Keeping it private: 5 VPNs that have been verified to keep no logs Verified and proven October 9, 2019 https://www.techspot.com/news/82259-keeping-private-5-vpns-have-verified-keep-no.html
Huh, so that affiliated blog (RestorePrivacy) author, Sven, is still saying this. What he & many ppl don't understand is that logs not found on a seized server is nothing (compared to the opposite), as Windscribe dev clarified. The problem of audit has also been discussed here many times, tho it's surely better than nothing (ofc I know IVPN had audit too). Only VPN verified to some extent is PIA among the named ones - "to some extent" because those were just FBI requests and not NSL. We have better objective measures to see how each VPN vendor takes our privacy, I discussed in past and @mirimir knows this. Note one of the recommended VPN in the article held user passwords in plaintext IIRC.
you want the simple truth? here: not a single company would refrain from cooperating with law enforcement and judicial authorities, let alone with nsa, for $10/mo. and there is no "no logs" policy. there's just equivocal definitions of it. if you keep no logs, you can't stay in the business. that's the truth.
Ridiculous. What part of no doesn't anyone understand? and I'm sure the logs don't come from trees. (Duh)
IVPN claims that it can do all required abuse prevention in real time, and that there's no need to keep any logs. Its radius server does track number of current logins, but that's either done in RAM or /tmp/.
The reason is it's impossible to run VPN service w/ literally no log. I thought it's a common knowledge here, but if you didn't know (well, IIRC you already know), search for your VPN's privacy policy & other official resources. Every reputable VPN providers explain what they log and how in clear words, so you can decide if they matter to you or not.
I know all that and I think you've missed my point. What I'm taking issue with (from the article in the first post) is the common stupidity when people have to stretch the meanings of two simple words to mean something else or worse, place doubt on what they mean in the first place. "No logs" simply means "no logs".
On Linux, log files go in /var/log/. And they persist long term, typically with provision for compressing old ones to save space. Conversely, files saved in /tmp do not persist. By default, they're deleted during shutdown. And when security matters, /tmp is typically a ramdisk. VPN servers shouldn't write anything anywhere. Authentication servers do need to recognize users, so there's a database with stuff like usernames and password hashes. Typically they also need to track which users are connected, to enforce connection limits. But there's no reason for that information to persist. There's no need to retain logs. Abuse can be managed real time. Logs are like radioactive waste.
Im not so sure about that. If I were to setup bunch of VPN servers for commercial reasons (or even free) I would sure like to have permanent logs of number of devices connected by user X and how much bandwith the user X is using during each time period. Makes a lot easier to kick out DDOSin script kiddies.
