When you visit a VPN website, it will most probably say something on the lines of “zero logs” or “total anonymity” or maybe “we don’t monitor your data.”
All VPN companies make bold claims on their home pages. But if you look deeper and go through their privacy policies, you might find something different.
But wait, who actually goes through privacy policies and terms and conditions? I agree that it’s not possible to read through the privacy policies of all services but when it comes to services that secure our privacy, it’s important to see how they perform.
What’s in the privacy policy?
Companies are legally obligated to tell their customers what they do with their information. However, they might want to create a privacy policy that’s long and confusing so the user doesn’t understand what’s written there.
If there’s a privacy policy that you cannot understand simply because it has a lot of legal jargon or is too long to read, it’s best to consider other options. VPN companies know that a lot of customers like to read their privacy policies before making a buying decision. This is why many top companies keep short and simple privacy policies.
If you like a company’s services but they have a long and complicated privacy policy, make sure you read at least those parts that mention their tracking and monitoring policies.
If they engage in data mining, targeted advertising, or any invasive practices, make sure you stay away from them.
Reading a privacy policy becomes even more important when you get free services.
If you’re not paying for a product, then you’re the product. That’s the rule. So if you’re using a free VPN service, make sure you read their privacy policy.
Setting up a VPN company takes money and resources. You need to have servers in multiple countries.
There are only two ways you can get free VPN services. Maybe a company wants you to try their services so they provide limited data each month so you can move to a paid plan. Or maybe they monitor your activities and store your data to be sold to a third party.
If a VPN company sells your data to a third party, there’s no point of using such a VPN in the first place. So if you’re using a free VPN, MAKE SURE you read their privacy policy. If they don’t have a privacy policy or have a dicey one, don’t use it.
How much do they store and for how long?
It’s important to see what data they store. If a VPN stores only session durations and timestamps, you might think this partial logging won’t harm you. But the truth is that partial logging can reveal your true identity to the authorities.
Also, try to find out how long they store your data. If the data is wiped out as soon as the session ends, it’s safer than a permanent log. If they store your data for months, it means they can use it for targeted advertising or just handing it over to the government when they get a warrant.
Already using a VPN?
If you’re already using a VPN, make sure you visit their website and read their privacy policy. If you find out that they store your data, see if you can get your money back.
There are several VPNs that offer money-back guarantees. Most of these guarantees are limited to 30 days. So if it has been only a few days since you bought their services and you found out that that keep usage logs, you can opt-out and get your money back.
What exactly are VPN logs?
When you use a VPN, the provider can see everything you do – your real IP, the websites you open, how long you’ve been on a page, what data you sent, and every other thing you did online.
However, a good VPN provider will not keep a log of these details. If a company logs all these details, it might sell them to make profits.
As discussed earlier, there are some companies that store small details such as timestamps (when you used the VPN and when you stopped using it), and other small details. These details can be helpful if they are investigating a case.
So what you should be looking for, is an absolute logless VPN. Keep in mind that some data is used for improvement purposes. For example, the app crash log is kept by several companies to see if their app crashes too often and under what circumstances.
This is different than IP logs where the real IP address of the user is stored. If a VPN stores your IP address, it’s a big red flag.
Look for warrant canaries
When a company receives a gag order, it cannot inform its users that it has helped the government. So to let their customers know, some companies maintain warrant canaries.
Warrant canaries are web pages present on VPN companies that signify that they have not received any subpoenas from the government. If a VPN company removes their warrant canary page, it means that they have received a subpoena.
They cannot inform users that they received a gag order. Instead, they put a warrant canary that serves this purpose.
And of course, if a company doesn’t keep any logs, receiving a warrant won’t mean anything because they won’t have anything to share with the government anyway.
However, several VPN users consider warrant canaries as useful as it tells them when a company has received a gag order.
Learning the lesson
Going through the privacy policy is very important. Some people understand this and read the policies before buying the services. Some people learn it the hard way. If you’re planning to buy a VPN service or even if you already have it, make sure you read their privacy policy to see what things they store.
It’s best to avoid free services, but if you must go for a free VPN, go through its privacy policy and see what they store. If they don’t have a privacy page, do NOT use that VPN. So yeah, even if reading a policy means spending good 30 minutes of your life, it’s something worth doing.
The good thing is that many VPN companies understand that users like to read their privacy policies and hence they keep them short and simple.