Best VPN Jurisdictions – Understanding 5 Eyes, 9 Eyes, and 14 Eyes
As you become more familiar with VPN’s and what they mean, we start to get into the finer details. One of these is jurisdiction. This means where is the company who runs your VPN based and what laws are applicable to them.
Online, you will find many competing opinions. Some saying that you should never use a VPN in a jurisdiction of one of the 14 eyes countries as your logs could be given over by law. While others claim it makes no difference.
Truthfully, it comes down to the company and the country. We look at cases where companies have withstood law enforcement agencies and held up their zero logs policies. While others have lied, and handed over logs they promised they didn’t even keep.
So, let’s go through and break this down step by step, demystifying the jargon as we go and finding it whether there really is an ideal country for your VPN to be based.
Why Does Jurisdiction Matters?
Every country around the world have their own data privacy laws. Some countries care more about the privacy of their citizens than others. For example, the introduction of GDPR (General Data Protection Regulation) in the European Union in 2018 was ground-breaking. This series of laws bolstered consumer’s control over their data in the EU’s 28 member states. Also forcing companies who wish to operate online in those countries a greater need for transparency.
In fact, Privacy International produced a privacy ranking for the best and worst countries for the safeguarding and protection of consumer data, as well as reduced intrusion by the state to monitor its citizens.
The Top 5 were in order: Greece, Canada, Romania, Hungary and Argentina.
The Worst 5: England, Singapore, Russia, Malaysia and China
If live in one of the worst 5 countries, chances are there is no constitutional protection of your data, and you are under active surveillance by your government. Also, privacy enforcement is weak.
Jurisdiction matters because some countries compel VPN providers to keep comprehensive logs of their user’s data, while others do not.
What Does Zero Logs and Logging Policy Mean?
Every time you connect with your VPN provider this creates a log, or a record of your activity. Namely the IP you are using, the websites you browse, any download or uploads and the data that you use, as well as time on each site or activity.
On top of this for most providers you need to provide a name, email address and credit card unless you pay with Bitcoin.
So, your VPN provider as a guardian of your anonymity can choose to record and keep a lot of what you do. Essentially, they are almost like your browser history.
Countries like the USA and UK can compel VPN companies to turn over these logs if a law is broken.
But, companies like PIA and IPVanish which are based in the US have figured out a good way to get around the law. They don’t even keep logs.
Companies cannot be compelled by law to produce something that they don’t even have. So, a lot of top VPN companies have what is called a “zero logs” policy. What this means is that all your browsing information isn’t even saved onto their hard drives. So, if asked all they can is shrug their shoulders and at best confirm you have an account with them. But with no records they can’t say what you did or provide any corroborating evidence to show that a crime is broken.
VPN companies live or die by their reputation to maintain the integrity of their zero logs policy, as you can see from this new report here. PIA even when compelled by the FBI to produce logs, could only give them an email address registered with them.
Be careful not to conclude that just because your VPN company is based in a 5,9 or 14 eyes country, that your data is not just as secure as if they are based in Romania, the British Virgin Islands or elsewhere.
What are the 5 Eyes, 9 Eyes and 14 Eyes?
Sounds like some sort of night-time horror story.
The 5,9 and 14 eyes all relate to the short name for intelligence sharing agreements between countries.
The 5 eyes date back to the 1940’s and the World War 2. The UK and the USA signed the UKUSA agreement signed an intelligence sharing agreement, which would allow them to share intelligence freely and beat the Nazis. This was later extended to include New Zealand, Australia and Canada to become the 5 eyes.
To counter increasing threats from Russia, China and terrorism in the wake of 9/11. This intelligence sharing community was extended to the 9 and then the 14 eyes, to include: Norway, Denmark, France, Netherlands, Sweden, Spain, Germany, Italy and Belgium.
These 14 countries form a global alliance and essentially do also run a large-scale surveillance operation on its citizens and countries outside of the 14 eyes. Many have turned to VPN’s like IPVanish to protect their data and help them to feel safe.
But it’s worth mentioning these countries co-operate to fight back against terrorism and organised crime. They are not that interested in you torrenting the latest Marvel movie. Or the pot you are trying to buy on Tor.
Be careful not to be drawn into conspiracy theory, tin hat territory when it comes to companies that are based in the 14 eyes. We live in democracies; not totalitarian states and a countries legal system can only get what a VPN provider is able to give.
Is Jurisdiction or No Logs More Important?
No logs, times a million. Remember a company cannot be compelled to give something that it never had in the first place. It could be based in the least privacy friendly country in the world, but if the piece of paper with your name on it is blank then nothing is going to come back to haunt you.
Also, there may be clauses where you could be blacklisted or even reported for uploading unsuitable content. Though no one would argue that child pornography should be reported, how about certain copyrighted content?
Be on your guard for companies that try to twist and turn their way through the no logs policy, with a series of ifs and buts.
The best VPN companies will have a clear and simple no logs policy. They just don’t keep any apart from what is needed to improve the performance of its servers and its user experience. For extra bonus points they may even display how many times they have been asked to produce evidence by a law enforcement agency, and even have their system audited by a 3rd party auditor.
The more transparent a VPN company is, the more assurance you should of your privacy and that of your data.
If My VPN is in The USA or Another 14 Eyes Country Should I Be Worried?
No, some of the best and most relied upon VPN providers like IPVanish and PIA are based in the US. They have had multiple DMCA Notices (Digital Marketing Copyright Act) served when users are using VPN’s to upload and download copyrighted content, warrants and subpoenas for their user’s data. All of which have been refused.
Something that is often missed is that 14 eyes countries are morally and legally obliged to have safeguards and laws in place for the privacy of its citizens and the businesses that operate within their national boundaries.
If we compare the US to say China. The Chinese government has long been a proponent for state sponsored censorship on a massive scale. The “Great Firewall of China” exists ostensibly to protect Chinese citizens, but, in the 21st Century it protects the interests of Chinese government and business and keeps out external foreign influences. With over 2 million people estimated to monitor Chinese internet traffic.
The 14 eyes have rules that it needs to abide by as well as it’s citizens. A VPN company that operates within these countries ostensibly is protected by these laws and can’t just have their servers blatantly hacked. However, with other countries with a lower value placed on personal expression and freedom there is a question over whether your data is ever truly safe.
Ultimately, we know that major established VPN companies would not last long if they were seriously compromising users and their data. The internet would soon speak quickly and highlight cases and users who were compromised, and customers would vote with their feet and leave those providers in their drove.
You are better off looking at news and practices relating to the company itself rather than the country that it is based in.
How Have Companies in The 14 Eyes Dealt With Being Compelled to Provide Logs?
There have been several cases where countries have tried to compel VPN providers without success, demonstrating the integrity of their service and their zero logs policy.
- ExpressVPN: In 2017, The Turkish authorities tried to compel ExpressVPN to turn over data which they believe related to a political assassination. The company refused. Their servers in Turkey were then physically seized. But the police were unable to yield any worthwhile information because ExpressVPN genuinely did not keep any logs on their servers. They also asserted that as they are based in the British Virgin Islands, they are under no obligation to keep these logs.
- Private Internet Access: PIA operates in the US, so is a perfect tests case that we have covered earlier. In two court cases in 2016 and 2018 was officially subpoenaed by the FBI to provide their logs. They produced what they had. Namely the cluster of IP addresses that may have been used by a user on their system. Again, they had no information to give because they did not log it.
- VyprVPN: Vypr took a step which several big VPN providers are following. Namely having their security and no logs policy tested by reputable cyber security agency to test if there are any leaks or compromises in their policy. This provides maximum reassurance to people who are doubtful about the provider zero logs policy. In this report from Leviathan, they had their No Logs Policy fully tested. They revealed several minor issues with VyprVPN’s policy which have since been resolved. Nord VPN took this one step further and had one of the ‘Big 4; accounting firms audit their services and find that their no logs policy holds muster
- Perfect Privacy: In 2016, Dutch authorities seized two of Perfect Privacy’s servers as part of an ongoing criminal investigation. The servers were returned without incident, as the Swiss based company did not write logs on hard drives. Basically, there was nothing to see on the servers, they are run with encrypted RAM disks which makes it impossible to store logs on a hard drive.
Are Their Companies Which Have Handed Over Logs While Claiming To Be No Logs Providers?
Yes. Depending on the severity of the claim. There are people who use VPN’s to carry out heinous criminal acts, like serious hacking, cyber stalking, child pornography and even human trafficking. The following providers have had widely publicised cases where they did hand over logs, which apparently, they shouldn’t have had.
- PureVPN: In 2017 PureVPN were mentioned in an affidavit in the US, they were explicitly mentioned as providing logs and details of one of its users which led to the conviction of a US resident for stalking and harassing people using ExpressVPN. The controversy came from PureVPN’s no logs policy which claimed that you were invisible and that they kept no records whatsoever
- Earth VPN: In 2014, it was reported that EarthVPN had assisted the Dutch Police by providing logs to a user who has sent a bomb threat to a local school. Again, their zero logs policy proved to not be wholly accurate
- HideMyAss: In 2011, the LulzSec hacker group, caused an international stir when they hacked several high-profile sites includes Sony and PBS. One of their London members was caught using the help of HMA who provided logs and details of the users originating address so he could be tracked down
The controversy arose from the fact that the providers had given information to the users which proved not to be true.
This article does not condone any crime committed under the veil of a VPN provider, but rather to point out that many companies will be quick to tell you that they won’t give out any logs of your activity, but when push comes to shove, if the situation is serious enough they will push you under the bus.
Find a reputable no logs provider whose policies have been tested by authorities and have come through with flying colours.
So Where Is The Best Country For VPN’s?
We hope that this in-depth article really goes to show that there is no best country for VPN’s.
There are good and bad providers all around the world. Just because your company is based within the 14 eyes does not mean they are compelled to give authorities anything.
Let’s be clear when a countries law agency comes knocking, they have significant leverage on their side to freeze your entire business and operations. Of course, depending on the severity of the crime, any company would be irresponsible if they did not give information, they had to prevent a crime or help catch a serious criminal.
But we keep returning to the same point.
A company that does not keep logs cannot give logs. They are not irresponsible; they are simply doing exactly what they said they would do.
Find a VPN provider that had a history, that is paid and that has a solid zero logs policy. Companies like IPVanish and PIA have a reputation that they have kept and upheld even under the most difficult circumstances.
Remember that countries based outside the 14 eyes may have much more lax ideas when it comes to the data that they can compel or even snoop from VPN providers based within their country.
After all dishonest companies love to sneak clauses in their terms and condition when they think you aren’t looking.
Total Score: 9.8
Total Score: 9.6
Total Score: 9.3
Total Score: 8.7
Total Score: 8.5