What Your VPN Knows About You – And May Not Be Telling You


Everyone needs a VPN! Using a VPN is the only way to keep your online activity truly private! These and other unethical, hyperbolic claims are just a few of the false marketing narratives surrounding the use of Virtual Private Networks.

In reality, a VPN that logs its users could land your private data on everything from the black web to government watch lists.

If your VPN provider doesn’t clearly spell out how long it will keep your data, for what explicit purposes (like an active legal case), and what the retention process will be should the company dissolve, proceed with extreme caution.

“14 of the 16 VPNs we analysed failed to state in their documentation that they will immediately and permanently delete all personal user information when a user closes or deletes their account, and that they’ll do so within 30 days,” explains Consumer Reports. “Even then, the terms specify that old backups containing user data could retain personal information.”

Worried your VPN may be engaging in invasive data collection or retention practices? Here’s how to protect your privacy.

Why Everyone – Including Some VPNs – Wants to Log Your Data

There are several reasons an entity or website may want to collect some portion of your personal data or browsing history – many of them legitimate.

This sampling is a mixed bag of the good, the bad, and the ugly of VPN data retention:

  1. To limit the terms of your subscription. Accessing a VPN service across too many of your devices can make wide-scale connection more difficult.
  2. To restrict your bandwidth. Your account may come with limits on how much bandwidth you can use per session. The only way to know that is by keeping a log everytime you sign in. If you see a “no log” promise and bandwidth usage practices used simultaneously, start asking questions.
  3. To support local authorities. Using a Virtual Private Servers (VPS) is a common VPN practice. According to Restore Privacy, “The problem is that rental servers will often maintain logs of server activity. Furthermore, local authorities can possibly force a server host to log data.” Meaning, they could simply bypass the VPN and go directly to the datacenter for information.
  4. To assist spying agencies. Big tech and international spying agencies have long been bedfellows. With one government request, a company or server could see a portion of its data end up in outside hands.
  5. To improve the service. User experience can be dashed with bugs and glitches. It’s why so many VPNs will log data under the guise of performance improvements.

Users Beware: What “Free” VPN Really Means

In tech there’s a saying: if you’re not paying for the product you are the product.

That’s certainly the case here. In order for a VPN to provide this “free” service, it’s likely they’ll have to log user data and sell it to other entities and third parties. Any mention of the word “free” should be an instant red flag. The same goes for browsing logs, which collect usage data and really amount to nothing more than spyware.

Instead, stick to one of these two other VPN types:

  • Connection logs – If you’re okay with having some basic info collected about when you logged on, where you connected, and which IP address you used, this is a good option. Just beware if you’re engaging in any illegal activities.
  • No logs – Always do your research and use discernment to determine whether this is fact or marketing fluff. A fully no-log policy can be difficult to achieve.

So how is it that VPN companies are able to get away with storing and even selling user data? The answer lies in the non-existent international standardising body. Without one, it’s up to the VPN providers themselves to define their own terms and keep them intentionally vague.

Avoiding the VPN to Dark Web Pipeline

If you’re not an international criminal, the chances of a VPN willingly overturning your data are slim. Still, that doesn’t mean that you shouldn’t be wary of having your online activities outed to bad actors. As PC Magazine recommends, “By choosing a VPN that is upfront about its logging policies, you can at least be sure that your data is used exactly as advertised by the company you’re relying on to protect it.”

And when you want a truly private browsing experience, go no-log. But make sure you read the fine print first.

Want to find out more?

Contact us