A VPN no-log policy is a policy where a VPN service provider does not keep track of user activity logs. This means that the VPN service provider cannot provide any information about user activity, including which websites were visited or what files were downloaded, to third-party entities.
The risks of keeping data on a VPN server that can be hacked are significant. If a hacker is able to access the data on the VPN server, they could potentially gain access to all of the information that was transmitted through the server. This could include sensitive information such as passwords, credit card numbers, and other personal information.
Why Encryption Is Only Half The Story
You’ll often hear that a VPN encrypts all your traffic. What providers don’t talk about as often is that all traffic is decrypted by the VPN server. This needs to happen for the VPN to route your traffic to its intended destination. Before you commit to that VPN download, you should understand that you’re trusting the VPN to dispose of any metadata it created during this routing process and to not record your activity.
If the VPN server is malicious or storing your data you are essentially paying to be man in the middle attacked. It’s not so much of a problem when using the HTTPS protocol. The S stands for secure or, formerly, Secure Sockets Layer. This is employed anytime you see a padlock in your URL bar before the www. It means that all the data between your computer and the site you’re visiting is encrypted independently of the VPNs encryption and can’t be read.
The problem is with older HTTP encryption. All data sent over HTTP is sent as clear text. Any password you send or credit card information you enter is readable. A VPN that’s collecting logs is arguably worse than an ISP in this scenario because your sensitive information exists for longer on 3rd party servers. Throw in that any VPN collecting logs is likely a dodgy provider with questionable practices and you start to see the scope of the problem.
Luckily, HTTP isn’t that common anymore. It’s estimated that around 79.5% of the internet now uses HTTPS, and it’s all but guaranteed for any payment processor or reputable website. All that being said if you are using any websites that don’t use HTTPS you really need to use a reputable VPN that doesn’t keep logs.
How To Check If A VPN Keeps Logs
Look for their location. The best place for a no-logs VPN is in a country with strong privacy laws. This is because if the VPN company is subpoenaed the government can’t make them hand over user data they don’t have. The 5, 9, and 14 Eyes countries are to be avoided.
Even then it’s near impossible to verify if a VPN lives up to its no-logs policy. A commonly cited example is PureVPN which helped the FBI track down a suspected internet stalker, by combing its logs to reveal his IP address. Internet stalking is bad, but still, PureVPN was adamant that they didn’t keep any personal data, and yet they were able to link Ryan Lin’s IP to his Gmail, ProtonMail, TextNow and other accounts. If you’re thinking, “I’m not a criminal”, well done but consider that all this information lived on a company’s server and is at risk of being hacked.
Only Trust VPNs That Have Gone Through 3rd Party Audits
The best way to be sure that a no-logs VPN actually doesn’t keep logs is if it’s been put through a 3rd party independent audit. This involves someone coming in and scouring the code as well as the company’s procedures to ensure they’re not storing user data. A 3rd party audit will stress-test the VPN in various scenarios to see if any user data is being transmitted or stored and check for vulnerabilities in the code base.
The Risk Of Free VPNs
While free VPNs might sound like a great way to save money, they come with a number of risks. First and foremost, free VPN providers are more likely to be logging your data. They need to make money somehow, and selling user data is an easy way to do that. Furthermore, free VPN providers tend to have outdated encryption protocols, which makes it easier for hackers to gain access to your data. Finally, free VPN providers often have slow servers, which can make a streaming video or downloading large files difficult or impossible.
Let’s Wrap This Up