When they debuted in the 1990’s, VPN’s, or virtual private networks, were more of a curiosity used by the few. However, users and businesses have increasingly turned to this encrypted tunnel technology in recent years in an attempt towards anonymity while online. VPN’s have become increasingly popular in recent years, with an estimated over 1 billion users in 2022.
The growth of VPN’s has paralleled the concerns to maintain privacy while online. As anyone who has done an online search for a widget, or checked out the Amazon offerings for this widget, only to be inundated with emails to buy this widget the next day, comes the realization that each user is being tracked online on multiple levels- from our browser, our messages, our online storage, our search engine, and the multiple cookies that we accumulate.
While it might not be a reasonable expectation for complete anonymity when online, folks have increasingly turned to a VPN for privacy from their Internet Service Provider (ISP) that has the potential to sell the user profile for profit. Additionally, particularly in restrictive governmental regimes, citizens have used a VPN to bypass governmental restrictions, to do everything from communication outside the country, to access US based online content, such as US Netflix.
However, there is also the realization that putting online traffic through a VPN may not be entirely anonymous either. This raises the concern of the VPN log.
What is a VPN log?
While ‘private’ is right in the name of VPN, realize that it is not completely private. After all, the VPN does have some record of the traffic that is sent through its servers, just like the browser on your device has a history of the websites visited that can be accessed. That record of traffic for the VPN is a ‘VPN log.’
This raises the question of exactly what kind of data can be collected. The list is likely longer than what most folks would think is collected, and can include such items as the user IP address, timestamps, the last collection time, the duration of the connection, and the IP addresses. Also, as the user paid for the VPN service, they often have credit card info, or their PayPal address on file, so they are hardly anonymous.
All of this foregoing information forms the basis of the VPN log. There are ongoing concerns that the data in this log can be leaked, or even stolen, and then used for nefarious purposes. After all, the whole point of a VPN is to be more anonymous online, not to create a file for a hacker to have easy access to a pile of data that ends up on the Dark Web for sale.
Also realize that a VPN is a business, and there can be totally legitimate reasons to keep a log of activity. This includes enforcing the number of device restrictions as most VPN plans have a limit of simultaneous connections to devices that it will provide. Also, some VPN’s limit the amount of bandwidth each month, such as the free tier of Windscribe. A log is required to track the quantity of data consumed, and to limit the user when they reach it.
What is the WireGuard protocol?
VPN’s use various protocols to create the encrypted tunnel between the user, and their server. For several years, the OpenVPN protocol became the dominant protocol for this, offering a high security standard.
The latest protocol, WireGuard addressed some of OpenVPN’s shortcomings, such as its large amount of code making it difficult to audit, faster throughput speeds with less overhead, which also pays dividends in an improved battery life. The downside is that WireGuard was not built to optimize anonymity, and by default it keeps the IP addresses visited on the server, for all time. Realizing this shortcoming, some providers have had to do a workaround, such as a ‘Double NAT,’ or even develop an improved protocol, for example ExpressVPN’s Lightway VPN protocol.
What does a ‘No log VPN’ mean?
Obviously, users want some type of assurance when they sign up for a VPN service. Now, with the understanding of what a VPN log is, and the potential danger to privacy that it represents, most VPN’s advertise themselves as a ‘No log VPN.’ Let’s take a closer look at this term that has the potential to ‘marketing speak,’ than a valid reassurance of complete privacy.
VPN’s can potentially keep two kinds of logs. The first is the connection log, which details the websites that the VPN log connects with. The other is the activity log, which is a record of which users connected, for how long, and from what location. With a true no log VPN, there will not be a record of either of these logs, which is what keeps the user anonymous.
The assurance of not keeping these logs comes down to the policy of the VPN, which should be prominently featured on the website, as it is easy to navigate to. This policy should detail if any data does get kept, what this data is, and for what duration of time. However, concerns get raised as to proving that a log is not kept, and that the temporary data gets destroyed in the timeline specified.
To combat this skepticism, and to reassure users, at least some reputable VPN services have voluntarily submitted to an outside audit. These outside firms come in, examine the policy, and then go in detail to then be able to confirm, or deny, that the promise of the no log policy is being delivered to standards. This independent audit allows the user to have a much higher degree of confidence in the anonymity of the service.
Shopping for a VPN, like any other service, does require some work to see if it will meet expectations. Be sure to be on the lookout for the VPN’s no log policy, and also take the time to give it a read, with attention to any data that is kept and for how long, along with if this has been examined by an independent auditing service.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.