VPN Logging Policies Explained: What VPNs Actually Log
Every VPN claims to have a no-logs policy, but what does that actually mean? Some VPNs genuinely log nothing, while others collect connection timestamps, bandwidth usage, or even browsing data. Here is how to evaluate VPN logging claims.
Types of VPN Logs
There are three categories of VPN logs. Connection logs record when you connected, how long you stayed connected, how much data you used, and which server you connected to. Usage logs record which websites you visited and what you downloaded -- the most invasive type. No logs means the VPN records nothing about your connections or activity. The best VPNs collect zero logs of any type.
How to Verify No-Logs Claims
There are three ways a no-logs policy can be verified. Independent audits: companies like PricewaterhouseCoopers, Cure53, and Deloitte audit VPN infrastructure and policies (NordVPN, ExpressVPN, Surfshark have been audited). Court cases: PIA's no-logs policy has been proven in court twice when authorities demanded data and PIA had nothing to provide. Open-source code: Proton VPN and Mullvad have open-source apps that can be independently verified.
VPNs with Verified No-Logs Policies
NordVPN has been audited by PricewaterhouseCoopers. ExpressVPN was verified when Turkish authorities seized a server and found no data. Surfshark has been audited by Cure53. PIA had its no-logs policy proven in court on two separate occasions. Mullvad has been audited and accepts anonymous cash payments. Proton VPN is fully open-source and based in Switzerland.
Red Flags in VPN Privacy Policies
Watch for VPNs that claim no-logs but collect connection timestamps (defeats anonymity), bandwidth usage data (correlatable), server choice data (location tracking), or IP addresses (directly identifiable). Also be wary of VPNs based in data-retention countries that have not been independently audited.