PureVPN is the latest VPN provider to open up its books to a third party, hiring security firm Altius IT to audit its no-log claims.
During the audit, Altius IT checked PureVPN to ensure that no logs were kept regarding subscriber browsing activities, connection logs, assigned VPN IP, user’s originating IP address, connection time, browsing history, visited websites, outgoing traffic, and DNS queries.
Altius IT also analyzed PureVPN’s network infrastructure documents, system configurations, and system log files to verify its no logging claims. Following the completion of the audit, Altius IT went on the record to officially state that it has given PureVPN a full bill of health, stating that it:
Did not find any evidence of system configurations and/or system/service log files that independently, or collectively, could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.
In 2018, following news that PureVPN had helped the FBI to solve a crime by providing connection logs for its servers, the firm decided to change its logging policies to become zero-logs.
While the case in which PureVPN helped the FBI to perform a time-correlation attack was extremely targeted - and in our eyes did not unduly tarnish its reputation - it is always a positive step for any VPN to decide to become a no logs service.
Now, PureVPN has taken its no-logs claims to the next level, by getting an independent seal of approval that its policies are water tight. The audit puts PureVPN in-league with a minority of commercial VPNs that have forked out from their own pockets to have their service verified by independent auditors.
Speaking about the audit, PureVPN told ProPrivacy.com that it hopes the results will give its users confidence in the service:
“PureVPN has a demonstrated history of being Customer Driven in everything we do from our core policies to features requests to innovations. The same has been demonstrated time and again by our leadership writing to customers, yearning for first-hand feedback to reading each and every feedback and responding emails. Our journey from no-browsing logs to Zero-log is no different. We take pride in being declared the first VPN provider that achieved full GDPR compliance by Industry's top voices, including CNET, and in having a Privacy Policy so comprehensive that it's unmatched to date.”
PureVPN’s decision to become a zero-logs service puts it in line with the very best VPN providers on the market. And, due to the price of a PureVPN subscription, it serves to make the service extremely competitive indeed. There can be no doubt that it is one of the few services that has massively improved its service over the past few years.
Commitment to privacy
A no-logs VPN never has data lying about on its servers that could potentially later be handed over to the authorities - if they are approached with a warrant. And, because PureVPN’s base in Hong Kong is considered non-invasive in terms of surveillance; PureVPN can now be considered much more of an all-rounder in terms of privacy. PureVPN told us:
“This Audit is a series of steps that we are taking to further cement our commitment to true privacy. Apart from being the first to comply with GDPR and having the most transparent Privacy Policy, PureVPN is the first and only provider to have a public paid bug bounty program where 90,000+ strong community of white hat hackers continuously test and strengthen our service. We strive day and night to deliver more and more value to millions of subscribers in over 120 countries who trust their security and privacy with us.”
While here at ProPrivacy.com we acknowledge the limitations of this kind of audit - namely that it is only an audit of the service at a particular snapshot in time - we also understand that this is the best available way for VPN providers to go the extra mile and prove their effectiveness and commitment to user privacy.
Here at ProPrivacy.com, we commend PureVPN for making the effort to prove its logging policies via independent audit. We hope more VPNs will follow in the steps of PureVPN, NordVPN, VyprVPN, and TunnelBear VPN going forward. There really is no better way to improve the reputation of the VPN industry than to open services to reputable third-party audits on a regular basis. PureVPN commented:
“We evaluated dozens before selecting Altius IT due to their credentials and high profile customer base. Also, we conducted many other small audits prior to it and we will continue our march towards getting audited from independent and reputable institutions. PureVPN believes the audit is a continuous process, and it has to be conducted after a decent interval of time to ensure users the service is keeping its promise.”