How A VPN Can Boost Your Online Security & Privacy
In layman’s terms, a VPN (virtual private network) is used to secure your entire web session, which includes transmitted data, personal information, financial transactions, online traffic, and many other segments of your online presence, which are all appealing to hackers, governments, and marketers.
In order to do that, VPNs have to encrypt your online traffic. You can view encryption as a strongbox of sorts used to store your information. Every strongbox has a lock, so this is where encryption keys come into play. When you see letters and numbers like AES-128 or AES-256, the number indicates the number of bits in your security key. Naturally, the higher the number, the harder it is to “pick” your encryption lock without a key.
Modern cryptology has gone a step further in optimizing your online security with perfect forward secrecy, generating a random secret key per session. In other words, every time you connect to your VPN, the lock on your “strongbox” will have a different key. This ensures that, even if one session gets compromised, the attacker can’t compromise others as well, which makes the acquisition of any past encryption keys rather useless.
Finally, VPNs also obfuscate your real IP and consequently, your real identity and location. VPN providers usually give you a shared IP address used across multiple connections, which lowers the chances of anybody “recognizing” you online and identifying you as an individual. Some of the safest VPNs also offer dedicated IPs, which never change and are more difficult to be recognized and blacklisted by services such as Netflix.
Free VPNs – A Good Idea Or A Security Risk?
Running a VPN service is very expensive. Setting up powerful servers that work non-stop, writing software that allows you to route connections through those servers, and employing skilled individuals to maintain and keep the servers running are just some of the essential parts of operating a VPN service; not to mention the huge bandwidth cost that increases as the number of users goes up.
With that in mind, companies that offer free VPN services have to get their funding someplace else, which brings us to the main problem with free VPNs – if you’re not paying for something, you are the product. In other words, if you’re not paying with money, you’ll be “paying” with your personal information.
Many of the low-quality VPN providers actively seek to exploit you in some way in order to maintain their “free” business model. They can utilize you as a P2P endpoint (or node) and use your bandwidth to support other customers. Alternatively, they can actively “steal” your data and sell it to third parties. As you probably know already, all the big companies like Google or Facebook are “gunning” for your personal info, which they can later sell to advertisers.
Having said that, the prefix “free” has become something of a red flag when it comes to VPNs. If you absolutely cannot afford a paid VPN, we recommend going with free plans offered by reputable providers. They are financed by profits made from premium options, so the companies have no reason to exploit you in order to sustain themselves. Note that these options are somewhat limited in terms of servers, P2P traffic, simultaneous connections available, and other features reserved for paid plans.
Choosing The Safest VPN
Contrary to popular belief, online security and privacy are not the same things. You should keep this in mind when choosing the safest VPN service for your particular needs and preferences. Different VPN providers offer different levels of technical security, ranging from impressive to subpar and inadequate. That is why it is important to know exactly what to look for in a VPN before any money changes hands.
Let’s take a look at what makes a safe VPN:
When you see a VPN company mentioning “military-grade” or “bank-grade” encryption, they refer to AES-256 cipher, which is currently the strongest encryption. It represents an unbreakable barrier between your online data and all sorts of prying eyes looking to interfere with your connection.
Some companies feature AES-128, which only means they use 128-bit keys to encrypt your traffic. Some will say this is a lower level of security, but today’s computers cannot break AES-128 – and your encryption can’t get any better than unbreakable.
This cipher is usually paired with RSA-2048 handshake and SHA-256 authentication, which is an optimal security configuration, according to modern standards. Some companies use RSA-4096 and SHA-512, but they are not really necessary.
Reliable Connection Protocols
When it comes to connection protocols, we wholeheartedly recommend going with a provider that supports OpenVPN. Its inherent encryption offers an optimal level of online security and can protect you from hackers coming from criminal circles, as well as your government.
Keeping this in mind, let’s go over the pros and cons of the most popular connection protocols used by some of the safest VPNs:
|PROs||Can bypass most firewalls, highly configurable, open source, highly secure, compatible with numerous encryption algorithms|
|CONs||Tricky to set up, requires third-party software, needs better support for mobile devices|
|PROs||Fast, easy to set up|
|CONs||Outdated, compromised by the NSA|
|PROs||Usually considered secure, easy to set up, available on all modern operating systems and devices|
|CONs||Most likely compromised by the NSA, slower than OpenVPN, problematic with restrictive firewalls, deliberately weakened by the NSA|
|PROs||Can bypass most firewalls, usually secure (depending on the cipher)|
|CONs||Only works on Windows platforms, Microsoft’s proprietary standard|
|PROs||Very secure, supports numerous ciphers, stable, easy to set up, faster than SSTP, L2TP, and PPTP, supports Blackberry devices|
|CONs||Uses the easily blocked UDP port 500, not open source, tricky implementation at the server end, limited platform support|
OpenVPN is definitely the safest but not the fastest connection protocol. If you’re willing to sacrifice security for speed, you can choose PPTP, for example. PPTP is faster than OpenVPN and just as easy to set up as L2TP, but they are both compromised by the NSA. PPTP is easily blocked and L2TP is often implemented badly and can struggle with restrictive firewalls. L2TP with IPsec authentication (L2TP/IPsec) is usually poorly implemented and uses pre-shared keys. SSTP protocol is pretty secure and can bypass most firewalls but is entirely owned by Microsoft, which brings a whole slew of limitations.
A VPN/Internet kill switch is designed to prevent accidental exposure of your true IP address in case your VPN disconnects for whatever reason. It is just a simple feature written into the software of your chosen VPN created with the purpose of killing your Internet connection if your VPN fails.
If you disable this feature, once your VPN disconnects, your computer will automatically re-establish a regular connection through your ISP and expose your true location to all protocols and websites you are browsing at that moment.
You can view the kill switch as a tripwire that constantly monitors your connection for any IP or status changes. If it detects anything out of the ordinary (like a VPN connection drop), it’ll block your computer’s Internet connection until your VPN comes back online. The software reacts instantly and will never allow your computer to connect to the Internet outside of your safe VPN tunnel.
Protection Against DNS/IP Leaks
First of all, let’s explain the terms “DNS” and “IP” and then we can deal with their respective leak prevention.
DNS stands for “Domain Name System” and represents a framework used by machines with Internet-connecting capabilities to translate domain names into numeric values that machines can “understand” and process.
In other words, thevpnlab.com is the site’s domain name and it allows people to find it on the Internet. This domain name is translated into a numeric form known as an IP (Internet protocol) address, which is required for machines to locate resources online. The job of your Internet service provider is to facilitate this translation.
DNS is basically a database filled with domain names, something like the great phone book of the Internet.
One of the core functionalities of every VPN lies in obfuscating your real IP address while assigning you with a fake one from the region of your choice, although some VPNs do not provide their users with regional IPs.
If your VPN of choice allows your real IP address to “leak out,” it defeats the very purpose of having a VPN in the first place. IP leaks are also known as WebRTC leaks (WebRTC is a framework designed to facilitate online communication). With DNS leaks, your computer will contact your ISP for DNS service instead of your VPN, which is a big no-no if you want to remain anonymous online.
Everything we mentioned so far has been about preserving your online security. A strict no-logging policy is there to ensure your privacy is protected as well.
Only a no-logging policy can prevent your VPN provider from simply handing your data over when requested to do so by a government agency or similar organizations with public authority.
If your chosen company doesn’t keep any logs, it will have no data to hand over – it’s as simple as that. In order to make sure you’re completely protected, it’s a good idea to choose a VPN provider registered in a country without any mandatory data retention laws.
VPN providers can keep two types of logs:
- Connection logs – Your IP address, IP address assigned by your VPN, time stamps (start/end of your VPN sessions + duration), amount of data transferred during each session
- Usage logs – Downloaded files, list of visited websites, protocols/software (Netflix, BitTorrent…)
As you can see, usage logs are much more invasive and dangerous and you should definitely avoid VPN services that keep these logs, no matter how cheap they are.
In order to ensure optimal security and privacy while online, you also have to pay attention to the geographic location of your chosen VPN provider.
Many VPN services are registered in countries with implemented mandatory data retention laws. This means they HAVE to log your personal information and hand it over if requested to do so by the government or some of its agencies. These countries include Italy, Latvia, Malta, Portugal, France, Greece, Estonia, Austria, and others.
Furthermore, you should also pick a VPN service registered outside of the Five Eyes Alliance, which includes the US, New Zealand, Canada, Australia, and the UK. The reported close partners of the Five Eyes Alliance include Israel, British territories overseas, South Korea, Japan, and Singapore.
The Nine Eyes countries include the Five Eyes members, plus France, Denmark, Norway, and the Netherlands. The 14 Eyes treaty also includes Belgium, Germany, Sweden, Italy, and Spain.
Apart from numerous surveillance treaties launched to spy on their citizens, countries like the US, for example, have a pretty extensive legislation that allows the government to obtain information from your VPN provider without you even knowing it.
If you decide to go with a VPN service located in a country with unfavorable legislation, at least make sure the country doesn’t have mandatory data retention laws. Additionally, if a VPN is based in one of the ”Eye countries,” make sure it has a strict zero-logging policy.
Safest VPN Services
We have chosen the safest VPN services that satisfy all of our selection criteria. Now it is time to explore our top picks in greater detail and find out which one is the best fit for you. Read the mini-reviews below, discover the key features of our top-rated safe VPN services, and decide which one is the right match for your needs.
Surfshark offers a neat package that is sure to delight virtually any VPN user. It is conveniently based in the British Virgin Islands, it is incredibly fast and perfect for streaming and torrenting, and most importantly, it provides optimal security and privacy.
The service supports IKEv2 and OpenVPN protocols and uses military-grade AES-256 encryption. It boasts zero-knowledge DNS on all servers, allows for multi-hop connections, and comes with the Camouflage mode designed to trick everyone into thinking that you are not using a VPN, including your ISP. Its killswitch terminates your Internet connection in case your VPN connection drops, preventing undesired leaks. The service also provides dedicated leak protection.
For more good news, its feature suite includes CleanWeb, which allows you to enjoy an ad-free, malware-free, tracker-free online experience. Your activity is never monitored or logged thanks to the strict no-logs policy implemented. To stay completely anonymous, you can pay for your subscription in cryptocurrencies.
Surfshark operates more than 800 high-speed servers in 50+ countries. It offers dedicated apps for Windows, Mac, Android, iOS, Linux, and Amazon Fire TV, it provides browser extensions for Firefox and Chrome, and it can be configured on other devices like game consoles.
Your Surfshark subscription comes with a 30-day money-back guarantee.
NordVPN is an online security provider based in Panama, which is excellent news for all avid VPN users. The company was launched back in 2012 and has amassed an impressive following over the years thanks to its solid server network and reliable services.
Like any VPN, NordVPN may slow down your Internet connection somewhat, but it still offers better speeds than the competition. In other words, you can browse the Internet and stream your favorite online content without any significant slowdowns.
The service is compatible with all major platforms, including Windows, Android, Mac OS X, iOS, and even Linux. You can even use NordVPN on your router (Tomato, Asus, and DD-WRT).
NordVPN offers more than 5,100 servers in 60+ countries and up to 6 simultaneous connections. It supports OpenVPN and IKEv2/IPSec protocols with AES-256 cipher, RSA-2048 handshake, and HMAC SHA-1 authentication. It also features perfect forward secrecy with 3072-bit DHE keys. This is all accompanied by a reliable kill switch and a strict no-logging policy.
The company offers around 3,000 free proxies, static/dynamic shared and dedicated IPs, and an additional layer of protection for increased anonymity.
Romania-based CyberGhost VPN is often regarded as one of the most reliable VPNs currently on the market. In addition to boasting 4,600+ servers in over 60 countries and offering above-average speeds and great performance, this advanced VPN solution does extremely well in the security department.
It uses military-grade 256-bit AES encryption and its default protocol is OpenVPN, which is considered to be the most secure connection protocol in existence. It offers DNS and IPv6 leak protection and comes with an Internet kill-switch that prevents any undesirable leaks in case of sudden disconnections.
Furthermore, CyberGhost is P2P-friendly, allowing you to securely engage in torrenting and other forms of P2P sharing. It offers multiple extra security features, including malware protection, ad-blocker, anti-tracking, WiFi protection, and an advanced anti-fingerprinting system.
Last but not least, CyberGhost boasts a strict no-logging policy. It does not observe, track or keep any kind of logs of your online activity, thus preserving your privacy at all times. On top of that, it allows you to pay with Bitcoin, so you never have to share any sensitive information.
IPVanish is a lightning-fast VPN service with corporate headquarters in Dallas, Texas. The good news is that the US still does not have any mandatory data retention laws and IPVanish does not keep any usage or connection logs whatsoever.
When it comes to VPN connection protocols, IPVanish covers OpenVPN, IKEv2, and L2TP/IPsec. The software encrypts your traffic with AES-256 cipher, RSA-2048 handshake, and HMAC SHA-256 authentication. It also supports DHE-2048 forward secrecy and features an automatic kill switch.
IPVanish currently operates more than 1,400 VPN servers in 75+ locations all over the world and has no limits when it comes to speed or bandwidth. It protects its users against DNS leaks and allows up to 10 simultaneous connections. The software does not come with a free trial, but you have a convenient 30-day money-back guarantee, which should provide plenty of time to give it a proper test run.
VyprVPN is an online security provider founded by Golden Frog, which is one of the biggest, oldest, and most relevant Internet service providers. Its proprietary client is very easy to use, so beginners will have no problems adapting to its features. The list of servers is automatically updated, so you can try out new locations the moment they become available.
VyprVPN offers more than 700 servers spread across 70+ server locations. This is accompanied by 200,000+ shared IP addresses, which makes it borderline impossible for any online service to pinpoint your exact IP address at any given moment. VyprVPN is famous for security and speed, which makes it an excellent choice for streaming and downloading content.
The company supports all relevant platforms, with custom-built software for Windows and Mac. You can enjoy unlimited speeds, bandwidth, and server switching and contact VyprVPN’s 24/7 user support if you ever encounter any problems.
Regarding security, VyprVPN is based in Switzerland, which is one of the few safe havens for VPN users. It uses its proprietary Chameleon technology with 256-bit OpenVPN protocol, but you can also opt for PPTP, IKEv2, Chameleon or L2TP/IPsec. The company provides a reliable kill switch feature, doesn’t log anything that could put you in harm’s way, and even offers a user-exclusive zero-knowledge DNS service, which just goes to prove it is one of the safest VPNs out there.
ExpressVPN is one of the safest VPN providers on the market that has earned its renowned status with incredible speeds and optimal online security. The registration process is pretty simple and straightforward and the client is very intuitive and beginner-friendly.
ExpressVPN provides its users with over 3,000 servers in 90+ countries and 160+ cities. In other words, you can protect your online connection regardless of your current location. You’ll have unlimited bandwidth without any speed restrictions at your disposal, which is especially handy if you download a lot of content on a daily basis.
The service supports all the major platforms, including Windows, Android, Mac, iOS, and Linux. It allows up to 3 simultaneous connections, which also includes virtual machines. You can use ExpressVPN on your router and Blackberry as well.
ExpressVPN supports OpenVPN (UDP, TCP), SSTP, PPTP, and L2TP/IPsec connection protocols. When it comes to encryption, it features AES-256 cipher with RSA-4096 handshake and HMAC SHA-512 authentication, which represents an unbreakable protection barrier. The company keeps no traffic logs, features an auto kill switch, and doesn’t allow any DNS leaks whatsoever.