What Types of Data do VPNs Log?
There are three types of data your VPN might record: activity logs, connection logs, and aggregated logs. Understanding what type of data falls into these categories is paramount if you’re to effectively protect your privacy.
Collecting activity data is the most invasive type of logging. It removes any privacy or anonymity benefit that a VPN might otherwise afford.
Also known as ‘usage logs’, this refers to any data explicitly related to your online activity. This could include:
- Browsing history
- DNS requests
- URLs visited
- Usage metadata
Free VPN applications like Hola VPN are a common culprit for collecting activity data. This data is often shared or sold to third parties for advertising purposes, effectively subsidizing the cost of a subscription.
Some subscription-based ‘no-log’ VPN services monitor user activity if they are suspicious about an individual, or if they are legally compelled to do so. Others will record user activity in real-time and then delete it when the VPN session is over:
Because the data is deleted so quickly, this type of activity logging isn’t too much of a concern. That being said, it’s best to avoid it where possible.
Other providers like Hide.me are technically incapable of collecting activity logs due to the configuration of their network. From a privacy standpoint, these providers are your best option.
Needless to say, any VPN storing activity data should be avoided at all costs. If you’re concerned about activity logging, take a look at the most popular VPNs that log your activity data.
Connection logs can include:
- Bandwidth usage
- Dates and times of connection
- Originating IP address
- VPN server IP address
Connection logs can be collected at the server-level (e.g. total server bandwidth usage) or the user-level (e.g. your originating IP address).
Typically, this data is used to optimize network performance and troubleshoot customer queries.
Server-level connection logs are a great example of why not all logging is a problem. It’s practically impossible for a VPN to maintain performance without logging any data whatsoever.
In fact, monitoring and storing the right, non-identifiable data will help ensure you get the best possible experience from your VPN.
However, storing the wrong connection logs could allow a VPN service to match you to your activity. This could be used to personally identify you, which is a major problem for privacy-conscious users.
If you’re concerned about the type of connection data your VPN is logging, continue reading to find out exactly what kind of logging is unacceptable.
Here is an example of detailed user-level connection logs from Thunder VPN’s logging policy:
Claims that this data is only used to “deliver the best possible experience” or “improve customer service” are rife, but we know from experience that this level of detail isn’t necessary to maintain a well-performing VPN network.
Some of the most popular VPNs on the market collect aggregated logs. This means the VPN is collecting information and that is supposedly anonymized and impossible to link to a specific user.
A VPN service might collect the websites that you visit, the bandwidth you use, or the dates and times you connect to a server. They will then strip this information of any identifying factors and add it to a larger database.
Ultimately, aggregated and anonymized data is not always the magic bullet that marketing teams will have you believe.
The exact type of data being aggregated and the efficacy of the anonymization process will dictate whether or not this type of logging is acceptable. You just have to trust that your VPN service is anonymizing your data effectively.
If this is a leap of faith you are uncomfortable with, you’re better off choosing a truly no-logs VPN service.
What Is a No-Logs VPN?
A truly no-logs VPN service does not collect or store any activity or connection data that could be used to personally identify you. Most importantly, it will not collect or hold any information transmitted through the VPN tunnel whatsoever.
This will ensure that no user can be tied to any specific activity or connection on the VPN network. Every user will be private, anonymous, and unknown even to the VPN provider.
The only identifying information a no-logs VPN will have is your email address (for registering your account) and billing (in case you want a refund).
NOTE: Some VPN services, like ExpressVPN, allow you to pay with Bitcoin in order to avoid the identifying payment process. Mullvad VPN even lets you pay in cash.
No Log VPNs can’t be compelled to make user data available to authorities or third parties, as the data simply doesn’t exist.
This is how a strong logging policy can offset the issue of an unsafe VPN jurisdiction.
It’s important to note that “no-logs” doesn’t necessarily mean that absolutely no data is kept at all. Genuine “zero logging” is effectively impossible to implement while maintaining a strong network or enforcing restrictions like device limits.
Most VPNs will keep very basic data like aggregate server load information (the number of users or bandwidth used per server). This is a justifiably minimal approach to logging which involves absolutely no identifying information. This is still classed as a no-logs VPN.
Jump to the last chapter of this guide for a list of no-log VPNs that have been verified by third parties.