Why do VPN audits matter?

A repeating pattern of pink magnifying glasses on a light blue background
(Image credit: Getty Images)

In an age of malware, intrusive advertising, and cyber-criminals trying to snoop on your browsing habits and steal your information, a lot of folks use VPNs to give their online privacy an extra boost.

Without a VPN, your internet provider can see everything you do online. They can see what websites you visit, the apps you use, and the files you download. When you use a VPN, you block that information from your ISP, but now the VPN provider could (if it wanted to) see all this information as it passes through the encrypted tunnel. An unscrupulous provider could use that information against you or, worse still, sell it to a third party like a marketing company or even to a cybercriminal.

For this reason, it’s imperative that any VPN provider you pick, such as one from our best VPN list, is a no-logs provider. This means the VPN provider doesn’t keep any information that could be used to identify its users – and an audit is a surefire way to prove that a provider walks the walk as well as talks the talk.

NordVPNThe best VPN overall

NordVPN – from $3.09 per month
The best VPN overall
NordVPN is our top VPN pick thanks to an unbeatable offering that includes an impressive set of privacy and security tools, unrivaled unblocking ability, and a wide network of servers all over the world. Last year, NordVPN had its no-logs claim audited and verified for the fourth time, so this is a VPN provider you can use with confidence. See for yourself with a 30-day money-back guarantee.

What is a no-logs policy?

At the core, a no-logs policy is a promise from your VPN provider that it isn’t collecting and storing the data that passes through its servers. From a privacy standpoint, that would include things like real-world IP addresses, browsing history, downloads, and so on.

A no-logs policy is a promise from your VPN that it isn’t collecting your data

That isn’t to say that VPNs don’t collect any data at all – they do need to collect some information to be able to offer a service. This usually includes connection activity, logging when people connect to the VPN and when they log off, but these logs should be anonymized so no one user can be identified, or temporary so that they’re deleted after some time.

The problem is that, when you use a VPN, you really have no idea if it’s sticking to its own rules. You’ve got no way to confirm whether or not it’s logging what you’re doing online.

This is where a VPN audit comes in. The provider will bring in a third-party auditor, such as Deloitte, PricewaterhouseCoopers, or Cure53 to name but a few, who can confirm whether or not the provider is actually sticking to its no-logging claims. Ideally, an audit shouldn’t be a one-time thing either, and the best VPNs undergo regular audits to prove they’re still living up to their privacy and security claims. ExpressVPN, for instance, has 18 independent audits under its belt!

What happens during a VPN audit?

A VPN audit is a marathon, not a race, which is why some smaller companies might avoid undertaking them. It’s a huge investment of both time and resources, but it’s well worth it to a company that wants its customers to know it meets the highest standards of privacy and security.

The VPN provider has to open its system to outside experts who will work to ensure that the provider complies with its no-logs policy. The auditors will check for flaws in the provider’s systems, evaluate the measures the provider has taken to protect its users, what records it holds, and so on.

The provider may also decide that it wants to go for a full-on security audit, and that’s where the auditors test the provider’s security features and the overall health of the service, looking for any weaknesses that could leave the provider open to potential data breaches or cyber-attacks.

No two audits are exactly the same as it’s up to the VPN provider to decide how far they wish to go, and what they want to give the auditors access to. As well as looking at software, policies, and processes, the audit might even involve on-site visits to the provider’s headquarters or the data center where the servers are located. Other things the auditors look at can include -

  • Security and logging configurations
  • The provider’s apps and browser extensions
  • Backend systems
  • The source code for the apps
  • The auditor might even carry out interviews with a VPN provider’s staff

What are the benefits of a VPN audit?

We’ve established that a VPN audit can be quite disruptive to a VPN provider’s day-to-day activities, to say nothing of the costs involved in getting a third party in to examine the systems, but there are major benefits:

  • An audit will highlight any issues to the provider, and show ways that it can improve existing system security
  • The audit will ensure that the provider is compliance with all state, federal, and international regulations
  • It gives the provider a clear picture of how will its current systems would work to protect user data in the event of a breach or system failure
  • A successful audit helps promote trust with the provider users by proving that its no-logs claims aren’t just empty promises, but something it’s committed to upholding.

Where can you find audit reports?

Bringing in a third-party auditor is a time-consuming and costly proposition for a VPN provider, but it’s also an important marketing tool. An audit report can be used to reassure existing customers and potential new customers that their online activities are safe, and helps set a provider apart from its competitors that haven't been audited. Most providers will make an audit report available to the public or, at the very least, to their existing customers.

The provider will want to share the positive results as well as highlight their commitment to fixing any issues that the audit might have uncovered. Both NordVPN and ExpressVPN, for instance, publish their audit results on their respective blogs.

Shaun Rockwood
VPN Expert

After graduating from Stirling University with a qualification in Education, Shaun accidentally fell into the technology sector in the late 1990's and has stayed there ever since, working for companies such as PSINet, IBM and ProPrivacy in a variety of roles from Systems Administration to Technical Writer. Being around since the birth of the modern internet, he's seen the way that technology has expanded to become an integral part of everyday life, and how people's understanding and ability to retain any kind of privacy has lagged behind.

Shaun is a strong believer in the rights of the individual to have their personal data protected and their privacy respected – a belief made all the stronger in an age of surveillance from both governmental bodies and private companies all around the world.

He spends his spare time cooking, riding his motorbike and spending far too many hours in Star Trek Online hunting Klingons and Borg.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A hand holds a smartphone displaying the NordVPN logo
"Privacy isn’t just a buzzword" – independent audit confirms NordVPN doesn't store your data
NordVPN running on a desktop, mobile devices, Apple TV, a router and a game console
NordVPN reacts to results from its latest security audit
An illustration of a mobile phone running a VPN
How does a VPN work?
best Secure VPN
Secure VPN providers 2025: safe options for the best security and encryption
A VPN running on a mobile device
A new era for VPN testing? ATMSO publishes the first-ever testing standards in an "important milestone"
Outlook Calendar on a Tablet
What we learned from VPNs in 2024
Latest in VPN
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies' security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Tor
What is Onion over VPN?
A representational concept of a social media network
What are data removal services?
ExpressVPN's Lightway Turbo upgrade – promo image
Can fast be faster? ExpressVPN promises it’s possible
AdGuard VPN during TechRadar tests
AdGuard becomes the latest VPN to add post-quantum encryption
Latest in Features
Close up of PS5 DualSense controller leaning on a PS5
5 reasons your PS5 needs a VPN
Warhammer 40,000: Space Marine 2
With discounts of up to 95%, these are the biggest deals I've managed to find in the Steam Spring Sale
The cast of The Parenting
The Parenting is Max's #1 most-watched movie but it has frightening reviews – here are 3 better horror films with over 90% on Rotten Tomatoes
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Samsung, Roku, and Hisense TV screens
I review TVs for a living, and here are the 3 best budget TVs you can buy today
Sterling K. Brown as Agent Xavier Collins in Paradise
Hulu's #1 show Paradise has got everyone talking – here are 3 more political thrillers with over 85% on Rotten Tomatoes to watch next