Are No-logs VPNs Completely Safe?

Are No-logs VPNs Completely Safe?
(Photo : Are No-logs VPNs Completely Safe?)

If you've been on the lookout for a VPN, you may have come across the term "no-logs VPN" a lot. If you're not sure what that means or how it's useful for your online security, don't worry. You'll find everything to know about the topic below.

Meanwhile, here's a curated list of VPNs that don't keep logs - a great place to start if you're not sure what to look for (or just find research boring). All providers have been proven to keep your data safe, whether by third party audit or through court documents.

What Are No-logs VPNs?

You probably have a rough idea of what VPNs do. Namely, encrypt (or garble) your data so it can't be read by your Internet provider, hackers, or government agencies. However, some people are worried that VPN providers themselves will start using their data for shady purposes.

Well, they're not far from the truth. Just take a look at how some free VPNs were selling user data to advertisers - not unlike many ISPs today. This is where no-logs VPNs come into play. As you may have gathered, these providers do not record your online activity while using their services.

"True" no-logs VPNs don't even keep the (arguably) safe connection logs needed for troubleshooting purposes. These logs can't be used to identify VPN users directly, but no-logs providers would rather remove that risk entirely.

Of course, there's always the risk of a rogue employee monitoring your VPN activity in real time. After all, your data still needs to pass through the provider's servers, even if it's not being logged. That being said, the chances of that happening are extremely low, and could be said about any other online service.

What No-logs VPNs Won't Protect You From

VPNs are good at what they do (i.e. encrypting your data, masking your IP address, etc.). However, you shouldn't confuse them for a complete security package. There are quite a few ways websites and online services can identify you online, even while using a VPN.

#1 Cookies

You know those irritating cookie warnings that have been popping up ever since the EU GDPR kicked in circa 2018? Well, those notices pretty much let you know how much data cookies gather about you. Normally, cookies collect data such as:

  • A unique visitor ID

  • Your website preferences

  • Which pages and sub-pages you've visited (say, product pages on e-stores), as well as time spent on each page.

Of course, advertisers can also use cookies to create detailed profiles about you and your interests. This is why every website asks you to "review your preferences" when they serve you those cookie notices. Websites used to sign up EU users for ad-tracking, relying on the fact that people just click "OK" on cookie notifications without a second thought. That is, before an EU court ruling stated that active consent is required from the user. If you live outside the EU (and depending on the website), the tracking cookie checkboxes might come pre-checked.

The easiest solution is to clear your browser cookies - either manually, or by setting up your browser to clear them after each session. Keep in mind that you're sacrificing a bit of convenience, since cookies are required for automatic logins and maintaining your preferred page settings.

#2 Web Beacons

Web beacons are usually 1x1 pixel transparent GIF files, or small JavaScript code snippets embedded into web pages. You may have heard of them referred to as tracking pixels. They're typically used alongside cookies to - you guessed it - track your online behavior. An infamous example is Facebook Pixel. The API was deemed illegal by Belgian courts for its ability to track people even if they don't use the social media platform.

Beacons may also be present in emails, mainly for statistical purposes. Of course, most email providers nowadays block external images (including tracking GIFs), or give users the ability to "load external content." Google downloads all external images to its own servers before they can be displayed in your emails. Then again, Gmail is not exactly the most privacy-friendly email service.

In any case, web beacons in any form can easily be avoided with a content-blocking extension like uBlock Origin. uMatrix offers more granular control over what content can be displayed in your browser. However, its learning curve may turn away some users. Privacy Badger is a neat alternative too. These three extensions are also somewhat useful at mitigating browser fingerprinting, which you can read about below.

#3 Browser Fingerprinting

Ever logged in to a service from a different device than usual? Then you've probably received a security email with several details about that device, such as:

  • IP address and location

  • Browser type and version

  • Operating system

This is a type of browser fingerprinting, and is useful at detecting unauthorized login attempts. The details above (and more) are part of your unique fingerprint, which is shared by less than 287,000 other browsers, according to the Electronic Frontier Foundation (EFF). That might seem like a lot, but keep in mind that there are over 31 billion Internet-capable devices out there.

If you're in a situation where privacy is essential to your livelihood, browser fingerprinting can be highly detrimental. We mean whistleblowers, journalists communicating with anonymous sources, and the like.

Unfortunately, it can't be completely avoided. However, using the Tor Browser and a 'no-logs' VPN in tandem will put you in a pool of 3 million similar browser fingerprints. This is a definite improvement privacy-wise, but one that can greatly affect your Internet speeds. Of course, speed is probably the least of your concerns in such scenarios.

#4 Out of Sync System Time

Pretty straightforward. Websites can detect that you're a VPN user by checking your local system time. Simply set your PC or phone's time to reflect the time zone of the VPN server you're connecting to. This is especially helpful when spoofing your location to unblock media unavailable in your region.

Real Time Analytics