Understanding VPN Logging Policy – All You Need to Know!
- June 1, 2022
- 8 minutes Read
- VPN Service
Basically, VPN logging policies are the rules and practices that VPN companies use to collect data like bandwidth, connection info, Device info, DNS info, IP address info, bug info, crash info, and more from their users.
Logging policies vary from VPN to VPN; some logs are needed to enhance the product, while others violate the users’ privacy. Many people use a VPN with a strict no-logs policy. That brings the question, what are logs on a VPN?
What are ‘logs’ on the VPN or Network?
What are logs on VPN? VPN logs are the data a VPN provider collects when you use their VPN service. These logs include your original IP address, the server you use, usage duration, bandwidth consumption, web browser used, website URLs visited, etc. VPN providers have specific policies for keeping logs.
Some companies keep logs for certain. These types of logs are necessary to assess and improve the customer experience of a product. See the below picture.
[Source: The data has been collected from Privacy Canada]
According to recent research by Privacy Canada, VPN providers usually collect 29% of the user’s personal details, 24% of IP address logs, and 57% of connection timestamp and bandwidth logs. We can also see that 51% of data are device types, 92% of logs are payment information, and around 9% of logs are related to browsing history.
Another research by VPN Alert shows that 47% of VPNs are based in Five Eyes, 9 Eyes, and 14 Eyes countries. Also, 15% of VPNs don’t make it completely clear in their privacy policies which information they store. Now you might wonder, what data do the 5, 9, and 14 eyes countries collect?
- Communications data (All your digital activities)
- Internet Activity (Apps you use, websites you visit)
- Location Data (Places you go, places you have saved)
- Financial Data (Banking details, purchase history)
- Biometric Information (Your fingerprint data)
Around 14.4% of VPNs log your network traffic activity, and 27% log your original IP address before establishing a connection. Furthermore, 50% of VPNs log your connection timestamps, while 42% log the server location you connect to.
[Source: The data has been collected from VPN Alert]
What are The Reasons for Data Logging?
VPN providers collect these data types for various reasons, such as improving their product, bug reporting, analytics, surveys, and maintenance. Oftentimes, these data may include personal information and sensitive data sold to advertisers.
What Type Of Log Collections are Acceptable?
Some logs don’t have sensitive personal information of the users who are okay with the data collection. Here are the types of logs that are usually acceptable.
Bandwidth logs refer to how much bandwidth you consume using a VPN service. VPN providers track how much data is sent and received over a VPN connection. They can use these logs to monitor how a VPN tunnel is used and limit bandwidth usage.
VPN Connection logs refer to the records of incoming and outgoing connections to a VPN server. They can include a user’s IP address, the IP address of the VPN server, dates, times, connection data, and sometimes bandwidth consumption.
VPN providers use these logs to detect torrenting, illegal activities, and crypto mining by using DPI (Data Packet Inspection), troubleshooting, and improving their service. However, proven no logging policy VPNs do not store any kind of data of their users.
VPNs often collect bug reports to identity technical issues and solve user’s problems. Bug reports contain technical logs from which developers and technical support engineers can understand what went wrong and fix the issues.
Bug reports don’t contain sensitive data, only the device you’re using, the specification of the device, etc. These details are necessary to troubleshoot problems and improve the product’s user experience.
Similarly, crash logs provide critical technical data to the developers if your VPN application is crashing on your PC or Android device. It helps the developers to investigate the reason for the crash and how it can be fixed or avoided in the future.
What Types Of Log Collection are Unacceptable?
There are unacceptable types of data to be collected, including your browsing] habits, applications you use with the VPN, your DNS requests, URLs/Websites you visit, and log of your original IP address. Let’s check them out in detail:
Many VPNs often track your browsing history: the websites you visit, the time you stay on those websites, your browsing journey, which websites you mostly visit, etc. These data are then sold to the advertisers for targeted marketing.
Some VPNs collect DNS requests to see what you do with their VPN service, which can be a privacy concern to many individuals. However, some VPN providers may log DNS requests to troubleshoot or optimize their network performance.
VPNs might track the URLs you visit to track your browsing habits and create a personalized profile based on your browsing preferences for target advertisement. For example, you visited an e-commerce website and searched “sunglasses.”
After that, you’ll start seeing sunglass ads wherever you visit, whether on Facebook, Instagram, or YouTube. That’s the privacy concern that you need to consider. That’s why using a VPN that doesn’t keep any logs is recommended.
IP Address Logs
VPN providers may keep a record of your original IP address during usage. In this way, your identity is compromised. If the legal authority or your government asks for the data from the VPN provider, it might give away your identity. However, no data is collected from the user in a no-log VPN, so if anyone asks, they have nothing to give.
X Popular VPNs That Keep User Logs
Some popular VPNs, such as Psiphon, Hola VPN, Hoxx VPN, Super VPN, and Touch VPN, keep user logs. These VPNs don’t offer no-log VPN service. Some data these VPNs collect are diagnostic, and some data may include personal information. So, let’s get to know them in detail.
Psiphon is a free and open-source Internet censorship circumvention tool that uses a combination of secure communication and obfuscation technologies, such as a VPN, SSH, and a Web proxy. Psiphon is designed to help users access online content and services that may be blocked in their country or region.
Psiphon does not log any information that associates the credentials or identity of a user with their VPN sessions, but they keep some diagnostic information.
Here are the data Psiphon VPN collects:
- Websites visited
- VPN protocol used
- VPN session time
- Bandwidth usage
- Location logs
- ISP usage logs
(Psiphon VPN keeps these data stored for 90 days)
Hola is a free web and mobile app that offers VPN services to its users over a P2P network. It does this by using P2P caching and redirecting requests to go through other people’s computers and Internet connections in areas that aren’t blocked.
Here are the data Hola VPN usually collects:
- URLs visited
- Time spent on web pages
- Access dates and times
- Originating IP address
- Browser type
(Hola VPN keeps these data stored for as long as necessary)
Hoxx VPN provides a VPN service that unblocks blocked websites and encrypts your connection. You can use Hoxx VPN to bypass blocked or filtered websites and protect your personal information on public Wi-Fi networks.
How to Protect Yourself from VPN Logging?
The only way to protect yourself from VPN logging is to use a verified and trusted VPN with a no-log policy. Some trusted and audited VPNs include Symlex VPN, Nord VPN, Express VPN, Tunnel Bear, Surfshark, etc.
How long do VPN providers keep logs?
VPN providers usually keep logs for 30 to a maximum of 90 days. However, it’s not the same for all VPN providers; some VPNs may keep user logs as long as necessary, which can cause privacy concerns. Thus, the best solution is to use a VPN with a no-logs policy.
Can VPN companies’ no-log policies be trusted?
You can Trust a VPN provider’s no log policy only if a cybersecurity expert has audited it or the VPN is open source. Nowadays, many VPNs claim to offer no log policy even though they lack proof. In general, you shouldn’t trust their claims.
To wrap up, VPN logging policies are essential to understand to ensure your privacy and security online. Some VPNs log user technical data such as connection logs, bandwidth logs, and analytics, which are acceptable.
However, some VPNs record your sensitive data, such as browsing history, DNS requests, original IP address, device details, etc. So, using a VPN with a strict no-logging policy is crucial to protect your sensitive data.