In the fast-paced “digital” world we have created, “privacy” is often a common concern. Truth be told, everything you do online, leaves a digital footprint that makes it mark for decades.

The internet never forgets anything, and you will be foolish to expect otherwise. If that were not enough, you have governments, secret agencies, and hackers all spying on you.

Countries upon countries, get added to the “Reports Without Borders” listing, labeled as what we call “internet enemies”, indulging in Mass Surveillance activities on citizens.

This is why the use of VPNs become popular to keep your identity hidden and online activities anonymous. However, these third-party services may not exactly be safe too.

Different VPN providers indulge in logging activities or suffer with leak issues putting your privacy at risk. In light of this, Bestvpn.co created this comprehensive guide concerning logs. Hope it answers all your questions!

 

Types of VPN Logs

Before I go in-depth into explaining the different types of Virtual Protected Network logs, let me clarify that all providers do indulge in some recording/storing of information. There have only been a few rare instances, where providers were put to test, verifying their LOGLESS claims.

Until an incident occurs concerning a subpoena from the Government, you cannot really tell whether or not a particular VPN is safe. This does not mean you stop using them altogether, just that it may not be all sunshine and rainbows, even with a RELIABLE product.

Types of VPN Logs

Of course, there are some VPNs that are transparent about the logging information they record. Regardless, it is necessary to accept that when you sign up with a VPN, you may still be under monitoring. Just not from the government, but the provider itself.

This could be for many reasons (which I will discuss below). Until then, if we talk about the types of VPN logs, there are two: Activity/Usage Logs and Connection Logs. The former grants a greater invasion of privacy, while the latter tends to be relatively harmless (deleted after 1-15 days).

Activity/Usage Logs

As the name implies, these VPN logs refer to all data collected when using the internet. This includes all your online activities, which is a compilation of metadata, IP addresses, connection times, and traffic logs like browsing history, messages sent, files downloaded, purchases made, and software used.

Some providers may record only specific facets of your activity/usage. Others that are less reliable could store all the information mentioned above. This monitoring and recording of usage data can prove detrimental from a privacy standpoint and defeats the purpose of using a VPN in the first place.

Let me clarify though, most of the VPN services engaged in such activity logging tend to be FREE. Bear in mind these services have to pay for data centers, server expansion, software updates, technical support, and website expenses. The easiest way to do so is sell your information to third-party services.

Data that contributes to building a profile around varied users are highly profitable. Imagine the worth of leaked personal information. If you live in a 5/9/14 eyes jurisdiction, this same information could also be handed over to government or secret agencies.

By law, most “internet enemies” make it mandatory for ISPs to store your data for anywhere between 6 Months to 2 Years. This is why I always advise users to go for paid VPN services that are verified, as they make this data invisible, while avoiding logging practices found in FREE counterparts.

Connection Logs

Where activity logs can literally end up destroying your online anonymity, connection logs are less harmless. Albeit, the recording of such information should be justified by the VPN provider with valid reasoning. Not to mention, the service should also clarify the duration for deletion of these VPN logs.

Connection logs typically include IP addresses, connection time, date, and location. These are the most commonly recorded logs by most VPN providers. Although they do not directly reveal your identity, connection dates, times, and location may be used together.

Some examples of VPNs that keep connection logs, despite claiming to store NONE are TunnelBear, Windscribe, PureVPN, Betternet, and ProtonVPN. The good part is connection logs are stored only temporarily. They are kept anywhere between 1 and 15 days, depending on the service.

Some may even extend the duration further. For instance, HideMyAss keeps this information for 6 months. From a privacy perspective, this logging is only slightly intrusive, and it may be difficult to recreate your online activity using them.

Warrant Canaries

In 5/9/14 Eyes Jurisdictions and other countries, ISPs and VPN services could receive “secret warrants” in the form of national security letters or government subpoenas. These warrants allow law enforcement agencies to demand any information on their customers for investigation.

Most of these warrants come with a gag order. This prevents the ISP or VPN service from notifying the target of falling subject to surveillance. This is where Warrant Canaries come in, which are completely unrelated to logging activity/connection information.

These landing pages advertised by providers help in maintaining privacy. They have regularly published statements on a specific page, confirming that the service has not received a secret warrant. If a page stops publishing regular statements, the canary statement is removed.

This signals that a subpoena has been issued, and the VPN is prohibited from reporting it. As such, privacy-conscious users can then take the necessary steps to ensure their identity remains secure. Albeit, this usage of a “Warranty Canary” does raise its own set of questions for providers.

If a VPN claims to be a no logs provider, they would not have to worry about creating such a page, right? Also, the fact that they are only updated once a month kind of renders them useless. Nevertheless, it was important to provide insight and we will discuss relevant providers in the post below.

Why Do VPNs Log User Data and Go Against their Promise of Privacy?

Thanks to initiatives like the Cybersecurity Awareness Month and Safer Internet Day (SID), netizens around the world are realizing the value of their ONLINE DATA. Privacy-conscious users immediately begin using VPN services, but later face dilemmas due to the storing of logs.

Why Do VPNs Log User Data and Go Against their Promise of Privacy

So, the question that most people need answering is; why do VPNs log user data? does that not go against their promise of privacy? I decided to provide a little reasoning, after communicating with several VPN services on email (of course only a few admitted to storing logs in the first place).

Troubleshooting VPN-Related Problems

The most common reason for VPN logging is to fix problems with their service. For instance, some users may encounter connectivity issues, or even face DNS, WebRTC leaks.

The storing of such data can prove handy in optimizing the network of VPN services. Mostly, the troubleshooting of issues require the maintenance of minimal connection logs.

Limiting Simultaneous Connections

I personally find this reason to be contradictory, especially for “no logs” VPN services. All providers impose limits on the number of simultaneous connections available.

On a single subscription, some providers allow 3, 5, 6, or even unlimited multi-logins. This act does still require some form of logging (to figure out how many devices are connected).

Therefore, always ask the VPN service you sign up with, how they tend to enforce these connection restrictions while claiming to store no logs.

The only VPNs so far to follow a strict zero logging policy and allow users unlimited simultaneous connections are Perfect Privacy and Surfshark.

No logs = no restrictions. It is that simple!

Imposing Bandwidth Restrictions

Just like VPN services log information for limiting multi-logins, they can also impose bandwidth restrictions. This may involve recording of some activity/usage VPN logs, which is quite risky.

This is why I never trust providers imposing bandwidth limitations, even on paid subscriptions. I mean, it defies the entire purpose of using a VPN. I want protection whenever I use the internet.

Most importantly, i want to leverage good speeds for streaming and downloading torrent. Therefore, if any VPN imposes such restrictions and claims to be “no logs”, do not trust them.

A few examples of VPN services that do this include Windscribe and TunnelBear, both of which offer “free trials” that limit bandwidth.

Logging with Rental Servers (VPS)

It is a shady practice, but many providers use rental servers nowadays. They fool users into thinking they have data centers located around the world, but actually just use Virtual Private Servers (VPS).

They tend to be way cheapest vpn than bare metal servers. However, they do not offer the same level of privacy. VPS providers will often maintain logs of server activities.

This means, you do not only have to worry about your VPN recording information, but any number of VPS providers could get ahold of your private data.

At the same time, using VPS does offer protection from local authorities, who would previously go directly to the datacenter to get whatever they need.

Governments Laws and Intelligence Agencies Requests

Countries part of the Five, Nine, and Fourteen Eyes in particular impose strict laws that require companies to log and/or hand over private user information.

For instance, the Investigatory Powers bill in the UK mandates the storing of logs and maintaining them for 12 months. This can really hinder your privacy.

The NSA and GCHQ have even been spying on tech companies within the US, UK and other countries, as part of their PRISM program since 2010.

They simply demand logging files by issuing a “gag order”. This makes it illegal for any tech company then to not disclose the information required.

Connection between Logging Policies and Jurisdictions

You see, there are implications of signing up with a provider, based in a risky jurisdiction. Different countries impose their own data retention and surveillance laws.

Where some choose to respect user privacy, others try their best to monitor EVERYTHING! You can learn all you want about these countries in this guide. Some even engage in sharing of intelligence between countries to spy on each other’s citizens.

Now, if a VPN is based in a jurisdiction labelled as an internet enemy, you can be sure they impose laws that mandate the logging of data to ISPs, telecom providers, and EVEN VPNs.

There is no workaround to it. Even if they avoid attention, a subpoena with a gag order from NSA, GCHQ, or FBI is all it will take for them to cooperate. Subsequently, these providers naturally have to LOG all user data, hence why you must be wary about your country’s internet laws.

If you are based in the European Union, for instance, there are countries part of the 14 Eyes Alliances and also those which are not and can be considered “Internet Friendly”.

Regardless of where you reside exactly, you will receive protection by the EU General Data Protection Regulation (GDPR) in most cases, which promotes data protection and privacy for all users within the European Union! I bet you did not know that till now, right?

Alarming VPNs that Store Logging Information

By now, I am hoping that you have a clear idea about the types of logs recorded by VPNs, why they are recorded, and the relationship between logging and jurisdictions.

Alarming VPNs that Store Logging Information

For the important part, I have created an in-depth analysis on the VPN logging policies of 100+ providers. Below you will receive information about 24 providers that track/store data and should be avoided.

1. Astrill VPN – Headquartered in Seychelles

Despite Seychelles being a safe location, away from the 5/9/14 Eyes alliances, they are still guilty of recording connection logs. It is actually funny too!

When you visit their Privacy Policy page, they first claim to impose a VPN No Logs Policy. Upon reading the first few points, they state:

“Our system keeps track of active sessions – connection time, IP address, device type and Astrill VPN application version during the duration of your VPN session. Additionally to this, we keep last 20 connection records which include: connection time, connection duration, country, device type and Astrill client application version number”

According to this statement, the “Actual” logs collected by Astrill: Connection timestamps, your country, your device, and even your IP address.

In its FAQ sections, the provider claims they do this only for ACTIVE sessions, in order to monitor the number of simultaneous connections from a single subscription.

They claim to remove these logs immediately after the session is over. Can you really keep their word though, especially after considering how they first claimed to be “logless”?

2. AnonVPN – Headquartered in USA

Based in the US, AnonVPN already loses most of its credibility (if any). The provider is part of a country that is the founder of the Five Eyes (UKUSA Agreement).

As such, the government demands that ISPs and VPNs store logs. Of course, AnonVPN claims that “We do not keep logs of connection times, activity, or origin IPs. What we don’t collect cannot be requested.”

However, I cannot believe this statement, when they also have a Warrant Canary that states it has no gag orders. Why go through the hassle of mentioning it, when you do not keep logs?

If you visit their “Terms of Service” page, there is a statement that clarifies, “It cannot be guaranteed that other means of communications (e.g. mail, facsimile, and voice telephone service) will ever be 100% secure. And therefore, we always recommend using common sense.”

3. Anonymizer – Headquartered in USA

Anonymizer is part of a country that has been labelled as an “Internet Enemy” from the Reporters Without Borders. It follows the laws of a government involved with the 5/9/14 Alliances.

This means, the provider already stores logs, in case they are issued a subpoena with a gag order – they will not be able to refuse anyways – cause it would be illegal. The terms of service page has been removed, but an earlier snapshot brings light to this statement:

“To the maximum extent permitted by applicable law, Anonymizer may monitor e-mail, or other electronic communications and may disclose such information in the event it has a good faith reason to believe it is necessary for purposes of ensuring your compliance with this Agreement, and protecting the rights, property, and interests of the Anonymizer Parties or any customer of a Anonymizer Party.”

In short, the US-based provider logs everything they can, while making a fool out of everyone else by stating, “You’ll never have to worry about keeping track of your usage or connections” on their homepage. What hypocrisy?!

4. Ace VPN – Headquartered in USA

I will abstain from repeating this again, but Ace VPN has its headquarters in the USA. Therefore, it is already part of the problem, and does ZINCH for your actual privacy.

Very cleverly they state on their Privacy Policy page, “We do not log VPN traffic. We do not spy on our users nor monitor their bandwidth or Internet usage. Our VPN servers do not store any personal identifying information (PII).”

However, at the same time, they admit to “collecting personal information that is provided by site users. “Personal Information” includes your name, address, telephone number, credit or debit card information, e-mail address, date of birth, IP address”

I mean, just be honest that you do indeed store logs. Maybe the transparency will bring more customers rather than blatantly lying to fool your own prospects?

5. AirVPN – Headquartered in Italy

Since Italy is a 14-Eyes country, AirVPN sadly loses its credibility in the marketplace. The provider is actually quite amazing, delivering amazing performance, reliability, and support.

However, one cannot simply trust any country in the 14 Eyes Jurisdictions. They still mandate data retention and surveillance activities, which VPN services cannot fight.

In its FAQs, AirVPN was asked a question, “Do you keep session logs or any other kind of logs that can be used to track identity and Net activity?”

They responded by saying, “No we don’t keep logs of that kind”. However, when you check out their Privacy Policy, they claim “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address”

They provider emphases that the data is aggregated in an anonymous form and cannot be associated with an individual user. Is that really true though? Nobody knows until they are put to test when issued a subpoena or a gag order!

6. Avira Phantom VPN – Based in Germany

Germany is another 14 Eyes Country and it may not be the safest location for a VPN service. Avira Phantom might be good in maintaining your anonymity online.

However, it is the country’s laws that I cannot trust. Like mentioned countless times before, such VPNs will have to cooperate with the government, when they demand it.

Avira Phantom too claims that they do not store activity/usage logs. Just like most providers though, they do store connection logs, including the bandwidth used and diagnostics data.

While this may not hinder your privacy necessarily, there is no information indicating when these logs are deleted. Therefore, I cannot consider Avira Phantom a safe VPN service.

7. Buffered – Headquartered at Gibraltar

Based in Gibraltar, Buffered is a safe VPN service, as its location is not part of the 5/9/14 Eyes alliances. Neither does the provider keep any traffic logs, so that is another plus.

The only problem is that they do collect: your IP address, OP system, browser, bandwidth data, and connection timestamps, along with other general information.

These connection logs may be less riskier, but still prove detrimental to your digital privacy. According to their TOC, your real IP address, bandwidth consumed, and connection duration are stored for 30 days!

Of course, since Buffered is not based in an “Internet Enemy” location, you can believe they are safe. Not to mention, they did not lie about their logs, and were actually transparent.

So, I may not like the recording of connection logs, but EVERY VPN indulges in some sort of logging. The only important part is being honest about it, and that Buffered VPN is!

8. BolehVPN – Headquartered in Malaysia

Since BolehVPN has its headquarters in Malaysia, it comes under a “Safe Jurisdiction”. This gives it an edge over other VPN services. However, it fails at keeping your identity safe. If you visit their TOC page, they claim:

“BolehVPN does not keep logs of user activity or access. We do keep logs of general traffic throughput of our servers to ascertain loading and usage of our servers but not at an individual level. However if we do notice any unusual activity on our servers (high bandwidth loading, high number of connections or CPU usage) we may turn on logs temporarily to identify abuse of our services (such as DDoS or spamming through our servers).”

Before updating this “Logging Policy” heading, BolehVPN even claimed this happened “a handful of times in our many years of operation.” What this suggests is that the provider may even cooperative if they receive a subpoena on revealing logs on specific targets.

9. Betternet – Headquartered in Canada

Based in Canada, Betternet may have fooled many with the “FREE VPN” swindle, but their data mining activities will be revealed sooner or later.

Its location already hinders privacy, as Canada is part of the Five Eyes Alliance. Then, the service further stores “Traffic Logs” such as your IP address and browsing activity.

Their privacy policy does state that “Betternet does not collect, log, store, share any data log belonging to users.” At the same time though, the VPN is found aggregating data about websites visited.

Judging that the service is “free” and supposedly runs on an ad-revenue model, it is also safe to assume they sell logs and private information to third-parties.

10. FlyVPN – Headquartered in USA

FlyVPN is another US-based service. This automatically reduces its credibility, as the provider does have to store logs, a law made mandatory by the government.

However, what I like about the provider is that they do not lie about their logging details. They openly state on their TOC page, “When you use FlyVPN, we will record the following information:

  • Your local IP
  • Your full name
  • Your email address
  • Your phone number
  • Connection Timestamps
  • Assigned Port Number
  • Assigned IP Address
  • Disconnection Timestamps

As such, they are guilty of storing both: Activity/Usage and Connectivity Logs, including your IP, timestamps, destination IP, and port number, which can instantly link back to you.

11. Faceless.me – Headquartered in Cyprus

Cyprus is not part of the 5, 9, and 14 Eyes Jurisdictions. This gives Faceless.me a good edge in the marketplace, but unfortunately they do log user information.

In a statement from their FAQs, Faceless.me claims “We only track your data usage totals and your IP address, which is required for our internal bookkeeping. And even this data is kept on our servers for a limited time.

At the same time, they boast having a VPN no logs policy and proudly state on their homepage, “We’re not keeping logs of your activity, so in case FBI asks – there’s nothing.”

It is hilarious how dumbfounding these VPN services and their contradictory statements are. One thing is for sure, Faceless.me is not a safe choice!

12. Flow VPN – Headquartered in Canada

Based in Canada (part of Five Eyes Alliance), FlowVPN has developed quite the reputation in the marketplace. However, just like many, it fails to protect your identity online.

If you visit their TOC page, the provider states, “We reserve the rights to log subscription information (including transaction references), connecting IP address, authentication requests, session data (allocated IP, connection date, time, duration etc)“

This statement is well hidden, so that Flow VPN can fool its own customers. However, this is not the worst part. They further go on stating:

“To comply with the requirements of our bandwidth providers we reserve the right to log activity across our network and use automated systems to monitor network activity for abuse (such as use of BitTorrent and similar peer-to-peer file sharing).”

This directly means that when you sign up with the service, you are agreeing to getting your logs stored. I doubt this VPN can be considered secure from any angle.

13. Freedom-IP – Headquartered in France

Freedom-IP has its office in France, which is a 14-Eyes Country, famous for its strict policies surrounding internet usage. The location already gives the VPN quite the negative impression.

Where one may think they would fool customers, they are actually honest about their logging policies. A statement from their privacy page clarifies that they do not record content of communications.

However, they are quite straightforward regarding what data they collect during each session, which includes a lot of alarming information that is traceable back to you:

  • IP Address of connection
  • Start time of session
  • End time of session
  • Data received of session
  • Data sent of session
  • Timestamp of connection

 

14. HolaVPN – Headquartered in Israel

Israel may not be a part of the 5, 9, and 14 Eyes Alliances, but they are considered an ally. As such, the location is not a safe place for VPNs, particularly if you seek privacy.

Just like most providers, the VPN states, “We do not share your Personal Information with third parties except with specific consent pursuant to this Privacy Policy or if required by applicable laws or court order“.

However, when you observe their Privacy Policy, the VPN claims that they log information, such as the unique identifier generated from your device, mobile number, access times and dates, websites you visit, time spent on those pages, browser type, and IP address.

“We use such data in its aggregated form and is not combined with any Personal Information.” Clearly a phone number is PII, and so effectively is an IP address.

15. HideMyAss – Headquartered in UK

UK is the official founder of the UKUSA Agreement. The location and their VPN services can definitely not be trusted to keep your identity hidden.

Government Laws and gag orders from GCHQ and other secret intelligence agencies, make it mandatory for providers like HMA to store logs.

Of course, the provider refutes such claims and sells the same story, “We DO NOT store details of, or monitor, the resources (including websites) you connect to or any of the data sent or received over our network”

However, the provider has been caught recording connection timestamps, bandwidth data, real IP address, and VPN address. Back in 2011, HMA was involved in a FBI case, where they handed these very details to the intelligence agency to track down a LulzSec Hacker!

16. HideIP VPN – Headquartered in Moldova

Moldova is a safe location, as it is not part of the invasive alliances or labelled as an “Internet Enemy”. Unfortunately, the VPN itself proves to be unsafe, disregarding your right to privacy.

Their TOC states, “HideIPVPN will not intentionally monitor private electronic mail messages sent or received by its clients unless required to do so by law, governmental authority, or when public safety is at stake.”

This means, they are a cooperative company and do store logs to hand over in cases of emergencies. The worst bit of all though is their own distrust in its abilities as a provider.

While checking out their Privacy Policy, I found this rather funny statement, “HideIPVPN urges its clients to assume that all of their on-line communications are insecure”.

17. Hotspot Shield – Headquartered in Switzerland

Away from the secret alliances, yet such an unsafe service. Hotspot Shield started off real good, but soon tumbled downwards – as their shady activities were brought to light.

Of course, the VPN claims they “collect only anonymous, aggregate data about which websites our users visit and which apps our users use”

However, this is purely false as a CSIRO study proved that Hotspot Shield uses tracking codes for gathering information about users to sell them to advertisers.

A privacy advocacy group has also charged the VPN with a complaint, as part of their questionable activities, which involve redirecting traffic through affiliate links.

18. IPVanish – Headquartered in USA

Being based in the US is not bad enough, but IPVanish has also been found guilty of leaking information to government authorities. Yes, it is sad news but the provider is unreliable.

Of course, the VPN claimed for the longest that, “Our strict zero-logs policy keeps your identity under wraps. We do not record any of your activity while connected to our apps in order to preserve your civil right to privacy.”

However, this is extremely untrue, as the VPN handed over logs to US Department of Homeland Security (DHS), in a case involving child abuse and pornography back in 2016.

Read this criminal affidavit for more information, where you can see IPVanish kept logs of the suspects’ IP address, connection/disconnection timestamps, full name, email address, username, account status, and various other personally identifiable data.

19. IPredator – Headquartered in Cyprus

Cyprus is a safe location, as its government does not pass mandatory data retention laws. Not to mention, they believe in right to user privacy.

IPredator gains fame in the marketplace for this very reason, but according to their “Legal” page, the provider does indulge in some logging.

“We minimize the use of logs within our systems and only grant access to them to a selected number of staff for debugging when service quality is an issue.”

Information collected by the provide include your name, telephone number, email address, and payment data. Other session data is recorded only for troubleshooting.

20. IPinator – Headquartered in USA

Based in the US, IPinator automatically loses most of its trust factor. The country imposes mandatory data retention laws, which VPNs like IPinator have to follow.

If you check out their “Terms of Service” page, they first claim not to keep any logs. They state they do not support the sharing of private information to any third-parties.

However, if they receive any demands from the government, the provider will do what is required by law. This statement contradicts their “no content logs”.

They further go on stating, “IPinator.com may monitor certain aspects of the network to manage abuse, maintain and/or improve service”. This indicates they do record session information.

21. IronSocket – Headquartered in Hong Kong

Hong Kong is safe jurisdiction in terms of privacy, but IronSocket itself is found guilty of logging both: activity and connectivity logs.

Of course, they do state that “We DO NOT LOG or record in any manner the content you access while using our Service” on their Privacy Policy page.

However, at the same time, they claim upon using of services, they do connect session information for 72 hours before being purged. The information includes:

  • Time and date of connection and disconnection
  • Real IP address and the ones assigned according to server
  • Numerical representation showing bandwidth consumed per session

22. PureVPN – Headquartered in Hong Kong

Based in Hong Kong, PureVPN does manage to stay away from the invasive intelligence agencies of Five, Nine, and Fourteen Eyes countries, giving it quite the edge.

The provider for the longest claimed to have a “zero logs policy”. However, when they turned over data in a FBI case 2 years ago, they lost all their reputation.

The case revealed that PureVPN has records of all data concerning: your name, email address, phone number, IP address, bandwidth consumption, and connection timestamps.

That is how the FBI was able to identify the individual responsible for cyberstalking and cyberbullying an innocent girl. While the case does raise a moral question: how much more torture would the girl go through, if the case had not been closed?

It also raises a concern about consumer trust. Such a high-profile case definitely was not good for business, and I can see PureVPN trying to win back its trust from users.

Truth be told, the service is actually quite good, only if they had been transparent with their customers to begin with, PureVPN might have turned this into something positive!

23. proXPN – Based in USA

A few years ago, I would have trusted a US-based service. However, that was before Edward Snowden leaked documents revealing details about the 5, 9, and 14 Eyes Alliances.

Ever since I read about what agencies in these countries were up to, I just cannot recommend using a provider that is based in the US.

proXPN although has a very strong image in the marketplace. The VPN has never been caught revealing data to US intelligence agencies, and their Privacy Policy is quite detailed.

They also boldly state on their homepage, “proXPN’s VPN software lets you surf the web the way it was intended: “anonymously and without logging and tracking your activity”

So far I could not find any info relating to the storing of activity/usage or connectivity logs. Ultimately, the decision of signing up with the provider is up to prospects.

24. PrivateVPN – Based in Sweden

Unfortunately, PrivateVPN cannot be considered a safe provider, cause it has its headquarters in a fourteen eyes jurisdiction. Of course, Sweden may be lenient in terms of user privacy.

However, if there is any incident similar to what ExpressVPN and PIA had to encounter, PrivateVPN will not be able to counterattack.

A subpoena from the government accompanied by a gag order is all it would take for the provider to hand over logging information.

Of course, PrivateVPN does deny storing logs, but just like most providers in this list. They do store minimal connection logs, which may/may not link back to you!

25. ProtonVPN – Based in Switzerland

Based in Switzerland, one may think ProtonVPN is a safe VPN service. It is amazing, cause well, it is free. And, this is exactly what got me digging into the provider.

Turns out, the VPN is currently fighting allegations of being linked to a data mining company known as “Tesonet”, which has even signed their Android app on the Google Play Store.

Of course, ProtonVPN’s homepage states, “As a Swiss VPN provider, we do not log user activity or share data with third parties”. However, these allegations make the situation a little tricky.

Digging into their Privacy Policy further, I learnt that ProtonVPN does indeed maintain connection timestamps indefinitely, which may be linked to user accounts or actual IPs.

26. Seed4.me – Headquartered in Taiwan

Despite Seed4.me not being based in an “Internet Enemy” jurisdiction, they still do keep logs. This is exactly what I try to elaborate everywhere I go. No matter the service, they WILL LOG!

There is no way around it. A VPN service does indulge in some sort of logging, and in the case of Seed4.me – they are very honest about it.

In a blog, Seed4.me states, “We are often asked: “Do you keep logs?” and the answer is “Yes, we do”. The same as the rest VPN providers in the world!”

They further go on stating, “If anybody says VPN company does not keep ANY logs, they lie”. Seed4.me does record some connectivity logs, but that information is deleted after 7 days.

It is also quite interesting to see that the provider does not have a privacy policy or a TOC. They address all VPN related queries in the blog post I hyperlinked earlier.

This provider does not have a privacy policy and does not cover logs in its TOS statement. Instead, it addresses the issue of logs in a blog post.

27. SunVPN – Headquartered in USA

Based in a 5-Eyes Jurisdiction, SunVPN does indeed record connectivity information and IP addresses. They also openly state about their cooperation to law enforcement agencies whenever needed.

“If we have reasonable grounds to suspect that an end user is involved in online criminal activities, we reserve the right to notify law enforcement agencies.”

Their privacy policy is very detailed yet concise, laying out all the information recorded by the provider in the form of a list, which include IP address, timestamps, and bandwidth consumed.

28. StrongVPN – Headquartered in USA

I will not go too in-depth into explaining why StrongVPN is considered an unsafe provider. If I put it in simple words, it is a US-based provider, which simply cannot be trusted.

Of course, the providers privacy policy claims, “StrongVPN does not collect or log any traffic or use of its Virtual Private Network service”

However, nobody can really be sure until these claims are verified for any reason. Until then, I would leave it to prospects to decide whether or not they want to trust the service.

29. SaferVPN – Headquartered in USA

SaferVPN is another US-based service. With that being said, one can never stop worrying about the NSA and FBI spying on them.

The VPN itself does not have a very strong reputation in the marketplace, and this further reduces its credibility as a reliable or safe choice.

However, the provider is quite clear in informing what metadata they record on their privacy page. This includes server location connection, bandwidth consumed, and connection/disconnection timestamps.

They further log which country you connected from, while boldly claiming they do not record IP address. I do not believe this though. Could might as well be a gimmick to trust them!

30. TunnelBear – Headquartered in Canada

Canada comes under the list of the first country, who the UKUSA Agreement was extended to, eventually adding two more to form the Five Eyes Alliance.

With that in mind, TunnelBear being based in Canada is hardly a positive sign. Not to mention, it sells the same “Free VPN No Logs” swindle, which is actually riskier.

The providers privacy policy does claim that it does not collect traffic logs or monitor any user activity. However, they do collect info about, Operating system version, TunnelBear app version, Active for the month (1 or 0), and Monthly bandwidth usage.

To be fair, TunnelBear recording this info looks like they are playing “word games” when it comes to logs, to hide their true colors. I would not recommend the provider, if privacy is what you crave!

31. TorGuard – Headquartered in USA

I was a little double-minded about adding TorGuard to this list. Especially considering the provider offers exceptional privacy tools, along with quite the remarkable dedicated IPs list.

However, just because they are based in the US, I feel a little unsafe about signing up with the provider – for maintaining my anonymity online.

Their privacy policy for the most part was clear and not filled with contradictions. TorGuard claims it “does not store or log any traffic or usage from its Virtual Private Network (VPN) or Proxy.”

However, this can only be verified if they encounter a subpoena or gag order from an intelligence agency or the government. Till then, I would leave trusting the provider to prospects!

32. TigerVPN – Headquartered in Slovakia

TigerVPN is quite the safe provider in terms of Jurisdiction. Users would not have to worry about the provider cooperating with the intelligence agencies in other countries.

They claim to be committed to your privacy in their TOC, guaranteeing they do not collect or log traffic data. However, this does not extend to connectivity logs.

“We are committed to your privacy and do not collect or log traffic data or browsing activity from individual users connected to our VPN.”

The provider does keep connection/disconnection timestamps and bandwidth data information. The good thing is the VPN does not store real user IP addresses.

As such, you are still quite secure with the VPN service. Of course, signing up with the provider is entirely on prospects. I am just the informer!

33. VPNSecure – Headquartered in Australia

VPNSecure has its HQ in Australia, which is a Five Eyes Country. As such, it may not be the most trustworthy option, as the country does indulge in mass surveillance and intelligence sharing.

This makes it mandatory for ISPs, telecoms, and VPN services to retain data, which the government or secret agencies can access whenever required, by issuing a subpoena or gag order.

The provider itself tries to ensure that they do not store any personal information and guarantee they do not log your IP address, timestamps, bandwidth used, or DNS requests.

However, even though no logs are recorded, they offer a “Warrant Canary”, which currently gives the “We can’t seem to find the page you’re looking for” error, indicating the service might have been issued a subpoena or gag order by the government or DIO, ASD, ASIO, or ASIS.

34. VPN Unlimited – Headquartered in USA

Based in a 5 eyes jurisdiction, VPN Unlimited provided by KeepSolid Inc, may not be a safe option for many. The location itself imposes mandatory data retention laws.

Of course, VPN Unlimited claims otherwise on their privacy policy page, just like the names above. However, the reality is quite different.

“KeepSolid Inc. does NOT collect and log any user activities while using any of their VPN services, except the total amount of web traffic for each session and session dates, for displaying them in user’s web cabinet and within the VPN client apps.”

This statement contradicts their “does NOT collect and log” claim, as they still do store information about web traffic, connection timestamps, device type, and encryption type.

35. VPN Gate – Headquartered in Japan

VPN Gate might be located in Japan, but they do not take user privacy seriously. However, the good thing is that they are open about their logging policies.

If you visit their Anti-Abuse policy page, the provider claims “We always keep VPN Connections Logs of VPN Gate Public VPN Relay Servers for three or more months.

The information recorded by the service includes connection timestamps, IP address, destination VPN server, raw IP and hostname of client, etc.

36. Windscribe – Headquartered in Canada

Since Windscribe has its headquarters in a Five Eyes Jurisdiction, it cannot be considered a safe option, especially if you want to leverage complete digital privacy.

They have free and paid plans available. For the former, they do record total amount of bandwidth consumed in 1-month period.

However, the provider is also found recording timestamps of users. They claim this information is not linked to accounts or IP addresses, but we may never know for sure.

They do post real-time data requests from law enforcement agencies on their transparency reports page. However, not much information is available regarding these notices.

37. ZenMate – Headquartered in Germany

Based in Germany, ZenMate loses its credibility, due to being linked to a 14 Eyes country. The provider just like the many above claims to operate with a no-logs policy.

However, considering they have a free plan available, this is kind of hard to believe. They might keep traffic and bandwidth logs for tracking.

On their privacy policy page, they also mention the recording of IP addresses, but state they are only processed temporarily. Ultimately, trusting the VPN is up to prospects.

Trustworthy Providers with a Strict VPN No Logs Policy

Now that you are aware about what VPN services to avoid. I figured it would be important to give you information on providers that are less-riskier in terms of logging.

Trustworthy VPNs with a Strict “No Logs” Policy

Of course, there are only a few with VERIFIED “no logs” policies, so they will be more in-depth. Hope you appreciate the effort, because it took me 72 hours in getting this research and write-up done!

1. Avast SecureLine – Based in Czech Republic

Away from 5, 9, and 14 Eyes Jurisdictions, Avast SecureLine has its headquarters in the Czech Republic, which is an internet friendly country. This boosts its credibility in the marketplace.

Of course, the provider itself is quite amazing too, offering a suite of privacy tools to keep your identity hidden in the marketplace.

Does Avast VPN keep logs? Gladly, the provider is safe from any activity/usage logs. The only thing they do record is the time and network location of VPN connections.

This information is deleted after 30 days, and will not really link back to your identity. Therefore, you can consider Avast a safe option for your online privacy.

2. CyberGhost – Based in Romania

Probably one of the safest VPNs in the marketplace, CyberGhost has its headquarters in Romania, which is an internet friendly location. One that believes in user-privacy (quite rare).

As such, the provider itself has no obligation of storing logs on users. This allows them to fulfill their promise of privacy, which is perhaps what EVERY individuals craves.

In its Privacy Policy, CyberGhost sates,

Through our strict no-logs-policy, we ensure that we do NOT track user traffic performed inside the CyberGhost VPN tunnel such as: browsing history, traffic destination, search preferences, data content, IP addresses or DNS queries.

The only thing they do record is “connection attempts” to determine whether or not they were successful. However, even this information is not tied to user accounts. Undoubtedly, CyberGhost is a great choice for privacy-conscious users around the world!

3. ExpressVPN – Based in British Virgin Islands

I personally consider ExpressVPN to be safest choice in the marketplace. A VPN that doesn’t keep logs and is away from “Internet Enemy” jurisdictions, definitely falls under the “respects user privacy” category.

On January 2017, Turkish authorities raided ExpressVPN data centers to investigate the assassination of Andrei Karlov (Russian Ambassador of Turkey), which occurred on the 19 December 2016 by Mevlüt Mert Altıntaş (an off-duty police official).

While that much is clear, the investigation did not come to a halt. Authorities tried finding links to other individuals involved, only to find out the police officer’s Facebook and Gmail were deleted.

Digital traces revealed, the action was done over a private connection, operated by ExpressVPN.After seizing the server in question and conducting a thorough inspection, no useful information was revealed.

This forced investigators to contact ExpressVPN directly for logs. The provider mentioned about its NO LOGS policy, standing at the forefront for privacy in the marketplace of VPNs.

In a testimonial, the VPN service writes,

As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators.

 

4. FrootVPN – Based in Sweden

Since FrootVPN has its headquarters in a 14 Eyes Jurisdiction, it cannot be considered a trustworthy service. The provider will have to cooperate with authorities in revealing logs when demanded.

There is no work around to it, hence why I always advise users to stay away from “Internet Enemy” locations. They simply are not worth it.

FrootVPN obviously states quite boldly that they do not store logs,

We do care about your internet privacy. Your details will never be shared with any third-party.

However, they forget to clarify whether or not they will share any information with government authorities or intelligence agencies, when issued a subpoena or gag order!

Their logging page and Privacy Policy are also quite vague and only state that there are no connection logs such as timestamps stored. What about other Personal Identifiable Information (PII)?

5. HIDE.me – Based in Malaysia

Malaysia is a safe internet jurisdiction, away from the 5, 9, 14 eyes alliances. This gives Hide.me quite an edge over other names in the marketplace. The VPN respects users’ right to privacy.

As such, it does not keep traffic logs or monitor user activity. Of course, things are different, if you sign up for their free plan, which comes with a 2 GB bandwidth limit.

Subsequently, the provider does keep activity logs (deleted after a few hours). However, if you sign up with the premium plan, you can expect better safety from the provider.

You can view their certificate issued by an independent security analysist verifying their no logs claim. Inside, you can see numerous requests over the years.

The providers’ response for each request was:

hide.me cannot and does not keep any logs; hence we will not be able to provide you with any further information on this matter.

 

6. IVPN – Based in Gibraltar

Gibraltar also comes under safe internet jurisdictions. It does not impose any mandatory data retention laws or indulge in mass surveillance activities on citizens.

This itself gives IVPN an upper-hand in a marketplace, where over 80+ providers are based in “Internet Enemy” jurisdictions. If that were not enough, IVPN imposes a strict no-logging policy.

The provider does not store any session/connection data, such as timestamps, bandwidth usage or activity/usage data, like websites visited, IP address, etc.

There has not been even a single instance of IVPN leaking information to any government or intelligence agency. For more details about their logging, you can check out this detailed “Privacy Policy” page!

7. Ivacy – Based in Singapore

Founded in 2007, Ivacy has been at the forefront of privacy, even before it became a thing. Based in Singapore, the provider is quite safe from invasive surveillance and data retention.

We strictly do not log or monitor, online browsing activities, connection logs, VPN IPs assigned, original IP addresses, browsing history, outgoing traffic, connection times, data you have accessed and/or DNS queries generated by your end.

The only information the VPN provider records is your name, email address, and payment method, when signing up. Of course, you can use pseudo ids and names to further keep your identity hidden.

All of this allows users to stay completely safe online, as no data can link to the specific activities of a particular user of their service. For more information, you can read their detailed “Privacy Policy”.

8. Mullvad – Based in Sweden

Although Mullvad is based in a 14 Eyes Jurisdiction, it is never been found handing over any logs to government authorities. The provider for the most part keeps your identity hidden.

It does not keep any logs of Personally Identifiable Information (PII). However, upon analyzing their “Privacy Policy”, I did uncover Mullvad does track other metrics.

This includes total bandwidth per server, CPU load per core, and total number of current connections, none of which can link back to your identity.

As such, I do consider Mullvad a safe provider, but then again the choice of signing up is up to prospects. Trust is a very important factor when selecting a VPN.

9. NordVPN – Based in Panama

I personally consider NordVPN to be one of the Best VPN No Logs service in the marketplace. Based in Romania, the provider gains a strategic advantage over other names.

The location is highly secure and an internet friendly jurisdiction. Does Nord VPN Log? Nah, they “guarantee a strict no-logs policy”, which is verified by a major accounting firm.

A security audit was completed on November 2018, during which the “Big 4” account firm had access to NordVPNs servers, databases, inspect configurations, observer operations, and employees.

Results revealed that NordVPN does not store traffic logs, IP addresses, connection logs, or any internet activity information that could link back to a user.

Because the provider imposes a six simultaneous connections limit, they do have some mechanisms in place for monitoring. However, none pose a threat to user privacy or security.

10. Perfect Privacy – Based in Switzerland

The Switzerland-based VPN service offers advanced online anonymity and security features. The location itself used to be an “Internet Friendly” jurisdiction too.

However, after the passing of a new law in September 2017, Switzerland can now be considered to be a “cooperative” jurisdiction, which will engage in targeted surveillance.

This does not affect Perfect Privacy and its commitment to keep you anonymous. The provider runs all their servers in RAM disk mode, as they explain on their log policy page.

They also do not record/store any information, apart from total usage on servers. Best part of all: these claims are verified. In August 2016, the Dutch authorities seized one of the providers servers in Rotterdam, Netherlands.

Although the reason for the seizure of server was never given, Perfect Privacy confirmed that no consumer data was handed over:

Since we are not logging any data there is currently no reason to believe that any user data was compromised.…We can now conclude that no customer information was compromised due to the seizure. The Rotterdam location will continue to operate using the replacement servers.

 

11. Private Internet Access (PIA) – Based in USA

PIA is a US-based VPN service that offers an inexpensive and user-friendly experience. It is also the only provider with its headquarters in USA, which I consider to be a safe choice.

Regardless of the mandatory data retention and surveillance laws, PIA has proved itself to be a “no logs” provider, not once but twice in the past 4 years.

“We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited.”

The first court case from 2016 involved the FBI giving a subpoena to the provider demanding logs of a user, who allegedly made bomb threats while using PIA VPN.

According to the official court documents, the only information the provider could give is that the cluster of IP addresses were being used from the east cost of the US.

“A subpoena was sent to London Trust Media [Private Internet Access] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.”

The second case from 2018 involved an online hacker Ross M. Colby, who is charged with three misdemeanors and two felonies relating to alleged computer intrusions.

FBI confirmed that the suspect was using VPN services or PIA in particular to conduct this illegal activity, and demanded logs from the provider, but received nothing in return.

“London Trust Media operates the brand Private Internet Access (PIA), which owns several IP addresses used to hack Embarcadero Media. Private Internet Access does not log user activity, such as what files they accessed or changes they made to a website.”

Sounds like a pretty solid zero-logs policy to me, especially considering PIA manages to keep their users protected, even when intelligence agencies like the FBI show up!

12. Trust.Zone – Based in Seychelles

Since Trust.Zone operates out of Seychelles, they already gain an edge for being based in a “internet friendly” jurisdiction. The provider itself also focuses on delivering complete anonymity.

“All our VPN servers around the world ARE NOT storing any log files to keep your privacy safe. All the usage data is anonymous and not connected to your real, public IP address”

Though these claims are yet to be verified, Trust.Zone for the most part seems like a safe service. I do suspect that they store some form of sessions logs, but ones that do not link back to a user.

13. VyprVPN – Based in Switzerland

Headquartered in Switzerland, Golden Frog’s VyprVPN has put a lot of effort into becoming a trustworthy provider. The location too has contributed positively to the provider.

In 2010, the Federal Supreme Court of Switzerland recognized IP addresses as personal information, which cannot be tracked, without informing the individual involved.

This gave VyprVPN an upper-hand. Switzerland’s favorable privacy laws, also guaranteed top security for the provider and its users. However, in September 2017, a new law came into force.

This law, according to Swissinfo.ch, allows the FIS to indulge in targeted surveillance, bugging of private properties, phone lines, and wiretapping computers, which were previously disallowed.

During this time, VyprVPN did log connection data (including IP addresses), stored for 30 days. However, the provider wants to work harder on protecting user privacy now.

As a result, in September 2018, VyprVPN began working with a Leviathan Security Group for auditing and consultation into transition their service into a full “no logs” VPN service.

Unlike NordVPNs audit, the one performed on VyprVPN is available to analyze by the public and can be referenced by sharing the link. Here is a section from the report:

“We examined all components of the project according to the threat assessment. Golden Frog worked to remediate all no-log-related findings concurrently with the assessment. Once it had completed this, we performed a retest and verified that all of the fixes were effective.”

 

14. VPNArea – Based in Bulgaria

Away from the 5, 9, and 14 eyes jurisdictions, the Bulgarian-based VPNArea is a great choice for users looking to gain anonymity online.

The privacy policy maintains a zero-logging stance, assuring users that their activities remain safe, when using VPNArea – particularly if you reside in a country with tough internet laws.

“We do not monitor, record or store logs for any single customer’s VPN activity. We do not monitor, record or store any login dates, timestamps, incoming and outgoing IP addresses, bandwidth statistics or any other identifiable data of any VPN users using our VPN servers.”

There have also been zero cases against the provider, which further verifies their claims. From traffic, connection, to IP address logs, VPNArea does not record any PII data.

15. ZoogVPN – Based in Isle of Man

ZoogVPN operates in Isle of Man, which is a safe internet jurisdiction. The country’s laws do not mandate data retention or mass surveillance on citizens.

The provider also claims to offer zero logging,

We strictly do not collect or keep any information on user activity, the websites or apps the user uses, user IP addresses, or user log-in/log-out sessions.

If you check out their privacy policy, ZoogVPN also tends to be very explicit about what it does and does not track. Indeed, we have another zero-logs provider.

The only thing they do log is total bandwidth usage on its servers. Users/prospects do not have to worry about logging of online activity or metadata that could link back to them.

VPNs That Do Not Log Vital Data/Info!

You are now familiar with 30+ VPN services that can be deemed “untrustworthy” and over 15+ that guarantee complete anonymity. However, there are still many names left to consider.

These include those VPNs that get straddled in the middle. Providers that are based in SAFE jurisdictions but still log minimal connection information, which may not necessarily link back to your identity.

So, I decided why not create a separate listing for them! Below you can see names of providers that do not log traceable info/data. Signing up with them is entirely up to you.

  1. Anonymous VPN – Located in Seychelles
  2. BlackVPN – Located in Hong Kong
  3. BulletVPN – Located in Estonia
  4. BolehVPN – Located in Malaysia
  5. Boxpn – Located in Turkey
  6. CactusVPN – Located in Moldova
  7. CyberSilent – Located in Poland
  8. CryptoStorm – Located in Iceland
  9. Doublehop – Located in Seychelles
  10. DotVPN – Located in Hong Kong
  11. DathoVPN – Located in Panama
  12. DefenceVPN – Located in Barbados
  13. CitizenVPN – Located in Denmark
  14. EarthVPN – Located in Cyprus
  15. Easy Hide IP – Located in Seychelles
  16. F-Secure Freedome – Located in Finland
  17. Me – Located in Cyprus
  18. FinchVPN – Located in Malaysia
  19. HideIPVPN – Located in Moldova
  20. ibVPN – Located in Romania
  21. In-Disguise – Located in Belize
  22. IdentityCloaker – Czech Republic
  23. IronSocket – Located in Hong Kong
  24. Keenow Unblocker – Located in Israel
  25. Kepard – Located in Moldova
  26. Le VPN – Located in Hong Kong
  27. LimeVPN – Located in Hong Kong
  28. My Private Network –Hong Kong
  29. nVPN – Located in Bosnia
  30. NoodleVPN – Located in Malaysia
  31. OneVPN – Located in Hong Kong
  32. Privatoria – Located in Czech Republic
  33. PandaPow – Located in Hong Kong
  34. sh – Located in Seychelles
  35. SpyOFF VPN – Located in San Marino
  36. SmartVPN – Located in Seychelles
  37. SecurityKISS – Located in Ireland
  38. SwissVPN – Located in Switzerland
  39. VPNLUX – Located in Belize
  40. AC – Located in Romania
  41. VPN Baron – Located in Romania
  42. ht – Located in Belize
  43. VersaVPN – Located in Philippines
  44. asia – Located in Belize
  45. VPNBook – Located in Switzerland
  46. ZenVPN – Located in Dominica
  47. ZorroVPN – Located in Belize
  48. ZPN – Located in UAE

 

Wrapping Things Up

You probably have a good idea now about the variations in the logging policies of VPN services. Where most claim to be logless, they are found gathering Personally Identifiable Information (PII).

Of course, some are more civilized and upon digging deeper reveal, they only record minimal connection information. However, if we talk about complete anonymity. Only a few actually prove to be LOGLESS.

I tried providing as much information as possible for VPNs in all these criteria’s. This is because I know that sometimes it can get difficult to understand the ins and outs of logging policies.

Aside from the different strategies, providers have varied ways of communicating these policies to users, often hiding their true colors behind tricky wordplay.

Anyways, hope this guide proves useful in figuring out the truth. Do comment below, if you have any queries/concerns. I will respond personally. Have a lovely, logless day ahead!

2 Responses to 100+ VPN Logging Policies Exposed – 37 VPNs Keep Your Logs & 15 Don’t

  1. Elizabeth

    Thanks for digging all this information, very useful, I just have a minor question about Surfshark. You mentioned that it provides unlimited simultaneous connections and then wrote that they back it up with “No logs = no restrictions.” But I can’t find Surfshark on your list of VPNs and their logging practices. I’m thinking of buying it, they have their location at British Virgin Islands, so outside 14-eyes countries, claim no-logs, have received good reviews. Where would you put them on your list regarding logging? Thank you!

    • Bestvpn.co

      Thanks for commenting here Elizabeth. Nice catch. I personally consider Surfshark to be one of the safest providers in the marketplace currently. Being based in BVI (an autonomous nation), gives them quite an edge over others VPNs, as they are away from “Internet Enemy” jurisdictions. I am updating this listing of providers on a daily basis and you can expect seeing the provider in our “Trustworthy VPNs” section soon (which as you can see only includes a few names). Just need to complete my research. Do keep checking back for updates 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *