The following is a guest post by Emily Walsh.
Besides using a VPN to unblock online content, you also likely use it to enjoy better online privacy. After all, it encrypts your data, so you should be safe when you’re surfing the web, right?
That’s true, but here’s a question – how do you actually know the VPN properly protects your privacy?
We don’t want to worry you, but not all VPNs are fully secure. Which is why we’ll show you how you can easily tell if a VPN is trustworthy. If you’re in a hurry, feel free to skip to ProPrivacy’s list of the most secure VPNs available.
How Can a VPN Compromise Your Data?
- The provider could sell your data to advertisers behind your back.
- The VPN could sell your bandwidth, making you part of a botnet.
- The VPN provider could share your data with the authorities.
- The VPN might be poorly configured and leak your data.
- The provider could say they’re log-free, but they unknowingly use a data center that keeps logs.
And since skilled hackers nowadays could remotely take over your computer by just knowing your IP address, you can’t really afford to use a VPN that neglects your security.
5 Signs a VPN Takes Security Seriously
Based on our experience and research, this is how you can tell a VPN will keep you safe online:
1. They Don’t Keep Logs
You’re using a VPN to stop your ISP, surveillance agencies, hackers, and advertisers from knowing what you do online.
So why should the VPN be able to monitor your browsing? That kind of defeats the purpose of using one, really.
And we’re not just talking about usage logs (the ones that show what you with the VPN). We’re also talking about connection logs. True, many VPNs use them for troubleshooting, but they can still put your privacy at risk.
Because, sometimes, connection logs can contain your IP address.
The only way you know for sure a VPN isn’t spying on you is if it doesn’t keep any logs.
“How do you know they don’t keep logs, though?” we can hear you thinking.
Pretty simple – you check if the VPN has been audited by independent third parties. Or if there are any court documents from an investigation proving the service doesn’t keep any logs. Or if the provider had servers seized by the authorities and they weren’t able to find anything on them.
That’s how you can tell the service is trustworthy.
2. They Offer Secure Protocols & Powerful Encryption
If the provider forces you to only use PPTP, SSTP, and L2TP/IPSec, that’s a red flag. The NSA can crack PPTP encryption, and many people believe L2TP/IPSec can be compromised too.
And while SSTP is generally considered secure, keep in mind it’s closed-source and Microsoft owns it – the very same company that was previously accused of giving the NSA access to encrypted messages. Also, don’t forget Microsoft was the first company to join the NSA’s PRISM surveillance program.
If you can use OpenVPN on top of those protocols, though, that’s good news. OpenVPN continues to be considered the most secure VPN protocol. SoftEther and IKEv2 are also pretty decent. WireGuard too – just make sure the provider configured it properly.
As for encryption, AES is usually the standard. As long as the provider uses AES-128 or AES-256, you should be safe.
3. They Run Encrypted DNS Servers
A VPN shouldn’t just encrypt your data, but your DNS requests too. If you’re not sure what they are, they’re the queries your browsers sends to DNS servers when you want to access a website. Their role is to find out what the website’s IP address is, so that the connection can be successful.
Well, if a VPN doesn’t have their own DNS servers that encrypt those queries, there’s a risk you might be exposed to man-in-the-middle (MITM) DNS attacks and DNS filtering. Also, you might continue using your ISP’s DNS server, so they’ll be able to see your web browsing even though you’re using a VPN.
4. They’re Leak-Proof
If a VPN is leaking, that means your IP address or other data aren’t going through the encrypted VPN tunnel. So websites can see your real IP address, and your ISP knows what sites you visit.
Unfortunately, there’s no alert that tells you when the VPN is leaking. You’ll have to test the connection instead. Luckily, doing that isn’t hard:
- Use this tool without the VPN and take a screenshot of the results.
- Connect to a VPN server.
- Use the tool again.
- Compare the results with the ones from the screenshot. If you see your original IP or DNS address, you’re dealing with a leak.
Oh, and bonus points if the provider offers built-in leak protection against DNS, WebRTC, and IPv6 leaks. It’s nice for peace of mind.
5. They Have a Kill Switch
This is a feature that shuts down your Internet access when your VPN connection goes down. It’s not abnormal for that to happen, but when it does happen, your data will be exposed.
A Kill Switch makes sure your privacy isn’t at risk when the VPN has connectivity issues. Overall, it’s a nice fail-safe.
Have a Hard Time Finding a VPN That Meets Those Requirements?
It’s not surprising. There are hundreds of VPNs on the market, so finding the right one is a ton of work.
Don’t worry, though – we’ve got your back. Our friends over at ProPrivacy have an excellent guide to the most secure VPNs available. It has all the information you need to make a smart decision.
What Else Do You Look for in a Secure VPN?
What other requirements do you think a VPN needs to meet to be eligible for the “secure” title?
Tell us all about them in the comments or on social media. Also, if you had any experiences with VPNs that put your data at risk, please let us know.