VPN Logging Policies Explained: Does your VPN keep logs? [2022]

Say no to VPN logging games, and learn what your VPN is hiding!

Your data is… yours, and you should keep it yours! And you know what happens if you trust your data with someone else? You become the product or a target of advertisers or, at some point, hackers. Do you want that? We guess not!

That’s why many VPNs have a lot of big claims regarding logs. Although by definition, they are supposed to protect our data. But sometimes they don’t!

Just like any other industry, the VPN industry is also plagued with some bad services that always try to cash on the opportunities and prey on their customers’ data and private information (looking at you: free VPN services).

These services are basically “Wolf in a Sheep’s clothing.” They pretend to be transparent and honest about not keeping any logs, but in reality, they are the complete opposite. They lure customers with their “no-log policy” tags and then feed on their private data and information.

Don’t get tricked by their hyperbolized claims and incorrect marketing headlines! Learn about what VPN logging policies truly are? What is the logging meaning? And how have they been implemented and exercised in the industry?

Keeping true to our vision of bringing certified and correct information to our readers, CanadaVPNs attempts to explain logging policies and how VPNs have implemented them.

VPN-logging-Explained-Does-your-VPN-keep-logs

What Types of Data do VPNs Log?

There are three types of data your VPN might collect:

  • Connection logs
  • Activity logs
  • Aggregated logs

Wait… what? Aren’t they supposed to be “logless” or with “zero-logs?

Actually, no! All VPN providers have to keep certain logs of their user’s activity in one way or another to ensure the smooth maintenance of their services and operations.

If you’re using a VPN merely for streaming or need VPNs for gaming purposes, you may not be concerned about a record of your VPN traffic. But for journalists investigating the highly-sensitive reports, lawyers, activists, and political dissidents, it’s paramount to know what type of logs do VPNs keep and whether it’s a breach of your privacy.

Connection Logs

Connection logs are the primary logs that might be kept by your VPN provider. In ideal situations, these are fewer and apparently anonymized logs that help the VPN service monitor the server’s workload to control traffic, prevent exploitation, and keep its network running.

VPNs that limit the number of simultaneous connections per account (almost all our top-recommended providers, except for Surfshark) have to keep some of these logs to prevent overcrowding.

Connection logs may include:

  • Your VPN session time: when you connected to it and how long you were connected for.
  • The server you were connected to.
  • Your actual IP address.
  • After a crash, any diagnostic data you consented to send to the VPN provider.

Since data retention laws differ by region, these logs may be kept for a certain period of time in order to be collected by law-enforcement officials if subpoenaed.

Keep in mind some of the connection logs may contain information regarding your home as a source of internet traffic, thereby compromising your privacy. And due to this, come services such as ExpressVPN pledge never to keep connection logs.

Activity Logs

Activity logs are among the most concerning kinds that a VPN provider could log. Activity logs, sometimes called traffic logs, are actually the record of our IP address to monitor your activity across the websites you visit. Depending on how the logs are recorded, they may or may not easily be traced back to the specific user.

If a VPN service is caught keeping these types of VPN logs, it would be a big fraud, to say the least, and possibly a potential law case.

Some of the information that can be exposed through activity logs include:

  • Your actual location in case your IP address is logged
  • A list of services or apps on your device
  • All the messages you sent or received if not encrypted.
  • A list of all the websites that you’ve visited

Needless to say, that’s the sort of information usually being collected by advertisers and ISPs to run businesses – and that’s exactly what drove us to use a VPN service in the first place. And if a VPN service itself collects such logs, then what’s the point of investing in it, right?

Aggregate Logs

Some of the most popular VPN brands collect aggregate logs. This attributes to the information that is supposedly not known, anonymized, and impossible to track back to the specific user. It includes:

  • the website that you visit
  • bandwidth use
  • dates and times you connect to a specific server.

This information is generally stored in their larger databases. It’s important to be aware that some VPNs claim that they don’t keep logs of any sort, but in reality, they do collect aggregate logs to run their systems and streamline their processes.

Unfortunately, aggregated or anonymized data could not be marketed explicitly since customers would take it as any other data that could reflect back to their identity. Hence, VPNs try to hide this fact in their lengthy policies and leave it for reviewers like us to educate their customers.

But again, the efficacy of the anonymization process and the exact type of aggregated data will dictate whether this type of logging is acceptable. It all goes down to the trust in your VPN provider; you just have to trust your VPN service and believe that it is indeed anonymizing your data.

Why do VPNs keep logs?

VPN services may collect logs for several reasons, such as:

1. Limiting the number of simultaneous devices:

Almost all VPN services limit the simultaneous connections that can be used with a single subscription (Except for Surfshark, which offers unlimited connections). The information like servers traffic, login sessions, and IP addresses help them determine the traffic workload on their servers so they can limit the number of connections.

But how exactly they implement such restrictions while still being “logless” is a mystery that only your VPN provider can solve.

2. Logging with rental servers

Many VPN services rent out virtual servers to broaden their server coverage. It’s cheaper to rent a server than to build a full-fledged physical server from scratch. Obviously, VPNs would take an easy way out and opt for the rental servers, but this creates some issues from a privacy standpoint.

The main issue is that these rental servers often maintain logs of the traffic they receive. Moreover, local authorities also have the role of enforcing data logging on server hosts for security reasons. In this case, the claims of being “no-logs” of a foreign VPN service mean absolutely nothing – local law enforcement officials would go directly to the data center to collect whatever they want.

3. National or International surveillance agencies force VPN companies to log

Internal surveillance agencies, such as Five Eyes and Nine Eyes, have forced companies to collect data on their users and pass it over to them when required. Other spying agencies like NSA and GCHQ have also been known to push companies into data logging. Many big tech US-based companies have been facilitating NSA spying for years. It’s not just in the US; in fact, UK authorities have also passed an Investigatory Power bull that mandates data logging and maintaining for 12 months.

4. For limiting bandwidth

Some VPN services come with bandwidth restrictions on certain packages. There’s obviously some data required to determine the amount of bandwidth used with a given account. Therefore, any VPN claiming to be “log-free” while limiting bandwidth is a major red flag. For example, Windscribe, Hide.me, TunnelBear – all these services have bandwidth limitations in their “free trials.”

Top VPN logging Policies Explained – Learn Who Logs what?

In this section, I will go through the VPN logging policies of the top 3 VPN providers and see whether they have been logging your data.

1. ExpressVPN– Best VPN with a strict no-log policy

Jurisdiction: British Virgin Islands

Connection logs: No

Activity Logs no: No

ExpressVPN, one of the leading and well-known VPN providers, does not collect logs of user activities. They do not collect your IP address, outgoing VPN IP address, connection timestamp, or session duration.

However, they do collect some of your information, such as:

  • Payment details (which you have provided them at the time of purchase)
  • Your Name
  • Email address
  • IP addresses (only of users who opt for their MediaStreamer service)
  • Anonymous VPN connection diagnostics and crash reports
  • ¬†ExpressVPN logs connection summary and aggregate apps information.

Here’s what ExpressVPN say in their privacy policy:

ExpressVPN-logging-policy

Considering all of this information, the answer to “does ExpressVPN keep logs” stands No!

Learn more about ExpressVPN in our detailed review here.

2. Surfshark – 100% Privacy with no-logging policy

Jurisdiction: British Virgin Islands

Connection logs: No

Activity Logs no: No

Headquartered in the British Virgin Islands, Surfshark is known for providing the best and the most affordable VPN services. In their logging policy section, it clearly states that they do not log:

  • Browsing history
  • Session information
  • Used bandwidth
  • Network traffic
  • Connection timestamps and session durations

What they do collection, however, is your:

  • Email address and encrypted password.
  • Basic billing information and purchasing history

Surfshark also logs:

  • Diagnostic reports
  • IP address when you visit their website
  • Cookies and web beacons
  • Traffic data through Google analytics

Here’s what they say in their privacy policies:

Surfshark-logging-policy

To develop a more comprehensive understanding of Surfshark’s privacy policies, read our detailed review here.

3. NordVPN – Zero log VPN

Jurisdiction: Panama

Connection logs: No

Activity Logs no: No

Does NordVPN keep logs? Well, while scavenging through NordVPN’s privacy policy, we found it does not keep logs of any sort that is a breach of your privacy. They do not log:

  • IP addresses or IP address activity log
  • Session time and duration
  • Used bandwidth
  • Traffic logs

However, it does claim to collect some of the information that helps them to improve their services. Here’s the list of data that NordVPN collects on their users:

  • Cookies – Google Analytics, Affiliate cookies, and cookies to personalize their content according to users.
  • Server load details for monitoring and managing server performance.
  • Customer service information

Here’s what NordVPN log policy states:

NordVPN-Data policy

Learn more about NordVPN privacy policies in our detailed review here:

What Kind of VPN Logging is Acceptable?

VPNs are required some of your information to improve their services and systems to make them better for your use. However, this information could be completely anonymized and cannot be used against you. It’s completely acceptable for a VPN service to collect information such as:

  • Originating IP address
  • Server load information
  • VPN server location
  • Aggregate connection logs
  • Aggregate Bandwidth logs

What Kind of VPN Logging is NOT Acceptable?

VPNs are meant for your digital security and privacy. They are basically made for this purpose. And if they itself found to be breaching your privacy somehow, that’s so wrong on so many levels. Here’s what your VPN should NEVER log:

  • DNS requests
  • User Bandwidth use
  • User timestamps and session duration
  • Assigned VPN server IP address
  • Originating IP address
  • Browsing history and activities

How to Protect Your Data?

If you’re worried about your data and afraid it to being logged, here’s what you can do to keep it safe:

  • Choose a reliable VPN: Services like ExpressVPN, Surfshark and NordVPN have private servers that are not subjected to data retention laws. Moreover, all these providers have their logging policies verified and audited by third-party auditors. I can trust these VPNs with my data anytime.

If you’re still confused about the ability of your VPN provider in concealing your identity, here are some steps you can take to safeguard your sensitive data further:

  • Combine a VPN with a Tor browser (Onion Over VPN)
  • Layer VPN services (running multiple VPN services at once)
  • Choose a VPN service based in a privacy-friendly jurisdiction such as Panama and the British Virgin Islands.

FAQ


No, police can’t track your traffic if it’s encrypted via VPN. If they want to track your traffic, they can visit your ISP and ask them to hand over your connection or usage logs. And if you’re using a VPN, they will not have any logs on you.

No, a VPN can’t track your history. This is a tool solely designed to hide your IP address and block your location and browser history, allowing you to send and receive information on public networks more privately.

VPNs usually keep logs for at least 30 days. However, it could be longer for some VPN providers.

Absolutely not! Virtual Private Network (VPN) is a tool that provides a secure tunnel for your online traffic, encrypting your data and concealing your IP address. It depends on your chosen VPN and its log policies whether they can store your passwords on its servers.

Conclusion

So, that’s a wrap on our VPN logging guide. Here’s a short mental note we want you to keep: Always trust a VPN provider that is independently audited and reviewed by third-party auditors. Make a habit of reading terms and policies before entrusting your data to a VPN provider. Check if your chosen VPN is not associated with any logging-related controversies. Last but not the least, BEWARE of the Wolf in a sheep’s clothing!

If you still have any confusion regarding VPNs and their logging policies, feel free to contact us on our provided email.