A connection log is a record of incoming and outgoing connections to a VPN server which may include:
- A user’s IP address
- The IP address of the VPN server a user connects to
- Timestamps for when a user connects and disconnects from a VPN
- The ability of the VPN provider to search and query all of the above
ExpressVPN’s systems were engineered to specifically never possess such VPN connection logs. In fact, we have engineered our apps and VPN servers to eliminate sensitive information categorically. ExpressVPN can never be compelled to provide customer data that do not exist.
Lots of providers claim to keep “no logs,” but don’t transparently describe what that means. ExpressVPN has a clear privacy policy that helps ensure none of our users can be tied to any specific activity or connection on our network—the user’s online activity is private, anonymous, and unknown to us as the VPN provider.
A VPN is a privacy tool, and ExpressVPN is a privacy company, so we go to significant measures to ensure the privacy and anonymity of user activity is preserved.
The risks of using a VPN provider that keeps connection logs
Connection logs allow a VPN provider, or anybody with access to the data, to match you to your VPN activity.
Connection log data is valuable, and some free VPN services will sell it to third-party providers, allowing them to target ads to you, learn about your behavior, and analyze how you use the internet.
But even if a VPN provider does not sell the connection logs, it could fall into the hands of hackers or authorities seizing unencrypted hard drives and equipment.
Logging also allows a legal authority or any of the sites you visit to approach your VPN provider with a request to identify you. The VPN provider might hand this information over voluntarily, or be compelled by a court to do so.
Only a VPN provider that keeps no connection logs cannot be compelled to hand over your connection information or make this data available to third parties.
What information does ExpressVPN keep?
To maintain a reliable VPN service, a company will have to retain some information about their users and server activity.
The critical question is whether the data kept can be potentially de-anonymizing. As long as these records cannot be used to connect you to particular actions, such as visiting a website or downloading a movie, your privacy and anonymity are still preserved.
No matter what information is kept, it’s highly important that the functionality and content of data retention are clear to the user, and that all changes and amendments are well communicated.
ExpressVPN does not keep either connection or activity logs
We will never collect anything about what users do with their VPN: No logs of traffic destination, DNS records, or data content.
ExpressVPN only keeps the bare minimum amount of information required to ensure our VPN service is highly reliable—and the data collected is not sufficient to tie any user to specific activity on our network. Making sure our service always works when users need it to work is an important part of protecting their privacy.
To provide our users with full transparency, ExpressVPN has a clear and detailed privacy policy.
ExpressVPN takes your privacy seriously and does NOT log any of the following sensitive information:
- Browsing history
- Traffic destination
- Data content
- DNS queries
- The original IP address that you connect from
- Your outgoing IP address (i.e., the ExpressVPN IP assigned to you once connected)
Is ExpressVPN required by law to retain VPN connection logs?
ExpressVPN is based in the BVI, which has no data retention laws. Countries including the United Kingdom and the United States do not have jurisdiction to compel a BVI company to produce records. But even if they did, we have nothing to produce.
The combination of our BVI jurisdiction, no activity logs, and no connection logs makes ExpressVPN an excellent choice for internet users concerned about their privacy.
Comments
Interesting read.
It’s always bad when someone pays for a privacy service and basically just gets a second ISP snooping on them. Most people never read privacy policies anymore. However if there’s ever a privacy policy that needs to be read it’s a VPN’s privacy policy. Even then that’s just more or less an agreement, I guess there’s really nothing stopping a VPN from breaking that privacy policy, or changing it as they see fit. So because of this it’s also good to keep track of the news and pay attention when a particular VPN service has been flushed out as a honeypot. I got to hand it to Express, not only is their privacy policy transparent but the unfortunate event that occurred with one of their Turkish servers more or less means Express is honoring their agreement. My opinion is you get what you pay for with VPNs. Also Express seems to be well involved in privacy activism , they advocate Tor usage and make a lot of articles on their blog about Tor. They even offer a onion link to get their service completely anonymously. I think they’re the only VPN that currently offers this, I’m not entirely sure. At any rate fight the good fight!
Yeah man! I’m telling you what!? What’s the point of a VPN is all your data and online activity are logged!
Thanks for bringing this up—it’s true that a privacy policy is just someone’s promise. Which is why we’re happy to say that the privacy protections stated in our privacy policy were recently independently audited by KPMG. https://www.expressvpn.com/blog/kpmg-privacy-policy-cure53-trustedserver-audit/