DuckDuckGo’s VPN has passed an independent no-logs audit, with security firm Securitum concluding that the service does not track user activity or retain identifiable usage data. The review, conducted between October 2025 and January 2026, covered live servers, internal systems and source code, giving users a rare external check on one of the most consequential promises any VPN can make.
That matters because “no logs” is one of the most marketable phrases in the VPN industry and one of the hardest for customers to verify on their own. A provider can advertise privacy, but only a technical inspection can test whether its infrastructure, authentication systems and operational controls actually prevent the collection of browsing records or connection data.
What the audit found
Securitum’s findings support DuckDuckGo’s claim that its VPN is built not to record what users do online. According to the company’s summary of the audit, reviewers found no logging mechanisms on VPN servers, no inspection of user network traffic and no retention of DNS queries. The service uses its own resolver with in-memory caching rather than writing those records to disk, which reduces the chance that domain requests could later be tied back to a person.
The audit also examined a less visible part of VPN privacy: how a service handles identity. DuckDuckGo separates authentication from VPN use by issuing session tokens that are not linked to individual identities and clearing session data after each connection. Securitum also found that servers across regions were running the same no-logs setup on dedicated infrastructure, while changes to logging-related systems required formal approval. Those controls matter because privacy failures often come not from a stated policy but from routine operational drift, misconfiguration or overly broad telemetry.
Why independent audits matter in the VPN market
VPNs sit in an unusual position of trust. They can shield traffic from local networks, internet providers and many websites by encrypting data in transit and masking a user’s IP address, but that also means the VPN provider itself becomes a sensitive intermediary. For privacy-conscious users, the central question is not just whether a VPN encrypts traffic, but whether the company running it has designed its systems so it cannot quietly build a record of customer activity.
Independent audits do not prove that a service is perfect or permanently private. They are snapshots, limited to a period of inspection and the systems auditors are allowed to review. Even so, they have become one of the few practical ways to distinguish between a privacy claim that is merely promotional and one that has faced technical scrutiny. In DuckDuckGo’s case, the latest review builds on a separate security audit completed in 2024, suggesting a broader effort to validate its privacy architecture rather than relying on brand reputation alone.
A privacy suite first, a power-user VPN second
DuckDuckGo’s VPN is part of the company’s Privacy Pro subscription and runs through its browser on iOS, Android, Windows and macOS, with support for up to five simultaneous connections. It offers the basics many users want: device-wide encryption, IP address masking and a relatively simple setup. For people already using DuckDuckGo’s browser, tracker blocking and email protection, that integration may be the main appeal.
But the product remains a modest offering next to more mature VPN services. It lacks features often expected by experienced users, including multi-hop routing, split tunneling, dedicated IP options and servers tuned for specific uses. The interface is intentionally sparse, which lowers complexity but limits control. At $9.99 a month, it also sits at a price point that invites comparison with broader privacy bundles and with standalone VPN plans that cost less over longer terms.
What users should take from the result
The audit is a meaningful signal, especially in a market where many privacy assurances still rely on trust alone. It indicates that DuckDuckGo’s VPN has been engineered to minimize data collection and to separate account systems from browsing activity in ways that are consistent with its public policy.
Still, privacy buyers should treat the result as one factor, not the whole verdict. A strong no-logs design says a great deal about data handling, but it does not by itself settle questions of performance, feature depth or overall value. For existing DuckDuckGo users who want a straightforward privacy package under one subscription, the service now has stronger external validation. For those seeking a more configurable VPN, the audit improves confidence in DuckDuckGo’s privacy posture without changing the fact that it remains a simpler product than leading standalone rivals.
