What is VPN Logging and How to Avoid It

VPN No Log Policy

Privacy, anonymity, and the ability to circumvent government monitors and blocks are among the primary reasons why people turn to VPNs.

Many people are surprised and confused to learn that the VPN company they are using may be storing logs that document their online activities. This is true even though many VPN companies make “no logs” claims. When you dig just a little bit below the surface, it becomes clear that these “no log” claims are simply a marketing gimmick.

Popular VPN solutions like Nord and Express have become pretty prolific in the last few years. Marketing budgets have exploded, allowing them to advertise almost everywhere. That being said, it’s important to do your research and see if their marketing claims are actually real. VPN review sites like Privacy Canada compare speeds, encryption, logging, and a host of other factors to understand different services.

Understanding the Different Types of VPN Logs

VPN logs can be divided into three categories. They are:

• Usage Logs
• Connection Logs
• No Logs

Usage logs document your online activity. This includes the time you connect and disconnect from the VPN. It may also include your browsing history, IP addresses, metadata, and more. Looking at it strictly from a security vantage point, you would want to avoid a VPN company that holds onto these types of logs.

In essence, these companies are spyware. They are monitoring your activity and often selling this activity to others. It is not uncommon for “Free VPN Apps” to hold onto this private information. When it comes to VPN apps, if they’re free, then you are usually the product that is being sold.

Connection logs are going to include things like the time you connect, the date you connect, and at times your IP address. There are a number of reputable VPN services that keep connection logs. These logs make it possible for them to help customers who are having issues with their service, and it also helps prevent their service from being used in illegal activities, such as torrenting in countries where this is not allowed.

Connection logs in and of themselves are not necessarily bad. The problem is that a number of companies keep connection logs while claiming to be a “no log” service. So they are misleading.

No logs mean that the VPN company does not keep any logs at all. It is rare to find a company that lives up to this policy. If a VPN company does not keep any logs whatsoever, it is difficult for them to enforce restrictions, including the number of devices that can be connected simultaneously for the amount of bandwidth that can be used by a customer.

Why Do VPNs Keep Logs at All?

How does it benefit a VPN company to keep logs of their customers? A lot of it has to do with the business model of the VPN company. Some VPN companies make money by charging their customers more once a set bandwidth limit has been exceeded. Others support themselves on profit from advertisements. In order to maximize the profit they get from advertisements, they need to have an idea of what their customers are looking at when they search online with the goal of presenting customized ads to them.

Something else to keep in mind is the length of time the VPN company stores your logs. There are some companies that destroy all of their customer’s logging information within a few hours of recording it. Others may store the information for days or indefinitely. Obviously, from the standpoint of a customer, having your logging information destroyed immediately is best.

It’s good to differentiate between the information stored by a VPN provider and the cookies and other forms of tracking on the VPN company’s website. These are two separate things. Using cookies and other forms of tracking when an individual visits your site is a normal part of any business that functions online.

Why Logging Policies Should Be of Interest to You

Government agencies, including the NSA and GCHQ, have been forcing VPN companies to give up private customer information. Recent revelations have shown that there are a number of large tech firms in the United States and around the world that have been providing the NSA and other government agencies information about their customers, some of which has been gathered from VPN services.

In the UK, the Investigatory Powers bill made it mandatory for all logging and data to be stored for at least one year. This makes it easy for the government to gobble up all of the private information it wants about a particular target.

Here’s what makes matters worse, the government may require a VPN provider to hand over their logging information and then put them under a gag order. This means that the VPN provider is not able to tell you as a customer that your private information is being given to the government. If that is not scary, I do not know what is.

How to Avoid VPN Logging

As we mentioned, there are a number of VPN providers promising “no logs.” It is up to you to verify whether these claims are true or not. It can be challenging because different VPN providers have different definitions for what a log is.

Another challenge stems from the fact that many VPNs operate in foreign jurisdictions. As a result, they cannot be held liable for any dishonesty or false advertising that affects someone on the other side of the globe. If you’re using a VPN service in Hong Kong but you reside in Canada and you are deceived by your VPN service, there is not much recourse for you. This is why due diligence is a must on the part of the customer.

With VPN logs, you want to look for a company that is honest and transparent. Look at the VPN provider’s privacy policy. Does the privacy policy match the no logs claim? If not, run away. Also, do your research.

Companies like ExpressVPN, Perfect Privacy, and Private Internet Access have documented evidence showing that government agencies seized their servers and the government agencies left empty-handed because these companies truly have no logs on their customers.

Are you concerned about VPN logs? What VPN services do you use, and what services do you avoid? Let us know in the comments section below.

For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

More from Priyanshu Sahay

iOS Penetration Testing- Cycript A Runtime Manipulation- Part 2

Previously we have posted iOS Penetration Testing App Decryption And Jailbreaking- Part...
Read More

Leave a Reply