Whenever I’ve researched about VPNs, I’ve always encountered the infamous 5 Eyes, 9 Eyes, and 14 Eyes.
However, I’ve never felt the need to properly address this topic until now. No matter where I look, all I can see is people seriously concerned about their privacy.
So after spending 96 hours, researching 124 VPN providers, I’ve put together this guide for you.
By the end of this guide, you will know which VPN providers are based in which jurisdictions, its impact on privacy, and whether you should trust them or not.
Here is a quick breakdown of countries in each of the Eyes alliance that are an enemy of the internet:
- 5 Eyes: United States, Canada, United Kingdom, Australia, New Zealand
- 9 Eyes: United States, Canada, United Kingdom, Australia, New Zealand, Denmark, France, Netherlands, Norway
- 14 Eyes: United States, Canada, United Kingdom, Australia, New Zealand, Denmark, France, Netherlands, Norway, Belgium, Germany, Spain, Italy, Sweden
What are 5 Eyes Nations?
5 Eyes or FVEY is an alliance between the intelligence agencies of five nations. The core objective of this alliance is to share intelligence information.
FVEY alliance includes:
- The United States – National Security Agency (NSA)
- The United Kingdom – Government Communications Headquarters (GCHQ)
- Australia – Australian Signals Directorate (ASD)
- Canada – Communication Security Establishment Canada (CSEC)
- New Zealand – Government Communication Security Bureau (GCSB)
First signs of 5 Eyes was seen post World War II and dates back to the UKUSA Agreement. The pact between the USA and UK formalized an alliance for intelligence sharing. The agreement has strengthened over the years and soon other nations (Australia, Canada, and New Zealand) were made part of the surveillance coalition.
But the alliance just doesn’t end there, in fact, as global threats increased and the need for more rigorous online surveillance arose, more and more global nations pitched in.
The Birth of Other Global Surveillance Alliances
The 5, 9, and 14 eyes work in coalition to intercept and closely analyze both offline and online activities of the masses.
These intelligence agencies don’t just operate in their own designated jurisdictions, but also in other countries where they don’t have legal rights.
If for say NSA wants to track down someone in Canada, they can just ask CSEC to handle the operation for them.
The primary goal of these organizations is to fend off any threats to national security.
That said, as you shall see later on this blog, these alliances have also been involved in some very shifty spy operations against people like you and me.
5, 9 and 14 eye alliances are nothing new, they ’ve and have been operating under the radar. However, the general public was only made aware of the ongoing mass surveillance as recent as 2013 thanks to the whistleblower, Edward Snowden.
Subsequent to the Snowden leaks, The Guardian disclosed that the NSA had been secretly recording telephone records of tens of millions of Americans.
By now you must be wondering, how on earth they get away with unlawful mass surveillance?
Well, that’s because the governments backing these alliances have passed bills that allow FVEY and other surveillance alliances to conduct such operations.
Here’s a rundown of few brute force investigatory legislations…
United Kingdom (Investigatory Powers Act, AKA Snoopers charter)
Back in 2016, the United Kingdom passed the Investigatory Powers Act. This act mandates ISPs and telecom companies that fall under the umbrella of the Five Eye to actively store connection information, text messages and even browsing histories of users.
Furthermore, these logs must be kept for two years (2) and must be made available to the U.K government and collaborating alliances. Worst of all, this data can be stored and shared without any form of legal warrant.
Australia (Assistance and Access Bill 2018)
Similar to the U.K’s stringent Investigatory powers Act, Australia’s recent Assistance and Access Bill gives law enforcement agencies unhindered access to encrypted user data.
Australia’s equivalent legislation contains three different powers, but the one we should be all concerned about is the “technical capability notices” (TCN).
In opposition of the new legislation, Greens’ senator Jordon Steele-John said in a tweet, “Far from being a ‘national security measure’ this bill will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian”
What are 9 Eyes Nations?
If you have seen the James Bond movie Spectre (2015), then you have an idea about Nine Eye Nations.
The alliance is an extension of the Five Eye agreement and includes more countries. In total, 9 eyes countries include:
- The United States
- The United Kingdom
- New Zealand
The overall goal of this arrangement between the nine nations is the same, share intelligence with each other.
First signs of this were seen when the Danish intelligence agency collaborated with NSA. The Danish authorities gained access to NSA tech while allowing the American intelligence agency to install surveillance equipment on fiber optic cables throughout the country. [
What are 14 Eyes Nations?
The intelligence alliance further expanded between nations and included more countries, resulting in 14 Eyes. This agreement included both 5 Eyes nations, 9 Eyes nations, and other new members:
- The United States
- The United Kingdom
- New Zealand
The objective of this arrangement was also the same: share intelligence information with each other, provide technical support, and allow respective agencies to conduct surveillance in the country.
How Do 5 Eyes, 9 Eyes, & 14 Eyes Impact Your Privacy
Ever sent an encrypted message? Of course, you have. In fact, WhatsApp, Messenger, and other mainstream social sharing apps have all incorporated end to end encryption.
Nobody wants people spying on them. Privacy of personal information is everyone’s basic necessity – Right?
Well, that’s what you think. 5 eyes and other surveillances alliances beg to differ. Just last year, 5 eyes have been pressuring tech companies to give them lawful access to all encrypted user data. [Source]
For instance, when the Russian Ambassador got assassinated in turkey, ExpressVPN’s servers got seized by the authorities.
Sounds crazy right? Just wait for what I have I store for you.
If granted access, 5 eyes, and other alliances could legally intercept text messages, encrypted emails, and even voice conversations.
This is all real, swear to god I’m not scaremongering. I’m just as paranoid as you are.
So why does FVEY wants to access to your data?
Well, according to the Australian government’s national security policy, encryption “present challenges for nations in combatting serious crimes and threats to national and global security”.
While encryption is a godsend for privacy-concerned folks like you and me, it’s also a holy grail for criminals, sex offenders, and even terrorist organizations.
Now I’m all up for catching pedophiles and countering terrorists, but I’m still not comfortable with global surveillance on the masses.
According to the Attorneys General and Interior Ministers of the five (5) nations, “The Governments of the 5 Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries.” [Source ]
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.” [Source ]
In other words, if tech companies don’t comply with FVEY, they’ll forcefully get access anyways.
What are the risks?
So, what is FVEY basically proposing? Well, they want a master key to decrypt all encrypted data in transit. In other words, global backdoor access to encrypted communications.
What could even go wrong? (Sarcasm)
If you aren’t catching my drift, this is a serious threat to our privacy. Can you even imagine someone barging into your home and ransacking your personal belongings? Me neither.
As I said, Encryption is a basic necessity. We need it for banking, online shopping and making sure no one screws us over.
If FVEY gets a go-ahead to use backdoor methods of decryption, that’ll pave the way for other more malicious groups of individuals. [Source]
In theory, it would drastically change the way we perceive online privacy and our dependency on everyday apps.
A perspective on online mass surveillance
Ever since Edward Snowden blew the lid off of the 5 eyes, more and more confidential information started to surface.
Two of the most revelations opens up a whole new Pandora box mass surveillance activities. According to official government documents disclosed by CBC News and The Intercept, the Communications Security Establishment (CSE) has monitored file downloading activities of millions of Canadians every day. [
To be more specific, according to Edward Snowden documents, the CSE has been involved in storing and analyzing up to 15 million file downloads daily. [Source]
If that’s not terrifying, I don’t know what is.
That’s just one country, just imagine what atrocities FVEY can jointly wreak.
That’s not all. After already disclosing the unethical surveillance program of CSE, CBC News and The Intercept again disclosed shocking documents revealing the mass email surveillance of Canadian citizens.
From the investigation, it was disclosed that Canada’s electronic spy agency collected around 400,000 emails to the government every day. [Source]
Without a doubt, such excessive monitoring is enough to generate an accurate profile of you and the people you interact with.
Paranoid? Well, hold on to your pants for this one…
According to Professor Ron Deibert, a collection of precise metadata can give surveillance agencies the power to “pinpoint not only who you are, but with whom you meet, with what frequency and duration, and at which locations.” [Source]
In conclusion, FVEY and subsequent alliances are spending billions of dollars on mass online surveillance.
Invasion of Privacy Incidents: If Diana was spied upon, so can YOU!
By now you might have an idea of what the 5 eyes alliance is capable of. Now we’ll take a look at some of the outrageous invasion of privacy incidents committed by the infamous FVEY.
August 1997 – The Night Princess Diana Passed away
One of the most high-profile cases of the century, The American secret service bugged Princess Diana’s telephone conversations without the approval of the British security services on the night she died.
The princess of Wales had been under surveillance by the 5 eyes and primary spied upon by the NSA. More than a 1000 page dossier was compiled on the princess. Although some information related to the case was publically released, 39 classified documents will never be released.
In reference to her mysterious death, NSA later admitted that they were monitoring Princess Diana, but never actively monitored her movements.
At least that’s what the intelligence reports tell us, who knows what might be locked up in those 39 classified documents.
The 1970s– John Lennon under surveillance
According to former Sunday Express legal correspondent Fenton Bresler, classified documents obtained from the FBI and CIA reveal that Lennon was being tracked by the intelligence agencies during the 1970s.
NSA and GCHQ were reportedly speculated to conducting warrantless eavesdropping on the Beatles singer, John Lennon. [Source]
According to sources, intelligence agencies were becoming more concerned with Lennon because of his radical influence in politics. The FBI and CIA jointly ordered agents to continue surveillance on Lennon. [Source]
January 2012 – Unlawful Raid on Kim Dotcom
January 2012, New Zealand law enforcement personals in coordination with NSA, forcefully entered Kim Dotcom’s mansion ransacking his property and seizing alleged evidence of US copyright infringements. This case was particularly appalling, as it violated the GCSB Act article 14.
According to article 14, ‘[n]either the Director, nor an employee of the bureau, nor a person acting on behalf of the bureau may authorize or take any action for the purpose of intercepting the communications of a person who is a New Zealand citizen or a permanent resident.’
Even prior to his arrest, Dotcom had been under surveillance from December 16, 2011. Surveillance cameras were installed at a nearby property by the Organized and Financial Crime Agency New Zealand, (OFCANZ).
In addition, tiny pencam was used or was about to be used by law enforcement when they raided the Mahoenui Valley property on January 19, 2012, without a warrant.
Sadly, despite there being evidence of forced entry and physical abuse, law enforcement agents that conducted the raid, mostly denied the accusations.
June 2013 – Telephony Meta-Data Collection
On June 5th, 2013, Guardian, a major news publication firm, disclosed NSA’s National Security Telephony Metadata Collection program.
According to The Guardian, NSA collected the communication records of millions of US citizens, indiscriminately and in bulk. During the program, The NSA collected unique identifiers such as time and duration of all intercepted calls.
Naturally, the invasion of privacy of millions of US citizens was met with mass outrage and anger. Sadly, despite the unlawful eavesdropping by the NSA, The White Paper issued by the Obama administration deemed the program legal under section 215 of the USA Patriot Act.
That’s outrageous, to say the least. I mean, what gives them the right to tap our phone calls.
2013 – Brazilian Mining and Energy Ministry surveillance
One of the infamous cases of international invasion of privacy occurred in 2013.
CSE, an organization that had already been ridiculed for their outrageous surveillance tactics, went overboard and conducted surveillance operation on Brazil’s Mining and Energy Ministry.
An outrageous move indeed.
Soon after the matter surfaced, mass hysteria and anger were demonstrated by Brazil. Even the Brazilian President of that time (Dilma Rousseff) strongly condemned the violation of Brazilian sanctity by CSE.
January 2014 – Pearson Airport Wi-Fi spying
In January of 2014, CSE initiated mass surveillance on Canadian travelers using airport Wi-Fi at the Pearson Airport, Canada.
According to the details related to the case, CSE collected data of thousands of travelers without any warrant. The unethical operation went on for weeks and gathered very precise tracking information of travelers around the world.
That’s seriously messed up.
Speaking on this matter, Ron Deibert, a privacy expert, labeled the unlawful surveillance as, illegal and unconstitutional.
Deibert further quoted “I can’t see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC’s mandates.”
I couldn’t agree more.
Implications of Selecting a VPN from 5 Eyes, 9 Eyes & 14 Eyes Countries
When it comes to selecting a VPN, many experts would advise you to avoid VPN services based in 5 Eyes, 9 Eyes, or 14 Eyes countries.
Why is that?
Well, the basic notion is to throw caution to the wind and avoid providers that can hand over your data to governmental agencies or grant backdoor access.
VPN providers have been pressurized by law enforcement agencies in the past and forced to comply against their will.
Just to give you a perspective, let’s look at the case of PureVPN and HideMyAss VPN.
HMA user handed over to the FBI
Who can forget the infamous logs case of HideMyAss VPN? For those of you who don’t remember, back in June 2011, Cody Andrew Kretsinger, then only 23-year-old, was sentenced to 15 years in prison after getting caught by the FBI.
Kretsinger was suspected to be a member of a malicious hacker group LulzSec. According to the allegations, he was accused of hacking Sony Pictures Entertainment servers using SQL injection.
Being such a high profile case, HideMyAss was ordered by the court to hand over Kretsinger VPN logs. Despite boasting about No logging policy, HideMyAss complied with the court’s order and handed over Kretsinger real home IP.
You can read the official case file at this [Source].
PureVPN helps the FBI catch a Cyberstalker
A bit different than the HMA’s case, PureVPN also cooperated with FBI. However, some may argue that PureVPN’s cooperation with the FBI was for a good cause.
Allow me to explain what I’m talking about…
In October 2017, PureVPN helped FBI identify a crazed Cyberstalker. Ryan S. Lin of Newton Massachusetts was found to be stalking a female victim. After getting a hold of the victim’s intimate photos and other information, Lin then distributed it to hundreds of online users.
However, according to the FBI, PureVPN aided the authorities in identifying the two IP addresses associated with Lin, effectively leading to his arrest. [Source]
So what does that leave you with?
This is where using a VPN based in an internet friendly location and preferably outside the 14 eyes is preferred.
However, there are several other factors to consider when choosing the best VPN. Among them is whether the provider keeps usage logs or not.
Even if a provider is located in any of these nations but it doesn’t keep any logs then users have nothing to worry about. Since the service does not record or store your browsing and downloading history, they would have nothing to handover if someone comes looking for any information.
Likewise, with the introduction of GDPR, companies now offer greater transparency than before. But not VPNs are compliant. You can check out our guide where only
This is because selecting a VPN based solely on its location is difficult. Their jurisdiction of preserving user’s privacy and security cannot be determined based on the country of its operations.
VPN Jurisdiction: China
Only 3 to 4 VPNs work in China, mainly because the official authorities in China only allow a handful of VPN services to operate in the country.
The Chinese officials started a major crackdown against VPNs back in 2011. When people started having issues connecting to offshore websites and services, businesses and universities actually issued warnings to not bypass the great firewall.
Although, the country does not have any affiliation with 5 eyes, 9 eyes, and 14 eyes alliances. China follows its own set of rules famously known as the Great Firewall (GFW).
Unfortunately, you can find yourself in trouble if the official authorities catch you red handed. Since VPNs in China is considered illegal, you can expect a hefty fine. According to The Inquirer, you can be fined $145 just for using a VPN. [Source]
Multinational organizations that are collecting personal information in China have to store that information within China too. They have to abide by Chinese Data Protection Regulation (CDPR). The country is also planning to devise rules regarding personal information cross border transmission. [Source]
If all of this sounds a bit complicated, I’ve extensively covered China-related issues and working VPNs in my best VPN for China guide.
VPN Jurisdiction: Australia
In an attempt to counter piracy in the country, Australia’s Anti-piracy laws are speculated to blocking and potentially limiting access to virtual private networks (VPNs).
Copyright Amendment (Online Infringement) Bill 2018, can force telecommunication providers to prevent its customers from accessing particular online services. This bill is also applicable for VPN services since they can aid access to blocked content. [Source]
According to Communications Minister Senator Mitch Fifield, the copyright amendment bill will make it much harder for the operators of such services to bypass geo blocks. [Source]
I’ve spent a great deal finding working VPN in Australia and I could only find a few.
As of now, VPN services are not blocked, but they do have to comply with data retention laws. These rules force them to keep data logs.
According to the Australian Prime Minister’s official site, you can use a VPN to access geo-restricted content. Nevertheless, this notion only applies to content streaming. As soon as users download or upload copyright content with the help of a VPN, they violate copyright law through VPN. They receive legal penalties in return.
Famous tech giants like Facebook and Google have shown their disappointments over the drafted Australian data bill. According to this, tech firms need to assist Australian police to decode specific forms of communications on their platforms. This act can greatly hamper the online privacy of Australians. [Source]
VPN Jurisdiction: Canada
Canada is also an integral member of the 5 eyes and considered one of the harshest countries In terms of surveillance, data retention, and net neutrality. You can use a VPN within the legal parameters, however, intelligence agencies can use and share users’ information with other nations without their consent.
Windscribe, SurfEasy, and TunnelBear, are just a few VPNs that have to comply with Canadian data retention laws. You are going to be monitored, that’s inevitable. However, there are still some Canada VPNs that are safe.
Similar to Australia, Canada also doesn’t consider VPNs to be illegal. However, if you violate the terms and conditions of any service, let say Netflix or Hulu, you can either have your subscription canceled or won’t be able to access the site at all. [Source]
Bypassing geo restrictions through masking IPs, is in a gray area. In references to accessing streaming services through VPNs, Mitch Stoltz, a staff attorney at the Electronic Frontier Foundation said,
“While there are differences among the courts about the use of masking IP addresses to gain access to a site, it is pretty well established that simply violating the Terms of Service alone is not sufficient to warrant a violation of the Computer Fraud and Abuse Act.” [Source]
VPN Jurisdiction: United Kingdom
VPNs are legal within the territory of the UK, there are no bans and no restrictions on VPNs. That said, the country is a major part of the five, nine, and 14 eyes alliances.
As I mentioned earlier, the Investigatory Powers Act 2016, gives law enforcement agencies unimaginable power to carry out surveillance on its own citizens.
So while VPN providers are flourishing in the country, UK based VPN services have to follow British data retention laws.
For instance, you can exercise your freedom of expression right by hiding behind a VPN, however, Your online activities will still be under surveillance by the GCHQ.
On the bright side, The GDPR (General Data Protection Regulation) has already started affecting UK tech organizations. Data Protection Act (DPA) 2018, empowers U.K citizens to take control of their data.
Here’s a UK VPN guide that can help you circumvent online restrictions in the UK.
VPN Jurisdiction: USA
VPN usage is lawful within the US. However, the country is a part of five, nine, and 14 eyes groups.
Therefore, surveillance agencies can track users’ online activities through the support of ISPs. In addition to that, recent overturn of the net neutrality rules by the FCC, has created a ripple effect.
The official authorities do not censor online content, but the VPN providers have to store their subscribers’ data logs.
Recently, the US has abolished net neutrality rule. As a result, ISPs can charge an extra fee for providing specific content streaming. The initiative could hurt small and medium-sized business firms quite badly in the future.
That said, price discrimination can be tackled by VPNs. Here are some Best USA VPN You can consider.
Are Governments forcing VPN services to store users’ information?
Yes and no, there are some jurisdictions that are exempt from online surveillance. For instance, there are no mandatory data retention laws in Hong Kong. That is because Hong Kong is a Special Administrative Region (SAR).
This is primarily the reason why most Hong Kong-based providers offer [Source]
Similarly, Panama and British Virgin Island (BVI) are the other two known jurisdictions that are free from data retention laws.
On the other hand, countries from 5 eyes, 9 eyes, and 14 eyes have initiated stern actions that allow them to influence businesses to store their users’ data. They can compel VPN services to abide by the rules described by higher authorities.
This way, the information collected can be shared with other stakeholders. Intelligence agencies from other countries may also access the information if they wish to use it for their own purposes.
Surveillance Programs Operated by 5/9/14 Eyes
There are several surveillance programs carried out by the Five Eye nations. Thanks to Edward Snowden, we know details about most of these surveillance programs.
One of the most prominent programs involved the development of ECHELON surveillance systems during WWII. Built to monitor the Soviet Union’s communication, ECHELON computers were capable of storing millions of records. It was then later used to eavesdrop on private conversations and commercial communications.
Over 5 decades, ECHELON has aided the UK and United States to track enemies and allies alike with great precision. Although the scope has evolved since then the objective remains the same. [Source]
ECHELON was mostly talked about by conspiracy nerds, however, it was only until the Snowden leaks that everything came into plain sight.
The program was used by Bush administration to tap American phones without warrants. Just for perspective, one ECHELON facility in York-shire U.K monitoring 300 million emails and phone calls daily. [Source]
PRISM is one of the most talked about surveillance program conducted by the 5 Eyes.
It was a code name project run by NSA and its main objective was to monitor and record internet communications.
Several tech companies were part of the program, including the likes of Google, Facebook, Yahoo, AOL, YouTube, Microsoft, Apple, and Skype.
According to the revelations unveiled by Edward Snowden about PRISM, NSA could conduct mass surveillance on live communications and record information such as emails, conversations over VoIP services (Skype), social media activities, file transfers, videos, pictures, voice and video chats, and internet browsing history.
Likewise, NSA and other intelligence agencies could summon special requests to ISPs and tech companies and demand for data regarding specific users.
The extent of surveillance was not only restricted to the NSA. Other intelligence agencies such as GCHQ of UK could also use the program to intercept communications of civilians.
In short, any operative from NSA, FBI, CIA, DIA or other agency could know anything about anyone using PRISM.
XKeyscore is another program run by the NSA in collaboration with intelligence agencies from Australia and the UK.
The primary aim of this program was to search and analyze internet traffic from around the world.
Edward Snowden revealed top-secret documents pertaining to XKeyscore, unveiling how NSA was able to monitor, record, and analyze communications and internet usage of just about anyone.
In an interview, with a German broadcaster asked Edward Snowden about the capabilities of XKeyscore and he replied:
“You could read anyone’s email in the world, anybody you’ve got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you’re tracking: you can follow it as it moves from place to place throughout the world…”
Investigatory Power Act
The GCHQ and other intelligence agencies in the UK are just as involved in cyber surveillance as NSA.
With the passage of Investigatory Power Act, ISPs and telecom companies can record internet browsing history, conversations, text messages, and all other forms of communications.
This data is stored for two years and gives full liberty to intelligence agencies to access it for their use.
Other Notable Surveillance Programs
In addition to the above-mentioned programs, other initiatives undertaken by the Five Eye nations included:
- Signals Intelligence
- Data Retention Bill in Australia
Do Additional Eyes Exist?
Edward Snowden has revealed more or less 30 countries that are working as third-party partners. They support eyes countries by different surveillance acts like cyberspace monitoring, information, wire-tapping and so on.
Here is the list of countries that are acting as allies of eyes territories.
- South Korea
- United Arab Emirates
If you’ve ever seen the movie, “Enemy of The State”, then you know how powerful NSA’s surveillance really is.
With surveillance programs stretching to international borders, several alliances have formed over the years. The most famous of all is 5 Eyes, 9 Eyes, and 14 Eyes.
However, does select a VPN from any of these locations puts your security in jeopardy? We seek to answer this with our guide. There are several factors that go into selecting a VPN, and its jurisdiction of operations is the most important one.
I not against surveillance agencies, after all, they’re the reason we can sleep safely at night. However, don’t you think it might be better if at least they can be a little bit transparent about it?
Anyways, that’s just my personal thought. I hope you found this blog informative, hopefully, you’ll have an easier time deciding which VPN service to go with.
Your feedback is important to us. Let us know if this article was helpful?