How We Evaluate Privacy
Marketing claims mean nothing. We evaluate VPN privacy on five verifiable factors:
- Jurisdiction: Which country's laws govern the VPN provider? Does that country require data retention?
- No-Log Policy: Has the no-log policy been independently audited by a reputable firm, or proven in court/police action?
- Ownership Transparency: Is the company ownership public? Does it have conflicts of interest?
- Open Source: Are the apps open-source and independently auditable?
- Real-World Track Record: Has the VPN been subpoenaed? What happened?
Privacy Rankings
| VPN | Jurisdiction | Log Audit | Open Source | Real-World Test | Privacy Score |
|---|
| Mullvad | Sweden | Cure53 | ✓ | Police raid failed | 10/10 |
| ProtonVPN | Switzerland | Securitum | ✓ | Court order: no data | 9.8/10 |
| PIA | USA | Not audited | ✓ | FBI subpoena: no data (twice) | 9.5/10 |
| NordVPN | Panama | Deloitte 2022 | ✗ | 2019 breach resolved | 9.0/10 |
| ExpressVPN | BVI | KPMG 2022 | ✗ | Server seized: no data | 8.8/10 |
| Surfshark | Netherlands | Deloitte 2023 | ✗ | Not tested | 8.5/10 |
The Five Eyes Problem
The "Five Eyes" intelligence alliance includes the US, UK, Australia, Canada, and New Zealand. Member countries share intelligence with each other, and companies based in these countries can be compelled to provide user data through secret court orders (like FISA in the US).
Nine Eyes and Fourteen Eyes extend this sharing to additional European countries. For maximum privacy, prefer VPNs based outside these jurisdictions.
| Alliance | Members | VPN Impact |
|---|
| Five Eyes | US, UK, AU, CA, NZ | Highest risk — secret warrants possible |
| Nine Eyes | + FR, DK, NL, NO | Higher risk — intelligence sharing |
| Fourteen Eyes | + DE, BE, IT, ES, SE | Moderate risk — looser cooperation |
| Outside Eyes | Panama, Switzerland, Romania, BVI | Lowest risk — strong privacy laws |
What "Audited No-Log Policy" Actually Means
A no-log audit means an independent security firm examined the VPN's server infrastructure and logging systems to verify that user activity data is not being stored. Here's what each type of audit tells you:
- Infrastructure audit (Deloitte, PwC, KPMG): Verified that no logs exist on VPN servers at the time of audit. Gold standard — these are the biggest audit firms in the world.
- App audit (Cure53): Verifies the client apps don't leak data. Important but narrower than infrastructure audits.
- Court/police verification: Real-world proof — a government attempted to obtain user data and received nothing. More compelling than any audit because it's adversarial, not cooperative.
For High-Risk Users
If you're a journalist, dissident, activist, or otherwise at risk from state surveillance, you need a stricter setup than the average user:
- Use Mullvad or ProtonVPN: Both have court/police-tested no-log policies. Mullvad requires zero personal information to sign up.
- Use Tor over VPN: ProtonVPN supports Tor over VPN, which routes your traffic through the Tor network after the VPN — adding an additional layer of anonymity.
- Pay anonymously: Mullvad accepts cash and Monero. ProtonVPN accepts Bitcoin and cash.
- Use a separate device: Don't use the same device for VPN-protected browsing and logged-in accounts. Browser fingerprinting can identify you regardless of IP address.
- Enable kill switch: Ensure your VPN app's kill switch is enabled so all traffic stops if the VPN drops.
Our Privacy Recommendations
Maximum anonymity: Mullvad — No personal info required, police raid tested, DAITA obfuscation
Privacy + usability: ProtonVPN — Swiss jurisdiction, open-source, Secure Core, Tor over VPN
Privacy + streaming: NordVPN — Panama jurisdiction, Deloitte-audited, best all-around