• YOUR IP:
  • YOUR ISP:
  • STATUS: Not connected

VPN privacy policies decoded: AirVPN

AirVPN logo

This post is part of a series reviewing the privacy policies of popular VPN services. The aim is to find out whether the VPN takes customer privacy seriously. This is not intended as a review of a VPN service, which would need to take into account a number of other factors. For more privacy guides and our criteria for reviewing them, click here.

EDIT AirVPN has disputed some of this review. You can read our responses at the end of the post

AirVPN is VPN service started by a “small group of activists” in 2010 and is based in the Italy. The company has servers across Asia, Americas and Europe. Lets take a look at its privacy policy

Out of the three VPN privacy policies we’ve looked at so far in this series AirVPN takes the most sensible and privacy-orientated approach to its customer’s data. But while AirVPN seems to take user privacy seriously, it is let down by some vague language.

Logging practices

Here’s what AirVPN says about the data it logs:

“Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address. These data are not collected to identify, through elaboration or any other technique, users’ personal identities. These data are not transmitted to third parties. “

We’re lacking specifics here. In particular, AirVPN does not say how the IP address is stored and if it is anonymised. The policy continues:

“Data transmission is performed between Air servers network exclusively in order to erogate efficiently the AirVPN service. Data are deleted as soon as they are no more necessary for such purposes.”

Again, AirVPN needs to be more specific and say exactly how long it retains data for. “Data are deleted as soon as they are no more necessary for such purposes” is far to vague to be taken seriously and there is no mention of data retention periods anywhere in the privacy policy. Someone who has little knowledge of how VPNs work also has no idea how long data is typically stored for troubleshooting.

Also, as the above quote shows, AirVPN’s policy uses somewhat broken English (what does “erogate” mean exactly in this context?). Any legally binding policy needs to be clearly written and easily understood. In this respect, AirVPN is lacking.

Missing info

As we mentioned, the biggest oversight in AirVPN’s privacy policy is its lack of info on data retention periods. But AirVPN also doesn’t mention how it responds to DMCA notices and, like most other services we’ve looked at, it also doesn’t mention what it would do if laws in its jurisdiction change. AirVPN also suggests that it doesn’t retain web logs, but because it’s not specific, the policy is left somewhat open to interpretation. Unlike some other VPNs we’ve looked at, AirVPN seems to be a privacy conscious service, but it’s let down by a badly-written policy.


EDIT : AirVPN’s rebuttal and our response

We wrote: “AirVPN is VPN service started by a “small group of activists” in 2010 and is based in the Netherlands.”  However, AirVPN is in fact based in Italy. This is our oversight and has been corrected. We apologise to AirVPN for this error.

AirVPN writes: “These data are not collected to identify, through elaboration or any other technique” has an unequivocal legal meaning in the EU. It means that personal data, including IP addresses (regardless of the debate whether an IP address is a personal data or not), are not collected at all and in any way. Therefore not only we legally state that they are not stored when a client accesses a VPN service, but we also say that they are not even sent to third-parties WHILE a client is connected to a VPN server, which is a higher privacy condition. It seems, to say the least, bizarre that a higher privacy protection policy is interpreted as a lower one.

AirVPN is somewhat missing the point of these reviews, as stated in our guidelines. The vast majority of people reading such privacy policies do not have a grasp of the legal intricacies and directives being mentioned, and that this has led to false expectations around VPN services.  We believe it’s the VPN’s job to state clearly and in plain English what their practices are. The main point of this review wasn’t to say AirVPN is guilty of logging data, but that its policy is not clear enough in this regard. The point still stands.

IVPN: “Data transmission is performed between Air servers network exclusively in order to erogate efficiently the AirVPN service. Data are deleted as soon as they are no more necessary for such purposes.”

AirVPN writes: Once again, the sentence has a very precise legal meaning in the EU. The service is erogated when a client is connected, therefore when a client is disconnected the service is not erogated, ergo when a client disconnects those data are no more on the servers and the data retention period is, in the worst case, the timeout period (up to 60 seconds), in the best case 0 seconds.

Same point as above.

IVPN “AirVPN doesn’t mention anything regarding cookies, affiliates and ad data.”

False. The Privacy Notice states, since three years ago:

Yes, this was a mistake by us. We’ve made the correction and offer our apologies to AirVPN.

IVPN: AirVPN also doesn’t mention how it responds to DMCA notices

That’s true and IT MUST BE SO. We will never mention how we “respond” to laws that are outside our jurisdiction and that are therefore inapplicable, simply because we are not forced to and we MUST NOT comply (and of course we must not even “respond”) to such laws. An USA Act “has jurisdiction” on the USA. We are not subject to every single law existing in the world and we will NEVER mention them as if we recognized their validity. Doing so would imply an utter incompetence on the legal field. Ironically, we would like to ask to IVPN staff why they do not state in their policy how they “respond” to every single law in the world which makes VPN business illegal.

DMCA notices are an issue that’s very important to individuals looking for a VPN service and those concerned with online freedoms.  Acknowledging that DCMA notices exist, and are an issue customers want to know our stance on,  is hardly legal incompetence. It’s about giving your users relevant information to help them make an informed decision about your service.

IVPN: AirVPN’s policy uses somewhat broken English (what does “erogate” mean exactly in this context?).

We recommend IVPN people to open a dictionary, for example the Webster dictionary, and search for “erogate”, which means “give, lay out, provide, deal out”.

“Erogate” is not a term that’s commonly used in English. There’s a dozen other words or phrases that could have been used that are better understood by the majority of people. One of the main criteria in our reviews is using plain English.

Popular Articles

10 Responses to VPN privacy policies decoded: AirVPN

  1. Steven says:

    I’m not sure why you expected them to give you reasonable responses. You start off the article by claiming the aim of your series is “to find out whether the VPN takes customer privacy seriously,” but instead you’re cherry picking things that are or are not missing in their policies.

    This, along with various mistakes about them (including where they are based, cookies, affiliates), should have been enough for you to just apologize for advertising mistruths.

    They spoke about DMCA when asked by Torrentfreak (https://torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302/) and their response was extremely reasonable:
    DMCAs are just ignored: no private entity claim can be considered a proof of anything (even in light of the paper by the University of Washington “Tracking the trackers – Why My Printer Received a DMCA Takedown Notice”) and the details given in DMCA notices (pertaining to p2p) lack any substantial proof of any infringement. We sometimes ask for a proof of the alleged claim, just to try to see which methods are used to make up an infringement claim, but so far all private entities have poorly failed to respond with any proof or even with technical details on how such claims are fabricated.

    And then you continue to insult them about their general English. For me personally, I’d much rather someone that is knowledgeable but has broken English as opposed to some commercialized company with great English.

    Stop reviewing platforms with garbage journalism. Either address the topics you intended to (“find out whether the VPN takes customer privacy seriously”) or don’t write anything at all.

    • Thanks for the input Steve.

      First re: cherry picking/address the topic: If you read our full guidelines for these reviews, linked to at the top of every post, you’ll see the aim is to see if a VPN takes privacy seriously – as you mentioned -and to try and educate readers about how to read VPN privacy policies for themselves (i.e. get them thinking about what questions they need to ask). However, the explanatory paragraph at the top of each review could be amended to better reflect the full guidelines. If you read this review of AirVPN, we say AirVPN “seems to take privacy seriously”, and that it has the best privacy policy out of all those we’ve reviewed so far, but it’s let down by being vague – we say this twice in the review. Clarity is one of the most important points of any privacy policy. I don’t think that’s unreasonable.

      re the errors: Yes we completely apologise for these two errors and we’ve corrected them. The cookies/ad data error was a bad mistake to make – I hold up my hands on that one. But that doesn’t invalidate the whole series of reviews, nor is it a good argument for us to stop. No one’s really reviewed VPN privacy policies before and tried to educate people on them, so we think this is a valid endeavour. The criticism from AirVPN has been incredibly useful and will definitely affect the way we approach further reviews.

      Re TorrentFreak/DMCA – I don’t think customers should have to search around other websites to find out a service’s policy on relevant issues.

  2. John says:

    “Erogate” is Italian, it means “provide.” With that known the construct of the sentence works.

    • Laura says:

      It’s like the italiano word “erogare”, but “to erogate” is english, which is supposed to be the native language of the people here.

  3. Joe Bones says:

    I’ve got a different take on your input, Steve.

    I think the author’s errors were honest, I read his stance to be surprisingly objective, and I felt his were criticisms valid and worthy of being pointed out.

    For just one example, the use of the word “erogate” works great in Poindexterland. But here in PlainSpeak, USA. it’s pretentious. Just saying “provide” works better for the average person. (In fact, legislation actually had to force credit card companies to abandon endless boilerplate and sesquipedalian jargon in favor of simpler easier-to-understand phrasings.) For me, whether it’s brain surgery or paying for a VPN service, I want simple words that convey lucid concepts.

    And talk of insults and apologies is a bit silly. It’s an unemotional, academically-toned analysis, not “playing the dozens”.

    The right of people to have privacy in conducting their affairs is being undermined and eroded on every side, on most continents, by most governments. When Delta Airlines fires a stewardess because she complains online about the company (a situation often repeated in the years that followed) it is high time to look closer and think more deeply. And as the “HideMyAss” fiasco proved (whose owners must have been prescient when they chose that rather crude name, as they promptly got “ripped a new one”), our level of protection is only as strong as individual VPN policies designate.

    Personally, I have no interest in wading through seas of jargon to distill the vapor trails that define how well my privacy is being looked after. I consider it grand good luck to have a review that is done in such a methodical, incisive fashion. For my part, I am impressed by a service that is willing to raise the issue of privacy to a higher level of public scrutiny. It is revealing, and I hope it puts the feet of other VPN services to the fire.

    Criticism is essential, Steve. I don’t argue that. However, groundless nit-picking is pointless and discouraging. And when it comes to important articles, I find it irritating because it may bring a premature and entirely unwarranted end to them.

    I urge the author to keep up the good work, because he is definitely being read and considered — especially in the United States, where the ill-conceived Homeland Security Act is continuing to force privacy issues into the courts.

  4. Dave says:

    This is a really good series, Dennis, and I look forward to your analysis of more privacy policies. You do the right thing by acknowledging any mistakes and rectifying them. I feel you’ve been very fair and objective.

    As a layperson in these matters, I agree that clear and precise language is invaluable when choosing a VPN service.

    Again, much appreciated and keep up the good work.

  5. Krieg says:

    Complaining about their English is extremely lame considering it is a “foreign” (read non-US) company and the person’s first language is not English. People who speak ESL make those “mistakes” quite often when they have words in their languages that sound similar but unfortunately that word in English is not that common and they might sound pretentious. But anyone with some level of understanding would realize it is just the language barrier.

    Considering what it’s happening to privacy in the first world English speaking countries the future of VPNing is most probably in “unfamiliar” countries, so better get used to “broken” English.

    MODERATOR: The rest of this comment was edited due to the author’s use of homophobic insults

  6. Jabba says:

    This review is utter crap and I can’t believe Dave is thanking Dennis for this. AirVPN is one of the best VPN providers out there and if you take a look yourself at them instead of believing what is being written here, your eyes will be opened… Anyway.. I’m out. Peace.

    • Jabba, this isn’t intended as a review of AirVPN, just a review of its privacy policy. We’re really not out to attack anyone here, the main goal is to get people thinking about how to read and judge privacy policies – which is incredibly important if you’re choosing a VPN. We did make a couple of bad errors on this post, which i apologise for, but they were rectified immediatedly.

Leave A Comment

Your email address will not be published. Required fields are marked *