DuckDuckGo’s whole shtick is privacy, so it isn’t surprising that the company makes its own VPN—so long as you pay for it . Now, there are a lot of VPNs out there , and the best ones do typically require a fee, but it would seen on the surface that DuckDuckGo’s offerings were as solid a choice as any other similar service. Of course, there’s always the question of privacy and security anytime you use a service like this: How well is this VPN really working? Is the company behind it secretly accessing my browsing data as I use the app?
DuckDuckGo seems to be confident in this area: The company hired independent cybersecurity firm Securitum to conduct an audit of its “no-logs” policy, which means that no user data, incluiding activity, timestamps, or metadata, is logged or stored on the company’s egress servers—on the infrastructure used when moving data outside of the company’s severs to the user. Securitum ran its audit from October 2025 to January of this year, sending two of its senior security consultants to study the engineering team at DuckDuckGo.
Secutirum’s report finds DuckDuckGo complies with its no-logs policy
Following its investigation, Securitum determined that DuckDuckGo’s VPN seems to be a secure choice —at least based on the areas it was looking into. Securitum confirmed DuckDuckGo does not track or log user activity on its egress servers, after reviewing random live egress servers and finding no evidence of activity tracking. It found that DuckDuckGo does not log user-attributable connection metadata, like DNS traffic, and while it uses a caching system for better performance, the data is always purged after a “standard” 24 hours. Plus, this cache is not designed in a way that could be accessible after the data is destroyed.
The audit found that DuckDuckGo’s VPN does not inspect or log user network traffic on its VPN servers, and that the “Scam Blocker” feature is designed to run locally on the user’s device—not on DuckDuckGo’s servers. The VPN doesn’t monitor what sites or servers you’re accessing, either, which is a critical component of any VPN. Securitum did have some constructive criticism for DuckDuckGo here, recommending the company use “enhanced file integrity,” something DuckDuckGo has already implemented following the recommendation. The VPN doesn’t use servers that are shared with other businesses or service providers, and this no-logs policy applies to all servers and regions—so no matter where in the world you’re using DuckDuckGo’s VPN, you should have the same rules apply.
Auditors also found that, by design, it should be difficult for log-related configurations to be changed. In fact, they found that “no single engineer can unilaterally alter logging configurations or push unapproved code.” Finally, Securitum found that both DuckDuckGo’s VPN and Subscription APIs use separate authentication tokens, which ensures that authorization accounts does not connect ot individual users or VPN connections.
This report doesn’t mean DuckDuckGo’s VPN is perfect
Securitum’s audit sounds rosy, but this should all be taken with a grain of salt. The conclusion specifically says that DuckDuckGo “fully complies with the privacy commitments outlined in its No-Logs policy,” which is great, but doesn’t mean that the VPN is perfect. There could still be weaknesses here when compared to other VPNs—all we know is that the audit found that DuckDuckGo’s VPNs complies with its No-Logs policy.
Still, that’s helpful context for anyone using this VPN. You can browse with DuckDuckGo’s VPN rest assured that the company isn’t storing your browsing data on its servers, even when you’re traveling.
