How to Choose a Good VPN – From Encryption to Speed

VPNs are very popular and we see them everywhere: on TV, on YouTube and in the columns of many websites and newspapers (high-tech or not), highlighting attractive promotional offers and hints to choose a good VPN provider. However, if the consumers that we are often have the reflex to focus on the price of the service, this is obviously not all that matters. If it’s privacy and security you’re really looking for, make sure you compare the right criteria before choosing one VPN over another.

“Zero-log service“, “Kill Switch function“, “Multi-device protection”: the security options advanced by VPN services are legion. Beyond the marketing aspect, it is important to understand these features and some security notions in order to choose the provider and the subscription best suited to your privacy requirements and online browsing habits.

The questions answered in this article come up regularly in online forums and comments. We wanted to give everyone a better understanding of the essentials of a good VPN service: from the correct location of the VPN provider (according to the laws that apply to the country where the company is domiciled) to the non-preservation of logs, and of course the importance of encrypting the connection and traffic data. If you are looking for a VPN service that is well positioned on all the following criteria, we recommend the VPNs that occupy the podium of our ranking of the best VPNs: CyberGhost, NordVPN and ExpressVPN

How to choose a good VPN provider?

In which country is the VPN provider based?

Before choosing a VPN provider, it can be interesting to look at the company that publishes the service to know more about its transparency policy, but not only. Indeed, the location of the company, and more precisely the country where its head office is located, is an important aspect to take into account if you want to know more about the laws it depends on, and thus judge the security level of its privacy policy. The laws we are interested in here mainly concern the monitoring, storage and collection of personal data by the VPN provider, including the activity logs of the VPN service users.

In Europe, the General Data Protection Regulation (GDPR) ensures a European policy and framework for the free access and modification of personal data by users. European VPN providers are thus subject to the rules of the GDPR while some non-European VPN providers choose to adhere to it in order to ensure better transparency for their users. Ideal to “encourage” the non retention of connection and online activity logs, this European regulation does not concern the collection of data for judicial purposes which is the responsibility of each member state.

Among the strictest European countries in this regard is the United Kingdom and its Investigatory Powers Act, known as the Snoopers’ Charter by its critics, which requires British web players to keep a browsing history of their users for one year.

In some countries like the United States, VPN providers that keep activity logs must provide them to authorities upon request to avoid prosecution and penalties under the Digital Millennium Copyright Act. However, the United States has no law requiring providers to automatically retain user logs. This paradox explains why Private Internet Access (PIA) has twice been able to beat the FBI and the American justice system to provide its logs, thus proving its strict compliance with its policy of not logging user data.

In short, the location of the VPN provider’s headquarters is an essential piece of information to know more about the privacy and data retention practices of the VPN service. To find out which jurisdiction a company is based in, simply go to the VPN provider’s website of choice and check the terms of use. A more delicate step is to find out about the laws in force in the country concerned regarding data retention, censorship on the web and, more generally, international surveillance agreements.

By following this method, it is easier to find the country where VPN providers like NordVPN, based in Panama, are headquartered, a country whose rules do not impose data retention or consultation of user data. The same goes for other VPN services like CyberGhost and ExpressVPN, respectively located in Romania or the British Virgin Islands, countries known for their legislative framework that is favorable to online anonymity.

To find out more about the online freedoms granted to citizens depending on the country in which they reside, just consult the data and reports of various organizations such as OpenNet Initiative, and Freedom House .

Finally, the laws in force in each country are the best sources to learn more about the data collection and processing policy applied by one’s VPN provider.

Data retention policy

As mentioned above, some VPN companies keep records of their users’ activities under the pretext of providing them with tailored services. However, for the sake of privacy and security, a good VPN provider should not use or keep any logs, since they may contain sensitive information about the connection and usage data of the VPN service.

VPN connection logs contain the user’s contact information, IP address, connection dates and times, amount of data transferred and the VPN servers used. Usage logs are much more intrusive and provide a complete list of websites visited, files downloaded using the VPN client used.

These logs go against the principles of confidentiality, transparency, security and anonymity that VPN service users hold dear. It is therefore essential to choose a provider that provides the assurance of not keeping any activity logs.

Among the proofs of honesty that VPN companies can provide are security audit reports conducted by independent firms. These audits, commissioned by VPN providers, aim to verify the security of the infrastructure as well as the configuration of the VPN’s services and servers in order to confirm, or not, the no-log policy displayed by the company.

Most major VPN providers easily play the audit game. In 2019 and 2020, both ExpressVPN and NordVPN had their no-log policies tested by PricewaterhouseCoopers (PwC).

Smaller VPN services are also agreeing to have their network infrastructure audited, like VyprVPN, which in 2018 worked closely with Leviathan Security Group to thoroughly review its service and ensure servers with no data recording or retention.

How is the data encrypted?

Simplified as much as possible, encryption is a security method for making data unreadable; scrambled with an encryption algorithm and key, it can only be decrypted with the correct key. With a VPN service, encryption secures the data that passes through the VPN tunnel to ensure that no one can exploit it.

This protects your data from, for example:

• From cybercriminals looking to get their hands on sensitive data like payment methods, bank account details or login credentials. Encryption comes in handy to protect against intrusion, especially on public Wi-Fi networks that are considered dangerous.
• Advertisers who flood us with personalized ads, collect browsing data and track users online in order to sell their data.
• Countries that impose censorship, restrict access to social networks, international media or online download sites.
• Legal measures such as DMCA in the United States that can lead to prosecution and penalties for users who download copyrighted files.
• Internet service providers that impose bandwidth limits depending on usage. Encryption allows to hide online activity and to browse the web incognito.

Encryption keys and protocols

Among the standards regularly cited in encryption, encryption keys are important because they determine the complexity, and therefore the level of security, of the encryption/decryption process.

Adopted by governments and the cybersecurity community, the AES 256-bit encryption standard represents one of the best protections against brute force attacks and decryption attempts. Note here that it is used by the most popular VPN providers on the market.

Quality VPNs also offer different VPN protocols to choose from depending on the user’s needs in terms of throughput and security. Some of the most popular protocols include OpenVPN (UDP and TCP), IKEv2, L2TP – IPSec, or WireGuard. It is usually enough to go to the settings to switch from one protocol to another.

Some VPN providers even develop and deploy their own tunneling protocol in their service. Examples include NordLynx for NordVPN, Lightway for ExpressVPN, Chameleon for VyprVPN, StealthVPN for Astrill or Mimic for Avast Secureline.

Double VPN, double privacy?

Dual VPN, also called cascading VPN or multi-hop, is one of the features popularized by NordVPN, now available from other VPN providers like Surfshark, IPVanish, AtlasVPN, or PureVPN, which allows to go through a first VPN server, then a second one, before the traffic reaches the destination web server. It adds a new layer of security and privacy by improving the user’s anonymity, like Tor nodes.

Among the advantages, the cascaded VPN allows to double the encryption of the data which benefits from an additional layer of security. This makes it more difficult, if not impossible, for intruders to gain access. On NordVPN, this function allows you to mix UDP and TCP protocols for an increased security. The IP address is also masked from governments and ISPs to bypass censorship and widespread surveillance in some countries.

This feature will be appreciated by certain professions that seek to protect their sources and communications, as well as by industrialists regularly confronted with phishing and espionage attempts. It should also be noted that a cascaded VPN increases security drastically, but can impact the connection speed depending on the VPN servers chosen

How many devices can be used simultaneously?

If the previous criteria are met, the choice of a VPN service can also be based on the compatible platforms and especially on the number of devices covered by the type of subscription offered by each provider. Having a VPN on each device connected at home or during travels allows to protect oneself and to browse anonymously in many situations: when traveling abroad, on public wireless networks and on various connected devices at home.

A quality VPN service offers applications and configurations for a number of platforms such as Windows, macOS and Linux computers, Android and iOS tablets and smartphones, as well as devices such as connected TVs, the Raspberry Pi, devices running Android TV and various routers

As for multi-device coverage, the number of devices protected with a single account ranges from 3 devices to an unlimited number of simultaneous connections. For example, CyberGhost protects up to 7 devices at a time, NordVPN, 6 devices, Private Internet Access (PIA), ExpressVPN and HMA, 10 devices, Surfshark, an unlimited number.

How many servers are available?

With 2,000, 3,000 or even 5,000 servers making up their connection network, VPN providers often stand out for the number of servers they offer and the countries covered by their subscription. The choice of a virtual location can be motivated by several reasons. The main one being to choose a specific VPN server according to your needs: to view the Netflix US streaming catalog, to connect to foreign websites or to view geo-blocked content.

In order to choose the right VPN provider, it is important to identify your needs and the most important servers. Generally speaking, it is advisable to choose a provider that provides coverage of all regions of the world, namely Europe, North and South America, Africa, Asia and the Middle East.

VPNs are also distinguished by the specific servers according to the type of use. For anonymous browsing, there is no need to choose a specific VPN server, but when it comes to downloading torrents or browsing streaming sites, the choice becomes more complicated. To be sure to subscribe to one of the best VPNs for Netflix and streaming, users need to know if a provider has a network of servers optimized for SVOD, i.e. capable of unblocking foreign catalogs of international platforms like Netflix. A network of servers dedicated to downloading torrent files, or a network of servers that are multi-hop compatible, contribute to strengthening the security of VPN users’ data.

If the choice of VPN server location is not a priority, the presence of an automatic connection will be very practical. Indeed, the geographical location of a VPN server as close as possible to the user ensures optimal connection speed. The automatic connection function allows you to find the best location, an essential option for beginners and/or occasional users.

What are the upload/download speeds?

Various features mentioned in this article can affect the VPN connection speed depending on the physical distance between the user and the chosen VPN server, the VPN protocol used, or the quality and security level of the encryption applied to the data. Note that wired Internet connections will be less affected than mobile network connections or more modest connections (ADSL, low speed, etc.).

Before choosing one VPN service over another, the user should of course make sure that the VPN provider he is interested in does not impose a bandwidth limit. Another important aspect is to choose VPN servers that are geographically close to the user’s physical location.

The server load can also impact the connection speed. If a VPN server is overloaded, the connection speed of each client tends to decrease. Overloading issues are quite common with free VPN service providers or those offering a freemium version of their paid subscription. To solve this type of inconvenience, paid VPNs usually deploy a network of servers in the same country or even in the same city.

The kill switch, it’s au-to-ma-tic!

The kill switch, which could be translated as “emergency stop”, is part of the list of essential security features that every good VPN must offer. This function blocks access to the Internet when it is impossible to connect or reconnect to a VPN server after the service has been dropped. This is to prevent data leakage outside the VPN tunnel and to prevent one’s device from accessing the public Internet in case of accidental VPN disconnection.

VPN disconnections can occur for several reasons. The first one is usually the instability of the Internet connection. A weak Wi-Fi signal or frequent disconnections can cause VPN connection problems. In the same field, the kill switch comes in handy when the user switches from one Internet connection to another, from Wi-Fi to a mobile connection for example. System or software updates can also interrupt the Internet connection.

For all these reasons, a kill switch can be used to cut off any connection to the Internet and ensure that personal data and online activities remain safe from hackers, censors and to bypass many geographical restrictions.

Payment in crypto-currency

Using a VPN service can be tricky in some countries that impose censorship and enforce laws that may even prohibit or punish the use of VPN.

In most cases, countries directly enforce restrictions on the distribution, promotion and use of VPNs and services like Tor. These include Belarus, China, Iran, Iraq, North Korea, Oman, Russia, Turkey, Turkmenistan and the United Arab Emirates.

Whether it is a radical ban, a restriction of VPN providers or heavy sanctions, some states are putting in place a legal and technological arsenal to control the use of VPNs on their territory. In this context, it can be wise to acquire a VPN in complete discretion and this can start from its purchase which can then be made in cryptocurrency. This payment method offers the advantages of preserving the complete anonymity of VPN users and securing their purchases.

Of course the price of a VPN with all these criteria may be high, but your privacy is priceless.