vpn

PureVPN Commissions Audit to Prove ‘No-Logs’ Status

Despite a positive independent audit, it appears that PureVPN still logs some data

PureVPN Logo
David Hughes
By David Hughes

Popular VPN service PureVPN has undergone an independent audit to verify its ‘no-logs’ claims. 

PureVPN hired the California-based Altius IT to perform a security audit of both its systems and its no-log policy.

Altius is certified by the Information Systems Audit and Control Association (ISACA), an international association dedicated to IT governance. 

According to PureVPN: “Altius IT started its audit by going through PureVPN’s privacy policy, clause by clause. It reviewed all the logging-related statements and compared them against the technical server configurations and systems.”

Following the completion of the audit, Altius IT offered the following conclusion: “[We] did not find any evidence of system configurations and/or system/service log files that independently, or collectively, could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.”  

While PureVPN has taken this step to prove its “no-logs” claims, Altius’ wording is interesting. While it says there are no log files that “could lead to identifying a specific person”, it does not say that PureVPN keeps absolutely no logs. 

If you consult PureVPN’s revised privacy policy, it quite clearly states: “We know the day you connected to a specific VPN location and from which Internet Service Provider.”

It also logs the bandwidth data used by users.

We go into the details of what PureVPN does and does not log in our review, which you can read here.

PureVPN defend this data acquisition in the next sentence: “This bare minimum set of data is required to help you with technical assistance, solving connecting problems, and overcoming region-specific problems.”

This isn’t untrue and there isn’t anything particularly wrong with this, as nothing here can be traced back to an individual, as claimed.

PureVPN may be particularly keen to establish its privacy credentials after it cooperated with the FBI through logged customer data in 2017.

A no-logs VPN, sometimes called a zero-logs, is a service that does not collect or store any data whatsoever about the individual using the VPN. The degree to which a VPN is or is not a no-logs provider is often regarded as a very important feature of its worth. 

Due to this importance, especially when situated in a highly competitive market, many VPNs simply claim to be no-logs when all it takes is a simple scan over its privacy policy to discover the opposite.  

The value of maintaining a no-logs service has led to many VPN providers wanting to prove its claims in light of fraudsters on the market. So VPN providers turn to independent verification of their claims.

ExpressVPN, NordVPN, and VyprVPN, for example, have all had their no-logs claims verified from outside audits, and Private Internet Access through a number of court cases.

Many good VPN providers oversee a minimal collection of data, or metadata, in order to maintain the service’s performance. Every VPN is different, and there are degrees of information stored that a VPN user should consider when purchasing a VPN. 

Which VPN provider you trust is entirely at your own discretion, but PureVPN has taken a welcome step that should make its service more trustworthy to consumers following some past controversies.