All You Need to Know About VPN Logging
Today, VPNs have become a staple in the homes of millions around the world. They give users a huge boost in security, allowing them to access content that is blocked or unavailable in their country of residence/visit. Many of the best VPNs are built with privacy in mind, attempting to take as little information from their customers as possible. But even those that are highly recommended may still take part in some logging. Depending on the content of the action and how it’s implemented, logging can be either a beneficial or controversial policy carried out by computer applications. To find out all there is to know about logging, read further to see why it’s done by VPNs, and how it could affect your experience while using them.
What is VPN Logging?
VPN logging may be similar to what’s done by other applications that are already on your computer. It is the collection of data that are obtained from the program on your computer by the software company that runs it. The information gathered could be anything from user sign in accounts, the number of people logged in to the service from the same email or IP address, and even servers that are most popularly used. Logging may also be seen on the software companies web address, whereby even more personal information could be gathered for the purpose of analytics. This is often done to see where web traffic is coming from, a good way for them to finetune their search engine optimization (SEO) marketing. However, many of the activities described so far are done by VPN platforms that are paid and trusted by the public. There are some, mostly free, that might collect more personal info for nefarious purposes.
When a user signs into the average VPN application, the process is captured by the platform and held for a specified amount of time. Typically, this could be anywhere from five to fifteen minutes depending on the platform being used. Others might not delete the data at all. After that, repeat attempts to get on to a server would also be captured. Additionally, the user’s IP address may also be logged, along with the count a person harbors on the VPNs servers. This is how VPNs are able to find out which servers are more popular with their users than others. Of course, all of this is speculatory, and some platforms may not do any of these things. The best way of knowing exactly what information is logged and what isn’t is to read the platform’s user agreement. Still, even this might not be completely helpful, especially for people that aren’t savvy about the technical capabilities of VPNs and the way they log.
VPN Logging Classes
Logging can be classified into three basic categories that consist of browser logging, information obtained during sign-in, and no logging at all. Here are the details:
- Browser Logging – Every time you go onto your computer or smartphone’s personal web browser, your presence is monitored by websites visited. This is referred to as analytics. Web servers can do this through means of javascript and cookies embedded to your browser. Have you ever visited a site and noticed the discretionary message shown at the bottom of the page? These messages are usually worded along the lines of “this site will install cookies on to your browser.” Such information is to inform users that they agree to give personal data to the site simply by going to the address. Sometimes, the site in question might not alert guests at all. VPN platforms will collect IP addresses from guests, or even the user agents of computers used to build a profile on the people that are interested in looking for VPN services. Most of the time, the collection is harmless (although it depends on the trustworthiness of the site in question).
- Sign-In – Loggings that occur during sign on to a VPN are done primarily for the site’s security, and to prevent people from trying to cheat their way into accessing the VPN with more devices than what’s been granted. A lot of paid VPN services will set a cap on the number of computers that use the service simultaneously. On average, the count could be anywhere between three to 10. If the company didn’t monitor this, it would make it a lot easier for hackers to get online with the service, resulting in slower servers. It is arguably a necessary step for paid VPNs and a major reason for the slowdowns that are seen on free platforms.
- No Logging – Even rarer are no log VPNs. These won’t collect any information from users, although some data could be read at the generic level. At the same time, “no logging” VPNs could implement some of the policies described above, since the no logging promise may not always take into consideration data that won’t expose the personal information of subscribers. In short, the true definition of a no-logging VPN is one that could potentially log but doesn’t collect anything that would be beneficial to a third party. It’s basically data that is useful to help the company improve its services, but nothing that would be valuable to the black hat world.
What are the Purposes of VPN Logging?
Improving Services
Unless a software platform has a heavy reliance on surveys and/or customer feedback, there’s no better way to know what needs to be improved than gathering basic user info than logging. And by user info, this describes data that isn’t meant to go against the privacy policy on the software in question. Sometimes, VPNs will allow users to choose whether they send data over to the company or not. This choice is typically found in the settings menu on the application itself. VPN companies that don’t log for this purpose might alternatively look at reviews to determine what needs to be fixed. However, this rarely occurs with free VPNs; you won’t find many (other than the paid companies that offer some sort of free plan as well) that update features based on what is being said by their user base.
Reducing the Amount of Devices Signed In
Again, any paid VPN platforms will allow one user account to sign in to their servers with more than just one computer. For example, if you signed up to a VPN service on your personal computer, you might also have the option to sign on with your smartphone. This could be done without signing out of the device initially used to get on first. Before beginning a subscription to a VPN, check out how many devices are allowed with the service. If the number exceeds the amount specified, then you won’t be granted permission to get any more devices on the VPN without signing out of something that’s already connected. As you can imagine, this could be an annoyance for people in need of a VPN for a large family. The best workaround to get over this would be to use a router hookup instead. However, having a router hookup doesn’t always protect you from logging either. It’s unlikely, but not entirely safe from data mining either.
Legal Repercussions
The privacy that is bestowed to VPN users can vary from country to country. Currently, many governments have taken up an interest in finding ways to monitor websites and servers that allow users a high degree of encryption and privacy. What might surprise some is the fact that nations that have a high degree of personal liberties can sometimes be those with the most sophisticated data collection methods. In some nations, a VPN may not have a choice but to collect some data about their customers, in order to protect themselves from a potential lawsuit. Other times, the companies themselves could be coerced into doing this for the benefit of spying agencies. This type of activity has been seen before, particularly during the Edward Snowden and PRISM fiasco. VPNs that lie within the jurisdiction of nations that belong to the Five and Fourteen Eyes coalition are more susceptible to this. Unfortunately, due to the nature of covert spying and data mining techniques done through official means, there’s no surefire way of knowing what VPNs hand over data. That is unless something about their activities comes into question and is reported on by the media.
Profit (Paid VPN Services)
How to Spot Misleading Claims
In general, one of the biggest complaints about paid and free software on interest is the way they market themselves with misleading claims. For instance, there is no such thing as a way to completely protect your IP address from sites that you visit. And even if there were, an adversary could attempt to get your location through means of cross-site scripting for the use of malicious javascript, and man-in-the-middle attacks. Still, trusted sites can gather the same info from you using intrusive ads and tracking cookies. Some websites might even be able to see your IP by looking at your browser window’s resolution!
It has become a trend for companies to use the gimmick of “no logging” in order to attract users that aren’t knowledgeable about the lingo used in the category. Take the average VPN that promises no logging and it’s almost guaranteed that some data is collected by users in some way, either on the software or the company’s web address. As previously mentioned, the best way to know for sure is to look into the terms and conditions of the company of interest. If you’re unable to understand it, try reading what other informed users on the internet have said about the VPN. Still, don’t always fall for all review sites, as some companies may spread fake reviews about their service to bring in more subscribers (and money). As a rule of thumb, VPNs that appear honest and neutral about their logging policy are usually the best. And never look into what a VPN promises in their product and meta description!
Information that’s Shared with Host Country Nations
Some VPNs will tell you upfront that they adhere to the laws of the country to which they reside. This can be translated into such companies agreeing to turn over information that’s deemed of interest to their government. If this isn’t the case, then it could be obedience to subpoena requests. Additionally, such an agreement to hand over server information could entail seizing the accounts of users that are found to be in violation of some sort, whereby their time spent on the server might retrieve evidence that could be used against them in court. Most users won’t have to worry about this, although some countries that have laws which are seen as harsh or corrupt may gather this data through malicious means.
Free vs Paid VPN Logging Comparisons
Free VPNs: Free VPNs take the cake when it comes to poor standard for logging. Not only do free VPNs keep a record of your sign in attempts, but your entire sign-in session could be monitored. Of course, not all of them partake in such activities but you’re more likely to come across such issues when dealing with the freeware. Furthermore, free VPNs may collect your personal information and sell it to third parties, such of which could be loosely (or wholly) described as hacking organizations. With your data, free VPNs make money, generating profit that allows the platform to continue running “free,” as advertised. Always be wary when trying out a free VPNs, especially those that are housed on native smartphone application stores.
Paid: VPNs: The majority of paid VPN services won’t sell your information to any third parties, but you still must be cautious about what data is being gathered. Yet compared to free VPNs, you’re in relatively good hands. Since you’re paying for a service, you won’t get any of the problems that are seen on freeware that could potentially lead to identity theft. As shown earlier, paid VPNs do keep logs but this is typically done for the betterment of the platform. The major disadvantage with paid VPNs, behind having to pay for the service upfront, is when logging is done but no noticeable changes are made that would benefit the application. When this occurs, is often makes users suspicious about the company, since some paid VPNs will use the improvement excuse when questioned about their logging policy.
Safety Concerns
The most likely scenario where logging could be a potential safety issue when free services do it, or when paid VPNs practice policies that make it easy for the government they reside under to collect information from their servers. Also, if the server is hacked by an adversary, then it’s assumed that all information that was obtained from the VPN could end up in the wrong hands. Security breaches are common in the online world, and VPNs are as vulnerable as any other platform. The more data that they know about you, the higher the chance it could become known by an attacker if the organization was compromised. Attackers are always on the hunt for new zero-day exploits, and VPNs happen to be one of their favorites when the platform isn’t updated regularly or has lax security on their home servers.
The Pros of VPN Logging
VPN logging does have some advantages. In all fairness, they deserved to be mentioned.
- Improves Services by Encouraging Competition – When genetic information is collected by a trusted VPN, it allows the platform to see where things need to be improved. Add in the analytics obtained through their web address and requests sent from customer feedback, and you’re looking at a market that is consistently making improvements to VPN software across the board. Of course, this is considering paid services alone and not their free counterparts. The more a VPN company fills in the cracks, the more likely other companies will also do the same. This is why many paid VPNs do attempt to keep their subscriber anonymous. It has also resulted in attributes that are now considered staples among those with a paywall, such as end-to-end encryption and servers with streaming and torrenting capabilities.
- Prevents Severs from becoming too Slow – If too many people are signed on to a VPN server from multiple devices, then it could quickly slow down the entire application. VPNs with sign in logging policies have oftentimes faster than those that don’t cap off single account holders’ access. Besides the speeds allocated to a user’s ISP, too many devices per account are the greatest way to monitor how fast a server will go with you’re logged in. Free VPNs often have this problem. Yet paid services rely on such policies to keep servers dependable for the people that are subscribed to them.
- Decreases the Number of Users on a Platform with Ill Intentions – Sign-ins that are logged sometimes have fewer bad guys, or people that use a VPN server in ways that would spoil it for everyone that was on the platform. The chances of blacklisting go down, and fewer captchas will have to be solved when logging on to streaming sites. Again, free VPNs won’t often have this advantage and are riddled with bad apples, at least more so than paid software.
The Cons of VPN Logging
The following are disadvantages that could be presented by logging:
- Potential Third-Party Involvement – If your information is logged by a VPN that’s involved with third parties, this data could easily be sent to them and distributed by monetary gain. If it involves freeware, then you would be basically voluntarily handing over your personal details to groups that wish to profit from you. In this scenario, the service that you would be getting isn’t entirely free. Furthermore, having your data logged could be the piece of the puzzle that identifies your location when the need arises for you to stay autonomous from the VPN you use. For people living in countries that controversial data-mining laws, this could potentially assist them in determining who you are.
- Less Secure – VPNs with logging policies are technically less secure. The potential is always there are servers hosted by the company to be hacked. And if this data is read by outside sources of any sort, then the security of your only presence on their servers is in jeopardy.
- Poor Choice of Words – VPNs that routinely log won’t always inform you that they do so. That’s because logging is seen as something that could potentially risk the anonymity of users on the VPN network. While this can be true, the fact of the matter is that VPNs do this mostly for purposes that would improve the service over time. However, deceptive advertising is rife online, due to the nature of SEO and keywords that are needed in order for websites and applications to be exposed to a large audience.
VPNs that Don’t Log Personal Information
- NordVPN – NordVPN is a popular but costly choice for VPNs. They don’t log anything that could give away the identity of their users and contains high-speed servers that never go down. The platform is available on all major operating systems, having great features that are top-of-the-line in terms of streaming speeds and leak protection. Nord has hundreds of servers and is available in most countries. Their headquarters is located in Panama, allowing the VPN a great deal of autonomy that isn’t seen in host countries in North America and Europe. There are hardly any flaws with the service, and customer support can be reached via live chat support or direct by email. If you do wish to contact them by email, you’ll have to a day or longer to get a reply back. Overall, NordVPN is a good choice for anything that’s worried about the extent that other VPNs will attempt to deceptively acquire their personal data.
- ExpressVPN – ExpressVPN has fewer server than some of the other major VPN platforms but is consistently recommended for their honest and straightforward logging policy. Depending on how you pay for the server, your personal information could be obtained during the payment process, but users can opt for more anonymous payment choices if desired. Keep in mind that ExpressVPN only allows three devices per account, which might be a problem for those that intend to use the platform for more than themselves. This does make the VPN’s servers quite fast, and little instances have been reported of slow periods when streaming music or watching movies with the service.
- CyberGhost – CyberGhost doesn’t collect any intrusive log of their users. Looking into their terms and conditions reveals that the platform has made some effort to gather as little as possible for the VPN. This doesn’t mean that all aspects of logging are off-limits to CyberGhost, but you won’t have much to worry about when going along with their subscription.
- ProtonVPN – ProtonVPN claims never to store user’s personal information. They don’t log timestamps when users sign on with the site but nothing that ventures outside of this realm. The VPN operates their own servers, although some are housed by other trusted third parties
- PrivateVPN – While PrivateVPN doesn’t have a “true” zero-logging policy, their platform is built to where little personal details are saved from the application. This is a good thing since the company and their servers are housed in a nation that belongs to the Fourteen Eyes coalition (Sweden). Your info can’t be read or obtained, even if attempts were made for the VPN to hand over server data.
Summary/Conclusion
As you can see, finding a VPN that doesn’t log at all can be very difficult, if not impossible for some people. While VPN company might not save your personal information, there are ways in which you could still be identified. Nevertheless, some applications will do this less than others, with a few of them being shown in the section above. But in all honesty, one should always assume that having a VPN will never guarantee that nothing will be logged.
Like many paid and free VPN applications on the internet, companies will often sensationalize their capabilities and features in order to increase their profit margin. Use the tips and points provided here to determine which VPN choice is best for your computer or smartphone.