Why you should be skeptical about a VPN’s no-logs claims

Why you should be skeptical about a VPN’s no-logs claims

Never mind its speed, customer service, or price — the single most persuasive claim any virtual private network provider can make to appeal to potential customers is that it keeps no logs of your web activity while you use its service. Every leading service in our directory of recommended VPN services and in the wider market globally claims to be a “no-logs” provider.

The problem with that no-logs claim, though, is that you can’t prove a negative. Verifying that a VPN isn’t logging user activity is impossible from the outside. That’s why some VPNs hire external auditors — or even journalists —  to check inside their networks and see if they can find anything amiss. It’s a nice idea, but even once you’re rummaging through internal servers, not stumbling across a trove of logs doesn’t mean they aren’t there.


That’s the core problem with even the best VPN — despite all the audits and transparency gestures many companies undergo, it’s still a user-trust business. No matter how much we trust any particular VPN to help mask our internet browsing, it’s virtually impossible to verify whether a VPN truly keeps no logs. And we engage in that service knowing that all of our data is essentially funneled to a single company, with servers whose activity no expert can verify.

The reality is that all VPN providers have to keep certain logs of your activity in one way or another to make sure the service is maintained, and to continue operating at maximum speed. If you’re using the VPN just for watching out-of-area sports or streaming services, you may not be worried about a record of your VPN traffic. But for political dissidents, lawyers, journalists and leakers, distinguishing between the two types of user logs kept by VPN companies when deciding which you should invest in is key to personal safety.

Connection Logs

The first kind of logs VPN providers may keep are sometimes called connection logs. In the best-case scenario, these are limited and seemingly anonymized logs that help the VPN provider monitor the workload of each server so that they can manage traffic, prevent abuse of the service and keep its network running. Any VPN service that limits the number of simultaneous connections per user (which is nearly all those we’ve reviewed, except for Surfshark) has to keep some of these kinds of logs in order to enforce the customer limit.

Connection logs could include things like:

  • The time you connected to the VPN and how long you were connected for
  • The IP address you originally connected from
  • Which server within the VPN you’re connecting to
  • Any diagnostic data you agree to send to the VPN following a crash

Because data retention laws vary by country, a VPN provider may be required to keep some kind of connection logs for a specific period of time in order to make them available to law enforcement officials if subpoenaed.

Make no mistake, some of these types of logs can readily identify your home as a source of internet traffic, thereby compromising your privacy. Because of this, some companies such as ExpressVPN, vow to never keep connection logs.

It’s worth looking at the types of connection logs your VPN claims to maintain, and for how long they’re maintained. If your VPN keeps IP address connection logs, for instance, then it’s best to look elsewhere for a provider…Read more>>