VPN logs: what data do VPN providers collect?

By César Barreto

Whether it is free VPN or paid VPN, from thorough research VPN providers log
and collects the following web activities of their users: 1) Bandwidth usage,
2) Connection dates and times. 3) Source IP address, 4) VPN server IP
address. It must be taken into account that a user, by installing a free VPN
service on their device, is giving consent for the free VPN service provider to
record, collect and store their data, as well as their activities on the Web, in
order to later sell them. to businesses that rely on social engineering to make
assertive and targeted advertisements, which lend themselves to Malware,
Phishing and other cyberattacks.

Not to advertise VPN providers, after evaluating 101 VPN providers, only
Express VPN, NordVPN, and Surfshark are deemed to be compliant with
cybersecurity ethics and do not keep logs of any kind on their users, as that
these companies are located in countries whose jurisdictions honor
cybersecurity and are periodically followed by an audit plan that demonstrates
that they do not maintain permanent storage of the records of their users,
through the implementation of a data update policy of their users through infinite
IP addresses, which prevent the same provider from tracking the user who
registers or updates his registration, instead, the rest of the VPN providers are
located in countries whose jurisdictions do not require them to perform such
tracking, which allows them to register and store information from their users in
order to market said information to the social engineering market of advertisers
that operate Big Data.

Are VPN providers ethical?

Dear and distinguished readers, the first thing that we must be clear about is
one aspect, "there is no such thing as a VPN service without registration", what
they call; “No Logs” is just a simple marketing term used to attract potential
buyers. VPN providers use these terms liberally, however most of the time it is
not really true. Think of it this way, if I lend you money, I'll at least need to know
your name, right? That said, a little bit of data logging isn't necessarily a bad
thing, and something you shouldn't worry about, as long as your VPN logs
aren't revealing your real address or phone number, they should be reliable.
However, if a VPN provider asks its user for a large data set, it is recommended
to avoid it. Since there is a strong link between VPN registries and jurisdictions,
in short, cybersecurity is everyone's joint responsibility. VPN providers are
absolutely ethical with the security of their business and relatively with the
security of their users.

The tangible guarantee that shows how ethical the VPN service provider is
through the transparency report, also known as the settlement report, which is a
recurring document released by companies in the interest of the general public.
This document discloses a variety of statistical information related to user data
requests, or records, and offers insight into the data to which the government
has obtained access through subpoenas, court orders, and other methods.
Google was the first to publish a transparency report in 2010, followed by
Twitter in 2012. But since Edward Snowden publicly disclosed global
surveillance operations in 2013, more and more companies are being forced to
issue their recurring transparency reports. VPN providers like Avast Secure
Line, CyberGhost, HideMyAssy, and a few others have been issuing
transparency reports from 2014 to 2023. Research in support of this article
shows that Avast VPN does not keep usage logs. Dear readers, if you are
looking to find out which other VPN providers offer transparency reporting, you
might find a VPN transparency guide useful, which is not covered in this article
because it is worthy of devoting only one article to its description. However, it is
important to know that if a VPN provider does not provide transparency
reporting, be suspicious; the VPN service provider could be hiding something
from its users.

What are the types of logs that a trusted VPN provider makes?

Reliable VPN service providers generally ask their users for two kinds of logs:
1) Usage logs and 2) Connection logs. It is important for distinguished readers
to know that usage logs are much more intrusive than connection logs. Let's
investigate a little more about each of the types of records.

Usage Log

The usage log has several aspects that are recorded by VPN service providers:
1) Browsing history, 2) Connection times, 3) IP addresses. It is important to
know why VPN providers are interested in recording such things.

1) User browsing history records

Recording this information is important since statistically specifying the user's

Internet traffic, browsing history, downloaded files, purchase history, sent
messages and even the software used or software used are key information for
the same VPN provider to make improvements to their applications, and if the
case is to market said information to advertisers, it will allow these the interests
of said users seen as consumers.

2) Register user connection times

This type of usage record allows statistically specifying the start and end time of
the VPN servers used, as well as the degree of interest in user browsing
aspects.

3) User IP address logs

VPN providers record the real IP address of the user, analogously; it is like
recording the user's address. When Big Data statisticians combine IP address
combined with a user's browsing timestamp record, it results in exposing the
user's online activities. Major paid VPN providers do not store connection logs.
A little anecdote, in December 2017, ExpressVPN's servers were seized by
Turkish investigators for allegedly being associated with the murder of Russian
Ambassador Andrei Karlov, the investigation found that ExpressVPN did not log
usage or activity logs, and Turkish authorities did not They found no record to
support their suspicions.

Instead, one VPN provider that was caught selling user logs is Hotspot Shield,
after the Center for Democracy & Technology requested an investigation into
Hotspot Shield's logs, it was found that the company was not only excessively
logging its users' data, but also using JavaScript injection for advertising and
mishandling customer payment information.

Connection Logs

This is the second type of logs that are relatively harmless and the most
common form of logs that VPN providers keep. Connection logs are also stored
for a much shorter period of time, usually only 15 days maximum according to
the cybersecurity laws of the country where they operate. Connection logs are
based on several aspects: 1) Logs of user connection timestamps, 2) logs of the
user's original IP address, 3) Logs of the IP address associated with the user's
phone or computer, and 4) Logs of the user's original IP address o registration
of transferred user data.

1) User connection timestamp records

The VPN provider is able to log recording the start and end timestamps of the
VPN servers it uses.

2) Registration of the original IP address of the user

The VPN provider is able to log the IP address associated with your phone or
computer.

3) Registration of the IP address associated with the user's phone or

computer

The VPN provider is able to log the IP address assigned by your VPN provider.

4) Registration of transferred user data

The VPN provider is capable of recording the amount of data sent and received
in bytes while the user is connected to the VPN server. Connection logs are
much more difficult to trace back to the original source. Since the connection
logs are overwritten by around 15, which make it pretty much useless for any
research. This is why connection logs are mainly used for VPN service
optimization and potentially to deal with user issues.

Conclusion

Dear readers, there are only a handful of VPN service providers that do not
actually keep logs, the rest of them do, in fact, store VPN logs in one way or
another. Some choose to be very explicit about it, others choose to be sketchy
and frankly don't disclose their registration policy. It is worth noting that users
should make sure that their VPN provider does not store usage logs, make sure
that their VPN provider does not store excessive connection logs. Also, if your
VPN provider offers a transparency report or an independent audit report, that's
even better. As for the VPN jurisdiction, governments outside the jurisdiction
can also demand or access VPN user data under their national criminal or
national security laws, potentially without a warrant or other due process
protections against abusive government searches, this aspect is worth
developing exclusively in another article. Therefore, when selecting a VPN, the
types of logs kept by the provider and the presence of any reports highlighting
their transparency are important to reliable service.