VPN Logging Policies: What 'No Logs' Actually Means
Every VPN service claims some version of 'no logs.' It's the single most important marketing claim in the industry and the most frequently misleading. A VPN can truthfully say 'no activity logs' while keeping metadata that's almost as useful for identifying you. Understanding what the claims actually mean — and how to verify them — is the core of choosing a trustworthy VPN.
The Types of Logs
Activity logs record what you do through the VPN — which sites you visited, what data you transferred. These are what people mean when they worry about logs. A VPN that keeps activity logs can be subpoenaed, hacked, or choose to sell the data. They're the most sensitive type.
Connection logs record when you connected, which server you used, and how long you were connected. They don't capture your activity, but combined with other data — like the time you were connected matching the time of some event — they can identify you. Some 'no logs' VPNs keep connection logs.
Metadata like your account's total bandwidth usage per day is often retained for billing purposes by subscription VPNs. Not enough to identify individual actions, but enough to confirm you were using the VPN at a particular time. Anonymous payment methods reduce this risk.
The Audit Question
Self-reported 'no logs' policies are words. They can say anything. Independent audits — where a security firm examines the VPN provider's infrastructure and verifies that the claimed policies are actually implemented — are more meaningful. Mullvad, ProtonVPN, ExpressVPN, and NordVPN have all commissioned third-party audits with varying scope.
Even audits are snapshots, though. An audit verifies what was in place at audit time. What happens a year later, after staff changes, acquisitions, or government pressure, isn't covered. The VPN's track record when actually tested by law enforcement is more meaningful than any audit.
The Canary and the Warrant Tests
Several VPN providers maintain warrant canaries — periodic statements that they have received zero government requests. When the canary disappears, it implies a request was received that legally prevents them from disclosing it. It's a workaround for gag orders, not a guarantee. ExpressVPN's servers were seized in 2021 by Turkish authorities investigating a murder — they reportedly found no useful data on the servers, validating their no-logs claim in the most real possible test.
The Jurisdiction Question
Where a VPN provider is incorporated matters. A VPN company in a Five Eyes country (US, UK, Canada, Australia, New Zealand) can be served with national security orders that come with gag clauses — the company can't tell users or the public about the order. A VPN in a jurisdiction without such arrangements has more freedom to refuse or disclose. Panama (NordVPN), Switzerland (ProtonVPN), and the British Virgin Islands (ExpressVPN) are popular choices for exactly this reason.
But jurisdiction is only meaningful if the no-logs policy is real. A VPN in Panama that keeps detailed logs of all connections hands over useful data regardless of jurisdiction. A VPN in the US with genuine no-logs infrastructure returns nothing useful even under subpoena. The combination of jurisdiction and verified no-logs policy is stronger than either alone. And real-world test events — like ExpressVPN's Turkish server seizure yielding no useful data — matter more than any policy document.
Check What Your VPN Exposes
See whether your VPN is leaking DNS queries or your real IP address.
Run DNS Leak TestAbout Kunal Khatri
Kunal is a network security specialist and systems administrator with 8+ years of experience auditing secure connections and building network infrastructure.
Related Articles
Split Tunneling: The VPN Feature You're Probably Not Using
Split tunneling lets you choose which traffic goes through the VPN and which uses your regular connection. It's the answer to slow speeds and accessibility problems on VPN.
SOCKS5 vs HTTP Proxy: Which One Should You Use
SOCKS5 and HTTP proxies both route your traffic through an intermediate server. The difference in protocol, capability, and appropriate use cases is significant.
WebRTC Leaks: The VPN Hole Nobody Warns You About
WebRTC is built into browsers for video and audio calls. A side effect is that it can expose your real IP address even when a VPN is active — and most VPN clients don't fix it.
Proxy vs VPN: They're Not the Same Thing
Both a proxy and a VPN can change your apparent IP address. The difference in how they work — and what they protect — is significant.
