Speed, server count, and user-friendliness are often three of the most important factors consumers take into account when selecting a VPN. However, there is another aspect that shouldn't be overlooked, namely, the security of your user data.
Below, we'll tell you what no-log policies actually mean, and what the best VPNs are that offer them.
What Does No-Logs Mean?
Lots of VPN providers log their users' surfing behavior and Web activity in order to, for example, target them with specific kinds of ads. However, they also create logs as a sort of insurance policy, should government authorities request information from them pursuant to criminal or illegal activity.
For that reason, if data privacy is important to you, make sure to select a VPN that adheres to a strict no-log policy. This means that the provider promises not to protocol your activity.
Logs: What Sort of Data Do VPN Services Collect?
VPN services might store a wide range of user data, including:
- The IP addresses assigned to users;
- Local user IP addresses;
- Details about their physical location;
- Start and end times of a VPN session;
- Information relating to a user's browser and operating system;
- User DNS requests;
- Specifics concerning a user's online activity
Apart from the possibility that they could share this information with government authorities, through aggregation and analysis, VPN services can and do build user profiles.
Like many things, this is primarily about marketing and generating revenue: Logs provide insights into your personal interests, shopping behavior, or the services that you use. However, sensitive information such as that relating to your political views, sexual orientation, and/or religious beliefs will also be revealed.
No-Logs Versus Zero-Logs
Alongside session-specific data which paints a picture of a user's surfing behavior, when concluding a contract with a VPN service, other personal information is provided. This includes details such as your:
- Email address;
- Preferred subscription package;
- Payment methods
Although they don't really give too much insight into your private life, they do help to identify you as a VPN user.
For that reason, a no-logs policy doesn't mean that a provider refrains from collecting any data about you. That sort of arrangement is referred to as zero-logs. Information pertaining to the agreement of a contract between two parties must adhere to local data privacy laws and cannot be freely given to anyone and everyone.
No-logs doesn't mean that a VPN refrains from saving any information that could identify you (Image Source: NordVPN ⇱).
Some VPN providers take this a step further. Should government authorities submit a formal request for personal data about users, owing to the subscription and payment models used (as well as their authentication mechanisms), they can theoretically claim not to have this information. As an added bonus, this user data provides no help in identifying individual users.
The Best No-Log VPNs: Our TOP 5
A number of VPN providers claim to adhere to no-log policies. However, it has been shown on multiple occasions that some companies still protocol their users' activities. For that reason, prospective users need to be able to separate the wheat from the chaff.
We recommend paying attention not only to whether a service offers a no-log policy, but more importantly if this has been confirmed by a recent, independent audit carried out by a third party. The proof is in the pudding as they say, and an external service won't mince their words about whether or not the provider's no-log policy is the real deal. In addition, they'll also provide insight into whether a VPN suffers from any security gaps or weaknesses.
At EXPERTE.com, we assessed 22 VPN providers, and below, will introduce you to our Top 5 no-log VPNs:
Mullvad VPN: EXPERTE.com's No-Log and Anonymous Payment Star
Mullvad VPN is a Swedish service, which not only impressed us owing to its no-log policy, but also, the rather unconventional and anonymous payment methods it offers: You won't need a valid email address or to give up any personal information to register an account with Mullvad VPN.
Beyond that, Mullvad VPN's payment process can be completed anonymously: Simply send the provider cash in an envelope or digitally via gift cards. Cryptocurrencies are also accepted.
Mullvad VPN is transparent about its no-logging policy as well as the audits it has submitted to.
In 2020, Mullvad VPN allowed the German service provider, Cure53 to check its security ⇱, with only minor weaknesses in the app's code uncovered. In addition, on its website, Mullvad VPN informs users about how it uses data that the business acquires from regular day-to-day activity.
Two years later, in 2022, Mullvad VPN submitted to another comprehensive external audit carried out by the Swedish security company, Assured AB ⇱. They too failed to uncover any security leaks or exploits.
At around the same time, the company also started to transfer its server infrastructure to RAM-only mode, which makes the prolonged logging of session information technically impossible.
One thing to take note of though is that Sweden, a member of the EU since 1995, must conform to the union's data retention guidelines. Should these be enforced, Mullvad VPN could be legally mandated by the Swedish government to store user data.
Offers maximum and proven anonymity and security
Completely anonymous payment process
Apps for a variety of different platforms and browsers
Integrated with plenty of security features
Relatively small server network
NordVPN: No Activity Protocols
With more than 5,500 servers spread across 59 countries, NordVPN is one of the leading VPN services on the market today. For longer than 10 years, the provider has prioritized the security and privacy of its user base.
Nowhere is this clearer than NordVPN's strict no-log policy, and the audits it submitted to in 2018 and 2020 conducted by PricewaterhouseCoopers AG ⇱ in Switzerland. Neither revealed any weaknesses or discrepancies between the policies it advertises and its practices.
NordVPN provides detailed insight into the independent audits it has submitted to and its strict no-log policy.
Beyond that, the company is based in Panama, a sovereign nation that is not subject to US or EU laws concerning data logging or storage requirements.
Proper usage of all security features requires thorough technical background knowledge
ExpressVPN: No-Logs Policy Backed Up by Multiple Audits
Based on the British Virgin Islands, ExpressVPN also advertises its compliance with a strict no-log policy. The tropical provider offers users access to more than 3,000 servers spread across 90 different countries.
Like the other services mentioned above, ExpressVPN has also submitted to multiple security audits conducted by independent third parties. In 2019, for example, its no-logs policy was confirmed by PricewaterhouseCoopers ⇱, while in 2021 and 2022, its client apps and hardware were probed for security weaknesses by F-Secure and Cure53 ⇱.
However, you should know that ExpressVPN's parent company, Kape Technologies (which bought the service in 2021 and was formerly known as Crossrider) was accused of malware peddling ⇱ and other problems ⇱.
ExpressVPN explains its no-log policy and audit results in a multi-page document on its website.
ExpressVPN only stores data that is necessary to optimize its services. No personal or usage information that could identify individual users is gathered. Legally, ExpressVPN follows the laws of the British Virgin Islands, and again, is not subject to those of the EU or the US.
Support for special hardware, such as routers and gaming consoles
Large server network
Regularly submits to independent, third-party security audits
Features could be more comprehensive
Somewhat difficult to use the app
Limited tools for security-minded users
Surfshark VPN: Affordable No-Log VPN From the Netherlands
Surfshark, hailing from the Netherlands, also promises not to log any of its customer's activities. In 2018, Cure53, a German security company, audited Surfshark and was unable to uncover any shortcomings. The same held true two years later in 2021 when another audit was performed ⇱.
On its website, Surfshark makes some technical data available detailing how its no-log policy is implemented. Its servers operate in RAM-only mode, which means that when the devices are shut down, they're completely reset. They also don't have any mass storage such as regular or SSD drives.
In other words, once disconnected from the power supply, no data fragments can be reconstructed, meaning that in the event of a seizure by authorities, the servers will become useless.
Surfshark VPN explicitly refers to its commitment to upholding its users' digital privacy on its website.
Possessing more than 3,200 servers spread across 100 countries, the provider regularly updates the number of official requests it has received from authorities for user data on its website ⇱. To date, it hasn't received any.
Surfshark is registed in the Netherlands. At the moment, there is no law on the books in the European country mandating data retention. All the same, it cannot be ruled out that this might, owing to Dutch membership in the EU, someday come to pass as part of a Union-wide guideline or policy.
Ergonomic and streamlined user interface
Comes with numerous security features
Nice selection of server locations
Compatible with a range of platforms and mobile devices
Based in the Netherlands: EU data retention policy could eventually jeopardize the security/anonymity of users
ProtonVPN: Powerful Security Features
Rounding out our Top 5 is the Swiss-based ProtonVPN, which emphasizes security and adheres to a strict no-log policy. As of the time of writing (November 2022), ProtonVPN has around 1,750 servers across 64 countries, many of which are equipped with special security features such as VPN connections over TOR.
In addition to its premium (paid) plans, ProtonVPN also offers free servers that are highly useable. These are also covered by the service's no-log policy, however, do suffer from a few functional limitations which make them more cut out for personal or private usage.
ProtonVPN had its no-log policy audited by an independent third party in 2022.
ProtonVPN's no-log policy was put to the test in 2019 when a foreign government brought a case before a Swiss court in which it requested user data. Owing to the lack of relevant protocols, the company was unable to meet the claimant's demands and turned over no user data.
As if that wasn't enough, in 2022, ProtonVPN had its apps and served audited in 2022 by Securitum, a Polish security company ⇱. No weaknesses or exploits were uncovered.
Cross-platform apps for all common operating systems and devices
Aesthetically pleasing app with lots of useful security features
Free version with somewhat limited functionality and server locations in three countries
Embedded in the Proton performance spectrum with programs like Proton Mail and Proton Drive
Server network still growing
It isn't uncommon for VPNs to advertise their commitment to not logging their users' data when in reality, the opposite is true. For that reason, it's good to look at whether the VPN you've selected has undergone any independent security audits and had its no-log commitment validated by a third party.
Only if the audit was completed fairly recently and successfully, and pursuant to a no-log policy with no compromises, should you consider a VPN provider trustworthy. Comprehensive reviews of 22 providers, including assessments of their security and privacy policies, can be found in our EXPERTE.com VPN comparison.
Logs are activity protocols that track users and their surfing behavior. These should be distinguished from logs that are used to bill for the service, but don't compile session information. The no-log policies a VPN provider offers are therefore always limited to the recording of individual session activities.