If you've ever used a VPN, or are concerned about online privacy, you've probably stumbled across references to "Five Eyes," "Nine Eyes," and "14 Eyes."

But what exactly do these surveillance alliances do? And can they affect the privacy and security of your VPN service?

What Is Five Eyes?

Five Eyes is a nickname for an alliance of countries, spearheaded by the USA and UK. Officially it is known as the United Kingdom--United States of America Agreement (UKUSA).

The Five Eyes countries are the UK, USA, Canada, Australia, and New Zealand. The deal has its origins in a World War II intelligence-sharing agreement between Britain and America.

Five Eyes has given birth to many of the most notable privacy scandals in recent years, including PRISM, XKeyscore, and Tempora.

Today, its powers are intrusively wide-ranging. According to the Electronic Frontier Foundation, the five governments can force any "communications service provider" (including ISPs, social media platforms, email providers, cell phone networks, and more) to:

  • Insert malware on its users' devices.
  • Ignore existing laws in pursuit of Five Eyes directives.
  • Interfere with people's user experience.
  • Provide governments with new product designs in advance.
  • Provide user information as requested in secret warrants.

For most purposes, these powers may well seem excessive.

What Is Nine Eyes?

Nine Eyes is another intelligence sharing agreement, an expansion of the original Five Eyes alliance. The Nine Eyes countries includes all the Five Eyes members, plus Denmark, France, the Netherlands, and Norway.

Its powers and dedication to information sharing is broadly the same as the Five Eyes agreement.

What Is 14 Eyes?

Another alliance that adds another five countries is also in operation. The 14 Eyes countries are Germany, Belgium, Italy, Spain, and Sweden plus those of the Nine Eyes group.

Interestingly, both France and Germany have been close to becoming full Five Eyes members in 2009 and 2013 respectively. The two agreements both fell through for various reasons.

Lastly, it's important to mention Israel and Singapore. Israel reportedly enjoys observer status with the main Five Eyes group, while Singapore has partnered with the group but is not an official member.

What Do Five/Nine/14 Eyes Alliances Mean for Your VPN?

Given the sweeping powers granted by the three agreements, you would rightly be concerned about the potential impact they have on your choice of VPN service.

It's all a question of jurisdiction. When talking about a VPN provider's jurisdiction, there are three things to consider:

  • Local laws: Some countries outright ban VPN usage.
  • Company location: The state in which the VPN provider is registered and has its physical offices.
  • Server location: VPN providers typically offer servers in many different countries.

From a surveillance perspective, the two things you need to worry about are the company location and the company servers.

A VPN provider with either a physical address, or servers in the countries listed, could be compelled to hand over any information it has, including connection logs and browser traffic. The country might even monitor a VPN server's inbound and outbound traffic. Worse still, the governments can forbid the provider from even notifying the affected customers.

This means that you lose the chance to respond to the invasion of privacy.

And, of course, due to the very nature of the agreements, once your information has been acquired by one country, it's in the system. Ultimately, it could be shared with the other countries if they request it.

Should You Use a VPN in a 14 Eyes Country?

If privacy is your main priority, do not use a VPN that's domiciled in one of the Five, Nine, or 14 Eyes countries. Nor should you connect to servers in one of those countries when using a VPN provider from a non-14 Eyes member.

If you really need to use a VPN provider from one of the Five, Nine, or 14 Eyes member countries (for example, due to a unique feature), make sure you select one that explicitly does not keep logs. However, not even that can adequately protect you.

For example, you don't need to look any further than the once-popular US-based email provider, Lavabit.

In 2013, when the FBI found out Edward Snowden had used the service, it requested the company's logs. The company did not keep logs, so the FBI instead issued a subpoena for the SSL keys. The keys would have given the FBI access to metadata and unencrypted content for all Lavabit users.

To its credit, rather than hand over the information, Lavabit opted to suspend operations, returning four years later in 2017 with an end-to-end encrypted email service called DIME.

Can you be as confident that your VPN provider would be equally willing to fall on its sword?

VPNs in 14 Eyes Surveillance Countries: Which to Avoid

A surprising number of mainstream VPN providers have their headquarters in one of the Five Eyes/Nine Eyes/14 Eyes countries. Here are a few popular ones to watch out for:

  • Hotspot Shield
  • StrongVPN
  • Private Internet Access
  • LiquidVPN
  • IPVanish
  • HideMyAss
  • SaferVPN
  • VPNSecure
  • Getflix
  • UnoTelly
  • Mullvad
  • PrivateVPN

To reiterate, these services aren't necessarily bad. If your main reason for using a VPN is to circumvent geo-blocking on Netflix and other online services, you might have no choice but to sign up.

However, if you want a VPN for its privacy and security benefits, you should look elsewhere. Take the time to understand what VPNs can and cannot do, what data they protect, and what they cannot. Choose a VPN based on the degree of privacy you need, and if possible, take better precautions to stay hidden online.

Can You Trust Your VPN?

Considerable privacy can be breached by the security agencies of 14 eyes countries. To recap, the alliances are:

  • Five Eyes Alliance
    • USA
    • UK
    • Canada
    • Australia
    • New Zealand
  • Nine Eyes Alliance (the above, plus)
    • Denmark
    • France
    • The Netherlands
    • Norway
  • 14 Eyes Alliance (all the above, and)
    • Germany
    • Belgium
    • Italy
    • Spain
    • Sweden

Don't forget, Israel and Singapore each have special arrangements with these alliances.

With this in mind, if privacy is important to you, take special care when choosing a VPN service and connecting to a VPN server.