The best VPN providers enable users to complete numerous tasks that are often impossible without the technology. Most services enable you to stream geographically restricted content, and all of them should provide an extra layer of privacy and anonymity, but what makes a truly secure VPN?
In this article we’ll run through the key attributes that make a VPN secure. Use it to decide which VPN will best provide the security you need when browsing the internet, whether in the comfort of your own home and Wi-Fi router, or on the go using public Wi-Fi networks.
- Want more viewing variety? Here's how to change region on Netflix
Is there a no-logging policy in place?
One key element of security you need to consider when deciding on a VPN is how much information the VPN provider collects. To find your answer, what you should be looking for is a comprehensive no-logging policy.
Essentially, this will tell you in no uncertain terms that your VPN service does not collect any information that you broadcast on the network. This information could include personally identifiable information (PII), download data, search history, or any other sensitive information you don't want to share.
What is the level of encryption and which protocols are available?
A VPN encrypts your internet traffic, making it almost impossible for cyber criminals to decipher, even if they do somehow intercept it. Most VPN providers use the well-known and highly-secure AES-256 encryption as standard
However, encryption is just one part of the suite of security features used by VPN providers to safeguard your web traffic. There are other processes involved, but they all fall under the umbrella of good security practice.
OpenVPN is still widely regarded as the most secure VPN protocol and is used by almost all VPN providers, but the recently launched WireGuard is also proving very popular too. OpenVPN uses a custom security protocol that provides a better combination of speed and security than earlier alternatives. And, although WireGuard is generally considered faster, OpenVPN is still more widely used.
Some providers like Hotspot Shield have developed their own protocols – in Hotspot Shield’s case, the Catapult Hydra protocol – and these have pros and cons. Some prioritize speed over security, and a number aren’t open source. However, the new wave of in-house protocols are largely based on WireGuard, and if you want to learn more, check out is WireGuard secure.
Does it have a kill switch?
One of the most important security features on a VPN is its kill switch. This essential function means that if your VPN loses its connection, your browsing session will be terminated. Or, some VPNs will instead cancel predetermined programs or sites that you don't want to access without VPN protection. If you continue browsing without VPN protection, your internet traffic could be intercepted.
In short, if you are looking for a VPN with top-notch security features and one of the options you're considering doesn't have a kill switch, ignore it. You’re far better off choosing a similar alternative with this feature in place.
Is your IP address truly safe?
To gauge the reliability and security of your VPN provider, you should do some digging and find out whether or not it has a history of vulnerability – in particular, whether any IP address leaks have occurred.
Masking your IP address is the top priority of a VPN service, so when this is breached and your IP address is leaked, the platform is essentially failing. The best VPN providers, like ExpressVPN, use Perfect Forward Secrecy (PFS), a technique where new privacy keys are created every time you start a VPN-enabled browsing session so even if your traffic is somehow decoded it couldn’t be used to access past or future data. Your key will also be changed at intervals during use to ensure maximum safety.
Standard encryption models use a single privacy, or private encryption, key that is used to decrypt all data both current and historic. If an attacker is able to obtain access to this key they can potentially harvest a great deal more information.
Another feature to look out for is IPv6 leak protection. Although IPv6 is more secure than the previous generation of IP addresses, namely IPv4, it is still vulnerable.
Some VPNs fail to detect IPv6 traffic because it is unsupported by many websites, and as a result, a DNS request may be made outside of the VPN. IPv6 leak protection counteracts this by disabling IPv6 traffic during a VPN session.
Although VPN technology has many functions, many users turn to it for the security it provides. The thing is, not every provider offers the same level of protection. Many will choose to focus on streaming and torrenting features, and the highest levels of security could well be a secondary thought.
If security is your priority, before you choose a provider, use this article as a checklist. If the service you have in mind doesn’t tick all the boxes, then opt for another. Lots of people may want to try out a free VPN before committing to a paid plan. If you do decide to go down this route, be aware that most free services don’t offer close to the level of protection you’ll receive from a paid-for provider.
What do we recommend?
ExpressVPN stands out from the competition in terms of price, features, and value. With servers in nearly 100 countries, all the security features we mention above, blazing connection speeds, and reliable access to multiple streaming services, ExpressVPN is an excellent choice for those after security with no compromises.
While some users may prefer certain features of other top VPNs, it’s the best overall option for most users – and now Tom’s Guide readers can claim three months absolutely free (opens in new tab).