Privacy is one of the major reasons to choose a VPN, but can you be sure that your chosen provider is as serious about secrecy as they claim? Many VPNs make bold claims about keeping “zero logs” and respecting user privacy, but their claims melt away under scrutiny. Is Windscribe one of those deceptive operators, or can you trust them with your data? Let’s drill down into the Windscribe logging stance to find out where it stands.
Does Windscribe keep logs? What the VPN claims
According to Windscribe itself, the company’s logging policy is pretty tight. It promises to keep “no identifying logs”, making it impossible for staff or external investigators to link individual users to either IP addresses or time stamps.
- Windscribe uses no tracking cookies or analytical tools from third party providers. But they do use an open source analysis platform called Piwik to analyze traffic on their website.
- The VPN is very vague when it comes to how it would respond to data requests from law enforcement or intelligence agencies. All it states is that “Since we store the bare minimum for a customer to actually use our service, any request for user data would yield nothing of value.” This isn’t very helpful, but it’s backed up by a Transparency Report, which documents that Windscribe has responded to zero DMCA or law enforcement requests, despite receiving a small number every year.
What about Windscribe’s jurisdiction: Does it matter?
Windscribe’s stance on responding to information requests is a good sign. But it’s worth remembering that the VPN is based in Canada – one of the so-called 5 eyes countries.
Moreover, Canada’s intelligence agencies have a track record of expanding their metadata collection processes without seeking authorization or informing citizens.
Additionally, Canada has taken a relatively hostile stance towards VPNs which permit P2P downloads.
Laws passed in 2015 appeared to require VPNs to keep logs of P2P transfers.
Windscribe seems to realize this, which may be why its Canadian servers appear with a “crossed out” P2P icon next to them. This advises users not to use these servers for torrenting or other P2P activity. But what happens if customers do use their Canadian servers isn’t clear. The implications may make skeptical users think again about using Windscribe as their VPN of choice.
What information is stored under the Windscribe logging policy?
There may be other reasons to think that the company’s marketing material is not the whole story when answering the question does Windscribe keep logs. For one thing, the VPN openly states that it records “the total amount of bandwidth used in a 30 day period to enforce free tier limitations and prevent abuse” as well as when users last logged onto the Windscribe service.
It’s important to note that this information isn’t stored permanently. Instead, Windscribe records it on a “rolling” basis, deleting data after a certain time period (once a month, on the day you registered with the VPN).
While you are logged onto the Windscribe network, the VPN also records your OpenVPN/IKEv2 username, which server(s) you connect to, how long you are connected, and the amount of data your transfer. This data is explicitly kept “for the duration of your session”, and is presumably erased as soon as you disconnect.
What is the Windscribe position on device sharing?
There’s another important side to analysing the Windscribe logging stance: how the company deals with multiple devices. Windscribe doesn’t permit multiple devices to connect via their basic VPN.
In fact, in its EULA agreement Windscribe makes it clear that it intends to police how users manage their connections. The agreement states that “each licensed copy of Windscribe VPN may be used on one single computer location by one user, unless otherwise specified.”
What isn’t mentioned here is whether the VPN can see if you are using multiple computers at once. Cynics might assume that they have systems in place to detect people who are abusing their EULA. After all, Windscribe is a profit-making business, and its business model is pretty clear about selling single subscriptions.
Putting logging into context: Windscribe’s general security setup
So far, we’ve been critical of some aspects of Windscribe’s policies. But this can be taken too far. What we’ve uncovered is not out of the ordinary with VPNs, and it has to be set alongside the positives.
We’ve mentioned some of these, such as the use of zero tracking cookies, their no logs policy, and rolling data deletion. But Windscribe offers more security features than that. For instance, it offers:
- Anonymous payments in Bitcoin
In fact, Windscribe is so crypto-friendly, that you can set up part of your account to run a Monero miner and earn account uprades free of charge.
- Very strong encryption
256-bit AES encryption with SHA512 authentication and 4096-bit RSA keys should be more than sufficient to keep data safe as it passes over the Windscribe network.
- Multiple protocols
Windscribe offers an innovative range of connection modes, with unusual options like OpenVPN with Websocket, pure OpenVPN, and even the option of backsliding to UDP if necessary.
The bottom line: What is the deal with Windscribe logging?
It’s easy to pick fault with VPNs where logging is concerned, but no provider is perfect. Windscribe honestly seeks to operate a no logging policy, and admirably tries to combat law enforcement and DMCA requests. It is hostile towards cookies, and seems to have no links to data sellers.
But as with any VPN, there are some blind spots, such as Windscribe’s policy on preventing multiple connections. And any 5 eyes VPN is suspect for many people. So exercise caution, but not too much. As far as Canadian VPNs go, Windscribe is pretty safe.