DuckDuckGo's VPN service has passed a no-log policy audit conducted by cybersecurity firm Securitum, confirming it does not track or retain user browsing activity. The audit, spanning October 2025 to January 2026, included technical inspections, source code reviews, and live system analysis. DuckDuckGo announced the results on Thursday, sharing the full security report.
DuckDuckGo announced on Thursday that its VPN, included in the company's subscription service alongside features like identity theft protection and data removal, underwent a thorough no-log policy audit by Securitum. The independent firm verified that the service does not collect or retain user-identifiable data, upholding the company's privacy promises. This audit builds on a prior security review in 2024 and retests in 2025 that addressed medium- and high-risk vulnerabilities, with the latest focus squarely on privacy practices. The audit process involved a deep-dive technical inspection, review of proprietary source code components, and analysis of live systems between October 2025 and January 2026. Securitum's findings affirm that DuckDuckGo applies its no-log policy as stated, meaning VPN users' private browsing remains untracked. The company made the complete security report available as a PDF. Reputable VPN providers often commission such independent audits to substantiate their privacy claims. DuckDuckGo's subscription bundles the VPN with other cybersecurity tools at a competitive price, potentially appealing to privacy-conscious users seeking secure browsing and location spoofing capabilities.
