What is No-Logs
VPNs have been an important part of the internet. One can watch anything
We made a deep research on No-Logs VPNs and found a best, affordable and No-Logs VPN for you; NordVPN.
Special Features of NordVPN
- Best Online Security Provider
- Military Grade-Encryption
- Double VPN
- Keep User’s Data Private and Secure
- Strict No-logs Policy
- Automatic Kill Switch
- DNS Leak Protection
- Onion over VPN
- No Limits on
- Servers (4,729 servers worldwide) and Locations
- Lightning Speed
- All Devices Supported
- VPN Apps
- Browser Proxy Extension
- Multiple Devices
- Dedicated IP Address
- 6 devices can be connected at the same time
- Award Winning 24/7 Assistance
Plans and Pricing
3 Year Plan | $ 2.75 per month (billed
$430.20 $99 every 3 years) | 77% Off
2 Year Plan | $ 3.29 per month (billed
$286.80 $79 every 2 years) | 72% Off
1 Year Plan | $ 5.75 per month (billed
$143.40 $69 every year) | 52% Off
Monthly | $ 11.95 per month (billed $11.95 every month)
Try the Best No-Logs VPN
30 days Money Back guarantee
What is VPN Logs?
To a large extent, the VPN provider simply replaces your ISP as a point of weakness. Instead of your ISP, your VPN provider can now see your non-HTTPS encrypted web traffic, which websites you visit, and which non-HTTPS web pages you visit.
This difference is that almost all VPN services promise to protect your privacy in ways that your ISP almost certainly does not. And to some extent, almost all respectable VPN services provide some level of protection. It is very bad for a VPN’s business reputation to cooperate with requests for customers’ data, be such requests from a government, police force, or copyright holder.
And if the VPN service is based in a different country or jurisdiction, forcing the provider to disclose information can be lengthy and expensive.
But it can be done, and no VPN provider’s staff will go to jail (or ruin their business) to protect a customer. If the data exists, a VPN provider can – in theory – be compelled to hand it over.
This means that the only way for a VPN service to guarantee the privacy of its users (which is, after all, many VPN services entire business model), is to store no information that can be handed over – even if it wants to or is somehow forced to.
This is why many VPN providers back up their privacy credentials by claiming to keep no logs. After all: it can’t hand over what it simply doesn’t have.
Unfortunately, there is a lot of confusion over what “no logs” really means, and many such claims are less than forthright on providers’ part.
Usage logs and connection logs
The logs a VPN can keep can basically be separated into what we term usage logs and connection logs.
- Usage logs are the details of what you get up to on the internet, such as which websites you visit etc.
- Connection logs are metadata logs. A full set of connection logs includes a timestamp of when you log in to a VPN server, when you log out, the IP address you log in from, your username, and how much bandwidth you use.
Unless you pay for the service anonymously in some way (for example using properly mixed Bitcoins), your username and/or IP address is usually associated with payment detail such your bank number or PayPal address.
If you’re interested in seeing a list of VPNs that accept Bitcoins as a method of payment, take a look at our Best Bitcoin VPNs guide.
No VPN service that we know of, routinely keeps usage logs.
Many VPN services, though, do keep extensive connection logs. Why? Sometimes they are required to by the laws of the country they are based in, but even if not, many keep connection logs anyway.
Such logs make it much easier to run a VPN service – to locate and fix problems, to provide customer support and refunds, to measure performance, and to provide a smooth-running operation in general.
Although many VPN services claim to be a “zero log VPN,” they mean they keep no usage logs. But they often keep extensive connection logs.
Connection logs are dangerous
Consider the following situation: Bob does something on the internet that interests the police. The police know that something was done using IP address xxx. If Bob is not using a VPN then it is easy enough to find out that IP address xxx belongs to a particular ISP. The police then just ask that ISP which customer address xxx belongs to, and question Bob.
If Bob is using a VPN then the situation is more complicated. The police can easily find out that IP address xxx is not a private address, but belongs to a VPN server. They can then ask the VPN provider to simply hand over all data it has relating to that address, or force it to with a subpoena or court order.
If the provider keeps no logs at all, then it has nothing it can hand over that might help the police. If it keeps connection logs, however, the police can perform what is called a timing attack to identify Bob:
They ask the VPN provider to state which user or IP address used IP address xxx at the time the incident took place. If only one person was using IP address xxx at that time then the police can trace that IP through its ISP as normal.
Most VPN services, however, deliberately muddy the water by using shared IPs. This means many customers use the same out-facing IP at once.
If enough data points are available (other records of when and which IPs belonging to the VPN service were used), then statistical analysis can fairly easily uncover the Bob’s IP address. This is known as a traffic correlation attack.
If not enough data points are available (for example the police are investigating a single incident) then a traffic correlation attack will fail and the police will not be able to identify Bob.
However, if the police already suspect Bob and know his real IP address (from his ISP), the fact that he was using IP address xxx as the time of the incident may not constitute
All of which is not to say that VPNs are good at hiding criminal activity. They are not. Inherent to the nature of VPN technology is that logs are created in realtime. Someone monitoring a VPN server can always see the home IP addresses of all users, plus the IP addresses they visit for as long as they are connected.
A genuine no logs VPN company will simply discard this information as it is generated. Or sometimes, as soon as users disconnect from the service…. which takes into grey areas we’ll discuss in a minute. What is critical to understand here is that whether or not a VPN service routinely keeps logs, it can do so.
And if it can, then it might.
In the example above, let’s say the police subpoena the VPN provider to hand over all of its logs. The VPN provider must comply, but turns around and says “Here is everything we have… which is nothing, because we keep no logs. Sorry!”
The police can then issue another subpoena ordering the provider to start logging from here-on. If Bob is a regular customer and carries on doing whatever it is that interests the police, enough data points will soon be collected to identify him through a traffic collation attack.
Such subpoena’s and court orders are typically accompanied by a gag order, which prevents the VPN provider from warning Bob or other customers that it has been compromised. This is why some providers issue warrant canaries (see below).
What exactly is “no logs”?
Which, of course, brings us to the $64 million question: how can we define “no logs?” If a provider deletes all logs five minutes after a session ends, is it no logs? If a provider collects some aggregated usage statistics but nothing that can be used to identify its users, is it no logs? If a VPN provider associates a timestamp with each user account, but only keeps the most recent timestamp, is it no logs?
There are no definitive answers to these questions. If could be argued that only the strictest interpretation will do – only if all logs are sent to a /dev/null file (deleted) the instant they are generated can a provider be called “no logs”. This seems very unfair, however, on providers keep some minimal data, but not anything such as timestamps and IP addresses that can be used to identify users.
After all, the entire point of keeping no logs is to protect users’ privacy, so what is the point of being hard-line on providers who do not keep any logs that threaten (or present any realistic threat) to their users’ privacy?
techrusher.com, therefore, defines any VPN service that does not store information that can be used to identify its users (such as timestamps and IP addresses) for more than a few minutes after the connection has ended as a no logs VPN.
Privacy not anonymity
If your VPN provider always knows your real IP address and when you connect to its service, then you are not anonymous in any real sense of the word. This is why we much prefer to say that VPNs provide privacy, not anonymity.
If you are a whistleblower, journalist, political dissident, or
So why all this faff about using a no logs VPN?
We expect any VPN that promises to protect your privacy to be able to do so with a fair degree of robustness. And if a VPN keeps logs then any promises it
We, therefore, consider a robust no-logs policy to be the mark of
VPN services are commercial enterprises – their purpose is to make money. As such, they need to get paid! And to get paid they need to know who has paid for what, and when their subscription comes to an end.
So on top logs generated by the VPN server itself, every VPN service must keep some kind of account information. This information, however, does not need to compromise users’ privacy.
For example: A provider could maintain a simple list of usernames together with their expiry date. The usernames do not need to be associated with any email addresses, contact details, or other personally identifiable information. Once a username has expired it simply cannot be used to login to the service. There is no need to associate any online activity with that username.
If you are being pedantic you could argue that a log is being kept – a list of usernames and subscription expiry dates. However, the names on this list are not associated with an identifiable individual and are not associated with any activity while using the VPN (even when the VPN is being monitored in real-time).
We think that any VPN company using such a system could justifiably describe itself as keeping no logs.
Can we trust VPN providers?
This is the second $64 million question. The simple truth is that there is no cast-iron guarantee that a VPN provider is not outright lying about the logs it keeps. Choosing a VPN provider, therefore, comes down to a matter of trust.
So how do you know a provider can be trusted? Well… privacy orientated VPN providers have built their business models on promising privacy. If it becomes known that they failed to do this (for example by keeping logs even when they promised not to, and then being compelled to hand these over to the authorities), their businesses would be worthless.
They might also find themselves liable for legal action by their former customers!
Another point to consider is that the more logs a VPN company keeps, the weaker its position when it comes to handling legal demands. A no logs VPN provider can, on receipt of a National Security Letter, subpoena, or court order, honestly turn around and say, “sorry, we are happy to help in every way we can, but we have nothing to give you.”
This will put it in a much stronger position than a company that keeps logs and whose staff then have to decide between betraying their customers (and therefore destroying the reputation of their business) or facing legal action. Just remember that no VPN company staff member will be willing to go to jail to protect your privacy!
So keeping no logs is the safest thing (from a purely selfish standpoint) any company that is even half-way serious about privacy can do! But as we have already said, if you really require very high levels of true anonymity then use a Tor instead of a VPN.
What is certain is that a VPN will protect your privacy far better than your ISP will, without badly compromising your internet experience (as Tor will). You pay your money and you take your chances…
In many countries, VPN providers are required by law to keep logs for a certain period of time. As a general rule, if any
The European Union
The EU’s Data Retention Directive (DRD) required “telecommunication providers” to keep logs, but did not make it clear whether VPN services classed as “telecommunication providers.”
When induvial EU member countries transposed the DRD into local law, some explicitly included VPNs, while some explicitly excluded them (the Netherlands, Sweden, and Italy, for example). Many others simply left the situation vague, while Romania rejected the DRD in its entirety.
This already confusing situation was further complicated in 2014 when the European Court of Justice (ECJ) declared the DRD invalid on human rights grounds. Most EU countries have not acted on this decision, and have retained their local versions of the surveillance law.
In theory, this means that VPN providers in many EU countries are still required by law to keep logs. But many claim not to. They usually say that local interpretations of the DRD are invalid thanks to the ECJ decision and that, if challenged by their government, they would take the case to the European court.
This may well be a valid argument, but it is probably safer to use a VPN provider from an EU country that never required VPN services to keep logs in the first place.
The United Kingdom
In defiance of the 2014 ECJ ruling on the DRD, the UK enacted the 2016 Investigatory Powers Act (IPA). Famously described by Edward Snowden as “the most extreme surveillance in the history of western democracy,” the IPA requires VPN services to keep detailed usage logs of all activity for 12 months.
Perhaps unsurprisingly, a UK High Court has now ruled that the IPA incompatible is with European law and must be rewritten by the start of November 2018. At time of writing, however, the law is still very much in place and the government has given no indication of how it will respond to this ruling.
It is also worth noting that the UK is a leading member of the Five Eyes spying alliance. Even before the IPA became law, UK VPN services were informally required to keep extensive logs which have been used in the past to catch and convict their users.
So if privacy is even a small part of why you use a VPN, we strongly recommend that you avoid British VPN providers.
For more information see our VPN UK guide.
The United States
The United States has no mandatory data retention laws. Thanks to Edward Snowden, plus other revelations that have come to light since the infamous whistleblower went public, we know that the NSA and other US alphabet agencies have a “collect it all” attitude to all data.
The sheer scale and reach of their mass surveillance ambitions are truly frightening.
Now… there are some very good no logs American VPN services out there. But in a world where even small US privacy tech companies have been strong-armed into handing over their customers’ encryption keys, it is hard to see how high-profile VPN companies have evaded becoming compromised by the US government.
This is why we usually put a red flag up when discussing US VPN companies and privacy. Just to complicate the issue further, though, US-based Private Internet Access (PIA) is one of the very few VPN companies anywhere to have proved its no-logs claims in front of a court of law – not just once, but twice!
So who knows? Again, you pays your money and you takes your chances…