These VPNs Were Caught Lying About Their 'No-Log' Policies

7 min read
vpn no-logs privacy scam
Table of Contents

“We don’t keep logs.”

- Every VPN ever

”Here are the logs we gave to the FBI.”

- Also those same VPNs

IPVanish had a “zero-logs” policy until the FBI asked for logs. Then they found plenty, enough to arrest someone. PureVPN’s “no logs” meant nothing when they handed the FBI connection records that solved a cyberstalking case. HideMyAss wasn’t hiding anything when they gave authorities the data to arrest a LulzSec hacker.

Let’s be absolutely clear: I believe in VPN technology. Used correctly with proper architecture, VPNs can provide real privacy. But “no-logs” has become a meaningless marketing checkbox that companies tick while secretly recording everything.

The difference between VPNs that actually protect you and those that will sell you out? Whether their no-logs claim has been tested in court. Only about five VPNs have passed that test. The rest? They’re just promises waiting to be broken.

Here are the VPNs caught red-handed lying about logs—with receipts.

30-Second Truth Bomb

  • IPVanish “no logs” = Gave logs to FBI, user arrested
  • PureVPN “no logs” = Handed logs for cyberstalking case
  • HideMyAss “no logs” = LulzSec hacker caught via their logs
  • Only proven no-logs: PIA, Mullvad (tested in court)
  • “No logs” means nothing without court/raid verification
🔥 r/VPN Posted by u/zelcon01 36mo ago
↑ 32

I'm talking to an IT person that has told me that "All VPNs keep logs, some just delete them after a short time, like a week for understanding user experience for example." Is this true? I thought there were completely logless VPNs?

💬 35 comments 🏆 32 upvotes 📈 89% upvoted 🤬 Rant-o-Meter: High
Top Comments (5)
u/bigkids ↑ 43 36mo ago
Yes, all VPN have logs. As far as to what they log is a different story.

Sometimes they must log to issue bug fixes on a persistant error message some user gets. Some log the websites you visit in order to cache the websites to save bandwidth.

They can have many reasons.
u/billdietrich1 ↑ 12 36mo ago
There are different versions of "logging":

- server keeps every detail of last 5 minutes of activity, so it can be analyzed in case of a crash

- server keeps a database of all account IDs and a running total of GB transferred and a "current number of devices logged in on this account" for control purposes (enforce limits on accounts)

- server keeps a history of activity by you...
u/frankentriple ↑ 9 36mo ago
The only vpn without logs is one you run yourself. Full stop. What they log and what they will give to Leo is up for discussion. Services don’t run without logs. No way to troubleshoot something broken.
u/EduRJBR ↑ 3 36mo ago
You must always assume that everything will be logged. The only rational ~~concert~~ concern is about who has access to these logs. And you must always assume that a lot of people or entities could access these logs, one way or another.
View all 35 comments on Reddit →

The Villains: Caught Red-Handed

1. IPVanish: The “No-Logging” VPN That Logged Everything

For years, IPVanish was one of the most vocal proponents of a “zero-logs” policy. Then, court documents from a 2016 Homeland Security investigation revealed the ugly truth. In a criminal case, HSI traced an IP address to IPVanish. After initially denying they had any data, they reportedly found a treasure trove of information on a suspect.

They handed over the user’s real name, email address, their actual Comcast IP address, and detailed connection logs showing when they connected and disconnected from the VPN and the IRC server in question.

So much for “no logs.”

2. PureVPN: Pure Lies

In 2017, PureVPN’s marketing was all about privacy and anonymity. But when the FBI came calling during a cyberstalking investigation, their principles reportedly evaporated. The FBI was investigating a man for harassing his ex-roommate, and they suspected he was using PureVPN to cover his tracks.

According to court documents, PureVPN was able to provide the FBI with logs showing that the same customer had accessed their service from two IP addresses: the suspect’s home and his workplace. This was reportedly the key piece of evidence that tied him to the crime. In my opinion, their “zero-log” policy was misleading.

3. HideMyAss (HMA): Hiding Nothing from the Feds

The name itself should have been a red flag. In 2011, a member of the LulzSec hacking group, Cody Kretsinger, used HMA to hack into Sony Pictures. When the FBI investigated, they served HMA with a UK court order.

HMA, despite its privacy-focused branding, reportedly complied without a fight. According to court documents, they handed over connection logs that allowed the FBI to identify and arrest Kretsinger. They later admitted in a blog post that they log connection times and IP addresses to deal with “abusive users.” In other words, they log.

4. EarthVPN: Down to Earth Betrayal

According to reports, a Dutch man allegedly used EarthVPN to send bomb threats to his school. He probably believed their “no logs” promise. He was reportedly wrong. Dutch police seized one of EarthVPN’s servers in the Netherlands and allegedly found enough data to track him down.

EarthVPN’s excuse? They blamed the datacenter, claiming they were the ones logging traffic. It’s the same old story: when caught, pass the buck. It doesn’t matter who does the logging; if your data isn’t safe, the VPN has failed.

5. NordVPN: The Policy Reversal (But No Proven Logs)

Sometimes the deception is more subtle. For years, NordVPN’s entire marketing identity was built on its Panama jurisdiction, claiming they “will not comply” with requests from foreign governments. Then, they quietly edited their policy to say they “will only comply” if the requests are lawful.

That’s a complete 180, a bait-and-switch on their most fundamental promise in my opinion.

Here’s the nuance: Unlike IPVanish, PureVPN, and HMA, NordVPN hasn’t been caught handing over logs in court. Their 2018 breach was about infrastructure compromise, not logging policy violation.

Post-breach improvements:

  • Switched to RAM-only servers (can’t store logs even if they wanted to)
  • Independent audits confirming no-logs claims (Deloitte 2022)
  • Transparency reports showing law enforcement request responses
  • Diskless infrastructure (data wiped on reboot)

My take: They lied about their legal stance (bad). They haven’t been proven to log user activity (good). They’re in the middle ground between “proven liars” and “proven honest.”

Would I trust them with journalist-level privacy needs? No. Would I trust them for hiding Netflix geo-location? Yeah, probably.

Know your threat model.

The Heroes: No Logs, Proven in Court

So, is everyone lying? Not quite. A few VPNs have had their no-log policies tested in court and came out clean.

Private Internet Access (PIA) has been subpoenaed by the FBI on at least two separate occasions (in 2016 and 2018). Both times, according to court documents, the company could only state that the IP addresses in question belonged to their servers. They had no user data, no connection logs, and nothing to link any activity to a specific account. They were asked for logs and had nothing to give. That’s a no-log policy with teeth.

Windscribe had its policy validated when its founder was personally taken to court in Greece over a data breach that was traced to a Windscribe IP. He couldn’t provide any data because none existed. The case was a real-world, high-stakes test that Windscribe passed with flying colors.

Mullvad faced its own test in 2023 when Swedish police raided their offices with a search warrant, looking for customer data. According to Mullvad’s statement, they left with nothing, because there was nothing to find. Mullvad’s commitment to not collecting user data was reportedly proven by an actual police raid.

How to Verify “No-Logs” Claims Yourself

Trusting a VPN’s marketing is a fool’s game. Here’s how you actually verify their claims:

  1. Court Cases: The ultimate test. Has the VPN ever been forced to produce logs in court? If they have, they’re liars. If they’ve been taken to court and produced nothing (like PIA), that’s a huge vote of confidence.

  2. Independent Audits: Reputable VPNs now hire independent auditing firms (like the Big Four accounting firms) to go through their systems and verify their no-log claims. It’s not foolproof, but it’s a hell of a lot better than a marketing slogan.

  3. RAM-Only Servers: Some VPNs are moving to RAM-only servers. This means no data is ever written to a hard drive. When the server is rebooted, any data on it is wiped clean. It’s a technical safeguard against logging, whether intentional or accidental.

🔍 Don’t Trust Me? Verify This Yourself

Want to see the raw data behind my claims? Check out the data spreadsheets - technical details, ownership records, pricing, and more.

  1. Google “IPVanish Homeland Security logs 2016”
  2. Search “PureVPN FBI logs 2017”
  3. Look up “HideMyAss LulzSec arrest logs”
  4. Find “Mullvad police raid 2023” - they found nothing
  5. Search “Private Internet Access FBI subpoena no logs”

Bottom Line

Don’t be a sucker. A VPN’s promises are worthless until they’re tested. Do your own research, look for the evidence, and don’t trust any company that’s been caught lying. Your privacy depends on it.

🧪 Test This Yourself

Verify who’s lying about logs:

  • Search “[VPN name] + FBI + logs + court”
  • Check for audits: “[VPN name] independent audit Big Four”
  • Look for court tests: “[VPN name] subpoena response”
  • Find raid results: “[VPN name] police raid servers”
  • Technical check: “[VPN name] RAM-only servers” (can’t store logs)
The Angry Dev

Do NOT trust review sites. Affiliate commissions dictate their rankings. This is an affiliate site too, but I’m being honest about what I earn and I rank by quality instead of payout. Even if it means I get paid $0. Read about my approach and why I stopped bullshitting. Here’s the raw data so you can fact-check everything.

VPNs | Hosting | Storage | Tools

Related Posts