Which VPN Providers Are Truly Transparent?

Top10.com Staff
Transparency
If you’re searching for a new VPN, then your provider’s level of transparency is likely to be one of your top concerns. Many VPN users count on the service to mask their true identity or location.

While VPNs encrypt the connection between your computer and the VPN server, this does not mean that what you browse is hidden from the VPN provider itself (hint: the VPN company can decrypt the traffic and your DNS lookups if required).

Additionally, VPNs can and often are forced to comply with requests for user information by law enforcement agencies. The result, for some users, could be prosecution.

We surveyed the market on behalf of users that are concerned with finding a VPN that has exemplary transparent data collection and privacy practices. Users should always know where they stand with a VPN company in this respect—even if that means knowing that they are not zero-logs. The following 3 providers have gone beyond the industry standard in ensuring that that is the case.

1. ExpressVPN

ExpressVPN is our top recommendation for those looking for a transparent VPN provider.

ExpressVPN has not only developed tools to diagnose potential leaks into its own VPN service, it has made these tools open-source, so anyone can check ExpressVPN's level of risk, or any other VPNs privacy and security.

ExpressVPN's open-source leak testing tools test for a number of different leak types, such as:

  • DNS leaks
  • Bittorrent leaks
  • IP address leaks
  • IP traffic leaks
  • Leaks resulting from unstable network connections
  • Leaks resulting from VPN servers being unreachable
  • WebRTC leaks

While many VPNs publish their own internal transparency reports, ExpressVPN commissions third-party audits of its service in addition to its own internal audits. 

The company commissioned the cybersecurity outfit Cure53 to check the security of its Chrome browser extension. Cure53 found 8 security issues, rated no higher than medium, which indicates “good security,” according to the cybersecurity firm. ExpressVPN addressed these issues and released the findings. This is an excellent example of transparency in action.

ExpressVPN encourages the public and experts to look for bugs in its service, going as far as to offer financial rewards for those who find problems.

Express takes our number one spot because of its own transparency, and its commitment to raising standards for the whole VPN industry. The company has worked with the Center for Democracy and Technology to develop a questionnaire, Signals of Trustworthy VPNs, which VPN firms should be able to answer. This guards against VPN firms boasting about industry-leading security without having clear criteria of what constitutes such security. This lists includes questions about: 

  • Corporate responsibility and business model 
  • Logging/data collection practices and responding to law enforcement 
  • Security protocols and protections

We believe that this is just about as robust a transparency statement as can be hoped for in the VPN space, and for that reason it’s our top recommendation for those looking for a VPN that cares about transparency.

ExpressVPN ExpressVPN Visit ExpressVPN

2. CyberGhost

Our final recommendation for a transparency-first VPN provider is Cyberghost. The company, which is based in Bucharest, Romania, was the first in the world to put out an annual transparency report, a practice which many VPN providers have since adopted. The company says that it views honoring this tradition as “an integral part of its mission to defend privacy as a basic human right.”

Cyberghost provides comprehensive and publicly-accessible metrics about the type and quantity of user information that it is asked to disclose for various reasons. Its most recent data, for instance, indicates that the company received almost 28,000 complaints about violations of the Digital Millennium Copyright Act (DCMA) and 17 requests from police and other law enforcement agencies requesting access or usage logs.

The company also discloses that it does engage in measures designed to thwart illegal activity from taking place on its network. This includes analyzing ports that are commonly used for streaming peer to peer (P2P) torrent flies, and blocking them in countries where this form of information exchange has been made illegal.

According to its CTO, the company has always adhered to a “privacy by design” principle, by which it does not collect any type of data that it does not absolutely need. Under its logging guidelines, the company explains that as a Romania-based operation, it is not obliged under local laws to store any form of user data. This means that it is unable to comply with any requests from law enforcement agencies to turn over this information, even if they have a sound legal basis. According to the information disclosed in its latest transparency report, the number of police requests the company has received are also relatively small, averaging between 11 and 71 per year.

CyberGhost CyberGhost Visit CyberGhost

3. NordVPN

Another heavyweight in the transparent VPN world is NordVPN. The company recently made VPN history by completing an industry-first audit of its no logging policy. This was designed to provide an independent assessment of the quality of its no-logging practices, something which no provider had every previously undertaken.

The audit was undertaken by PricewaterhouseCoopers (PWC) and its findings were presented to a pre-selected list of journalists.

While the report reflects the nature of the company’s server network at a specific date in time (and cannot guarantee that the conditions remain the same at any given point in time beyond that), it did provide a complete overview of the company’s server network and backs up its claim that no publicly identifiable user details are being collected through the technology which the company operates.

The company has also made a significant effort to communicate its logging policies to users in plain language via its blog.

In a post about debunking VPN logging myths, the company strongly affirmed that it “does not keep logs” and “means it.” It added that its zero-log commitment was “the foundation of our service and the promise to our users that we are committed to keep.”

NordVPN NordVPN Visit NordVPN

4. Hotspot Shield

Hotspot Shield is our top recommendation for those looking for a transparent VPN provider.

Like many providers, Hotspot Shield puts out an annual Transparency Report. In its latest report it makes clear that while it “is regularly contacted by law enforcement agencies in the United States and in other countries” because it does not collect personally identifiable information about its users it “cannot identify an individual user based on a public-facing IP address.”

It also states that, to date, the VPN’s parent company, AnchorFree, “has never provided the identity or other personal information regarding our users to a government, law enforcement agency, or other third party.”

It also published a complete breakdown of the number of data requests it has received per year—and how much data it has handed over as a result of these (for every year so far the reported quantity is “none.”)

Hotspot Shield has stated that it aims to be a “good global citizen” and “protect its users privacy” although it is firmly against its VPN being used to conceal illegal online activity. Additionally, Hotspot Shield offers a complete directory of its entire server network and has a US-based support team.

We believe that this is just about as robust a transparency statement as can be hoped for in the VPN space, and for that reason it’s our top recommendation for those looking for a VPN that cares about transparency.

Hotspot Shield Hotspot Shield Visit Hotspot Shield

Go With A Transparency-First VPN

The 3 options that we recommend are great for any VPN user that wants to go with a provider that has gone beyond the call of duty to prioritize transparency. Our top recommendation is ExpressVPN, but Nord VPN and Cyberghost have both done more than their fair share to let their users know what information they collect and process and in what circumstances they might be compelled to pass that on to law enforcement agencies.

Top10.com Staff
Top10.com's editorial staff is a professional team of editors, writers and experts with dozens of years of experience covering consumer, financial and business products and services.