The Essentials

VPN Logging Policies: What to Look Out For

Rebecca Duff
Rebecca DuffUpdated

All VPNs should have a logging policy, but that doesn't mean they're all up to scratch. They can often contain confusing, misleading information designed to hide the truth from you. Find out what you should be looking out for.

An illustration of a sealed-off computer

Many VPN providers will attempt to lure you in with the promise of being ‘totally zero-logs’, but that is so very rarely the case. This isn’t to say that all logging is a problem, though – in fact, monitoring and storing the right sort of information will help ensure you get the best possible service.

Unfortunately it can be difficult to know the warning signs to look out for, especially if you’ve never purchased a VPN before. Logging policies tend to be on the long side and often contain loads of confusing (and sometimes misleading) language, but by the time you’re done reading our guide, you’ll be feeling far more confident.

What Kind of Logging is Acceptable?

In order to maintain a high-performance server network, it’s usually necessary for a VPN provider to log at least some basic connection metadata. As long as none of this can be used to personally identify you, it isn’t problematic at all.

Bandwidth Usage

It’s very common to see providers logging aggregate server statistics such as bandwidth usage. This helps them make sure nobody is abusing the service and also helps with troubleshooting any issues that may arise.

Even logging your individual bandwidth consumption isn’t an issue, as long as it is in no way linked to your true IP address.

Server Load

Monitoring server load means providers can identify which locations are the most popular and add extra servers to prevent congestion at busy times. This is great news for performance.

VPN Server Location

Some providers monitor which VPN server you connect to so they can provide more tailored advice and technical support, helping you to get the best out of the service. Again, not a concern, as your identity stays protected.

What Makes a Good Logging Policy?

Make Sure It Exists

One major red flag in terms of logging policies – and you’d be surprised how many providers this applies to – is a total lack of one.

If there isn’t a logging policy or privacy policy clearly displayed on the provider’s website (usually at the bottom of the page), it’s usually a bad sign as it suggests they have something to hide.

It Shouldn’t Be Too Short

Another thing to look out for is an unusually short policy. We’ve come across far too many that simply state “we don’t log anything you do while connected to the VPN service”, but that’s not to say it’s not collecting your personal data in some other way.

It’s worth contacting the support team for more details if you find yourself in this situation.

It Should Avoid Overly Technical Language

Ideally, all logging policies would simply spell out (in plain English) exactly what that VPN provider does and doesn’t monitor and/or store. The best ones break down all the information, without using any technical jargon, and explain the reason(s) they collect what they do.

Look For Details On Log Storage

As a user, you have a right to know how long your VPN is storing its logs for. If you can’t easily find this information, be sure to contact a member of their customer support team.

We discuss these sorts of details in the Privacy section of our VPN reviews, so take a look there too.

When Does Logging Become a Concern?

An illustration of personal details being freely examined online

You should only be concerned if your provider is logging anything that could be used to personally identify you.

Originating IP Addresses

There are a handful of VPNs out there that collect originating IP addresses – far from ideal, as these can be used to track down exactly what device you were using to connect to the VPN.

Monitoring Online Activity

Even more worryingly, a small number of providers even go so far as to monitor everything you do while connected to the VPN. This can include any websites you visit, files you download and even the content of any messages you send.

This is even more dangerous than not using a VPN in the first place, as you have no control over how long this data is stored for, or who it is sent to.

Watch Out for Free VPNs

The most common culprits of collecting personally identifiable information are usually free VPNs, although there are a few paid services that are guilty of this too.

We recently conducted an investigation and found out exactly which free VPN services you should be avoiding – you can read this here.

How Long Should a Provider Store Logs?

Ideally, your chosen VPN provider won’t collect any logs, but in the likely case that it does you need to know how long these are being kept for. We’ve seen time frames anywhere from a few hours up to a couple of years, or even more – the shorter, the better.

Storing logs up to around 30 days isn’t too much of a concern. This is long enough to help with any recent troubleshooting issues, but not so long that your information is being held for longer than it needs to.

Does Jurisdiction Matter?

An illustration of various VPN jurisdictions around the globe
If your VPN provider collects any sort of logs, its jurisdiction is incredibly important, as each country has different laws regarding your online privacy.

These dictate how your data is handled and whether or not it will be shared with other nations or disclosed to any third parties without your prior consent.

Be wary of VPNs based in any of the following locations:

Five Eyes:

  • USA
  • United Kingdom
  • Canada
  • Australia
  • New Zealand

Nine Eyes – the above countries, plus:

  • Denmark
  • France
  • Netherlands
  • Norway

Fourteen Eyes – the above countries, plus:

  • Germany
  • Belgium
  • Italy
  • Sweden
  • Spain

If your chosen provider is based in any of these locations, it isn’t necessarily the be-all and end-all. As long as nothing it collects can be used to personally identify you, you have nothing to worry about.

Not only do these countries tend to have incredibly intrusive surveillance laws, allowing ISPs to store user data for very long periods of time, they’re also usually willing to disclose personal information to law enforcement agencies on request. Not something you want from your VPN provider.

For more information, including some of the countries that your VPN should be based in, take a look at our comprehensive guide to VPN jurisdictions.

Don't Be Afraid to Ask Questions

If something looks suspicious or there are any details missing then don’t hesitate to contact your VPN provider. If it is reluctant to answer your questions that’s a bad sign.

A good logging policy will leave you with absolutely no doubt that your personal information is in safe hands, and it’s your right as a user to expect that.