You have to be careful when choosing a VPN provider because there are many things to consider.
And once you get through all the features and benefits – which tend to be similar between providers – one thing that can make the VPN provider stand out, for better or for worse, is its logging policy.
A VPN provider’s logging policy is its Achille’s heel. And ExpressVPN is generally considered a serious, privacy-focused VPN provider.
So does ExpressVPN log your data? No, they do not.
But what does that mean for ExpressVPN? Let’s find out.
What Makes a Trustworthy VPN?
I wrote in the opening paragraph that there are many things to consider when choosing a VPN provider. But what does that mean exactly?
It means you should find the answers to the following questions:
Security Considerations in Assessing VPNs Providers
- Encryption Strength: Which ciphers does the provider support? Are they weak and obsolete? Are they free of known vulnerabilities?
- VPN Kill Switch: Do they outfit their apps with a network kill switch that will block your traffic in the event of a disconnect?
- DNS Leak Protection: Do they supply in-tunnel no-logging DNS servers?
- Ads & Tracker Blocking: Does their service include an ad and tracker blocker?
- WebRTC Protection: Are they susceptible to WebRTC leaks?
- Tor Over VPN: Do they support routing your VPN traffic through Tor?
- Jurisdiction: Are they based in a 14 Eyes jurisdiction and is it legal for them to run a no-logging service?
- Support for Anonymous Payments: Can you pay using cash or Bitcoin?
Everything on this list is important and should be answered before you part with your money. But, for me, the logging policy takes the crown as the most important thing to consider.
Why is the Logging Policy so Important?
The logging policy is so important because, without a strong no-logging commitment, everything else loses its potency.
So the VPN protocols and ciphers they use may well be strong and secure, but if they log your traffic, what did you gain from your VPN connection?
And it’s the same thing for any other feature you can think of: DNS leak protection, kill switches, or even diskless servers. If you can’t get a clear answer to the question “Do you keep logs?”, then they don’t deserve your business. Move on.
And do not use a free VPN service, ever.
If you do, you can bet that they’re logging most everything you do while on their network and you may even have the happy surprise of having them inject ads into your traffic. Stay away.
Choose your VPN provider carefully and be familiar with their logging policy.
What Does No-Logging Mean?
A trustworthy no-logging policy means:
- No traffic logs
- No IP address logs
- No connection logs
- No connection/disconnection timestamps
- No bandwidth logs
When going on the Internet without a VPN, all your traffic is flowing over your ISP’s network. And they can, of course, see everything you do on their network.
The same is true when using a VPN, except you’re taken your ISP’s ability to spy on you and your data and handed it over to your VPN provider.
So it’s essential that they don’t log. If they do, you’ve wasted your money on the illusion of security, which is presumably worse than not being secure and knowing it.Visit ExpressVPN (35% off)
So, What About ExpressVPN’s Logging Policy?
ExpressVPN’s website has a page dedicated to explaining their no-logging policy. The first thing we see on that page is this:
It’s always interesting to see not only what they talk about, but how they talk about it. Do they understand what they’re talking about?
Determining that also helps in assessing the trustworthiness of the provider.
A bit lower on the page, we find this:
I like what we find here. They’re obviously sensitive to the issue of logging. They understand the issue and they’re specific in defining their no-logging policy.
Further, if we look at TorrentFreak’s annual Which VPN Providers Really Take Anonymity Seriously in 2020? guide, in which TorrentFreak asks a series of privacy & security questions to the top VPN providers, we find this:
“[Q:] What steps would be taken in the event a court orders your company to identify an active or former user of your service? How would your company respond to a court order that requires you to log activity for a user going forward? Have these scenarios ever played out in the past?”
“[A:] Legally our company is only bound to respect subpoenas and court orders when they originate from the British Virgin Islands government or in conjunction with BVI authorities via a mutual legal assistance treaty. As a general rule, we reply to law enforcement inquiries by informing the investigator that we do not possess any data that could link activity or IP addresses to a specific user. Regarding a demand that we log activity going forward: were anyone ever to make such a request, we would refuse to re-engineer our systems in a way that infringes on the privacy protections that our customers trust us to uphold.”
That’s pretty solid, in my opinion.
It Still Is, and Always Will Be, a Trust Issue
That’s right. It still comes down to trust.
A provider can have as many policies as it wants, whether it adheres to its own policies is another question.
ExpressVPN wanted to demonstrate that its security and privacy claims on their VPN servers infrastructure were true, so they asked the PricewaterhouseCoopers firm to audit them, in 2019.
And the results were positive, and their infrastructure was deemed secure, as stated in their blog post.
They couldn’t post the specific results of the report in the blog post, because PricewaterhouseCoopers does not permit the publishing of excerpts, so as to avoid the results being taken out of context and misunderstood.
However, ExpressVPN users can access the full report by logging into the ExpressVPN website.
We’re happy to see ExpressVPN take this road and hope other commercial VPN providers will do the same.Visit ExpressVPN (35% off)
Does ExpressVPN keep a history of your activities?
We trust that ExpressVPN is adhering to its policies. They’re a secure VPN provider.
Can the fact I'm using ExpressVPN be traced?
In one sense yes, in the other, no.
So yes, in the sense that your ISP will be able to see that you’re connecting to a VPN.
They will also know the IP address of the server you’re connecting to, so they can find out it belongs to ExpressVPN. In that sense, it’s “traced”.
But in a more meaningful sense, your ISP cannot see what you are doing once connected to the VPN.
They could make guesses, if they really wanted to, by analyzing traffic patterns to try and deduce what you’re doing. But there are many areas for which this approach would simply be useless.
Does ExpressVPN keep logs? No, they do not.
ExpressVPN takes the privacy and security of their users to heart and, as such, they’re an excellent choice for anyone looking for a serious VPN provider that ticks the right boxes.
For more information on this VPN provider, check out our review of ExpressVPN.
To sign-up to ExpressVPN, head over to their website.
We’ve also written other articles that focus on other aspects of ExpressVPN’s service:
Does ExpressVPN Keep Logs?
By Marc Dahan
Last updated: July 13, 2020