🛡️ VPN & Online Privacy
10 Min. Lesezeit
VPN Logging Policies: What Providers Actually Store
Cut through marketing claims to understand what VPN providers actually log, what no-logs really means, and how to evaluate privacy policies.
Types of VPN Logs
Not all logs are equal. VPN providers may collect different categories of data:
| Log Type | What It Includes | Privacy Risk |
|---|---|---|
| Usage logs | Websites visited, files downloaded, DNS queries | Critical — defeats the purpose of a VPN |
| Connection logs | Timestamps, IP addresses, session duration, bandwidth | High — can link activity to identity |
| Aggregate logs | Total bandwidth per server, concurrent users | Low — cannot identify individuals |
| No logs | Nothing beyond account credentials | Minimal risk |
What "No-Logs" Actually Means
A true no-logs policy means the provider stores no connection or usage data that could link your online activity to your identity. However, the term is often used loosely:
- Some "no-logs" providers still record connection timestamps.
- Others log bandwidth usage per session.
- A few keep your originating IP address for "troubleshooting."
How to Evaluate a VPN's Privacy Claims
- Read the full privacy policy — not just the marketing page. Look for specific language about data retention.
- Check for independent audits — Providers like ExpressVPN, NordVPN, and Mullvad have commissioned third-party audits of their no-logs claims.
- Look at jurisdiction — VPN providers in Five Eyes countries (US, UK, Canada, Australia, New Zealand) may be compelled to log by law.
- Check court cases — Has the provider been subpoenaed? Did they have data to hand over? A provider that could not comply with a court order is strong evidence of no-logs.
- RAM-only servers — Providers running servers entirely in RAM cannot persist data across reboots.
Jurisdiction Matters
| Jurisdiction | Data Retention Laws | Examples |
|---|---|---|
| Panama | No mandatory retention | NordVPN |
| BVI | No mandatory retention | ExpressVPN |
| Sweden | No mandatory retention for VPNs | Mullvad |
| USA | Possible NSL/FISA orders | Private Internet Access |
| Switzerland | Favorable privacy laws | ProtonVPN |
Key Takeaways
- Treat "no-logs" as a claim that requires verification, not a guarantee.
- Prioritize providers with completed independent audits and a track record in court.
- For maximum privacy, pay anonymously (cash, cryptocurrency) and avoid linking your real email.