We are continually repeating that we prefer zero-logs VPN providers over those that store our activity on their servers. But with many VPNs claiming to be zero-logs, how can you know that they indeed are not logging anything?
And so, third party audits were created to prove such claims — and these days we’d like to see VPNs hiring respectable third parties to audit their policies.
PureVPN is joining this trend with a second no-logs audit, this time conducted by KPMG. The first audit was conducted by Altius IT and it did not find “any evidence of system configurations and/or system/service log files that independently, or collectively, could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.”
And while Altius IT is certainly a respectable company – it is not KPMG, which as you may know, is one of the Big Four auditing firms.
Expectedly, KPMG testified that PureVPN is true to its no-log claims, and it has never monitored or stored its users’ private data.
A word about KPMG
For those living under a rock, KPMG is one of the Big Four firms in its sector, specialized in risk management, advisory, tax, and auditing. Since it is a globally-trusted auditing firm, Fortune 500 companies frequently approach KPMG for auditing and assurance services.
KPMG has strategic alliances with some of the world’s biggest technology companies giving it a competitive advantage and the ability to analyze highly complex network infrastructures of global brands like PureVPN.
How KPMG audited PureVPN’s no-log claims?
PureVPN asked KPMG to thoroughly analyze its network to verify whether it meets the no-log claims, which state that:
- PureVPN doesn’t log a user’s origin IP address
- PureVPN doesn’t log a user’s assigned VPN IP
- PureVPN doesn’t log the specific time when a user connects to a VPN server
- PureVPN doesn’t log a user’s activities through its VPN connection.
The auditing process, according to PureVPN, included the inspection of the company’s complex infrastructure, server configurations, codebase, technical data logs, and global servers.
Also included were interviews of PureVPN’s staff involved in server maintenance and database handling. During the activity, KPMG also ensured that the audited technical data logs and server configurations are actually being used by PureVPN, not the other way around.
At the end of the process, KPMG verified in its report that PureVPN doesn’t monitor or store any personally identifiable information (PII) that could pose a privacy risk to its users.
PureVPN won’t stop here…
Commenting on the news, PureVPN said this is just the start as KPMG is now able to initiate a non-scheduled privacy audit at any time of the year, without any prior notice.
This “always-on” audit will enable users to hold PureVPN responsible for continuous no-log VPN experience. And this, apparently, makes PureVPN unique in the industry as it vowed to never log its users’ connection logs, browsing history, browsing activities, VPN session timestamps, assigned VPN IPs, original IPs and DNS queries
Can’t help but love what they did!