Independent auditors confirm top VPN's privacy claims

 CyberGhost VPN app running on multiple devices and operating systems.
CyberGhost VPN app running on multiple devices and operating systems.

Industry-leading auditing firm Deloitte Romania have verified that CyberGhost VPN takes care of your data as it should and states to do so. The audit takes a deep dive into the provider's system and privacy infrastructure while verifying that it never logs any of your identifiable information as stated in its Privacy Policy.

This is the second time the popular VPN provider successfully put its no-logs claims under scrutiny with an independent audit since 2022, maintaining its place as one of the best VPNs around.

CyberGhost 2024 audit

CyberGhost promises to implement several protection measures to make sure its VPN servers never collect user logs. For starters, all services are running inside containers which, the provider claims, are ephemeral by design. This means that no persistent disk storage is attached to them.

CyberGhost also promises that all its VPN servers run on a RAM-only system. This infrastructure makes sure that once the server loses power, all data associated with it is immediately lost. Basic hardware usage info and a raw estimation of how many users are connected to the same servers are the only details the provider records—in line with market standards.

Auditors at Deloitte inspected all relevant IT systems, including CyberGhost VPN servers, their distribution, and its Dedicated IP token-based system, to verify their configuration as well as implementation coincided with the description the company provides. They also look at how the Privacy Policy claims are implemented for user access, change management, and other basic usability functionality.

As of January 31, 2024, Deloitte confirmed that CyberGhost's privacy and no-logs infrastructure works as expected. "Nothing has come to our attention that causes us to believe that CyberGhost’s configuration of IT systems and management of the supporting IT operations were not prepared in accordance with CyberGhost’s description," auditors wrote.

"User trust is a huge factor for any security and privacy organization. Every time you connect to a CyberGhost server, it’s our responsibility to ensure your traffic is encrypted, and your data is secure," said a CyberGhost VPN spokesperson. "Having expert third parties audit our services means that our users can be absolutely certain our no-logs policy means exactly what it says on the label."

Contrary to other competitors, the provider has locked the audit behind a subscription to their service. So, while all subscribers can review the full report via the CyberGhost customer portal, I recommend taking advantage of their 45-day money-back guarantee if you want to read it without committing the cash.

No-log VPNs: why is it important?

At this point you might be wondering, why should I care whether or not my VPN logs user data? Well, you should if you care about your privacy.

While some logs of basic data like the number of users connecting to the same server and the email address associated with a user's account are inevitable, a no-log VPN is your guarantee that no personal details or usage information are ever recorded. That's exactly why we at TechRadar firmly believe that a strict no-logs policy should be among your top priorities when signing up for a new VPN service.

This means that if, for instance, a malicious hacker or government manages to acquire this data, none of your sensitive information will be leaked because the details simply won't exist.

The importance of this feature has already been proved in real life when Swedish authorities were left empty-handed after an inconclusive police raid on Mullvad's servers last year. Another provider, Private Internet Access, also proved its no-logs claims in court, not once but twice.

"Transparency has been at the forefront of everything we do," CyberGhost wrote in a blog post. "As we constantly strive to improve our service and offer you peace of mind in the face of mutating digital threats, we’ll commission regular audits."