That was a list of very good articles. I think, there should be mentioned in this thread that the definition of some VPN's anti-log policy is that they won't log your activities but they will log the IP addresses that customers use to access the VPN. There is no point to use such VPN, it looks like to wear a transparent mask in public and lie to yourself that no one sees your actual face.
The problem is that it is very hard to pinpoint exactly the interpretation that each VPN provider has regarding "No logs policy". Eventually we get to know the interpretation of each company when a case such as the one in my previous post is reported. If you go today to PureVPN privacy policy[1] you'll see that they refer that they don't collect your origin IP, which totally happened in the previous report[2]. WBM has many snapshots of the privacy policy of PureVPN and in 2016 they stated that[3]:
You are Invisible – Even We Cannot See What You Do Online
We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers. Our servers automatically record the time at which you connect to any of our servers, and the IP that was given to you. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time you connected to any of our servers and disconnected is counted as a session, and your total sessions are kept in record to maintain quality of our service, along with the total bandwidth used. This helps us understand the flow of traffic to specific servers so we could optimize them better.
Out of curiosity I've checked the same page in 2018 - after the alleged colaboration with the FBI happened[2] - and the previous definition is somewhat different:
We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers. Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a “connection” and the total bandwidth used during this connection is called “bandwidth”. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.
They casually removed the part that they told you they kept the IP given to the user and the part that "The time you connected to any of our servers and disconnected is counted as a session,(...)" was also edited. All in all this just screams shady behaviour and I surely wouldn't touch PureVPN even with a stick.
@o_e_l_e_o - In a totally different realm of VPN providers, here is an interesting take on the guys behind Mullvad that I found while browsing Reddit[1]:
10 years ago i was working at in a shared office where companies could hire a room. We all had a common lunch place and shared microwaves.
There I met two security nerds. They never shutdown their computers and if it happened, they did a full format and reinstalled the os - because if security.
They spoke with passion about security fixes they made in the vpn client that no other had.
They got many requests regularly from others that they should add there server as an endpoint - and they sad always no. All endpoints must be 100% secure by their knowledge. Never trust anyone.
If they had to leave a laptop they used some old coffee paper trick so that one could not open the lid without visible marks.
I was super impressed by them and have never met any like them. I guess they have grown out of their tiny office now, Mullvad.
Albeit we should take this with a grain of salt, I would definitely feel a bit better knowing that the guys who are behind Mullvad have such high standards of security in real life...
[1]
https://www.purevpn.com/privacy-policy.php[2]
https://torrentfreak.com/purevpn-explains-how-it-helped-the-fbi-catch-a-cyberstalker-171016/[3]
https://web.archive.org/web/20160108132127/https://www.purevpn.com/privacy-policy.php[4]
https://web.archive.org/web/20180121070615/https://www.purevpn.com/privacy-policy.php[5]
https://news.ycombinator.com/item?id=31005767