The difference between no-logs and zero-logs VPNs – and why it matters
If a VPN keeps logs, can it really call itself a no-logs service? Unfortunately, yes.
Data is valuable stuff to cybercriminals, and that includes your data. Everything from
your name and email address to your browsing history and IP address, can be used for all sorts of dodgy digital dealings. Luckily, today's best VPNs can shield this identifiable information and protect you from snoopers.
Still, you might wonder how it's possible to trust these services with our most sensitive data – and that's where VPN no-logs policies enter the picture. Most providers offer one of these and they're usually a solid indication of its commitment to user privacy.
However, there are untrustworthy VPNs out there that can claim to be no-log providers while actively tracking, collecting, and storing your information. It's vital you know how to spot a sketchy no-logs claim, and what it really means to be a no-logs, or even zero-logs provider.
What are VPN logs?
First, let's start by identifying what VPN logs are. VPNs (or Virtual Private Networks) encrypt the traffic that passes through your device, onto the web, and back again, making it unreadable to any third-party snoopers.
To do this, however, your traffic first has to travel through the VPN server before it finds its way to the site or service you're trying to access. Sometimes, as a result of this process, a VPN will keep a record of some of the details. These are VPN logs and they typically come in two flavors.
Connection logs
As the name suggests, connection logs tell the VPN provider some (usually) anonymized information about how and when you connect to the service. They'll use these details to perform server maintenance, keep an eye on the network and its traffic, and put a stop to any abuses happening.
Data retention laws vary from country to country and, as you might expect, VPNs based in different places around the world are subject to different laws. For example, some VPNs are required by law to keep hold of connection logs for a set time so that they're available to law enforcement.
Connection logs can include:
- Timestamps: when you connected to the VPN and for how long
- The VPN server you connect to
- The IP address of the VPN server
- How much data you transfer during your connection
- Diagnostic data
Usage logs
These logs can be a lot more insidious than connection logs because of the nature of the data – identifiable details that can connect you to your browsing sessions. Naturally, this is the last thing you want your VPN to be keeping hold of, especially if it's claiming otherwise with a no-logs policy.
Any VPN that does keep tabs on your usage logs just isn't worth using if privacy is your main priority.
Usage logs can include:
- Your browsing history
- Downloaded files and accessed applications
- Your IP address – and your approximate geographical location
- Unencrypted messages you send or receive
No logs versus zero logs
There are a lot of VPNs floating around these days. Check out most of them and you'll see, somewhere on the main site, either a no-logs or zero-logs claim. This is the VPN stating, front and center, that it doesn't keep tabs on what you do, the sites you use, or the things you download while connected to a server.
The difference between these policies is subtle but important. Zero-logs means zero logs whatsoever (not just none of a specific kind) – or it should, at least, by the standards of the industry. It's hard for providers to back up these claims without an independent audit of their privacy policies, however, which makes them the rarer of the two.
A no-logs policy is more general, easier to verify, and more popular. It's a promise made by the VPN provider not to keep hold of sensitive and identifiable user information that passes through its servers.
It's a pretty sweet deal, right? You get all the security-boosting benefits of a VPN without worrying about whether your browsing history and original IP address are being tucked away somewhere. The big question is, can you trust no-logs VPNs?
The answer lies in the VPN privacy policy. The best examples are clear and concise, not overloaded with jargon, stating exactly which data is logged (if any), why, and for how long. Armed with this information, you can decide for yourself whether to trust the service – though some VPNs go the extra mile by inviting third-party auditors to confirm that they’re handling your data ethically and according to the policy.
How are no logs policies being misused?
Today’s most secure VPNs typically all label themselves as no-logs services. It's great to see, and privacy should always be a VPN's bread and butter, but there are plenty of dodgy services that try to dupe users with the same claim.
Unfortunately, a shady VPN can call itself a no-log service and get away with it, even though it won't be using the term in the way that we – as an industry and as consumers – have come to understand it.
Head on over to our best no-log VPN rankings to check out the services that you can trust with your everyday browsing.
A no-logs policy should be ironclad – a stamp of transparency and security. In reality, a bogus VPN might state upfront in its privacy policy that it doesn’t collect timestamp data, and is, therefore, a no-logic service, and still go on to scoop up your original IP, browsing history, and transfer data.
The provider isn't lying, not exactly, but it's a massively shady practice that can put users at risk. If someone is new to the world of VPNs or not as tech-savvy, they may take that no-logs claim at face value, go on to use the VPN, and end up passing their data into the hands of those people they were looking to protect themselves from. It's a tactic we’re seeing crop up time and again alongside smaller scam VPN services.
What to look for in a no-logs VPN
It's not all doom and gloom, however, because legit VPNs with airtight privacy policies do exist. If you're on the hunt for one, here are a few key criteria to keep in mind:
- An independent privacy policy audit: this just verifies that the service is doing exactly what it says on the tin. The big names in the VPN sphere all invest in independant audits of their logging policies – it's a great way to make sure everything's working as it should be, to squash bugs, and to provide transparency for users. Check out when your VPN was last audited, if ever, and how many times.
- Robust security features: a VPN that values your digital privacy will give you the tools you need to protect it. Think kill switches (for preventing leaks if the VPN connection drops) and multi-hop (that sends your traffic through two servers for an extra layer of protection).
- Industry-standard encryption: AES-256 is the gold standard offered by VPNs, today, and ensures that hackers, snoopers, and even your ISP can't take a peek at your internet traffic to see what you’re getting up to.
- Tried and tested protocols: when it comes to VPN protocols, I always recommend sticking to OpenVPN if you really want to supercharge your security. If you want something speedy without sacrificing privacy, however, check out the lightning-fast WireGuard protocol.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
River is a Tech Software Editor and VPN expert at TechRadar. They’re on-hand to keep VPN and cybersecurity content up-to-date and accurate. When they’re not helping readers find the best VPNs around (and the best deals), River can be found in close proximity to their PS5 or being pushed about the countryside by the lovely Welsh weather.