Can police track VPN users?

The pipeline: police identify your IP from a target site or torrent, ask your ISP who that IP belongs to, learn it's a VPN exit, then go to the VPN provider with a court order. If the provider has logs, they hand them over; if not, the trail dies.

This is why no-logs evidence matters more than 'no-logs claims.' A claim is marketing; evidence is what survives a search warrant.

Private Internet Access (PIA) had no data to hand over to US courts in 2016 and 2018 — both times the cases proceeded without VPN-derived evidence.

ExpressVPN's Turkish servers were physically seized in 2017 during the Andrey Karlov assassination investigation; investigators found no logs.

Mullvad's Gothenburg office was raided by Swedish police in 2023 under a search warrant; they had nothing to hand over.

Payment: a credit card or PayPal account ties the VPN subscription to you. Mullvad and IVPN accept cash and Monero specifically to break this link.

Account login: signing into Gmail, your bank, or social media over the VPN tells those services exactly who you are — the IP is the only thing that's hidden.

Local context matters. Germany's Abmahnungen target visible torrent traffic; France's Hadopi/Arcom does the same; the Netherlands' BREIN follows the same playbook. None of these can pierce a no-logs VPN, but they can come for you if your VPN drops mid-download and your real IP shows up.