IPVanish has become the latest in a long line of premium VPN providers to put their privacy promises to the test with an independent audit. And the good news for both current and prospective users is that it passed with flying colours.
Leviathan looks at IPVanish
This particular independent audit was carried out by Leviathan Security Group, a US-based security and risk management consultancy.
Leviathan was given full access to the IPVanish tech and also given the opportunity to view corporate documentation and even interview staff.
They studied all technical documents and systems configurations and also assessed the IPVanish server deployment procedures. In addition, they spoke at length with those members of the IPVanish team who are responsible for the day-to-day upkeep of their servers.
Leviathan also ran a series of test traffic exercises which were designed to evaluate and assess IPVanish’s connection handling that generates potentially-logged data.
For technically minded readers, this process included forward and reverse DNS hostname lookups, traffic addressed to uncommon UDP and TCP ports, SMTP traffic, HTTP traffic, and TLS negotiations.
IPVanish also gave Leviathan access to a production endpoint server. This was examined at great detail and no evidence was identified to suggest that traffic or data was being stored.
This policy states that IPVanish does not retain data about the content or destination of customer sessions.
The policy goes on to detail exactly what information IPVanish guarantees not to log. This includes the content of your internet data, details of the websites and services you are visiting, and your search history.
It also specifically makes reference to apps running on your device, details any content of any uploads and downloads, and also information about anything you are streaming when connected to their service.
What this audit means for users
For current users of IPVanish, and other readers who might be considering signing up, there is no doubt this audit is good news.
Almost all VPNs claim to have a no user logs policy, but unless that policy has been confirmed by an independent audit, you are essentially taking them at their word.
With this audit, IPVanish joins a growing list of premium providers who have taken that step, one which we here at VPNCompare expect to be an industry norm in the very near future.
IPVanish definitely had something to prove on this front.
Back in 2018, the company’s prior owners were caught in a scandal when it emerged that in a historical criminal case back in 2016, a child sex offender was caught with the assistance of IPVanish.
Sounds like a good thing, but in order to assist, IPVanish must have had access to that individual’s user data, which scared many of its law abiding users who believed their data was private and secure.
Since then, IPVanish has changed owners twice and both have stressed that IPVanish’s no user logs promise was sound. But this audit is the first time that can be verified.
It is also worth noting that IPVanish is owned by a company called J2 Global, which is based in the USA.
While US law has no legal logging requirements, it does have a long history of state-sponsored online surveillance that will unnerve some privacy-conscious users and is also a member of the 5-eyes data sharing alliance.
For now, our view is that the IPVanish no user logs promise stands up to scrutiny, as proved by the independent audit carried out by Leviathan. We would have no hesitation in using IPVanish and would be confident that our data was not being logged.
But for those users who are really privacy-conscious, and particularly those who want to be absolutely certain their data is not going to fall into the hands of the US Government, our advice would be to stick with a VPN that is headquartered offshore.
This could be in a place like the British Virgin Islands or Panama, where there are absolutely no local data laws and no links to the 5-eyes network either.