We welcome this guest post from Top10VPN.com, an Organization Member of the Internet Society.
The search for online privacy has driven a quarter of the world’s Internet users to download a Virtual Private Network (VPN). VPN services are now an important tool for anyone concerned about security and privacy on public networks.
There’s a world of difference between VPNs,
though. Without clear and unbiased information many users are forced to
navigate their choice of VPN without much clarity.
Why is choosing the
right VPN provider so important?
Whenever you switch on a VPN you are
entrusting its provider with your personal data, browsing activity, and
sometimes even your security. For this reason, VPN providers must be held to a
higher standard than most products. It’s important you do your due diligence
when making a decision.
should I look out for?
good VPN will ensure that no one – even the VPN itself – can see what the user
is doing online. Consider the following qualities:
The most secure VPN services will be transparent
about the measures they have in place to safeguard their users and their
Any VPN worth its salt will offer the latest and
most secure levels of encryption, a wide selection of strong protocols, and a
range of additional security features including kill-switches, split-tunneling,
and Tor compatibility.
Look for features like AES-256 encryption, OpenVPN functionality, and products
that are independently audited by a respected third party. You should also look
for VPNs that accept anonymous payments, incorporate open source software where
appropriate, and have a clear policy for disclosing vulnerabilities.
Some VPNs can suffer from IP and DNS leaks.
These leaks can be seen and collected by your ISP or any other entity that’s
able to access your network. Needless to say, this renders the VPN effectively useless
in terms of protecting your privacy.
Ultimately, a secure service will have several
measures in place to protect user data and will actively offer the most
sophisticated security standards available. Be sure to test your
provider for leaks and ensure that
respected third-parties have validated your provider’s claims of security.
important stages in assessing a VPN. Unfortunately, there are some products on
the market with policies that leave room for improvement.
The best VPNs have ‘zero logs’ policies which,
if implemented properly, will not store any identifying data. However, many
providers use this term with very little substantiating evidence, and it can be
difficult to know with complete certainty whether a provider is logging or not.
Secure VPNs will only log a minimal amount of
basic connection data like bandwidth usage, server load, or server location.
This is used to optimize provision of the service, and can’t be used to
identify a user. Some VPNs, by contrast, have been found to log activity data
including the originating IP address, DNS requests, and even a user’s entire
online history – websites visited, files downloaded, and message contents
To make matters worse, the logging policies of
some providers are often vague or unnecessarily complicated. It’s not uncommon
for some VPN services to avoid directly stating whether their policy applies to
connection logs, activity logs, or both. A provider might advertise ‘zero-logs’
or ‘minimal logs’ for one type of data, but continue to record the other.
It should be clear exactly what type of data your VPN creates and stores during or after a session. Look for VPNs that explain clearly what their logging policy is and VPNs that have a demonstrated history of inability to cooperate with legal data requests for this reason.
Make sure you read your provider’s privacy
policy in full, or consult a third party who can do this research for
Jurisdiction is an important issue that’s often
overlooked. Every VPN provider is bound to local laws and regulations. It’s
crucial that you are aware of these laws and how they might affect your
In theory, if a provider’s logging policy is
watertight, its jurisdiction shouldn’t matter. That being said, any legitimate
VPN provider will have clear procedures for responding to requests from law
enforcement regardless of its logging policy. These procedures, including a warrant
canary, should be publicly available along with any
measures in place to protect user data if a third party were to gain access to
It’s wise to check the country your VPN is based
in, the laws of that country, and the company’s history in terms of cooperation
with law enforcement.
Ownership and Business
VPN services can monetize your data in
unexpected ways. It’s expensive to develop and operate a reliable VPN, and many
services choose to subsidize these costs with income from other channels.
It’s possible that some form of data
collection, sharing, or sale is occurring in order to cover the cost of the
product. Many services also rely heavily on advertising, which is less than
ideal for privacy.
Providers should clearly explain how they make
money and how your financial details are processed. You should be able to
easily tell whether a service runs on user subscriptions alone or if it also
profits from the processing of personal data.
Before buying a subscription or reading a
review, make sure you understand who ultimately owns the VPN service and
whether or not it can be trusted.
You should be able to find the company’s legal
name if it differs from its brand name, along with information on any other
entities that control or invest in the provider’s services. Be sure to find out
if these groups have financial stakes in other VPN products, and if so, whether
they share information between them.
People use VPNs for many different reasons.
Whether you’re picking a service for streaming, torrenting, censorship
circumvention, or strictly for privacy purposes, it’s important to understand
whether your chosen provider offers all the necessary features you need.
Once you have an idea of how your VPN stands up
in terms of technical security, privacy, and business model, it’s worth
considering broader qualities like customer support, speed, and device
Some VPNs offer dedicated servers for specific
streaming platforms, while others can give you a connection specifically
optimized for torrenting. Check the company’s website and third-party reviews
to see if your provider will work with the platforms you need and provide
speeds that are sufficient for your purposes. You can also find out whether its
servers will work in heavily-censored countries.
Check to see if your provider has dedicated apps
for each of your devices. A lack of native support for your tablet, smartphone,
or streaming device means you could risk partial protection and a suboptimal
trust your VPN?
At the most basic level, a trustworthy VPN will
never collect, share, or sell user data without appropriate legal precedent.
Make sure to consider its business model, location, technical security and
questions, it’s probably not worth your time.
sense can save you a lot of trouble. Review your provider’s reputation and
never use a VPN you’re not fully comfortable with. Just like you wouldn’t give
a stranger unrestricted access to your home, you shouldn’t give unfamiliar
applications access to your personal data.
if you’re really concerned about security and performance, you should be using
a VPN that’s independently tested and well-reviewed by unbiased experts.
A good VPN can be seen as an investment in your security, privacy, and freedom – to prevent costly data loss, open up your browsing capabilities, and protect your right to privacy.
Ready to do more? Read The Lazy Person’s Guide to Better Online Privacy.