Keeping it private: 5 VPNs that have been verified to keep no logs

Julio Franco

TechSpot Editor
Staff member

What is the best no logs VPN service and which of them are actually trustworthy and proven? This is a tough question. First, there are dozens of VPNs claiming to be “no logs” without any proof or verification. In other words, you just have to take their word at face value. Second, there have been a few “no logs” VPNs that have collected user data and provided the information to authorities and law enforcement. Here are three examples:

Editor’s Note:
Guest author Sven Taylor is the editor behind Restore Privacy, a blog dedicated to inform about best online privacy practices, secure your electronic devices, unblock restricted content and defeat censorship.

There are surely other cases of this happening which have not come to light. So how can you find a true no-logs VPN that is actually worth your trust?

There have been a handful of VPN services over the years that have had their ‘no logs’ policies tested under various circumstances. We will examine these different providers below and the exact circumstances under which their ‘no logs’ policies were verified.

ExpressVPN

Based in: British Virgin Islands
No logs, 30 day refund policy, starts at $6.67/mo

ExpressVPN is currently the top recommendation in my comparison of the best VPNs. It offers user-friendly VPN apps with excellent performance and security. ExpressVPN is also one of the few VPNs that work with Netflix, BBC iPlayer, and other streaming services.

In terms of speeds, ExpressVPN one of the fastest VPNs I’ve tested. I can routinely get around 150 Mbps on nearby servers (with a 160 Mbps connection). Now let’s examine how ExpressVPN’s no-logs policies have been tested and verified...

In April 2019, ExpressVPN upgraded their server infrastructure so all VPN servers run in RAM-disk mode. They refer to this as the TrustedServer feature. This update ensures nothing can be stored on any VPN server as it does away with traditional hard drives. As they explained here, this is a major improvement from a privacy and security standpoint:

With our industry-first TrustedServer technology, our VPN servers run only on volatile memory (RAM), not on hard drives. Since RAM requires power to store data, this guarantees that all information on a server is wiped every time it is powered off and on again.

In contrast, the traditional and most common way of running servers relies very much on hard drives, which retain all data until they are erased and written over, a painstaking and error-prone process. This increases the risk that servers could inadvertently contain sensitive user information. If someone were to hack or seize the server, they could gain access to this data. Even worse, hackers who do find their way in might be able to install a backdoor that remains indefinitely.

Competitor Perfect Privacy also runs all servers in RAM-disk mode which would seem to be the safest and most secure way to run VPN servers. In July 2019, ExpressVPN underwent a third-party audit from PWC. This security audit verified the TrustedServer feature, no logs policy, and that all privacy protections are being adhered to correctly.

ExpressVPN also decided to open source their browser extensions and subject them to a security audit by Cure53. This sets a high bar and shows ExpressVPN is committed to transparency and safeguarding user data.

ExpressVPN server seized in Turkey

In December 2017, Turkish news outlets reported that Turkish authorities attempted to force ExpressVPN to provide customer data for an investigation into a political assassination. According to these reports, Turkish authorities allege that an unknown individual using ExpressVPN deleted evidence on social media related to the investigation.

While the Turkish news article claims ExpressVPN is based in the US (when it’s in fact based in the British Virgin Islands), it does reveal that the authorities’ attempts to collect user data failed:

The prosecution’s contact with the company did not yield results as Express VPN stated that it is not subject to the rules of U.S. and EU laws.

After failing in their attempts to coerce data from ExpressVPN, the Turkish police decided to physically seize ExpressVPN’s server, which they obtained from a data center in Turkey. However, this did not reveal any information because ExpressVPN does not keep any logs on its servers – or otherwise.

NordVPN

Based in: Panama
No logs, 30 day refund policy, starts at $3.49/mo

NordVPN is a no logs provider based in Panama that offers a wide selection of apps for a decent price. In the latest round of testing for the NordVPN review, it performed well in all categories. NordVPN’s VPN apps also have strong leak protection settings as well as advanced privacy features, such as double-hop VPN servers, Tor-over-VPN servers, and obfuscated servers.

NordVPN audited by PWC to verify no logs claims

In November 2018 NordVPN announced that it had completed a full audit to verify their no-logs claims. The audit was conducted by PricewaterhouseCoopers and fully verified the no-logs policy. NordVPN subscribers can get access to the full audit in the members area. I carefully examined the findings for this guide and can offer this overview:

  • NordVPN was audited by PWC who had full access to examine NordVPN’s servers, interview employees, observer operations, inspect configurations, databases, and any other relevant aspect of the VPN service.
  • The audit officially verified NordVPN to be a “no-log service” that is compliant with their privacy policy and no-logs claims.
  • NordVPN does not store connection logs, IP addresses, traffic logs, or any internet activity information.

Because NordVPN limits users to six connections per subscription, it does have a mechanism to verify the user’s account and ensure the device limit is not exceeded. This is common for VPN services that implement connection limits (nearly every VPN service) and does not pose any threat to user privacy or security, nor violate the logging claims – as the audit verified.

NordVPN’s no logs policies, favorable jurisdiction, and solid performance make it a great VPN for torrenting. It is also one of the cheapest VPNs available at discounted pricing.

VyprVPN

Based in: Switzerland
No logs, 30 day refund policy, starts at $3.75/mo

VyprVPN is a no logs VPN service based in Switzerland with very secure apps and excellent performance. It offers secure and user-friendly apps for many different devices and speed tests in the VyprVPN review were pretty good. VyprVPN is unique in that they physically own every server in their network (no rentals from third parties), which helps to ensure data security. They also offer the Chameleon protocol, which will get around VPN blocks and restrictions (important when using a VPN for China).

No logs transition: Audited, advised by cybersecurity firm

In September 2018 VyprVPN began working with Leviathan Security Group to transition their service into a full “no logs” VPN service. The auditors examined all aspects of VyprVPN’s network to identify any areas where logs were maintained that could de-anonymize the user. After fixing a few issues, they re-tested everything and found VyprVPN to be in full compliance with their stated “no logs” policy.

VyprVPN’s security audit is available to the public here and can be referenced publicly. Here's an excerpt:

We examined all components of the project according to the threat assessment described below. While vigilance against logging is necessary to complete the process of implementing “No Log”, we feel that this assessment achieved its goal of uncovering weaknesses in Golden Frog’s implementation. The project revealed a limited number of issues that Golden Frog quickly fixed. As a result, it can provide VyprVPN users with the assurance that the company is not logging their VPN activity.

Golden Frog worked to remediate all no-log-related findings concurrently with the assessment. Once it had completed this, we performed a retest and verified that all of the fixes were effective.

Before this change took place, VyprVPN logged connection data (including IP addresses) for 30 days. Now VyprVPN can be counted among the small number of verified no log VPN services.

Perfect Privacy

Based in: Switzerland
No logs, 7 day refund policy, starts at $8.95/mo

Perfect Privacy is a premium VPN that offers advanced online anonymity and security features. It is a no logs service that does not restrict user accounts. You get an unlimited number of connections to use with your subscription as well as advanced privacy features and unlimited bandwidth. Privacy features include multi-hop VPN configurations, port forwarding, and an advanced advertisement and tracking blocker called TrackStop.

Perfect Privacy server seized in the Netherlands

In August 2016 Perfect Privacy announced that Dutch authorities had seized one of their servers in Rotterdam, Netherlands. Although the reason for seizing the server was never revealed, Perfect Privacy confirmed no customer data was obtained:

Since we are not logging any data there is currently no reason to believe that any user data was compromised... We can now conclude that no customer information was compromised due to the seizure. The Rotterdam location will continue to operate using the replacement servers.

To further protect customer data in the event of a server seizure, Perfect Privacy runs all their servers in RAM-disk mode, like ExpressVPN, as they explain on their log policy page. While Perfect Privacy is a higher-priced service, it remains a great option for privacy and security, with a proven no logs policy and Switzerland jurisdiction.

Private Internet Access

Based in: USA
No logs, 7 day refund policy, starts at $3.49/mo

Private Internet Access is a United States-based provider that offers a cheap, simple, and user-friendly VPN service. While it’s not a bad service for the price, it does have some drawbacks. PIA is limited on features and I’ve also seen users complain about connections and support – discussed in the PIA review. Nonetheless, it may be worth considering if you don’t mind the US jurisdiction (Five Eyes) and some of the other minor drawbacks.

PIA logging claims verified in two court cases

Private Internet Access is somewhat unique in that its no logs claims have been verified in two separate US court cases. Since providing false information in a court of law is a serious offense, we can consider both of these cases to conclusively verify the “no logs” policy.

The first court case was from 2016 and it involved a man who allegedly made bomb threats while connected to PIA’s VPN. The FBI officially subpoenaed PIA demanding logs of the user, but they simply could not provide anything, as described in official court documents:

A subpoena was sent to London Trust Media [Private Internet Access] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.

In a second case from June 2018, Private Internet Access was again subpoenaed in court for user logs and evidence related to a hacking case. As with the previous court case, Private Internet Access was not able to provide any data, because there were no logs available to hand over. Based on these two court cases, Private Internet Access can be considered a verified no logs VPN provider.

Other verified VPN providers

Since first writing this guide, there have been a few other VPNs that have undergone audits to verify their privacy and security claims.

IVPN – a VPN provider based in Gibraltar, IVPN used Cure53 for their audit, which verified the privacy claims as follows: “Based on the findings, it is safe to say that all of the IVPN’s privacy statements could be verified as truthful within the defined scope.”

TunnelBear – TunnelBear is a VPN service based in Canada. It is now owned by US cybersecurity company McAfee, although it still operates from Canada. It is important to note that TunnelBear does not claim to be a full “no logs” VPN service. Instead, they keep some limited connection logs, but like other VPNs in this guide, they have undergone (and passed) a full audit. Similar to ExpressVPN and IVPN, TunnelBear also went with Cure53 for the audit.

Wrap Up

With high-profile logging cases eroding user trust, it is now more important to verify that a VPN’s claims are actually true. To be clear, maintaining some connection logs is not necessarily a deal-breaker, especially if it is done in an honest and transparent manner, such as with VPN.ac. The problem, however, is that many VPNs simply use “no logs” as a marketing slogan, but then carefully disclose data that is being recorded in their privacy policy.

Another issue is that there’s no widely accepted definition of exactly what “no logs” even means. In light of these factors, it’s great to see that there are VPNs taking proactive steps to verify and audit their own policies.

Image credit: Binary code concept pattern by Carlos Castilla

Permalink to story.

 

MaXtor

TS Evangelist
Platinum
Informative article. I rarely need a VPN, though I do use NordVPN once in a while to download a torrent when I want to watch or listen to something isn't conveniently available from one of my many paid for streaming services.
 

ShagnWagn

TS Guru
I have a PC that I use to browse the web and also play games. Multiplayer games are affected by ping times. I assume going all the way around the world would add significant ping times. Is there a way to allow certain apps through the my local service instead of VPN?
 

Knot Schure

TS Addict
I take issue with Nord VPN being recommended. Not only is it the WORST, flat-out the worst VPN I've used to date, but it requires access to the following US-government-affiliated IP addresses to be reachable, or it won't launch:

34.230.224.115
34.230.220.149
34.195.210.43

Without these IP adds, it says 'fails to connect'.
If Nord VPN cannot contact Uncle Sam, you cannot login and use their service.

Furthermore, some of the countries are hidden between Android, or Windows users. Even if if you manually add them, it doesn't always work. I.e. phone shows UAE, Windows did not, adding UAE # to Windows client = no servers found.

Take, or leave what I say, but I am a network eng.,and I fill passports, and I speak only to help y'all.
 
  • Like
Reactions: PEnnn and avioza

DukeJukem

TS Booster
I have a PC that I use to browse the web and also play games. Multiplayer games are affected by ping times. I assume going all the way around the world would add significant ping times. Is there a way to allow certain apps through the my local service instead of VPN?
ProtonVPN has a "split tunneling" feature within its vpn software that allows you to exclude certain programs from the vpn connection.
 

Josh232

TS Rookie
Interesting post. I wonder if more VPNs will start getting audited? This looks like a good trend in the VPN world.
 

Josh232

TS Rookie
... it requires access to the following US-government-affiliated IP addresses to be reachable, or it won't launch:
34.230.224.115
34.230.220.149
34.195.210.43
... If Nord VPN cannot contact Uncle Sam, you cannot login and use their service.
Those look like standard Amazon AWS servers according to IPInfo.io, not government affiliated.
VPNs sometimes ping different servers to suggest the best server for your location.
 
  • Like
Reactions: dms96960 and Godel

BigBoomBoom

TS Booster
Informative article. I rarely need a VPN, though I do use NordVPN once in a while to download a torrent when I want to watch or listen to something isn't conveniently available from one of my many paid for streaming services.
Sounds exactly like what I do. I do however have NordVPN when I'm travelling and using WiFi.
 
  • Like
Reactions: MaXtor

Bullwinkle M

TS Booster
How is a ram-disk that is wiped at shutdown secure ?

Snowden already stated that he could watch you "AS YOU TYPE" and edit anything on your box (do to operating system backdoors)

If the NSA stores a record of everything you do online, what good is it that you deleted the record at your end at shutdown

There is still a record at the NSA

Secure VPN = Fools Gold!
 
  • Like
Reactions: cliffordcooley

Josh232

TS Rookie
How is a ram-disk that is wiped at shutdown secure ?

Snowden already stated that he could watch you "AS YOU TYPE" and edit anything on your box (do to operating system backdoors)

If the NSA stores a record of everything you do online, what good is it that you deleted the record at your end at shutdown

There is still a record at the NSA

Secure VPN = Fools Gold!
The alternative to running servers on ram-disk is standard hard drives, and the former cannot store data, the latter must be manually wiped. So, yeah, easy comparison.

Do you trust your isp with all your unencrypted traffic? ISPs share data directly with NSA, as Snowden showed in 2013. Sure, the NSA can probably crack PPTP and IPSec, but show me examples of AES-256 OpenVPN being cracked. The Snowden revelations are a reason to use a VPN and secure your traffic, thereby not letting your ISP collect everything in clear text, as you seem to be proposing. Come on.

Your logic is along the lines of, "People die in car crashes, therefore wearing seatbelts is stupid."
 

Polycount

TS Evangelist
Staff member
I can vouch for Private Internet Access. I've used it for just around two years now I believe, and never had any issues. It doesn't impact my internet speeds much at all (and if it does, a quick reconnect usually fixes it) -- I'm able to stream videos, play online games, talk to friends, etc. with no real issues. Obviously, your mileage may vary depending on your wifi plan.

Anyway, it's a good, simple service that doesn't get in the way.
 

Gus Fring

TS Member
Why are people trusting the Auditors ? Trust no-one , THEY are after YOU. ramdisk much better than SSD , but still information is stored eg who pays.when.
 

Peter Farkas

TS Evangelist
I have a PC that I use to browse the web and also play games. Multiplayer games are affected by ping times. I assume going all the way around the world would add significant ping times. Is there a way to allow certain apps through the my local service instead of VPN?
my vpn caused no extra delays for csgo a few years ago. I had a ping of 30-60ms consistently. I kept my Global Elite rank even with VPN. It is in the top 5 mentioned in the article. I would use vpn for all my network traffic even if I were a pro esports player. In the above services you can chose from many locations and your traffic won't travel around the globe a couple of times before it gets to you (or even if it does, it did not impact my ping meaningfully).
 
  • Like
Reactions: ShagnWagn

ShagnWagn

TS Guru
my vpn caused no extra delays for csgo a few years ago. I had a ping of 30-60ms consistently. I kept my Global Elite rank even with VPN. It is in the top 5 mentioned in the article. I would use vpn for all my network traffic even if I were a pro esports player. In the above services you can chose from many locations and your traffic won't travel around the globe a couple of times before it gets to you (or even if it does, it did not impact my ping meaningfully).
Thanks for the reply, that is great. I guess I am not seeing "my vpn" in the list? It is an prior or alternative name for one of them?
 

Bullwinkle M

TS Booster
The alternative to running servers on ram-disk is standard hard drives, and the former cannot store data, the latter must be manually wiped. So, yeah, easy comparison.

Do you trust your isp with all your unencrypted traffic? ISPs share data directly with NSA, as Snowden showed in 2013. Sure, the NSA can probably crack PPTP and IPSec, but show me examples of AES-256 OpenVPN being cracked. The Snowden revelations are a reason to use a VPN and secure your traffic, thereby not letting your ISP collect everything in clear text, as you seem to be proposing. Come on.

Your logic is along the lines of, "People die in car crashes, therefore wearing seatbelts is stupid."
No, the logic is more like....

The NSA is already in your box and can see everything you do

A "secure" VPN does not change this fact

Worse yet is the fact that many VPN's "DO" keep records of everything you do and that info is now shared by other bad guys not associated with the Guvmint spies already in your box
 

Knot Schure

TS Addict
Those look like standard Amazon AWS servers according to IPInfo.io, not government affiliated.
VPNs sometimes ping different servers to suggest the best server for your location.
I said AFFILIATED, not owned.

AWS has all kinds of companies / users on their servers, and I absolutely know what I'm talking about.

So take it, or don't, but I stand by my source.
 

Gezzer

TS Enthusiast
How is a ram-disk that is wiped at shutdown secure ?

Snowden already stated that he could watch you "AS YOU TYPE" and edit anything on your box (do to operating system backdoors)

If the NSA stores a record of everything you do online, what good is it that you deleted the record at your end at shutdown

There is still a record at the NSA

Secure VPN = Fools Gold!
Here's the thing, do you have any idea how much data is being generated every minute?
https://www.socialmediatoday.com/news/how-much-data-is-generated-every-minute-infographic-1/525692/

And that's just internet traffic data. There's no way to know how much you times that by to determine all the data being created by everyone on every computer every minute. No matter how large a storage solution the NSA uses they still couldn't come close to recording it all. It's an impossible task.

With that said there are AI bots that mine the data as its being created looking for keywords. And those keywords may or may not get you noticed by one of the alphabet groups. But when you consider how much those alphabet guys miss, yeah I wouldn't worry about them too much. Google or Facebook on the other hand....
 

Peter Farkas

TS Evangelist
Thanks for the reply, that is great. I guess I am not seeing "my vpn" in the list? It is an prior or alternative name for one of them?
nope, my vpn is in the list of top 5 in the article. Doesn't matter, whichever you choose you should be all good playing online.
 

Clappy5

TS Rookie
I love that nordvpn made an audit, because I've been wandering if they are actually not keeping any logs and I was thinking to leave them, but now as they are open about it, I'll keep using it. Great that they actually ARE doing it, because a lot of VPNs' say that their competition keeps logs but are not open about it themselves.