What Types of Data do VPNs Log?
There are three types of data your VPN might record: activity logs, connection logs, and aggregated logs. Understanding what type of data falls into these categories is paramount if you’re to effectively protect your privacy.
Collecting activity data is the most invasive type of logging. It essentially removes any privacy or anonymity benefit that a VPN might otherwise afford.
Also known as ‘usage logs’, this refers to any data explicitly related to your online activity. This could include:
- Browsing history
- DNS requests
- URLs visited
- Usage metadata
Free VPN applications like Hola VPN are a common culprit for collecting activity data. This data is often shared or sold to third parties for advertising purposes, effectively subsidizing the cost of a subscription.
Some subscription-based ‘no-log’ VPN services like F-Secure Freedome monitor user activity if they are suspicious about an individual or if they are legally compeled to do so. Some, like SkyVPN, record user activity in real-time and then delete it when the VPN session is over:
Because the data is deleted so quickly, this type of activity logging isn’t too much of a concern. That being said, it’s best to avoid it where possible.
Other providers like Hide.me are technically incapable of collecting activity logs due to the configuration of their network. From a privacy standpoint, these providers are your best option.
Needless to say, any VPN storing activity data should be avoided at all costs. If you’re concerned about activity logging, take a look at the most popular VPNs that log your activity data.
Connection logs can include:
- Bandwidth usage
- Dates and times of connection
- Originating IP address
- VPN server IP address
Connection logs can be collected at the server-level (e.g. total server bandwidth usage) or the user-level (e.g. your originating IP address).
Typically, this data is used to optimize network performance and troubleshoot customer queries.
Server-level connection logs are a great example of why not all logging is a problem. It’s practically impossible for a VPN to maintain performance without logging any data whatsoever. In fact, monitoring and storing the right, non-identifiable data will help ensure you get the best possible experience from your VPN.
However, storing the wrong connection logs could allow a VPN provider to match you to your activity. This could be used to personally identify you, which is a major problem for privacy-conscious users.
If you’re concerned about the type of connection data your VPN is logging, continue reading to find out exactly what kind of logging is unacceptable.
Here is an example of detailed user-level connection logs from Thunder VPN’s logging policy:
Claims that this data is only used to “deliver the best possible experience” or “improve customer service” are rife, but we know from experience that this level of detail isn’t necessary to maintain a well-performing VPN network.
Some of the most popular VPNs on the market collect aggregated logs. This means the VPN provider is collecting information and supposedly ensuring that it is anonymized and impossible to trace to specific users.
A VPN provider might collect the websites that you visit, the bandwidth you use, or the dates and times you connect to a VPN server. They will then strip this information of any identifying factors and add it to a larger database.
Ultimately, aggregated and anonymized data is not always the magic bullet that marketing teams will have you believe. The exact type of data being aggregated and the efficacy of the anonymization process will dictate whether or not this type of logging is acceptable. Put simply, you have to trust that your VPN service is anonymizing your data effectively.
If this is a leap of faith you are uncomfortable with, you’re better off choosing a truly no-logs VPN.
A truly no-logs VPN service will not collect or store any activity or connection data that could be used to personally identify you. Most importantly, it will not collect or hold any information transmitted through the VPN tunnel.
This will ensure that no user can be tied to any specific activity or connection on the VPN network. Every user will be private, anonymous, and unknown to even the VPN provider.
The only identifying information these VPNs will have is your email address (for registering your account) and billing (in case you want a refund). Some providers, like ExpressVPN, allow you to pay in Bitcoin to avoid this process altogether.
This means the VPN service cannot be compelled to make user data available to authorities or third parties, as the data simply doesn’t exist.
It’s for this reason that a strong logging policy can offset the issue of a poor jurisdiction, as is the case with Private Internet Access.
It’s important to note that “no-logs” doesn’t necessarily mean that absolutely no data is kept at all. Truly “zero logging” is effectively impossible to implement whilst maintaining a strong network or enforcing restrictions like device limits.
Most VPNs will keep very basic data like aggregate server load information (the number of users or bandwidth used per server). This is a justifiably minimal approach to logging which involves absolutely no identifying information. This is still classed as a no-logs VPN.
Visit the last chapter of this guide for a list of no-log VPNs that have been verified by third parties.