VPNs: Finding a No-Log Provider

TL;DR

Truly ‘no-log’ VPNs are rare. Most keep some data, even if it’s minimal. We’ll look at what to check for in a privacy policy, how independent audits help, and some providers known for strong no-logging practices.

Understanding VPN Logging

When we talk about ‘no-log’ VPNs, it means they shouldn’t record things like:

• Your browsing history
• The websites you visit
• Your originating IP address
• Data transferred (bandwidth usage beyond basic connection stats)

It’s important to understand that all VPNs will likely keep some information, such as timestamps of your connection and bandwidth used. This is needed for service operation.

Step-by-Step Guide: Finding a Privacy-Respecting VPN

1. Read the Privacy Policy – Carefully! This is the most important step.
   • Look for clear statements about what data is collected and why.
   • Pay attention to how long data is stored (retention period).
   • Check if they sell your data or share it with third parties. Avoid VPNs that do this.
2. Look for Independent Audits

   A good sign is a VPN provider having their no-log policy independently audited by a reputable cyber security firm. These audits verify the claims made in the privacy policy.

   • Check the audit report itself, not just the provider’s claim of an audit.
   • Look for recent audits – policies can change.
3. Consider Jurisdiction

   The country where the VPN company is based matters. Some countries have mandatory data retention laws, even if the VPN claims not to log.

   • VPNs based in privacy-friendly jurisdictions (e.g., Switzerland, Panama) are generally preferred.
4. Check for Warrant Canary

   A warrant canary is a statement that the VPN provider hasn’t received any legal requests for user data. If they have received such a request, removing the canary implies they’ve been compelled to hand over information.

5. Research Connection Logs vs Usage Logs

   Understand the difference:

   • Connection logs: Record connection timestamps and bandwidth. Usually unavoidable for service operation.
   • Usage logs: Record browsing activity, websites visited, etc. This is what you want to avoid.
6. Test with DNS Leak Tests

   Ensure your real IP address and DNS requests aren’t leaking.

   • Use a website like DNSLeakTest to check after connecting to the VPN.

VPN Providers with Strong No-Log Policies (as of October 2024 – subject to change)

Disclaimer: This is not an exhaustive list and policies can change. Always do your own research.

• Proton VPN: Based in Switzerland, strong privacy focus, independent audits.
• Mullvad VPN: Based in Sweden, known for its anonymity features, no account required (uses generated account numbers).
• IVPN: Based in Gibraltar, transparent logging policy, independent audits.

Technical Check: Verifying DNS Resolution

You can manually check which DNS servers your VPN is using.

nslookup google.com

After connecting to the VPN, run this command in your terminal (Windows Command Prompt or macOS/Linux Terminal). The server addresses should be those of the VPN provider, not your ISP’s DNS servers.