We all know very well some of the benefits we can get by using a VPN service, like by-passing geo-blocking (when we cannot access a site due to our IP address), navigating anonymously or in a more private / secure way, etc, but here we will not talk about the benefits of a VPN, its concepts, or characteristics, but rather on how to use VPNs in a way that it adds an extra layer of security by discussing the VPN company’s place of incorporation.
The laws of the jurisdiction where a VPN company is formed, its no log-in policy, and the server location you use or connect to, play a big role when it comes to adding an extra privacy layer to your online navigation.
Just like any other business type, VPN companies can pick where to form an offshore company. Regulations vary from place to place, and some jurisdictions have better laws in place to facilitate the no log-in policy.
Put short, a no log-in policy is when a VPN company neither collects nor stores / keeps the users’ data, like their IP, pages they visit, cookies, or any other type of data about the client, except that information needed by the VPN company in order for the User to register or pay for the services.
Most popular jurisdictions for VPN providing no log-in policies:
the British Virgin Islands.
Seychelles.
Panama.
Countries to avoid:
The 5 eyes, 9 eyes, and 15 eyes Alliance is an surveillance alliance between some countries. These countries share intelligence information among them, and the level of information they share depends on the alliance they are in.
· USA
· UK
· Australia
· Canada
· New Zealand
· The Netherlands
· France
· Denmark
· Norway
· Belgium
· Italy
· Germany
· Spain
· Sweden
VPN companies formed in the USA are not required by law to keep logs, but a governmental entity (judge) could subpoena the company and require them to disclose all information the company has on this specific user and then the USA would disclose this information shared by the VPN company to other governmental entities or countries. In case the VPN company has a no-logs policy, then there would be little information to be shared, but in theory this little information would be shared.
So, from an users’ perspective, it is safer to subscribe to a VPN service that is formed in a jurisdiction where this information would not be easily obtained from a judicial perspective, and from a jurisdiction whose laws criminalize even data leaks (the BVI for example).
Of course there are many users who onboard VPN companies in the USA (even though it is part of the 5, 9, and the 14 eyes Countries, but they do it either because they (1) don’t know about the privacy laws, and (2) are not much concerned about getting discovered, as only “high-profile” criminals would be targeted or worth the effort from the government authorities, but not the regular joe who is not engaging in any illegal activity while using the VPN, so they are not very concerned about their level of privacy as they are not usually targeted by the intelligence authorities. In the US, even though there are no laws requiring you to collect logs from an US, you could get, by court order, the order to collect logs on a specific User.