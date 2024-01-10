This is especially true for governments and law enforcement, since they can compel both the VPN service and your ISP to hand over specific information that will almost certainly identify you.

A no-log VPN gets around this entire hot potato by never keeping logs in the first place. So even if a judge or a hacker was able to get access to the servers, the information they would want simply wouldn’t be there. You can’t compel someone to hand over something that doesn’t exist.

How do no-log VPNs work?

Each VPN service that claims to be a “no-log” VPN will have a slightly different approach to how any logs are handled. Make no mistake – the data that would appear in such logs existed at some point, or else the server couldn’t do its job. However, the trick is to prevent that data from persisting when your VPN session ends.

Usually this means that personal data about your session is only ever kept in RAM (Random Access Memory); it’s never written to an SSD or HDD. Once data is overwritten (or the power is turned off) data in RAM is lost forever.

This sounds simple enough, but it’s actually difficult to ensure that any personal user data isn’t written to a drive where it could be recovered by a data forensics expert. Modern operating systems take many opportunities to log activity, so VPN providers need to carefully engineer their servers to prevent even accidental logging.

How are no-log VPNs legal?

You may be wondering how it’s even possible for no-log VPNs to get away with not keeping records, and the answer is location, location, location.

By basing servers in countries that have strong privacy laws, or at least those that lack anti-privacy laws, the VPN provider can offer a no-log service. This is the reason you’ll see VPN services advertise that they have servers in Panama or the British Virgin Isles. There are no laws compelling them to keep records in those territories.

However, do be aware that some governments in the world have banned or strongly regulate VPN use. As such, you could still get in trouble for using a VPN in principle if you happen to live in one of those countries.

What is the importance of independent auditing?

It’s one thing for a VPN to claim that it doesn’t keep any logs of user-identifiable data, but quite another for you to verify that. VPN providers are aware of this fact, and so enlist the help of independent auditing firms to show prospective customers that they really are a “no-log” VPN provider.

Until a VPN provider is actually hacked or legally directed to provide logs, an independent audit is the best guarantee you have that no data of your only activity is actually being kept. However, we’d still advise that you consider carefully about the level of sensitivity of your online activity, since even an audit may fail to uncover issues with logging. Also, you should use other privacy enhancing technologies such as Tor to add more layers of obfuscation – at least for online activity that you absolutely don’t want tracked back to you, such as whistleblowing or banned political commentary.

