VPNs (Virtually Private Network) are probably the best way to go for users who are looking for more security and privacy, or need access to country-locked websites. However, even though they all promote security and privacy, there is a lot of difference on how much they can provide — some discreetly have a scam nature.

When choosing a VPN, you should look past the marketing materials and check that their technical and privacy standards are up to par. Knowing a few of the most important factors will help you out a lot in separating the good from the bad.

1.    Strong security protocol


The most basic requirement for a good VPN is that it keeps your data encrypted and secure. The first thing you should check is what protocol the VPN is using to “tunnel” you to their server.

If you are looking for the highest possible security, check for the following OpenVPN specifications: AES-256 encryption; RSA-2048; ECDH-384; or some other form of secure handshake (Google their handshake protocol if you’re not sure); and most importantly, Perfect Forward Secrecy. VPNs may not always go this deep into detailing their protocols on their websites but will usually respond to support messages or emails.

How to check: Many VPN sites list basic security practices on their front page, but you’ll have to dig for details. Look for a “Features” or “Technical Details” page to get a rundown of their practices. If the security protocol isn’t listed there, check the “Help” or “Support” section – some VPNs stay away from techie language to seem user-friendly. If the security protocols aren’t easy to find, though, it may be a red flag – a VPN with good protocols will usually market themselves as such. Regardless, it’s always a good idea to double-check by googling “[VPN Name] security protocol.”

2.    Minimal data logging


Ideally, you should choose a VPN that promises not to record your activity. No logs at all would be nice, but most VPNs keep logs of connection dates, session times, and possibly IP addresses. Aside from the ones that keep IP addresses, that’s really not too invasive. Many VPNs, especially very cheap or free ones, do collect this data and use it for marketing. Now, not only has your data been recorded, but it is being sold off. Try to find a VPN that only keeps connection logs or no logs at all, but double-check their claims with third-party sources if possible.

How to check: VPNs that don’t log will usually make a big deal about it, so a visit to their front page might be enough to know what they record. They will often advertise “no logging” when they are, in fact, using connection logging, though, so find their Terms of Service page and use [Ctrl] + [F] to search for the term “log” or “logging” in that document to see what you’re actually agreeing to. Again, doing some of your own research using a search term like “[VPN name] logging” may get you some third-party input.

3.    Private DNS servers

Your encrypted requests go through a VPN tunnel to the company’s server. The VPN server then sends your request to a DNS server which is basically an Internet phonebook. Exactly where the VPN looks up this information is important. Good VPNs maintain their own DNS servers to ensure that your requests remain completely private. Less-good VPNs just bounce your request back to whatever DNS server you have set as your default, which is usually owned by your ISP. Now your ISP knows what you’re doing, which defeats the purpose of your VPN.

How to check: It may appear in Help/Support documentation, FAQ, or somewhere else on the site. If it’s difficult to find by clicking around, searching [VPN name “DNS”] will turn up any relevant information.

4.    Internet-friendly jurisdiction


Governments with restrictive or intrusive information policies are actively spying on VPN traffic and could be directly monitoring VPNs in their jurisdiction. They can (and have) ordered VPN services to provide unencrypted access to user information. Though any government could be doing this on its own, the main threat is the Orwellian-sounding “Fourteen Eyes.”

The Fourteen Eyes (blue on the map above) are countries that have agreed to share intelligence and conduct surveillance operations with each other. This allows any of these governments to spy on its citizens’ activities in different countries, but it gets worse than that. Constitutionally, most of these governments are not allowed to spy on their citizens, but they can ask another government to do it for them. It’s not spying – it’s sharing!

Choosing a VPN outside of the Fourteen Eyes isn’t vital to your security or privacy, but it provides a little peace of mind. Other countries can be equally bad choices, of course, so if you’re really concerned, look into information on different countries’ surveillance policies.

How to check:  First, check the list of Fourteen Eyes countries. Then, find out which country the VPN is based in – if it is located outside of a Fourteen Eyes country, it will probably be advertised on the front page. If not, check the “Contact” or “FAQ” pages to see if location is mentioned there. Failing that, you can check by searching “[VPN name] location.” If even this doesn’t turn up the VPN’s location, it’s best to assume that it’s in a Fourteen Eyes country and is trying to keep that information on the down-low.

Tags: , ,

This entry was posted by Staff Writer on Wednesday, April 18, 2018 at 4:34:42 AM and is filed under Computer Security & Data Protection.

Leave a Response