Quick Answer
These VPN providers have undergone third-party, public audits:
- ProtonVPN (Recommended) – recently underwent its third independent audit to verify its no-log policy, conducted by security experts from Securitum
- NordVPN (Recommended) – this reliable provider has undergone a series of six third-party audits
- Mullvad – conducts annual audits
- TunnelBear – multiple recent security audits
- IPVanish – audited by Leviathan Security Group
- VyprVPN – No-logs claims verified by a third-party audit
- OVPN – Verified to be no-logs in a court case
- Perfect Privacy – Verified to be no-logs with a server seizure
- ExpressVPN
More Details on VPNs With Public Audits
NordVPN
NordVPN was one of the first large VPN providers to submit its no‑logs policy to an independent review, starting with audits by PricewaterhouseCoopers (PwC) in 2018 and 2020 that verified it wasn’t storing identifiable user activity. More recently, Deloitte Audit Lithuania has carried out a series of no‑logs assurance engagements (several in a row), checking real servers, configurations, and internal processes to confirm NordVPN still doesn’t retain traffic logs, IPs, or timestamps that could identify you.
ProtonVN
ProtonVPN regularly commissions independent third‑party audits to verify both its no‑logs policy and security controls. Recent audits by firms like Securitum and SOC 2 assess real infrastructure and confirm ProtonVPN doesn’t log user activity or metadata that could identify you.
Mullvad: Annual Public Audits
Mullvad is consistent in conducting annual audits. In May 2022, Mullvad underwent a comprehensive security audit. Assured, a cybersecurity consulting firm, conducted it. The most recent infrastructure audit took three testers a total of 19 days to complete. The auditors spotted 20 vulnerabilities, implementation issues, and other findings: 11 of medium severity and nine of low severity.
Located in Sweden, Amagicom is the company behind Mullvad’s service. Amagicom is directly owned by founders Fredrik Strömber and Daniel Berntsson.
TunnelBear: Multple Security Audits
TunnelBear publishes the results of multiple recent security audits, and the company posts occasional transparency reports. Supports unlimited devices.
VPN With No Public Audits
These VPNs had no recent public audits:
AirVPN, Astrill, AzireVPN, blackVPN, BTGuard, CactusVPN, Cryptostorm, CyberGhost, Disconnect, Faceless.me, FrootVPN, F-Secure Freedome VPN, Goose VPN, Hide.me, InvinciBull, IPredator, IPVanish, KeepSolid, nVpn, OVPN, Perfect Privacy, personalVPN, PrivateVPN, Private Tunnel, Private Internet Access, PureVPN, SurfEasy, TorGuard, TorrentPrivacy, Trust.Zone, VPN.AC, VPN.ht, VPNTunnel, Windscribe, ZenGuard/ZenMate, and ZorroVPN.
Other VPN Trust Issues
PureVPN appears to have lied about its logging practices.
ProxySH was discovered to be spying on customer traffic in 2013.
HideMyAss has handed customer information over to the police.
The Center for Democracy & Technology filed a 14-page complaint about Hotspot Shield with the FTC, alleging unfair and deceptive trade practices.
I’ll also personally recommend to NordVPN because its too quick in connectivity. Thanks to its proprietary NordLynx protocol, based on WireGuard, NordVPN offers fast connection speeds that are perfect for streaming in UHD and playing fast-paced games without lag. Even during heavy use, such as gaming or torrenting, last time I downloaded NordVPN from activators4windows.net for free and it was nice experience. That trick worked easily.
NordVPN. F-Tier VPN. NordVPN HAS NEVER AUDITED THEIR INFRASTRUCTURE. Competitors release full audits. NordVPN does not allow you to use your own local DNS. This is the only DNS server they can’t spy on btw. NordVPN has a whole service called MeshNet which would allow them to spy on your whole network. NordVPN changes their TOS whenever they want. Get something good; not this.
You shouldn’t comment on things you don’t know.
Their infrastructure was assessed by Cure53. FACTS!
Curious what the actual status for the “public audit” for vpn.ac is. Just checked the whole site, and see not many updated recently for the last 1-2 years… especially regarding the security status.
Any chance you can check this from your side (you got a lot of knowhow about this)
CyberInsider’s 2025 review notes, “VPN.ac has not undergone a third-party audit to validate its no-logs claims”.
Similarly, WizCase emphasizes, “A third-party audit would bolster confidence in their logging policy”.