Have you ever wondered if your VPN genuinely keeps your online activities private? VPNs often promise privacy and anonymity, safeguarding users from the prying eyes of ISPs, governments, hackers, and others. However, the harsh reality is that not all VPNs are created equal when it comes to logging policies.

Our exhaustive research and extensive testing reveal that numerous VPN providers, contrary to their claims, maintain some form of logs. While it’s rare to find those recording the websites you visit, many catalog other data, such as connection times, your IP address, and bandwidth usage. This practice can stem from various operational needs, like enforcing bandwidth caps or supporting ad-based business models.

What does this mean for users who seek confidentiality? Unfortunately, you might not be receiving the level of privacy you anticipated. The logging policy is a crucial element of a VPN provider’s privacy policy that could significantly impact your online anonymity. Before settling on a service, it’s imperative to understand precisely what data is logged and the potential uses for this information.

In a digital landscape where complete privacy is a prized commodity, we guide you through the nuances of VPN logging policies, ensuring you make an informed decision that aligns with your expectations. Your online privacy shouldn’t have gray areas, and we’re here to ensure that you have the best information possible to make an informed decision.

126 VPN logging policies

In this guide, we’ll explain the different types of logs that might be kept by VPN providers and how they may be used. We’ll also explain the significance of the location of VPN providers in terms of Five Eyes and 14 Eyes countries. We’ll then look at the logging policy of each provider in turn to reveal exactly what its approach is.

TIP: VPNs that don’t keep logs are very popular with torrenters, but not all VPNs allow torrenting on their network. We have a round up of the best VPNs for torrenting here and an article discussing the legality of torrenting here.

Note: Bear in mind that this article will relay our interpretations of the logging policies, some of which can be tricky to decipher. We’re happy to edit inaccuracies if spotted. What’s more, policies are subject to change over time and while we endeavor to revisit this article periodically, we can’t practically track every change as it happens.

The types of logs and how they’re used

VPN logs can record what you do online while using the VPN, as well as identifying information such as your real IP address. Your provider has access to all of your internet activity while connected. So everything your ISP would normally see is technically now accessible by your VPN provider. Of course, if providers actually logged and stored all of that data, they wouldn’t be offering a very attractive service, and would no doubt lose a lot of customers. Instead, a commitment to refrain from logging identifying info is a main selling point for many VPNs.

The fewer logs, the more attractive the service. That brings us to the commonly used claims of “no logs,” “zero logs,” or “logless.” Don’t take these claims at face value. Many providers assert that they don’t keep any logs, but in reality, most keep some form of records. The ambiguity arises because there are many different types of logs that they might keep. You need to delve deeper into privacy policies and/or terms of service to find out what information, if any, is being recorded.

Bear in mind how long logs are actually stored. Some providers automatically delete data after 24 hours while others might store it for longer periods, even indefinitely.

You’ll often find mention in privacy policies of tracking and cookies on the provider’s own website. This is completely separate from VPN usage and is a normal part of any online business.

Now, let’s take a look at the different types of logs you might come across when researching providers.

Connection logs

These might be referred to as metadata, diagnostic logs, or usage logs. They may include timestamps, which VPN server is used, and the amount of bandwidth consumed. Sometimes this data is tied to an individual account but in other cases is only collected on an aggregate basis.

Typically, these records are used to improve and maintain operations. On an individual user basis, a provider may need to keep track of the number of simultaneous connections or how much data is being transferred per day or month. It also makes sense that a provider would want to know how many people are using a given server at one time and the load being placed on that server, in order to optimize the service.

When it comes to privacy, data collected on an aggregate basis doesn’t pose a serious risk. Connection logs tied to an individual user are a little trickier. It really depends on the nature of the logs and whether they are linked to any Personally Identifiable Information (PII). If logs are tied to a user account, this still may be okay. Some providers enable you to open an account without handing over any PII. For example, an account created using a disposable email address and paid for via Bitcoin isn’t traceable to an individual if no PII is required.

One important thing to note here is the definition of PII. Some providers state that they don’t require PII but they do record the IP address of the user. This may be connected to the account upon signup or recorded as part of the connection logs. This brings us to our next type of log.

IP address logs

IP address logs are where a lot of supposedly “no logs” providers get into trouble. An IP address could easily be attributed to an individual, or at least a single wifi router, and should really be considered PII. An IP address connected to a timestamp could potentially link online activity to an individual. Indeed, this has been the scenario in some of the cases we’ll mention as we go through our VPN list.

One of the main reasons to use a VPN is to conceal your IP address. When that information is logged and stored, it has the potential to be exposed to third parties. At best, it could be acquired by annoying advertisers striving to build a profile around each user. At worst, it could fall into the hands of malicious hackers, copyright trolls, or government agencies.

Traffic logs

Finally, but perhaps most importantly, we have traffic logs. When it comes to VPNs, these are the worst kind of logs. They include the contents of internet traffic, such as browsing history, files downloaded, purchases made, messages sent, and software used. Really, no one should even consider a VPN that has been reported to keep these kinds of logs. It defeats one of the main purposes of a VPN — privacy.

A provider might keep traffic logs for a number of reason, but the main one is profit. This is why it’s important to be especially wary of free VPN services. These providers have to make money somehow, and data is valuable. Data that contributes to building a profile around an individual user is particularly so and can be sold to advertisers or other third parties. In the worse case, hackers or snoopers could get their hands on these logs, leaving you wide open to attacks. In particular, leaked personal information can lead to identity theft.

Advertising IDs

Mobile advertising IDs, or IDFA, are unique identifiers usually found on Android and iOS devices. They allow app developers and marketers to track user activity in a similar way to persistent cookies, and link data from different sources to identify you. They can be reset at any time in the device settings.

Advertising IDs can also be stored in cookies on desktop and other devices. In this article, we note whether IDs are collected by the VPN service or app, but not when they’re used on providers’ websites.

These IDs can be used to collect data that is personally identifiable, such as location data. Furthermore, these supposedly non-identifying IDs can be linked to identifying information, such as your email address and phone number.

Despite many VPNs claiming that advertising IDs do not constitute personally identifiable information, the EFF states, “the ad ID is the key that enables a whole range of privacy harms: invasive 3rd-party profiling by Facebook and Google, pseudoscientific psychographic targeting by political consultants like Cambridge Analytica, and location tracking by the U.S. military.”

VPN policies revealed

Now that we’ve covered the types of logs that might be kept by providers and what they might be used for, you’ll have a much better idea for what to look out for when reviewing the logging policies of various providers. It’s time to get stuck in and reveal exactly what these providers track and store, to help you decide which one might be the best for you.

A

AceVPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

AceVPN underwent a “change in management” in late 2022, and with that came a few changes to the privacy policy.

Is privacy policy states “We do not log VPN traffic. We do not spy on our users nor monitor their bandwidth or Internet usage. Our VPN servers do not store any personal identifying information (PII).” This sounds good but is a little ambiguous as it doesn’t actually define “internet usage.”

Upon signup, AceVPN collects all the usual billing information, plus a telephone number and physical address.

In the FAQ page it states that “We do not log period. No meta-data logging, no traffic logging, no bandwidth usage tracking.”

AirVPN (Italy) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but they’re aggregated logs
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

In AirVPN’s FAQ section, in response to the question “Do you keep session logs or any other kind of logs that can be used to track identity and Net activity?” the response is “No, we don’t keep logs of that kind.”

Over in the privacy policy, it states that “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.” This could be cause for concern. However, it later states, “Data are aggregated in anonymous form for statistical reports on servers usage, CPU stress, technical issues, in order to improve the service, fix bugs and as a countermeasure against net attacks.” This implies all connection logs are aggregated, which means they would not be associated with an individual user.

Anonine (UK) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Anonine’s privacy policy is detailed and easily understandable, with a breakdown of what each piece of information looks like, what it’s purpose is, where it comes from, and how long it’s retained.

Anonine stores how much data you consume, the number of simultaneous connections, and an anonymous ID number assigned by the provider. It specifically states that it doesn’t log connection timestamps, connection duration, server locations to which you connect, your real IP address, or DNS requests.

Anonymous VPN (Seychelles) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

The Anonymous VPN website has some bold claims:

“No Logs what-so-ever. We’re dead serious about this. We don’t store any logs of your online activity. So if push comes to shove and governments ask us to hand over logs of our users, we just tell them ‘sorry folks, can’t help you cause we don’t keep logs. It’s that simple.”

The privacy policy states, “AnonymousVPN does not collect any kind of VPN activity logs, browsing behavior or any activity related to your VPN connection – hence, we DO NOT store details of, or monitor the data sent over our network or websites you log into while using our VPN Services.”

It does store the amount of data you consume during each VPN session, though this data is not connected to your account.

Astrill VPN (Seychelles) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Astrill’s privacy policy states, “Our system keeps track of active sessions – connection time, IP address, device type and Astrill VPN application version during the duration of your VPN session. Once you disconnect from VPN this information is removed permanently from our system. This information is solely used to limit the number of devices connecting from single account simultaneously.”

Data consumption is tracked in aggregate, but is not stored alongside any personal info.

In its FAQ sections, Astrill VPN explains that it logs connection data, including IP and connection time during active sessions, in order to monitor the number of simultaneous connections from a single account. It does state that these are removed immediately after the session is over or you can erase them (presumably during a session) from the member area.

In the same answer, it is explained that connection logs, including connection time and duration, country, and device type, are logged for the last 20 connections (per user). No personally identifiable data (such as an IP address) is stored with those logs.

Atlas VPN (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

Atlas VPN ensures the logging section of its privacy policy stands out:

“We do not log your browsing activity, browsing history, records of IPs assigned, original IP, sites visited, outgoing traffic, content, or data accessed.”

It does track some information about your AtlasVPN app, including your internet service provider.

It keeps no traffic logs at all. It does store device identifiers on mobile, which you can reset in your device’s settings.

Avira Phantom VPN (Germany) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but can be turned off
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

Avira’s privacy policy states, “If you use Avira Phantom VPN we do not collect any data about the web pages you visit or the services you use on the internet.”

In 2024, we noticed a few changes to Avira’s policy, for the worse. Notably, it now logs your IP address.

It also collects device IDs, which you can reset in your device settings.

Avira Phantom VPN also logs diagnostic data (e.g. bugs encountered), but it can be turned off within the product interface.

AzireVPN (Sweden) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

AzireVPN offers a very clear breakdown of its zero-logs policy within its Terms of Service (TOS):

“AzireVPN does NOT log any traffic or user activity while using our service.
AzireVPN does NOT log timestamps or any information relating to when a user connects/disconnects from our service.
AzireVPN does NOT log or shape any bandwidth on our servers.
AzireVPN does NOT log the original IP addresses of our users when they connect OR their AzireVPN IP address when they are using our service.
AzireVPN does NOT log the number of your active sessions or total sessions.
AzireVPN does NOT log your DNS requests on our servers.”

This is exactly the kind of clear logging policy you’ll hope to see on the websites of all providers.

Avast SecureLine VPN (Czech Republic) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, kept for up to 35 days
IP address logs: No (1 point)

Advertising ID: No (1 point)

Avast’s VPN policy states that it stores connection timestamps and the amount of data transmitted for 35 days, after which it they are deleted.

It further states that it does not collect your IP address, DNS queries, browsing history, or transferred files.

Avast employs a few third-party analytics tools from Google, AppsFlyer, and App Center. Each of these has its own privacy policy.

B

Best VPN-Fast Proxy (Vietnam) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 point)

Best VPN’s privacy policy states, “We do not keep logs of your online activities and never associate any domains, or applications that you access while the Best VPN is connected with you, your device, or your email.”

However, it also states, “Websites visited via our servers are aggregated and stored to: (1) Perform analytics on our services, including measuring whether our users, in aggregate, are able to successfully access certain websites or apps; (2) Troubleshoot service issues and improve service quality.”

Best VPN encrypts and stores your IP address while you’re connected to the VPN, and deletes it as soon as you disconnect.

Best VPN further logs your mobile ID, hardware model, and “network information” not including your IP address.

Betternet (Canada) 1/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes, but anonymized and aggregated (1 point)
Connection logs: No
IP address logs: Yes (0 points)

Advertising ID: Yes (0 point)

Betternet collects connection timestamps, bandwidth used, server locations to which you connected, mobile advertising IDs, your internet service provider, and location based on your IP address.

Betternet keeps connection logs but only during an active session, after which the user IP address is deleted. In the intro to the privacy policy, it talks about the fact that it doesn’t associate your PII, including your IP address with your online browsing activity. This indicates that there are some traffic logs and indeed this is clarified later on in the policy. Betternet stores data about websites visited and apps used but this is anonymized and aggregated. Still, some users may take issue with their activity being recorded at all.

BolehVPN (Malaysia) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)

Advertising ID: No (1 point)

BolehVPN’s privacy policy states, “No we do not keep logs of user activity including user access, DNS requests, timestamps, bandwidth usage or user’s IP addresses.”

BolehVPN doesn’t keep traffic logs or monitor user activity. But it does keep track of overall traffic and number of connections for each server. This is fine since it isn’t attached to any particular user.

The privacy policy states that it “may turn on logs temporarily to identify abuse of our services…” and that this has happened “a handful of times in our many years of operation.”

Boxpn (Turkey) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

In its privacy policy, Boxpn tells users “We NEVER keep online activity logs or store private information about individual user activities on our network.” We double-checked with the provider about connection logs and a representative confirmed that no logs are kept.

It does collect users’ cookies for advertising purposes.

BTGuard (Canada) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

The BTGuard website doesn’t break down exactly what it does or doesn’t collect but the privacy policy does state, “Netcrawled LLC DOES NOT collect your Internet Protocol (IP) addresses or customer usage.” This is good enough, as the IP address is not recorded.

BulletVPN (Estonia) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

BulletVPN’s privacy policy lays out exactly what information it does and doesn’t collect. There are no traffic logs and no connection logs linked to an IP. BulletVPN does track the total amount of data used for each user and monitors the number of simultaneous connections per account.

The policy states, “We do not collect any logs of user browsing history, connection history, traffic and data transfer, or DNS queries, nor do we store VPN connection logs of any type. That means we do not store the user’s IP address and port, the VPN server’s IP address and port, or the VPN connection attempt, connection establishment or disconnection date and time.”

C

CactusVPN (Moldova) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

CactusVPN has a true no logs policy as stated on its Terms & Conditions page: “That means that we will not store any data relating to your activities while using any of our privacy solutions, and will not record, monitor, log or store any of your information.

CactusVPN also guarantees that none of your information will be passed on to a third party. “We do not store any IP addresses, traffic logs, connection timestamps, used bandwidth or session duration information that could be traced to a single person.”

ClearVPN (Cyprus) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

ClearVPN’s privacy policy mentions that it collects: “Successful connection (whether you have successfully established a VPN connection on a particular day (but not a specific time of the day), to which VPN location (but not your assigned outgoing IP address), and from which country/ISP (but not your source IP address)).”

It only collects your advertising ID if you give it permission. Other than that, it collects some basic non-identifying diagnostic info, speed test data, and crash reports.

CyberGhost (Romania) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, but only connection attempts and not tied to users
IP address logs: No (1 point)

Advertising ID: Yes (0 point)

CyberGhost’s privacy policy states, “we have no idea about your traffic data such as browsing history, traffic destination, data content, and search preferences”.

It goes on to say, “we DON’T have any logs tied to your IP address, connection timestamp or session duration.”

CyberGhost doesn’t even have access to the credit card information you submit to the payment processor, so your VPN account isn’t tied to your payment info.

It does collect advertising IDs, so minus one point for that. It further tracks connection attempts and whether or not they were successful, but this information is not tied to user accounts.

D

DefenceVPN (Canada) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

DefenceVPN’s privacy policy says, “DefenceVPN does not store or log any traffic or usage from its Virtual Private Network (VPN). We do not keep traffic (activity) logs or connection logs (incoming or outgoing timestamps, IP addresses or bandwidth consumption). We do log total data used during a session, stored by username. We do not keep traffic logs, incoming or outgoing timestamps, IP addresses during a session.”

So the only log that is kept is total data used per user during a session. This provider offers unlimited bandwidth, so this log is presumably used to avoid and identify abuse of the service by an individual.

DefenceVPN offers a warrant canary which reported a clean bill at the time of writing.

E

Easy Hide IP (Seychelles) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Easy-Hide-IP has a true no logs policy. “We NEVER keep online activity logs or store private information about individual user activities on our network.”

ExpressVPN (British Virgin Islands) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

ExpressVPN doesn’t keep any traffic logs or monitor user activity. It does keep connection logs including the date of the connection (not the time) and the server used. The total amount of data transferred per user is also monitored. ExpressVPN doesn’t log your IP address.

Note that ExpressVPN defines the term “connection logs” slightly differently to how we have defined it above, and according to their definition (which doesn’t include datestamps or amount of data transferred), they don’t keep any connection logs. Those discrepancies aside, the important thing here is that the company maintains no logs of any data that could be used to identify an individual user.

A recent case saw Turkish authorities seize an ExpressVPN server as part of an investigation. However, they found no useful information, a fact that serves to back up the company’s no-log claims.

It does collect mobile identifiers on Android and iOS devices.

F

F-Secure Freedome VPN (Finland) 1/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

In F-Secure’s privacy policy we learn that it collects data volume, your country, and your IP address. Your traffic, including URLS, are analyzed for malicious files and destinations. It also “collects statistics to give you a view of your browsing history via the service.”

Lastly, it collects advertising IDs on mobile.

If you value your privacy, steer clear of this VPN.

Faceless.Me (Cyprus) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

This provider claims to have a true no-logs policy. It states on its homepage that “We’re not keeping logs of your activity, so in case FBI asks – there’s nothing.” Moving over to the FAQ page, when asked about logs of online activity, the response is “No! Absolutely not! We only track your data usage totals and your IP address, which is required for our internal bookkeeping. And even this data is kept on our servers for a limited time.”

So really, it does store connection logs that include real user IP addresses.

The privacy policy itself lacks a lot of detail. It doesn’t mention IP addresses at all. It mentions that it “keeps limited personal user information”, but doesn’t specify what that entails.

Fast VPN (Hong Kong) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Fast VPN‘s privacy policy states that the app doesn’t record traffic logs or browsing activities. However, it does record connection logs including “IP address, browser type, language used, date and time of access, software and hardware feature information and other data.”

It further states, “This application obtains user personal data from business partners through legal channels.”

FinchVPN (Malaysia) 0/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (1 point)
Connection logs: Unkown
IP address logs: Unknown (0 points)

Advertising ID: Unknown (0 point)

FinchVPN’s privacy policy states that it does not log traffic or content of any communications, but there’s no other information. The privacy policy contains a dead link to a page promising more info about the logging policy.

Flow VPN (Canada) 1/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Most providers we’ve come across so far have logging policy information easily accessible on their site. It’s usually in the privacy policy or TOS, one or both of which can often be found in the website footer. This isn’t the case with Flow VPN, but after a quick search, we did find the policy pertaining to logs.

It’s no wonder it’s hidden, as it’s not pretty. This provider reserves “the right to log subscription information (including transaction references), connecting IP address, authentication requests, session data (allocated IP, connection date, time, duration etc).” So yes, that’s all types of connection logs and they’re attached to a source IP address.

But that’s not the worst part. “To comply with the requirements of our bandwidth providers we reserve the right to log activity across our network and use automated systems to monitor network activity for abuse (such as use of BitTorrent and similar peer-to-peer file sharing).” So basically anything you do while connected with this provider could be logged!

What’s particularly entertaining is that Flow VPN prohibits its users from accessing its own website while using its own VPN.

FlyVPN (USA) 1/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No, but source and destination IPs are logged (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

FlyVPN doesn’t keep any traffic logs. It does keep a full list of connection logs, including your IP address, timestamps, destination IP, and port number. Bear in mind that by collecting your real IP, timestamps, and your destination IP, this provider might as well be keeping traffic logs.

FrootVPN (Sweden) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

The FrootVPN homepage states “We do care about your internet privacy and therefore we do not log anything at all. Your details will never be shared with any third party.” This is further clarified in the ‘No logging’ page which confirms that no connection logs such as timestamps are stored.

Freedom-IP (France) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Freedom-IP does not record any traffic logs and is up front about the data it collects from each session:

“IP Address of connection
Start time of session
End time of session
Data received of session
Data sent of session [sic]”

Of course, it does include user IP address, which is not ideal.

Free VPN – Anonymous Online with Fast VPN Server (USA) 0/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)

Advertising ID: Yes (0 points)

This VPN’s privacy policy previously discussed information collected when you visit the website, but it was unclear if it recorded VPN traffic or connection logs. We sent an email for clarification and never received a response.

In 2024, that privacy policy is gone altogether, with nothing to replace it. The Google Play Store does mention that it collects advertising IDs, and that data is not encrypted in transit.

Free VPN by FreeVPN.org (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Free VPN by FreeVPN.org is very firm about the fact that it doesn’t store any logs at all. The privacy policy states:

“Unlike other VPN providers, We DO NOT collect any information of our users. We are committed to protecting your privacy.”

It also goes on to explain it doesn’t share any user information with its ad partners. It doesn’t even use cookies on its website. There is an ad-supported free version of the app, but this does not serve ads based on user information.

Free VPN Fast Unlimited Secure Android VPN Proxy (Location Unknown) 2/5

Based in 5 Eyes or 14 Eyes? Unknown (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

We were unable to determine the location of this provider. Free VPN uses a similar generic privacy policy to some of the VPNs below (including Speed VPN and Secure VPN). It states that no traffic logs are maintained but extensive connection logs are recorded and these include personal information such as email address, device identifiers, and IP address.

Free VPN Proxy – Super VPN Unblock Master (Singapore) 1/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)

Advertising ID: Unknown (0 points)

This VPN’s privacy policy discusses the cookie policy but it doesn’t mention VPN app logs. We contacted the provider to find out more and will update this section if we get a response.

 

Free VPN Zone (Location Unknown) 0/5

Based in 5 Eyes or 14 Eyes? Unknown (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Yes (0 points)

Advertising ID: Unknown (0 points)

We were unable to find out the location of this VPN, which is a bit of a red flag. The privacy policy is very vague when it comes to logs, but it does appear possible that this VPN collects traffic logs and connection logs. It states:

“FreeVPN collects the following types of Personal Information through the Service:

  1. Contact Information;
  2. User Account Information

User account information includes IP addresses, according to the policy. We reached out to Free VPN Zone via email for further clarification, but have not heard back as of the time of writing.

FrostVPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

FrostVPN doesn’t log any traffic data. It does record “time, date and location VPN connection was made.” However, this information can not be connected to an individual user and is cycled every 24 hours.

G

GhostPath (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

GhostPath has a true zero logs policy. As outlined in its privacy policy “We do not track activities outside of the Ghost Path site,” and, “We do not log any data related to your VPN sessions.”

Google One VPN (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes (1 point)

Google doesn’t have a standalone privacy policy for the Google One VPN, which comes bundled with the Google One service. Instead, details about its logging policy can be found in an about page.

Google states it won’t collect your network traffic, IP address, or connection timestamps when you use the Google One VPN.

It logs how often the service was used in the last 28 days (but not specific times), as well as the number of recent connection attempts. It further collects de-identified metrics including network throughput, uptime, and latency.

GOOSE VPN (The Netherlands) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for 30 days
IP address logs: Unclear (0 points)

Advertising ID: No (1 point)

GOOSE VPN doesn’t keep traffic logs or monitor user activity. It does keep connection logs, including a date stamp, Operating System (OS) used, general geographic location, and a couple more items. It is then stored for 30 days before being deleted.

Goose’s policy contains two back-to-back lines that seem to contradict each other:

  • “We do not register your IP-address when you sign up or log into your GOOSE account.”
  • “When you sign up, we register your IP-address one time only.”

GoTrusted VPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

In its privacy policy, GoTrusted VPN mentions that it may “gather data on connection information, including the timing and size of all packets sent over the Internet during a session.” This is a bit vague and nowhere does it state whether traffic logs are kept and whether connection logs include IP addresses.

We posed the question to GoTrusted and they responded that although the overall network performance is monitored, “GoTrusted does not log the URLs that you are browsing or monitor individual session traffic.”

GreenNet VPN (Estonia) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

The GreenNet privacy policy makes it clear that no traffic logs are kept and it doesn’t record the VPN IP address assigned to you. When it comes to connection logs, it discusses the fact that it “may” collect various types of data, but doesn’t go into specifics of what it actually collects.

For example, it says:

“The data we collect depends on the context of your interactions with us, the choices you make, including your privacy settings, and the products and features you use.”

It then goes on to  list personal data types including IP address, email address, timestamps, and device identifiers.

We contacted the company to find out more specifics but have not yet heard back.

Hide.me (Malaysia) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for a few hours
IP address logs: No (1 point)

Advertising ID: No (1 point)

Hide.me does not keep traffic logs or monitor user activity. If you’re in any doubt, you can actually view a certificate issued by an independent security analyst corroborating all claims on the website. It does keep some connection logs, but these do not include actual user IP addresses and are erased “every few hours.”

Hide.me published a transparency report at the time the above certificate was issued (which can be viewed in the same link.) Notably, there were many requests during the years covered in the report, but Hide.me maintains that its response each time was “hide.me cannot and does not keep any logs; hence we will not be able to provide you with any further information on this matter.”

HideIPVPN (Moldova) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

HideIPVPN “does not store IP addresses, browsing history, traffic destination or DNS queries.” Although, later in the privacy policy we’re warned that “HideIPVPN urges its clients to assume that all of their on-line communications are insecure.” This doesn’t exactly scream confidence in its abilities as a provider.

HideMyAss (UK) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 points)

Advertising ID: No (1 point)

HideMyAss has revamped its privacy policy, improving its score since our last update. It no longer connects users’ originating IP addresses. It doesn’t mention the IP addresses of servers to which you connect, though. It goes on to say it doesn’t collect DNS queries, browsing history, or transferred data. It does log the day (not time) of connection and the amount of data transmitted per session (rounded down).

The logs are stored for 35 days before being deleted.

This provider was involved in an FBI case back in 2011, in which it handed over details used to track down a LulzSec hacker.

Hola (Israel) 1/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

Hola appears to have a very distinctive “all logs policy” within its privacy policy: “Log Data may include information about your device such as: your IP address, browser type, webpages you visit, time spent on those pages, access times and dates, and the unique identifier generated for your device.” In some cases it might even collect your phone number.

Steer clear of Hola if you value your privacy.

Hotspot Shield (USA) 1/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: Yes, but aggregated and anonymized (1 point)
Connection logs: No
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

Hotspot Shield does maintain some connection logs, including your location (based on IP address) and mobile advertising IDs. These are deleted at the end of each session. While it doesn’t tie real user IP addresses to online activity, it does keep aggregate logs of websites visited and apps used.

Indeed, there has been some controversy surrounding this VPN and it has even has a complaint filed against it by a privacy advocacy group. It was also one of the subjects in a 2016 report that brought to light some of its questionable activities, including redirecting traffic through affiliate links. However, it should be noted that Hotspot Shield is under new ownership since these incidents.

I

IdentityCloaker (Czech Republic) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but can be hidden (0 points)

Advertising ID: No (1 point)

IdentityCloaker’s privacy policy states:

“While surfing the web through Identity Cloaker proxy or VPN servers, we do not store the addresses of the visited websites or other resources and we store no transported data for a period longer than necessary to finish the Internet data transfer handover. No caching on permanent record media (for example hard drives) is being utilized.”

There are definitely no traffic logs here and the last sentence implies no connection logs, but we asked just to make sure. It turns out that timestamps and data usage are recorded, as are IP addresses. However, “if you use the Identity Cloaker application and connect in the encrypted mode, the log is unable to record your real IP address and instead records the proxy server IP.” The connection logs are kept for six months before being deleted.

IPVanish (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes (aggregated, anonymous)
IP address logs: No (1 point)

Advertising ID: No (1 point)

IPVanish’s privacy policy states it does not log your browsing activity, IP addresses, time stamps, or DNS queries. It does aggregate anonymous data including language preference, device brand, device model, OS version, country, crash reports, session lengths, server usage, protocol, build version, UI interactions, API requests and response codes, and app build version.

It recently surfaced that IPVanish logs were used in a Homeland Security investigation. However, the company was under different ownership at the time and the current owners have assured users that IPVanish stands by its existing no-logs policy.

IronSocket (Hong Kong) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

IronSocket does not keep any traffic logs or monitor user activity. As outlined in the privacy policy, it does record connection logs:

“Upon Use of the Services, we additionally collect the following session information:

  • Time and date of the session connection and disconnection;
  • The IP address used for the session and which server was connected to; and
  • A numerical representation showing total bytes transferred per session;”

It’s not quite clear if “The IP address used for the session” refers to the real user IP address or the one issued by the provider. We asked for clarification and it turns out both are recorded. This data is stored for 72 hours before being purged.

Ivacy (Singapore) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Ivacy operates with a true no-logs policy. It does not monitor traffic or record session data, “meaning we cannot identify and connect a specific activity with a particular user of our service.”

The policy states, “We strictly do not log or monitor, online browsing activities, connection logs, VPN IPs assigned, original IP addresses, browsing history, outgoing traffic, connection times, data you have accessed and/or DNS queries generated by your end.”

IVPN (Gibraltar) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

IVPN is another provider that uses a strict no-logs policy. It doesn’t monitor web traffic nor does it record any session data, such as timestamps or bandwidth usage. It doesn’t log DNS, customer IP addresses, or account activity except the number of simultaneous connections.

Notably, IVPN doesn’t even require a name or email address to sign up.

K

Kaspersky (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

We looked for a terms of service or privacy policy for Kaspersky’s VPN service but couldn’t find anything. A customer support representative was able to direct us to the license agreement but there is nothing here regarding logging. The rep did assure us that no traffic or connection logs are maintained, but Kaskerpsky’s general privacy policy does state that it may process IP addresses during use of its service. Furthermore, if there is an issue with the service, logs may be collected to diagnose the issue.

Keenow (Israel) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

Keenow doesn’t keep traffic logs or monitor user activity. It does store connection logs, including real IP address, bandwidth usage, and timestamps. Of course, the one worrying piece of information here is the real user IP address, which can be traced to an individual.

It also collects mobile device identifiers (advertising IDs).

L

Le VPN (Hong Kong) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Le VPN does not store or monitor usage data such as websites visited. It does keep connection logs, including real IP address, timestamps, VPN IP address, and amount of data used. The fact that a real IP address is stored along with the server IP means that all activity can be traced back to the individual user. What’s more, the data is stored for “a certain period of time even though we have no obligation to store any such data” for up to five years.

LetsVPN (Canada) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Unknown (0 points)

The privacy policy states, “Lets VPN does not collect or log traffic data, browsing activity, email address, phone number, or any personal information from individual users connected to the Services.”

The terms of service mention that it does not log sites visited, DNS lookups, or emails. It does log access attempts to services, which presumably includes a timestamp but does not specify whether the IP address of the server is logged.

There’s no mention of IP addresses, advertising IDs, timestamps, or any other logs. However, another page on the provider’s site mentions that troubleshooting logs contain your IP address.

Liberty Shield (UK) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

Liberty Shield’s new privacy policy states, “we may collect the following information: times when connected to our service, choice of server location, and the total amount of data transferred per day.”

It does not monitor what sites you visit, log your IP address, or collect advertising IDs on mobile.

LimeVPN (Hong Kong) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No, but server location is logged (0 points)

Advertising ID: No (1 point)

LimeVPN doesn’t have a privacy policy. Instead, its terms of service inexplicably link to ExpressVPN’s privacy policy instead. ExpressVPN has a great privacy policy, but it’s not what we’re looking for.

LimeVPN instead has a page dedicated to describing its logging policy. Here, it explains that no traffic logs are maintained, including downloads or media. It does state that some connection logs are kept, including location of the VPN server you connected to, timestamps, connection duration, and bandwidth usage. This data is kept for an unspecified period of time but is “regularly cycled within our servers.” It’s not immediately clear if this data is connected to a user IP, but a few lines down it states, “Neither we nor third parties are technically possible to match an IP address to an account.” So we can safely say that IP addresses are not an issue.

M

Mullvad (Sweden) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Mullvad’s privacy policy tells us that this provider keeps no activity logs and no metadata is attributed to an individual user. Instead, Mullvad simply tracks total bandwidth per server, total number of current connections, and CPU load per core.

MyIP.io (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

The MyIP.io homepage states that there are no activity logs, which is great. The  privacy policy states that “We do not keep logs of your browsing activities, sites visited, outgoing traffic or content accessed.” It further states that it does not collect users’ DNS queries.

However, IP addresses are collected: “We keep a bare minimum set of data like the date you connected and from which IP.”

MyIP.io also records your total bandwidth consumed.

N

NordVPN (Panama) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

NordVPN “guarantees a strict no-logs policy” of its VPN service. Aside from traffic logs, this includes timestamps, bandwidth, and real IP addresses. NordVPN further runs all of its servers in RAM, meaning none of your data is ever stored on a hard disk.

It does, however, store your advertising ID on Android and iOS.

Norton Secure VPN (USA) 0/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Advertising ID: Yes (0 points)

Norton Secure VPN doesn’t have its own privacy policy. Instead, it’s under the umbrella of Norton’s global privacy statement, which includes antivirus and identity theft monitoring services in addition to the VPN. According to the statement, Norton collects, among other things: URLs accessed, mobile device IDs, MAC address, search terms, your interface and screen activity, geolocation data, and sending and receiving email addresses.

nVPN (Bosnia) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

nVPN is another provider with a strict no-logs policy. There are no traffic logs and user activity is not monitored. Furthermore, it does not record timestamps, bandwidth used, or real user IP addresses.

O

OctaneVPN (USA) 0/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Yes, aggregate
IP address logs: Unknown (0 point)

Advertising ID: Unknown (0 points)

OctaneVPN’s privacy policy and terms of service pages were not reachable at time of writing, so no points were awarded. We sent a message to OctaneVPN’s support team to inform them of the issue.

In our previous update, Octane was very up front about addressing users’ concerns surrounding logging. Its privacy policy noted, “When you sell a product that enhances privacy and anonymity, questions of logging come up.” It maintained a true no-logs policy in that there were no logs that could be tied to an individual user. The only connection logs kept were aggregate ones related to each individual server, including number of connections and bandwidth usage.

Oeck (Australia) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Oeck states it does not log IP addresses, DNS requsts, traffic, amount of data, or any usage activity. It does log the number of current connections.

OVPN (Sweden) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

OVPN maintains that it takes user privacy extremely seriously, and indeed it has a strict no-logs policy. It doesn’t log traffic, timestamps, DNS requests, IP addresses, MAC addresses, or bandwidth volume. It states that the only information it could ever provide to a requesting party would be the method of payment used.

OVPN runs in RAM, as stated in the privacy policy: “Writing permissions for the OpenVPN processes have been removed, as well as syslogs.”

P

Perfect Privacy (Switzerland) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Perfect Privacy’s privacy policy states that it doesn’t store any communication or connection data. “We solely record the total usage ratio of the servers, i.e. how much traffic is being used on our servers.”

PrivadoVPN (Switzerland) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

PrivadoVPN’s privacy policy states upfront, “We ensure that we never log browsing history, traffic destination, data content, IP addresses, or DNS queries associated with a PrivadoVPN connection.”

A few non-identifying logs are stored, including number of active users “over a period of time,” and which app versions you have activated. If you use the free version, it will monitor how much bandwidth you use.

It does collect mobile identifiers on iOS and Android.

Private Internet Access (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

On this provider’s homepage, one of the main features states “No traffic logs,” so that’s clear at least. This is reiterated in the privacy policy but there is still no mention of connection logs here.

Over in the FAQ section, we find what we’re looking for. Here, a representative states “PIA absolutely does not keep any logs, of any kind, period.” The response then goes into more detail stating:

“We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited.”

Device identifiers are only stored if users opt in and willingly send reports.

Sounds like a pretty solid zero-logs policy to us.

PrivateVPN (Sweden) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

PrivateVPN also offers a no-logs policy. In its privacy policy it states “PrivateVPN does not collect or log any traffic or use of its service.” We emailed just to check if this applies to connection logs and were told, yes, it does.

Private Wifi (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Private Wifi’s privacy policy states, “we do not store any information about your communications or the websites you visit connected to Private WiFi, and certainly do not sell that information to anyone else.”

Private Wifi does store your IP address and collects (but doesn’t store) your location. It may also collect your phone number and mailing address upon signup. It doesn’t mention advertising IDs.

ProtonVPN (Switzerland) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

ProtonVPN’s homepage states “As a Swiss VPN provider, we do not log user activity or share data with third parties.” We can assume this pertains to traffic logs but it’s a little unclear when it comes to connection logs. Those protections apply to both the paid and free versions of Proton.

In the past, Proton stated that it stored timestamps of the last successful login attempt. Timestamps aren’t mentioned in the latest version of the policy. Proton states that it does not log which websites you visit, contents of your internet traffic, IP address, session lengths, or location-based info.

PureVPN (Hong Kong) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

PureVPN’s privacy policy reads: “We DO NOT keep any record of your browsing activities, connection logs, records of the VPN IPs assigned to you, your original IPs, your connection time, the history of your browsing, the sites you visited, your outgoing traffic, the content or data you accessed, or the DNS queries generated by you.”

It does log the day (not time) of connection, your ISP, and total connection time.

We know from a 2017 FBI case that Pure used to record IP addresses. In this situation, timestamps and a real IP address were correlated with data from other companies to implicate the user.

As we go through the list, it’s clear that PureVPN is certainly not the only provider to keep these types of logs. However, being at the center of such a high-profile case where consumer’s trust is reported to be breached wasn’t good for business. The company is focused on winning back the trust of users, and has rolled out a new privacy policy that states it doesn’t record any connection logs whatsoever.

In addition to this, PureVPN has taken the extra step of engaging an independent auditing firm (Altius IT) to audit the company’s systems and logging policy. The results of the audit confirmed that PureVPN doesn’t log any data that could identify a person.

“[We] did not find any evidence of any logs that could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.” – Altius IT

Q

Quark VPN (China) 4/5

Based in 5 Eyes or 14 Eyes? China (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 points)

Advertising ID: No (1 point)

Quark VPN doesn’t list an address, but the terms of service stipulate that disputes be submitted to a court in Shanghai, China. It states, “You can rest assured to use our services, we will not keep your online records, logs, name and cellmobile number.”

Quark doesn’t require users to register an account. It collects application version number, application identifier, application version, application developer identifier.

It doesn’t explicitly mention IP addresses, traffic logs, advertising IDs, or other connection logs. We will give it the benefit of the doubt and assume it isn’t collecting these, but be aware that VPNs based in China can have additional logging requirements imposed on them by authorities.

S

Secure VPN (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Secure VPN’s privacy policy states:

“We are committed to your privacy and do not collect or log traffic data or browsing activity from individual users connected to our VPN.”

So what about connection logs? Secure VPN does keep quite extensive connection logs, including email address, IP address, timestamps, server location, amount of data transferred, and information about your device, operating system, internet service provider, and network.

While most of this is non-personal information, email addresses and arguably IP addresses can be used to identify you.

SecurityKISS (Ireland) 4/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for ten days (0 points)

Advertising ID: No (1 point)

This provider posts a short and concise privacy policy, including clear information about its logging policy:

“We do not monitor, record or store logs for any connection activity, except for the following:

  • Time and duration of the user VPN connection
  • Bandwidth used during the connection

Since our last update, SecurityKISS updated its privacy policy so that it no longer collects users’ IP addresses.

Seed4.me (Taiwan) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: Unknown (0 points)

Advertising ID: Unknown (0 points)

This provider does not have a privacy policy and does not cover logs in its TOS statement. Instead, it addresses the issue of logs in a blog post, where it explains that it records aggregate connection data. It does not specify what data is collected.

Shellfire VPN (Germany) 0/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Advertising ID: Unknown (0 points)

The homepage of Shellfire VPN states, “We don’t log any connection data. You’re surfing absolutely securely and anonymously!”

However, it’s privacy policy states that it collects usage data (visited websites, interest in content, access times), IP addresses, device info, and content data (text input, photographs, videos). Shellfire doesn’t provide much context for all that data collection, but it’s very concerning.

SlickVPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

This provider’s zero logs policy states, “user activities outside of the SlickVPN site are not tracked nor do we track the browsing activities of user who are logged to the SlickVPN service.”

It doesn’t explicitly talk about connection logs. We asked a representative and were told that no traffic logs or connection logs are kept at all..

Speedify (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Advertising ID: Yes (0 points)

Speedify’s privacy policy states, “Connectify does NOT track the websites you visit, the data you exchange, or anything related to your DNS requests.”

When you connect to the VPN, Speedify records your IP address, device ID, connection timestamp, session duration, and amount of data used.

Star VPN (Georgia) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

Star VPN’s privacy policy makes it very clear that this service does not keep any traffic or connection logs:

“Senight LLC guarantees a strict no-logs policy for Star VPN Services, meaning that your internet activity while using Star VPN Services is not monitored, recorded, logged, stored or passed to any third party. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses or browsing data.”

It does record mobile device identifiers, whether you’ve used the VPN in the last 30 days, username, and timestamp of the last session status (deleted after 15 minutes).

StrongVPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

This provider’s privacy policy states: “StrongVPN does not collect or log any traffic or use of its Virtual Private Network service.” Again, “use” likely refers to connection logs but is a little vague. We emailed customer support and they confirmed that no connection logs of any kind are kept.

SuperVPN (Singapore) 3/5

Based in 5 Eyes or 14 Eyes? No, but third parties may be in other countries (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

With respect to data collection, SuperVPN collects connection data including IP address, browser type, and operating system. It states that it may share some information with third parties. The privacy policy also includes this statement:

“Your personal information may be processed in any country in which we engage service providers. When you use our Services, you acknowledge the transfer of your personal information outside of the country where you reside.”

As such, we have not awarded a point for the company being based in Singapore.

It’s also worth noting that this VPN was removed from the Google Play Store for some time in 2020 because it reportedly posed a security risk.

SurfEasy VPN (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

SurfEasy was acquired by Norton and now has its own section within Norton’s overarching privacy policy. It was originally based in Canada, but Norton is incorporated in the USA.

SurfEasy VPN doesn’t keep traffic logs, but it does store your IP address, aggregate bandwidth usage, and device identifier.

Surfshark (British Virgin Islands) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Advertising ID: Yes (0 points)

Surfshark keeps no traffic logs whatsoever. However, it states, “Our servers do store information about your connection to a particular VPN server (user ID and/or IP address and connection time stamps), BUT this information is automatically deleted within 15 minutes after termination of your session.”

It goes on to say that it may also collect advertising IDs.

SwissVPN (Switzerland) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for six months (0 points)

Advertising ID: Unclear (0 points)

SwissVPN’s data policy states that it collects IP addresses, MAC addresses, mobile phone numbers, and session IDs. Most of that data is deleted after six months.

The policy is not very clear. It contains a few vague phrases like “data concerning your devices and settings”, “location address”, and “marketing data”.

SwitchVPN (India) 4/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

“SwitchVPN does not collect or log any traffic or use of its Virtual Private Network service.” The privacy policy goes on to talk about personal information but gets rather confusing. We sent an email to get some clarification and were told that no logs are kept whatsoever.

It’s not clear where SwitchVPN is based. Its website doesn’t say, and other sources point to either the USA or India. Neither country is privacy friendly, though. Although India isn’t part of the 14 Eyes, it does impose strict data retention rules on VPNs and ISPs operating there.

T

Thunder VPN (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

The homepage of Thunder VPN’s website states: “No log or track user data [sic]”.

The terms of service have been updated since we last checked. It no longer logs IP addresses, device identifiers, or the servers to which you’ve connected. It does still collect connection timestamps, total amount of data transferred per day, your ISP, and some basic non-identifying device info.

Torguard (USA) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Torguard has a true zero-logs policy and “does not store or log any traffic or usage from its Virtual Private Network (VPN) or Proxy.”

TorVPN (UK) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Potentially (0 points)

Advertising ID: Unknown (0 points)

TorVPN’s privacy policy doesn’t cover VPN logs. We asked this provider if any logs are kept. We were told that there are definitely no traffic logs maintained and user activity is not monitored. Some connection logs are kept including bandwidth used but no further information was provided. It’s unclear if timestamps are recorded and if connection logs are tied to a user IP address.

Touch VPN (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Advertising ID: Yes (0 points)

In the past, Touch VPN shared a privacy policy with other Aura-owned VPNs. It now has its own policy. Touch VPN’s new privacy policy states it may collect your mobile advertising ID, connection timestamps, bandwidth used, server locations you connected to, IP address and location information based on IP address. It does not log websites or apps you use while connected.

Trust VPN (Cyprus) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

Trust VPN states that it collects your IP address, web browser version, and operating system. All you need to sign up is an email address, and the provider doesn’t collect or store credit card data.

Trust.Zone (Seychelles) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

TrustZone doesn’t explicitly say which logs it keeps, and its policy is light on details. A previous version of the policy implied that it collected anonymous traffic logs, but that’s no longer the case. It simply states, “All our VPN servers around the world ARE NOT storing any log files to keep your privacy safe.”

Turbo VPN (Singapore) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

The Turbo VPN privacy policy clearly states that it maintains no activity logs including browsing history, traffic destination, and DNS queries. It doesn’t keep connection logs either and specifies that no IP addresses (user or VPN) or timestamps are logged.

Notably, Turbo VPN doesn’t even collect billing info like your name, address, and credit card number. All of that info is redirected to a third party payment processor, and your VPN account is assigned a unique ID instead.

It does record the VPN locations (not specific servers) that you connect to, your country, and your ISP. None of that can directly identify you, but it could narrow the search.

TunnelBear (Canada) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

TunnelBear does not collect traffic logs or monitor any user activity. It does collect some data, including your OS, whether or not you’ve been active this month, and the total amount data used within a month. However, TunnelBear does not store users’ IP addresses, server IP addresses, advertising IDs, or DNS queries.

U

UFO VPN (Hong Kong) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Unknown (0 points)

UFO VPN’s privacy policy states, “UFO VPN does not collect, monitor, or log any traffic or use of its Virtual Private Network service, under any circumstances, on any platform.”

It doesn’t mention IP addresses, timestamps, advertising IDs, DNS queries, or anything else related to the VPN.

In 2020, UFO VPN exposed millions of log files about its users on the web, including their plain-text account passwords, IP addresses, timestamps, geo-tags, and more, despite claiming that it kept no logs.

UltraVPN (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

UltraVPN’s privacy policy states, “When you initiate a VPN connection, we collect your IP address, immediately encrypt it, and delete it at the end of your VPN session.”

It goes on to say that it collects connection timestamps, referring URLs, approximate location, and VPN server locations to which you connect.

In addition to advertising IDs, UltraVPN collects “device hashes” to identify devices and associated them with other collected data, including for marketing purposes and measuring bandwidth use.

Unlocator (Denmark) 1/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: Unknown (0 points)
Connection logs: Potentially
IP address logs: Yes (0 points)

Advertising ID: No (1 points)

Unlocator’s homepage has a blanket “No logs” statement, but its privacy policy states that it collects your IP address.

The privacy policy also contains this confusing line under the “usage logs” section:

“We do not store logs on the individual accounts. We keep a log at a personal identifiable level which is automatically purged at a 24 hour interval with no backups.”

It’s difficult to decipher what that means, but apparently Unlocator is tracking your usage of the VPN, which could include what websites you visit or which apps you use, among other things.

We asked a customer representative and were told that the activity report refers to “[…] the trail of IPs that you update into our system.” This doesn’t really clarify things so we asked again but have yet to receive a response.

Unspyable (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)

Advertising ID: Unknown (0 points)

Unspyable’s privacy policy is very short. Its states, “We do not keep any user logs.”

It states that it won’t record traffic logs of what websites you visited or the contents of your emails. However, it never mentions IP addresses, DNS queries, timestamps, or advertising IDs.

The privacy policy contains a footnote stating, “Our USA and UK servers are provided as an optional convenience to those needing a USA or UK IP address. The USA and UK are not considered privacy respecting countries.”

What does that mean? We have no idea!

Urban VPN (USA) 0/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

Urban VPN’s privacy policy tells us that the company logs web browsing data including, “search engine results page, the web pages and checkout pages you visited, clicked stream data, information about the content that you viewed (the ad campaign), information about where you viewed the content (website or the app or extension) and the products viewed, searched, added to the cart, and purchased. This will include information, regarding the price, product name, currency, quantity, taxes, delivery details (regular or express) payment method, discount value of the product you viewed and searched.”

If that’s not enough, it further collects your approximate location, IP address, and advertising ID. Stay away from this one.

V

VPN Baron (Romania) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

VPN Baron has improved on an already solid logging policy since we last checked. It does not keep any traffic logs or monitor user activity. It no longer stores timestamps, server location, and the amount of data transferred per session. It does not record the real user IP address.

The only thing Baron logs is the number of simultaneous connections.

VPN Hotspot – Unlimited Proxy (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes (0 point)

The privacy policy states:

“VPN Hotspot does not collect, log, store, share any identifiable personal information of Users. VPN Hotspot may collect the connection times to our Service and the total amount of data transferred per day.”

It makes no mention of IP addresses so we emailed them to find out. A representative confirmed that no such connection logs are maintained.

VPN LITE (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes, but deleted at end of session (1 point)

Advertising ID: Yes (0 points)

This offering is from KeepSolid Inc, the same provider that brings us VPN Unlimited. Indeed, these two VPNs share the same privacy policy.

It states that it does not log your online activities or DNS requests, and it doesn’t require your full name upon registering.

It does log your IP address while using the app, but that log is deleted when you end your session. Furthermore, it might collect your device’s advertising ID, number of connected devices, time zone, and some non-identifying device info.

VPN Master – Best VPN Proxy (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes on free version (0 points)

VPN Master’s privacy policy states, “We don’t collect any information regarding the websites you visit or any data stored on or transmitted from your device, including any data that applications on your device may transmit through the VPN network.”

It does not store connection timestamps or users’ IP addresses. It does record your country and ISP, and amount of data transferred.

The free version contains ads, so the app may record your advertising ID.

VPN by Open-VPN.org (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Possibly (0 points)

Advertising ID: Yes (0 points)

Formerly VPN Owl, the privacy policy is very short but states:

“WHAT INFORMATION DO WE COLLECT?

None, We do not collect any information of our users before, during, or even after using our app or service. We believe in 100% privacy for all our users.”

It doesn’t mention IP addresses or any other information.

The free version of the app contains ads, and the App Store indicates that the app collects “identifiers”, which most likely refers to your mobile advertising ID.

VPN Plus (UK) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Probably not (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

The privacy policy for this VPN states that it will collect two kinds of information:

  • “Your real IPv4 address
  • The inbound and outbound data transferred during a session”

While IP addresses are logged, they are deleted immediately at the end of each session. We can probably assume the latter only refers to the amount of data transferred and not the actual data traffic logs, but we contacted the provider to confirm. We haven’t heard back at the time of writing.

VPN Pro: Unlimited Proxy (USA) 1/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes, aggregated (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

This app was previously called “VPN Pro: Express VPN” to deceive users into thinking it was the real ExpressVPN. It’s now called “VPN Pro: Unlimited Proxy”.

The privacy policy states that websites visited are aggregated and stored, but not attributed to a specific user. It further collects mobile IDs, device info, and your approximate city-level location.

When it comes to IP addresses, it states, “When you connect to the VPN Pro, we collect your IP address, immediately encrypt it and store it only for the duration of your VPN session. Your IP address is deleted after you disconnect from the VPN.”

VPN Proxy Master (Singapore) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No on paid version (1 point)

VPN Proxy Master lays out a refreshingly clear privacy policy that tells us the VPN keeps no traffic logs and no connection logs, including:

  • Your IP address
  • Your outgoing VPN IP address
  • Connection timestamp
  • Session duration
  • DNS queries

Notably, the VPN doesn’t even collect names, addresses, telephone numbers, or payment details when you create an account. It does collect some non-identifiable data including the VPN location to which you connected, your country, your internet service provider, and the amount of data transferred.

If you use the free version, third-party advertisers can set and access their own cookies and other identifiers.

VPN Tomato (Singapore) 2/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Unknown (0 points)
Connection logs: Unknown
IP address logs: Unknown (0 points)

Advertising ID: No (1 point)

Free VPN Tomato provides a fairly ambiguous privacy policy. It does say that “personal information” is not collected, but under its definition, it does not mention IP addresses.

Under “non-personal information,” it states:

“We collect your non-personal information when you visit our website, including your device information (device ID excluded), operation system, logs.”

While there is mention of logs here, there is no explanation of the types of logs, so it’s feasible that both traffic logs and IP addresses may be stored. We reached out to the developer to find out more information but have not received a response as of the time of writing.

VPN Unlimited (USA) 3/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: Yes (0 points)

This VPN service is provided by KeepSolid Inc., the same company that offers VPN LITE (above).

It states that it does not log your online activities or DNS requests, and it doesn’t require your full name upon registering.

It does log your IP address while using the app, but that log is deleted when you end your session. Furthermore, it might collect your device’s advertising ID, number of connected devices, time zone, and some non-identifying device info.

VPN Super (USA) 2/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

The VPN Super privacy policy provides lots of information but lacks specifics when it comes to logs. However, it does state:

“We do not maintain any records that show what you were browsing or accessing through a VPN connection.”

Connection logs are kept, including amount of bandwidth, timestamps, session duration, your ISP, and location based on IP address.

VPN.ac (Romania) 3/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

As stated on its homepage, VPN.ac keeps no activity logs. In the privacy policy, we discover that connection logs are kept. These include bandwidth usage, timestamps, and source IP addresses. On the plus side, the timestamps and IP addresses are erased when a session is terminated.

VPN.asia (Belize) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

This provider doesn’t log any website traffic or monitor user activity. In the privacy policy it states: “VPN.asia does not collect or log any traffic or use of its Virtual Private Network service.” “Use” implies connection logs but we checked to make sure as there is no mention of it elsewhere. We were assured that no logs are kept.

VPN.ht (Belize) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

Within its privacy policy, VPN.ht says it does “not collect or log traffic data or browsing activity from individual users.”

On its homepage, it says that no logs are kept, but there isn’t specific mention of connection logs so we asked for clarification. A customer service representative told us that absolutely no logs are kept. Even so, this provider offers a warrant canary.

VPNArea (Bulgaria) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

VPNArea has a refreshingly clear logging section within its privacy policy and indeed maintains a true zero-logs stance: “We do not monitor, record or store logs for any single customer’s VPN activity. We do not monitor, record or store any login dates, timestamps, incoming and outgoing IP addresses, bandwidth statistics or any other identifiable data of any VPN users using our VPN servers. We do not log or track any DNS requests sent to our DNS servers.”

VPNBook (Switzerland) 4/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: No (1 point)

VPNBook’s privacy policy, which is oddly located on its Contact page, explains that no data is recorded when it comes to internet activity. Some connection logs are kept, specifically timestamps and user IP addresses. These logs are deleted automatically every week, which means they may be stored for up to seven days.

In 2013, this provider was accused of handing over logs involved in the prosecution of members of hacker group Anonymous.

VPNLUX (Belize) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

VPNLUX does not store logs of traffic data. As is clearly laid out in its privacy policy, it does store some connection logs, including timestamps and bandwidth usage. These are associated with the account ID number and not an actual real user IP.

VPNSecure (Australia) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

The VPNSecure TOS tells us:

“We do not log any personal information when connecting to our service.

‘Any data’ means but is not limited to the following:

  • IP address
  • Connection timestamp
  • Disconnect timestamp
  • Bandwidth used
  • DNS requests

VPNTunnel (Seychelles) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

As outlined in its privacy policy, VPNTunnel never keeps activity logs. It doesn’t explicitly mention connection logs so we asked customer support. We were told that absolutely no logs are kept but that a user can initiate logs in case they need help with troubleshooting.

VyprVPN (Switzerland) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

VyprVPN from Golden Frog does not record any traffic data or monitor user activity. It used to keep connection logs, including the user’s source IP address and VyprVPN IP address. However, as of November 2018, it is a log-free service and it no longer records this information or other connection logs. These claims are backed by an audit performed by Leviathan Security Group.

The Android app requests location data to support VyprVPN’s wi-fi protection feature, which automatically connects the VPN when a user joins an untrusted network. Users can deny the location permission request. Golden Frog says it will not share the location data with any third parties.

W

Windscribe (Canada) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

This provider doesn’t keep any traffic logs and connection logs are kept to a bare minimum. “We store total amount of bandwidth your account has consumed in 1 month period, which is reset every month on the day of your registration.” It also stores a timestamp of the last activity associated with an account to detect inactive accounts. However, this is linked to an account and not an IP address.

While a user is connected, Windscribe servers store your username, time of connection, and amount of data transferred. All of that is discarded when you disconnect. Windscribe also stores the number of concurrent connections per account to prevent abuse.

WorldVPN (UK) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

WorldVPN doesn’t monitor internet activity but it keeps some connection logs. These include the duration of the VPN connection and the amount of bandwidth used during the connection. They do not include timestamps or real user IP addresses, so this can still be considered a fairly solid no-logs policy.

X

X-VPN (Hong Kong) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

This VPN provides a clear privacy policy that tells us it stores some device info and country-level location data, but…

“We assure you that we do not log your IP address, browser history, server IP you connect to, or any data that can be used to personally identify you.”

It does store connection timestamps, choice of protocol, network type, error reports, and app interactions. All of these are stored for less than 48 hours.

It goes on to say, “We have received a total of 45 requests from 7 different countries for data disclosure, all of which we have rejected due to our non-collection policy.”

Z

ZenMate (Germany) 4/5

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, for accounts with a data cap
IP address logs: No (1 point)

Advertising ID: No (1 point)

ZenMate operates with a no-logs policy. It does not keep traffic logs of any kind. It does track data transferred, but only for accounts that have a data cap. There are many mentions of IP addresses in the privacy policy, and it initially sounds as though these are logged. Once you sort through the jargon, it is revealed that IP addresses are only processed temporarily and not logged.

Note that Zenmate is merging with CyberGhost in 2024, at which point users will be subject to CyberGhost’s policy instead.

ZenVPN (Dominica) 1/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Advertising ID: Yes (0 points)

ZenVPN states it my collect and analyze “device information such as IP addresses, unique device identifiers, screen resolution, time zone, browser types, browser version, browser language, operating system, device make and model.”

It might also collect “referring and exit web pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, statistical information about the use of the Website and Services.”

This seems to refer mainly to the website, but given there’s no separate section for the VPN, so we have to assume it also applies to the VPN service.

Finally, the privacy policy states, “We may aggregate and/or de-identify information collected through the Services and Website. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.”

Avoid this one.

ZoogVPN (Isle of Man) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Advertising ID: No (1 point)

This provider’s privacy policy is very explicit about what it does and doesn’t track. Indeed, we have another zero-logs provider. There is no logging of online activity or metadata attached to an individual user. The only thing it does track is total bandwidth usage on its servers.

ZorroVPN (Belize) 5/5

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Advertising ID: No (1 point)

ZorroVPN’s privacy policy states that it collects:

  • Total amount of bytes transferred in a 30 day period.
  • Timestamp of your last activity on our VPN network.

That data is immediately discarded when you disconnect. Your source IP, sites you visit, and record of VPN sessions is not stored. It does log the number of concurrent connections per account.

Five Eyes and 14 Eyes countries

Another factor worth highlighting within the context of logging policies is the country location of each provider. Specifically, it’s helpful to know if your provider is based in a Five Eyes or 14 Eyes country. The Five Eyes (FVEY) is an intelligence pact or alliance between the countries involved in the UKUSA agreement. These are Australia, Canada, New Zealand, the UK, and the USA. According to the agreement, these countries share signals intelligence with each other.

One of the implications of the FVEY agreement, which is important to VPN users, is that it makes it possible for participating countries to bypass their own surveillance laws. Different countries have different laws, and governments may be allowed to monitor people in other countries but not their own. The sharing of information between countries means that governments could spy on each other’s citizens and trade intelligence.

You might have also heard about the 14 Eyes. This refers to an extended group of nations which includes another nine countries: Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain, and Sweden. These countries participate in signal intelligence sharing in various ways.

Other countries reportedly involved with the Five Eyes alliance are South Korea and Singapore. Japan has also been in the news for its surveillance ties with the US, as has Israel.

Some of the more privacy-conscious users may want to avoid using providers based in any of these countries. You may even want to avoid connecting to servers located in these countries if possible.

Here’s a closer look at some of the regions in which our listed VPNs operate:

Australia (Five Eyes)

Australia is a member of the Five Eyes alliance. This means that if any data is stored on servers in the country, there is a risk it could be shared with other members of FVEY. The government does apply some censorship such as blocking torrenting sites, and telecom companies are required to retain some metadata.

Belize

VPNs are legal in Belize but the government has been known to restrict internet usage, for example, by blocking VoIP for some time.

British Virgin Islands

This country has no data retention laws which is a plus. It is a UK territory but it is governed by its own laws. The British Virgin Islands are not known to be part of an alliance for intelligence sharing.

Bulgaria

Bulgaria isn’t part of an intelligence-sharing alliance but it does have a reputation of monitoring internet traffic.

Canada (Five Eyes)

Canada is scored as one of the most free countries in the world, but it does have some data retention laws. It is also a member of FVEY, which means there’s the possibility of intelligence-sharing with other member states.

Cyprus

The use of VPNs is legal in Cyprus and there don’t aren’t reports of censorship or monitoring in the country.

Czech Republic

Czech Republic internet users face very few restrictions compared to other countries, but there is blocking of certain content. That said, we shouldn’t rule out government control as there were past efforts made to implement an internet ID system.

Denmark (14 Eyes)

Denmark is a 14 Eyes country which means it could share data with other participating countries. Denmark has a past of internet monitoring, and although its practice of session-logging was scrapped in 2014, there were plans to re-introduce it in 2017. Denmark’s internet is generally uncensored, but laws do allow for filtering.

Dominica

VPNs are legal in this country and there are no reports of online censorship or monitoring here.

Estonia

Estonia has one of the most free internets in the world. That said, there have been recent proposals to allow the government increased access to personal data.

Finland

Finland has a history of some censorship, including a controversial filtering initiative. There have also been surveillance laws passed in recent years that reportedly allow the government increased access to network monitoring.

France (14 Eyes)

France has a mixed reputation when it comes to online privacy and freedom. It has defended citizen’s privacy in the past, for example, handing Facebook a hefty fine for tracking user data. But in 2015, the introduction of surveillance laws were considered a “major blow to human rights.” The country has a fairly recent history of censorship, but a June 2020 ruling hindered the government’s efforts to expand its censorship power.

Georgia

There has been a lot of back and forth over surveillance laws in Georgia, but current regulations allow for increased privacy. There is little in the way of internet censorship in the country.

Germany (14 Eyes)

Germany has seen some controversy with respect to censorship but the country is making strides when it comes to surveillance. Although it is a 14 Eyes country, a 2020 landmark ruling by a German court found that mass surveillance is unconstitutional. That said, data retention laws within Germany require that ISPs keep records of user data for 10 weeks and location data for four weeks.

Gibraltar

Gibraltar is a British territory. It is partially governed by its own parliament but falls under UK jurisdiction for some matters, including security, so mass surveillance could be an issue.

Hong Kong

Online censorship is on the rise in Hong Kong, mainly in response to protests in the country. Privacy protection measures are in place, but in 2020, the government was granted extensive surveillance powers under Chinese law.

India

India imposes regular restrictions on internet users with recent news of increasing censorship. Blackouts are often used by the government to hinder organized protests. While there have been positive reports in terms of privacy regulation, there are concerns that surveillance is growing in the country.

Ireland

Ireland is considered very free and data is protected under the GDPR. There aren’t concrete reports of the government requiring ISPs to monitor citizens.

Isle of Man

The Isle of Man is a self-governing region under the British Crown. Citizens generally aren’t subject to censorship or surveillance.

Israel

Israel’s government imposes widespread censorship and in 2020 the country stepped up online surveillance as part of its COVID-19 response.

Italy (14 Eyes)

Italy is generally a very free country and privacy is protected under the GDPR. Some censorship is imposed on web content such as P2P and gambling, but there aren’t reports of government surveillance in the country.

Malaysia

Censorship in Malaysia has ramped up in recent years with Freedom House rating the country’s internet as “partly free” in 2020. According to the 2019 report, data protection in the country is poor and “it is difficult to ascertain the extent of government surveillance of users’ internet activities.”

Moldova

Internet usage is generally unrestricted in Moldova although there have been moves towards surveillance and censorship in the past.

Netherlands (14 Eyes)

Citizens of the Netherlands are not subject to censorship except for some criminal content. There were concerns that a government-led initiative violated human rights. The Netherlands data retention law was struck down in 2015 as it was considered a breach of privacy.

Panama

Panama’s internet is generally free but there have been past reports of censorship and shutdowns. The country’s ISPs are not required to retain data on their customers.

Philippines

Freedom House views the internet in the Philippines as partly free, and explains that there are occasional instances of content manipulation or removal. It also notes that a 2020 law increases the surveillance powers of the government and that journalists and other users are increasingly being penalized for online activity.

Poland

Poland takes an anti-censorship stance, with the country recently condemning social media restrictions and proposing a law that makes censoring illegal. However, the country has a history of surveillance and data retention laws, and there is concern that the new censorship will actually increase data retention.

Romania

On the whole, Romania is a free country and citizens can use the internet without restrictions. There have been laws imposed against gambling and these could possibly be used in widespread censorship. Romania has gone back and forth on data retention, most recently striking down related laws in 2014.

San Marino

San Marino scores very high on overall freedom and there are no reports of censorship or surveillance in the country.

Seychelles

Internet access in the Seychelles may be restricted at times due to political motivations. Citizens are not reported to be subjected to mass surveillance.

Singapore

In Singapore, internet censorship is fairly widespread and all government ministers have the power to apply restrictions to online content. According to Freedom House:

“The authorities are also believed to exercise broad legal powers to obtain personal data for surveillance purposes in national security investigations.”

Slovakia

There has been some back and forth in terms of data retention in Slovakia, but in the current landscape there is no mandate for data storage. There have also been moves towards censorship in the past, but citizens generally have free access to the web.

Sweden (14 Eyes)

Freedom House gives Sweden a rare perfect score of 100 in terms of overall freedom. There is limited censorship of things like hate speech and defamation. The country is known for its strong data protection laws.

Switzerland

Swiss citizens actually voted in a censorship bill in 2018 although this was intended solely for the purpose of restricting gambling sites. They also voted strongly in favor of a surveillance law that allows authorities to monitor suspects, although a court order is required first. Swiss law requires the retention of data by ISPs for six months.

Taiwan

The internet in Taiwan is generally free from censorship, although the government closely monitors disinformation from China. Taiwan has recently made headlines for using surveillance during the pandemic, but there are no mandates for data retention. Instead, organizations are left to create their own policies around the collection of data.

Turkey

The Turkish government has a history of restricting access to social media sites like Twitter and Facebook, and in 2020 proposed a bill that would give it increased power over such sites. VPNs have also been blocked in the country. The country has a poor reputation in terms of digital privacy for its citizens.

United Arab Emirates

Freedom House’s Freedom on the Net Report 2020 deems the UAE “not free.” Internet users can expect censorship and government surveillance. Restrictions include the blocking of VoIP services, although access to some platforms has improved in response to increased remote work during the pandemic. The UAE is one of the few countries in which VPN use is restricted.

United Kingdom (Five Eyes)

The UK internet is generally free from censorship, but citizens are subject to data retention policies. These require that ISPs retain user data for 12 months under certain conditions. The UK government has been accused of mass surveillance that includes the storage of communications such as email messages and private social media messages.

United States of America (Five Eyes)

The US internet is mostly free from censorship, but there have been some instances where this is called into question. For example, Trump’s stance against TikTok and WeChat was of great concern as far as what it could mean for the future of censorship. The country has a history of mass surveillance and internet metadata is recorded and held for up to a year.

Vietnam

Vietnam’s internet is “not free” according to Freedom House’s 2020 report. It is subject to heavy censorship, including the restriction of social media content and the suspension of some online newspapers. Citizens are subject to “invasive surveillance” and companies are required to hand over “user data without any oversight, transparency, or other democratic safeguards.”

Warrant Canaries

One more term worth noting before we wrap up is ‘warrant canary.’ These are advertised by some providers as a way to help maintain privacy. A warrant canary is usually a single webpage, typically updated once a month, which states that no secret government subpoenas have been issued to the provider. By default, if the statement is removed, this signals that a subpoena has been issued and alerts users as such.

Of course, if a provider is completely logless, then it would have no data to hand over anyway. As such, many of the providers with true no-logs policies would argue that a warrant canary is pointless. Plus, the fact that they’re often only updated once a month renders them even less useful. Nonetheless, we’ll mention warrant canaries as relevant for the providers in this post.

Final comments

As you can see, when it comes to logging policies, there is a lot of variation. While most providers claim that they don’t keep logs, this typically refers to traffic logs. When we dig deeper, we often find that some data collection takes place, usually in the form of connection logs, sometimes including IP addresses.

Aside from have different policies, providers also differ in the way they communicate these policies to users. Some are very explicit about what is collected and how it is used, while others don’t mention a logging policy anywhere on their site.

Whatever approach they take, we have to remember that we are basing our knowledge on each provider’s claims. We have no way of verifying that they actually abide by these policies. As such, when selecting a provider, you also need to evaluate if it is trustworthy enough to stick to its claims.