No-Log Myths

The No-Log Policy Myth: What VPN Providers Aren’t Telling You

Nearly all commercial VPN providers make bold marketing claims about their 'No Log Policy.'

The "no" log policy

To verify this, simply conduct a quick Google search, select random VPN providers, and you will likely find that "No Log Policy" is prominently highlighted on their front or user-facing promotional material.

A new trend among VPN providers is to promote an upgraded version of their "No Log Policy" as an "audited" variant, making it appear more trustworthy to build confidence with potential customers.

VPN providers often claim that their "No Log Policy" means they do not collect, store, or share any data related to your online activities. Unfortunately, this is where things become problematic.

The hard uncomfortable fact

There is no such thing as a no-log VPN provider!

To verify this, conduct a quick Google search for 'VPN no log lies' and scroll past the VPN provider commercials to find multiple technical administrators and journalists objecting to these claims.

It is technically impossible for a VPN provider to operate any service without maintaining some form of log files, and every IT administrator in the world can and will confirm this as a hard fact.

Legal loopholes

There are many VPN providers that make this claim without providing detailed documentation, assuming they’ve addressed critical consumer questions with a mere ‘tick in the box.’

In other cases, the fine print or legal loopholes in VPN provider terms of service may still allow for data collection under certain conditions, such as legal requirements or cooperation with third parties.

As a result, consumers are often given a false sense of security, believing their data is completely protected when, in fact, there are often many lingering vulnerabilities, even including data-brokerage.

What they are not telling you

The concept of a no-log policy for VPN providers emerged from legal cases where user logs were revealed in court, implicating VPN users in legal issues. To counter the negative publicity associated with the use of such records, VPN providers swiftly adopted no-log policies.

This situation highlighted a significant issue: if VPN providers retained logs, they could potentially be used against all their users, undermining the fundamental privacy that VPNs are supposed to offer.

The evolution of audited no-log policies

The term 'audited no-log policy' developed as a response to negative publicity surrounding providers that were summoned in court despite claiming to have a no-log policy. In some cases, providers were found to have kept logs, prompting the introduction of external audits to verify their no-log claims.

An audited VPN no-log claim is, at best, comparable to the use of the term ‘diet’ on food products.

Just as diet products may have fewer calories but are not necessarily healthy, an audited no-log policy does not eliminate the fact that there may still be threats hidden in limited provider logs.

Significant additional threat

An audited no-log policy confirms that a VPN provider does not retain user logs, to a degree, but does not guarantee that the provider is not selling data to commercial data brokers.

To fully understand a VPN’s data practices, one would need to scrutinize the provider’s terms and conditions, as well as the audit report in detail, and ideally consult a lawyer for a thorough analysis.

In simple terms: please do not hold any value to no-log policy claims as they provide no protection.

Why do VPN providers use the term?

So, why do most VPN providers promote a "No Log Policy" on their websites or marketing materials?

Unfortunately, it is a widely accepted marketing myth, and just as the term "sugar-free" is used in the food industry, the actual wording "No Log" conveniently misleads consumers about the truth.

We strongly urge consumers to understand that a "No Log Policy" should be treated in the same way that a diabetic must treat the term "sugar-free" for similar health and safety concerns.

DEVPN's solution

For a detailed overview on how DEVPN provides a solution for the above challenges, see this chapter.