Alex Williams
Alex Williams  —

Last updated:

Share this Post

vpn-virtual-private-networkA VPN or virtual private network is marketed as the remedy to personal web privacy, yet just how well do they hold up under the scrutiny of our analysts?

When you register for a membership to a VPN product, either a no-charge or paid VPN, you need to set up an account with a username and password.

As part of that step, you’ll need to accept the TOCs of the company, also called the personal privacy policy.

Within this record, the VPN should clearly specify what kind of info they are going to monitor regarding their customers as well as how much time they will certainly keep such documents. Lots of providers assert in their advertising and marketing content that they have a no-logging protocol. Actually, however, this is seldom the case.

Related: Best VPN Protocols


VPN Connectivity & Activity Logs Explained

What truly ought to matter to you is the sort of logs that a VPN host tracks. Some companies maintain logging is needed for troubleshooting and managerial functions, while others drift unmistakably into the turf of personal privacy intrusion (which is no less a concern among leading nations even in the digital era).

Making use of a VPN is usually viewed as a workaround to stay clear of being kept track of by an access provider (ISP), however you need to know your VPN’s complete logging agreements prior to purchasing its solution.

For the purposes of this short article, we’re re going to split the idea of logging into 3 different parts:

Type 1 - Troubleshooting Logs 🔧

Logs that are recorded regarding user issues with the VPN. These logs might consist of some individual details, such as username or IP address, yet are made use of solely for troubleshooting as well as enhancing the efficiency of the VPN.

Type 2 - Connectivity Logs 🛰️

Some service providers implement constraints on their solution, such as for how long a connection can last or the number of synchronised links are permitted. By keeping connection logs, a service provider can track each session on their VPN (again, including your IP address).

Type 3 - Activity Logs (Watch for This One) 🏃‍♀️

VPN web servers are in charge of transmitting every bit of web traffic that comes through its network, so theoretically service providers can keep an eye on every internet request that is sent out or accepted. This suggests that a VPN host can track all internet activity for each and every individual as well as also identify what sorts of data are being downloaded and installed.

A VPN company might establish their logging policies based on a range of factors. Listed below you'll locate a practical overview of the leading VPN solutions out there and also exactly how their logging plans compare to one another.

Final tip before the review - combining a VPN and a private email host is a good way to keep your inbox extra secure.


A Few Popular VPNs and Their Policies Explained Simply 📘

Not Protected? ⭐ If you’re looking for the best VPN as ranked by Hosting Data, click the link.

In this guide, however, we’ll be focusing on privacy policies. There is no particular order to the list though many of the same VPNs on that ranking guide appear here.


1. NordVPN Logging Policy

  • Web servers for NordVPN are hosted in Panama. For you, this means a very low possibility your data may be shared with nationwide surveillance organizations.
  • The personal privacy plan for NordVPN stipulates that the company has a total no-logs practice.
  • NordVPN will not monitor session, troubleshooting, or connectivity logs. Your private information, such as your name, e-mail address, and also IP address, all will be confidential (while many of the VPNs on our list do not track activity or error logs, many of them do store connection logs - but not NordVPN!).
  • This is a total level of anonymity, and NordVPN has even hired third-party auditors from the “big 4” audit firms to carry out detailed audits on their no-logs policy. This is a company confident over the reputation for circumventing 5/9/14 Eyes Alliance surveillance.

Security Audited By a Third-Party? 💼 Yes, and by very reputable ones. While others have had independent audits too, NordVPN is the only to have published the findings other than TunnelBear and ExpressVPN (that we know of). 

[NordVPN is way ahead of most: they’re looking into ordering a second, expanded third-party audit, while some on this list haven’t done a single one… If you hadn’t guessed, they’re number one in our best VPN list: see above for the link to that guide.]

To read their privacy policy click here.


2. IPVanish Logging Policy

  • Web servers for IPVanish are hosted in the United States. Due to the fact that America has an information partnership with a variety of various other nations, consisting of Canada, the UK, Australia, as well as New Zealand, there is a possibility your VPN sessions could be shared with nationwide surveillance bureaus.
  • That said, the personal privacy plan for IPVanish states that they do not keep logs.
  • IPVanish does not track session, troubleshooting, or connectivity logs. Every customer on the solution is dealt with as a confidential entity. IPVanish additionally helps the Electronic Frontier Foundation (EFF), which defends shielding internet personal privacy.

Security Audited By a Third-Party? 💼 Before IPVarnish was acquired by StackPath, to refute court claims that they were logging data (despite marketing as otherwise), SP ran an ‘independent’ audit. ❌

[We’d like to see something more here soon! Since StackPath was due to acquire the company, we find it hard to count that audit as third-party; too many conflicting interests.]

To read their privacy policy click here.


3. ExpressVPN Logging Policy

  • Web servers for ExpressVPN are hosted in the British Virgin Isles. As an independent entity, this suggests there is a very low possibility that your activity will be shared amongst nationwide surveillance bureaus.
  • The personal privacy plan for ExpressVPN states that they do not check customer activity or track data transfer use.
  • ExpressVPN does not track session logs. The solution does save a constrained amount of recorded info for connectivity logs.

Security Audited By a Third-Party? 💼 Yes, by the cybersecurity firm Cure53: See the press release here. Cure53 also tested TunnelBear. ✅

[ To read actual published findings for ExpressVPN you’ll need to first have an account with them.]

To read their privacy policy click here.


4. StrongVPN Logging Policy

  • Web servers for StrongVPN are hosted in the United States. The United States has a web safety and security arrangement with a variety of various other nations, consisting of Canada, the UK, Australia, as well as New Zealand. This means the possibility that your information could be shared amongst nationwide surveillance firms.
  • The personal privacy plan for StrongVPN states that the solution does not save web logs.
  • StrongVPN does not track session, troubleshooting, or connectivity logs. Despite the surveillance loophole, you can still be confident that your online activity will not be kept in all on their web servers.

Security Audited By a Third-Party? 💼 Unfortunately, StrongVPN hasn’t followed in the footsteps of big players who are bringing in independent auditors. ❌

[Can do better here…]

To read their privacy policy click here.


5. HideMyAss Logging Policy

  • Web servers for HideMyAss are hosted in the United Kingdom. The UK has a web safety contract with a variety of various other nations, consisting of Canada, the United States, Australia, and also New Zealand. The implication here is that your information could be shared in a nationwide safety and security event.
  • The personal privacy plan for HideMyAss discusses that the solution will not keep any type of precise info regarding web sites that you check out while utilizing their VPN service.
  • HideMyAss holds very little session logs, however they DO track various sorts of connectivity logs, including your IP address, the length of each VPN session, as well as the quantity of data transfer made use of.

Security Audited By a Third-Party? 💼 Strangely, they made a press release announcing they were going under independent audit (May 5 2020) but there’s been no announcement to follow. No press release yet as to this happening. 🤷🏿‍♂️

[There’s a chance they’ve been audited but we can’t confirm it (though some sites list them as confirmed.]

To read their privacy policy click here.


6. CyberGhost Logging Policy

  • Web servers for CyberGhost are hosted in Romania. See the end of this guide, where we talk about the “14 eyes” … Romania is out of the group, which means you do not need to stress over your individual information being shared amongst nationwide surveillance bodies.
  • The personal privacy plan for CyberGhost specifies that the solution does not save any type of demographic data (which means you do not need to worry about your IP address floating around in some database - an IP address can pinpoint your specific location down to the door number).
  • CyberGhost does not keep any type of session logs. Their connectivity logs are always kept confidential, made use of just to check web server burdens and also troubleshoot concerns.

Security Audited By a Third-Party? 💼 Since March 2012, CG has been undergoing “safety audits” by QSCert but this is not explicitly described as an independent audit to prove the system is private. ❌

[We can’t confirm this so will cross it out. Chances are it’s not what we’re looking for here.]

To read their privacy policy click here.


7. VyprVPN Logging Policy

  • Web servers for VyprVPN are hosted in Switzerland. This indicates a reduced risk of your sessions being shared amongst nationwide surveillance companies (they’re not part of the “14 eyes”).
  • The personal privacy plan for VyprVPN states that the solution does not track any type of website traffic information connected to customer sessions or downloads.
  • Finally, VyprVPN does not save session logs but they do maintain a log of connectivity information. This info will likely consist of IP addresses, session timings, and also the quantity of information transmitted.

Security Audited By a Third-Party? 💼 Their press release of 2018 announces they are the world’s first publicly independently audited no log VPN provider. ✅

[Great track-record here.]

To read their privacy policy click here.


8. Private Internet Access Logging Policy

  • Web Servers for Private Internet Access are hosted in the United States. The United States has a safety and security partnership with a variety of various other nations, consisting of Canada, the UK, Australia, and also New Zealand. This indicates a possibility your information could be shared with surveillance companies.
  • The personal privacy plan for Private Internet Access is rather unclear, mentioning that no VPN web traffic logs are recorded on their client.
  • Exclusive Internet Access seems to have a real zero-log plan. This suggests they do not save session, troubleshooting, or connectivity logs, i.e. records consisting of any details that can identify their users.

Security Audited By a Third-Party? 💼 Despite rumours for the last two years at least of this occurring, there has been no confirmation of a press release we know of. ❌

[What’s with the hold up? Some sites list them as confirmed, but no audit results have been released and we’ve seen no press release.]

To read their privacy policy click here.


9. TorGuard Logging Policy

  • Web servers for Torguard are hosted in the United States. VPN information can be confiscated in an instance of nationwide safety and security due to the location of these web servers linking them to contracts that the United States has with various other nations.
  • The personal privacy plan for TorGuard suggests that they comply with a real no-logs plan.
  • TorGuard will certainly not track session, troubleshooting, or connectivity logs - so this could mean there will be nothing for surveillance groups to collect, even in a national emergency. Any type of private information connected to your VPN account is dealt with as totally confidential.

Security Audited By a Third-Party? 💼 No press release of an independent audit. ❌

To read their privacy policy click here.


10. Buffered Logging Policy

  • Web servers for Buffered are hosted in Gibraltar. This indicates a much reduced possibility your sessions are going to be shared amongst nationwide safety and security firms from various other nations (not a member group of the “14 eyes”).
  • The personal privacy plan for Buffered states that clients will never have their surfing or download records monitored.
  • Buffered does not save session logs, however they do record some connectivity info, consisting of inbound IP addresses, session times, as well as overall sizes of data transferred. These connectivity logs are there for a max of 30 days.

Security Audited By a Third-Party? 💼 No press release confirming any audit that we know of. ❌


11. Goose VPN Logging Policy

  • Web servers for GooseVPN are hosted in the Netherlands. There is some risk that your VPN info might be revealed in inquiries related to nationwide safety since the Netherlands is a member of specific global surveillance partnerships.
  • The personal privacy plan for GooseVPN suggests that the solution will by no means track activity logs with individual details.
  • GooseVPN does not save task logs, however they do have logging protocols around connectivity data, such as the operating system and geographical regions. IP addresses are not incorporated in these logs (so this won’t be specific to your house address).

Security Audited By a Third-Party?💼 No press release yet as to this happening. ❌

To read their privacy policy click here.


12. Hotspot Shield Logging Policy

  • Web Servers for Hotspot Shield are hosted in Switzerland. Regulations in Switzerland do not permit net sessions to be shown to third party nations (in other words, there’s a lower chance they’ll share your data to other parties or countries even if requested).
  • The personal privacy plan for Hotspot Shield specifies that connectivity logs are tracked yet after that are erased at the end of each VPN session.
  • Hotspot Shield has also actually confessed that they do composite surfing data in their logs (demographic). IP addresses are not incorporated in the logs, however this indicates your online habits are still being tracked in a broader sense. Nevertheless, no need to worry about your physical address being linked to your online activity.

Security Audited By a Third-Party?💼 No press release yet as to this happening. ❌

To read their privacy policy click here.


13. Astrill Logging Policy

  • Web servers for Astrill are hosted in Seychelles. The nation has no worldwide partnerships associated with internet information sharing.
  • The personal privacy plan for Astrill concedes that connectivity logs are held on their web servers.
  • Astrill does not record session logs, their connectivity information does consist of IP addresses as well as basic info. This is made use of to check synchronised connections from a particular account (risky, in our opinion).

Security Audited By a Third-Party? 💼 No press release yet as to this happening. ❌

To read their privacy policy click here.


14. ZoogVPN Logging Policy

  • Web servers for ZoogVPN are hosted in Isle of Man. This indicates a much lowered possibility your activity is going to be shared amongst nationwide surveillance firms.
  • The personal privacy plan for ZoogVPN asserts that the firm has a zero-log plan.
  • ZoogVPN seemingly does not save task logs, yet their web servers do record info on just how much data transfer is made use of per VPN session.

Security Audited By a Third-Party? 💼 No press release yet as to this happening. ❌

To read their privacy policy click here.


15. Anonymizer Logging Policy

  • Web servers for Anonymizer are hosted in the United States. The US has a collection of net safety and security contracts with various other nations, consisting of Canada, the UK, Australia, and also New Zealand. This suggests there is a possibility your information could be asked for or shared as part of a nationwide safety and security inquiry.
  • The personal privacy plan for Anonymizer specifies that the solution stores logs that are lawfully permitted to keep on their web servers.
  • Anonymizer's personal privacy arrangement goes against the insurance claims it makes in advertising its product. The personal privacy plan additionally specifies that the firm can share its log information with various other entities.

Security Audited By a Third-Party? 💼 No press release yet as to this happening. ❌

To read their privacy policy click here.


The Point of Independent (Third-Party) Audits 👩‍💼

We’ll mention here that TunnelBear has also published their independent security audit results, which were performed by Cure53.

How do we really know what a company is doing with our data, regardless of their logging claims?

The main reason why third-party auditing is needed is to verify that there’s no logging policy covertly in place… Without this, it’s impossible to know for sure.

For example, in 2011, Hide My Ass helped the FBI to arrest teenager Cody Kretsinger, who was presented with a possible 15 years in prison for his affiliation with Anonymous in the LulzSec cybersecurity attack (he ended up getting a year).


Who’s Watching You? 👁️

5/9/14 Eyes Alliance 🗺️

who-is-watching-youThe Five Eyes Alliance emerged out of a cold war knowledge treaty called the UKUSA Agreement. This was initially an intelligence-sharing arrangement among the United States as well as the UK targeted at decrypting Soviet Russian intel.

By the late 1950s, Canada, Australia, and also New Zealand had actually likewise signed up with the Alliance.

These 5 English-speaking nations comprise the Five Eyes Alliance as we understand it today. The intelligence-sharing arrangement among these 5 nations has actually built up with time, as it included monitoring of internet usage.

Snowden 👨

For several years, this setup was a skeleton in a closet among the 5 countries. Its presence was not uncovered by the public until 2003. Details began to emerge more clear in 2013 after Edward Snowden spilled a variety of files that he acquired while functioning as an NSA specialist.

These papers revealed extensive federal government monitoring of civilians' on-line habits and also included proof that the worldwide intelligence-sharing network is much more substantial than formerly assumed.

Along with the core countries of the Five Eyes Alliance, the presence of 2 various other worldwide intelligence-sharing contracts has actually been validated. These 2 contracts, referred to as the Nine Eyes as well as Fourteen Eyes Alliances, might not be as tight-knit as the Five Eyes Alliance, yet they still have vast ramifications for web personal privacy.

Here’s a short break down of each of the 3 Alliances: ✒️

5 Eyes: United States, UK, Canada, Australia, New Zealand
9 Eyes: Five Eyes + Denmark, France, Holland, Norway
14 Eyes: Nine Eyes + Germany, Belgium, Italy, Sweden, Spain

5-9-and-14-eyes-countries

The Nine Eyes as well as Fourteen Eyes Alliances are basically expansions of the initial Five Eyes Alliance. While these nations might not all share as much info with each other as the Five Eyes Alliance, they still proactively as well as voluntarily join global intelligence-sharing.

Along with these validated partnerships, it is likewise worth stating one more handful of nations that have actually been captured or presumed of trading details with the Fourteen Eyes Alliance.

To keep your personal data secure, a VPN that keeps very minimal logs or none at all (like the fast NordVPN, who even employs auditors to verify this, which is why they are our top choice) is the best course of action.

That said, be wary of Anonymizer if you are currently using it and any VPN on our list like Astrill that records IP addresses. Also remember that there may be no such thing as the best free VPN.

You Might Also Like: