In a statement, Express VPN claims that they do not and will never keep activity, connection logs. Let’s see if the claim is actually valid. According to Turkish sources, an Express VPN server was used to delete incriminating evidence in an ongoing investigation of the assassination of Andrei Karlov, the Russian Ambassador to Turkey.
On December 19, 2016, Mevlüt Mert Altıntaş, a police officer shot and killed Andrei Karlov at a photography exhibition in Ankara. After the assassination, which led to Altıntaş’ death, social media posts and emails written by the police officer were deleted via a VPN.
The Turkish authorities tracked the allocated IP address to Express VPN. But, they could not find any information revealing the perpetrators, due to the fact that Express VPN does not retain any data logs.
ExpressVPN is based in the British Virgin Islands. There are no data retention requirements here. The company also claims that they never possessed any customer connection logs that would enable them to know which customer was using the specific IPs cited by the investigators.
Express VPN Privacy Policy
We do not collect logs of your activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of your IP address, your outgoing VPN IP address, connection timestamp, or session duration.
Express VPN
From this statement, it is apparent that Express VPN collects no information that can harm user privacy. If you’r worrying “Does Express VPN keep logs”, then an independent audit conducted on Express VPN’s privacy policy confirmed that the VPN works in compliance with its privacy policy and keeps no connection logs.
This audit was conducted by PricewaterhouseCoopers (PwC). PwC’s audit examined ExpressVPN’s privacy policy and interviewed its team members to fulfill its requirements for a detailed report. This report also covered Express VPN’s no browsing activity logs and connection log policy. Hence, it is apparent that the Express VPN does not keep logs.
Which logs Are Kept by Express VPN?
Express VPN does not keep your logs. But, it still collects some data, necessary and vital for the VPN service provider to help them resolve service issues and improve their network. Express VPN keeps the following logs:
- Account details
- Connection dates
- Connected servers
- Amount of data transferred
- App updates
Do not panic here. ExpressVPN collects minimal logs from its users. They say that these logs that are kept do not individually identify users through their network activity. Such information is often tricky to use in a nefarious manner as it doesn’t contain details on what you were browsing, other than the time of day and the amount of data used.
Things ExpressVPN Never Keep Log
- IP addresses (source or VPN)
- Browsing history
- Traffic destination or metadata
- DNS queries
Does Express VPN keep logs Reddit?
If your’re worried about “Does Express VPN maintain logs”, then lets look at reddit. Here’s an eye-opening conversation between an anonymous Reddit user and ExpressVPN chat agent. Let’s look at respective dialogues.
ExpressVPN is fairly reputable when it comes to logging. However, I took a look at it and had a live chat with one of their agents. Here is how it went:
Thank you for visiting ExpressVPN. How can I help you today?
Me: I have a question about your privacy policy.
Chat agent: My name is Paula and I'm here to help. Sure, go ahead.
Me: You collect connections logs, right?
Paula: No, we do not. There diagnostics logs on your application but we do not get a way to get hold of it unless you send it to us.
Me: Your privacy policy says, and I quote:
Successful connection
We collect information about whether you have successfully established a VPN connection on a particular day (but not a specific time of the day), to which VPN location (but not your assigned outgoing IP address), and from which country/ISP (but not your source IP address).
So you know from which country and ISP I'm connecting from.
Paula: Yes, that is correct.
Me: So that contradicts your statement. What you are talking about is crash reports, which I'm well aware of. It'll be fairly easy to de-anonymize me from my ISP
Paula: This information can only be gathered if supplied to us by our customers by submitting their diagnostic logs.
Me: That opt-in diagnostics logs are separate section, collected by third party apps like Crashlytics and Sentry. The other successful connection logs you collect automatically. This is clearly stated in your policy.
Isn't it clear? You should read your policy before making a statement.
Hello? Are you still there? (She was not responding for a long time)
At last she responded
Paula: Yes, we are still collected. We'll look into this to make it more clear. Bear with me please.
Me: OK
After a very long time and no response, I tried again
Me: It's been a while, so you know my originating country and ISP, is that correct?
Paula: Rest assured, I don't. We don't have that information on our end as chat agents.
Now she is just playing with words.
Me: Well your policy says you do. “You” mean as a company. I am not meaning chat agents. You get that, right?
Paula: The information we receive is fully anonymized and cannot be tied back to individual ExpressVPN users (i.e., we do not store which user sent which data, and we do not store IP addresses).
Me: You are repeating the same passage from your page. I repeat: those are anonymous diagnostics and can be turned off. I'm talking about successful connection logs which is not anonymized. You really should talk to your superviser to clarify this
Paula: Upon activation of any ExpressVPN App, you will be asked if you would like to share these data.
Me: Yes, and those are crash reports and diagnostics, not connection logs.
Paula: We do not collect connection logs just those on the diagnostic logs.
Me: Then your privacy policy is not correct? It clearly says otherwise. It is outlined as "Successful connection", if you can't find it (I was getting snarky)
Paula: Yes, we were able to locate that. It is collected but remains on your computer only. The diagnostic log is not something we store on our side. It sits on your computer, not ours, and it's a temporary file that gets deleted each time you close the app. It is for you, not us, so that if you have connection difficulties, you can send us the diagnostic log, and our chat support can analyze it to figure out where the problem is. Again, it's not something we store, and it's up to you if you want to share it with us or not. I think almost every VPN provider will allow customers to pull down this log file to identify problems as part of the troubleshooting process.
Me: Yes, I totally get that. So you collect the diagnostics log and crash report if I choose to share and my country+ISP which I do not choose to share. For troubleshooting.
It's okay if you get my country and IP for troubleshooting. It just would be better if you delete those logs daily.
Now the last line gave her a new line of lie.
Paula: Yes, that is correct. Only if you allow us to do so. That information are deleted when you close the application.
Me: No, I have no control over sharing my country and ISP
My country and ISP logs gets deleted when I close the apps!! That's unbelievable and hilarious!! I don't think you know how the application works
Paula: I understand your sentiments and your hesitation. But this is how the app works. (She is not gonna lose this lifeline)
Me: Well thank you for your opinion, I think we have reached an impasse. Thank you for your time
So, they do store my country and ISP for troubleshooting. Apparently, they delete those from their server as soon as I close the application.
Don’t fall for VPN lies
