How it works
AirVPN is a centralised VPN run since 2010 by a group of Italian activists and hacktivists, with the operating company based in Perugia. Traffic runs over OpenVPN and WireGuard, terminating on servers the operator controls across around twenty countries. The desktop client, Eddie, is open source and available for Windows, macOS and Linux; there is also an Android app, and the site generates standalone configuration files for routers and third-party clients.
The user flow is short. You create an account with a username and a password — no name, no phone, and an email address that is optional and may be a random string. You pick a plan, pay, and either run Eddie or import a generated config. From there AirVPN routes your traffic, assigns the exit IP, and offers extras such as port forwarding and a configurable kill switch. As with any VPN, the operator can see your real IP while you are connected; the question is what it keeps.
KYC & privacy
Nothing about signup identifies you. There is no KYC, no ID check and no verification step at any tier — the account is a username and a password. Payment is where most of the privacy is won or lost, and AirVPN accepts Bitcoin, Lightning, Monero, Litecoin, Bitcoin Cash and Dogecoin alongside cards and PayPal through a processor. A Monero or Lightning payment leaves no usable identity trail.
The no-logs policy states that AirVPN does not record your IP address, traffic, browsing or DNS queries. It temporarily holds the server you are connected to for the length of a session, then discards it. A .onion address is available for users who would rather not touch the clearnet site at all. One regional quirk: the Italian company bars Italian residents from using the service, a legal posture rather than a privacy one.
Strengths and limits
The strongest argument for AirVPN is time. It has run for sixteen years with no breach, no exit scam and no acquisition by a larger company that might quietly rewrite the terms. In 2015 servers were seized by police in Canada; by AirVPN's account nothing was recovered, which is the closest thing to a real-world test a no-logs claim can get. The open-source Eddie client means the software, at least, is inspectable.
The limits are concrete. AirVPN has never commissioned an independent audit of its servers, infrastructure or no-logs policy — a gap competitors such as Mullvad and IVPN closed years ago with repeated third-party reviews. The server network is smaller than the mainstream brands, and reviewers consistently describe Eddie and the web dashboard as capable but dated and awkward. The 2015 episode also exposed slow, unclear communication from the operator. None of this is a red flag; all of it means the no-logs promise rests on trust rather than proof.
Verdict
AirVPN suits users who want anonymity from signup through payment and are willing to weigh a long, clean record against the absence of a formal audit. It is not the choice for someone who needs audited proof or a modern, polished app. The privacy architecture is close to the best a centralised VPN can manage; the missing audit is what keeps it a step below the field's audited leaders. Grade: A- (8.7/10). Trust: TRUSTED.
AirVPN earns its standing the hard way: sixteen years without a breach, anonymous from signup to payment, and a 2015 seizure that recovered nothing. The one missing piece is a formal audit, which keeps it a notch below the field's audited leaders rather than among them. Grade: A- (8.7/10). Trust: TRUSTED.
