VPN privacy policies decoded: Introduction

As we’ve mentioned before on this blog, not all commercial VPN services are concerned about protecting your privacy, with some platforms presenting just as many surveillance risks as a regular ISP.

VPN services are, of course, free to log your data and there’s nothing dishonest about this practice if it’s openly disclosed. However, these days the acronym “VPN” has almost become a synonym for “online privacy” and many VPN companies appear to trade on this association, even if what they offer is not a real privacy service.

Therefore it’s always important to read a VPN services privacy policy before signing-up, ensuring you’re data is protected and you’re not paying for something on the basis of your erroneous assumptions, or misleading marketing. But what should you look out for in a privacy policy? What concerns should you have and what questions should you ask?

In this series of posts we’re going to take a closer look at some of the most popular VPN services. We will break down their privacy polices and see if they are really focused on protecting your personal data.

VPN privacy policy guides

Below are links to all the privacy policy guides in this series of articles. Be sure to check back regularly, as new guides will be added over the coming weeks. Scroll down further to read more on our criteria for assessing privacy policies. Click the following link to access IVPN’s privacy policy.

VPN privacy policies decoded: Hide My Ass

VPN privacy policies decoded: StrongVPN

VPN privacy policies decoded: AirVPN 

VPN privacy policies decoded: WiTopia

VPN privacy policies decoded: BoxPN

Privacy policies: The key elements to consider:

Clarity of policy and language used

It goes without saying that any privacy policy should be easy to read and free of jargon. It also needs to be specific, letting you know exactly where the VPN service stands.

Type of data being logged

What kind of data is being stored by the VPN service? Are they keeping logs of websites visited? Do they know your IP address and the times that your connecting to their servers? What about billing information and data used for advertising purposes? Of course, every VPN service will capture some data on its users. But we need to determine what data is most sensitive in terms of your privacy, what reason they have for collecting that data, and to what extent is the data anonymised.

Duration of data retention

Many VPN services store logs for a temporary period in order to troubleshoot problems and detect abuse on their networks. But beyond a couple of weeks, such data retention is not really necessary – unless it’s being used for potential surveillance scenarios. It’s therefore very important to know how long a VPN service retains data.

Data sharing with third parties

Does a VPN service share data with third party advertisers or other companies? What data is it sharing? What will happen if the company is acquired by a different company that wants to share data – will the user be told? Advertising data is not as sensitive as your web logs or email logs, but how a VPN service treats such data – even if it collects it at all - is a good indication of how serious it is about online privacy.

Approach to DMCA notices

DMCA stands for the Digital Millennium Copyright Act. A DMCA notice is – for our purposes - a legal tool used by copyright holders to force online services providers to disclose information on individuals suspected of copyright infringement. It’s therefore important to know how a VPN service will respond to such notices, what information it is able to disclose and whether it will protect the privacy of its users.

behavior when surveillance legislation changes

Surveillance across the world is undergoing something of an overhaul, as governments attempt to keep up with new tools of communication. Therefore it’s a possibility laws will change in a VPN services jurisdiction, which may impact its ability to protect its users privacy. Will the VPN inform customers of any impending changes that may affect its service? How will it adapt to the changes and will subscribers get a refund?

For more information on protecting your online privacy see our privacy guide section. You can find out more on how VPNs work by visiting our FAQs.

Featured posts

Related posts

Privacy & Security

IVPN TunnelCrack vulnerability assessment

Posted on September 7, 2023 by IVPN Staff

Context TunnelCrack is the combination of two independent security vulnerabilities (LocalNet attack and ServerIP attack) that affect VPN applications. The research paper detailing these vulnerabilities was published and presented on 11 August 2023. IVPN apps were not tested by the researchers, and unlike other providers, we did not receive a vulnerability disclosure.

Privacy & Security

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.