DuckDuckGo’s VPN has cleared an independent no-logs audit, giving outside verification to one of the most important claims any privacy service can make. The review, conducted by security firm Securitum between October 2025 and January 2026, examined live servers, internal systems and source code, and found no evidence that the service tracks user activity or stores identifiable browsing data.
That matters because “no logs” is easy to promise and harder to prove. For a VPN provider, privacy depends less on marketing language than on how servers are configured, how authentication works and whether internal controls prevent accidental or deliberate data collection.
What the audit actually found
Securitum’s findings go beyond a narrow paperwork review. According to the disclosed details, auditors inspected production systems and source code to see how traffic is handled in practice. They found no mechanisms designed to record browsing activity, and no retention of connection metadata such as DNS queries.
One notable detail is DuckDuckGo’s use of an internal resolver with in-memory caching rather than disk-based logging. In plain terms, that means temporary technical data can be processed without being written into long-term records that could later be tied to a user’s activity. The audit also found that the VPN does not inspect traffic content and that logging functions were not enabled on servers.
The report further says authentication is separated from VPN use itself. Session tokens are issued without linking activity to a named identity, and session data is cleared after each connection. Auditors also found consistent no-logs settings across regions and formal approval controls for changes that could affect logging, an important safeguard in any service spread across multiple servers and jurisdictions.
Why no-logs audits matter in the VPN market
Independent audits have become a key credibility test for VPN services because users cannot directly inspect what happens inside a provider’s infrastructure. Encryption protects traffic in transit, but it does not prevent a VPN company from recording when a user connected, which domains were requested or how internal systems identify an account. A no-logs audit is one of the few ways to test those claims against technical reality.
It is not, however, a permanent guarantee. Audits reflect a service at a particular moment and depend on scope. They are best understood as evidence that a provider’s systems and controls aligned with its privacy promises during the review period. Continued trust still depends on repeated audits, transparent disclosures and careful internal change management.
A privacy suite first, a power-user VPN second
DuckDuckGo’s VPN sits inside the company’s Privacy Pro subscription and is built to complement its wider privacy tools, including tracker blocking and email protection. It covers iOS, Android, Windows and macOS, encrypts device traffic and hides a user’s IP address from the sites and services they visit. For people already using DuckDuckGo’s browser, that integration is part of the appeal.
But the product remains relatively basic. The interface is simple and easy to set up, yet it lacks many of the advanced controls offered by more established VPN providers, including multi-hop routing, split tunneling, dedicated IP options and servers tuned for particular use cases. That does not negate the audit’s importance, but it does shape who this service is really for: users who want straightforward, built-in privacy rather than a highly configurable VPN.
What this means for users weighing the subscription
The audit strengthens DuckDuckGo’s case that its VPN is designed to minimize what the company itself can know about a user’s activity. For privacy-conscious consumers, that is arguably more important than a long feature list. A VPN cannot offer meaningful privacy if its own systems retain records that could be linked back to customers.
At the same time, buying a VPN is rarely just about one claim. Price, device support, technical features and the surrounding privacy ecosystem all matter. DuckDuckGo’s service may not displace specialist VPNs for users who want granular control, but the audit gives existing DuckDuckGo customers a clearer basis for trusting the network layer of the company’s broader privacy package.
