GoKawiilWhen shopping for a virtual private network, you’re probably looking into things like VPN protocols, price, speeds, streaming capabilities and other features before deciding which one to go with. All are important factors to consider when looking for a VPN, but one crucial consideration often gets overlooked: jurisdiction.
Jurisdiction refers to the country where the VPN company is officially registered and to which country’s laws the VPN is beholden. Because privacy laws and data retention regulations differ greatly from one country to the next, jurisdiction has major privacy implications for VPN users.
How major? I’d say using a VPN based in a country whose laws require VPNs to log user data is worse for your privacy than using no VPN at all. Same thing if a country’s laws allow local or foreign intelligence agencies to compel companies to log and share user data. Those are two of the biggest red flags you can find in a VPN service and big reasons why I’ve always paid close attention to jurisdiction throughout my decade-plus of experience testing and reviewing VPNs.
Jurisdiction is a complex issue that can often be difficult to dissect, but I always make sure that any VPN service I recommend is based in a jurisdiction where it can’t be forced to spy on its users. Unfortunately, there’s still a lot of confusion about how local laws do or do not apply to VPN companies and what authority foreign agencies may or may not have over VPNs in other countries.
What really matters for your privacy is making sure the VPN you’re using is trustworthy, with a regularly audited no-logs policy, and is based in a privacy-friendly jurisdiction with no data retention laws that could force VPNs to log user data. Bonus points if the VPN is open-source and its no-logs claims have been tested in the wild.
The number of Eyes isn’t the most important detail
A long-held belief among many in online circles is that it’s risky to use a VPN based in a 14 Eyes country, which is a group of 14 countries that share surveillance data under an intelligence alliance.
But what actually matters for your privacy is using a VPN based in a country that doesn’t have mandatory data retention laws that could allow authorities to compel VPN companies to log user traffic. The lack of such regulations is what really allows a VPN to claim a genuine no-logs policy and is true whether the VPN is based in a 14 Eyes country or not.
In other words, the local regulatory landscape has a much greater influence than any Eyes designation in dictating whether a VPN is safe to use.
Case in point: Mullvad, one of the most private VPNs available and one that I regularly recommend for users with critical privacy needs, is based in Sweden, one of the 14 Eyes countries. But the legal framework in Sweden is such that authorities are unable to compel VPN companies to log user data. Mullvad answers to Swedish law and Swedish law only, meaning that intelligence agencies from another 14 Eyes country (or any other country, for that matter) have no power to jump in and make Mullvad log user data.
... continue reading