Donate
What to Look for When Choosing a VPN Thumbnail
‹ Back
Technology 24 October 2019

What to Look for When Choosing a VPN

We welcome this guest post from Top10VPN.com, an Organization Member of the Internet Society.

The search for online privacy has driven a quarter of the world’s Internet users to download a Virtual Private Network (VPN). VPN services are now an important tool for anyone concerned about security and privacy on public networks.

There’s a world of difference between VPNs, though. Without clear and unbiased information many users are forced to navigate their choice of VPN without much clarity.

Why is choosing the right VPN provider so important?

Whenever you switch on a VPN you are entrusting its provider with your personal data, browsing activity, and sometimes even your security. For this reason, VPN providers must be held to a higher standard than most products. It’s important you do your due diligence when making a decision.

What should I look out for? 

A good VPN will ensure that no one – even the VPN itself – can see what the user is doing online. Consider the following qualities:

Technical Security

The most secure VPN services will be transparent about the measures they have in place to safeguard their users and their business.

Any VPN worth its salt will offer the latest and most secure levels of encryption, a wide selection of strong protocols, and a range of additional security features including kill-switches, split-tunneling, and Tor compatibility.

Look for features like AES-256 encryption, OpenVPN functionality, and products that are independently audited by a respected third party. You should also look for VPNs that accept anonymous payments, incorporate open source software where appropriate, and have a clear policy for disclosing vulnerabilities.

Some VPNs can suffer from IP and DNS leaks. These leaks can be seen and collected by your ISP or any other entity that’s able to access your network. Needless to say, this renders the VPN effectively useless in terms of protecting your privacy.

Ultimately, a secure service will have several measures in place to protect user data and will actively offer the most sophisticated security standards available. Be sure to test your provider for leaks and ensure that respected third-parties have validated your provider’s claims of security.

Privacy Policy

Evaluating the privacy policy is one of the most important stages in assessing a VPN. Unfortunately, there are some products on the market with policies that leave room for improvement.

The best VPNs have ‘zero logs’ policies which, if implemented properly, will not store any identifying data. However, many providers use this term with very little substantiating evidence, and it can be difficult to know with complete certainty whether a provider is logging or not.

Secure VPNs will only log a minimal amount of basic connection data like bandwidth usage, server load, or server location. This is used to optimize provision of the service, and can’t be used to identify a user. Some VPNs, by contrast, have been found to log activity data including the originating IP address, DNS requests, and even a user’s entire online history – websites visited, files downloaded, and message contents included.

To make matters worse, the logging policies of some providers are often vague or unnecessarily complicated. It’s not uncommon for some VPN services to avoid directly stating whether their policy applies to connection logs, activity logs, or both. A provider might advertise ‘zero-logs’ or ‘minimal logs’ for one type of data, but continue to record the other.

It should be clear exactly what type of data your VPN creates and stores during or after a session. Look for VPNs that explain clearly what their logging policy is and VPNs that have a demonstrated history of inability to cooperate with legal data requests for this reason.

Make sure you read your provider’s privacy policy in full, or consult a third party who can do this research for you. 

Location and Jurisdiction

Jurisdiction is an important issue that’s often overlooked. Every VPN provider is bound to local laws and regulations. It’s crucial that you are aware of these laws and how they might affect your privacy.

In theory, if a provider’s logging policy is watertight, its jurisdiction shouldn’t matter. That being said, any legitimate VPN provider will have clear procedures for responding to requests from law enforcement regardless of its logging policy. These procedures, including a warrant canary, should be publicly available along with any measures in place to protect user data if a third party were to gain access to their servers.

It’s wise to check the country your VPN is based in, the laws of that country, and the company’s history in terms of cooperation with law enforcement.

Ownership and Business Model

VPN services can monetize your data in unexpected ways. It’s expensive to develop and operate a reliable VPN, and many services choose to subsidize these costs with income from other channels.

It’s possible that some form of data collection, sharing, or sale is occurring in order to cover the cost of the product. Many services also rely heavily on advertising, which is less than ideal for privacy.

Providers should clearly explain how they make money and how your financial details are processed. You should be able to easily tell whether a service runs on user subscriptions alone or if it also profits from the processing of personal data.

Before buying a subscription or reading a review, make sure you understand who ultimately owns the VPN service and whether or not it can be trusted.

You should be able to find the company’s legal name if it differs from its brand name, along with information on any other entities that control or invest in the provider’s services. Be sure to find out if these groups have financial stakes in other VPN products, and if so, whether they share information between them.

Determining your standards 

People use VPNs for many different reasons. Whether you’re picking a service for streaming, torrenting, censorship circumvention, or strictly for privacy purposes, it’s important to understand whether your chosen provider offers all the necessary features you need.

Once you have an idea of how your VPN stands up in terms of technical security, privacy, and business model, it’s worth considering broader qualities like customer support, speed, and device compatibility.

Some VPNs offer dedicated servers for specific streaming platforms, while others can give you a connection specifically optimized for torrenting. Check the company’s website and third-party reviews to see if your provider will work with the platforms you need and provide speeds that are sufficient for your purposes. You can also find out whether its servers will work in heavily-censored countries.

Check to see if your provider has dedicated apps for each of your devices. A lack of native support for your tablet, smartphone, or streaming device means you could risk partial protection and a suboptimal user experience.

Can you trust your VPN?

At the most basic level, a trustworthy VPN will never collect, share, or sell user data without appropriate legal precedent. Make sure to consider its business model, location, technical security and privacy policy. If it’s unable to provide clear answers to all of these questions, it’s probably not worth your time.

Common sense can save you a lot of trouble. Review your provider’s reputation and never use a VPN you’re not fully comfortable with. Just like you wouldn’t give a stranger unrestricted access to your home, you shouldn’t give unfamiliar applications access to your personal data.

Ultimately, if you’re really concerned about security and performance, you should be using a VPN that’s independently tested and well-reviewed by unbiased experts.

A good VPN can be seen as an investment in your security, privacy, and freedom – to prevent costly data loss, open up your browsing capabilities, and protect your right to privacy.

Ready to do more? Read The Lazy Person’s Guide to Better Online Privacy.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Five Steps You Can Take Right Now to Increase Your Privacy
Five Steps You Can Take Right Now to Increase Your Privacy
Privacy1 September 2017

Five Steps You Can Take Right Now to Increase Your Privacy

You should care about your privacy online even if you think you have nothing to hide. A key aspect of...

KRACK proves we need more encryption on the Internet
KRACK proves we need more encryption on the Internet
Encryption16 October 2017

KRACK proves we need more encryption on the Internet

A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption,...

DNS privacy in new Android 9
DNS privacy in new Android 9
Deploy36021 August 2018

DNS privacy in new Android 9

I recently enrolled in the Android developer preview programme and got hold of the Android P (9 beta) OTA image...

Join the conversation with Internet Society members around the world