During the Investigation, It Was Discovered That the DuckDuckGo VPN Service Does Not Track User Activity.
DuckDuckGo’s main selling point is privacy, so it’s no surprise that the company is creating its own VPN— as long as you pay for it . There are plenty of VPN services out there, and the best ones are usually paid, but at first glance, DuckDuckGo’s offerings seem as reliable as any other similar service. Of course, when using services like these, there’s always the question of privacy and security: how well does this VPN work? Is the company behind it secretly accessing my browsing data while using the app?
DuckDuckGo appears confident in its capabilities in this area: it hired independent cybersecurity firm Securitum to audit its “no-logs” policy, meaning no user data, including activity, timestamps, or metadata, is logged or stored on the company’s outbound servers—the infrastructure used to transmit data beyond the company’s servers to the user. Securitum conducted its audit from October 2025 to January of this year, dispatching two of its top security consultants to examine the work of DuckDuckGo’s engineering team.
Secutirum’s report states that DuckDuckGo maintains a no-logs policy.
After conducting an investigation, Securitum concluded that DuckDuckGo’s VPN appears to be a safe option —at least based on the aspects it examined. Securitum confirmed that DuckDuckGo does not monitor or log user activity on its outbound servers by testing random outbound servers and finding no signs of activity tracking. It was also found that DuckDuckGo does not log user-identifying metadata about connections, such as DNS traffic, and while it uses a caching system to improve performance, the data is always deleted after the “standard” 24-hour period. Furthermore, this cache is not designed to be accessed after the data has been deleted.
An audit found that DuckDuckGo VPN does not monitor or log user network traffic on its VPN servers, and its “Fraud Blocking” feature is designed to operate locally on the user’s device, not on DuckDuckGo’s servers. The VPN also does not track which websites or servers you access, a critical component of any VPN. Securitum offered constructive criticism of DuckDuckGo, recommending the use of “enhanced file integrity,” which DuckDuckGo has since implemented following this recommendation. The VPN does not use servers shared with other companies or service providers, and this no-logging policy applies to all servers and regions—so no matter where in the world you use DuckDuckGo’s VPN, the same rules apply.
Auditors also found that the developers intended logging settings to be difficult to change. In fact, they determined that “no engineer can unilaterally change logging settings or implement unapproved code.” Finally, Securitum discovered that both the VPN and DuckDuckGo subscription API use separate authentication tokens, ensuring that authorization accounts are not linked to individual users or VPN connections.
This report does not mean that DuckDuckGo’s VPN is perfect.
The Securitum audit results sound optimistic, but they should be taken with caution. The conclusion specifically states that DuckDuckGo “fully complies with the privacy commitments outlined in its no-logs policy,” which is admirable, but doesn’t mean the VPN is perfect. There may be shortcomings compared to other VPNs—all we know is that the audit found DuckDuckGo’s VPN complies with its no-logs policy.
Nevertheless, this is useful information for anyone using this VPN. You can use DuckDuckGo’s VPN and rest assured that the company doesn’t store your web browsing data on its servers, even when you travel.