When you’re reading articles about how VPNs enhance your online security and prevent surveillance, you’ll likely see terms such as “Five Eyes,” “Nine Eyes” and “Fourteen Eyes” mentioned. These are references to international surveillance alliances between various countries around the globe.
These alliances work to collect and share mass surveillance information on the citizens of the alliance members, acting as a global surveillance system to monitor and record folks’ daily activities.
The alliance collects information from a large number of sources, including phone wiretaps, emails and documents. What I’ll be focusing on in this article is the threat the Eyes pose to the privacy of citizens’ online activities, gathered by the Eyes through either ISP and VPN logs or the direct monitoring of a user’s connection.
While Five Eyes Alliance members have equal access to each other’s intelligence data, Nine Eyes and Fourteen Eyes Alliance members are not treated equally, many times furnishing intelligence reports and raw data, but not being entitled to receiving information in return.
However, the lesser partners do receive access to resources, equipment and assistance from the NSA.
The Five Eyes Alliance
The Five Eyes Alliance (FVEY) is an intelligence alliance, the origins of which can be traced back to the time immediately following the end of World War II. The coalition continued through the Cold War years and has become stronger in the years following the events of September 11, 2001 and other terrorist-related incidents.
The member countries of the Five Eyes Alliance are:
- New Zealand
- The United Kingdom
- The United States
The member countries’ surveillance agencies work together to collect and analyze their citizens’ activities, which include both offline and online activities. (As you’ll see later, they also spend time monitoring the activities of the citizens of non-member countries.)
In the wake of terrorist attacks that have taken place around the world during the early years of the 21st century, many members of the alliance have taken the opportunity to expand their surveillance powers within their own borders.
While the alliance has an official goal of ensuring national security and protecting its citizens from the nefarious schemes of foreign terrorists, the actual activities that have been revealed in recent years appear to be more focused on spying on their own citizens.
However, there are often domestic laws that ban government agencies from spying domestically. In order to circumvent these regulations, they “subcontract” that spying to other countries – specifically, other members of the Eyes Alliances. Now that’s what I call a creative (if morally suspect) solution.
Although the partnership functioned in the shadows for decades, the activities of the member countries were exposed in 2013 when whistleblower Edward Snowden exposed the activities of the member countries, and how they use the agreement to spy on their own citizens.
Snowden revealed that the United States has been conducting mass surveillance programs with the help of Internet Service Providers (ISPs) and telecom companies.
While ISPs and telecoms are not yet required to keep logs of their users’ online activities, they have been granted the ability to log user activity and sell it to third parties, such as advertisers. This privilege almost guarantees that user logs are able to be subpoenaed by U.S. intelligence agencies.
In 2016, the United Kingdom passed the Investigatory Powers Act, which requires ISPs and telecoms in that country to log their users’ connection information, browsing histories and even text messages. The data must be stored for two years and must be made available to U.K. government agencies, as well as their partners – no warrant required.
Australia has also implemented data retention laws, closely resembling those of the United Kingdom.
Canada and New Zealand’s data retention regulations and spying activities also closely mirror the other Five Eyes members. In late 2013, a Canadian federal judge rebuked the Canadian Security Intelligence Service for outsourcing its surveillance of Canadian citizens to its Five Eyes partners.
If you’re being monitored by a member of the Five Eyes Alliance, you’re in good company, as a large number of celebrities, political figures and other prominent people have been specifically targeted by the group, including John Lennon, Jane Fonda, Kim Dotcom, Angela Merkel and South African activist (and later President) Nelson Mandela.
Mr. Mandela was considered a terrorist by his government and was placed under surveillance by British agents. In 1962, he was arrested after the CIA collected and handed over information about his activities.
Since South Africa is not a member of the alliance, it is clear that the spying activities of the group are not limited to their own countries, but also non-member states and their citizens.
Unofficial Five Eyes Partners
In addition to the official partners listed above, the Five Eyes Alliance also includes 5 additional “unofficial” members, which all cooperate with select Five Eyes members. While they may furnish information to Five Eyes members, they don’t necessarily receive info in return, as they’re not considered of equal status.
Israel is one of the closest surveillance partners of the United States, cooperating heavily with the NSA and other U.S. surveillance agencies.
Japan, Singapore and South Korea are Pacific allies and surveillance partners of the U.S., most notably Japan, which has long been known to share information with the States.
The 14 British Overseas Territories, which include Anguilla, Bermuda, the British Virgin Islands, the Falkland Islands and other island territories, while somewhat independent, do cooperate with the U.K. and share information with other members of the Five Eyes Alliance.
The Nine Eyes Alliance
The Nine Eyes Alliance includes the members of the Five Eyes Alliance, as well as the following countries:
- The Netherlands
The Nine Eyes Alliance is merely an extension of the Five Eyes Alliance to allow for cooperation among additional countries to collect and share larger amounts of data among the members. While these members don’t have the same high level of cooperation as the Five Eyes members, they do benefit from access to data and resource sharing.
The Fourteen Eyes Alliance
The Fourteen Eyes Alliance includes the members of the Five Eyes and Nine Eyes Alliances, plus the following countries:
As is true of the Nine Eyes Alliance, the Fourteen Eyes Alliance is intended to extend the surveillance collecting and sharing availability of the member countries.
The relationship for these countries with the Five Eyes members is even less “intimate” than for the Nine Eyes members, yet they do still benefit from access to resources and intelligence they might not normally have access to.
VPN Services Located in Fourteen Eyes Countries and Territories
In this section, we’ll be taking a look at a list of VPN providers that are based in the countries listed above as members of the Five Eyes, Nine Eyes and Fourteen Eyes Alliances. I’m also including providers based in countries and territories that are known to cooperate with members of the 3 official alliances.
All VPN providers are listed in alphabetical order, so click the dropdown of the letter range that corresponds with the name of the provider you’d like to check in order to discover its home country.
When available, I will include a link to my review of the listed VPN provider.
A – F
AceVPN (USA)ActiVPN (France)AirVPN (Italy)AnonVPN (USA)Anonymizer (USA)Avira Phantom VPN (Germany)AzireVPN (Sweden)BeeVPN (Denmark)Betternet (Canada)Blockless (Canada)BTGuard (USA)Celo (Australia)ChillGlobal (Germany)Cloak (USA)CrypticVPN (USA)CryptoHippie (USA)DefenceVPN (Barbados)Disconnect.me (USA)ExpressVPN (British Virgin Islands)FlowVPN (UK)FlyVPN (USA)FoxyProxy (USA)FrootVPN (Sweden)FrostVPN (USA)
G – L
GetFlix (Canada)GhostPath (USA)GooseVPN (Netherlands)GoTrusted (USA)GoVPN (Germany)Hide My IP (USA)HideIPVPN (USA)HideMyAss (UK)Hotspot Shield (USA)IncognitoVPN (USA)Integrity.st (Sweden)Internetz.me (Germany)IntroVPN (USA)IPinator (USA)IPredator (Sweden)IPVanish (USA)IVPN (Gibraltar)LibertyShield (UK)LibertyVPN (USA)LiquidVPN (USA)
M – R
Mullvad (Sweden)My Expat Network (UK)MyIP.io (USA)MyVPN.Pro (USA)Netshade (USA)Newshosting (USA)NolimitVPN (Singapore)Norton WiFi Privacy (USA)OctaneVPN (USA)Opera [Proxy] Browser* (Norway) [Note: Opera is not actually a VPN, but instead a proxy.]OverPlay (UK)OVPN.com( Sweden)Private Internet Access (USA)PrivatePackets.io (British Indian Ocean)PrivateTunnel (USA)PrivateVPN (Sweden)ProXPN (Netherlands)PRQ (Sweden)RA4W VPN (USA)RogueVPN (Canada)
S – U
SaferVPN (Israel)ShadeYou (Netherlands)SlickVPN (USA)Speedify (USA)Spotflux (USA)Steganos (Germany)StrongVPN (USA)SunVPN (USA)SuperVPN (USA)SurfEasy (Canada)TGVPN (UK)Torguard (USA)TorVPN (UK)TotalVPN (UK)Traceless.me (Germany)TunnelBear (Canada)Tunnelr (USA)TVWhenAway (UK)Unblock-Us (Barbados)Unlocator (Denmark)UnoTelly (Canada)Unseen Online (USA)Unspyable (USA)
V – Z
VikingVPN (USA)VPN Gate (Japan)VPN Land (Canada)VPN Master (USA)VPN Unlimited (USA)VPN.sh (UK)VPN4All (Netherlands)VPNAUS (Australia)VPNJack (USA)VPNMe (USA)VPNSecure (Australia)VPNShazam (Israel)VPNUK (UK)WASEL Pro (Netherlands)WifiMask (Netherlands)Windscribe (Canada)WiTopia (USA)WorldVPN (UK)Zenmate (Germany)ZoogVPN (UK)
Why All of This Matters
While the location of a VPN’s base of operations can affect the laws that they are required to operate under, their location doesn’t necessarily imply that a VPN does or doesn’t keep logs, or that they will or won’t share those logs.
The Five Eyes, Nine Eyes and Fourteen Eyes Alliances all operate globally and therefore have the ability to monitor communications wherever they might take place. This means a VPN not located in a member country might not be any safer than one that is based inside a member’s borders.
A Matter of Trust
While a VPN provider may claim to be a “no logs” provider, they may still keep logs of information such as your original IP, the IP assigned when you logged into the VPN, the times that your session began and ended, and the amount of data used during the session.
While the above doesn’t sound like enough to be incriminating or of value to intelligence agencies, it can be. A recent cyberstalking case in the U.S. involved a defendant who was accused of cyberstalking while connected to the Hong Kong-based PureVPN service.
Despite the “no logs” claim of PureVPN – meaning they don’t collect, save or share logs containing information about their users’ online activities – they must keep some logs pertaining to a user’s connection, and that was apparently enough information to charge a PureVPN user with cyberstalking.
While cyberstalking is a definite abuse of a VPN’s cloaking abilities, this does reveal that your legal online activities may still be logged to some extent, even by VPN providers that claim to keep no logs of their users’ activities.
On the other end of the “no logs” spectrum sits U.S.-based Private Internet Access, which was served a subpoena in March 2016 that attempted to obtain information about a suspected online hoaxer. Despite the subpoena, the company stood by its “no logs” claim and convinced law enforcement that they did not save logs of any type.
As you can see from the two cases above, location did not matter when looking at a VPN provider’s user activity logging policy.
Protect Yourself From VPNs
Verify a VPN’s “No Logs” Policy Claims
Don’t take any VPN provider’s “no logs” claim at face value. Investigate by searching on the web for any news stories that may verify or contradict their claims. Make sure you understand what information, if any, a provider saves in their logs.
Select a VPN Provider From Outside “Eyes” Jurisdiction
While selecting a VPN provider based outside of any of the Five/Nine/Fourteen Eyes countries isn’t a guarantee that they won’t cooperate with the “Eyes” guys, it does offer an additional, if thin, layer of security.
Protect Your Connection From the “Eyes” Guys (No, Not Hall & Oates)
It’s important to remember that “Eyes” members don’t need to access your VPN or ISP usage logs to track your online activities. There are a couple of steps you can take to add a bit more anonymity to your online travels.
Use Multiple VPN Services
Users can make use of multiple VPN services to offer better anonymity and protection for your connection. Users can run one VPN on their router and another VPN service on the devices that connect to the router.
While this doubles up on protection by further obfuscating your original IP address, users who try it will almost certainly see a performance hit, and it adds the possibility of two providers having your online activities on file.
The Tor Browser
The Tor Browser aids users in protecting their online anonymity by using a wide system of distributed network relays run by volunteers around the globe. The Tor Browser “bounces” a user’s browser traffic around the relay network, preventing anyone from observing your online travels or learning your physical location.
For more information about the Tor Browser or to download a copy for your device (it’s available for all major device platforms), visit the Tor Project website.
Remember: Their “Eyes” Are on You
No matter where you’re located – or where your VPN is located, for that matter – Big Brother’s “Eyes” are always watching. Make sure to take steps to protect your browsing from the prying eyes of the Five/Nine/Fourteen Eyes member countries by practicing safe computing.
As an additional benefit, you’ll be protecting your online activities and associated personal and business-related information from hackers and other parties that would love to get their hands on your info.
For more information about protecting your online activities, be sure to read my VPN reviews, guides, head-to-head comparisons and more in the VPN section of the Pixel Privacy website.