Many VPN providers will attempt to lure you in with the promise of being ‘totally zero-logs’, but that is so very rarely the case. This isn’t to say that all logging is a problem, though – in fact, monitoring and storing the right sort of information will help ensure you get the best possible service.
Unfortunately it can be difficult to know the warning signs to look out for, especially if you’ve never purchased a VPN before. Logging policies tend to be on the long side and often contain loads of confusing (and sometimes misleading) language, but by the time you’re done reading our guide, you’ll be feeling far more confident.
What Kind of Logging is Acceptable?
In order to maintain a high-performance server network, it’s usually necessary for a VPN provider to log at least some basic connection metadata. As long as none of this can be used to personally identify you, it isn’t problematic at all.
It’s very common to see providers logging aggregate server statistics such as bandwidth usage. This helps them make sure nobody is abusing the service and also helps with troubleshooting any issues that may arise.
Even logging your individual bandwidth consumption isn’t an issue, as long as it is in no way linked to your true IP address.
Monitoring server load means providers can identify which locations are the most popular and add extra servers to prevent congestion at busy times. This is great news for performance.
VPN Server Location
Some providers monitor which VPN server you connect to so they can provide more tailored advice and technical support, helping you to get the best out of the service. Again, not a concern, as your identity stays protected.
What Makes a Good Logging Policy?
Make Sure It Exists
One major red flag in terms of logging policies – and you’d be surprised how many providers this applies to – is a total lack of one.
It Shouldn’t Be Too Short
Another thing to look out for is an unusually short policy. We’ve come across far too many that simply state “we don’t log anything you do while connected to the VPN service”, but that’s not to say it’s not collecting your personal data in some other way.
It’s worth contacting the support team for more details if you find yourself in this situation.
It Should Avoid Overly Technical Language
Ideally, all logging policies would simply spell out (in plain English) exactly what that VPN provider does and doesn’t monitor and/or store. The best ones break down all the information, without using any technical jargon, and explain the reason(s) they collect what they do.
Look For Details On Log Storage
As a user, you have a right to know how long your VPN is storing its logs for. If you can’t easily find this information, be sure to contact a member of their customer support team.
We discuss these sorts of details in the Privacy section of our VPN reviews, so take a look there too.
When Does Logging Become a Concern?
You should only be concerned if your provider is logging anything that could be used to personally identify you.
Originating IP Addresses
There are a handful of VPNs out there that collect originating IP addresses – far from ideal, as these can be used to track down exactly what device you were using to connect to the VPN.
Monitoring Online Activity
Even more worryingly, a small number of providers even go so far as to monitor everything you do while connected to the VPN. This can include any websites you visit, files you download and even the content of any messages you send.
This is even more dangerous than not using a VPN in the first place, as you have no control over how long this data is stored for, or who it is sent to.
Watch Out for Free VPNs
The most common culprits of collecting personally identifiable information are usually free VPNs, although there are a few paid services that are guilty of this too.
We recently conducted an investigation and found out exactly which free VPN services you should be avoiding – you can read this here.
How Long Should a Provider Store Logs?
Ideally, your chosen VPN provider won’t collect any logs, but in the likely case that it does you need to know how long these are being kept for. We’ve seen time frames anywhere from a few hours up to a couple of years, or even more – the shorter, the better.
Storing logs up to around 30 days isn’t too much of a concern. This is long enough to help with any recent troubleshooting issues, but not so long that your information is being held for longer than it needs to.
Does Jurisdiction Matter?
These dictate how your data is handled and whether or not it will be shared with other nations or disclosed to any third parties without your prior consent.
Be wary of VPNs based in any of the following locations:
- United Kingdom
- New Zealand
Nine Eyes – the above countries, plus:
Fourteen Eyes – the above countries, plus:
If your chosen provider is based in any of these locations, it isn’t necessarily the be-all and end-all. As long as nothing it collects can be used to personally identify you, you have nothing to worry about.
Not only do these countries tend to have incredibly intrusive surveillance laws, allowing ISPs to store user data for very long periods of time, they’re also usually willing to disclose personal information to law enforcement agencies on request. Not something you want from your VPN provider.
For more information, including some of the countries that your VPN should be based in, take a look at our comprehensive guide to VPN jurisdictions.
Don't Be Afraid to Ask Questions
If something looks suspicious or there are any details missing then don’t hesitate to contact your VPN provider. If it is reluctant to answer your questions that’s a bad sign.
A good logging policy will leave you with absolutely no doubt that your personal information is in safe hands, and it’s your right as a user to expect that.