There’s a new report about seven no-log-policy VPN providers that have collected very personal information of users, including but not limited to website addresses, user email for registration on websites, passwords, apps, files accessed, mobile operator (if a cellphone user), phone number, hometown city, etc.
It’s a really worrying news about VPNs. What’s more worrying is that they somehow managed to get the full path of the address the user visited which should be technically impossible.
This can be a new era in online privacy for people. VPNs advertise about privacy and encryption a lot and this can disprove them and make privacy activists/advocates worry about new technical capabilities for online privacy violation and invading.
A screenshot from securitytrails.com showing the different domains hosted on a single IP address managed by the company that owns the VPN apps 
New user registration logs for certain VPNs 
Fast VPN new user registration log 
Record of a user from Bangladesh changing their password – shows an old and new password 
User from Tehran, Iran 
Another user from Tehran, Iran 
Connection log of user from Khartoum, Sudan 
Iranian user accessing adult content via the VPN 
Additional user web activity log 
Australian user requested refund 
Paypal payment log of a user based in the USA 
Cryptocurrency payment log of a user based in France 
Entries labeled with Huawei data 
Entries labeled with Huawei data 
This log shows the full names for both the account holder and payer – two different individuals, who are representatives of a foreign embassy based in Turkmenistan. 
VPN speed log 
Activity log 
Entry shows us connecting to a server in Milan, Italy 
Entry shows us connecting to a server in London, England 
Data showing our VPN account details