What are VPN Logs and Why Should You Care?Posted on 22nd February 2019
Countless VPN services claim they have “no logs” to market their product, but what do they really mean by that? And what is considered “logs” at all? Let’s dive in.
Three Service Types Based on Logs
For easier understanding, we have decided to group all VPN services in three categories based on how they handle logs.
Usage (Browsing) Logs
These logs include all the data connected to your online activity – browsing history, metadata, connection times, your IP address and so on. For the sake of your own privacy and safety, you should stay away from the services that collect and store this data. We don’t want to accuse anybody, but many independent pieces of research have proven the fact that free VPN services often collect and sell user data to sustain themselves.
In other words, free services are basically spyware users willingly install on their devices. If you value your personal privacy, it’s better to stay away from such services or choose the ones that have been double- and triple-checked by reputable cyber specialists.
These types of logs are less harmful to the user, but they are not innocent either. These types of logs don’t typically contain your IP address. What they do contain, however, can still reveal a lot about your online activity. Such logs include date, time and duration of the connection, and sometimes (very rarely, though) your IP.
No logs policy is the Holy Grail of any privacy-related app. Everyone puts it right in your face to prove that they are absolutely secure and private. This basically means that the service doesn’t keep any usage and connection logs. The true “No Logs” policy is rather rare because subscribers can easily abuse the mechanics, for example by using one account per a thousand devices.
Why Do They Log?
Logs are not pure evil on their own, they are a tool a service provider can use this or that way. And the said way is what determines the service’s reliability. Let’s find out why VPN providers log your data at all:
Limit the number of devices
One of the main reasons why services use logs is the number of connections they allow. Most VPNs will allow from three to five connections under one subscription plan (VeePN offers ten). So, at least minimal logs are required when the user is connected to the service so the server can “count” connections.
However, each VPN provider has their own solution to this issue, so it’s better to ask how they keep track of users logged under the same plan and maintain “no logs” directly.
This is the case when logs are not a bad thing since not limiting the number of devices under one subscription would probably result in extra server load, lower speeds, and overall decrease in quality.
Use rental servers
Many VPN services use virtual private servers to provide their services instead of physical servers (the big cases of substantial computing power stacked on top of each other). This makes the services cheaper, but can ultimately violate the users’ privacy. How?
If the servers are located in the country which forces the server host to keep logs, then the VPN provider can barely do something about it, apart from changing to another host or using physical servers.
Abide by the security agencies’ orders
The HAS is notorious for spying on American citizens, as well as people that never even visited the US. Sadly, they have enough power and influence to do so and force or lure many services to log and hand over users’ data. After the disclosure of the so-called PRISM Program has revealed how much of our data is actually being tracked.
Therefore, service providers aren’t always the bad guys, but they are rather forced to be. What is worse, intelligence agencies can apply a so-called “gag order,” meaning that service providers can’t disclose what kind of data they are forced to collect.
VPN providers need minimal usage information to fix connection problems and make their services better. These logs don’t contain any personal information that can point directly to a certain user in the network. It is usually “faceless” technical data used to optimize service performance and nothing more.
Logs are not 100% a bad thing. However, you should consider what kind of logs service is gathering, and how transparent they are about their policies. All in all, it’s not logs that matter, but how clear a company is about their processes.