Anyone who knows a server knows that it is extremely difficult to run it WITHOUT protocols (log files). Especially rented server systems are and must be monitored by the operators and landlords. This has mainly technical reasons, but it is wrong to claim that there are no log files. So every time a server is not owned by the VPN provider, log files will be created, this is also regulated in the lease agreements of the server operators. But how can a VPN provider talk about not saving log files? And how much attention is paid to the privacy of users when one exaggerates so excessively here?
VPN Provider With No Log Files
Especially last year, customers of a “Dutch VPN service”, which placed particular emphasis on “no logs” in advertising messages, were tracked down by authorities via the log files of the server providers. The server hoster (landlord) had to hand over the servers directly on instruction of authorities and in the course of this also hand over all log files referring to it.
The result was the exposure of almost all users of this provider, and their activities through this server. The provider terminated the contract with the server housing (operator), but the operator had already had to hand over the log files to the authorities weeks before.
Information to the users was therefore not even possible, as the VPN provider had not experienced it himself. But even on the day all the data was handed over, his website said “Absolutely no log files”.
In the forum of another provider we found a discussion in which entries and questions of the users were deleted when it came to the topic “data security and cooperation with serverhousing companies”. The company did not seem to like the questions about the server owners.
Some questions to ask when VPN providers rent servers:
- How can “leased servers or cloud-based servers” prevent the operators of these servers from making an unnoticed copy of the server and all data on it?
- How can rented servers prevent a tampered copy of the servers from being created that skims users’ data unnoticed?
- What happens to the data if the servers are no longer needed or become defective? Or simply the lease with the VPN service is terminated?
- If a VPN service does not own the servers itself, how can it ensure that there are no backdoors or universal keys?
The qualitative provider does not rent servers that would allow access by the operators, but above all he does not promise that no protocols will be created, nor which he himself then could not control or even influence. An own infrastructure is therefore a decisive quality feature of providers who take the protection of privacy seriously.
VPN Providers Use Own Networks
Many VPN providers (with the exception of a few) do not use their own network, but let third-party companies operate their network. In order to operate the network itself, the servers, routers and switches must belong to the VPN providers themselves and must also be operated by their own technicians. If your VPN provider does not provide this hardware itself, “Monitoring” and also “Logging” can be used at the entrance and exit of the server. This can mean that all your activities can also be recorded when using the VPN service.
For example, if you hear two people talking in a restaurant, you can gather enough information about what they are talking about even if you don’t know their names. And if a VPN provider does not operate its own servers and routers, the data that is being sent and received can be monitored similarly to the example mentioned. Even if the provider does not save any log files, the activities can still be logged by third parties. No logging is then not the decisive factor.
A quality provider will not only buy and operate its own hardware, but will also definitely take care of the routers and switches used at the installation site itself. Providers who only rent a network or have no control over the hardware used cannot guarantee data security or privacy. Log files are the lesser evil.
Is logging bad?
By storing minimal protocols (log files) on servers or in networks, it is possible to ensure that users can also maintain the highest level of security, stability and speed. It is therefore not a question whether log files are stored, but for what purpose they are created and how long and for what purpose they are used.
“One of the things I would say to a large company is not that you can’t collect any data, but that you should only collect the data and hold it for as long as necessary for the operation of the business.”
Minimal protocol for VPN providers therefore has the following advantages:
- Improved speed and performance as this logging allows technicians to optimize the network
- Improved stability and availability of the network by identifying and eliminating sources of error in good time.
- Improved trustworthiness, as security problems can already be detected at a low level, which could harm both the provider and the user.
- Individual connection problems of users can be better and faster solved or bypassed.
- Different tariffs can be created and implemented according to the customer’s requirements. In this way, the prices for the individual user can be kept lower.
- The network can be protected against misuse and hacker attacks, which also improves the security of individual users
- Abusive users can be identified and banned, as they could also pose a danger to operations and other users.