Today, we will take a closer look at an exciting new trend in VPNs, the RAM-only server. VPN providers leveraging this new technology can provide a level of safety and security previously unseen in the VPN space. We’ll show you how this new technology can protect you and your information.
No-logs policy is not enough anymore
As the competition among VPN providers has grown, virtually every company offering a VPN tote their strict no-log policy as a significant selling point.
What is a No-Log Policy?
To better understand a no-log policy, you must first understand the information that providers can log. Connecting to a VPN allows you to spoof your IP address while encrypting your traffic so that it’s much more difficult for third parties to attribute your browsing activities.
But, there are still pieces of information that act as breadcrumbs, creating a trail right back to your IP address.
Here are just a few of the characteristics that your service provider can theoretically log during a connection:
- Browsing history
- Bandwidth consumption
- IP address
- Connection timestamps
- Session data
- Traffic on your network
It’s easy to see how quickly you could piece together this information to identify the user on the other end of the connection, which renders your VPN useless and leaves you exposed to prying eyes.
When a provider offers a no-log policy, they’re signaling to users that they take data management seriously. They will not hold onto any of the sensitive data they receive that may lead to the end-user.
Virtually all VPN providers offer strict no-log policies to help put their users’ minds at ease, knowing that their VPN isn’t storing sensitive information that could be traced back to you. While each provider’s no-log policy is different, they’re all variations of the same basic theme that says they won’t hold onto any sensitive data that could be traced back to an individual user.
Does Every VPN Have a No-Log Policy?
What once was a critical differentiator between VPN providers has become entirely commonplace. You’ll have a much harder time finding a VPN that doesn’t offer a no-log policy than you will to find ones that do.
While there are still a few VPN providers that don’t have a no-log policy, lacking such security protocols is a major red flag, and it signals to users that they might not be as protected as they think by their VPN.
On a surface level, a no-log policy is all most users need to feel confident that their data is being correctly managed. Unfortunately, there are significant security concerns that can’t be addressed with a simple policy that states you won’t hold onto sensitive information about your users.
Why a No-Log Policy is no Longer Enough
While a VPN with a strong no-log policy is usually enough to keep you safe and secure online, there are still ways that your data can fall into the wrong hands when using a VPN. Users who are serious about their online privacy will want to minimize this danger wherever possible.
Regardless of whether a provider consciously logs sensitive information about your browsing sessions, your data will always go trough somewhere on their servers.
This data is almost always operational, and it’s only needed to establish a connection between the VPN server and your computer. Regardless, just because your VPN provider isn’t actively storing this data or profiting by selling it to third parties doesn’t mean that it simply disappears.
With traditional server architecture, hard drives play a critical role in the server’s ability to function. The sensitive data required to initiate a VPN connection is no doubt stored somewhere within a server’s HDDs, and third parties can extract this data and trace it back to you.
The data on these drives is only removed when the entire hard drive is wiped or rewritten.
What are RAM-Only Servers?
Users don’t want their sensitive data stored, and VPN providers aren’t interested in holding it. Yet, with traditional server architecture, stored data was simply part of doing business. Fortunately, top VPN companies have found a way to provide their customers with increased privacy while closing one of their most significant security loopholes in the process.
RAM-only servers replace the hard drive’s function, relying on RAM to store sensitive user data instead. Unlike hard drives, which hold onto all the data inside until they’re erased and rewritten, RAM only holds onto sensitive data until the server is rebooted, which is done regularly as part of a provider’s maintenance processes and can be done as many times as necessary.
Why are RAM-Only Servers More Secure than Traditional HDD?
The fact that RAM-Only servers can easily be wiped clean, removing all sensitive user data in the process is one of the significant reasons why RAM-only servers are considerably more secure than traditional hard-drive-based servers. But that isn’t the only reason why a RAM-only server is preferable.
The way that administration is handled on HDD servers presents security risks that are far greater than your user data falling into a third party’s hands. With HDD servers, the entire server itself could end up falling into the wrong hands, spelling disaster for the VPN company, and their entire user base.
VPN providers run hundreds or thousands of servers spread out throughout the globe. With traditional servers, the operating system and any necessary software are installed along with the server itself, and that information lives on the server in perpetuity.
From there, any updates or configuration changes that are required are added later on. It could be years before a server is wiped clean and a new operating system is installed. This means that years of user data along with proprietary company data is stored on those hard drives.
Regular updates and administrative changes are necessary to keep all of these servers working in concert. But, if a provider is running 5,000 servers throughout the world, it’s easy to see how small errors or inconsistencies could lead to critical security vulnerabilities. Can your IT team be sure that all 5,000 servers are running exactly as they should be?
You can think of these tiny inconsistencies like cracks in the foundation of a home. A few cracks are common and expected, but if you develop too many cracks over time, the integrity of your foundation will be seriously compromised, and it’s only a matter of time before the whole thing comes crumbling down.
These small security compromises make it easy for anyone with the knowledge to do so to exploit these weaknesses to steal data and proprietary information. Not only is this dangerous for users, but it could spell doom for the VPN provider that’s been exploited.
With a RAM-only server, every aspect of the VPN, from the operating system to the software stack to all user data, is stored using volatile memory (RAM).
RAM requires power to store information, and any time that the server is turned off or rebooted, all user data from previous sessions is lost in the process. It’s as if these browsing sessions never happened.
For users, this means that it’s virtually impossible for your data to fall into the hands of a third party. Users can rest assured that their VPN is handling their data with a level of care that a simple no-log policy could never provide.
Meanwhile, companies can rest assured that their proprietary data and user data are adequately protected. They can operate with a high degree of certainty that all of their server architecture is precisely as it needs to be to guarantee the server’s integrity and security.
VPNs Running on RAM-Only Servers
Given the additional security that a RAM-only server can provide, it’s no surprise that VPN companies are beginning to transfer their operations from traditional HDD-based servers to RAM-only. In particular, two companies taking VPN privacy to the next level with RAM-only servers are ExpressVPN and SurfShark.
ExpressVPN TrustedServer Technology
ExpressVPN was one of the first VPN providers to deploy a RAM-only solution, and they launched their TrustedServer technology at the end of 2019.
TrustedServer adds a few additional security layers to the RAM-only deployment we detailed above.
The way their servers run is similar to containerization, where an operating system and all its dependencies are loaded into a read-only image file to provide reliable and consistent deployment. ExpressVPN applies this concept across the entire software stack, so everything the server requires to run is included on a single image file.
This technology helps ensure that every aspect of the server is identical to the other servers in the network, which was virtually impossible to do with HDD-based servers.
To further reinforce their security protocols, each time one of their 3,000+ servers is rebooted, it requires a cryptographic signature from ExpressVPN; otherwise, it won’t boot up. Even if a server was compromised and fell into the wrong hands, there’s no way for it to be operational without this signature, which can only be provided by ExpressVPN.
Surfshark RAM-only servers network
SurfShark is another industry leader when it comes to VPN privacy, and in the summer of 2020, all 1,700+ of their VPN servers operate as RAM-only. While their server architecture doesn’t include quite as many bells and whistles as ExpressVPN, their RAM-only servers ensure that sensitive user information is incredibly well secured.
Will More VPNs Continue the Trend?
The growing popularity of RAM-only server deployment for VPN providers is excellent news for users. As we move forward, you can expect the majority of VPN providers to begin moving to a RAM-only configuration.
When virtual private networks first became available, companies were selling the idea that your IP address would be protected from prying eyes. While that’s still part of VPN providers’ core proposition, privacy is an even more significant concern than it was then.
As users became more concerned with data privacy, more VPN providers began adopting no-log policies to differentiate themselves from the competition. While each company is different, most policies explicitly state how user data is managed, and how and when it is retained.
Once practically every provider had a no-log policy, VPN providers began touting just how comprehensive their no-log policies were. But the fact is that even when providers aren’t purposefully storing user data on their servers, it doesn’t meant hat this data doesn’t exist. Your IP address, connection information, and more personal information is on the hard drive until it’s wiped clean.
The next step in the evolution of VPN security is the RAM-only server. With providers struggling to catch up to the likes of ExpressVPN and SurfShark, you can expect more competitors to begin adopting RAM-only servers, so they don’t get trampled by the competition.
The VPN Privacy Features to Look For
With so many VPN providers on the market, it’s harder than ever to decide which is your best choice to keep you secure and private. But, there are a few key features that differentiate the top VPNs from the rest of the pack. As you search for your best fit, there are four factors you’ll want to consider.
- Privacy-Friendly Jurisdiction
- 3rd Party Audits
- Double VPN
- RAM-only servers
Where a VPN provider is based plays a significant role in the level of privacy users can expect to receive. Certain countries have laws that are incredibly friendly concerning user privacy. In contrast, other countries can easily compel private businesses to comply with information requests related to user data and browsing information.
When you’re vetting different VPN providers, your first step should be eliminating companies that operate from countries with weak user privacy laws.
Third-party auditing is critical because it confirms that providers are delivering what they claim to provide. Any VPN provider can claim they provide thousands of servers throughout the world, a strong no-log policy, or some other features designed to instill user confidence. But do they really deliver on these claims?
Being audited by an independent company is a way for VPN providers to put their money where their mouth is. It’s a signal to consumers that the company is delivering on what they say they’re offering, and it’s something all users should consider before choosing a VPN provider.
Double VPN provide an additional layer of security by masking your IP address twice instead of once. There are also multi-hop VPNs which route your traffic through additional VPN servers, masking your IP address multiple times in the process.
For each additional layer of encryption your connection passes through, it becomes increasingly hard for third parties to pinpoint your IP address, which provides users with a greater level of security compared to a connection through a single server.
We’ve spent the better part of this article discussing the virtues of RAM-only servers, so you should know why they’re such a critical consideration when selecting the best VPN provider for your needs.
In the simplest terms possible, RAM-only servers virtually eliminate user data retention on servers, and for nefarious third parties, you can’t steal what doesn’t exist.
Which VPNs are Next to Upgrade
With heavyweight providers like SurfShark and ExpressVPN already offering RAM-only servers across their entire server network to their VPN subscribers, it’s only a matter of time before other privacy-minded competitors begin to follow suit.
You can expect to see other large providers like NordVPN, ProtonVPN, and CyberGhost to make the transition to RAM-only servers soon. Ideally, this will make the space for privacy-focused VPNs even more competitive, which will result in safer and more innovative products for consumers.
While adding any VPN to your network is a smart choice for privacy-minded internet users, not all VPNs are created equally, and some can keep your browsing history and user data far safer than others.
Opting for a VPN that utilizes RAM-only servers is the easiest way to guarantee that your user data is kept entirely private. Nothing about your internet activity is being logged by your VPN provider.
No matter which VPN provider you’re evaluating, look for a company that provides RAM-only servers to ensure that your information is safe, protected, and completely private.