Virtual private networks would claim to offer log-less service. But, this is not always the case. An actual no logs VPN does not keep any kind of record from its user. Even authentic log-less VPNs would need to log their users to provide them service. For example, virtual private networks need to verify user identity from their records to apply bandwidth restrictions, and number of devices used under an account.
Therefore, instead of choosing a no logs VPN, the solution is to choose a VPN that would not log that contains sensitive information. To know which provider to choose, one must first know the different logs a VPN could record.
These could include anything from metadata, diagnostics, and usage. These three can provide the user’s time of access, server used, and bandwidth used. In some cases, it can provide user identity since this often include account details.
Connection logs are necessary for VPN providers to provide users its service. Providers also use this to analyze monitor performance and how they can improve their services.
These logs do not pose a threat to one’s privacy as long as account and user information are not involved. The safest way to prevent identification is through services that do not require personally identifiable information. This is often done by services that accept disposable e-mail addresses and cryptocurrency.
Logging IP addresses of users defeats the purpose of using a virtual private network. It would not matter if these are masked by the VPN server’s address since anything recorded can be acquired by third parties.
Internet traffic is the worst information that can be recorded by a VPN service. It defeats the essence of calling a network as “private.” Internet traffic can show a person’s browsing history, purchases, downloaded files, and software used.
Free VPNs usually record this information since selling this type of information can give them profit. Unfortunately, these services cannot assure their users that they won’t sell to third parties that might hack or snoop on their device.
The only reason VPN providers log sensitive information is the government compelled them to do so. Governments can require virtual private network provider in their countries to log user activity. In the event of suspected criminal or compromising activity, Government intelligence and investigation agencies can demand these providers to handover these logs so they can browse find those who committed the wrongdoing.
VPN users would not even have a warning. These demands come together with gag orders that make disclosure of the fact illegal.
It is for this reason that potential VPN users must always be aware of state laws. They must know if a VPN provider does business in a country that might compromise its security and privacy.
The easiest way to know if a VPN provider can be compelled to hand over information is if it is located in a Five Eyes of Fourteen Eyes country. These terms represent two multilateral alliances for sharing signals intelligence. This means alliance members are required to provide the intelligence necessary if a fellow member requests for it. This includes compelling private organizations, such as VPN providers, to provide the required information.
Five eyes (FVEY) countries: United States of America, the United Kingdom, Australia, Canada, and New Zealand
Fourteen eyes countries: USA, UK, Australia, Canada, New Zealand, Belgium, Denmark, France, Germany, Italy, Norway, Netherlands, Spain, and Sweden.
Anyone considering to use a VPN should only use those that do not record sensitive information. It does not matter if they have anything to hide from government agencies. They should use a VPN that does not record their IP address or traffic. If they use a VPN that does, they are exposing themselves to risk on privacy and security.
To check which logs are recorded, one can easily check their terms and conditions. It contains the service’s logging policies. One should always check if a service records IP addresses or Internet traffic. Moreover, although they may state they only have connection logs, this can sometimes include IP addresses.
And, lastly, one should consider where it operates. Wherever it is registered, it must follow the laws of that country regardless of its claims in the marketing material.