Does your VPN Keep Logs? 140 VPN Logging Policies Revealed
Other countries reportedly involved with the Five Eyes alliance are South Korea and Singapore. Japan has also been in the news for its surveillance ties with the US, as has Israel.
Why you should be skeptical about a VPN’s no-logs claims
For VPNs, being a no-logs provider is easier said than done.
Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET’s coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
July 31, 2020 4:00 a.m. PT
8 min read
Never mind its speed, customer service, or price — the single most persuasive claim any virtual private network provider can make to appeal to potential customers is that it keeps no logs of your web activity while you use its service. Every leading service in our directory of recommended VPN services and in the wider market globally claims to be a “no-logs” provider.
The problem with that no-logs claim, though, is that you can’t prove a negative. Verifying that a VPN isn’t logging user activity is impossible from the outside. That’s why some VPNs hire external auditors — or even journalists — to check inside their networks and see if they can find anything amiss. It’s a nice idea, but even once you’re rummaging through internal servers, not stumbling across a trove of logs doesn’t mean they aren’t there.
That’s the core problem with even the best VPN — despite all the audits and transparency gestures many companies undergo, it’s still a user-trust business. No matter how much we trust any particular VPN to help mask our internet browsing, it’s virtually impossible to verify whether a VPN truly keeps no logs. And we engage in that service knowing that all of our data is essentially funneled to a single company, with servers whose activity no expert can verify.
The reality is that all VPN providers have to keep certain logs of your activity in one way or another to make sure the service is maintained, and to continue operating at maximum speed. If you’re using the VPN just for watching out-of-area sports or streaming services, you may not be worried about a record of your VPN traffic. But for political dissidents, lawyers, journalists and leakers, distinguishing between the two types of user logs kept by VPN companies when deciding which you should invest in is key to personal safety.
Connection logs
The first kind of logs VPN providers may keep are sometimes called connection logs. In the best-case scenario, these are limited and seemingly anonymized logs that help the VPN provider monitor the workload of each server so that they can manage traffic, prevent abuse of the service and keep its network running. Any VPN service that limits the number of simultaneous connections per user (which is nearly all those we’ve reviewed, except for Surfshark) has to keep some of these kinds of logs in order to enforce the customer limit.
Connection logs could include things like:
- The time you connected to the VPN and how long you were connected for
- The IP address you originally connected from
- Which server within the VPN you’re connecting to
- Any diagnostic data you agree to send to the VPN following a crash
Because data retention laws vary by country, a VPN provider may be required to keep some kind of connection logs for a specific period of time in order to make them available to law enforcement officials if subpoenaed.
Make no mistake, some of these types of logs can readily identify your home as a source of internet traffic, thereby compromising your privacy . Because of this, some companies such as ExpressVPN, vow to never keep connection logs.
It’s worth looking at the types of connection logs your VPN claims to maintain, and for how long they’re maintained. If your VPN keeps IP address connection logs, for instance, then it’s best to look elsewhere for a provider.
Usage logs
The more concerning kind of VPN user logs are commonly called usage logs. These are the ones that a VPN company means when it calls itself a “no-logs provider.” Usage logs, sometimes called traffic logs, are literally records created which describe your IP address and track its activity across the websites you visit. If a VPN service is caught keeping these kinds of logs, it’s a PR disaster at the very least, and possibly an existential challenge.
Some of the things that can be discovered about you via your usage logs could include:
- A list of all the websites that you’ve visited
- The content of any messages you’ve sent or received if not encrypted
- A list of which apps and services are on your device (if the VPN funnels web traffic for all the connected apps on your device)
- Your physical location, if your IP address is being logged
Suffice it to say, that’s the sort of information being logged by ISPs and advertisers that drives many users to subscribe to a VPN in the first place. So finding out that your VPN is logging the same info on you is just substituting one bad actor for another.
7 free ‘no-log’ Hong Kong VPNs that were keeping logs
That’s exactly what happened earlier this month, when Hong Kong-based VPN provider UFO VPN was found by Comparitech to be keeping detailed information on its users. A database of usage logs — including account credentials and potentially user-identifying information — was exposed. To make matters worse, six more VPNs — all of which were apparently sharing a common “white label” infrastructure with UFO — were also reportedly logging data, according to The Register.
While all of the offenders billed themselves as no-log VPNs, they were also free VPNs — another reason why you should always avoid using free VPNs.
Watch this: Top 5 Reasons to Use a VPN
The law enforcement test
One of the clearest ways a VPN provider can prove it keeps no usage logs is to have its servers seized by authorities. That’s exactly what happened to ExpressVPN in 2017, when an investigation into the 2016 assassination of Russia’s ambassador to Turkey, Andrei Korlov, led Turkish authorities to seize one of ExpressVPN’s servers looking for logs of conversation allegedly related to the crime. Authorities came up empty-handed, which bolstered ExpressVPN’s no-logs reputation.
The same trial by fire happened to IPVanish and PureVPN in 2016 and 2017, respectively — but with decidedly different results. In the case of IPVanish, federal law enforcement came knocking with a warrant (or, more precisely, a Department of Homeland Security records summons), and the VPN’s “zero-logs” policy was put to the test. IPVanish provided authorities information that led to the identification and arrest of a child predator. A similar incident the following year revealed PureVPN had cooperated with the FBI to track a stalker using its service. In other words: Both “no log” VPNs appeared to be providing logs to authorities.
No such thing as online anonymity
To be clear here, my beef isn’t with a VPN company helping cops catch a child abuser or stalker via usage logs, assuming the requisite warrants or subpoenas are proffered. It’s with a VPN company lying to its customers about its underlying policies. VPNs are international operations. The lie that helps law enforcement in the US catch abusers is the same lie that helps law enforcement in China arrest a person for using a VPN at all.
If you take away just one thing from this article, let it be this: Total anonymity on the internet does not exist. Do not allow any company to fool you into believing that you are operating completely anonymously on the internet. In most cases, the skillful choice and operation of a VPN is the best way to improve your privacy odds and can make you much harder to catch, but no VPN (or any software) can truly make you disappear.
You may also consider using private browsing tool Tor instead of a VPN, but be warned: Tor is browser-based and therefore does not by default encrypt all of the internet connections your computer is making at any given moment. So any internet-connected background programs or apps — whether seemingly secure messaging apps, torrenting apps, or even unseen micro-apps that help a larger piece of software function — which are operating outside of the Tor browser could be leaving a trail of your private data. Using Tor with a VPN simultaneously can also ultimately undermine both types of privacy if you haven’t properly configured the two to work together.
Also be wary of home-based proxy servers as a cure-all if you are in a country with anti-VPN and anti-encryption policies; without proper obfuscation technology, your traffic will look like two kids inside a trench coat trying to sneak into an R-rated movie.
Tips for choosing a safer VPN
If you’re using VPNs because the stakes of your searches are life and death, then not only do you want to scrupulously check your VPN’s privacy policy to see if it openly admits to any of these logs, but you want to be sure you select a VPN proven to never keep logs (in other words, one that survived a server seizure unscathed or has an impressively thorough audit record). Even then, the risk you take still includes a potentially unknown company ownership structure.
To improve your privacy odds, look for a VPN headquartered outside of the reach of a country with data retention laws and international intelligence sharing agreements, which supports Perfect Forward Secrecy and obfuscation, touts a RAM-only server network, and avoids or limits the use of virtual servers. Virtual servers can be necessary in some cases, such as ExpressVPN’s current use of them in Turkey, but they’re generally thought less secure than “bare-metal” physical servers.
The shadiness of VPN supply chains is well documented. So you may also improve your privacy odds by selecting a VPN which owns 100% of its fleet of servers (a rare claim, and rarer still to prove), and by connecting only to those servers maintained outside the countries whose surveillance you’re trying to avoid. Most VPNs lease server space from third-party contractors across the world out of financial necessity, but each of those server warehouses present a potential privacy vulnerability.
At any point, a spot of outdated server management software (which varies from contractor to contractor) in the far reaches of a country could lead to potential identity exposure. We saw this when NordVPN saw a single server contractor compromise in October 2019, leading to its recent RAM-only conversion. A less charitable interpretation of that risk is warranted here: Anyone with administrative access to those servers, under the right kind of persuasion, could potentially activate some form of monitoring.
In the best case, that monitoring would only reveal traffic which retains a base level of HTTPS encryption, and wouldn’t reveal the server you came from or the server you’re heading to. In the worst case, your traffic is naked and your use of a VPN can get you in more trouble than the search you tried to hide with a VPN.
Does your VPN Keep Logs? 140 VPN Logging Policies Revealed
Almost every VPN provider you come across will have some type of claim regarding logs. Offering a logless service is often viewed as a key selling point. Many users look to VPNs as a means to improve privacy and increase anonymity. It makes sense that they don’t simply want to go from ISPs tracking them to another company doing the same.
Although it would be nice and simple if all VPNs simply kept no logs at all, the fact is that many do keep some records. These might include logs of websites visited (these are rare) or usage logs such as time connected to the VPN and the amount of bandwidth used. There are various reasons for keeping logs. For example, bandwidth may be recorded if there is a cap per user per month. In some cases, logs are kept to support a business model that requires additional data. For instance, a provider might profit from advertisements placed on commonly visited websites.
What all of this means for users is that they might not be getting the privacy they’re hoping for. If there’s one thing you should look out for in the privacy policy of a VPN, it’s the logging policy. Before you choose a provider, you need to know exactly what information will be recorded and what it will or could be used for.
In this guide, we’ll explain the different types of logs that might be kept by VPN providers and how they may be used. We’ll also explain the significance of the location of VPN providers in terms of Five Eyes and 14 Eyes countries. We’ll then look at the logging policy of each provider in turn to reveal exactly what its approach is.
TIP: VPNs that don’t keep logs are very popular with torrenters, but not all VPNs allow torrenting on their network. We have a round up of the best VPNs for torrenting here and an article discussing the legality of torrenting here.
Note: Bear in mind that this article will relay our interpretations of the logging policies, some of which can be tricky to decipher. We’re happy to edit inaccuracies if spotted. What’s more, policies are subject to change over time and while we endeavor to revisit this article periodically, we can’t practically track every change as it happens.
The types of logs and how they’re used
VPN logs are the data that providers keep regarding usage of their service. When it comes to what they could store, you have to remember that your provider has access to all of your internet activity. So everything your ISP would normally see is technically now accessible by your VPN provider. Of course, if providers actually logged and stored all of that data, they wouldn’t be offering a very attractive service, and would no doubt lose a lot of customers. Instead, the lack of logs is one of the main selling features broadcast by many providers in a bid to win over consumers.
Basically, the fewer the logs, the more attractive the service. Which brings us to the commonly used claims of “no logs,” “zero logs,” or “logless.” Of course, you can’t just take these claims at face value. Many providers assert that they don’t keep any logs, but in reality, most keep some form of records. The ambiguity arises because there are many different types of logs that they might keep. You need to delve deeper into privacy policies and/or terms of service to find out what information, if any, is being recorded.
Another thing to bear in mind is how long logs are actually stored for. Some providers automatically delete data after 24 hours while others might store it for longer periods, even indefinitely. Of course, from a user perspective, the former is better.
One thing to note before we get into the different kinds of logs is that you’ll often find mention in privacy policies of tracking and cookies on the provider’s own website. This is completely separate from VPN usage and is a normal part of any online business.
Now, let’s take a look at the different types of logs you might come across when researching providers.
Connection logs
These might be referred to as metadata, diagnostic logs, or usage logs. They may include timestamps, which VPN server is used, and the amount of bandwidth consumed. Sometimes this data is tied to an individual account but in other cases is only collected on an aggregate basis.
Typically, these records are used to improve and maintain operations. On an individual user basis, a provider may need to keep track of the number of simultaneous connections or how much data is being transferred per day or month. It also makes sense that a provider would want to know how many people are using a given server at one time and the load being placed on that server, in order to optimize the service.
When it comes to privacy, data collected on an aggregate basis doesn’t pose a serious risk. Connection logs tied to an individual user are a little trickier. It really depends on the nature of the logs and whether they are linked to any Personally Identifiable Information (PII). If logs are tied to a user account, this still may be okay. Some providers enable you to open an account without handing over any PII. For example, an account created using a disposable email address and paid for via Bitcoin isn’t traceable to an individual if no PII is required.
One important thing to note here is the definition of PII. Some providers state that they don’t require PII but they do record the IP address of the user. This may be connected to the account upon signup or recorded as part of the connection logs. This brings us to our next type of log.
IP address logs
IP address logs are where a lot of supposedly “no logs” providers get into trouble. An IP address could easily be attributed to an individual, or at least a single wifi router, and should really be considered PII. An IP address connected to a timestamp could potentially link actual activity to an individual. Indeed, this has been the scenario in some of the cases we’ll mention as we go through our VPN list.
One of the main reasons to use a VPN is to conceal your IP address. When that information is logged and stored, it has the potential to be exposed to third parties. At best, it could be acquired by annoying advertisers striving to build a profile around each user. At worst, it could fall into the hands of malicious hackers, copyright trolls, or government agencies.
Traffic logs
Finally, but perhaps most importantly, we have traffic logs. When it comes to VPNs, these are the worst kind of logs. They include the contents of internet traffic, such as browsing history, files downloaded, purchases made, messages sent, and software used. Really, no one should even consider a VPN that has been reported to keep these kinds of logs. It really defeats one of the main purposes of having a VPN in the first place — privacy.
There are various reasons these logs might be kept, but the main one is profit. This is why it’s important to be especially wary of free VPN services. These providers have to make money somehow and data is valuable. Data that contributes to building a profile around an individual user is particularly so and can be sold to advertisers or other third parties. In the worse case, hackers or snoopers could get their hands on these logs, leaving you wide open to attacks. In particular, leaked personal information can easily lead to identity theft.
Warrant Canaries
One more term worth noting before we move on is a ‘warrant canary.’ These are advertised by some providers as a way to help maintain privacy. A warrant canary is usually a single webpage, typically updated once a month, which states that no secret government subpoenas have been issued to the provider. By default, if the statement is removed, this signals that a subpoena has been issued and alerts users as such.
Of course, if a provider is completely logless, then it would have no data to hand over anyway. As such, many of the providers with true no-logs policies would argue that a warrant canary is pointless. Plus, the fact that they’re often only updated once a month renders them even less useful. Nonetheless, we’ll mention warrant canaries as relevant for the providers in this post.
VPN policies revealed
Now that we’ve covered the types of logs that might be kept by providers and what they might be used for, you’ll have a much better idea for what to look out for when reviewing the logging policies of various providers. It’s time to get stuck in and reveal exactly what these providers track and store, to help you decide which one might be the best for you.
A
AceVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Does AceVPN’s “no logs” claim stand up? Well, its privacy policy states “We do not spy on our users and we don’t monitor their Internet usage. If we have reasonable grounds to suspect that an end user is involved in criminal activities, we reserve the right to notify law enforcement agencies.” This sounds good but is a little ambiguous as it doesn’t actually define “internet usage.”
In the FAQ page it states that “We do not log period. No meta-data logging, no traffic logging, no bandwidth usage tracking.” This means that this provider is free of both traffic logs and connection logs.
AirVPN (Italy) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but they’re aggregated logs
IP address logs: No (1 point)
In AirVPN’s FAQ section, in response to the question “Do you keep session logs or any other kind of logs that can be used to track identity and Net activity?” the response is “No, we don’t keep logs of that kind.” As such, we can conclude that no traffic logs are stored.
Over in the privacy policy, it states that “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.”
This could be cause for concern. However, it later states that “Data are aggregated in anonymous form for statistical reports on servers usage, CPU stress, technical issues, in order to improve the service, fix bugs and as a countermeasure against net attacks.” This implies all connection logs are aggregated which means they would not be associated with an individual user.
Anonine (UK) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
On its homepage, this VPN claims “Always anonymous, nothing logged.” In the privacy policy, it is stated that “We NEVER keep online activity logs or store private information about individual user activities on our network. Information regarding payments may be logged, as per payment processor regulations.” This looks good as it seems that no traffic or connection logs are stored.
Anonymous VPN (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
The Anonymous VPN website has some bold claims:
“No Logs what-so-ever. We’re dead serious about this. We don’t store any logs of your online activity. So if push comes to shove and governments ask us to hand over logs of our users, we just tell them “sorry folks, can’t help you cause we don’t keep logs”. It’s that simple.”
Upon delving into the privacy policy, we found that indeed this provider doesn’t keep any traffic logs, so your browsing history will never be recorded. It does keep connection logs, including server location, timestamps, and amount of data transferred.
Astrill VPN (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
In its FAQ sections, Astrill VPN explains that it logs connection data, including IP and connection time during active sessions, in order to monitor the number of simultaneous connections from a single account. It does state that these are removed immediately after the session is over or you can erase them (presumably during a session) from the member area.
In the same answer, it is explained that connection logs, including connection time and duration, country, and device type, are logged for the last 20 connections (per user). Although, there is no personally identifiable data (such as an IP address) involved.
Atlas VPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Atlas VPN ensures the logging section of its privacy policy stands out:
“We are no-logs VPN: we do not collect your real IP address and we do not store any information that identifies what you browse, view, or do online via that VPN connection.”
It keeps no traffic logs at all. Minimal connection logs are maintained such as device identifiers, but nothing that could be used to identify you.
Avira Phantom VPN (Germany) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but can be turned off
IP address logs: No (1 point)
In the FAQ section of this provider’s homepage, it is explicitly stated that personally identifiable information such as an IP address is not tracked. Avira Phantom VPN does keep some connection logs including the amount of data used and diagnostic data (e.g. bugs encountered). The latter can be turned off within the product interface.
AzireVPN (Sweden) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
AzireVPN offers a very clear breakdown of its zero-logs policy within its Terms of Service (TOS):
“AzireVPN does NOT log any traffic or user activity while using our service.
AzireVPN does NOT log timestamps or any information relating to when a user connects/disconnects from our service.
AzireVPN does NOT log or shape any bandwidth on our servers.
AzireVPN does NOT log the original IP addresses of our users when they connect OR their AzireVPN IP address when they are using our service.
AzireVPN does NOT log the number of your active sessions or total sessions.
AzireVPN does NOT log your DNS requests on our servers.”
This is exactly the kind of clear logging policy you’ll hope to see on the websites of all providers.
Avast SecureLine VPN (Czech Republic) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, kept for up to 30 days
IP address logs: No (1 point)
Avast offers a full suite of privacy and security products and, as a result, has a lengthy privacy policy. Here’s what relates specifically to the VPN service:
“Avast SecureLine: When you use the Avast SecureLine virtual private network (VPN) service, the server may capture certain basic data such as the time and network location from which the VPN connection was made and the duration of the VPN connection. This information is routinely deleted within 30 days. In addition, the system may store data on the bandwidth transferred per session.”
So connection logs may be maintained for up to 30 days, but there are no traffic logs and IP addresses are not recorded.
B
Best VPN-Fast Proxy (Vietnam) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
Best VPN’s privacy policy (that of developer MicOffice Inc.) explicitly states that no logs of online activities are maintained. Your IP address is recorded while you’re connected to the VPN but it’s deleted as soon as you disconnect.
Betternet (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes, but anonymized and aggregated (2 points)
Connection logs: No
IP address logs: No (1 point)
Betternet keeps connection logs but only during an active session, after which the user IP address is deleted. In the intro to the privacy policy, it talks about the fact that it doesn’t associate your PII, including your IP address with your online browsing activity. This indicates that there are some traffic logs and indeed this is clarified later on in the policy. Betternet stores data about websites visited and apps used but this is anonymized and aggregated. Still, some users may take issue with their activity being recorded at all.
blackVPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP ddress logs: No (1 point)
The first claim on the homepage of blackVPN’s website is “No traffic logs. No connection logs. No DNS logs. Your real IP address is never logged.” This provider has never kept traffic logs, but as outlined in a blog post, it used to keep connection logs for seven days. It later realized this was damaging to its reputation of being a private and secure provider. As such, it no longer keeps these logs and all data is removed at the end of each session.
BolehVPN (Malaysia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)
BolehVPN doesn’t keep traffic logs or monitor user activity. It doesn’t typically keep connection logs such as timestamps or bandwidth usage for individual users. But it does keep track of overall traffic and number of connections for each server. This is fine since it isn’t attached to any particular user. The privacy policy states that it “may turn on logs temporarily to identify abuse of our services…” and that this has happened “a handful of times in our many years of operation.”
Boxpn (Turkey) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
In its privacy policy, Boxpn tells users “We NEVER keep online activity logs or store private information about individual user activities on our network.” We double-checked with the provider about connection logs and a representative confirmed that no logs are kept.
BTGuard (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The BTGuard website doesn’t break down exactly what it does or doesn’t collect but the privacy policy does state “Netcrawled LLC DOES NOT collect your Internet Protocol (IP) addresses or customer usage.” This is good enough, as the IP address is not recorded.
BulletVPN (Estonia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
BulletVPN’s privacy policy lays out exactly what information it does and doesn’t collect. There are no traffic logs and no connection logs linked to an IP. BulletVPN does track the total amount of data used for each user and monitors the number of simultaneous connections per account.
C
CactusVPN (Moldova) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
CactusVPN has a true no logs policy as stated on its Terms & Conditions page: “That means that we will not store any data relating to your activities while using any of our privacy solutions, and will not record, monitor, log or store any of your information. CactusVPN also guarantees that none of your information will be passed on to a third party. We do not store any IP addresses, traffic logs, connection timestamps, used bandwidth or session duration information that could be traced to a single person.”
CyberGhost (Romania) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, but only connection attempts and not tied to users
IP address logs: No (1 point)
As stated in CyberGhost’s privacy policy, “Through our strict no-logs-policy, we ensure that we do NOT track user traffic performed inside the CyberGhost VPN tunnel such as: browsing history, traffic destination, search preferences, data content, IP addresses or DNS queries.”
In short, CyberGhost doesn’t keep any traffic logs and keeps no connection logs that can be tied to an individual user. The only things it tracks are connection attempts and whether or not they were successful, but this information is not tied to user accounts.
CyberSilent (Poland) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Within its TOS, CyberSilent explicitly lays out its zero-logs policy: “CyberSilent VPN does not monitor, store or record logs for any VPN client. We don’t store time stamps, utilized data transmission, activity logs, IP addresses.”
D
DefenceVPN (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
The DefenceVPN homepage states “We don’t log here at DefenceVPN, that way your information is totally secure from third parties.” The privacy policy goes on to say “DefenceVPN does not store or log any traffic or usage from its Virtual Private Network (VPN). We do log total data used during a session, stored by username. We do not keep traffic logs, incoming or outgoing timestamps, IP addresses during a session.”
So the only log that is kept is total data used per user during a session. This provider offers unlimited bandwidth so this log is presumably used to avoid and identify abuse of the service by an individual.
DefenceVPN offers a warrant canary which reported a clean bill at the time of writing.
Doublehop (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Doublehop markets itself as “a fresh VPN startup aiming to rock the boat…” and indeed it does appear to take a rather different approach across the board. Its clear, concise privacy policy is a far cry from some some of the poorly worded or jargon-filled documents we’ve had to endure with some providers. When it comes to logs, this is what Doublehop has to say:
“Zero, zip, zilch, nada. For realsies, /dev/null 2>&1. We have nothing to share with authorities, even if we felt compelled to.
No traffic logging
No DNS request logging
No timestamps logging
No bandwidth logging
No IP address logging”
Sounds good to us!
E
EarthVPN (Cyprus) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Potentially (0 points)
EarthVPN’s privacy policy is a little confusing when it comes to the subject of logging. On the one hand it says that “Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our site and our services.”
Later on there is the statement that “EarthVPN neither logs VPN usage nor user activity. Neither us nor third parties are technically able to match an IP address to an account.” The latter part of this appears to contradict what is said earlier. We asked the provider for clarification but didn’t receive a response at the time of writing.
Easy Hide IP (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Easy-Hide-IP has a true no logs policy. “We NEVER keep online activity logs or store private information about individual user activities on our network.”
ExpressVPN (British Virgin Islands) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
ExpressVPN doesn’t keep any traffic logs or monitor user activity. It does keep connection logs including the date of the connection (not the time) and the server used. The total amount of data transferred per user is also monitored. ExpressVPN doesn’t log your IP address, but the connection logs are tied to the user account. However, since you could sign up to ExpressVPN without handing over any PII (using Bitcoin and a burner email), this doesn’t mean the logs can be linked to an individual.
Note that ExpressVPN defines the term “connection logs” slightly differently to how we have defined it above, and according to their definition (which doesn’t include datestamps or amount of data transferred), they don’t keep any connection logs. Those discrepancies aside, the important thing here is that the company maintains no logs of any data that could be used to identify an individual user.
A recent case saw Turkish authorities seize an ExpressVPN server as part of an investigation. However, they found no useful information, a fact that serves to back up the company’s no-log claims.
F
F-Secure Freedome VPN (Finland) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
The homepage for this provider states there are no traffic logs. In the privacy policy we learn that F-Secure maintains “temporary logs that contain the duration of the VPN sessions, the amount of data transferred, the device ID and the public IP address from where the VPN client connects to our service.” These logs are kept for 90 days.
Faceless.Me (Cyprus) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
This provider claims to have a true no-logs policy. It even states on its homepage that “We’re not keeping logs of your activity, so in case FBI asks – there’s nothing.” Moving over to the FAQ page, when asked about logs of online activity, the response is “No! Absolutely not! We only track your data usage totals and your IP address, which is required for our internal bookkeeping. And even this data is kept on our servers for a limited time.”
So really, there are logs in the form of connection logs and these include real user IP addresses.
Fast VPN (Hong Kong) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Fast VPN‘s privacy policy states that the app doesn’t record traffic logs or browsing activities. However, it does record connection logs including “IP address, browser type, language used, date and time of access, software and hardware feature information and other data.”
FinchVPN (Malaysia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
In its privacy policy, FinchVPN explains that it does not record any internet usage data or track user activity. It does keep some connection logs including timestamps and bandwidth usage. These are connected to user accounts rather than real user IPs. Since it accepts coin payments, a user ID doesn’t necessarily constitute PII.
Flow VPN (Canada) 0/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Most providers we’ve come across so far have logging policy information easily accessible on their site. It’s usually in the privacy policy or TOS, one or both of which can often be found in the website footer. This isn’t the case with Flow VPN, but after a quick search, we did find the policy pertaining to logs.
It’s no wonder it’s hidden, as it’s not pretty. This provider reserves “the right to log subscription information (including transaction references), connecting IP address, authentication requests, session data (allocated IP, connection date, time, duration etc).” So yes, that’s all types of connection logs and they’re attached to a source IP address.
But that’s not the worst part. “To comply with the requirements of our bandwidth providers we reserve the right to log activity across our network and use automated systems to monitor network activity for abuse (such as use of BitTorrent and similar peer-to-peer file sharing).” So basically anything you do while connected with this provider could be logged!
FlyVPN (USA) 1/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No, but source and destination IPs are logged (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)
FlyVPN doesn’t keep any traffic logs. It does keep a full list of connection logs, including your IP address, timestamps, destination IP, and port number. Bear in mind that by collecting your real IP, timestamps, and your destination IP, this provider might as well be keeping traffic logs.
FrootVPN (Sweden) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The FrootVPN homepage states “We do care about your internet privacy and therefore we do not log anything at all. Your details will never be shared with any third party.” This is further clarified in the ‘No logging’ page which confirms that no connection logs such as timestamps are stored.
Freedom-IP (France) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Freedom-IP does not record any traffic logs and is up front about the data it collects from each session:
“IP Address of connection
Start time of session
End time of session
Data received of session
Data sent of session”
Of course, it does include user IP address, which is not ideal.
Free VPN – Anonymous Online with Fast VPN Server (USA) 0/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)
This VPN’s privacy policy talks about information collected when you visit the website, but it’s unclear if it records VPN traffic or connection logs. We sent an email for clarification but haven’t yet received a response.
Free VPN by FreeVPN.org (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Free VPN by FreeVPN.org is very firm about the fact that it doesn’t store any logs at all. The privacy policy states:
“Unlike other VPN providers, We DO NOT collect any information of our users. We are committed to protecting your privacy.”
It also goes on to explain it doesn’t share any user information with its ad partners. There is an ad-supported free version of the app, but this does not serve ads based on user information.
Free VPN Fast Unlimited Secure Android VPN Proxy (Location Unknown) 2/4
Based in 5 Eyes or 14 Eyes? Unknown (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
We were unable to determine the location of this provider. Free VPN uses a similar generic privacy policy to some of the VPNs below (including Speed VPN and Secure VPN). It states that no traffic logs are maintained but extensive connection logs are recorded and these include personal information such as email address and IP address.
Free VPN Proxy – Super VPN Unblock Master (Singapore) 1/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)
This VPN’s privacy policy discusses the cookie policy but it doesn’t mention VPN app logs. We contacted the provider to find out more and will update this section if we get a response.
Free VPN Tomato (Singapore) 1/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Possibly (0 points)
Connection logs: Possibly
IP address logs: Possibly (0 points)
Free VPN Tomato provides a fairly ambiguous privacy policy. It does say that “personal information” is not collected, but under its definition, it does not mention IP addresses.
Under “non-personal information,” it states:
“We collect your non-personal information when you visit our website, including your device information (device ID excluded), operation system, logs.”
While there is mention of logs here, there is no explanation of the types of logs, so it’s feasible that both traffic logs and IP addresses may be stored. We reached out to the developer to find out more information but have not received a response as of the time of writing.
Free VPN Zone (Location Unknown) 0/4
Based in 5 Eyes or 14 Eyes? Unknown (0 points)
Traffic Logs: Possibly (0 points)
Connection logs: Possibly
IP address logs: Possibly (0 points)
We were unable to find out the location of this VPN, which is a bit of a red flag. The privacy policy is very vague when it comes to logs, but it does appear possible that this VPN collects traffic logs and connection logs. It states:
“FreeVPN collects the following types of Personal Information through the Service:
- a) Contact Information;
- b) User Account Information;”
But it doesn’t specify what that information is. We reached out to them via email to check but have not heard back as of the time of writing.
FrostVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
FrostVPN doesn’t log any traffic data. It does record “time, date and location VPN connection was made.” However, this information can not be connected to an individual user which implies IP addresses are not part of the connection logs.
G
GhostPath (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
GhostPath has a true zero logs policy. As outlined in its privacy policy “We do not track activities outside of the Ghost Path site,” and, “We do not log any data related to your VPN sessions.”
GOOSE VPN (The Netherlands) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for 30 days
IP address logs: No (1 point)
GOOSE VPN doesn’t keep traffic logs or monitor user activity. It does keep connection logs, including a date stamp, Operating System (OS) used, general geographic location, and a couple more items. User IP addresses are not logged and the connection data is automatically aggregated. It is then stored for 30 days before being deleted.
GoTrusted VPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
In its privacy policy, GoTrusted VPN mentions that it may “gather data on connection information, including the timing and size of all packets sent over the Internet during a session.” This is a bit vague and nowhere does it state whether traffic logs are kept and whether connection logs include IP addresses.
We posed the question to GoTrusted and they responded that although the overall network performance is monitored, “GoTrusted does not log the URLs that you are browsing or monitor individual session traffic.”
GreenNet VPN (Estonia) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
The GreenNet privacy policy makes it clear that no traffic logs are kept and it doesn’t record the VPN IP address assigned to you. When it comes to connection logs, it discusses the fact that it “may” collect various types of data, but doesn’t go into specifics of what it actually collects.
For example, it says:
“The data we collect depends on the context of your interactions with us, the choices you make, including your privacy settings, and the products and features you use.”
It then goes on to provide a long list of data types including IP address, email address, timestamps, and device identifiers.
We contacted the company to find out more specifics but have not yet heard back.
H
HeadVPN (UK) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
In its VPN privacy policy within its terms and conditions page, this provider states “The Website does not, and will not, actively monitor user activity for inappropriate behavior, nor do we maintain direct logs of any customer’s Internet activities.” There is no mention of connection logs, but when we asked customer support, a rep told us that there are no connection logs kept whatsoever.
Hide.me (Malaysia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for a few hours
IP address logs: No (1 point)
Hide.me does not keep traffic logs or monitor user activity. If you’re in any doubt, you can actually view a certificate issued by an independent security analyst corroborating all claims on the website. It does keep some connection logs, but these do not include actual user IP addresses and are erased “every few hours.”
Hide.me published a transparency report at the time the above certificate was issued (which can be viewed in the same link.) Notably, there were many requests during the years covered in the report, but Hide.me maintains that its response each time was “hide.me cannot and does not keep any logs; hence we will not be able to provide you with any further information on this matter.”
HideIPVPN (Moldova) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
HideIPVPN “does not store IP addresses, browsing history, traffic destination or DNS queries.” Although, later in the privacy policy we’re warned that “HideIPVPN urges its clients to assume that all of their on-line communications are insecure.” This doesn’t exactly scream confidence in its abilities as a provider.
HideMyAss (UK) 1/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No, but it records source and VPN IP addresses (1 point)
Connection logs: No
IP address logs: Yes (0 points)
HideMyAss does not store information about the websites you visit, but it does store fairly detailed connection logs. These include your IP address, the VPN IP address, timestamps, and amount of data used. The IP address is concerning, especially as it is accompanied by the VPN IP address. This means that activity can fairly easily be traced back to an individual user, so it might as well keep traffic logs.
Indeed, this provider was involved in an FBI case back in 2011, in which it handed over details used to track down a LulzSec hacker.
Hola (Israel) 1/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Hola appears to have a very distinctive “all logs policy” within its privacy policy: “Log Data may include information about your device such as: your IP address, browser type, webpages you visit, time spent on those pages, access times and dates, and the unique identifier generated for your device (if you use the Services from your mobile device then such an identifier may be you mobile number).”(which could be your phone number!)
It goes on to say “We use such data in its aggregated form and is not combined with any Personal Information.” Clearly a phone number is PII, and so effectively is an IP address. Both could easily be traced to an individual user.
Hotspot Shield (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: Yes, but aggregated and anonymized (2 points)
Connection logs: No
IP address logs: No (1 point)
Hotspot Shield does maintain some connection logs, including your real IP. However, these are deleted at the end of each session. While it doesn’t tie real user IP addresses to online activity, it does keep aggregate logs of websites visited and apps used.
Indeed, there has been some controversy surrounding this VPN and it has even has a complaint filed against it by a privacy advocacy group. It was also one of the subjects in a 2016 report that brought to light some of its questionable activities, including redirecting traffic through affiliate links. However, it should be noted that Hotspot Shield is under new ownership since these incidents.
I
IdentityCloaker (Czech Republic) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but can be hidden (1 point)
“While surfing the web through Identity Cloaker proxy or VPN servers, we do not store the addresses of the visited websites or other resources and we store no transported data for a period longer than necessary to finish the Internet data transfer handover. No caching on permanent record media (for example hard drives) is being utilized.”
There are definitely no traffic logs here and the last sentence implies no connection logs, but we asked just to make sure. It turns out that timestamps and data usage are recorded, as are IP addresses. However, “if you use the Identity Cloaker application and connect in the encrypted mode, the log is unable to record your real IP address and instead records the proxy server IP.” The connection logs are kept for six months before being deleted.
IPVanish (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
One of the first claims on the IPVanish homepage reads: “Our strict zero-logs policy keeps your identity under wraps. We do not record any of your activity while connected to our apps in order to preserve your civil right to privacy.” There is no mention in the privacy policy or elsewhere of specific connection logs. We asked support and were informed that this provider does “not monitor, record or store logs for any single customer’s VPN activity.”
It recently surfaced that IPVanish logs were used in a Homeland Security investigation. However, the company was under different ownership at the time and the current owners have assured users that IPVanish stands by its existing no-logs policy.
IronSocket (Hong Kong) 2/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No, but stores source and VPN IP addresses for 72 hours (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)
IronSocket does not keep any traffic logs or monitor user activity. As outlined in the privacy policy, it does record connection logs:
“Upon Use of the Services, we additionally collect the following session information:
- Time and date of the session connection and disconnection;
- The IP address used for the session and which server was connected to; and
- A numerical representation showing total bytes transferred per session;”
It’s not quite clear if “The IP address used for the session” refers to the real user IP address or the one issued by the provider. We asked for clarification and it turns out both are recorded. It is noted that this data is only stored for 72 hours before being purged.
Ivacy (Singapore) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Ivacy operates with a true no-logs policy. It does not monitor traffic or record session data, “meaning we cannot identify and connect a specific activity with a particular user of our service.”
IVPN (Gibraltar) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
IVPN is another provider that uses a strict no-logs policy. It doesn’t monitor web traffic nor does it record any session data, such as timestamps or bandwidth usage.
K
Kaspersky (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
We looked for a terms of service or privacy policy for Kaspersky’s VPN service but couldn’t find anything. A customer support representative was able to direct us to the license agreement but there is nothing here regarding logging. However, the rep did assure us that no traffic or connection logs are maintained. If there is an issue with the service, logs may be collected to diagnose the issue.
Keenow (Israel) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)
Keenow doesn’t keep traffic logs or monitor user activity. It does store connection logs, including real IP address, bandwidth usage, and timestamps. Of course, the one worrying piece of information here is the real user IP address which can be traced to an individual.
L
Le VPN (Hong Kong) 2/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No, but both source IP and VPN IP are recorded (1 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Le VPN does not store or monitor usage data such as websites visited. It does keep connection logs, including real IP address, timestamps, VPN IP address, and amount of data used. The fact that a real IP address is stored along with the new IP means that all activity can be traced back to the individual user. What’s more, the data is stored for “a certain period of time even though we have no obligation to store any such data.”
Liberty Shield (UK) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
Liberty Shield’s very brief privacy policy is buried at the bottom of its TOS, but it does state: “We are committed to your privacy and do not collect or log traffic data or browsing activity from individual users connected to our VPN.” It does keep connection logs but these are limited to timestamps, server location, and amount of data transferred.
LimeVPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
LimeVPN actually has a page dedicated to describing its logging policy. Here, it explains that no traffic logs are maintained, including downloads or media. It does state that some connection logs are kept, including timestamps, connection duration, and bandwidth usage. This data is kept for an unspecified period of time but is “regularly cycled within our servers.” It’s not immediately clear if this data is connected to a user IP, but a few lines down it states “Neither we nor third parties are technically possible to match an IP address to an account.” So we can safely say that IP addresses are not an issue.
M
Mullvad (Sweden) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Mullvad’s privacy policy tells us that this provider keeps no activity logs and no metadata is attributed to an individual user. Instead, Mullvad simply tracks total bandwidth per server, total number of current connections, and CPU load per core.
MyIP.io (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
The MyIP.io homepage states that there are no activity logs, which is great. The privacy policy states that “We do not keep logs of your browsing activities, sites visited, outgoing traffic or content accessed.”
However, IP addresses are collected: “We keep a bare minimum set of data like the date you connected and from which IP.”
MyIP.io also records your total bandwidth consumed.
N
NoodleVPN (Malaysia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The homepage of the NoodleVPN website states:
“Because of the special equipment NoodleVPN does not store any customer data and does not know what users are doing on the Internet. The only thing we known [sic] about users is their e-mail address and username.”
This seems to cover both traffic and connection logs, but we got in touch to make sure. A customer support representative assured us that no logs are kept whatsoever.
NordVPN (Panama) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
NordVPN “guarantees a strict no-logs policy” of its VPN service. Aside from traffic logs, this includes timestamps, bandwidth, and real IP addresses.
nVPN (Bosnia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
nVPN is another provider with a strict no-logs policy. There are no traffic logs and user activity is not monitored. Furthermore, it does not record timestamps, bandwidth used, or real user IP addresses.
O
OctaneVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate
IP address logs: No (1 point)
OctaneVPN is very up front about addressing users’ concerns surrounding logging. Within its privacy policy it notes that “When you sell a product that enhances privacy and anonymity, questions of logging come up.” Indeed, it maintains a true no-logs policy in that there are no logs that can be tied to an individual user. The only connection logs kept are aggregate ones related to each individual server, including number of connections and bandwidth usage.
OneVPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Not clear
IP address logs: No (1 point)
The OneVPN privacy policy makes it clear that this provider does not monitor online activity. It also states that no IP addresses are logged. There is no mention of connection logs but even if they are recorded, there are no IP addresses stored, so it’s all good.
Only VPN (India) 1/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)
Only VPN provides a privacy policy, but it makes no mention of whether or not logs are collected when using the VPN service. We asked the company to provide us with information about its logging policy but have not received a response as of the time of writing.
OVPN (Sweden) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
OVPN maintains that it takes user privacy extremely seriously, and indeed it has a strict no-logs policy. With no traffic logs or connection logs, it states that the only information it could ever provide to a requesting party would be the method of payment used. As stated in the privacy policy: “Writing permissions for the OpenVPN processes have been removed from the servers operating our VPN service. This prevents any user information from being logged at any time.”
P
PandaPow (Hong Kong) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
PandaPow does not, under any circumstances, keep traffic logs or monitor user activity. It does keep connection logs, including IP address, timestamps, amount of data transferred, and transfer speed. Of course, of most concern here is the IP address. PandaPow does not specify how long the data is stored for.
Perfect Privacy (Switzerland) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Perfect Privacy’s privacy policy is just a couple of paragraphs long, but it it is made clear that it does not record any logs related to individuals. It only records the total usage on its servers.
Private Internet Access (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
On this provider’s homepage, one of the main features states “No traffic logs,” so that’s clear at least. This is reiterated in the privacy policy but there is still no mention of connection logs here.
Over in the FAQ section, we find what we’re looking for. Here, a representative states “PIA absolutely does not keep any logs, of any kind, period.” The response then goes into more detail stating:
“We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited.”
Sounds like a pretty solid zero-logs policy to us.
PrivateVPN (Sweden) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
PrivateVPN also offers a no-logs policy. In its privacy policy it states “PrivateVPN does not collect or log any traffic or use of its service.” We emailed just to check if this applies to connection logs and were told, yes, it does.
Private Tunnel (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
There is no mention of a logging policy in the Private Tunnel privacy policy, but over in the TOS, there is this statement:
“Log files stored on our servers are only used for monitoring server performance, identifying software bugs, identifying any potential security breaches, and for the purpose of identifying abusive users. The log files are not used for monitoring or censoring your internet activities. We respect your privacy. We are not interested in what you do on the internet.”
We can glean from this that there are no traffic logs but there are log files. We asked the provider to clarify what these entail. We were told that the logs include the connection time and amount of bandwidth used. They are linked to a user email but not to a real user IP address.
Private Wifi (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Private Wifi offers up some logging policy information in its FAQ section. Here we find out that there are definitely no traffic logs kept by this provider but there are some connection logs. “We do maintain a set of usage logs, including time on and off our network and total bytes transmitted.” Later on, it states that these can be attached to a user, but it doesn’t state whether they record user IP addresses. We asked to find out and indeed IP addresses are recorded as a standard piece of account information. As such, we can conclude that timestamps are connected to a real user IP.
ProtonVPN (Switzerland) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
ProtonVPN’s homepage states “As a Swiss VPN provider, we do not log user activity or share data with third parties.” We can assume this pertains to traffic logs but it’s a little unclear when it comes to connection logs.
Over in the privacy policy, we learn that indeed ProtonVPN maintains a timestamp log of the last successful login attempt. It can be stored indefinitely, but is overridden with each successful attempt. It’s not clear whether this is associated with a user account or with an actual IP so we asked the question. We were told that the timestamps are only associated with the account and that no real IP addresses are stored.
proXPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
On the homepage, one of the statements is “proXPN’s VPN software lets you surf the web the way it was intended: anonymously and without logging and tracking your activity.” We can safely assume there are no traffic logs. So what about connection logs? Over on the privacy policy page, we learn, “We do not keep logs of connection times, activity, or origin IPs.” So we’re all clear here.
Proxy.sh (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
On the Proxy.sh website, we find what we’re looking for within the FAQ section. This provider keeps no traffic logs and no connection logs. It does state that at times, it needs to view connections in real time. While it provides alerts in these instances, it is reiterated that connections are not attributable to individual users.
PureVPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
PureVPN’s privacy policy reads: “We DO NOT keep any record of your browsing activities, connection logs, records of the VPN IPs assigned to you, your original IPs, your connection time, the history of your browsing, the sites you visited, your outgoing traffic, the content or data you accessed, or the DNS queries generated by you.”
We know from a 2017 FBI case that it used to record IP addresses. In this situation, timestamps and a real IP address were correlated with data from other companies to implicate the user.
As we go through the list, it’s clear that PureVPN is certainly not the only provider to keep these types of logs. However, being at the center of such a high-profile case where consumer’s trust is reported to be breached wasn’t good for business. The company is focused on winning back the trust of users, and has rolled out a new privacy policy that states it doesn’t record any connection logs whatsoever.
In addition to this, PureVPN has taken the extra step of engaging an independent auditing firm (Altius IT) to audit the company’s systems and logging policy. The results of the audit confirmed that PureVPN doesn’t log any data that could identify a person.
“[We] did not find any evidence of any logs that could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.” – Altius IT
Q
Quark VPN (Location Unknown) 0/4
Based in 5 Eyes or 14 Eyes? Unknown (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)
This VPN provides very little information. With no developer address, we don’t know where this app originates. The privacy policy provided by Quark VPN (both on the Google Play Store and the website) appears to pertain to a different app entirely.
As such, we were unable to determine what information, if any, is collected. We sent questions regarding the policy to the email address listed on the Quark VPN website but we have yet to hear back at the time of writing.
S
SaferVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
SaferVPN does not keep any traffic logs or monitor user activity. It is very explicit about which metadata is recorded and that includes timestamps, amount of data transferred, and the server location. It does not record IP addresses.
SaturnVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
SaturnVPN doesn’t appear to provide any information about its logging policy. When we asked the provider for information we were told that no traffic logs or connection logs are kept at all.
Secure VPN (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Secure VPN’s privacy policy states:
“We are committed to your privacy and do not collect or log traffic data or browsing activity from individual users connected to our VPN.”
So what about connection logs? Secure VPN does keep quite extensive connection logs, including email address, IP address, timestamps, server location, amount of data transferred, and information about your device, operating system, internet service provider, and network.
While most of this is non-personal information, email addresses and arguably IP addresses can be used to identify you.
SecurityKISS (Ireland) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for ten days (0 points)
This provider posts a short and concise privacy policy, including clear information about its logging policy:
“We do not monitor, record or store logs for any connection activity, except for the following:
- Time and duration of the user VPN connection
- Bandwidth used during the connection
- User IP address”
As you can see, this does include user IP addresses. Although, on the plus side, most of these logs are deleted after ten days. The only thing that is stored longer is the total usage per billing period for each client.
Seed4.me (Taiwan) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)
This provider does not have a privacy policy and does not cover logs in its TOS statement. Instead, it addresses the issue of logs in a blog post. Here, it explains that it records aggregate connection data. This is stored for seven days before being deleted permanently.
Shellfire VPN (Germany) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The homepage of Shellfire VPN states, “We don’t log any connection data. You’re surfing absolutely securely and anonymously!” This is one of the rare providers that actually refers to connection logs on its homepage, rather than just a blanket logs statement which often only mentions traffic logs.
SlickVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This provider has a zero logs policy but doesn’t explicitly talk about connection logs. We asked a representative and were told that no traffic logs or connection logs are kept at all.
SmartVPN (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
SmartVPN doesn’t offer any logging policy information on its website, so we got in touch. A live chat response claimed that no logs are kept whatsoever.
Speed VPN (Hong Kong) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
It appears that Speed VPN’s privacy policy is identical to that of Secure VPN above, which could mean the companies are affiliated or simply using a generic privacy policy.
Speed VPN doesn’t keep traffic logs but it does record extensive connection logs including user IP addresses and email addresses.
Speedify (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 point)
Speedify’s privacy policy starts with “TL;DR: We DO NOT log what you do or what sites you visit through the Speedify service.” So there are definitely no traffic logs here. The privacy policy also states that Speedify does not collect IP addresses. However, when you enter the app, a notification tells you that IP addresses are stored temporarily, along with timestamps, amount of data transferred, and the duration of the connection.
SpyOff (San Marino) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
We couldn’t find any information pertaining to a logging policy on SpyOff’s website so we sent an email. A representative informed us that “We do not keep any records concerning traffic logs or connection logs, time stamps, bandwidth, IP addresses.”
Star VPN (Georgia) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Star VPN’s privacy policy makes it very clear that this service does not keep any traffic or connection logs:
“Senight LLC guarantees a strict no-logs policy for Star VPN Services, meaning that your internet activity while using Star VPN Services is not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses or browsing data.”
StrongVPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This provider’s privacy policy states: “StrongVPN does not collect or log any traffic or use of its Virtual Private Network service.” Again, “use” likely refers to connection logs but is a little vague. We emailed customer support and they confirmed that no connection logs of any kind are kept.
SuperVPN (Singapore) 2/4
Based in 5 Eyes or 14 Eyes? No, but third parties may be in other countries (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
With respect to data collection, SuperVPN collects connection data including IP address, browser type, and operating system. It states that it may share some information with third parties. The privacy policy also includes this statement:
“Your personal information may be processed in any country in which we engage service providers. When you use our Services, you acknowledge the transfer of your personal information outside of the country where you reside.”
As such, we have not awarded a point for the company being based in Singapore.
It’s also worth noting that this VPN was removed from the Google Play Store for some time in 2020 because it reportedly posed a security risk.
SurfEasy VPN (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)
SurfEasy VPN doesn’t keep traffic logs, but it does state:
“We perform automated rules-based traffic management for the purposes of maintaining and improving our service. Applying these rules may require real-time analysis of Internet and data traffic including destination websites or IP addresses, originating IP addresses.”
This information is not logged, but it sounds more intrusive than you would want and expect from a VPN provider. As for connection logs, it stores aggregate bandwidth used but there is no log of IP addresses.
Surfshark (British Virgin Islands) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate only
IP address logs: No (1 point)
Surfshark keeps no traffic logs whatsoever. It doesn’t keep any connection logs that can be tied to an individual user, such as IP addresses. It does store some aggregate data for diagnostic purposes, such as unsuccessful connection attempts, but these are not tied to user accounts.
SwissVPN (Switzerland) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for six months (0 points)
We couldn’t find a privacy policy or TOS document for SwissVPN so we asked customer support for some information. Here’s what we found out:
“SwissVPN is being operated based on Swiss Telecommunications and Personal Data Protection Law. Session IP’s (not visited content, websites, mail, etc.) are being logged for 6 months. In case of criminal offence under Swiss law Swiss authorities may request informations based on: http://www.admin.ch/ch/d/sr/7/780.1.de.pdf”
SwitchVPN (India) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
“SwitchVPN does not collect or log any traffic or use of its Virtual Private Network service.” The privacy policy goes on to talk about personal information but gets rather confusing. We sent an email to get some clarification and were told that no logs are kept whatsoever.
T
Thunder VPN (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 point
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
While the homepage of Thunder VPN’s website states: “No log or track user data,” the terms of service suggest this only refers to traffic logs. Indeed the VPN doesn’t log your internet activity, but it does collect lots of connection information, including your IP address, email address, timestamp, server location, device identifiers, and the amount of data transferred.
Torguard (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Torguard has a true zero-logs policy and “does not store or log any traffic or usage from its Virtual Private Network (VPN) or Proxy.”
TorVPN (UK) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Potentially (0 points)
With no logging policy information available on the website, we asked this provider if any logs are kept. We were told that there are definitely no traffic logs maintained and user activity is not monitored. Some connection logs are kept including bandwidth used but no further information was provided. It’s unclear if timestamps are recorded and if connection logs are tied to a user IP address.
Touch VPN (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 point)
Traffic Logs: Yes, but anonymized and aggregated (2 points)
Connection logs: Yes
IP address logs: No (1 point)
Touch VPN is under the same ownership as Hotspot Shield, so we’re linked to the same privacy policy (that of parent company Aura).
This VPN keeps traffic logs but they are anonymized and aggregated. It maintains some connection logs including session duration and bandwidth used. IP addresses are deleted at the end of each session.
Trust.Zone (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
In its privacy policy, TrustZone doesn’t explicitly say which logs it keeps, although it does keep usage logs. Its statement surrounding logs is a little confusing: “All our VPN servers around the world ARE NOT storing any log files to keep your privacy safe. All the usage data is anonymous and not connected to your real, public IP address.” We interpret the first line to mean that it doesn’t keep traffic logs. The latter appears to refer to the fact that connection logs are kept but they don’t include real user IP addresses.
Turbo VPN (Singapore) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The Turbo VPN privacy policy clearly states that it maintains no activity logs including browsing history or traffic destination. It doesn’t keep connection logs either and specifies that no IP addresses (user or VPN) or timestamps are logged.
TunnelBear (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
TunnelBear does not collect traffic logs or monitor any user activity. It does collect some data, including your OS, whether or not you’ve been active this month, and the total amount data used within a month. However, “TunnelBear does NOT store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers.”
U
UFO VPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
UFO VPN’s privacy policy makes it clear that no traffic or connection logs are stored:
“We do not track user activities outside of our Site, nor do we track the website browsing or connection activities of users who are using our Services.”
Unlocator (Denmark) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Potentially
IP address logs: Yes (0 points)
Unlocator’s homepage has a blanket “No logs” statement, but its privacy policy suggests otherwise: “Your IP address is saved in order to identify your account with our services. A generic activity report is only saved for 24 hours […]”
Even if the data is only kept for 24 hours, ideally we’d like to know what it entails. We asked a customer representative and were told that the activity report refers to “[…] the trail of IPs that you update into our system.” This doesn’t really clarify things so we asked again but have yet to receive a response.
Unspyable (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This provider maintains that it does not keep traffic logs of any kind. Its privacy policy states “We do not keep any user logs.” We could assume that this refers to connection logs, but we checked just to make sure. In response to the question of whether any connection logs are kept, we got a very clear “Nope.” Well, that’s that, then.
Urban VPN (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes, but anonymized (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)
Urban VPN’s privacy policy tells us that the company does maintain logs of web browsing data although they are anonymized immediately. It also collects online identifiers including IP addresses. These logs are only deleted if you delete the app.
V
VPN Baron (Romania) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
VPN Baron does not keep any traffic logs or monitor user activity. It does keep connection logs, including timestamps, server location, and the amount of data transferred per session. Although, it does not record the real user IP address.
VPN Hotspot – Unlimited Proxy (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
“VPN Hotspot does not collect, log, store, share any identifiable personal information of Users. VPN Hotspot may collect the connection times to our Service and the total amount of data transferred per day.”
It makes no mention of IP addresses so we emailed them to find out. A representative confirmed that no such connection logs are maintained.
VPN LITE (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This offering is from KeepSolid Inc, the same provider that brings us VPN Unlimited. Indeed, these two VPNs share the same privacy policy. It states:
“KeepSolid does not monitor, store, or log your online activity, including your browsing history, connection times, metadata, downloads, server usage, or data content during your session in the VPN Services.”
VPN Master – Best VPN Proxy (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
According to its privacy policy (which is a generic policy used by a couple of others on this list), VPN Master keeps no logs of online activity. It does keep connection logs, but user IP addresses are deleted at the end of a session.
VPN Monster (Singapore) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
The privacy policy linked to this VPN app states that it doesn’t maintain any traffic logs whatsoever. Minimal connection logs are maintained, including date stamps, VPN server locations, and the user’s country, but it does not collect real user IP addresses.
VPN Owl (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The privacy policy linked to from the VPN Owl app page is that of Open-VPN.org. It is very short but states:
“WHAT INFORMATION DO WE COLLECT?
None, We do not collect any information of our users before, during, or even after using our app or service. We believe in 100% privacy for all our users.”
VPN Plus (UK) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Probably not (2 points)
Connection logs: Yes
IP address logs: No (1 point)
The privacy policy for this VPN states that it will collect two kinds of information:
- “Your real IPv4 address
- The inbound and outbound data transferred during a session”
While IP addresses are logged, they are deleted immediately at the end of each session. We can probably assume the latter only refers to the amount of data transferred and not the actual data traffic logs, but we contacted the provider to confirm. We haven’t heard back at the time of writing.
VPN Pro: Express VPN (USA) 4/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
This app appears to be piggybacking on the success of the real ExpressVPN by including it in its title. Be aware that the developer of this app does not appear to be affiliated with ExpressVPN.
VPN Pro uses a generic privacy policy that tells us that it “collects IP address during session but encrypts it and deletes it as soon as the session ends.” It doesn’t keep any logs of user browsing activity.
VPN Proxy Master (Singapore) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
VPN Proxy Master lays out a refreshingly clear privacy policy that tells us the VPN keeps no traffic logs and no connection logs:
“We do not collect data of your connection logs, including:
- Your IP address;
- Your outgoing VPN IP address;
- Connection timestamp; and
- Session duration.”
VPN Super – Best VPN Proxy (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
This VPN is offered by US-based Virtuoso Technologies. Its privacy policy is the same as that of VPN Pro above. It collects IP addresses but deletes them as soon as a session ends. It keeps no logs of browsing activity.
VPN Unlimited (USA) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
This VPN service is provided by KeepSolid Inc., the same company that offers VPN LITE (above). This provider doesn’t keep and traffic or connection logs.
VPN Super (USA) 2/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Possibly (0 points)
The VPN Super privacy policy provides lots of information but lacks specifics when it comes to logs. However, it does state:
“We do not maintain any records that show what you were browsing or accessing through a VPN connection.”
Connection logs are kept, including amount of bandwidth, timestamps, and session duration. IP addresses are mentioned under location information, but it’s not clear if full IP addresses are logged. We contacted the company to find out and a representative confirmed that no IP addresses are stored.
VPN.ac (Romania) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but only stored for one day (0 points)
As stated on its homepage, VPN.ac keeps no activity logs. In the privacy policy, we discover that connection logs are kept. These include bandwidth usage, timestamps, and source IP addresses. On the plus side, the timestamps and IP addresses are only stored for one day before being deleted.
VPN.asia (Belize) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This provider doesn’t log any website traffic or monitor user activity. In the privacy policy it states: “VPN.asia does not collect or log any traffic or use of its Virtual Private Network service.” “Use” implies connection logs but we checked to make sure as there is no mention of it elsewhere. We were assured that no logs are kept.
VPN.ht (Belize) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
Within its privacy policy, VPN.ht says it does “not collect or log traffic data or browsing activity from individual users.”
On its homepage, it says that no logs are kept, but there isn’t specific mention of connection logs so we asked for clarification. A customer service representative told us that absolutely no logs are kept. Even so, this provider offers a warrant canary.
VPNArea (Bulgaria) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
VPNArea has a refreshingly clear logging section within its privacy policy and indeed maintains a true zero-logs stance: “We do not monitor, record or store logs for any single customer’s VPN activity. We do not monitor, record or store any login dates, timestamps, incoming and outgoing IP addresses, bandwidth statistics or any other identifiable data of any VPN users using our VPN servers.”
VPNBook (Switzerland) 3/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for up to one week (0 points)
VPNBook’s privacy policy, which is oddly located on its Contact page, explains that no data is recorded when it comes to internet activity. Some connection logs are kept, specifically timestamps and user IP addresses. These logs are deleted automatically every week which means they may be stored for up to seven days. In 2013, this provider was accused of handing over logs involved in the prosecution of members of hacker group Anonymous.
VPNLUX (Belize) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
VPNLUX does not store logs of traffic data. As is clearly laid out in its privacy policy, it does store some connection logs, including timestamps and bandwidth usage. These are associated with the account ID number and not an actual real user IP.
VPNSecure (Australia) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
The VPNSecure TOS tells us:
“We do not log any personal information when connecting to our service.
‘Any data’ means but is not limited to the following:
- IP Address NOT logged
- Connection timestamp NOT logged
- Disconnect timestamp NOT logged
- Bandwidth used NOT logged
- DNS Requests NOT logged”
Even though no logs are recorded, this provider offers a warrant canary .*
Update May 2019 – the said warrant canary was last recorded on archive.org in December 2018.
VPNTunnel (Seychelles) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
As outlined in its privacy policy, VPNTunnel never keeps activity logs. It doesn’t explicitly mention connection logs so we asked customer support. We were told that absolutely no logs are kept but that a user can initiate logs in case they need help with troubleshooting.
VyprVPN (Switzerland) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
VyprVPN from Golden Frog does not record any traffic data or monitor user activity. It used to keep connection logs, including the user’s source IP address and VyprVPN IP address. However, as of November 2018, it is a log-free service and it no longer records this information or other connection logs. These claims are backed by an audit performed by Leviathan Security Group.
W
Windscribe (Canada) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
This provider doesn’t keep any traffic logs and connection logs are kept to a bare minimum. “We store total amount of bandwidth your account has consumed in 1 month period, which is reset every month on the day of your registration.” It also stores a timestamp of the last activity associated with an account to detect inactive accounts. However, this is linked to an account and not an IP address.
WorldVPN (UK) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
WorldVPN doesn’t monitor internet activity but it keeps some connection logs. These include the duration of the VPN connection and the amount of bandwidth used during the connection. Note that they do not include timestamps or real user IP addresses, so this can still be considered a fairly solid no-logs policy.
X
X-VPN (Hong Kong) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
This VPN provides a clear privacy policy that tells us it doesn’t keep any traffic logs. It does maintain minimal connections logs, including timestamps, but states:
“We do not store your original IP address or the server IP address that you connect to which means we cannot share it to anyone no matter what happened.”
IP addresses are collected upon site logins to prevent brute force attacks but are deleted within five minutes and cannot be viewed or downloaded.
Z
ZenMate (Germany) 3/4
Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, for accounts with a data cap
IP address logs: No (1 point)
ZenMate operates with a no-logs policy. It does not keep traffic logs of any kind. It does track data transferred, but only for accounts that have a data cap. There are many mentions of IP addresses in the privacy policy, and it initially sounds as though these are logged. Once you sort through the jargon, it is revealed that IP addresses are only processed temporarily and not logged.
ZenVPN (Dominica) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)
ZenVPN doesn’t keep any traffic logs. The only connection data it tracks is each user’s aggregate daily bandwidth usage.
ZoogVPN (Isle of Man) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
This provider’s privacy policy is very explicit about what it does and doesn’t track. Indeed, we have another zero-logs provider. There is no logging of online activity or metadata attached to an individual user. The only thing it does track is total bandwidth usage on its servers.
ZorroVPN (Belize) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)
In its very brief TOS (there is no privacy policy) ZorroVPN states “We guarantee no logging any user’s activity.” However, there is no mention of connection logs. We contacted them to find out and were told that no connection logs are kept. ZorroVPN provides an up-to-date warrant canary.
ZPN (United Arab Emirates) 4/4
Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, for accounts with a data cap
IP address logs: No (1 point)
ZPN does not monitor traffic or user activity. It does state in the TOS “We only log bandwidth usage for calculating monthly quota excluding premium accounts.” So for premium account holders with no data cap, there are no logs.
Five Eyes and 14 Eyes countries
Another factor worth highlighting within the context of logging policies is the country location of each provider. Specifically, it’s helpful to know if your provider is based in a Five Eyes or 14 Eyes country. The Five Eyes (FVEY) is an intelligence pact or alliance between the countries involved in the UKUSA agreement. These are Australia, Canada, New Zealand, the UK, and the USA. According to the agreement, these countries share signals intelligence with each other.
One of the implications of the FVEY agreement, which is important to VPN users, is that it makes it possible for participating countries to bypass their own surveillance laws. Different countries have different laws, and governments may be allowed to monitor people in other countries but not their own. The sharing of information between countries means that governments could spy on each other’s citizens and trade intelligence.
You might have also heard about the 14 Eyes. This refers to an extended group of nations which includes another nine countries: Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain, and Sweden. These countries participate in signal intelligence sharing in various ways.
Other countries reportedly involved with the Five Eyes alliance are South Korea and Singapore. Japan has also been in the news for its surveillance ties with the US, as has Israel.
Some of the more privacy-conscious users may want to avoid using providers based in any of these countries. You may even want to avoid connecting to servers located in these countries if possible.
Here’s a closer look at some of the regions in which our listed VPNs operate:
Australia (Five Eyes)
Australia is a member of the Five Eyes alliance. This means that if any data is stored on servers in the country, there is a risk it could be shared with other members of FVEY. The government does apply some censorship such as blocking torrenting sites, and telecom companies are required to retain some metadata.
Belize
VPNs are legal in Belize but the government has been known to restrict internet usage, for example, by blocking VoIP for some time.
British Virgin Islands
This country has no data retention laws which is a plus. It is a UK territory but it is governed by its own laws. The British Virgin Islands are not known to be part of an alliance for intelligence sharing.
Bulgaria
Bulgaria isn’t part of an intelligence-sharing alliance but it does have a reputation of monitoring internet traffic.
Canada (Five Eyes)
Canada is scored as one of the most free countries in the world, but it does have some data retention laws. It is also a member of FVEY, which means there’s the possibility of intelligence-sharing with other member states.
Cyprus
The use of VPNs is legal in Cyprus and there don’t aren’t reports of censorship or monitoring in the country.
Czech Republic
Czech Republic internet users face very few restrictions compared to other countries, but there is blocking of certain content. That said, we shouldn’t rule out government control as there were past efforts made to implement an internet ID system.
Denmark (14 Eyes)
Denmark is a 14 Eyes country which means it could share data with other participating countries. Denmark has a past of internet monitoring, and although its practice of session-logging was scrapped in 2014, there were plans to re-introduce it in 2017. Denmark’s internet is generally uncensored, but laws do allow for filtering.
Dominica
VPNs are legal in this country and there are no reports of online censorship or monitoring here.
Estonia
Estonia has one of the most free internets in the world. That said, there have been recent proposals to allow the government increased access to personal data.
Finland
Finland has a history of some censorship, including a controversial filtering initiative. There have also been surveillance laws passed in recent years that reportedly allow the government increased access to network monitoring.
France (14 Eyes)
France has a mixed reputation when it comes to online privacy and freedom. It has defended citizen’s privacy in the past, for example, handing Facebook a hefty fine for tracking user data. But in 2015, the introduction of surveillance laws were considered a “major blow to human rights.” The country has a fairly recent history of censorship, but a June 2020 ruling hindered the government’s efforts to expand its censorship power.
Georgia
There has been a lot of back and forth over surveillance laws in Georgia, but current regulations allow for increased privacy. There is little in the way of internet censorship in the country.
Germany (14 Eyes)
Germany has seen some controversy with respect to censorship but the country is making strides when it comes to surveillance. Although it is a 14 Eyes country, a 2020 landmark ruling by a German court found that mass surveillance is unconstitutional. That said, data retention laws within Germany require that ISPs keep records of user data for 10 weeks and location data for four weeks.
Gibraltar
Gibraltar is a British territory. It is partially governed by its own parliament but falls under UK jurisdiction for some matters, including security, so mass surveillance could be an issue.
Hong Kong
Online censorship is on the rise in Hong Kong, mainly in response to protests in the country. Privacy protection measures are in place, but in 2020, the government was granted extensive surveillance powers under Chinese law.
India
India imposes regular restrictions on internet users with recent news of increasing censorship. Blackouts are often used by the government to hinder organized protests. While there have been positive reports in terms of privacy regulation, there are concerns that surveillance is growing in the country.
Ireland
Ireland is considered very free and data is protected under the GDPR. There aren’t concrete reports of the government requiring ISPs to monitor citizens.
Isle of Man
The Isle of Man is a self-governing region under the British Crown. Citizens generally aren’t subject to censorship or surveillance.
Israel
Israel’s government imposes widespread censorship and in 2020 the country stepped up online surveillance as part of its COVID-19 response.
Italy (14 Eyes)
Italy is generally a very free country and privacy is protected under the GDPR. Some censorship is imposed on web content such as P2P and gambling, but there aren’t reports of government surveillance in the country.
Malaysia
Censorship in Malaysia has ramped up in recent years with Freedom House rating the country’s internet as “partly free” in 2020. According to the 2019 report, data protection in the country is poor and “it is difficult to ascertain the extent of government surveillance of users’ internet activities.”
Moldova
Internet usage is generally unrestricted in Moldova although there have been moves towards surveillance and censorship in the past.
Netherlands (14 Eyes)
Citizens of the Netherlands are not subject to censorship except for some criminal content. There were concerns that a government-led initiative violated human rights. The Netherlands data retention law was struck down in 2015 as it was considered a breach of privacy.
Panama
Panama’s internet is generally free but there have been past reports of censorship and shutdowns. The country’s ISPs are not required to retain data on their customers.
Philippines
Freedom House views the internet in the Philippines as partly free, and explains that there are occasional instances of content manipulation or removal. It also notes that a 2020 law increases the surveillance powers of the government and that journalists and other users are increasingly being penalized for online activity.
Poland
Poland takes an anti-censorship stance, with the country recently condemning social media restrictions and proposing a law that makes censoring illegal. However, the country has a history of surveillance and data retention laws, and there is concern that the new censorship will actually increase data retention.
Romania
On the whole, Romania is a free country and citizens can use the internet without restrictions. There have been laws imposed against gambling and these could possibly be used in widespread censorship. Romania has gone back and forth on data retention, most recently striking down related laws in 2014.
San Marino
San Marino scores very high on overall freedom and there are no reports of censorship or surveillance in the country.
Seychelles
Internet access in the Seychelles may be restricted at times due to political motivations. Citizens are not reported to be subjected to mass surveillance.
Singapore
In Singapore, internet censorship is fairly widespread and all government ministers have the power to apply restrictions to online content. According to Freedom House:
“The authorities are also believed to exercise broad legal powers to obtain personal data for surveillance purposes in national security investigations.”
Slovakia
There has been some back and forth in terms of data retention in Slovakia, but in the current landscape there is no mandate for data storage. There have also been moves towards censorship in the past, but citizens generally have free access to the web.
Sweden (14 Eyes)
Freedom House gives Sweden a rare perfect score of 100 in terms of overall freedom. There is limited censorship of things like hate speech and defamation. The country is known for its strong data protection laws.
Switzerland
Swiss citizens actually voted in a censorship bill in 2018 although this was intended solely for the purpose of restricting gambling sites. They also voted strongly in favor of a surveillance law that allows authorities to monitor suspects, although a court order is required first. Swiss law requires the retention of data by ISPs for six months.
Taiwan
The internet in Taiwan is generally free from censorship, although the government closely monitors disinformation from China. Taiwan has recently made headlines for using surveillance during the pandemic, but there are no mandates for data retention. Instead, organizations are left to create their own policies around the collection of data.
Turkey
The Turkish government has a history of restricting access to social media sites like Twitter and Facebook, and in 2020 proposed a bill that would give it increased power over such sites. VPNs have also been blocked in the country. The country has a poor reputation in terms of digital privacy for its citizens.
United Arab Emirates
Freedom House’s Freedom on the Net Report 2020 deems the UAE “not free.” Internet users can expect censorship and government surveillance. Restrictions include the blocking of VoIP services, although access to some platforms has improved in response to increased remote work during the pandemic. The UAE is one of the few countries in which VPN use is restricted.
United Kingdom (Five Eyes)
The UK internet is generally free from censorship, but citizens are subject to data retention policies. These require that ISPs retain user data for 12 months under certain conditions. The UK government has been accused of mass surveillance that includes the storage of communications such as email messages and private social media messages.
United States of America (Five Eyes)
The US internet is mostly free from censorship, but there have been some instances where this is called into question. For example, Trump’s stance against TikTok and WeChat was of great concern as far as what it could mean for the future of censorship. The country has a history of mass surveillance and internet metadata is recorded and held for up to a year.
Vietnam
Vietnam’s internet is “not free” according to Freedom House’s 2020 report. It is subject to heavy censorship, including the restriction of social media content and the suspension of some online newspapers. Citizens are subject to “invasive surveillance” and companies are required to hand over “user data without any oversight, transparency, or other democratic safeguards.”
Final comments
As you can see, when it comes to logging policies, there is a lot of variation. While most providers claim that they don’t keep logs, this typically refers to traffic logs. When we dig deeper, we often find that some data collection takes place, usually in the form of connection logs, sometimes including IP addresses.
Aside from have different policies, providers also differ in the way they communicate these policies to users. Some are very explicit about what is collected and how it is used, while others don’t mention a logging policy anywhere on their site.
Whatever approach they take, we have to remember that we are basing our knowledge on each provider’s claims. We have no way of verifying that they actually abide by these policies. As such, when selecting a provider, you also need to evaluate if it is trustworthy enough to stick to its claims.