What is a VPN’s no logs policy?
No log’s policies have become a standard mark for whether a VPN is trustworthy or not – and many aren’t! A no log’s policy essentially promises users that their personal data will not be recorded or “logged” by the VPN company. Keeping traffic records of user activity is unfortunately a common business model of many disreputable VPNs which earn a revenue by selling metadata to third parties.
This is where the problem lies: VPNs need to promise privacy-preserving conduct because they can, in principle, keep full traffic logs of what users do through their VPN servers. VPNs that promise not to keep traffic logs have been shown, after cooperation with authorities, to actually have been keeping logs all along!
While no log’s policies are a move in the right direction, they are ultimately inadequate: users must trust the VPN company won’t mishandle their data, and in the end they will never know. NymVPN is fundamentally different: no promises are required with the guarantee of a private network design.
How a zero-knowledge network works
Here’s how the Nym network is designed to offer much better privacy that any Virtual Private Network (VPN)’s no log’s policy can:
-
Nym Can’t Log: Nym Technologies does not operate servers on the network and thus never handles, has access to, or can log users traffic records.*
-
Operator No Log’s Commitments: The operators (or nodes) that do handle your traffic sign Terms & Conditions to not keep traffic logs of the data they handle.
-
Network Failsafe: Even if a node does break T&Cs and keep logs of traffic passing through their server, this data would be partial and meaningless: no point on the network will be able to connect a user’s personal information with that of their destination. At all points, users remain unlinkable to what they do.
- For the NymVPN Beta version, some error logs are stored on the user’s device to help with app improvement during the Beta testing phase. These logs are automatically deleted after a short period of time. Users also can opt-in to share error logs with Nym to help the dev team improve the performance of the app. These operational logs will never be shared with third parties or be accessible by Nym node operators. See Question 4 in the Nym Trust Center.
Let’s walk through each of these aspects of Nym’s zero-knowledge network.
Nym can’t log
Why? Because Nym Technologies does not own or operate any servers (or nodes) on the Nym network! Every node is independently owned and operated. So Nym never has access to your traffic data. This is the ultimate safeguard of user anonymity:
-
There is no centralized server handling user traffic
-
There is no centralized database of traffic records
-
Even user payments are unlinkable to their traffic on the network with the novel use of zk-nyms anonymous credentials.
For users, this means the assurance that the privacy risks posed by other centralized VPN services are taken off the table:
Nym knows nothing about user activity thanks to the decentralized and permissionless architecture of the Nym network.
No log’s policies for Nym nodes
What about the Nym nodes that do handle user traffic? Can they keep logs? Why should we trust them? It’s simple: the decentralized Nym network makes it so you don’t have to trust them.
Node no log’s policies
To maximize the anonymity of users, all nodes on the Nym network sign Terms & Conditions (T&Cs) in which they agree to not keep logs of user traffic.
But doesn’t this promise amount to the same thing that other VPN’s offer? No, because even if a malicious node violates its T&C by keeping and/or sharing logs with third parties (in which case it could be removed from the Nym network), whatever logs kept would be essentially meaningless.
Network Failsafe: Partial logs = zero-knowledge
Is it technically possible for a node to keep logs of traffic passing through their server: yes. But don’t worry, even if they did, the logs cannot reveal anything about the content of the communication, the full route of traffic, or the connection between the user and destination. It would just be unlinkable, partial encrypted data packets.
Imagine someone hands you a single puzzle piece: you would not be able to know what the whole picture is with this alone. Now imagine someone hands you single puzzle pieces each from thousands of different puzzles. This is essentially the type of information an individual node would have access to: fragmentary, encrypted pieces of data from many different users at the same time. Keeping records of these partial fragments is pointless because they will never see or handle any of the other pieces of data that together form the whole of a user’s full traffic record.
When it comes to understanding what traffic logs in general can reveal about a user and their activities online, it’s important to keep a number of things in mind.
-
Content is unreadable: When using any VPN with reliable encryption, or even a direct web connection with standard HTTPS or TLS/SSL encryption, the content of web traffic cannot be accessed or recorded while in transit.
-
VPN logging concerns metadata: While encryption prevents access to the content of traffic, encrypted traffic leaks metadata: information such as IP addresses of sender and recipient, timing signatures of when a message is sent and received, data encryption types and sizes of packets, and frequencies/durations of connections. When this information is logged on a centralized spot, especially over long periods of time for a user, it can reveal a lot more about someone than the content of any particular message can.
- A full traffic log means that a user’s IP address is linkable to that of their destination on the public web (even if this link is made through the use of an intermediary proxy like a VPN).
With NymVPN, (1) content is protected by state-of-the-art, multi-layered tunneled encryption, (2) metadata is protected against even AI-powered network surveillance, and (3) there is zero possibility of full traffic logs being acquired on the network.
How traffic passes through the Nym network
Even though the Nym is structurally designed to solve the problem of data logging and the weaknesses of VPN no log’s policies, it is still important to consider how user traffic is routed through the Nym network.
With NymVPN, users can select the degree of anonymity and speed they need for their life online. Whether you’re using NymVPN’s Anonymous Mode or Fast Mode with WireGuard, the situation is the same but with different degrees of anonymity: each stop your data makes on route to its final destination will only have a partial view of your traffic. The difference between NymVPN’s two modes hinges on how much distance you need between you and your traffic, or how much speed you need.
NymVPN Fast Mode
For private browsing with speeds comparable to other premium VPNs, NymVPN’s Fast Mode will probably suffice.
So what information can nodes on this routing procedure see and potentially log? Compare all the points in the Nym network against a normal, centralized VPN in terms of who can connect the IP of the user to their destination on the web.
Explanation
-
Entry Node: Can see a user’s IP address (unless hidden first by another proxy) but not the IP address of the destination on the web (only the IP of the Exit Node will be viewable)
-
Exit Node: Cannot see a user’s IP address (only that of the Entry Node), but can see the IP address of the destination.
So assume that a malicious node does log a user’s traffic on their server: the data cannot link a user with their destination (and thus what they are doing online and with whom they are communicating). Logs remain zero-knowledge.
NymVPN Anonymous Mode
If you need maximum privacy, the Anonymous Mode is NymVPN’s ultimate privacy solution, utilizing a 5-hop routing protocol with multi-layer encryption and added network noise.
What information can be viewed by nodes on the mixnet?
Explanation
-
The entry gateway can see a user’s IP address but not that of their destination (4 distinct servers intervene between the entry gateway and public web).
-
The three mix nodes in the middle cannot see either the IP addresses of the sender and recipient, meaning they are fully blind to the full route of a user’s traffic.
-
The exit gateway can see the IP address of the web destination but not the IP of the sender (4 distinct mixnet servers separate the two).
Conclusion
VPN no log’s policies boil down to a promise to users: the VPN provider pledges that they will not keep records of your traffic as it passes through their servers. In the end, most VPNs can only cloak your IP address from the public web if they are first given access to all of it through their usually centralized servers which replace your IP address with their own.
This is the problem for digital privacy: if your full traffic records are recorded on these servers, then your privacy can be undermined by data breaches or governmental overreach and surveillance.
Nym thinks that relying on the promise of a private company to not keep logs of our online activities isn’t enough to protect our privacy. To take online privacy to the next level, Nym has designed a network where NymVPN can’t log by network design. So let’s stop looking for promises from centralized VPN companies and invest in decentralized technology that protects online privacy for everyone by default.
To read Nym’s responses to the Center for Democracy and Technology (CDT)’s questions regarding corporate responsibility, check out Nym’s Trust Center.
