The True Lies Behind VPN Logs
It’s no secret that technology products oversell their features so that they can impress consumers. But what about technology products that ‘undersell’ their features? VPN services are notorious for this, as many claim that they don’t keep logs, or have a ‘Zero Log Policy’.
But this couldn’t be further from the truth.
‘No logs’ or ‘zero logs’ are the most variable terms in cyber security, as the terms are truly dependent upon each companies definition of logs.
So here’s a quick breakdown of how logging actually works.
Session logs are what most VPNs refer to when they say they have a ‘no logging policy’. A session log is a relatively basic log which keeps track of the metadata that you engage in while using the VPN. The metadata which is typically collected comes from such metrics as usage time, bandwidth used and what VPN server was used.
Though these logs do in fact contain some basic data, they are for the most part quite harmless. However, users that want absolutely no data collected are better off looking for a true zero logging service.
Activity logs are a scary thing as they can record a large amount of data pertaining to what you do on the web while using a VPN. Activity logs can collect metrics such as what you have searched for, the websites you have visited, the files you have accessed/downloaded and even the items you have purchased. These logs are in fact very frightening as the data can be sold by VPN firms to third party advertisers, or used against individuals in the case of a criminal investigation.
IP Address Logs
IP address logs are a slightly less scary prospect than activity logs, but still a feature which should set some alarms off. IP address logs collect your physical location via your internet IP address and often the time which you logged in to the VPN. Thus, the service has a history of your IP address and login time, which could potentially be enough information to identify you in a number of investigative situations.
Services don’t usually keep logs unless they are forced to by a government entity which has policies focused on monitoring citizens. The most notable of the government agreements are the Five, Nine and Fourteen Eyes which monitor the activities of citizens residing in these countries. If the country’s data agencies don’t have the legal jurisdiction to spy on their own people, they will simply request one of the other governments to do so for them. Below is a breakdown of the agreements and countries which are part of the massive data sharing/spying agreements.
Five Eyes Agreement
Nine Eyes Agreement
Fourteen Eyes Agreement
While so many companies claim to have a no logging policy, few genuinely mean that they don’t collect any logs. Such is the case with PureVPN; a Hong Kong based VPN which recently surrendered the data of a specific user over to the FBI.
PureVPN was asked to aid the FBI in a stalking case where a PureVPN customer had apparently used the service to commit cybercrimes and harassment. Upon request, PureVPN provided login times and locations to the FBI, indicating where the suspect had logged in to the service from and at what time. The session logs ultimately aided the FBI in its persecution of the suspect, but placed PureVPN in the spotlight as the service claimed that it did not keep any logs.
Though the PureVPN case is the most notable, it is certainly not the only instance where a VPN has surrendered user data to authorities. This case, as well as many others, proves just how variable ‘no logging’ policies can really be.
Although many firms may claim that they don’t keep any logs, their fine print often says otherwise. Thoroughly read through the fine print of every service to ensure that none of your information is being captured for research purposes.
Avoid the Fourteen Eyes Countries
As a whole, the VPNs which come from the Fourteen Eyes member countries are typically less private due to strict data retention policies. However, some VPNs in these countries do in fact disregard the mandatory rules and refuse to keep any logs of users as they claim the human right to privately access information is superior to policies. Furthermore, some of the countries do have strict privacy protection laws for citizens, making it questionable as to whether a VPN must log user data or not.
Use a VPN with Tor
Using a VPN with Tor (the onion router) can provide an extreme level of privacy if done correctly, making it nearly impossible for your data to be tracked in even the strictest of countries. However, if your VPN is not used with Tor properly, then your web activity can be traced through the exit nodes of Tor, making you even less safe than before.
At the end of the day, the level of privacy that you desire should help determine what type of VPN service is right for you. Do your research prior to subscribing to a VPN and ensure that whatever you sign yourself up for, is exactly what you are looking for.