One of the biggest promises VPN services make is that they don’t keep logs. It’s plastered across their websites and features prominently in their marketing material. But what are logs, exactly, and what makes for a “no-log” or “zero-log” VPN?
What Are Logs?
In short, a log—also called a log file—is the record of events between two servers. When you visited this web page, your computer reached out to How-To Geek’s server through your internet service provider’s networks. Both the ISP and our server made note of that in their logs. Logs are available to your systems administrator (your ISP or boss, if you’re at work) as well as the websites you visit.
The log contains your IP address, the time you connected, and the duration of your connection. Though it seems like pretty innocent information, it can be worth its weight in gold to marketers. They can determine somebody’s general location using their IP, then figure out some of their browsing habits thanks to the connection time and duration. Add the information from browser cookies to the mix, and that can help target more profitable advertisements.
Logs are also used by copyright watchdogs to figure out who used BitTorrent for which file and when, or by law enforcement to determine who sent a threatening email. However, there’s a way to avoid this data collection, which is where VPNs come in.
VPNs and Logs
A virtual private network is a program that lets you connect to the internet using one of its own servers. This means that the sites you visit will see the IP address of the VPN server instead of yours, meaning that they can’t identify you that way.
It also works the other way around: Thanks to the way the VPN’s connection is set up, your ISP or boss can only see the connection you made to the VPN server and not to any sites you’re accessing through the VPN’s encrypted tunnel.
Contrary to what many claim, this is not enough to keep you from going undetected while browsing. If you just browse with your normal browser, its cookies can help websites track you. Think of it this way: If you connect to a VPN and then sign in to your Google account, Google now knows who you are. That VPN isn’t hiding your identity from Google if you just told Google who you are! That’s why using Incognito Mode helps.
Even then, though, VPNs still have a massive Achilles heel: namely, their logs.
What Is a No-Log VPN?
When you make a connection between two servers, a log is created. There is no way around this. It doesn’t matter if you’re using your ISP’s server or that of your VPN, there is a log file somewhere. In essence, what you’re doing by engaging a VPN is replacing your ISP’s log with that of your VPN. Technically, all a marketer or policeman would need to do is ask the VPN for your logs, and they would have all the information they need about you. After all, that’s how they get it from ISPs.
This is an obvious flaw, but to get around it, VPNs promise that they won’t keep logs—or at least, not the kind that can be used to identify you. For example, many VPN providers differentiate between a connection log (also called a network log) and an activity log (or browsing log).
The connection log is the one that keeps a record of the connections the VPN server made with websites and which should, technically at least, be devoid of any identifying information about you, while the activity log shows when you connected and from where. Depending on the VPN provider, some will claim to not keep the activity log, while others claim not to keep both.
In either case, theoretically, your browsing should be anonymous. Websites will only see the VPN’s IP in their logs, while a request for information from law enforcement will yield nothing, as the files don’t even exist—that is, if the VPN even needs to comply with requests, as many of them are headquartered in jurisdictions far from the reach of North American and European warrants, like the Cayman Islands or Panama.
“How Do You Know That a VPN Doesn’t Keep Logs?
A no-logs policy is the cornerstone of a VPN service’s promise to keep you anonymous. However, it comes with two major issues, both related to the fact that it’s almost impossible to prove a negative, to show that something is not there.
The first issue is that it’s a little hard to believe that no logs are being kept. You need some kind of record of a connection. That’s just how the internet works. It’s more believable to say that logs are destroyed as soon as they are made, but that makes for poor marketing copy.
The second issue is that there’s no way to prove from the outside that logs aren’t being kept by a VPN. There’s just no way to do that for any site. You’d need some kind of admin authority. Then again, even if you were given access, it’s hard to prove from the inside, too: The VPN could just move the incriminating logs for the duration of your check.
These two issues combined mean that you are, essentially, trusting a VPN to keep your data safe. Whether or not you should do that is something for you to decide when choosing a VPN, though, generally speaking, reading up on reviews as well as following recommendations from people you trust should mean you’re making the right choice.
, and, of course, the company promises it doesn’t keep activity or connection logs. ExpressVPN is our top pick here at How-To Geek, and many of us have used it for years. It’s created by a stable company that’s been around for a long time. ExpressVPN even innovates by creating features like Lightway, a next-generation VPN protocol that will be open-source.
Fergus is a freelance writer for How-To Geek. He has seven years of tech reporting and reviewing under his belt for a number of publications, including GameCrate and Cloudwards. He's written more articles and reviews about cybersecurity and cloud-based software than he can keep track of---and knows his way around Linux and hardware, too.