What should I consider when choosing a VPN?

A short introduction to VPNs

A VPN, aka Virtual Private Network, is a tool that allows users to securely access the internet and protect their personal information. It creates a secure, encrypted “tunnel” between the user’s device and the Internet through which all Internet traffic flows.

VPNs are necessary for everyone’s privacy because they help protect us from a number of both possible and impossible online threats. For example, a VPN can protect users from hackers who may try to steal personal information such as login credentials or financial data. They can also protect users from government monitoring, which is increasingly common in many countries. In addition, VPNs can help users access content that may be blocked in their country, such as streaming services like Netflix or social media sites like Facebook.

Where to find privacy

In order for a VPN to be purposeful and protect its users from online threats, it should first and foremost provide a good level of privacy. But what all should we consider when it comes to VPNs if we want to be truly private?

Of course, there are a myriad of complex parameters we need to take into account when considering privacy. And yet, even after taking them all into account, we still come to the conclusion that the “best” VPN is the one that suits you. However, let’s think logically and unbiasedly about what all we should take into account when choosing our VPN. Let’s also take a look at how all the VPNs on the market meet our privacy parameters (and to what extent).

Well, we probably don’t need to tell you that there are a lot of VPNs on the market. However, if I were to personally choose the one and only right and private one, I would remember to take the following steps into consideration:

Since there are so many VPNs, it would be logical if I didn’t jump on the first one recommended by some shitty youtuber or shitty government employee.

A VPN is something that all my internet traffic, and therefore my online privacy, will depend on. So you need to be particularly careful about its quality and reputation.

By the same logic, saving money at all costs is not the best idea either. Using an economical VPN may save you money in the short term, but it can put your personal data at risk. Many low-cost VPNs may not have the same security and privacy standards as more expensive alternatives, and could potentially sell your data to third parties or expose you to cyberattacks.

In addition, a low-cost VPN may not have the same level of technical support and troubleshooting capabilities as a higher-quality VPN. It’s therefore particularly important to consider the long-term benefits of investing in a high-standard VPN, rather than just the initial cost of buying one.

Huge numbers of VPNs are based on OpenVPN or WireGuard protocols, which means you’re able to use these particular protocols with more or less any decent VPN. However, open protocol isn’t enough for privacy.

VPNs may use nice and lovely open protocol, but they don’t have to be open by themselves, and they can run a lot of trackers and all sorts of crazy stuff (cough cough, NordVPN, cough cough).

So if we were to make a list of usable VPNs, I’d certainly like to exclude all the pofidery crap and consider choosing the following clients, which at the time of this writing I consider to be the current leaders in high standard open technologies (we’ll get to each of them specifically):

  • PIA
  • Mullvad
  • *Orbot
  • IVPN
  • ProtonVPN
  • RiseupVPN

The specific approach to this step is a bit more dependent on each of our personal preferences, but I will try to be objective about it. Privacy is a very deep rabbit hole and we can find a huge number of pitfalls and confusions in it. And that goes even beyond the field of protocols, transparency, and visible trackers. Privacy also extends to the physical world, which includes governments, their policies and their agreements.

We certainly won’t do anything wrong if we check the privacy level of our preferred VPN multiple times, taking into account all the potential threats that may be lurking.

So let’s take a look at our list of open-source and trusted VPNs and eliminate what doesn’t serve our purposes.

PIA

PIA is something that I would eliminate first of all open-source VPNs.

Private Internet Access (PIA) is one of the most popular online security tools among experts. With it, you not only get basic security features like advanced encryption or a working kill switch, but also additional features like browser extensions and ad blocking.

However, I personally dislike PIA for two reasons.

The first is that PIA is directly responsible for a huge number of fake smear campaigns against their competitors, most notably ProtonVPN and NordVPN.

Of course, ethical issues regarding smear campaigns don’t necessarily bother everyone. However, the second reason for my dislike of PIA is a bit more serious, not in terms of ethics, but in terms of privacy. After all, PIA is a US-based VPN.

Those who are familiar with internet security laws know that using a VPN in the US is complicated. On the one hand, PIA does not keep any logs. As far as we know, it has never had a problem with data leakage before, and it looks like its zero-logging policy is really working.

However, things could get a little complicated here. The US government can impose a gag order on PIA since it is located on US territory. This means that the US government can force PIA to start collecting data on its users without ever telling them (that’s why it’s called a gag order). After all, the United States is part of the Five Eyes association.

Again, so far there have been no reports of PIA leaking data in any way, shape or form. However, we really don’t know the truth and there is no guarantee that the PIA and the US government are not exchanging data kind of ‘behind the back’ and, more importantly, ‘behind the charade of the courts’.

As crazy as this sounds as a conspiracy theory, there is nothing actually stopping the US government from doing this.

Among other things, the PIA has also released its own blog post about not using “warrant canary” (a way for a service to discreetly send a signal that it has received a warrant in order to get information about its users), which would sort of solve this Schroedinger’s courtroom charade problem. PIA argues that warrant canary solves a “Wrong Problem” because for PIA to use warrant canary, it would first have to collect any logs at all 🙂

Well, VPNs are based on trust. I personally don’t trust PIA.

From our list, we are left with Mullvad, *Orbot, IVPN, ProtonVPN, RiseupVPN. All of these VPNs don’t log, are open-source, and are very trustworthy. Plus, all of them are extremely easy to set up and you don’t need to fiddle with developer-level protocols with them.

However, let’s also take a look at other important features, such as functionality for users.

*Orbot

Orbot is a free and open-source software application for Android devices that gives users greater privacy and security when using the internet. It is a proxy application that uses the Tor network (The Onion Router) to encrypt Internet traffic and hide the user’s IP address, making it difficult for third parties to track the user’s online activities.

Orbot allows users to access the Internet safely, anonymously and uncensored, and is particularly useful for people living in countries with strict Internet censorship or surveillance laws. In addition, it can be used in conjunction with other applications that support the SOCKS proxy protocol, such as the Orfox browser, to enhance security and privacy when using such applications.

Most importantly, Orbot is based solely on tunneling all of your web traffic through Tor. It’s not a VPN (hence the asterisk). However, it does support the use of a so-called “VPN slot,” which creates a VPN connection on your device that reroutes your web traffic through the Tor network before it ever reaches its destination. This provides an extra layer of encryption and anonymity, making it even harder for third parties to track your online activities.

Because of Tor, Orbot is incredibly slow and also, it only works only on Android. Thus, Orbot is not something I would use as a main VPN for my device, but it can be an interesting and sufficiently trustworthy backup.

Orbot and „VPN Mode“

RiseupVPN

RiseupVPN is based on OpenVPN, which is widely considered to be one of the most secure and reliable VPN protocols available.

Riseup is probably the most unique VPN on our list because it’s absolutely free and requires no registration. All you have to do is open F-Droid (open-source app store), install the app and connect.

RiseupVPN is run by a collective of activists who are committed to protecting the privacy and free speech rights of internet users. They do not log user activity, so they cannot provide data to third parties. RiseupVPN is also unique in that it is designed to be used by activists, journalists and others who are at risk of surveillance or censorship.

Additionally, Riseup runs on the Leap project, which seeks to make the server side of VPNs more transparent. This is something very rare and beautiful.

On the other hand, RiseupVPN doesn’t have clients for all devices, and for me personally, it’s incredibly slow to the point of being unusable. Thus, Riseup loses the functionality discipline just like Orbot. Unfortunately, whether we want it or not, the problem with VPNs is usually that if the VPN is free, it will also be “non-functional”.

A couple of unusable RiseupVPN servers 🙂

Finally, we were left with ProtonVPN, Mullvad and IVPN from our list. I consider all of these services to be high quality and would personally be satisfied with any of them. However, let’s break down their specifics in a bit more detail.

Proton VPN

Intro

Proton VPN has plenty of features to protect your privacy and security. For example, its kill switch works quickly and will cut your connection in case of a network failure to ensure your online information stays protected.

Another big plus of Proton is the number of servers available around the world. Proton’s subscribers have access to more than 1,800 servers in 64 countries. You can choose to let Proton VPN automatically connect you to the first available server, or you can manually select one.

If you have more than one device, Proton allows you to use your VPN on 10 of them at the same time. Plus, all users, regardless of which subscription plan they choose, get unlimited bandwidth. This means you can use Proton for as long and as often as you want, and there will never be any slowdowns due to running out of your monthly data limit.

One of Proton VPN’s biggest advantages besides privacy is the ability to access geo-blocked streaming services. Netflix, Amazon Prime Video, Hulu, BBC iPlayer and other services can be unblocked – although this is only available in the paid version.

Unfortunately, the big downside of Proton VPN, from my perspective, is its speed. I’ve had much better experiences with the other two VPNs on the list on the speed field.

Proton’s prices are higher when it comes to the full-featured Plus plan – which, let’s be honest, is the one to go for.

Desktop interface for ProtonVPN

Privacy

During my last testing, I was researching how well Proton VPN detects trackers and blocks them. Using NetSuite, a reliable malware and ad blocking program, Proton VPN stopped the most trackers out of approximately 20 different VPNs I tested.

I also checked Proton’s website to see if the company itself uses trackers, and I was pleased to find that no trackers are used on the website or Android app.

Proton VPN is based in Switzerland, which automatically gives the service a leg up on most of its competitors. This country is known for its very strict privacy laws, it is not under the jurisdiction of the US or the EU, and moreover, it is not a member of the “14 Eyes” alliance.

Proton VPN’s non-logging statement is comprehensive, and this is reflected in practice – the only data stored is your very last timestamp, which is immediately overwritten the next time you connect.

One of the most interesting and unique features that Proton VPN offers is the so-called Secure Core. Basically, this means that when you connect to one of Proton’s Secure Core servers, your connection is first routed through one of Proton VPN’s most secure servers.

From underground bunkers in Switzerland and Sweden to an old military base in Iceland, these servers are extremely secure and virtually immune to surveillance. So if you’re really worried about your activities being monitored, Secure Core is a great add-on feature.

Proton VPN also offers a built-in kill switch to protect your IP address in case your connection drops. There’s no option for the VPN to automatically turn on when you connect to a public Wi-Fi network, but you can set the Proton VPN to automatically connect when you turn on your computer.

Proton VPN has just over 1,800 servers spread across 64 countries. So you have good coverage all over the world and these servers are available on all platforms.

People who are obsessed with privacy will be very happy to know that Proton VPN offers a Tor over VPN service that integrates your connection with the anonymous Tor network. With a single click, all data is routed through Tor, which gives the user an extra layer of privacy as well as access to Onion sites. Aside from the shitty NordVPN, I can’t really think of many VPNs that offer this integrated feature.

Finally, in January 2020, Proton VPN passed an independent audit by SEC Consult. The results were impressive, with only 11 issues found across all running applications, none of which were high-risk.

While this may sound worrying, these audits are incredibly rigorous and, if vulnerabilities are found, allow developers to fix them. And because all the apps are open-source, anyone who is interested can verify the patches that have been made.

Overall, I’m seriously impressed with Proton VPN’s privacy and security, from the anonymous cash payment option to the auditing, and if you’re looking for a VPN to keep you secure online, I can safely say that it’s one of the most secure VPN services around today.

“Secure Core” connection option via ProtonVPN

Summary

Sign up for Proton VPN if:

  • You want the best online privacy and security
  • You need to access streaming sites abroad
  • Want to make sure no one is watching you
  • You want to block ads
  • You have a lot of devices that you use online

Avoid Proton:

  • If you need a fast connection
  • You need to save money

IVPN

Intro

IVPN is a Gibraltar-based VPN. Gibraltar is not only geographically well positioned in terms of security, but also benefits from an independent audit of its non-logging policy. The final output is a very private and secure service that, in my opinion, is on the list of the best VPNs on the market.

The VPN’s features go far beyond the discipline of security (however, there is also a useful ‘port forwarding’ feature, for example), and thanks to the WireGuard protocol, the service provides impressive speeds on most servers. With support for up to 7 devices simultaneously, IVPN is a compelling choice for groups and families – or for those who want a secure VPN on all their devices at once.

Torrenting is supported in all 45 locations covered by the service, which are spread across 32 countries. Custom DNS servers are maintained by IVPN around the world, adding an extra layer of security to this network that means no third parties are involved as potential vulnerabilities.

Plus, I personally have faster speeds with IVPN than I do with Proton.

The downside is that IVPN is very poor on streaming with no support for unblocking Netflix, Disney Plus, Amazon Prime Video or BBC iPlayer and it’s clear that this isn’t a priority for developers.

Privacy

When it comes to data protection, IVPN is really impressive. The company’s privacy principles are clear and simple. It’s also worth mentioning that IVPN has an incredibly transparent and honest policy – it even blogs on its site about Why You Don’t Need a VPN.

We can also check the official website to verify that this VPN does not log things like connection timestamps, DNS requests, traffic, session length, IP addresses, and more. What it does collect is very minimal, such as payment details (while it’s clearly specified, so there’s no possible confusion). However, I still find IVPN brutally anonymous, as the logging of payment data can be completely bypassed thanks to the ability to pay with Bitcoin or Monero, as well as the ability to register without email.

Another big plus for IVPN are the annual audits. Some companies do irregular audits and many don’t even attempt to do them, but IVPN is committed to doing them annually. The last audit was carried out by Cure53 in April 2022, which you can view at this link.

As expected, vulnerabilities were found, but these have been addressed – making the system more secure than ever.

IVPN, linux terminal and its features

Summary

Sign up for IVPN if:

  • You want to have top privacy and security on the Internet
  • You need lots of features
  • You want to pay anonymously using cryptocurrencies
  • You want a fast connection

Avoid IVPN if:

  • You want to connect a lot of devices at a low price
  • You need to access streaming sites abroad

Mullvad

Intro

Mullvad means “mole” in Swedish.

Like most of the best providers, Mullvad is packed with features to protect your privacy – including high-performance encryption. However, Mullvad goes even further and promises complete anonymity. It’s the only functioning VPN on our list that works completely without registration. If you want to sign up, the app will generate a code that will be your single login credential on all your devices. Additionally, you can also pay for the VPN app with Bitcoin or fully anonymously via Monero.

However, the downside of such an ultra-anonymous registration is the absence of 2FA, which may undoubtedly bother some users.

Additionally, although most VPNs publish their privacy policies, they are often difficult to decode. Mullvad’s policy is extremely clear and backed by both a 2021 infrastructure audit and a 2022 DNS server audit. From my perspective, this comes very close to giving VPN users a completely peaceful sleep 🙂

The second important reason I would recommend Mullvad is the speed of its network. Although Mullvad has around 895 servers – ExpressVPN, for example, currently boasts up to 3,000 servers – Mullvad seems to achieve extremely high speeds across multiple protocols. My personal experience with them has been very good, and even connecting to the Brazilian servers in the Czech Republic seems quite usable to me.

And now the bad news. If you’re a streamer and want to unblock your favorite streaming service when traveling abroad, Mullvad is a loser. Well, almost. In my tests, it unblocked some dedicated services, but you can forget about unblocking Netflix, Disney+ and Amazon Prime.

The service is affordable compared to the competitors and easy enough to use. The apps are a bit basic on the surface, but if you dig a little deeper, you’ll find some great advanced features, such as the ability to block gambling content, port forwarding, or split tunneling. In addition, controlling the VPN through a Linux terminal is absolutely ideal from my point of view; it’s clear enough and geeky enough at the same time.

If you don’t know your way around, Mullvad doesn’t have any live chat available for you, so you’ll have to rely on the Help Center or send their team an email with your questions.

Mullvad is not universal. However, if privacy is your main concern and you want to sign up for a VPN account without handing over even a shred of personal information, Mullvad is hard to beat.

Mullvad servers in the Android app

Privacy

Mullvad uses 256-bit AES encryption, which is the gold standard I expect from all high-end secure VPN providers. The company doesn’t log anything, only the number of concurrent connections to your account is tracked.

During testing, I noticed that my real IP address remained hidden at all times, even when switching between servers. This indicated to me that Mullvad takes its promises of anonymity and “complete privacy” very seriously indeed.

In June 2020, Mullvad published the results of its independent audit. It appears to have been generally satisfactory and the minor issues identified by Cure53 have been resolved.

In May 2022, the company’s DNS servers underwent an independent audit by Assured AB’s security consultants (here’s the report). Assured AB found no critical issues and no logs, but made several recommendations that were implemented shortly thereafter.

There is also a kill-switch feature that will automatically block the internet connection if the VPN disconnects for any reason. I tested this several times by forcibly terminating the connection, and the kill switch always worked flawlessly, immediately blocking internet access until I reconnected to the VPN.

Mullvad’s malware-blocking-software is also a cool bonus. Several experts claim that it is very effective, but you should never completely rely on something like this!

Easy operation of Mullvad via Linux terminal and connection to a server in Bratislava (“sk” in the initial command)

Summary

Sign up to Mullvad if:

  • You want one of the most secure private VPNs on the market
  • You want to pay anonymously using cryptocurrencies
  • You want a fast connection
  • You want an affordable VPN with a transparent pricing structure

Avoid Mullvad if:

  • You want to unblock streaming services like Netflix
  • You want round-the-clock chat support
  • You want a VPN that automatically re-bills you when your plan ends

Conclusion

There are many VPNs. New ones are being created, old ones are evolving, and policies and legislation are changing as well. This article is not meant to be a guide to choosing the “right” VPN. It was only meant to guide you on what parameters to consider if you want to achieve real and unhindered online privacy.

If you have your own recommendations for a VPN that is open and you find it secure, private and trustworthy enough, feel free to contact me. I plan to update this article regularly with new findings.

However, the choice of VPN service is up to you and I wish you the best of luck with your privacy.

24 thoughts on “What should I consider when choosing a VPN?”

Comments are closed.