposed

There have been several cases where it has been shown that VPNs which claim to conform to a no logging policy have, in fact, kept logs and made them available to the authorities.

free vpn no-log policyPureVPN 

In response to an FBI complaint regarding cyberstalking, PureVPN was found to have logs that contributed to the arrest of a PureVPN user. This directly contradicts the company’s no logging policy.

EarthVPN 

Dutch police arrested a man in 2014 for making bomb threats to a school based in part on IP transfer logs seized from an EarthVPN server.

best vpn no log policyHideMyAss 

The UK-based VPN provided connection logs to the FBI in a case of attacks made against Sony Pictures and the PlayStation Network. The company handed over the logs to comply with a court order.

Instances Where the No Logging Policy Has Been Confirmed

Several court cases or independent audits have demonstrated that some VPN services really do not retain any logs of their customers’ activity. Here are a few examples.

NordVPN

The company released the results of an audit in November of 2024 that was carried out by a reputable accounting firm. It confirmed NordVPN’s policies and practices.free vpn no logs

ExpressVPN

Based in the British Virgin Islands, the company refused demands from Turkish authorities to turn over user information. ExpressVPN claimed that they had no logs to provide. When Turkish authorities seized the company’s VPN server located in Turkey they could not obtain any logs or customer data.Perfect Privacy 

One of this VPN’s servers was seized by Dutch authorities in an unsuccessful attempt to obtain customer data.vpn that doesn't keep log activity

For a more extensive list of the VPNs that do and do not retain logs, we suggest that you refer to this website.

 

The Types of Logging a VPN Service Might Perform

There are two main types of logging that a VPN may choose to institute. In one case, the logs are fairly innocuous and do not pose a significant risk to your privacy. The other type of logging is much more dangerous to your online anonymity.

Connection Logs

Connection logs are used by the VPN to troubleshoot technical problems and to control abuse of their network by hackers. If your VPN retains logs, they are likely to be connection logs. These logs are kept temporarily for a limited time which may span anywhere from a day to several weeks. After the retention time elapses the logs are deleted.

The type of information contained in a connection log can be:

  • The IP address of your computer
  • The IP address assigned to you by the VPN server
  • The amount of data transferred during your connection
  • A timestamp indicating the start and end of the connection

Connection logs do pose a slight risk to your privacy. It would be theoretically possible to determine your actual public IP address from the connection log, but recreating your online activities is virtually impossible. The fact that the logs are only kept for a short period of time is also a factor that limits their usefulness to investigating an individual’s online movements.

Activity Logs

Activity logs are much more intrusive regarding your online privacy and are rarely kept by a VPN. In fact, if your VPN keeps an activity log you should stop using it immediately. By keeping an activity log it is performing the same type of monitoring that you are trying to prevent through the use of a VPN.

An activity log will generally provide the following information about your online activity:

  • All of the websites that you have visited
  • The names of all files that you have downloaded
  • Various programs and protocols you have used while online

Obviously, this is the kind of data you do not want available if you are at all concerned with your online privacy or anonymity. Your ISP keeps an activity log on your movements and that is one of the reasons which cause many individuals to use a VPN service. Entities that create these types of logs can sell your information to advertisers or provide it to authorities which may not have legitimate reasons for accessing the details of your online life.

Free VPNs often use this type of logging and its unsavory data sales to generate income for their service.

 

Territorial Jurisdiction and Logging Policy

Depending on where the VPN is headquartered and where its servers are located, there may be varying legal requirements that can force the company to hand over logs to investigators. In some locales, the government may directly engage in censorship or geo-restriction to limit access to certain websites. For this reason, it is critical to investigate the jurisdiction under which your VPN service operates.

Cooperative efforts between investigators or authorities in different countries can make it challenging to find the perfect location for the VPN you choose to employ. Countries may be members of the 5 Eyes, 9 Eyes or 14 Eyes alliances which work together to collect and share surveillance data. There are two related factors to consider regarding the jurisdiction under which the VPN operates.

Location of the VPN Provider – This is the business location of the VPN. Based on the country you live in and the uses for which you plan to use the VPN, you might be wise to choose a VPN that is not headquartered in the same nation.

Location of the VPN Servers – The location of the VPN servers may or may not be in the same country as the VPN business. Most quality VPN services will offer servers located in various countries in order to allow users to choose the one that serves their purposes the best. The location of the physical servers may be a more important factor than where the business is located.

You need to consider both the logging policy of your VPN and the jurisdiction in which it operates in order to make a reasonable determination regarding the true privacy of your online activity. NordVPN keeps no logs and operates out of Panama which has no data retention laws.

This combination of policy and jurisdiction should give you confidence that your privacy will be maintained. If your privacy is of great concern, take the time to thoroughly investigate the VPN’s logging policy so you are not unpleasantly surprised at a later date.

FAQ

A VPN’s no-logging policy generally indicates the service does not keep records of users’ internet activity, including browsing history, IP addresses, traffic data, connection timestamps, or used bandwidth. The intent is to enhance user privacy and security by not retaining data that could potentially be accessed by third parties.

VPN providers can enforce their no-logging policies by using secure, privacy-focused infrastructure, regularly undergoing independent audits to verify compliance, and implementing technical safeguards to prevent data retention. Transparency reports can also demonstrate adherence by disclosing any requests for user data and the provider’s ability to comply.

In some jurisdictions, legal requirements may obligate VPN providers to log certain user data. Laws may vary by country, with some governments enforcing data retention laws that require the collection of specific user information for a set period. Always check the provider’s privacy policy and the applicable laws of the provider’s base country.

While most reputable VPN providers stand by their no-logging claims, some might technically have the ability to log data, either to comply with local laws or for internal purposes such as troubleshooting or optimizing service performance. It’s essential to read the fine print in a VPN’s privacy policy to understand what data, if any, may be logged.

An independent audit is an external review conducted by a third-party organization to verify a VPN provider’s claims about their no-logging policy. It helps to ensure the provider’s practices align with their stated privacy policies by examining their systems and procedures for any potential data logging.

Yes, law enforcement agencies can request access to VPN logs. If the VPN provider keeps logs and operates within a jurisdiction where it’s legally required to comply with such requests, then the provider may have to hand over the information. However, with a strict no-logging policy, there should ideally be no data to turn over.

While using a VPN with a no-logging policy significantly increases privacy, it does not guarantee complete anonymity. Other factors, such as payment methods, email addresses used for signup, and potential DNS or IP leaks, can also affect a user’s anonymity.

Yes, the jurisdiction of a VPN provider can impact its no-logging policy. Providers operating in countries with mandatory data retention laws or those that are part of international surveillance alliances (like Five Eyes) may face legal requirements to collect or disclose data.

If a VPN provider is found to be violating its no-logging policy, it could lose credibility and trust among users. Legal consequences may also arise if the provider has knowingly misled consumers. Users may seek alternative services and, in some cases, the provider could face legal action or fines.

Some free VPN services claim to offer no-logging policies, but users should be cautious, as free services might have alternative revenue streams that compromise privacy, such as advertising or selling anonymized data. It’s vital to thoroughly research the policies and reputability of any VPN service.

International surveillance alliances, like the Five Eyes, Nine Eyes, and Fourteen Eyes countries, participate in data sharing for intelligence purposes. A VPN provider based within these jurisdictions might be legally required to log and share user data, potentially impacting the integrity of its no-logging policy.

Yes, there are instances where a VPN might implement temporary logging, such as when troubleshooting technical issues or if mandated by a court order. However, these instances should be clearly stated in the provider’s privacy policy and be the exception rather than the rule.

Users should look for clear language in a VPN’s privacy policy that specifies what data is not collected, an explanation of the legal framework under which the provider operates, any circumstances where data may be logged, and details on independent audits to verify the policy’s claims.

VPN providers benefit from implementing a no-logging policy by appealing to privacy-conscious customers who prioritize data security. This policy can also minimize legal responsibilities, as there is no data to be handed over even if requested by authorities.

A VPN provider might keep anonymous analytics to understand service usage patterns and improve the user experience. These are typically non-identifiable metrics that don’t compromise individual user privacy.

A breach of a VPN’s no-logging policy occurs when data that should not be stored according to the policy is logged and potentially disclosed to third parties. Any deviation from the stated policy without user consent can be considered a breach.

Transparency of VPN providers about their no-logging policies can vary. Reputable providers often share detailed privacy policies, conduct independent audits, and publish transparency reports. Yet, some providers may be less forthcoming, emphasizing the need for user diligence in evaluating VPN services. Research is key, and users can start by visiting providers’ homepages like NordVPN or ExpressVPN that are known for their strong stance on privacy.

Users can request data deletion if the VPN provider has a mechanism to collect and manage user data. Providers with a strict no-logging policy typically wouldn’t have any personal data to delete, but users should consult the company’s privacy policy and terms of service for details on data management and deletion requests.

If a VPN provider operates within the European Union or deals with EU residents’ data, it must comply with the General Data Protection Regulation (GDPR). GDPR requires clear consent for any personal data collection and the right for users to request data erasure — aspects that a no-logging policy should inherently satisfy.

Users can verify claims by looking for independent security audits, checking for court cases or incidents where the provider’s no-logging policy was tested, reading expert reviews, and reviewing transparency and annual reports. Active user communities and forums could also provide additional insights into a provider’s track record.