Published by Aimee O'Driscoll on June 8, 2018 in VPN

Almost every VPN provider you come across will have some type of claim regarding logs. Offering a logless service is often viewed as a key selling point. Many users look to VPNs as a means to improve privacy and increase anonymity. It makes sense that they don’t simply want to go from ISPs tracking them to another company doing the same.

Although it would be nice and simple if all VPNs simply kept no logs at all, the fact is that many do keep some records. These might include logs of websites visited (these are rare) or usage logs such as time connected to the VPN and the amount of bandwidth used. There are various reasons for keeping logs. For example, bandwidth may be recorded if there is a cap per user per month. In some cases, logs are kept to support to a business model that requires the additional data. For instance, a provider might profit from advertisements placed on commonly visited websites.

What all of this means for users is that they might not be getting the privacy they’re hoping for. If there’s one thing you should look out for in the privacy policy of a VPN, it’s the logging policy. Before you choose a provider, you need to know exactly what information will be recorded and what it will or could be used for.

VPN logging policies scores by country.
Each square in this chart represents a VPN provider we’ve investigated below.

In this guide, we’ll explain the different types of logs that might be kept by VPN providers and how they may be used. We’ll also explain the significance of the location of VPN providers in terms of Five Eyes and 14 Eyes countries. We’ll then look at the logging policy of each provider in turn to reveal exactly what its approach is.

Note: Bear in mind that this article will relay our interpretations of the logging policies, some of which can be tricky to decipher. We’re happy to edit inaccuracies if spotted. What’s more, policies are subject to change over time and while we endeavor to revisit this article periodically, we can’t practically track every change as it happens.

The types of logs and how they’re used

VPN logs are the data that providers keep regarding usage of their service. When it comes to what they could store, you have to remember that your provider has access to all of your internet activity. So everything your ISP would normally see is technically now accessible by your VPN provider. Of course, if providers actually logged and stored all of that data, they wouldn’t be offering a very attractive service, and would no doubt lose a lot of customers. Instead, the lack of logs is one of the main selling features broadcast by many providers in a bid to win over consumers.

Basically, the fewer the logs, the more attractive the service. Which brings us to the commonly used claims of “no logs,” “zero logs,” or “logless.” Of course, you can’t just take these claims at face value. Many providers assert that they don’t keep any logs, but in reality, most keep some form of records. The ambiguity arises because there are many different types of logs that they might keep. You need to delve deeper into privacy policies and/or terms of service to find out what information, if any, is being recorded.

Another thing to bear in mind is how long logs are actually stored for. Some providers automatically delete data after 24 hours while others might store it for longer periods, even indefinitely. Of course, from a user perspective, the former is better.

One thing to note before we get into the different kinds of logs is that you’ll often find mention in privacy policies of tracking and cookies on the provider’s own website. This is completely separate from VPN usage and is a normal part of any online business.

Now, let’s take a look at the different types of logs you might come across when researching providers.

Connection logs

These might be referred to as metadata, diagnostic logs, or usage logs. They may include timestamps, which VPN server is used, and the amount of bandwidth consumed. Sometimes this data is tied to an individual account but in other cases is only collected on an aggregate basis.

Typically, these records are used to improve and maintain operations. On an individual user basis, a provider may need to keep track of the number of simultaneous connections or how much data is being transferred per day or month. It also makes sense that a provider would want to know how many people are using a given server at one time and the load being placed on that server, in order to optimize the service.

When it comes to privacy, data collected on an aggregate basis doesn’t pose a serious risk. Connection logs tied to an individual user are a little trickier. It really depends on the nature of the logs and whether they are linked to any Personally Identifiable Information (PII). If logs are tied to a user account, this still may be okay. Some providers enable you to open an account without handing over any PII. For example, an account created using a disposable email address and paid for via Bitcoin isn’t traceable to an individual if no PII is required.

One important thing to note here is the definition of PII. Some providers state that they don’t require PII but they do record the IP address of the user. This may be connected to the account upon signup or recorded as part of the connection logs. This brings us to our next type of log.

IP address logs

IP address logs are where a lot of supposedly “no logs” providers get into trouble. An IP address could easily be attributed to an individual, or at least a single wifi router, and should really be considered PII. An IP address connected to a timestamp could potentially link actual activity to an individual. Indeed, this has been the scenario in some of the cases we’ll mention as we go through our VPN list.

One of the main reasons to use a VPN is to conceal your IP address. When that information is logged and stored, it has the potential to be exposed to third parties. At best, it could be acquired by annoying advertisers striving to build a profile around each user. At worst, it could fall into the hands of malicious hackers, copyright trolls, or government agencies.

Traffic logs

Finally, but perhaps most importantly, we have traffic logs. When it comes to VPNs, these are the worst kind of logs. They include the contents of internet traffic, such as browsing history, files downloaded, purchases made, messages sent, and software used. Really, no one should even consider a VPN that has been reported to keep these kinds of logs. It really defeats one of the main purposes of having a VPN in the first place — privacy.

There are various reasons these logs might be kept, but the main one is profit. This is why it’s important to be especially wary of free VPN services. These providers have to make money somehow and data is valuable. Data that contributes to building a profile around an individual user is particularly so and can be sold to advertisers or other third parties. In the worse case, hackers or snoopers could get their hands on these logs, leaving you wide open to attacks. In particular, leaked personal information can easily lead to identity theft.

Warrant Canaries

One more term worth noting before we move on is a ‘warrant canary.’ These are advertised by some providers as a way to help maintain privacy. A warrant canary is usually a single webpage, typically updated once a month, which states that no secret government subpoenas have been issued to the provider. By default, if the statement is removed, this signals that a subpoena has been issued and alerts users as such.

Of course, if a provider is completely logless, then it would have no data to hand over anyway. As such, many of the providers with true no-logs policies would argue that a warrant canary is pointless. Plus, the fact that they’re often only updated once a month renders them even less useful. Nonetheless, we’ll mention warrant canaries as relevant for the providers in this post.

Five Eyes and 14 Eyes countries

Another factor worth highlighting within the context of logging policies is the country location of each provider. Specifically, it’s helpful to know if your provider is based in a Five Eyes or 14 Eyes country. The Five Eyes (FVEY) is an intelligence pact or alliance between the countries involved in the UKUSA agreement. These are Australia, Canada, New Zealand, the UK, and the USA. According to the agreement, these countries share signals intelligence with each other.

One of the implications of the agreement, which is important to VPN users, is that it makes it possible for participating countries to bypass their own surveillance laws. Different countries have different laws, and governments may be allowed to monitor people in other countries but not their own. The sharing of information between countries means that governments could spy on each other’s citizens and trade intelligence.

You might have also heard about the 14 Eyes. This refers to an extended group of nations which includes another nine countries: Belgium, Denmark, France, Germany, Italy, the Netherlands, Norway, Spain, and Sweden. These countries participate in signal intelligence sharing in various ways.

As such, some of the more privacy-conscious users may want to avoid using providers based in these countries. You may even want to avoid connecting to servers located in these countries if possible.

VPN policies revealed

Now that we’ve covered the types of logs that might be kept by providers and what they might be used for, you’ll have a much better idea for what to look out for when reviewing the logging policies of various providers. It’s time to get stuck in and reveal exactly what these providers track and store, to help you decide which one might be the best for you.

Contents

A

AceVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Does AceVPN’s “no logs” claim stand up? Well, its privacy policy states “We do not spy on our users and we don’t monitor their Internet usage. If we have reasonable grounds to suspect that an end user is involved in criminal activities, we reserve the right to notify law enforcement agencies.” This sounds good but is a little ambiguous as it doesn’t actually define “internet usage.”

In the FAQ page it states that “We do not log period. No meta-data logging, no traffic logging, no bandwidth usage tracking.” This means that this provider is free of both traffic logs and connection logs.

AirVPN (Italy) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but they’re aggregated logs
IP address logs: No (1 point)

In AirVPN’s FAQ section, in response to the question “Do you keep session logs or any other kind of logs that can be used to track identity and Net activity?” the response is “No, we don’t keep logs of that kind.” As such, we can conclude that no traffic logs are stored.

Over in the privacy policy, it states that “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.”

This could be cause for concern. However, it later states that “Data are aggregated in anonymous form for statistical reports on servers usage, CPU stress, technical issues, in order to improve the service, fix bugs and as a countermeasure against net attacks.” This implies all connection logs are aggregated which means they would not be associated with an individual user.

Anonine (UK) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

On its homepage, this VPN claims “Always anonymous, nothing logged.” In the privacy policy, it is stated that “We NEVER keep online activity logs or store private information about individual user activities on our network. Information regarding payments may be logged, as per payment processor regulations.” This looks good as it seems that no traffic or connection logs are stored.

Anonymizer (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

On the homepage of Anonymizer’s website, the company kicks off by stating that it “will never view, track, or keep logs of the websites you visit.” But in the terms of use, there is the following statement:

“To the maximum extent permitted by applicable law, Anonymizer may monitor e-mail, or other electronic communications and may disclose such information in the event it has a good faith reason to believe it is necessary for purposes of ensuring your compliance with this Agreement, and protecting the rights, property, and interests of the Anonymizer Parties or any customer of a Anonymizer Party.”

This sounds concerning but it’s not saying that such monitoring occurs on a continual basis. This is the only section on the site that pertains to logs and tracking, so we asked for more information from the support team. They responded that “Anonymizer never keeps logs of any user data that takes place through the client/application. We don’t have any timestamps, bandwidth, or sites visited.”

Anonymous VPN (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

The Anonymous VPN website has some bold claims:

“No Logs what-so-ever. We’re dead serious about this. We don’t store any logs of your online activity. So if push comes to shove and governments ask us to hand over logs of our users, we just tell them “sorry folks, can’t help you cause we don’t keep logs”. It’s that simple.”

Upon delving into the privacy policy, we found that indeed this provider doesn’t keep any traffic logs, so your browsing history will never be recorded. It does keep connection logs, including server location, timestamps, and amount of data transferred.

AnonVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

AnonVPN’s privacy policy states that “We do not keep logs of connection times, activity, or origin IPs. What we don’t collect cannot be requested.” Even though it doesn’t keep any logs, this provider also updates its privacy policy with a canary, which (at the time of writing) states that it has had no gag orders.

Astrill VPN (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

In its FAQ sections, Astrill VPN explains that it logs connection data, including IP and connection time during active sessions, in order to monitor the number of simultaneous connections from a single account. It does state that these are removed immediately after the session is over or you can erase them (presumably during a session) from the member area.

In the same answer, it is explained that connection logs, including connection time and duration, country, and device type, are logged for the last 20 connections (per user). Although, there is no personally identifiable data (such as an IP address) involved.

Avira Phantom VPN (Germany) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, but can be turned off
IP address logs: No (1 point)

In the FAQ section of this provider’s homepage, it is explicitly stated that personally identifiable information such as an IP address is not tracked. Avira Phantom VPN does keep some connection logs including the amount of data used and diagnostic data (e.g. bugs encountered). The latter can be turned off within the product interface.

AzireVPN (Sweden) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

AzireVPN offers a very clear breakdown of its zero-logs policy within its Terms of Service (TOS):

“AzireVPN does NOT log any traffic or user activity while using our service.
AzireVPN does NOT log timestamps or any information relating to when a user connects/disconnects from our service.
AzireVPN does NOT log or shape any bandwidth on our servers.
AzireVPN does NOT log the original IP addresses of our users when they connect OR their AzireVPN IP address when they are using our service.
AzireVPN does NOT log the number of your active sessions or total sessions.
AzireVPN does NOT log your DNS requests on our servers.”

This is exactly the kind of clear logging policy you’ll hope to see on the websites of all providers.

Avast SecureLine VPN (Czech Republic) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, kept for up to 30 days
IP address logs: No (1 point)

Avast offers a full suite of privacy and security products and, as a result, has a lengthy privacy policy. Here’s what relates specifically to the VPN service:

“Avast SecureLine: When you use the Avast SecureLine virtual private network (VPN) service, the server may capture certain basic data such as the time and network location from which the VPN connection was made and the duration of the VPN connection. This information is routinely deleted within 30 days. In addition, the system may store data on the bandwidth transferred per session.”

So connection logs may be maintained for up to 30 days, but there are no traffic logs and IP addresses are not recorded.

B

Banana VPN (UK/Cyprus) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for two weeks
IP address logs: Yes (0 points)

As stated in the privacy policy FAQ section:

“Q: – Do you keep any log files of user activity and for how long? A: – Banana VPN does not log any user activity whatsoever (sites visited, dns lookups, emails etc.) We only log access attempts to our servers (for security and troubleshooting), session durations and bandwidth used. Those are kept for 2 weeks.”

So, in short, Banana VPN doesn’t keep traffic logs but they do keep connection logs which are stored for two weeks. What isn’t clear here is whether these logs are tied to a real user IP. We asked for clarification and were told that IP addresses are included.

Betternet (Canada) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes, aggregate traffic logs (1 point)
Connection logs: No
IP address logs: No (1 point)

Betternet keeps connection logs but only during an active session, after which the user IP address is deleted. In the intro to the privacy policy, it talks about the fact that it doesn’t associate your PII, including your IP address with your online browsing activity. This indicates that there are some traffic logs and indeed this is clarified later on in the policy.

Betternet stores aggregate data about website visited and apps used. One of the reasons is to place generic ads on certain sites or apps. While it doesn’t actually connect browsing history to a particular user, some may be uncomfortable with the idea of there being any traffic logs at all.

blackVPN (Hong Kong) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP ddress logs: No (1 point)

The first claim on the homepage of blackVPN’s website is “No traffic logs. No connection logs. No DNS logs. Your real IP address is never logged.” This provider has never kept traffic logs, but as outlined in a blog post, it used to keep connection logs for seven days. It later realized this was damaging to its reputation of being a private and secure provider. As such, it no longer keeps these logs and all data is removed at the end of each session.

BolehVPN (Malaysia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)

BolehVPN doesn’t keep traffic logs or monitor user activity. It doesn’t typically keep connection logs such as timestamps or bandwidth usage for individual users. But it does keep track of overall traffic and number of connections for each server. This is fine since it isn’t attached to any particular user. The privacy policy states that it “may turn on logs temporarily to identify abuse of our services…” and that this has happened “a handful of times in our many years of operation.”

Boxpn (Turkey) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

In its privacy policy, Boxpn tells users “We NEVER keep online activity logs or store private information about individual user activities on our network.” We double-checked with the provider about connection logs and a representative confirmed that no logs are kept.

BTGuard (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The BTGuard website doesn’t break down exactly what it does or doesn’t collect but the privacy policy does state “Netcrawled LLC DOES NOT collect your Internet Protocol (IP) addresses or customer usage.” This is good enough, as the IP address is not recorded.

Buffered (Gibraltar) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for 30 days
IP address logs: Yes (0 points)

The homepage of this providers site states, “At Buffered VPN we do not log any of your online activities under any circumstances.” This is built upon in the TOS which tells us that are no traffic logs but some connection logs are stored for 30 days. These include your real IP address, the connection duration, and the amount of data transferred.

BulletVPN (Estonia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

BulletVPN’s privacy policy lays out exactly what information it does and doesn’t collect. There are no traffic logs and no connection logs linked to an IP. BulletVPN does track the total amount of data used for each user and monitors the number of simultaneous connections per account.

C

CactusVPN (Moldova) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

CactusVPN has a true no logs policy as stated on its Terms & Conditions page: “That means that we will not store any data relating to your activities while using any of our privacy solutions, and will not record, monitor, log or store any of your information. CactusVPN also guarantees that none of your information will be passed on to a third party. We do not store any IP addresses, traffic logs, connection timestamps, used bandwidth or session duration information that could be traced to a single person.”

CitizenVPN (Denmark/The Bahamas) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

The Denmark base of this provider may sound some alarm bells. However, as detailed on its website, its VPN services are provided from the Bahamas. This means CitizenVPN is not subject to EU data retention laws. Furthermore, its privacy policy explains that while it does keep some connection logs, it ensures that any attached IP information is anonymized.

CyberGhost (Romania) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

As stated in CyberGhost’s privacy policy, “In order to improve the quality of the service, we store data such as the utilization degree of the servers. However, we do not store statistical data, which can be linked to a user account. Also, we do not store data on who had used which server and when.” In short, CyberGhost doesn’t keep any traffic logs. It does store connection logs, but these are never tied to an individual user.

CyberSilent (Poland) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Within its TOS, CyberSilent explicitly lays out its zero-logs policy: “CyberSilent VPN does not monitor, store or record logs for any VPN client. We don’t store time stamps, utilized data transmission, activity logs, IP addresses.”

D

DefenceVPN (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

The DefenceVPN homepage states “We don’t log here at DefenceVPN, that way your information is totally secure from third parties.” The privacy policy goes on to say “DefenceVPN does not store or log any traffic or usage from its Virtual Private Network (VPN). We do log total data used during a session, stored by username. We do not keep traffic logs, incoming or outgoing timestamps, IP addresses during a session.”

So the only log that is kept is total data used per user during a session. This provider offers unlimited bandwidth so this log is presumably used to avoid and identify abuse of the service by an individual.

DefenceVPN offers a warrant canary which reported a clean bill at the time of writing.

Doublehop (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Doublehop markets itself as “a fresh VPN startup aiming to rock the boat…” and indeed it does appear to take a rather different approach across the board. Its clear, concise privacy policy is a far cry from some some of the poorly worded or jargon-filled documents we’ve had to endure with some providers. When it comes to logs, this is what Doublehop has to say:

“Zero, zip, zilch, nada. For realsies, /dev/null 2>&1. We have nothing to share with authorities, even if we felt compelled to.

No traffic logging
No DNS request logging
No timestamps logging
No bandwidth logging
No IP address logging”

Sounds good to us!

E

EarthVPN (Cyprus) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Potentially (0 points)

EarthVPN’s privacy policy is a little confusing when it comes to the subject of logging. On the one hand it says that “Your IP address is logged by us so that we can prevent any spam, fraud or abuse of our site and our services.”

Later on there is the statement that “EarthVPN neither logs VPN usage nor user activity. Neither us nor third parties are technically able to match an IP address to an account.” The latter part of this appears to contradict what is said earlier. We asked the provider for clarification but didn’t receive a response at the time of writing.

Easy Hide IP (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Easy-Hide-IP has a true no logs policy. “We NEVER keep online activity logs or store private information about individual user activities on our network.”

ExpressVPN (British Virgin Islands) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

ExpressVPN doesn’t keep any traffic logs or monitor user activity. It does keep connection logs including the date of the connection (not the time) and the server used. The total amount of data transferred per user is also monitored. ExpressVPN doesn’t log your IP but the connection logs are tied to the user account. However, since you could sign up to ExpressVPN without handing over any PII (using Bitcoin and a burner email), this doesn’t mean the logs can be linked to an individual.

A recent case saw Turkish authorities seize an ExpressVPN server as part of an investigation. However, they found no useful information, a fact that server to back up he company’s no-log claims.

F

F-Secure Freedome VPN (Finland) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

The homepage for this provider states there are no traffic logs. In the privacy policy we learn that F-Secure maintains “temporary logs that contain the duration of the VPN sessions, the amount of data transferred, the device ID and the public IP address from where the VPN client connects to our service.” These logs are kept for 90 days.

Faceless.Me (Cyprus) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

This provider claims to have a true no-logs policy. It even states on its homepage that “We’re not keeping logs of your activity, so in case FBI asks – there’s nothing.” Moving over to the FAQ page, when asked about logs of online activity, the response is “No! Absolutely not! We only track your data usage totals and your IP address, which is required for our internal bookkeeping. And even this data is kept on our servers for a limited time.”

So really, there are logs in the form of connection logs and these include real user IP addresses.

FinchVPN (Malaysia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

In its privacy policy, FinchVPN explains that it does not record any internet usage data or track user activity. It does keep some connection logs including timestamps and bandwidth usage. These are connected to user accounts rather than real user IPs. Since it accepts coin payments, a user ID doesn’t necessarily constitute PII.

Flow VPN (Canada) 0/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Most providers we’ve come across so far have logging policy information easily accessible on their site. It’s usually in the privacy policy or TOS, one or both of which can often be found in the website footer. This isn’t the case with Flow VPN, but after a quick search, we did find the policy pertaining to logs.

It’s no wonder it’s hidden, as it’s not pretty. This provider reserves “the right to log subscription information (including transaction references), connecting IP address, authentication requests, session data (allocated IP, connection date, time, duration etc).” So yes, that’s all types of connection logs and they’re attached to a source IP address.

But that’s not the worst part. “To comply with the requirements of our bandwidth providers we reserve the right to log activity across our network and use automated systems to monitor network activity for abuse (such as use of BitTorrent and similar peer-to-peer file sharing).” So basically anything you do while connected with this provider could be logged!

FlyVPN (USA) 1/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No, but source and destination IPs are logged (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)

FlyVPN doesn’t keep any traffic logs. It does keep a full list of connection logs, including your IP address, timestamps, destination IP, and port number. Bear in mind that by collecting your real IP, timestamps, and your destination IP, this provider might as well be keeping traffic logs.

FrootVPN (Sweden) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The FrootVPN homepage states “We do care about your internet privacy and therefore we do not log anything at all. Your details will never be shared with any third party.” This is further clarified in the ‘No logging’ page which confirms that no connection logs such as timestamps are stored.

Freedom-IP (France) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Freedom-IP does not record any traffic logs and is up front about the data it collects from each session:

“IP Address of connection
Start time of session
End time of session
Data received of session
Data sent of session”

Of course, it does include user IP address, which is not ideal.

FrostVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

FrostVPN doesn’t log any traffic data. It does record “time, date and location VPN connection was made.” However, this information can not be connected to an individual user which implies IP addresses are not part of the connection logs.

G

GhostPath (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

GhostPath has a true zero logs policy. As outlined in its privacy policy “We do not track activities outside of the Ghost Path site,” and, “We do not log any data related to your VPN sessions.”

GOOSE VPN (The Netherlands) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for 30 days
IP address logs: No (1 point)

GOOSE VPN doesn’t keep traffic logs or monitor user activity. It does keep connection logs, including a date stamp, Operating System (OS) used, general geographic location, and a couple more items. User IP addresses are not logged and the connection data is automatically aggregated. It is then stored for 30 days before being deleted.

GoTrusted VPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

In its privacy policy, GoTrusted VPN mentions that it may “gather data on connection information, including the timing and size of all packets sent over the Internet during a session.” This is a bit vague and nowhere does it state whether traffic logs are kept and whether connection logs include IP addresses.

We posed the question to GoTrusted and they responded that although the overall network performance is monitored, “GoTrusted does not log the URLs that you are browsing or monitor individual session traffic.”

H

HeadVPN (UK) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

In its VPN privacy policy within its terms and conditions page, this provider states “The Website does not, and will not, actively monitor user activity for inappropriate behavior, nor do we maintain direct logs of any customer’s Internet activities.” There is no mention of connection logs, but when we asked customer support, a rep told us that there are no connection logs kept whatsoever.

Hide.me (Malaysia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, stored for a few hours
IP address logs: No (1 point)

Hide.me does not keep traffic logs or monitor user activity. If you’re in any doubt, you can actually view a certificate issued by an independent security analyst corroborating all claims on the website. It does keep some connection logs, but these do not include actual user IP addresses and are erased “every few hours.”

Hide.me published a transparency report at the time the above certificate was issued (which can be viewed in the same link.) Notably, there were many requests during the years covered in the report, but Hide.me maintains that its response each time was “hide.me cannot and does not keep any logs; hence we will not be able to provide you with any further information on this matter.”

HideIPVPN (Moldova) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

HideIPVPN “does not store IP addresses, browsing history, traffic destination or DNS queries.” Although, later in the privacy policy we’re warned that “HideIPVPN urges its clients to assume that all of their on-line communications are insecure.” This doesn’t exactly scream confidence in its abilities as a provider.

HideMyAss (UK) 1/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No, but it records source and VPN IP addresses (1 point)
Connection logs: No
IP address logs: Yes (0 points)

HideMyAss does not store information about the websites you visit, but it does store fairly detailed connection logs. These include your IP address, the VPN IP address, timestamps, and amount of data used. The IP address is concerning, especially as it is accompanied by the VPN IP address. This means that activity can fairly easily be traced back to an individual user, so it might as well keep traffic logs.

Indeed, this provider was involved in an FBI case back in 2011, in which it handed over details used to track down a LulzSec hacker.

Hola (Israel) 1/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes (0 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Hola appears to have a very distinctive “all logs policy” within its privacy policy: “Log Data may include information about your device such as: your IP address, browser type, webpages you visit, time spent on those pages, access times and dates, and the unique identifier generated for your device (if you use the Services from your mobile device then such an identifier may be you mobile number).”(which could be your phone number!)

It goes on to say “We use such data in its aggregated form and is not combined with any Personal Information.” Clearly a phone number is PII, and so effectively is an IP address. Both could easily be traced to an individual user.

Hotspot Shield (Switzerland) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: Yes, aggregate logs (1 point)
Connection logs: No
IP address logs: No (1 point)

Hotspot Shield does maintain some connection logs, including your real IP. However, these are deleted at the end of each session. While it says that it doesn’t tie real user IP addresses to online activity, it does keep aggregate logs of websites visited and apps used.

Indeed there has been some controversy surrounding this VPN and it has even has a complaint filed against it by a privacy advocacy group. It was also one of the subjects in a 2016 report that brought to light some of its questionable activities, including redirecting traffic through affiliate links. While privacy might not be a major concern here, these tactics are enough to put off many users.

I

ibVPN (Romania) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

ibVPN does not track the browsing activities of VPN service users. “ibVPN does not collect or log any traffic or use of its Virtual Private Network service. We cannot relate any specific activity with any specific user.” Although “use” implies connection logs, it doesn’t explicitly talk about them, so we asked the question. A customer support representative confirmed that no connection logs are kept.

IdentityCloaker (Czech Republic) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but can be hidden (1 point)

IdentityCloaker’s privacy policy states:

“While surfing the web through Identity Cloaker proxy or VPN servers, we do not store the addresses of the visited websites or other resources and we store no transported data for a period longer than necessary to finish the Internet data transfer handover. No caching on permanent record media (for example hard drives) is being utilized.”

There are definitely no traffic logs here and the last sentence implies no connection logs, but we asked just to make sure. It turns out that timestamps and data usage are recorded, as are IP addresses. However, “if you use the Identity Cloaker application and connect in the encrypted mode, the log is unable to record your real IP address and instead records the proxy server IP.” The connection logs are kept for six months before being deleted.

IPinator (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)

IPinator’s TOS is a little vague when it comes to logging: “Although we do not keep content logs of use or share any of your private information with any third party, we will turn over any information we do have if required to do so by law.” This sounds like it doesn’t keep any traffic logs but it’s not quite clear. It goes on to say “IPinator.com. may monitor certain aspects of the network to manage abuse, maintain and/or improve service.” This sounds like connection logs, but again, it’s lacking detail.

The FAQ section offers a little more insight: “We do not keep traffic content logs. We may monitor and aggregate other variables such as bandwidth and server load to ensure quality of service.”

So we have no traffic logs and only aggregate connection data.

IPredator (Cyprus) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

IPredator does not keep traffic logs of any kind. It does temporarily store session data including the server location and username, but no real IP address. Moreover, this data is only used to limit simultaneous logins and is deleted once the session has ended. As such, these wouldn’t really be considered connection logs anyway.

IPVanish (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

One of the first claims on the IPVanish homepage reads: “Our strict zero-logs policy keeps your identity under wraps. We do not record any of your activity while connected to our apps in order to preserve your civil right to privacy.” There is no mention in the privacy policy or elsewhere of specific connection logs. We asked support and were informed that this provider does “not monitor, record or store logs for any single customer’s VPN activity.”

It recently surfaced that IPVanish logs were used in a Homeland Security investigation. However, the company was under different ownership at the time and the current owners have assured users that IPVanish stands by its existing no-logs policy.

IronSocket (Hong Kong) 2/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No, but stores source and VPN IP addresses for 72 hours (1 point)
Connection logs: Yes
IP address logs: Yes (0 points)

IronSocket does not keep any traffic logs or monitor user activity. As outlined in the privacy policy, it does record connection logs:

“Upon Use of the Services, we additionally collect the following session information:

  • Time and date of the session connection and disconnection;
  • The IP address used for the session and which server was connected to; and
  • A numerical representation showing total bytes transferred per session;”

It’s not quite clear if “The IP address used for the session” refers to the real user IP address or the one issued by the provider. We asked for clarification and it turns out both are recorded. It is noted that this data is only stored for 72 hours before being purged.

Ivacy (Singapore) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Ivacy operates with a true no-logs policy. It does not monitor traffic or record session data, “meaning we cannot identify and connect a specific activity with a particular user of our service.”

IVPN (Gibraltar) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

IVPN is another provider that uses a strict no-logs policy. It doesn’t monitor web traffic nor does it record any session data, such as timestamps or bandwidth usage.

K

Keenow (Israel) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)

Keenow doesn’t keep traffic logs or monitor user activity. It does store connection logs, including real IP address, bandwidth usage, and timestamps. Of course, the one worrying piece of information here is the real user IP address which can be traced to an individual.

L

Le VPN (Hong Kong) 2/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No, but both source IP and VPN IP are recorded (1 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Le VPN does not store or monitor usage data such as websites visited. It does keep connection logs, including real IP address, timestamps, VPN IP address, and amount of data used. The fact that a real IP address is stored along with the new IP means that all activity can be traced back to the individual user. What’s more, the data is stored for “a certain period of time even though we have no obligation to store any such data.”

Liberty Shield (UK) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

Liberty Shield’s very brief privacy policy is buried at the bottom of its TOS, but it does state: “We are committed to your privacy and do not collect or log traffic data or browsing activity from individual users connected to our VPN.” It does keep connection logs but these are limited to timestamps, server location, and amount of data transferred.

LimeVPN (Hong Kong) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

LimeVPN actually has a page dedicated to describing its logging policy. Here, it explains that no traffic logs are maintained, including downloads or media. It does state that some connection logs are kept, including timestamps, connection duration, and bandwidth usage. This data is kept for an unspecified period of time but is “regularly cycled within our servers.” It’s not immediately clear if this data is connected to a user IP, but a few lines down it states “Neither we nor third parties are technically possible to match an IP address to an account.” So we can safely say that IP addresses are not an issue.

LiquidVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No, except in the event of service abuse
IP address logs: No (1 point)

LiquidVPN does not record any traffic logs. It does monitor some real-time metadata, including whether or not you’re logged in and how many devices are being used on an account.

Its TOS does state that it will store more metadata in the event that the service is being abused. This might include local and remote IP addresses, timestamps, and username. However, there will be a notification on the transparency page before any logging takes place. LiquidVPN also provides a warrant canary.

M

Mullvad (Sweden) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

While this provider’s privacy policy is a little difficult to find (there’s no direct link from the homepage), it does eventually reveal a strict no logs policy. There are no activity logs and no metadata is attributed to an individual user. Instead, Mullvad simply tracks total bandwidth per server, total number of current connections, and CPU load per core.

MyIP.io (USA) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

The MyIP.io homepage states that there are no activity logs, which is great. There is no mention of logs in the privacy policy or the TOS, so it’s unclear whether or not there connection logs. We asked for clarification and were told that logs are kept and include timestamps and real IP, “among other information.”

N

NoodleVPN (Malaysia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The homepage of the NoodleVPN website states:

“Because of the special equipment NoodleVPN does not store any customer data and does not know what users are doing on the Internet. The only thing we known [sic] about users is their e-mail address and username.”

This seems to cover both traffic and connection logs, but we got in touch to make sure. A customer support representative assured us that no logs are kept whatsoever.

NordVPN (Panama) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

NordVPN “guarantees a strict no-logs policy” of its VPN service. Aside from traffic logs, this includes timestamps, bandwidth, and real IP addresses.

nVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

nVPN is another provider with a strict no-logs policy. There are no traffic logs and user activity is not monitored. Furthermore, it does not record timestamps, bandwidth used, or real user IP addresses.

O

OctaneVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate
IP address logs: No (1 point)

OctaneVPN is very up front about addressing users’ concerns surrounding logging. Within its privacy policy it notes that “When you sell a product that enhances privacy and anonymity, questions of logging come up.” Indeed, it maintains a true no-logs policy in that there are no logs that can be tied to an individual user. The only connection logs kept are aggregate ones related to each individual server, including number of connections and bandwidth usage.

OneVPN (Hong Kong) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Not clear
IP address logs: No (1 point)

The OneVPN privacy policy makes it clear that this provider does not monitor online activity. It also states that no IP addresses are logged. There is no mention of connection logs but even if they are recorded, there are no IP addresses stored, so it’s all good.

OverPlay (UK) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The OverPlay privacy policy is short and sweet, stating, “Overplay, Inc. does not collect or log any traffic or use of its Virtual Private Network service.” The word “use” may refer to connection logs but we asked them to make sure. In response, we were told that no connection logs are kept whatsoever.

OVPN (Sweden) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

OVPN maintains that it takes user privacy extremely seriously, and indeed it has a strict no-logs policy. With no traffic logs or connection logs, it states that the only information it could ever provide to a requesting party would be the method of payment used. As stated in the privacy policy: “Writing permissions for the OpenVPN processes have been removed from the servers operating our VPN service. This prevents any user information from being logged at any time.”

P

PandaPow (Hong Kong) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

PandaPow does not, under any circumstances, keep traffic logs or monitor user activity. It does keep connection logs, including IP address, timestamps, amount of data transferred, and transfer speed. Of course, of most concern here is the IP address. PandaPow does not specify how long the data is stored for.

Perfect Privacy (Switzerland) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Perfect Privacy’s privacy policy is just a couple of paragraphs long, but it it is made clear that it does not record any logs related to individuals. It only records the total usage on its servers.

Private Internet Access (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

On this provider’s homepage, one of the main features states “No VPN Traffic Logs,” so that’s clear at least. There is nothing else related to logs within the privacy policy or TOS. Over in the FAQ section, we find what we’re looking for. Here, a representative states “PIA absolutely does not keep any logs, of any kind, period.” The response then goes into more detail stating:

“We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited.”

Sounds like a pretty solid zero-logs policy to us.

PrivateVPN (Sweden) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

PrivateVPN also offers a no-logs policy. In its privacy policy it states “PrivateVPN does not collect or log any traffic or use of its service.” We emailed just to check if this applies to connection logs and were told, yes, it does.

Private Tunnel (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

There is no mention of a logging policy in the Private Tunnel privacy policy, but over in the TOS, there is this statement:

“Log files stored on our servers are only used for monitoring server performance, identifying software bugs, identifying any potential security breaches, and for the purpose of identifying abusive users. The log files are not used for monitoring or censoring your internet activities. We respect your privacy. We are not interested in what you do on the internet.”

We can glean from this that there are no traffic logs but there are log files. We asked the provider to clarify what these entail. We were told that the logs include the connection time and amount of bandwidth used. They are linked to a user email but not to a real user IP address.

Private Wifi (USA) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

Private Wifi offers up some logging policy information in its FAQ section. Here we find out that there are definitely no traffic logs kept by this provider but there are some connection logs. “We do maintain a set of usage logs, including time on and off our network and total bytes transmitted.” Later on, it states that these can be attached to a user, but it doesn’t state whether they record user IP addresses. We asked to find out and indeed IP addresses are recorded as a standard piece of account information. As such, we can conclude that timestamps are connected to a real user IP.

Privatoria (Czech Republic) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Unclear
IP address logs: Potentially (0 points)

The Privatoria privacy policy is poorly worded with a lot of typos, but it’s fairly clear that no traffic logs are kept by this provider. We asked about connection logs but haven’t received a response at the time of writing.

ProtonVPN (Switzerland) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

ProtonVPN’s homepage states “As a Swiss VPN provider, we do not log user activity or share data with third parties.” We can assume this pertains to traffic logs but it’s a little unclear when it comes to connection logs.

Over in the privacy policy, we learn that indeed ProtonVPN maintains a timestamp log of the last successful login attempt. It can be stored indefinitely, but is overridden with each successful attempt. It’s not clear whether this is associated with a user account or with an actual IP so we asked the question. We were told that the timestamps are only associated with the account and that no real IP addresses are stored.

proXPN (The Netherlands) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

On the homepage, one of the statements is “proXPN’s VPN software lets you surf the web the way it was intended: anonymously and without logging and tracking your activity.” We can safely assume there are no traffic logs. So what about connection logs? Over on the privacy policy page, we learn, “We do not keep logs of connection times, activity, or origin IPs.” So we’re all clear here.

Proxy.sh (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

On the Proxy.sh website, we find what we’re looking for within the FAQ section. This provider keeps no traffic logs and no connection logs. It does state that at times, it needs to view connections in real time. While it provides alerts in these instances, it is reiterated that connections are not attributable to individual users.

PureVPN (Hong Kong) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The subheading of PureVPN’s privacy policy reads: “We do NOT keep any logs that can identify or help in monitoring a user’s activity.” We know from a 2017 FBI case that it used to record IP addresses. In this situation, timestamps and a real IP address were correlated with data from other companies to implicate the user.

As we go through the list, it’s clear that PureVPN is certainly not the only provider to keep these types of logs. However, being at the center of such a high-profile case where consumer’s trust is reported to be breached wasn’t good for business. The company is focused on winning back the trust of users, and has rolled out a new privacy policy that states it doesn’t record any connection logs whatsoever.

S

SaferVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

SaferVPN does not keep any traffic logs or monitor user activity. It is very explicit about which metadata is recorded and that includes timestamps, amount of data transferred, and the server location. It does not record IP addresses.

SaturnVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

SaturnVPN doesn’t appear to provide any information about its logging policy. When we asked the provider for information we were told that no traffic logs or connection logs are kept at all.

SecurityKISS (Ireland) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for ten days (0 points)

This provider posts a short and concise privacy policy, including clear information about its logging policy:

“We do not monitor, record or store logs for any connection activity, except for the following:

  • Time and duration of the user VPN connection
  • Bandwidth used during the connection
  • User IP address”

As you can see, this does include user IP addresses. Although, on the plus side, most of these logs are deleted after ten days. The only thing that is stored longer is the total usage per billing period for each client.

Seed4.me (Taiwan) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)

This provider does not have a privacy policy and does not cover logs in its TOS statement. Instead, it addresses the issue of logs in a blog post. Here, it explains that it records aggregate connection data. This is stored for seven days before being deleted permanently.

Shade You (The Netherlands) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Shade You has a true zero logs policy and does not keep logs of any kind. “We do not keep logs, so we simply do not have data that could be transferred to third parties.”

Shellfire VPN (Germany) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The homepage of Shellfire VPN states, “We don’t log any connection data. You’re surfing absolutely securely and anonymously!” This is one of the rare providers that actually refers to connection logs on its homepage, rather than just a blanket logs statement which often only mentions traffic logs.

SlickVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

This provider has a zero logs policy but doesn’t explicitly talk about connection logs. We asked a representative and were told that no traffic logs or connection logs are kept at all.

SmartVPN (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

SmartVPN doesn’t offer any logging policy information on its website, so we got in touch. A live chat response claimed that no logs are kept whatsoever.

Speedify (USA) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 point)

Speedify’s privacy policy starts with “TL;DR: We DO NOT log what you do or what sites you visit through the Speedify service.” So there are definitely no traffic logs here. The privacy policy also states that Speedify does not collect IP addresses. However, when you enter the app, a notification tells you that IP addresses are stored temporarily, along with timestamps, amount of data transferred, and the duration of the connection.

SpyOff (San Marino) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

We couldn’t find any information pertaining to a logging policy on SpyOff’s website so we sent an email. A representative informed us that “We do not keep any records concerning traffic logs or connection logs, time stamps, bandwidth, IP addresses.”

StrongVPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

This provider’s privacy policy states: “StrongVPN does not collect or log any traffic or use of its Virtual Private Network service.” Again, “use” likely refers to connection logs but is a little vague. We emailed customer support and they confirmed that no connection logs of any kind are kept.

SurfEasy VPN (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, aggregate logs
IP address logs: No (1 point)

SurfEasy VPN doesn’t keep traffic logs, but it does state:

“We perform automated rules-based traffic management for the purposes of maintaining and improving our service. Applying these rules may require real-time analysis of Internet and data traffic including destination websites or IP addresses, originating IP addresses.”

This information is not logged, but it sounds more intrusive than you would want and expect from a VPN provider. As for connection logs, it stores aggregate bandwidth used but there is no log of IP addresses.

SunVPN (USA) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes (0 points)

SunVPN’s privacy policy is very concise and lays out exactly what it logs in list form. It’s nice to see this kind of transparency and that no traffic logs are kept. However, it’s clear that real user IP addresses are logged along with timestamps and bandwidth used.

SwissVPN (Switzerland) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for six months (0 points)

We couldn’t find a privacy policy or TOS document for SwissVPN so we asked customer support for some information. Here’s what we found out:

“SwissVPN is being operated based on Swiss Telecommunications and Personal Data Protection Law. Session IP’s (not visited content, websites, mail, etc.) are being logged for 6 months. In case of criminal offence under Swiss law Swiss authorities may request informations based on: http://www.admin.ch/ch/d/sr/7/780.1.de.pdf

SwitchVPN (India) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

“SwitchVPN does not collect or log any traffic or use of its Virtual Private Network service.” The privacy policy goes on to talk about personal information but gets rather confusing. We sent an email to get some clarification and were told that no logs are kept whatsoever.

T

TigerVPN (Slovakia) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

This provider does “not collect or log traffic data or browsing activity from individual users connected to our VPN.” It keeps connection logs but, similar to ExpressVPN, it records connection dates instead of timestamps. Other data collected includes server selection and total amount of data transferred per day, but no real user IP addresses.

Torguard (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Torguard has a true zero-logs policy and “does not store or log any traffic or usage from its Virtual Private Network (VPN) or Proxy.”

TorVPN (UK) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Potentially (0 points)

With no logging policy information available on the website, we asked this provider if any logs are kept. We were told that there are definitely no traffic logs maintained and user activity is not monitored. Some connection logs are kept including bandwidth used but no further information was provided. It’s unclear if timestamps are recorded and if connection logs are tied to a user IP address.

Total VPN (UK) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: Yes (0 points)

As outlined in its privacy policy, Total VPN does not “collect information concerning the content you transmit through the Services or the specific websites that you visit.” It does collect connection logs including timestamps and real user IP addresses, which is not ideal.

Trust.Zone (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

In its privacy policy, TrustZone doesn’t explicitly say which logs it keeps, although it does keep usage logs. Its statement surrounding logs is a little confusing: “All our VPN servers around the world ARE NOT storing any log files to keep your privacy safe. All the usage data is anonymous and not connected to your real, public IP address.” We interpret the first line to mean that it doesn’t keep traffic logs. The latter appears to refer to the fact that connection logs are kept but they don’t include real user IP addresses.

TunnelBear (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

TunnelBear does not collect traffic logs or monitor any user activity. It does collect some data, including your OS, whether or not you’ve been active this month, and the total amount data used within a month. However, “TunnelBear does NOT store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers.”

U

Unlocator (Denmark) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Potentially
IP address logs: Yes (0 points)

Unlocator’s homepage has a blanket “No logs” statement, but its privacy policy suggests otherwise: “Your IP address is saved in order to identify your account with our services. A generic activity report is only saved for 24 hours […]”

Even if the data is only kept for 24 hours, ideally we’d like to know what it entails. We asked a customer representative and were told that the activity report refers to “[…] the trail of IPs that you update into our system.” This doesn’t really clarify things so we asked again but have yet to receive a response.

UnoTelly (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

UnoTelly doesn’t actively monitor internet usage, but the privacy policy for this provider is a little disconcerting. As related to VPN usage, it states:

“UnoTelly keeps the login time, logout time, and bandwidth used for UnoVPN. We also keep a minimum amount of log to satisfy the jurisdictional requirements of our VPN server and only release to authorized parties if it required by law.”

While there is no mention of IP addresses, “a minimum amount of log” is very vague. We asked for clarification and were told no logs are kept other than timestamps and bandwidth used.

Unspyable (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

This provider maintains that it does not keep traffic logs of any kind. Its privacy policy states “We do not keep any user logs.” We could assume that this refers to connection logs, but we checked just to make sure. In response to the question of whether any connection logs are kept, we got a very clear “Nope.” Well, that’s that, then.

V

VersaVPN (Philippines) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

As outlined in its TOS, VersaVPN does not keep any traffic logs. There is no mention of connection logs so we asked customer support. We were told that absolutely no connection logs are maintained.

Viking VPN (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No, except in case of a malicious attack
IP address logs: No (1 point)

As stated on the Viking VPN homepage “Viking VPN will never log your activity on our servers.” So there are no traffic logs here. Viking VPN also refrains from collecting connection logs: “We do not collect information on user activity, user IP addresses, user bandwidth usage, or user log-in/log-out times.” The only data it does collect is total bandwidth usage of its servers. It is noted that temporary logging may be enacted in case of a malicious attack, but that the records would be destroyed shortly afterwards. So far, this hasn’t happened.

VPN Baron (Romania) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

VPN Baron does not keep any traffic logs or monitor user activity. It does keep connection logs, including timestamps, server location, and the amount of data transferred per session. Although, it does not record the real user IP address.

VPN Unlimited (USA) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

This VPN service is provided by KeepSolid Inc. This provider “does NOT collect and log any user activities while using any of their VPN services, except the total amount of web traffic for each session and session dates.” So we have no traffic logs and minimal connection logs, with no real user IP address.

VPN.ac (Romania) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but only stored for one day (0 points)

As stated on its homepage, VPN.ac keeps no activity logs. In the privacy policy, we discover that connection logs are kept. These include bandwidth usage, timestamps, and source IP addresses. On the plus side, the timestamps and IP addresses are only stored for one day before being deleted.

VPN.asia (Belize) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

This provider doesn’t log any website traffic or monitor user activity. In the privacy policy it states: “VPN.asia does not collect or log any traffic or use of its Virtual Private Network service.” “Use” implies connection logs but we checked to make sure as there is no mention of it elsewhere. We were assured that no logs are kept.

VPN.ht (Belize) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

Within its privacy policy, VPN.ht says it does “not collect or log traffic data or browsing activity from individual users.” There is no mention of connection logs so we asked for clarification. A customer service representative told us that absolutely no logs are kept. Even so, this provider offers a warrant canary.

VPN4All (The Netherlands) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

The VPN4All service is provided by Web Broadcasting Ltd. It has a strict no-logs policy and does not keep any traffic logs or connection logs. The only thing it tracks is bandwidth usage per license number.

VPNArea (Bulgaria) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

VPNArea has a refreshingly clear logging section within its privacy policy and indeed maintains a true zero-logs stance: “We do not monitor, record or store logs for any single customer’s VPN activity. We do not monitor, record or store any login dates, timestamps, incoming and outgoing IP addresses, bandwidth statistics or any other identifiable data of any VPN users using our VPN servers.”

VPNBook (Switzerland) 3/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, kept for up to one week (0 points)

VPNBook’s privacy policy, which is oddly located on its Contact page, explains that no data is recorded when it comes to internet activity. Some connection logs are kept, specifically timestamps and user IP addresses. These logs are deleted automatically every week which means they may be stored for up to seven days. In 2013, this provider was accused of handing over logs involved in the prosecution of members of hacker group Anonymous.

VPNLand (Canada) 2/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: Yes, but only for signup (0 points)

The VPNLand homepage states, “We do not keep logs and we won’t share your information to any third party.” Over in the TOS, we read that this provider keeps “log files on our servers for only 5 days for the reasons of security. After that the log files are deleted from our servers.”

It’s not clear from this exactly what logs are kept. We asked and were told that no logs of online activity are kept but IP addresses are recorded when customers sign up to prevent fraud. However, this does not apply to Bitcoin or Ethereum transactions.

VPNLUX (Belize) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

VPNLUX does not store logs of traffic data. As is clearly laid out in its privacy policy, it does store some connection logs, including timestamps and bandwidth usage. These are associated with the account ID number and not an actual real user IP.

VPNSecure (Australia) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

The VPNSecure TOS tells us:

“We do not log any personal information when connecting to our service.

‘Any data’ means but is not limited to the following:

  • IP Address NOT logged
  • Connection timestamp NOT logged
  • Disconnect timestamp NOT logged
  • Bandwidth used NOT logged
  • DNS Requests NOT logged”

Even though no logs are recorded, this provider offers a warrant canary.

VPNTunnel (Seychelles) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

As outlined in its privacy policy, VPNTunnel never keeps activity logs. It doesn’t explicitly mention connection logs so we asked customer support. We were told that absolutely no logs are kept but that a user can initiate logs in case they need help with troubleshooting.

VyprVPN (Switzerland) 2/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No, but both source and VPN IP addresses are recorded (1 point)
Connection logs: No
IP address logs: Yes, stored for 30 days (0 points)

VyprVPN from Golden Frog does not record any traffic data or monitor user activity. It does keep connection logs, including “the user’s source IP address, the VyprVPN IP address used by the user, connection start and stop time and total number of bytes used.” The recording of both the source and destination IP means that online activity could fairly easily be traced back to an individual. These connection logs are stored for 30 days before being deleted.

W

Windscribe (Canada) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

This provider doesn’t keep any traffic logs and connection logs are kept to a bare minimum. “We store total amount of bandwidth your account has consumed in 1 month period, which is reset every month on the day of your registration.” It also stores a timestamp of the last activity associated with an account to detect inactive accounts. However, this is linked to an account and not an IP address.

WorldVPN (UK) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 5 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

WorldVPN doesn’t monitor internet activity but it keeps some connection logs. These include the duration of the VPN connection and the amount of bandwidth used during the connection. Note that they do not include timestamps or real user IP addresses, so this can still be considered a fairly solid no-logs policy.

Z

ZenMate (Germany) 3/4

Based in 5 Eyes or 14 Eyes? Yes, 14 Eyes (0 points)
Traffic Logs: No (2 points)
Connection logs: Yes, for accounts with a data cap
IP address logs: No (1 point)

ZenMate operates with a no-logs policy. It does not keep traffic logs of any kind. It does track data transferred, but only for accounts that have a data cap. There are many mentions of IP addresses in the privacy policy, and it initially sounds as though these are logged. Once you sort through the jargon, it is revealed that IP addresses are only processed temporarily and not logged.

ZenVPN (Dominica) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes
IP address logs: No (1 point)

ZenVPN doesn’t keep any traffic logs. The only connection data it tracks is each user’s aggregate daily bandwidth usage.

ZoogVPN (Isle of Man) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

This provider’s privacy policy is very explicit about what it does and doesn’t track. Indeed, we have another zero-logs provider. There is no logging of online activity or metadata attached to an individual user. The only thing it does track is total bandwidth usage on its servers.

ZorroVPN (Belize) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: No
IP address logs: No (1 point)

In its very brief TOS (there is no privacy policy) ZorroVPN states “We guarantee no logging any user’s activity.” However, there is no mention of connection logs. We contacted them to find out and were told that no connection logs are kept. ZorroVPN provides an up-to-date warrant canary.

ZPN (United Arab Emirates) 4/4

Based in 5 Eyes or 14 Eyes? No (1 point)
Traffic Logs: No (2 points)
Connection logs: Yes, for accounts with a data cap
IP address logs: No (1 point)

ZPN does not monitor traffic or user activity. It does state in the TOS “We only log bandwidth usage for calculating monthly quota excluding premium accounts.” So for premium account holders with no data cap, there are no logs.

Final comments

As you can see, when it comes to logging policies, there is a lot of variation. While most providers claim that they don’t keep logs, this typically refers to traffic logs. When we dig deeper, we often find that some data collection takes place, usually in the form of connection logs, sometimes including IP addresses.

Aside from have different policies, providers also differ in the way they communicate these policies to users. Some are very explicit about what is collected and how it is used, while others don’t mention a logging policy anywhere on their site.

Whatever approach they take, we have to remember that we are basing our knowledge on each provider’s claims. We have no way of verifying that they actually abide by these policies. As such, when selecting a provider, you also need to evaluate if it is trustworthy enough to stick to its claims.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.