PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Your VPN Might Be Spying on You—Here’s How to Tell

A VPN is supposed to protect your privacy, not monitor your activity. Learn how to know if your VPN is keeping logs of your online behavior, why it matters, and what you can do about it.

Justyn Newman
 & Justyn Newman Senior Writer, Security

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Lily Yeh/PCMag/iStock/D3Damon)

When VPNs mention "logs," they’re talking about records of your online activity—like your personal info, browsing history, and data usage. Most websites and services, including your internet service provider, already collect this kind of data using cookies, trackers, and ads. These bits of information help build a digital fingerprint that can be used to identify you and target you with ads. While a VPN can help block this kind of tracking, it also has the ability to collect logs itself. Here’s how to find out if your VPN keeps logs—and why that matters for your privacy.

This article was made possible in part by Proton VPN. It was written and edited independently without partner oversight.

Does Every VPN Keep Logs?

It depends. Most make sufficient efforts to minimize data retention, but the majority retain some form of temporary data just so you can use the service. A good VPN won’t retain identifying information such as your IP address or browsing activity. However, some services do keep anonymized aggregate data for analytics. While it isn’t very likely for this information to be used in a malicious attack, it is still personal data, and it could theoretically be used to identify you. 

You’ll see the term “no-log VPN” used by a lot of services. A service that uses this term claims that it doesn’t keep user data in any accessible form. However, some short-form retention is necessary for a network application to work properly. This information tends to consist of connection timestamps and bandwidth usage, and it's often kept in RAM-only servers that automatically get erased when you disconnect from the VPN, or on some regular schedule. 

Some companies go one step further with privacy and use a zero-knowledge (ZK) approach. ZK, as a standard, has more weight behind it than simply claiming not to retain logs. To be considered a zero-knowledge VPN, a company cannot have access to user data in any readable form, including by employees. This obfuscation is often achieved with a combination of cryptographic keys, RAM-based servers, and strict security measures to ensure compliance.

How to Tell if Your VPN Keeps Logs

At first glance, it can be difficult to glean what information a VPN actually retains. It requires digging to get the fine details. You should skip all of the flashy landing page claims and go right to the privacy policy.

Recommended by Our Editors

The Best VPN Services for 2026
The Best VPN Services for 2026
The Best VPNs for Torrenting in 2026
The Best VPNs for Torrenting in 2026
The Best VPNs for Netflix in 2026
The Best VPNs for Netflix in 2026

When I test VPNs, I go through the policy in fine detail. It should outline exactly how the company handles user data. You’ll find out what a company really means when it says it is no-logs or zero-knowledge. There will be variance between VPNs that use the same terms, so it is worth scanning the privacy policy even if you see familiar claims being made. 

Ultimately, you have to take all of these claims at face value unless they have been substantiated by a third party. One way that is done is through security audits. A company will work with firms such as Deloitte, KPMG, and Cure53 to independently verify its privacy policy, security claims, and compliance measures. If a report is available, I recommend reading it or the summary of findings. It will offer great insight into a VPN’s privacy practices. Pay attention to when the last audit was performed. An audit from a few years ago likely won’t be representative of the service today. VPNs that value privacy and transparency undergo frequent, annual audits to ensure consumers are informed. 

Another good indicator of privacy compliance is a transparency report. This is often a self-published document that outlines the requests the VPN has received from copyright holders and law enforcement agencies.

What to Do if Your VPN Keeps Logs

Simply put, I recommend picking a different service if you find out that your preferred VPN keeps logs that you are uncomfortable with. You don’t have to compromise your privacy to get a good deal. There are plenty of affordable VPNs out there that don’t retain logs and deliver an excellent service.

On top of that, consider using an ad blocker, password manager, and private browser to build up a robust privacy toolkit that you can tailor to your needs.

About Our Expert

Justyn Newman

Justyn Newman

Senior Writer, Security

My Experience

My writing journey started in 2012 and has taken me through various niches, but my main focus has always been on tech. I contributed to several growing PC hardware and software sites, focusing on gaming, peripherals, and privacy.

As the amount of information we put out on the internet has grown, so have the threats and the tools we use to combat them. With VPNs gaining traction in the late 2010s as a tool for the public instead of just an option for business security, I found myself reviewing countless options in this continuously changing landscape.

This led to my role before PCMag over at WizCase, where I honed my knowledge of VPNs and privacy tools and eventually oversaw all of the content produced. I led a talented team of fellow writers and editors to evaluate VPNs, password managers, antivirus, and parental controls.

The Technology I Use

I love small-form-factor PCs. My current ITX build uses an ASRock B650i motherboard, 32GB of RAM, a Ryzen 5 7600X, and an EVGA 3060 Ti, all nestled within the beautiful LZX-8 case by Lazer3D.

I have that connected to an MSI 34-inch ultrawide as my primary monitor. My second monitor is an older Acer 24-inch that only houses Discord and YouTube Music. Since I spend most of my time writing, I value a good keyboard. I use a Neo65 with Gazzew U4T Silent Bobas. My mouse is a Logitech MX Master 3S. For audio, I have a set of Edifier R1280Ts, or I’ll wear my trusty Sennheiser HD 6XXs. 

For work, I use a Lenovo P14s connected to everything mentioned above. If I'm taking personal work or studying on the go, I use a sticker-bombed Framework 13 powered by a Ryzen 5 7640U. Specifically for drafting fiction, I built a writing ‘cyberdeck’ that connects to my Neo 65 for a Raspbian-powered writing setup with minimal distractions. Regarding mobile devices, I’ve been on the Pixel train since the first one launched, and I am currently using a Pixel 9 Pro.

Outside of computing, I always carry a few key pieces of tech on my person. I have a Kindle Scribe that I use for note-taking and reading the latest speculative fiction. For music, I carry a Walkman NW-A55 with a pair of Rose Technics QuietSea IEMs. I do some light gaming on my re-shelled PSP 3000 running Infinity 2.0 CFW. When I'm not at the computer, you’ll usually find me lugging around my Pentax K1000 with a couple of rolls of Ektar 100 on standby.

Read the latest from Justyn Newman

Read full bio