Comparing VPN Providers' Privacy Policies
VPN network users care more about privacy than general internet users. Yet thanks to the perception of privacy policies as confusing, complex documents, many of the networks’ policies go unread. At vpnMentor, we want all internet users aware of their options and privacy rights. So, we’ll use the space below to analyze and compare major VPN providers' privacy policies.
Why Do the Privacy Policies for VPN Providers Need a Closer Look?
First off: VPN networks have more discerning users when it comes to privacy matters. After all, private browsing is the number 1 motivation for using a VPN, according to a recent poll. By comparing the networks’ policies side-by-side, users can judge which policy they think will afford them the most privacy.
Another reason: the “anonymity debate” currently engulfs the VPN industry. Some services promise “no logging at all,” while others argue operating without logs is infeasible. By law, the service’s privacy policy must tell users about information collection and use, so it becomes the best source to find out the truth on this issue.
VPN Providers' Privacy Policies - The Comparisons
Privacy policy detail varies widely among VPN services. The following analysis shows the policies for some of the top networks in our rankings.
Hide My Ass (HMA)
Hide My Ass’ policy is a long, detailed document that sacrifices scan-ability for information totality. Interestingly, HMA endured some negative publicity for its role in the capture of the Sony Pictures website hacker. This publicity helps explain why the company puts so much detail into their privacy and logging policies.
VyprVPN
VyprVPN presents a scan-able, plain English policy that explains the information it logs:
Overplay
Overplay Inc, on the other hand, offers very little in terms of policy detail:
Private Internet Access (PIA)
This network presents a scan-able, easy-to-read page that highlights a firm “no logging” policy.
The FBI recently put this VPN privacy policy to the test. In its case against Preston McWaters, law enforcement requested information from PIA’s corporate owner, London Trust Media, regarding McWaters’ activities while using PIA. Essentially, the FBI wanted to prove a series of bomb threat emails originated from McWaters’ IP address. Yet thanks to its lack of logs, the company could only show the cluster of IP addresses being used came from the east coast of the U.S., where McWaters lived. So, to prove its case, the FBI turned to alternate leads such as phone tracking, social media records, and bank records.
International Law and VPN Privacy Policies
Over 100 countries and independent jurisdictions and territories around the world have now adopted comprehensive data protection/privacy laws. Most of the information in this article pertains to U.S. rules and regulations. If the website and/or company is based elsewhere, the rules regarding privacy policy agreements may be different.
Credit: Banisar, David, National Comprehensive Data Protection/Privacy Laws and Bills 2016 Map (April 30, 2016).
ExpressVPN is a good example of how a provider’s location affects its privacy and information logging operations. It is registered out of the British Virgin Islands, where there are no data retention laws. As a result, ExpressVPN does not keep, monitor, or store time stamps, bandwidth usage, traffic logs, IP addresses, or any other kind of log records. Conversely, HMA is based out of London, UK. Their privacy policy, including their detailed logging policy, is partly a result of its location requirements.
Payment Methods as a Privacy Factor
The payment methods adopted by VPN providers can also disclose crucial details about your usage. Using Paypal, a credit card, or direct bank withdrawal to pay for the service leaves a significant informational footprint. Despite a VPN’s privacy policy guaranteeing data protection, it may concede to releasing financial records when subjected to legal demands such as a subpoena.
This makes services that accept bitcoin and other cryptocurrencies more appealing to many concerned users. They eliminate billing information requirements and make a user even more isolated from his/her online activity.
Privacy Policy Detail Will Be Key for VPN Providers Going Forward
Collecting sensitive consumer information is an increasingly vital part of daily business. As more e-commerce transactions occur, networks are exposed to more consumer data than ever before. Unfortunately, governments and 3rd parties, like the online advertising industry, can easily gain access without users’ knowledge. One of the biggest reasons they get away with it: no one reads online privacy policies. While the push for “plain English” privacy policies gains traction, there is so far no data to show that more people are reading the agreements.
As online privacy issues gain more momentum, we expect these VPN privacy policies to provide more detail while still considering scan-ability and readability. We hope they become detailed documents, written for general readers (i.e. no legalese), with strong protections for user privacy.
In the meantime, vpnMentor will continue monitoring the privacy policies for web services and VPNs, so you don’t have to.
Your data is exposed to the websites you visit!
Your IP Address:
Your Location:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.
About the Author
John Norris worked as a tech writer, journalist, and instructional designer before turning to tech blogging in 2013. While focusing on digital security and privacy issues, he is interested in any tech area that can enrich people's lives.