5/9/14 Eyes Countries & VPNs: What You Need to Know (2023)
- What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?
- Surveillance Systems Used By These Alliances and the Data They Collect
- How Can This Affect VPN Users?
- 3 Best VPNs Outside 14 Eyes Countries
- ExpressVPN — Overall Best Privacy VPN Based Outside of the 14 Eyes Countries
- CyberGhost — Dedicated NoSpy Servers Based in Privacy Haven Romania
- NordVPN — Route Your Connection Through Two VPN Servers for Added Protection
- Additional Privacy Measures to Consider
- FAQs on the 5/9/14 Eyes Alliances and VPNs
- The Bottom Line
If you’re a VPN user, you’ve probably heard of the 5 Eyes, 9 Eyes, and 14 Eyes Alliances. These alliances may sound like something out of a spy movie, but they pose a very real threat to your privacy.
The Eyes Alliances are international intelligence-sharing agreements between governmental bodies. Participating countries are known to spy on their citizens through various means, acquiring sensitive and private information that may be shared with the other members of the alliance. But what exactly does that mean for you? And will a VPN really protect you from these threats to your privacy?
The answer is yes — but only if you choose a quality and trustworthy VPN. There are many critical features you have to consider in a VPN to ensure your privacy really will be protected. My top recommendation is ExpressVPN, which is based in the privacy-friendly British Virgin Islands, outside the reach of the Eyes Alliances. It’s also passed several independent security audits from top auditing firms, meaning that you can use it with confidence.
Short on Time? Here Are the Best VPNs Outside 5/9/14 Eyes Jurisdiction in 2023
- Editor's ChoiceExpressVPN
Top choice for privacy with a verified no-logs policy, based in the British Virgin Islands.70% of our readers choose ExpressVPN
Romania-based with exclusive "NoSpy" servers, accessible only by authorized staff.
Panama-based, featuring Double VPN for enhanced encryption and online activity privacy.
What Are the 5 Eyes, 9 Eyes, and 14 Eyes Alliances?
5 Eyes Alliance
The 5 Eyes Alliance arose out of a cold war era intelligence pact called the UKUSA Agreement. This was originally an intelligence-sharing agreement between the United States and the UK aimed at decrypting Soviet Russian intelligence.
By the late 1950s, Canada, Australia, and New Zealand had also joined the Alliance. These five English-speaking countries make up the Five Eyes Alliance as we know it today. The intelligence-sharing agreement between these five countries has only strengthened over time, extending to surveillance of online activity.
The scope of activity performed by the Five Eyes Alliance was made clear in 2013 after Edward Snowden leaked a number of documents that he obtained while working as an NSA contractor. Widespread government surveillance of citizens’ online activity was exposed to the public. The leak provided clear evidence that the international intelligence-sharing network was more extensive than previously thought.
Evidence was also revealed of member countries using the alliance to circumvent the privacy laws of their own citizens. For example, the UK was found to be working around surveillance laws protecting its populace by asking the USA’s NSA to spy on UK nationals instead. They would then simply request the NSA share the data they pulled. Very clever.
The UK and US in particular have been named as some of the worst violators of online privacy. Here’s a further example of how each country has and continues to monitor the personal information of its citizens:
- United Kingdom. In November 2016, the Royal Assent passed the Investigatory Powers Bill (aka Snoopers’ Charter) into law. The bill grants exclusive surveillance powers to the government. As per the act, internet service providers are required to retain user data such as browsing history, connection times, and text messages for two years, which can be accessed by government agencies and their partners without a warrant.
- United States. After the 9/11 incident, the NSA was authorized to monitor the phone calls and internet data of millions of Americans without a warrant. In 2017, the US Senate also approved a law that would give ISPs the authority to collect and sell user data without their consent.
Other member nations have also implemented similar data retention laws. For example, in 2015, the Australian government passed a law that mandates ISPs to retain customers’ metadata for 2 years.
Member countries of the 5 Eyes:
- United States
- United Kingdom
- New Zealand
9 Eyes Alliance
The 9 Eyes is an extension of the 5 Eyes Alliance. It includes all the 5 Eyes nations and 4 additional countries: Denmark, France, the Netherlands, and Norway. The alliance was established to enhance intelligence sharing between member nations, with the common goal of preventing threats to national security.
- 5 Eyes countries +
- The Netherlands
14 Eyes Alliance
The 14 Eyes alliance is a further extension of the 5 Eyes. It consists of the 9 Eyes countries and 5 additional members: Germany, Belgium, Italy, Sweden, and Spain. This group of countries is officially called SIGINT Seniors Europe (SSEUR).
- 9 Eyes countries +
Aside from these confirmed alliances, it is also worth mentioning another handful of countries that have been caught or suspected of exchanging information with the Fourteen Eyes Alliance. These include Israel, Japan, Singapore, and South Korea.
Possible 6th Eye?
The 6th Eye is a term used to refer to Japan as a possible addition to the 5 Eyes Alliance. While Japan is not officially a member of the alliance, it has close intelligence-sharing relationships with the 5 Eyes countries.
In August 2020, the Japanese Defense Minister expressed the desire for even closer cooperation with the 5 Eyes and suggested that Japan could become known as the “6th Eye”. Both the US and UK have shown interest in Japan’s possible involvement. However, the concept of Japan being the 6th Eye is not an official designation and remains largely speculative.
Surveillance Systems Used By These Alliances and the Data They Collect
These alliances have a large number of mass surveillance systems in place, with some remaining unknown to the public. Some that have received significant media attention include:
ECHELON is a global surveillance program operated by the 5 Eyes countries. It was originally developed to intercept the military and diplomatic communications between the Soviet Union and its Eastern bloc allies during the Cold War.
By the end of the 20th century, the program had expanded beyond its original scope. Reportedly, it can now monitor telephone calls, faxes, e-mails, and other data streams. It can even trace bank account activity.
PRISM is a US government-led initiative that allows the USA’s National Security Agency (NSA) to collect communications data from big corporations like Microsoft, Facebook, Google, Apple, Yahoo, and others. The program was revealed to the public by Edward Snowden in 2013.
XKeyscore is yet another mass surveillance program operated by the NSA. This can collect and analyze internet data in real-time. According to Snowden, the system enables almost unlimited surveillance. NSA analysts can access your phone calls, emails, search history, and even Microsoft Word documents without a warrant.
How Can This Affect VPN Users?
While a VPN with military-grade encryption can protect you from these surveillance systems, the alliances are always devising more methods to get at your data. For example, in 2018, the 5 Eyes countries released a statement calling on tech companies (including VPN providers) to provide a means for law enforcement to access end-to-end encrypted communications.
Australia is an example of a country that has already passed a bill that permits government authorities to access user data, even if it’s encrypted.
There have also been several instances where VPN providers shared user data with authorities. Riseup, a US-based privacy-focused email/VPN provider, complied with two warrants to share user data. However, the company didn’t disclose this information to the public until much later because of a court-issued gag order.
As another example, UK-based HMA VPN handed over user data to the feds in response to a court order in 2011, which led to the arrest of a LulzSec hacker.
It is also safe to assume that if any of these 14 nations gain access to your data online, your data can then be shared with the other countries in the alliance.
What Can You Do?
So, how do you protect your online data? A VPN should still be your first line of defense against invasive surveillance and monitoring, but your choice of provider is highly important. Not all VPNs will keep you safe from the Eyes Alliances — as I’ve shown above, some do and will continue to cooperate with them.
Listed below are a few critical things to consider if you’re (rightfully) concerned about your online data while using a VPN.
Check the Location of Your VPN’s Headquarters
It’s important to consider where your VPN is headquartered as a business. It’s strongly recommended that you do not choose a VPN provider based in a country associated with the Fourteen Eyes Alliance if you are concerned about online privacy.
If it is, your VPN provider could be forced to hand over user information to the government. This data could then be shared with other countries in the alliance. You may not even know that your privacy has been breached.
Check Your VPN’s No-Logs Policy
The many ways that VPNs can fall under the jurisdiction of various governments (such as the location of the user, location of the server, etc) is why the best VPNs for privacy have strict no-logs policies. This means that they do not retain any kind of identifying information about their users or their online activity.
A great example of this policy in action comes from the well-known VPN provider ExpressVPN. During a Turkish investigation into an ExpressVPN user, law enforcement tried to compel this VPN to hand over identifying data. Despite their best attempts, authorities were unable to find any identifying information due to ExpressVPN’s commitment to protecting its users’ privacy.
Check VPN Legality in Your Country
You need to be aware of the online laws and regulations regarding VPNs of the country you live in. For example, is VPN use even legal in your country? In most cases, the answer is yes, but not always.
Some countries (like China and Iran) have heavily regulated VPN use to a short list of “government approved” VPNs — which you can safely assume are sharing data with the authorities. Others have outright banned VPNs altogether. We always recommend you check your local laws regarding VPNs, as we do not condone breaking the law.
3 Best VPNs Outside 14 Eyes Countries
If privacy protection is the goal, you should always choose a VPN with a strict no-logs policy that is based outside of Eyes Alliance jurisdiction. Even this isn’t enough if you’re serious about staying private online — you need to choose a VPN that is truly dedicated to privacy and can back this up with robust features and proven policies. That’s why I tested dozens of VPNs outside of the 14 Eyes jurisdictions to find the best ones for protecting your personal data.
Tested December 2023 Try Risk-Free for 30 Days
|VPN HQ Location||British Virgin Islands|
|Best Privacy Feature||Automatic server obfuscation to hide VPN use|
|No-Logs Policy||Strict no-logs policy that has passed multiple independent audits and been proven in real-life cases|
|Simultaneous Device Connections||8|
Having used ExpressVPN for years, I can confidently say that it’s the ideal choice for privacy enthusiasts. ExpressVPN doesn’t store identifiable information, and this has been proven in real-life cases. For example, Turkish law enforcement seized an ExpressVPN server looking for evidence to identify and incriminate a user of the service. However, as ExpressVPN doesn’t keep logs, no identifiable data was ever found.
ExpressVPN is based in the privacy-friendly British Virgin Islands (BVI), so it can freely honor its no-logs policy without any government interference. This means that it isn’t legally obligated to store or share user data even if the request is made by government officials or any 14 Eyes countries.
In addition, ExpressVPN uses a RAM-based server configuration, which wipes user data from previous sessions after every reboot of the server. None of your personal data should ever be accessible.
Its no-logs claims have been verified on several occasions. For example, in 2019, PricewaterhouseCoopers (PwC) exhaustively examined its servers and code and confirmed its privacy claims as valid. The claims were again verified by Cure53 and KPMG in 2022.
ExpressVPN has even open-sourced its browser extensions for anyone to examine its code, which goes to show the level of confidence it has in its offerings.
You’re covered by a 30-day money-back guarantee when you sign up for ExpressVPN. If you’re not satisfied, it’s easy to get a full refund.
- Strong security. ExpressVPN offers AES 256-bit encryption with perfect forward secrecy, which regularly changes encryption keys to make your data even more difficult and time-consuming to decrypt. Plus, it offers leak protection and a kill switch to prevent IP/DNS leaks.
- Secure and fast Lightway protocol. ExpressVPN’s proprietary Lightway protocol is 100% open-source and has passed a thorough independent audit performed by Cure53, so you can rest assured that it offers top security. As an added bonus, Lightway is one of the fastest protocols we’ve tested. On nearby servers, we only experienced a speed drop of 5%.
- Automatic server obfuscation. ExpressVPN uses obfuscation on all its servers to hide the fact that you’re using a VPN. This allows you to bypass tough firewalls and VPN blocks. The best part is that it activates automatically when the app detects network restrictions.
- P2P support. All of ExpressVPN’s servers are P2P-friendly. This means you can securely and privately torrent for hours without interruption or slowdowns.
|VPN HQ Location||Romania|
|Best Privacy Feature||Specialized NoSpy servers prevent third-party interference|
|No-Logs Policy||Strict no-logs policy supported by quarterly transparency reports|
|Simultaneous Device Connections||7|
As a cost-effective VPN choice, CyberGhost stands out due to its firm dedication to privacy. Operating beyond the reach of the 14 Eyes Alliance, it utilizes sturdy 256-bit military-grade encryption to protect your online activities and strictly adheres to a no-logs policy.
Its policy was put to the test in 2019 when a customer survey firm it works with was compromised. The breach resulted in the exposure of 14 CyberGhost usernames. However, no sensitive information was leaked because the company doesn’t store any.
To add to this, CyberGhost regularly releases transparency reports. These contain information about legal requests it has received over the years to hand over user data and how CyberGhost responded to those requests. Thanks to its no-logs policy, CyberGhost has never had anything to share with authorities.
I also appreciate that CyberGhost offers NoSpy servers that are housed in its own headquarters in privacy-haven Romania. These are highly secure servers that only CyberGhost employees can access. This adds an additional layer of privacy by reducing the risk of third-party interference.
It’s very affordable — you can get CyberGhost for just $2.03/month with its long-term plan. Plus, its generous 45-day money-back guarantee lets you try CyberGhost risk-free for much longer than most VPNs.
- Extra privacy protection on Windows. CyberGhost’s Privacy Guard feature lets you disable the intrusive functionalities of your Windows device. For example, you can disable geo-tracking, disable Microsoft account syncing, and stop Windows from collecting your data.
- WireGuard support. CyberGhost supports WireGuard, which joins Lightway as one of the faster VPN protocols out there. It’s lightweight, open source, and thoroughly audited. Using WireGuard, I experienced fast speeds on CyberGhost’s nearby servers in my tests. However, its long-distance connections were a bit slower than ExpressVPN.
- Wi-Fi protection. This feature allows you to customize your VPN behavior when you connect to a new network. For instance, if you set the default action to “protect”, you’ll be automatically connected to the VPN when you connect to an unknown network.
- Content Blocker. In addition to blocking ads and malicious domains, CyberGhost’s Content Blocker will prevent trackers from being able to identify and monitor your browsing activity.
|VPN HQ Location||Panama|
|Best Privacy Feature||Double VPN feature hides your activity with multiple IP changes and encryption layers|
|No-Logs Policy||Strict no-logs policy verified twice by independent audit|
|Simultaneous Device Connections||6|
NordVPN is another excellent option for those looking for a VPN based outside of the 14 Eyes jurisdiction. It’s based in Panama, which is a privacy-friendly country with no data retention laws. Plus, the internet in Panama is not subject to government surveillance.
What sets NordVPN apart is its Double VPN feature. This routes your traffic through two VPN servers instead of one, encrypting your data with two layers of AES 256-bit encryption. This makes it even harder for government agencies to get hold of your sensitive data. Your IP address is also replaced twice, making it near-impossible to trace your online activity back to your home network.
NordVPN also enhances your online privacy by blocking ads and trackers with its Threat Protection feature. Plus, it also scans your downloaded files for malware and blocks them before they could infect your device. I tested this feature by visiting ad-heavy forbes.com, and it blocked all the ads and trackers on the page.
The service follows a strict no-logs policy. These assertions have been independently confirmed by PwC on two occasions — initially in 2018 and subsequently in 2020. Moreover, in late 2022, the esteemed audit firm Deloitte corroborated that NordVPN upholds its no-logs commitment.
You can always claim a full refund within 30 days if you want to try NordVPN out first. Its money-back guarantee is legit and it’s easy to get a refund.
- Dark web monitor. This feature continuously scans the dark web and alerts you if credentials associated with the email address you used to sign up with NordVPN are exposed in a data breach.
- NordLynx. This is NordVPN’s proprietary protocol that uses WireGuard technology but improves upon it by implementing double Network Address Translation (NAT) to further increase security and performance. Despite the added security, NordLynx is still a close match to Lightway and WireGuard in terms of speeds.
- Obfuscated servers. NordVPN also offers obfuscated servers, so you can use the VPN on restrictive networks. However, unlike ExpressVPN, obfuscation isn’t automatic.
- Onion over VPN support. This lets you access the dark web without the need for the Tor browser. Plus, it also adds an additional layer of privacy because your traffic is first encrypted by NordVPN and then sent through 3 random onion servers, which have their own encryption layers.
Additional Privacy Measures to Consider
Below are additional measures you can take to enhance the security of your online privacy even further.
- Use an anonymous email. Anonymous email services encrypt the content of your message and do not contain identifiable information. ProtonMail is an excellent example, but if you need more options, you can check out our article on the best private emails.
- Switch to a privacy-friendly browser. Many popular browsers (like Chrome) collect your data and target you with ads through their marketing partners. However, you can prevent this by switching to trusted private browsers like Brave and Tor.
- Don’t overshare. Do not share personal or identifiable information on public apps. Many online services also allow you to disable the logging of your browsing activity and location data. I recommend you disable these tracking services if possible, and avoid apps that don’t allow you to prevent your data from being shared.
FAQs on the 5/9/14 Eyes Alliances and VPNs
Are the 5/9/14 Eyes Alliances the only international surveillance networks?
No, they’re not the only ones, just the most well-known international surveillance networks. There are several other intelligence-sharing agreements between nations that may affect you to varying degrees.
Some other examples include the Quadrilateral Security Dialogue (also known as the Quad), SIGINT Seniors of the Pacific (SSPAC), and Shanghai Cooperation Organization (SCO). These networks include countries such as India, Thailand, China, and Russia, to name a few. Many of the nations in the Eyes Alliances are also members of these additional surveillance networks.
Using a VPN in a member nation of the above surveillance networks could put your personal data at risk — even if the country isn’t a part of the Eyes Alliances. That’s why it’s so important to choose a VPN that has a strict no-logs policy and is based in a privacy-friendly country.
Why is it called the 5 Eyes Alliance?
The name “5 Eyes Alliance” originated as a shorthand for the “AUS/CAN/NZ/UK/US EYES ONLY” caveat, used to mark confidential documents. It was formed during the cold war with the goal of intercepting communications between the Soviet Union and its allies. However, it has expanded beyond its original scope and is now used to monitor communications worldwide.
Therefore, it’s important that you use a VPN with a strong focus on privacy.
Is Iceland part of the 14 Eyes?
No, Iceland is not a member of the 14 Eyes Alliance, nor are they known to be a third-party contributor. Iceland is a privacy-friendly country with no data retention laws.
According to the Icelandic Data Protection Act passed in 2018, data must be collected fairly and lawfully. Tech companies must also have users’ explicit consent for them to collect data.
This means citizens of Iceland and VPN providers based in the country are outside the scope of the 14 Eyes Alliance. Still, your personal data can be shared without your consent with an untrustworthy VPN, regardless of where you or the provider is based. It’s always best to choose a VPN with a strict no-logs policy and strong privacy features.
The Bottom Line
Online privacy is becoming a bigger concern for internet users as international surveillance practices grow larger and more effective.
There are many reasons to be wary of government powers having access to your data and online activity, particularly when international intelligence-sharing agreements can allow nations to bypass their own privacy protection laws. If you wish to keep your personal data private, a VPN is your first and strongest line of defense.
When choosing a VPN, it’s important to stick to a reputable provider that offers a strict no-logs policy and is based outside of the 14 Eyes countries. I recommend ExpressVPN because its no logs claim has been independently audited multiple times and proven in real legal challenges. Plus, it’s even backed by a 30-day money-back guarantee, so you can try ExpressVPN risk-free. If it’s not for you, it’s easy to get a full refund.
To summarize, here are the best VPNs outside 5/9/14 Eyes countries in 2023...
Your data is exposed to the websites you visit!
Your IP Address:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.