If you've been on the lookout for a VPN, you may have come across the term "no-logs VPN" a lot. If you're not sure what that means or how it's useful for your online security, don't worry. You'll find everything to know about the topic below.
Meanwhile, here's a curated list of VPNs that don't keep logs - a great place to start if you're not sure what to look for (or just find research boring). All providers have been proven to keep your data safe, whether by third party audit or through court documents.
What Are No-logs VPNs?
You probably have a rough idea of what VPNs do. Namely, encrypt (or garble) your data so it can't be read by your Internet provider, hackers, or government agencies. However, some people are worried that VPN providers themselves will start using their data for shady purposes.
Well, they're not far from the truth. Just take a look at how some free VPNs were selling user data to advertisers - not unlike many ISPs today. This is where no-logs VPNs come into play. As you may have gathered, these providers do not record your online activity while using their services.
"True" no-logs VPNs don't even keep the (arguably) safe connection logs needed for troubleshooting purposes. These logs can't be used to identify VPN users directly, but no-logs providers would rather remove that risk entirely.
Of course, there's always the risk of a rogue employee monitoring your VPN activity in real time. After all, your data still needs to pass through the provider's servers, even if it's not being logged. That being said, the chances of that happening are extremely low, and could be said about any other online service.
What No-logs VPNs Won't Protect You From
VPNs are good at what they do (i.e. encrypting your data, masking your IP address, etc.). However, you shouldn't confuse them for a complete security package. There are quite a few ways websites and online services can identify you online, even while using a VPN.
You know those irritating cookie warnings that have been popping up ever since the EU GDPR kicked in circa 2018? Well, those notices pretty much let you know how much data cookies gather about you. Normally, cookies collect data such as:
A unique visitor ID
Your website preferences
Which pages and sub-pages you've visited (say, product pages on e-stores), as well as time spent on each page.
The easiest solution is to clear your browser cookies - either manually, or by setting up your browser to clear them after each session. Keep in mind that you're sacrificing a bit of convenience, since cookies are required for automatic logins and maintaining your preferred page settings.
#2 Web Beacons
Beacons may also be present in emails, mainly for statistical purposes. Of course, most email providers nowadays block external images (including tracking GIFs), or give users the ability to "load external content." Google downloads all external images to its own servers before they can be displayed in your emails. Then again, Gmail is not exactly the most privacy-friendly email service.
In any case, web beacons in any form can easily be avoided with a content-blocking extension like uBlock Origin. uMatrix offers more granular control over what content can be displayed in your browser. However, its learning curve may turn away some users. Privacy Badger is a neat alternative too. These three extensions are also somewhat useful at mitigating browser fingerprinting, which you can read about below.
#3 Browser Fingerprinting
Ever logged in to a service from a different device than usual? Then you've probably received a security email with several details about that device, such as:
IP address and location
Browser type and version
This is a type of browser fingerprinting, and is useful at detecting unauthorized login attempts. The details above (and more) are part of your unique fingerprint, which is shared by less than 287,000 other browsers, according to the Electronic Frontier Foundation (EFF). That might seem like a lot, but keep in mind that there are over 31 billion Internet-capable devices out there.
If you're in a situation where privacy is essential to your livelihood, browser fingerprinting can be highly detrimental. We mean whistleblowers, journalists communicating with anonymous sources, and the like.
Unfortunately, it can't be completely avoided. However, using the Tor Browser and a 'no-logs' VPN in tandem will put you in a pool of 3 million similar browser fingerprints. This is a definite improvement privacy-wise, but one that can greatly affect your Internet speeds. Of course, speed is probably the least of your concerns in such scenarios.
#4 Out of Sync System Time
Pretty straightforward. Websites can detect that you're a VPN user by checking your local system time. Simply set your PC or phone's time to reflect the time zone of the VPN server you're connecting to. This is especially helpful when spoofing your location to unblock media unavailable in your region.