Internet privacy concerns are at an all-time high, and VPNs are being touted far and wide as the one-stop solution to keep internet providers, governments, hackers, websites, and advertisers out of our online lives. Believe the hype; a VPN can secure your internet connection from all of those entities and more.
It does this by encrypting your internet traffic and routing it through a remote server before it goes on to its destination. Your ISP can only see that traffic is passing through its network, but not its contents or final destination. After your traffic leaves that server, websites and apps can’t trace the source of the traffic back any further than the VPN server.
But what about the VPN providers themselves? What’s stopping them from mining your data, recording your online activity, and selling it off to third parties or using for other nefarious purposes?
In short: nothing. A VPN provider has the power to record each of their user’s browsing data and metadata. But reputable VPNs all tout an important policy: no logging.
If you don’t want to read the full article, here’s a brief summary of the best VPNs with no-logs policies:
Best No Log VPNs:
- NordVPN Our #1 choice for a logless VPN. Superfast speeds, easy-to-use app, and a stringent no-logs policy. Includes a 30-day money-back guarantee.
- Surfshark Low-cost VPN with an independently-verified no-logs policy. Allows unlimited connections and boasts a fantastic security offering. Generally high speeds.
- ExpressVPN Retains no logs that contain personally identifiable information. Servers are great for streaming and downloading.
- IPVanish True zero logs policy, with no traffic or metadata logs recorded of any kind.
- StrongVPN Torrent-friendly VPN that doesn’t keep logs and uses strong security. Even works well in China.
- Private Internet Access Keeps no logs. Policy survived a court challenge as they had no identifying information to meet information request.
What is a no-log VPN?
Logless VPNs don’t keep a record of their users’ activity–at least not with any personally-identifiable information. Unfortunately, the term “log” isn’t entirely clear cut. There are two main types of logs, and many VPNs lay claim to a “no logs” policy while really only adhering to one.
Traffic logs, sometimes called usage logs, are the ones users should be most concerned about. They contain the contents of all your internet traffic–what websites you visit, emails, search queries, etc. A VPN provider that records this information isn’t doing its job and should be avoided at all costs.
Then there are metadata logs. These are also referred to as session logs, connection logs, or diagnostic logs. Metadata logs don’t contain the contents of your internet traffic, but instead, record details about how you use the VPN. Sometimes, metadata logs are harmless and only contain non-personally identifiable information like how much bandwidth or data you use, timestamps of when you use the service, and which servers you connected to.
The type of metadata log we’re most concerned with are those containing users’ source IP addresses. If a VPN records your source IP, then there’s a good chance your activity can be traced back to your device.
If you’re short on time take a quick look at our shortlist of the best logless VPNs below. We’ll go into more detail on each of these later.
The best no-log VPNs
We’ve listed what we think are the best logless VPNs based on the following criteria:
- No traffic logs
- No source IP logs
- DNS leak protection
- Shared IP addresses
- Accepts Bitcoin as payment
Money-back guarantee: 30 DAYS
NordVPN is our top choice for a logless VPN. It operates with a true no-logs policy meaning that no traffic or metadata logs are stored. Those who don’t want to leave a paper trail can pay with Bitcoin. NordVPN is incorporated in Panama, where there are no mandatory data retention laws. For the extra-cautious, users can connect to privacy-optimized servers featuring Tor over VPN and double VPNs. Torrenting is allowed and NordVPN can unblock a wide range of geo-locked streaming services like Netflix, Hulu, and more. Apps are available for Windows, MacOS, iOS, and Android.
- Enjoy complete anonymity with no logs and cryptocurrency payments
- Operates a network of more than 5,000 servers in 59 countries
- Unblocks most popular geo-locked streaming services
- Excellent speeds for streaming and downloading
- Top-notch security and privacy protection
- Customer service available via 24/7 live chat
- Desktop app can take some getting used to
BEST LOGLESS VPN:NordVPN is our fist choice. It has incredible speeds for streaming and torrenting, keeps no logs, and allows up to 6 simultaneous devices. A 30-day money-back guarantee makes it risk-free.
Read our full review of NordVPN.
Money-back guarantee: 30 DAYS
Surfshark is a budget-friendly VPN that keeps snoopers at bay with 256-bit encryption, multi-hop servers, a zero-logs policy, a kill switch, and DNS and IPv6 leak protection. Additionally, it accepts Bitcoin, Ripple, and Ethereum payments, just in case you’d like an extra layer of anonymity. Given Surfshark’s NoBorders mode can even bypass China’s Great Firewall, streaming platforms like Netflix don’t pose any kind of a challenge.
This VPN allows unlimited simultaneous connections and provides apps for MacOS, Windows, Linux, Android, and iOS. Manual installation is required for supported routers.
- Impressive security offering, accepts several cryptocurrencies
- Speedy VPN with great unblocking ability
- Connect any number of devices
- Excellent security and encryption standards
- Some servers are much slower than others
BEST BUDGET VPN:Surfshark is a budget option that has a proven no-logs policy. It’s fast too, and boasts a solid set of security tools, making it ideal for anyone looking to surf the web in private. All plans include a 30-day money-back guarantee.
Read our full Surfshark review.
Money-back guarantee: 30 DAYS
ExpressVPN doesn’t record or store any web traffic contents or personally identifiable information on its users. If you want to sign up anonymously, you can even use a burner email address, pay in Bitcoin, and register on its .onion website through Tor. Some diagnostic information, such as dates (not times), server, and the amount of data transferred is recorded but not associated with a specific IP address or any other personally identifiable information.
The company is incorporated in the British Virgin Islands, which has no mandatory data retention laws. Torrenting is allowed and ExpressVPN is also great for unblocking geo-locked content on Netflix and Hulu when traveling abroad. Apps are available for Windows, MacOS, iOS, Android, Linux (command line), and certain wifi routers.
- Fast connections with no bandwidth or data restrictions
- Large network of servers can unblock just about any popular streaming service
- 24-hour live chat support, 7 days a week
- Not as cheap as some other services
BROWSE ANONYMOUSLY:ExpressVPN holds its own. A fast and reliable choice. Great privacy features and keeps no logs. Great at unblocking all major geo-restricted streaming services. 30-day money-back guarantee.
Read our full review of ExpressVPN.
Money-back guarantee: 30 DAYS
IPVanish maintains a true zero logs policy, meaning no traffic or metadata logs of any sort are recorded. The company is based in the United States, which might put off some users wary of the NSA and FBI, but the truth is that the US has no mandatory data retention laws. The company owns its global network of physical servers rather than renting, giving maximum control over who has access. Customers can pay in bitcoin and even hide the fact that they’re using a VPN using a special traffic obfuscation feature. Torrenting is allowed. Apps are available for Windows, iOS, MacOS, and Android.
- Keeps zero logs of user activity and metadata
- Owns and operates all the servers on their network, providing good speeds
- Strong encryption and privacy protections
- Scramble obfuscation toggle helps get around bandwidth throttling
- Operates over 1,300 servers in over 75 countries which includes over 40,000 IPs
- Offers 24/7 live chat
- Apps don’t work in China
BEST LOGLESS VPN:IPVanish is our top choice. Keep zero logs. Own network of super-fast servers and score top marks for privacy and security. A favorite with Kodi users and torrenters. Try it risk-free with the 30-day money-back guarantee.
Read our full review of IPVanish.
Money-back guarantee: 30 DAYS
StrongVPN claims it keeps no logs of any sort, traffic or metadata. The US-based provider owns its own servers, accepts bitcoin, and allows torrenting. Traffic obfuscation is available to those who want to hide the fact that they are using a VPN from their ISP. We’ve had decent luck in unblocking streaming services like Netflix and Hulu in web browsers when using StrongVPN. Torrenting is allowed. Apps are available for Windows, iOS, MacOS, and Android.
- No logs policy protects your privacy
- Even bypasses China’s Great Firewall and favored by frequent travelers to Asia
- High-grade encryption and authentication settings
- Some users might find minimalist design limiting
- We found customer support to be somewhat lacking
VERY RELIABLE:StrongVPN confidently overcomes geo-blocking. Good on privacy and they retain no internet browsing logs. Ample security. Manual configuration can challenge some users. 45-day money back guarantee.
Read our full StrongVPN review.
Money-back guarantee: 30 DAYS
Private Internet Access, or PIA for short, keeps no logs of any sort. It even once published a court order to hand over customer records to prove it. Because it doesn’t log, it had nothing to give up. The company is based in the US. It accepts payment in bitcoin. Torrenting is allowed. Apps are available for Windows, MacOS, iOS, Android, and Linux. It’s not the most user-friendly but is a good low budget option.
- Keep no logs, DNS leak protection and kill switch are activated
- Can connect up to 5 devices at the same time
- Impressive security features and privacy protections
- Be prepared for troubleshooting in community forums
- Streaming speeds can be inconsistent
- Can’t unblock as many streaming sites as other providers on this list
GOOD PERFORMER:Private Internet Access has top security, low price, rich security features, and great customer service. Speeds can be inconsistent. 7-day money-back guarantee.
Read our PIA review.
VPNs with a history of logging
HMA was implicated in the arrest of a Lulzsec hacker due to its poor logging policy. HMA complied with a court order to hand over data related to one of its users, Cody Kretsinger. Kretsinger was involved in a cyber attack on Sony Pictures and used HMA to conceal his identity. HMA says it never stores the contents of users’ internet traffic, but it does record detailed metadata logs that contain users’ real IP addresses, which was enough to eventually land Kretsinger in jail.
VyprVPN is a solid VPN save for one thing: it logs source IP addresses. This has led many users to complain about receiving letters demanding they stop torrenting, even though they only do so when connected to the VPN.
VPNBook logs source IP addresses and connection timestamps, which are deleted weekly. In early 2013, however, hacking collective Anonymous accused VPNBook of being a honeypot for law enforcement. Anonymous stated user logs “appeared in the court discoveries and indictments of some Anons facing prosecution for their involvement in #Anonymous activities.”
How to decide if your VPN is trustworthy
No matter what their privacy policies say, using a VPN that claims to be logless still requires a certain degree of trust. There’s simply no way to know whether a company stays true to its word or how it will respond when confronted with a court order. VPN providers are also vulnerable to internal abuse and external coercion.
But for the most trusted VPN companies, it’s simply not in their best interests to keep logs. It opens them up to government demands, requires time and resources to collect and store data, and can irreparably damage their reputations, resulting in a loss of business.
While you can never be 100 percent confident that a VPN won’t log, there are a few key signs to look for in those that don’t. Below is the list of the key policies and services you should check out before signing up with any VPN provider.
Here’s what to check to see if your VPN is secure:
- Torrenting Policy
- Country of incorporation
- Physical servers
- Shared IP addresses
- DNS Leak protection
1. Torrenting policy
A VPN provider’s torrenting policy is often a good indicator of whether it stores any identifying logs or not. When a VPN user downloads copyrighted content illegally using BitTorrent, there’s a good chance someone working on behalf of the copyright owner will notice and take action. This could come in the form of a settlement letter asking for compensation or a DMCA takedown request.
Depending on the VPN provider’s country, they might be legally obligated to forward these letters and requests to the user. But if the provider has no log of who downloaded what, they can’t possibly know who to forward that information to and the request is dead on arrival. A VPN that does log, however, might forward those letters or requests to their customers or send its own cease-and-desist notice.
Related: Best VPN for torrenting and some to avoid.
2. Country of incorporation
Some countries require all types of internet service providers, including VPNs, to record and store logs for a specified period of time and make those logs available to law enforcement upon request. This was the case with HideMyAss, a UK-based VPN provider now notorious for its logging practices, which are mandated by the UK government. HMA’s logs allegedly led to the arrest of a UK-based Lulzsec hacker using its service.
This is the reason why many VPNs are incorporated in seemingly odd locations. ExpressVPN is incorporated in the British Virgin Islands (not part of the UK), and NordVPN in Panama, for example.
The United States has no such data retention laws that apply to VPNs, but a healthy dose of skepticism should still be applied. It’s not unprecedented for US law enforcement and intelligence agencies to work with tech companies to spy on customers behind closed doors, as we now know thanks to Edward Snowden.
3. Physical servers
All of the VPNs on this list either rent or own physical server hardware. This gives them maximum control over who can access the information on that server. Some VPN companies cut costs by using virtual servers, which can add another undesired player into the mix. If a provider only owns a virtual server, then the physical operator could plausibly install some sort of network analysis tool to capture traffic and metadata.
So physical servers are a must for those concerned about privacy. But whether those servers should be owned or rented is up for debate. There are arguments to be made for both. Obviously, owning a physical server gives the greatest amount of access control. Renting a server could allow intruders to plant backdoors before the VPN company leases it, or steal user data left on the server after the lease ends. However, if a data center suddenly changes its policy on traffic logging, it’s much easier to end the lease for a server in that data center and switch to a new one.
4. Shared IP addresses
Shared IP addresses have become the universal default for most commercial VPN providers these days. A shared IP address works like this: when you connect to a VPN, your outward-facing IP address is changed to that of the VPN server. There may be dozens or even hundreds of other VPN users also connected to that server, all of whom are also assigned the same IP address. That makes it almost impossible to trace any of those users’ activity back to a single person, unless the VPN is storing logs.
VPNs also tend to use dynamic IP addresses, which means these shared IP addresses change periodically. Shared IP addresses are a win-win for both users and VPN providers because they not only increase privacy but are cheaper to maintain for the VPN provider.
A handful of VPNs offer dedicated IP addresses. These are usually static, meaning they don’t change, and might be assigned to a single user. This is useful for a handful of cases, such as setting up a peer-to-peer gaming network or repeatedly logging into a banking website that requires a specific IP. But for most users, shared, dynamic IP addresses are the way to go.
5. DNS leak protection
When you load a website, your browser first sends a DNS request that resolves the website domain (“www.comparitech.com”) into a numerical IP address. Sometimes these requests are sent outside the VPN tunnel and instead go to your ISP’s DNS servers. That means even with the VPN enabled, your DNS requests can still reveal what websites you are visiting to your ISP.
That’s why all of the VPNs we recommended on this list have apps with built-in DNS leak protection. They ensure that DNS requests are sent through the VPN and go to the provider’s private DNS servers instead of your ISP’s.
Sometimes, however, this doesn’t always work. In particular, Windows 10 computers have an issue with IPv6 DNS requests being sent over the unencrypted ISP network even while connected to VPNs that claim to have DNS leak protection. To resolve this, we recommend disabling IPv6 in your network settings.
VPN logging FAQ
How do I know if my VPN logs?
What types of logs should I be worried about?
Logs of your online activity---web history, search queries, purchases, etc---are the most concerning. These can be used to directly spy on you, and any VPN that engages in this sort of logging should be avoided at all costs.
The second priority are identifying metadata logs. These include information that can be used to identify you and corroborate online activities. Your IP address, the IP address of servers you connect to, and connection timestamps all fall into this category.
Lastly, there's diagnostic logs. These are not much of a concern because they cannot be used to track you or your activity. Dates (not times) connected, the last location you connected to, and amount of data transferred are not privacy concerns for the vast majority of users.
Related: Best VPNs for Windows 10 and some to avoid.