The basic premise of a VPN service provider is to offer online anonymity and complete privacy to the user. Every mainstream VPN service provider charges a monthly premium for users to enjoy VPN technologies that will allow them to hide their IP address and to encrypt their online data transfer. Sadly, nowadays, most users are unaware of how their VPN usage data is being handled by their VPN company.
It is becoming increasingly difficult to determine whom to trust while choosing a VPN service provider. Every commercial VPN company aims at generating maximum revenue and such a strategy include advertising false pretexts of 100% online anonymity.
Recent controversies surrounding intrusion into user privacy has forced several VPN users to reconsider their stand while choosing a VPN service provider. We have to admit that not all VPN service providers are safe, and there are VPN companies that choose to please Governments and other regulatory agencies, rather than safeguarding the interests of their users.
Over the past few years, we have been successful in differentiating between several VPN service providers that support online privacy and those that don’t. However, the current situation demands more information relating to data logging policies and we have decided to delve deep into various VPN service providers to understand which VPN service providers offer complete online anonymity to their users.
To correctly analyze a VPN service provider, we have come up with a set of rules that will allow us to understand whether a VPN service provider will be able to protect its users against any and all forms of privacy attacks.
Rule 1: The Signup Process
This is one of the most important, and perhaps, the most crucial aspect of a VPN subscription. Most financial transactions can only take place by revealing the original user identity, and every VPN account is usually linked with a financial account. Hence, all VPN related activities can be traced back to a user.
Therefore, as a rule of thumb, it is our priority to choose a VPN service provider that offers multiple payment modes. Online payments are safer than credit cards, and there are anonymous online payment gateways that allow 100% online anonymity, such as BitCoin.
Better still, it would be beneficial for the user if a VPN company chooses to keep the financial information of a user separate from their VPN account. In such a case, the company keeps all financial information at a single place, all the while assigning unique and varying login parameters for VPN usage that cannot be associated with the payment information. This ensures that no VPN related activity can be traced back to the original user.
Rule 2: Where Is The VPN Company Based In?
The geographical location of a VPN company usually plays a major role in deciding the overall user oriented privacy. Some countries have mandatory data retention laws, while other countries have powerful data regulatory agencies that maintain a strict set of rules for VPN companies to adhere to. In other countries, courts play a detrimental role in retrieving user oriented browsing data from VPN companies, and it depends on the strength of the court, Government and judiciary powers.
Ultimately, a VPN company is the final authority to decide whether it wants to assist the Government or any other regulatory authority in disclosing private user browsing data. Therefore, we are also looking at the overall strength of a Government versus the intent and dedication of a company towards their VPN subscribers. This takes us to Rule 3.
Rule 3: Data Logging & IP Traffic Mixing
Clearly, data logging is the most important part of online anonymity for a VPN subscriber. We don’t understand why VPN companies feel the need to log a user’s browsing data, if they promise 100% anonymity. Some VPN companies associate an IP address and a timestamp with a specific user that will help them track online activities to a specific user. Under other instances, every traffic data that’s been encrypted will be stored for future reference.
Any VPN service provider that does not log any kind of activity or does not keep any data related to a user’s online browsing activity is considered as a safe, secure and anonymous VPN service provider. No data log means that there is no user-oriented data for anybody to retrieve. Under such circumstances, no amount of court order or Government intrusion can likely pinpoint online activities to a single user.
We also support VPN technologies that adopt traffic mixing and IP sharing that enables all users to share IP addresses and mixes traffic data so that no single activity can be traced to a single user.
Rule 4: Takedown Notices
Let’s face it. Takedown notices have become a common occurrence, and several ISPs are slapped with takedown notices to prevent users from violating copyright laws. ISPs are in full support of various third party organizations such as the DMCA to fully incorporate and support copyright laws by taking strict disciplinary action against copyright infringement cases. Several cases are also being taken to court.
However, several VPN companies are also supporting organizations such as the DMCA in combating piracy, and to do so, they keep log of user browsing data to protect the VPN Company from a possible lawsuit. This ultimately affects the user who used a VPN to protect their privacy in the first place.
If a VPN company is pretty explicit in their stand with the DMCA, chances are that they log user oriented browsing data. However, if a VPN service provider clarifies that action will only be taken upon receipt of such a notice, there are chances that the VPN service provider has data logging methods in place to be used at a moment’s notice.
Truly anonymous VPN companies do not follow such practices. These VPN companies ignore takedown notices sent forward by third party organizations, and only respond to court orders. And when it comes to a lawsuit, they can prove that the VPN servers in question does not actually host the copyrighted file in question, and it is a mere tool that is used for transferring data, which is not illegal in any country or jurisdiction.
There are cases which require the VPN Company to disclose a user’s browsing data, under which circumstances, the VPN service provider won’t have any logs to disclose. Therefore, it becomes impossible for any court or investigative authority to find the source or user.
This kind of privacy and anonymity is excellent for users who value their privacy. Hence, lack of compliance with DMCA or other relevant agencies is a surefire way of knowing whether the VPN company in question logs user data or not.