If you’ve ever found yourself in need of some extra privacy, security, or access to country-locked websites, you’ve probably considered getting a VPN (Virtual Private Network). Unfortunately, while they all advertise privacy and security, there is a lot of variance in how much they actually provide – and some are just outright scams.
When choosing a VPN, you should look past the marketing materials and check that their technical and privacy standards are up to par. Knowing a few of the most important factors will help you out a lot in separating the good from the bad.
1. Strong security protocols
The most basic requirement for a good VPN is that it keeps your data encrypted and secure. The first thing you should check is what protocol the VPN is using to “tunnel” you to their server. Though there are several in use, OpenVPN is generally regarded as the best. It uses strong encryption and is open source, meaning there are no backdoors for governments or other entities to exploit. L2TP, IKEv2, and SSTP are all decent standards, and many VPNs support these in addition to OpenVPN, but if you see one that uses only PPTP, run for the hills.
If you are looking for the highest possible security, check for the following OpenVPN specifications: AES-256 encryption; RSA-2048; ECDH-384; or some other form of secure handshake (Google their handshake protocol if you’re not sure); and most importantly, Perfect Forward Secrecy. VPNs may not always go this deep into detailing their protocols on their websites but will usually respond to support messages or emails.
How to find out: Many VPN sites list basic security practices on their front page, but you’ll have to dig for details. Look for a “Features” or “Technical Details” page to get a rundown of their practices. If the security protocol isn’t listed there, check the “Help” or “Support” section – some VPNs stay away from techie language to seem user-friendly. If the security protocols aren’t easy to find, though, it may be a red flag – a VPN with good protocols will usually market themselves as such. Regardless, it’s always a good idea to double-check by googling “[VPN Name] security protocol.“
2. Minimal data logging
Ideally, you should choose a VPN that promises not to record your activity. No logs at all would be nice, but most VPNs keep logs of connection dates, session times, and possibly IP addresses. Aside from the ones that keep IP addresses, that’s really not too invasive.
What is invasive is keeping a usage log, which can include the sites you visited, files you downloaded, what software you were using, etc. Many VPNs, especially very cheap or free ones, do collect this data and use it for marketing. Now, not only has your data been recorded, but it is being sold off. Try to find a VPN that only keeps connection logs or no logs at all, but double-check their claims with third-party sources if possible.
How to find out: VPNs that don’t log will usually make a big deal about it, so a visit to their front page might be enough to know what they record. They will often advertise “no logging” when they are, in fact, using connection logging, though, so find their Terms of Service page and use Ctrl + f to search for the term “log” or “logging” in that document to see what you’re actually agreeing to. Again, doing some of your own research using a search term like “[VPN name] logging” may get you some third-party input.
3. Private DNS servers
Your encrypted requests go through a VPN tunnel to the company’s server. The VPN server then sends your request to a DNS server which is basically an Internet phonebook. It takes your alphanumeric characters (maketecheasier.com), matches it with an address (220.127.116.11), and sends you over to that site.
Exactly where the VPN looks up this information is important. Good VPNs maintain their own DNS servers to ensure that your requests remain completely private. Less-good VPNs just bounce your request back to whatever DNS server you have set as your default, which is usually owned by your ISP. Now your ISP knows what you’re doing, which defeats the purpose of your VPN.
The bottom line: make sure your VPN uses private DNS servers or has some sort of anti-leak protection built into their service. Even better, change the DNS server on your computer or router to a more secure alternative, like OpenDNS. It’s often more secure, private, and reliable than your ISP anyway.
How to find out: This is a much more technical issue, so it won’t generally be included on a website’s front page or even in their list of main features. It may appear in Help/Support documentation, FAQ, or somewhere else on the site. If it’s difficult to find by clicking around, searching [VPN name “DNS”] will turn up any relevant information.
4. Internet-friendly jurisdiction
Governments with restrictive or intrusive information policies are actively spying on VPN traffic and could be directly monitoring VPNs in their jurisdiction. They can (and have) ordered VPN services to provide unencrypted access to user information. Though any government could be doing this on its own, the main threat is the Orwellian-sounding “Fourteen Eyes.”
The Fourteen Eyes (blue on the map above) are countries that have agreed to share intelligence and conduct surveillance operations with each other. This allows any of these governments to spy on its citizens’ activities in different countries, but it gets worse than that. Constitutionally, most of these governments are not allowed to spy on their citizens, but they can ask another government to do it for them. It’s not spying – it’s sharing!
Choosing a VPN outside of the Fourteen Eyes isn’t vital to your security or privacy, but it provides a little peace of mind. Other countries can be equally bad choices, of course, so if you’re really concerned, look into information on different countries’ surveillance policies.
How to find out: First, check the list of Fourteen Eyes countries. Then, find out which country the VPN is based in – if it is located outside of a Fourteen Eyes country, it will probably be advertised on the front page. If not, check the “Contact” or “FAQ” pages to see if location is mentioned there. Failing that, you can check by searching “[VPN name] location.” If even this doesn’t turn up the VPN’s location, it’s best to assume that it’s in a Fourteen Eyes country and is trying to keep that information on the down-low.
VPNs are a fantastic way to upgrade your privacy and security, avoid censorship, and watch Netflix in other countries. If you are serious about keeping your data safe, look for VPNs that use high-grade encryption, don’t keep logs, maintain their own DNS, and are in a country with strong privacy laws. If you are really, really serious about privacy, use a VPN in conjunction with Tor, a program that bounces your traffic around several different servers to hide your identity.
To get started, you can make use of this spreadsheet (courtesy of the Reddit community) to start your research, as it contains all the information regarding various VPN services, like area of jurisdiction, no logging policy, speed, etc.
Image Credit: Jeremy Campbell at dnsleaktest.com, JayCoop via Wikimedia Commons
Our latest tutorials delivered straight to your inbox