VPN logging: what data does your VPN need to collect?
Virtual private networks (VPNs) promise to hide your online activities from prying eyes, but still require you to collect certain information to work properly.
Understanding exactly what data a VPN collects – and why – can help you decide whether a VPN service actually protects your privacy or just adds another layer of unwanted surveillance.
From activity logs to different types of policies, we’ll walk you through the typical categories of logs a VPN provider may keep. We’ll explain what a “no-logs” VPN actually means, highlight when a VPN’s data collection becomes too risky, and provide you with some practical tips for choosing a trustworthy VPN provider.
Article continues below
What your VPN should collect
The main job of a VPN is to create an encrypted tunnel between your device and a remote server before forwarding your traffic to the Internet.
To do this, most VPN providers keep a few basic records. These logs are generally short-lived. They are also usually grouped together and devoid of personally identifying details. Red flags arise when a provider keeps identification logs.
Connection logs
Connection logs capture the technical negotiation that takes place every time you start a VPN session.
Typical entries include your device’s original IP address (the IP address assigned by your ISP), the address of the VPN server you are connecting to, the timestamps marking the start and end of the session, and bandwidth usage.
These logs allow the VPN provider to monitor server load and troubleshoot connectivity issues. Connection logs also allow the VPN to manage the maximum number of simultaneous connections per account.
Because connection logs only record that a connection was established and not what you did while connected, they pose relatively little privacy risk. That said, keeping the original IP address ties you to the session, but a truly privacy-focused VPN will quickly delete it or never store it at all.
Activity logs
When a VPN markets itself as a no-logs service, it promises that it doesn’t keep track of what you do while you’re connected.
These activity or traffic logs are the most serious privacy issue. Activity logs may contain the websites you visited and DNS lookups that translate domain names into IP addresses. They may even include the apps or online services you used.
If a VPN provider stores any of the activity logs above, it can reconstruct a detailed picture of your online life, which defeats the purpose of using a private VPN. A true no-logs VPN should explicitly state that it never records activity logs.
Server-level logs
At the server level, providers can maintain minimal data, such as the amount of traffic passing through a particular node or generic error messages.
This information helps a VPN provider fine-tune performance and balance loads on the network. It can also help identify hardware failures if they occur.
These logs do not contain any user-specific identifiers, meaning they are considered the least intrusive form of data collection.
Aggregated logs
Aggregated logs are aggregate statistics that a VPN collects from multiple users at once.
Nothing collected concerns you personally. Instead, the VPN logs things like URLs or domains visited, total bandwidth consumed, or generic timestamps. When this data is combined, it never includes your real IP address, the websites you visit, or any account identifiers that could identify you.
Even VPNs that claim to be “log-free” require a small amount of information to keep their service running smoothly. Aggregated logs help them know when to add additional servers or when there is an outage or unusual activity.
The main thing to watch out for here is whether the VPN collects ID logs before aggregating the data. Provided there is no identifiable raw data, aggregation is harmless.
Account and payment journals
A VPN has another set of logs that sit entirely outside the VPN tunnel: account and payment logs.
These typically include the email address you registered with, the payment method you used, when you created the account, and any customer support tickets you may have opened.
Although these logs don’t reveal what you do online, they can link that activity to a real identity.
If a VPN keeps detailed information about your account or payment, it creates a link between you and any network logs it might have. If you are a particularly privacy-conscious user, you may want to consider providers that offer anonymous payment and registration, such as Mullvad.
What a No-Logs VPN Really Means
When a VPN markets itself as a “no logs” service, the concept seems simple enough: it doesn’t keep track of what you do online.
In practice, however, most “no-log” VPNs still store a small amount of data – just enough to keep the network running smoothly. This data is generally not identifiable, such as generic login timestamps and total bandwidth used, and never includes things like your real IP address or the websites you visit.
This is why it is important to know the difference between no-logs and no-logs VPNs.
While a no-logs VPN may keep these logs minimal and anonymized for operational reasons, a no-logs VPN does not keep any records, including non-identifying data.
So when you see a VPN with a “no-logs” label, take it as a promise that the VPN limits its data collection to what is strictly necessary and does not store anything that could directly link your activity to you. However, if you’re looking for more comprehensive protection, opt for no-log VPNs.
When data collection goes too far
Collecting detailed activity logs undermines the entire point of a VPN. In other words, to protect your online activities from spies.
When a VPN provider logs browsing history, DNS queries, or precise timestamps, it can piece together what you accessed, when, and from where. This can be particularly dangerous for users living under restrictive regimes where this information can be used against them.
Even in freer societies, detailed logs are vulnerable to data breaches or may be sold to third parties or requested by authorities.
Free VPNs are the most common culprits of excessive data collection. Lacking subscription revenue, they often make money by selling user data to third parties. For users who rely on a VPN to browse and communicate privately or circumvent internet censorship, any retention of original IP addresses or activity logs significantly increases the risk.
If a malicious actor obtained these activity or usage logs, they could correlate them with other data sources to identify you. Some of the risks include legal repercussions as well as harassment.
How to choose a trustworthy VPN
Choosing a VPN that respects your privacy starts with looking beyond marketing slogans and focusing on the provider’s actual practices. A trustworthy service will prioritize keeping your online activity hidden while providing much-needed security features.
- Stick to trusted, verified names: Look for VPN providers with solid experience and transparent ownership. The most secure VPNs are less likely to disappear overnight, leaving your data exposed.
- Avoid Dodgy Free VPNs: Free VPNs often finance themselves by recording and selling user data, including included credentials. If a VPN is free, assume it monetizes you in some way and consider a paid alternative.
- View the VPN’s privacy policy and audit history: Read the VPN’s privacy policy carefully for explicit statements about data retention. To be safe, prioritize VPN services that have undergone independent audits and share the results publicly.
- Discover the additional features/extras available: The best VPNs boost security with extras like a kill switch or Double VPN servers. When these add-ons are implemented well, they can provide an extra layer of security without compromising privacy.
