Why ForestVPN keeps no logs — and how we prove it
A no-logs VPN is only as honest as the data it never collects. Here is the principle behind our no-logs stance and the engineering that makes it true.
George Kutsurua
- privacy
- security
- engineering
A VPN sits in the most sensitive position on the internet: every byte you send passes through it. That position is exactly why a VPN's privacy promise has to be structural, not aspirational. The safest data is the data we never collect — so ForestVPN is built so there is nothing to log in the first place.
What "no logs" actually means
People mean very different things by "no logs". Some providers keep connection metadata "for troubleshooting"; others keep it "temporarily". We mean the literal thing: we do not record the sites you visit, the IPs you connect from, or a timeline of your sessions. The default is absence, and absence is enforced in the code paths that handle a tunnel — not in a policy document.
Privacy isn't a setting you toggle on. It's the default we build around. We'd rather have less to protect than more to explain.
How the tunnel forgets
Our data plane handles a packet and then forgets it. There is no per-flow audit trail written to disk, and the session bookkeeping a network needs to function is ephemeral and aggregate. Conceptually, the hot path looks like this:
// The exit node never persists per-flow detail. It forwards and forgets:
function handlePacket(pkt: Packet): void {
const peer = resolvePeer(pkt.publicKey); // in-memory, from the live config
forward(pkt, peer.endpoint); // encrypt + send — no write to disk
// no logger.info(pkt.srcIp, pkt.dstIp): there is intentionally no such line
}The point of the missing line is the whole post. A log statement that does not exist cannot be subpoenaed, leaked, or sold.
What we do measure
Running a global network still requires signal. We keep aggregate, non-identifying counters — total throughput per region, error rates, capacity headroom — so we can keep the fleet fast and healthy:
| Signal | Granularity | Tied to you? |
|---|---|---|
| Region throughput | Per region, summed | No |
| Tunnel error rate | Per server | No |
| Active capacity | Per region | No |
None of it is keyed to a user, a device, or a destination. It tells us the network is healthy, never who went where.
The checklist behind the promise
- No activity logs (the sites you reach)
- No connection logs (the IPs you connect from)
- No session timelines tied to an identity
- Aggregate-only operational metrics
You don't have to take a paragraph's word for it — the commitment is written plainly in our Privacy Policy, and the architecture is built so the easy path is also the private one. No logs. No exceptions. No asterisks.