VPN Logging Policies: What 'No Logs' Actually Means

Every VPN service claims some version of 'no logs.' It's the single most important marketing claim in the industry and the most frequently misleading. A VPN can truthfully say 'no activity logs' while keeping metadata that's almost as useful for identifying you. Understanding what the claims actually mean — and how to verify them — is the core of choosing a trustworthy VPN.

The Types of Logs

Activity logs record what you do through the VPN — which sites you visited, what data you transferred. These are what people mean when they worry about logs. A VPN that keeps activity logs can be subpoenaed, hacked, or choose to sell the data. They're the most sensitive type.

Connection logs record when you connected, which server you used, and how long you were connected. They don't capture your activity, but combined with other data — like the time you were connected matching the time of some event — they can identify you. Some 'no logs' VPNs keep connection logs.

Metadata like your account's total bandwidth usage per day is often retained for billing purposes by subscription VPNs. Not enough to identify individual actions, but enough to confirm you were using the VPN at a particular time. Anonymous payment methods reduce this risk.

The Audit Question

Self-reported 'no logs' policies are words. They can say anything. Independent audits — where a security firm examines the VPN provider's infrastructure and verifies that the claimed policies are actually implemented — are more meaningful. Mullvad, ProtonVPN, ExpressVPN, and NordVPN have all commissioned third-party audits with varying scope.

Here's the thing — even audits are snapshots. An audit verifies what was in place at audit time. What happens a year later, after staff changes, acquisitions, or government pressure, isn't covered. The VPN's track record when actually tested by law enforcement is more meaningful than any audit.

The Canary and the Warrant Tests

Several VPN providers maintain warrant canaries — periodic statements that they have received zero government requests. When the canary disappears, it implies a request was received that legally prevents them from disclosing it. It's a workaround for gag orders, not a guarantee. ExpressVPN's servers were seized in 2021 by Turkish authorities investigating a murder — they reportedly found no useful data on the servers, validating their no-logs claim in the most real possible test.