Some of us use VPN’s for the purpose of internet service providers not seeing our activity and if that’s the case, what is the point of using VPN’s if they keep logs on us?
Well there are many that don’t keep any identifying logs on you and have been proven so. But if you’re speaking about VPNs in general they weren’t originally created to not contain logs but rather to have a secure tunnel to your work network or business.
Trying to guess “trustworthiness” or “not logging” is a losing game. You never can be sure, about any product or service. Even an audit or court case just establishes one data point.
So, instead DON’T trust: compartmentalize, encrypt, use defense in depth, test, verify, don’t post private stuff, maybe don’t do illegal stuff. And give fake/anon info where possible: fake name, throwaway or unique email address, pay with gift card or virtual credit card or crypto or cash.
You can use a VPN, ISP, bank, etc without having to trust them.
Using a VPN is worthwhile because it hides some info from your ISP, a company which knows FAR too much about you. Give as little data as possible to the VPN: give them fake/no ID data, pay anonymously, send them encrypted traffic (HTTPS), don’t use their custom client app. Then all they can betray is “someone at IP address N accessed sites at IP addresses X, Y, Z”. And you’ve removed that info from the ISP.
Pick a VPN provider that doesn’t log.
As the owner of a new VPN provider, I can attest that the VAST MAJORITY of all VPN providers have logging built-in AND they own your encryption keys, simple due to the fact that this is how OpenVPN works by default, as well as the “simple” way of deploying Wireguard to customers.
In my opinion, simple/fast/lazy is not what VPN customers want or deserve. On a personal note, my VPN was built from the ground-up with custom tech that is extremely fast and highly secure, so much so that it is impossible for us to log due to the nature of our zero-trust model for doing things.
TLDR: Don’t use a big provider that puts profits over user privacy/security.
Not to mention that their are places that you can’t get to thru a VPN.
That’s a great question!
Logs should be recorded as long as there are operations, with the only difference being whether the service provider uploads the user’s logs. You can find VPN service providers who claim no logs. They usually do not actively collect logs. Only when there is a problem with your software, logs are needed to solve the problem. In fact, you can still choose whether to send the logs.
Right. Zero knowledge VPNs don’t exist because they would have no way to make money and their service would immediately become a haven for the worst kinds of illegal activity not to mention non-stop spamming.
Even the very good VPNs have to be able to manage who is accessing their service. When we talk about “logging” we should be clear that it means logging the internet activity of a user beyond what is needed simply to authenticate that a user has paid for the service. As an aside this authentication can have a range of privacy implications. Some services require a whole full on log in procedure with email address, home address, phone number etc while others just assign you a random number that you can change every month.
I’d tend to agree that most VPNs aren’t going to have much of a reason to keep that data. For paid VPN’s it sort of blows up their whole business model. However, there have been a few high profile cases where a VPN gave up user data to prove where a specific user had been on the internet. So, it happens and you’re right that caution is warranted.
Great comment. Thank you. Was there supposed to be more to it? You ended with “And the”. Just Curious. And a side question, please:
Is it safe to say then that people who have been prosecuted because companies have turned over “logs” on them have had very broad and maybe undefinitive or shaky evidence held against them? And maybe they or their defense attorneys don’t know enough about VPNs and Logging to have that “evidence” dismissed? Obviously this would have to be looked at case-by-case but is this a safe generalization to make?