What No-Log Means
A "no-log" or "no-logs" policy means a VPN provider claims they do not record, store, or maintain logs of your internet activity. If a VPN truly has no-logs, they keep no record of which websites you visit, what you download, or what you do online.
This is important because while a VPN encrypts your activity from outside observers like ISPs, the VPN provider themselves can theoretically see your traffic. They're the endpoint of your encrypted tunnel. A no-log policy means they have policies and practices preventing them from recording this data.
However, "no-log" is a claim, not automatically a fact. Many VPN providers claim no-log policies they don't actually maintain. Some log activity "temporarily" for "security purposes" and keep it longer than disclosed. Others log metadata (connection times, amounts of data) without acknowledging it.
What Gets Logged vs What Doesn't
To evaluate a no-log claim, understand what data exists at different levels:
Connection Metadata: When you connect to a VPN, the server logs that a connection occurred. Strict no-log providers delete this immediately. Some keep it temporarily (24-48 hours) for network management. The question is whether this includes identifiable information linking the connection to you.
Traffic Content: The actual data you send (websites visited, messages, downloads). True no-log providers never store this. However, some claim no-log while storing this data in encrypted form.
IP Address Logs: Some VPN providers don't log your real IP, while others record it for account management. This varies even among quality providers.
DNS Queries: Some VPNs tunnel DNS requests while others don't. Check whether your DNS queries are encrypted and unlogged with a DNS leak test.
Verified No-Log vs Unverified Claims
The VPN market has a serious trust problem. Many providers claim no-log policies without evidence. Some have been caught lying.
Verified No-Log: A few VPN providers undergo independent third-party audits of their no-log claims. PricewaterhouseCoopers (PwC) and other auditors have verified some VPNs' no-log practices. Audited providers are more trustworthy.
Proven No-Log: A handful of VPN providers have been subpoenaed by law enforcement and provided evidence of not having logs to produce. This is the strongest proof possible.
Unverified Claims: Most VPN providers claim no-log policies without third-party verification. Their claims should be viewed skeptically. Just because they say it doesn't mean it's true.
Red Flags: Avoid VPNs that won't claim no-log policies (they probably log), use vague language about logging ("minimal logs", "temporary logs"), or have been caught lying about privacy.
How to Verify No-Log Claims
Since you can't access a VPN provider's servers to verify their practices, here's how to evaluate their claims:
Check for Independent Audits: Look for third-party security audits of their no-log practices. Audits from reputable firms like PwC add credibility.
Review Their Privacy Policy: Read the full privacy policy, not just the summary. What specifically do they not log? What metadata do they keep? For how long? How is it deleted?
Check Their Track Record: Has the VPN provider been subpoenaed? What did they provide? Some VPNs have proven in court that they have no logs. Others have been caught logging despite claims.
Look for Red Flags: Free VPNs almost never have true no-log policies. VPNs with aggressive marketing claims about logging are often untrustworthy. Avoid VPNs from countries with mandatory data retention laws unless they have external verification.
Test It: Use our DNS leak test and other tools to verify that your VPN is actually protecting your queries from being exposed.
The Limitation of No-Log Policies
Even with a legitimate no-log policy, understand what it doesn't protect:
Metadata: Your VPN provider may not log traffic content but could log that you connected at specific times, used X amount of bandwidth, etc. This metadata can reveal patterns.
Government Backdoors: In countries with mandatory backdoor laws, governments might force VPN providers to collect data. A no-log policy doesn't prevent legal government mandates in those jurisdictions.
Correlation Attacks: If a website knows your real identity and your VPN knows you're connecting to that website (without knowing your identity), timing analysis could correlate them.
Your ISP Still Knows: A VPN's no-log policy doesn't prevent your ISP from seeing you're using a VPN. They just can't see what you're doing through it.
No-log policies are important but not the complete privacy solution. Combine with other tools like Tor browser for extreme anonymity or use VPN on public WiFi for security.
Frequently Asked Questions
How can I know if a VPN is really no-log?
Look for independent third-party audits from reputable firms. Check if they've been subpoenaed and proved they have no logs. Read their privacy policy carefully. Avoid free VPNs and those with vague logging claims.
Does no-log mean my ISP can't see my activity?
Yes. A VPN's encryption prevents your ISP from seeing your activity. The VPN's no-log policy prevents the VPN provider from recording it. Together they provide privacy from both ISP and VPN provider.
Can law enforcement access VPN logs?
They can subpoena a VPN provider for logs. If the provider truly has no logs, they can't provide anything. Some VPNs have proven this by producing nothing when subpoenaed.
What metadata does a no-log VPN keep?
This varies. Some keep connection timestamps but delete them hourly. Some keep bandwidth usage logs. Good providers are transparent about what temporary metadata they keep and how long they retain it.