Best No Log VPN Services that care about your privacy seriously
An unbiased person must believe that VPN services should proudly co-operate with especially good governments and enforcement agencies to catch the true criminals who are truly bad for the human beings, bad for the society.
But at the same time, an unbiased person also must believe that all VPN providers should try their best to protect the privacy and anonymity (as possible as they can manage) of their users, and never play with user’s privacy and life by telling false promise or misleading words of privacy and anonymity (like Best No Log VPN, Best Zero Logs VPNs, Best Logless VPN, Best Anonymous VPN service etc etc) with a view to mere marketing their VPN services and thereby earning revenues. Because, this false promise may be dangerous for some VPN users that society really needs a lot who put themselves as well as their families & friends’ lives at the borderline of risk in upholding truth online through social media, blogs, forums, news media etc against different kinds of organizations that many times go to astray become social criminals even (very sorry to say) including corrupted & polluted governments, politicians, enforcement agencies, media, Mafias, terrorists, kidnappers, killers, hackers etc. All aware people might know of what the worst situations might go over the lives and properties of those VPN users if their identities are revealed by the VPN providers that give them promise to make them anonymous online!!! This is why, before purchasing any VPN service plan, it is very much important to know exactly what level of privacy and anonymity a VPN service provider is truly able to manage for their users. With this view in mind, I asked some privacy related questions to some professional and renowned VPN providers to know the level of their privacy who claim they don’t store user’s identifiable logs. So find out who are the best no log VPN services.
Privacy related 12 Questions I asked some VPN providers are as below-
1-Q: a) Which country is your VPN Company officially incorporated in and under what jurisdiction(s) does it basically operate? b) Is there any mandatory data retention law under that jurisdiction(s) to store any personal information (like name, local address, country, contact number etc.) or any kind of identifiable connection logs or activity logs of your VPN users in your database?
2-Q: Is your VPN Company a sister company of any company incorporated under such jurisdiction which has any law that can be used to impose your VPN Company, through the company of which your VPN Company is sister company, to handover any personal information or any identifiable logs of your VPN users whenever they want?
3-Q: a) Are the servers you use as VPN gateway in different locations basically built-in-house servers that you own or are they Dedicated servers or VPS/Cloud servers hosted on 3rd party hosting companies for rent? b) What privacy and security measures do you take to keep them safe and secure from any possible adversaries of current time? I am asking this, because there is an argument specially about VPS/Cloud servers that if VPN providers don’t own the VPN servers rather host them on third party hosting companies, they have no way to be sure the hosting companies don’t have any stealth key or backdoor into the hosted servers to keep logs, and there may have possibility for hosting companies to store or take snapshots of use- logs. What do you say about this privacy issue?
4-Q: a) Where have you hosted your VPN website —on built-in-house server or any VPN gateway server or absolutely separate server other than them? b) When an customer gets registered, which server do you manage to store user’s account information — on any VPN gateway server or same server where website has been stored or absolutely separate server other than them? c) Is the account area you provide to users after registration—a built-in-house account area or any third party software? d) What privacy and security measures do you take to keep users’ account area and personal information safe and secure from any possible adversaries of current time?
5-Q: a) For getting registered, beside ‘username’, email address and password do you also require full name, local address, country, contact number, postal code etc from users? If so, then why? B) Do you store debit/credit card information, bitcoin wallet address etc on your database if user uses those respective payment methods to purchase any VPN plan? Many argue that these types of information mentioned in (a) and (b) reduce user’s privacy and anonymity specially when court order or subpoena is received to investigate about any active user. What do you say about this privacy issue?
6-Q: We see what username and password are used to login to user account-area are also used to login to VPN client software/apps. And that means user account area is linked with VPN client software/app . a) Do you store or monitor user’s real IP address and time stamps when he mare logs in to or logs out from both the account area as well as VPN client software/app? If you do, then which server do you manage to store them —VPN servers or any separate servers where website or user’s personal account information is stored?
7-Q: When user pushes ‘Connect button’ of VPN client, then obviously user’s VPN client software understand which username belonging to which user-account is authenticating VPN Server access for VPN tunneling. Do you store ‘username’ and IP address and timestamps other identifiable logs of user when he connects to or disconnects from VPN tunnel through VPN client software/app?
8-Q: Do you store any user’s activity logs on VPN gateway servers that can help specify any specific user? If so, then it is for how long and why?
9-Q: Suppose a court order has come to your company against any of your IP addresses that has been used for any online activity and that should be under official investigation. If enforcement agency goes into the entire content of associated VPN servers which the accused IP address belongs to, then will you or enforcement agency be able to find out any connection/activity logs of any particular period of time in any way that can be matched with any user account. I am asking this because, we know all most all of the professional VPN providers basically provide shared IP addresses to ensure sufficient interface crowding on the servers and crowding is used to increase the total number of users sharing the same IP, which combined with encryption makes it harder for a 3rd party to attribute an outgoing connection to an incoming one thereby significantly increasing users’ privacy. So it becomes harder to identify any particular user’s logs. But yet, if hypothetically we assume that user ‘X’ is the only user who is using a VPN server at a particular short period of time (for example 10 minutes) and none other else, then can you anyhow identify which account-user is using the server, what his real IP address is, what location he is residing in and what activities he is performing at that specific time period?
10-Q: There is an argument that third party DNS servers may keep user’logs. Do you use third party DNS server? If so, then how do you protect user’s privacy?
11) Do you use any third party support software (like email software, Live Chat software etc) which is linked to the user-accounts and that holds information or logs of subscribed users?
12) If you receive a valid court order or subpoena that requires your company to identify any active user of your VPN service, then a) what do you do? b) what will you be officially able to provide them from account area and VPN servers?
Some VPN providers responded to my emails regarding the above 12 questions which I have published below for my visitors. Note that all the following answers are solely from the representatives of the support team of respective VPN service providers, in their own words.
I avoided publishing responses of those VPN Providers who didn’t answer my questions directly or answered but at the same time failed to answer them with minimum expected quality of answer or professionalism. [I noticed that some providers tried to redirect me to the answers already published on different pages of their websites so that I can find out my answers from their answers in there. I think they felt boring at such questions that are randomly asked by thousand of users everyday. I understand their problems. So I still open room for them in this special page who would like to response to my questions.]
Answers from the VPN providers that claim they are ‘Best No Log VPN’ Providers
1-Ans:- a) Perfect Privacy is registered and operates in Zug, Switzerland. b) No, we are not and have never been forced to retain data of any kind.
2-Ans:- No, Perfect Privacy is an independent entity that operates under its own label.
3-Ans:-a) All our servers are dedicated servers (no VPS) hosted at various data centers around the world. b) All our servers are running in containers in memory (RAM) only, no Perfect Privacy data is ever stored on disk. We also monitor the operating system for tampering and are able to determine if any of our images have been modified.
4- Ans:- a) The website is hosted on our own server and operated separately from our VPN infrastructure. The fastest VPN gateways run nginx as a cache for static content (images, etc) but not the user database which is on a separate server. b) Account information is stored only in the secure backend. The vpn gateways only know what is necessary (username/password). c) The account area was built in-house with no third party involved. d) We only store the data that is strictly necessary: Whether the account is active and when it it will expire and the username and password. The username can be selected by the user while the password is always random; users cannot set their own password so that even in case of a compromised database no other services the of the user will be affected because of password re-use. Furthermore, we do not record any user’s internet activity so it is not possible to determine which user accessed a certain website, service or resource.
5-Ans:- a) The only data we need from a user is a valid email address (this can be a throw-away email only used for signup). b) We do not handle payment processing, this is done by bitpay or paymentwall, depending on the payment method. We only store the data necessary to verify that the account was paid.
6-Ans:- We do not store or monitor user’s real IP addresses or timestamps at any time. See our answer under 4d) for more details.
7-Ans:- As stated before we do not store any IP addresses or timestamps on any of our servers. The username and password of course needs to be known to the vpn gateways to authentificate the user but this data is not sensitive.
9-Ans:- There have been incidents in the past where Perfect Privacy servers were seized but never was any user information compromised. Since no logs are stored in the first place and additionally all our services are running within RAM, a server seizure will never compromise our customers. We blogged about such an incident last year: [https://www.perfect-privacy.com/blog/2016/08/24/server-seizure-in-rotterdam/]
10-Ans:- No, we exclusively use our own domain name servers.
11-Ans:- No, we are using an in-house email server.
12-Ans:- For any court order or police inquiry we get, the only step on our side is to inform the contacting party that we do not have any data that would allow the identification of a user.
1-Ans: a) Australia, b) We are not compelled to store data – [https://www.itnews.com.au/news/confusion-reigns-over-whether-aussie-vpns-must-keep-user-metadata-459657]
3-Ans:- a) – VPN Nodes are Rented Servers. b) Encrypted disks, boot passwords, locked down file permissions, locking out un-required devices like usb ports etc – Hosting providers do not need access to machines to capture traffic, because inbound traffic is encrypted and outbound traffic isn’t it wouldn’t matter if the provider had access to the machine or not, they could simply capture the traffic on a network port of the switch itself – But they would see the same thing as if they were connected to the machine itself, encrypted inbound and decrypted outbound.
4-Ans:- a) We own and operate the hardware in a Co-located environment. b) Database server connected to our internal network. c) Built in house – www.vpnsecure.me/members d) There is a plethora of practices in place, such as CSRF, A+ SSL, WAF etc, however the password is RSA 2048bit encrypted within our database which is managed by an off-net server.
7-Ans:- No logs are stored, [www.vpnsecure.me/tos]
8-Ans:- No logs are stored, [www.vpnsecure.me/tos]
9-Ans:- No logs are stored, [www.vpnsecure.me/tos] — You will only find no users on VPN servers from VPN providers that have very little customers, but this is a suitable concern but would not affect our users.
10-Ans:- We use third party servers, But they are resolvers to our own DNS Servers, therefore the source of the IP is always the IP of our servers and not the end users.
11-Ans:- We use zopim for live chat – this isn’t linked to any user accounts – we use our own in-house hosted support system.
12-Ans:- a) We would comply and provide them with any information that we are able to pertain based on the information they were able to provide us. b) Due to our policy of no logging, if the incident is not currently live in progress in general we would not be unable to provide information.
1-Ans:- a) We’re based in Denver, Colorado, USA. b) Negative. There are no mandatory data retention laws that apply to VPNs in the USA.
2-Ans:- Private Internet Access is wholly owned by London Trust Media. No leverage can be made through any other company held by London Trust Media (or any other company)
3-Ans:- a) We lease dedicated servers from a range of providers around the world. As we have over 3300 servers in 24 countries it would be impossible to maintain them all ourselves. b) We closely monitor legislation around the world in addition to actively monitoring the status of our servers. If we feel the security and/or privacy of our customers is ever threatened, we will remove our presence from that region. We have previously pulled out completely from Russia due to legislation changes and we recently (this week) temporarily pulled out from Germany as we discovered that our datacenter provider was providing logs and such to law enforcement (though no PIA traffic was at risk as we encrypt everything).
Whilst a hosting company could in theory take logs and/or snapshots, it would provide no data as everything is encrypted.
4-Ans:- a) Our server is hosted on our own server and is completely separate from our datacenters. Access is extremely limited and is via IP whitelist and username/password. b) Account information is stored on our own server which again is via IP whitelist and username/password. c) The Account System is custom built by our in house developers. d) IP Whitelist (1 per location), Username & Password. We also do not allow remote access except in specific cases (like myself but I have 20+ years of being a network engineer building and maintaining encrypted and secure networks).
5-Ans:- We frequently need payment identifiers to locate accounts. However we only receive transaction IDs from our payment processors (Paypal, Bitpay, Stripe etc). Transaction IDs are only accessible to extremely limited people (our Finance Team). Whilst I understand your concern, at worst all the financial information actually does is confirm that a specific person (and they could sign up with false details – I see that a lot) subscribes to our service.
I have personally seen lots of people use fake names, temporary email addresses and pay either by Bitcoin or Giftcard in order to secure their anonymity.
6-Ans:- No. We do not log IP addresses. The account system is held on a secured server which requires IP whitelist, username and password and being in an authorised location to access.
7-Ans:- No, we do not store usernames, connections, IP addresses, timestamps or any other data. To date we are the only VPN provider who can prove our no logging policy through the use of court documents.
8-Ans:- No, we do not store logs.
9-Ans:- It would not be possible to identify a user on our servers due to encryption and obfuscation which is employed. If 1 person was using a standalone isolated server it could be assumed that that person was the output traffic, however due to the encryption and obfuscation and the fact that none of our servers are isolated, this would be impossible.
10-Ans:- We operate DNS servers that function with a zero logging policy. This ensures our customers privacy.
11-Ans:- Our support portal utilises Zendesk, a 3rd party ticketing software. This holds only the information that the customer provides. Whilst at a minimum this would be an email address, sometimes it contains technical information, real name or financial transaction ID. This is only the information which a customer provides in order to resolve a technical or account issue.
Access to Zendesk is done from our office in Denver, CO with an individual account or in extremely limited cases remote access. In the cases of remote access, 2FA (Two Factor Authentication) is required.
12-Ans:- In the case of a subpoena being received we immediately escalate it to our Legal Department
Based on historical evidence, we were able to provide confirmation that the IP address which was requested was owned by Private Internet Access. This was mentioned in the court documents that I referenced earlier.
1-Ans:- a) We fully operate in and fall under the law of the Republic of Seychelles, but our staff comes from the following countries: Argentina, Belgium, Bulgaria, Germany, Laos, Philippines, Russia, Seychelles, Spain, Switzerland, Thailand. There is no mandatory data retention law under its jurisdiction. b) No, we do not keep any log at all. We do not log IP or location, nor anything such as your browser details. Nevertheless, you must be aware that our payment gateways will log your IP, location and any information you provide to them. It’s your call to decide what you should or should not release out.
2-Ans:- No, we are not affiliated with any other companies. We are a non-for-profit operation made up of brilliant & skilled individuals who are located throughout the world and collaborate in a digital manner.
3-Ans:-We use of a mix of collocations, dedicated servers and virtual private servers to make up our network. We work with more than 300 hosts and data centers throughout the world.
That is a wrong assumption. But we still own most of our hardware. However, even if you own it, it does not mean the data center is not logging your machine. Same goes if you own the whole data center, it does not mean the government or the ISP is not logging. Fortunately, all of them can only log encrypted stuff, so it does not much matter.
We publish it to our transparency report and also open a network alert about the affected servers that will come to see an intervention from law enforcement authorities. In case we cannot publish it, we’ll use our warrant canary (proxy.sh/canary) to signal our members about interventions.
4-Ans:- Everything is in-house. We host our own WHMCS instance for billing and support. We do not keep any logs internally. The only thing we log here is your e-mail address and your purchase details (your invoices linked to your e-mail and your product details). We do no log your activity on our proxy (neither the authentification nor the traffic). We don’t even know whether you use our proxy or not. We do not log IP or location, nor anything such as your browser details. Nevertheless, you must be aware that our payment gateways will log your IP, location and any information you provide to them. It’s your call to decide what you should or should not release out.
5-Ans:- No, we do not ask our users personal information. The only thing we log here is your e-mail address and your purchase details (your invoices linked to your e-mail and your product details).
6-Ans:- Customers will need to use their email address (or a fake email address, free to choose) to access their account panel. They will receive a separate login credentials to connect to our VPN network. We do not log IP or location, nor anything such as your browser details.
7-Ans:- No, we do not keep logs at all. We also have an option to kill accounts and turn them into completely anonymous tokens https://proxy.sh/panel/knowledgebase/55/Tokens) with no panel or membership link at all, for the most paranoid customers (in the positive sense of the term).
8-Ans:- No, we do not.
9-Ans:- We do not restrict any activity on our network, other than those displayed in our ethical policy. As our terms state it, we will respect your privacy and never engage in negotiations with third party regarding personal information leakages, including to governmental institutions. Nevertheless, there are ethical limits we would like to detail out with you and you can check it here, https://proxy.sh/panel/knowledgebase/5/Ethical-policy.html
How could you assume that the user X is the only one on the VPN account? You mean you just have a single peer online to the VPN server? It does not matter much neither as the identification of that user is not possible. So whether you have one or ten users connected, each account cannot be identified unless you decrypt the whole user auth.
10-Ans:- We provide our customers our own DNSCrypt instance. They also have the freewill to use third-party DNS servers.
11-Ans:- No, we do not.
12-Ans:- We publish it to our transparency report and also open a network alert about the affected servers that will come to see an intervention from law enforcement authorities. In case we cannot publish it, we’ll use our warrant canary to signal our members about interventions.
Visit some major pages to get your best one:-
- To visit Best VPN Service click Here
- To visit Best Logless VPNs click Here
- To visit Best Anonymous VPN click Here
- To visit Best Fast VPN Service click here
- To visit Best Cheap VPN Service click Here
- To Visit Best No Log VPN Services click here
- To visit Best free VPN Service click Here
- To visit Best VPN for Torrenting click Here
- To visit Best VPN for China click Here for USA click Here for UK click Here
- To visit Best VPN for Windows click here for Android click here for iPhone click here for Mac click here