When choosing a secure VPN service, there are tons of things to consider. Most important of all – how do you actually know you’re picking a VPN that will 100% protect your data?
It’s pretty hard to know you’re doing that, unfortunately. And with hundreds of VPNs on the market, it’s not like you can compare them all. Even if you were to compare the top VPNs, you’d still have to work with 20+ providers.
We know how complicated this process is. So we decided to make things simple for you. We put together this list of security features good VPNs have. A VPN doesn’t have to offer them all, but it should at least have the ones we marked down as “mandatory.”
1. (Mandatory) No-Logs Policy
You’re using a VPN to make sure hackers, governments, and ISPs can’t spy on you, right?
So you need to make sure the VPN has a strict no-logs policy. It should clearly say that the VPN doesn’t:
- Log your IP address.
- Monitor what sites you visit.
- Monitor what files you download.
Bonus If the No-Logs Policy Is Audited
Some top VPNs had their no-logs policy audited to prove that it’s legit. This helps make the VPN more trustworthy.
And other VPNs had their no-logs policy proven true in court – like Private Internet Access (PIA), for example.
2. (Mandatory) Bank-Grade Encryption
VPNs need to secure your traffic with powerful encryption to make sure hackers can’t compromise it with packet sniffers.
Most VPNs use AES-256 bit encryption – which is also used by banks and the military to protect important data. But other encryption ciphers like ChaCha20 are safe too.
3. (Mandatory) Secure Protocols
The VPN protocol determines how you connect to a VPN server. The provider should let you use secure protocols like OpenVPN, WireGuard, IKEv2/IPSec, and SoftEther. L2TP/IPSec is also safe, but many people don’t trust it.
If the VPN forces you to use PPTP, that’s a huge red flag. PPTP is not safe at all – its encryption is very weak and the NSA already cracked it.
4. (Mandatory) Full Leak Protection
VPNs can sometimes experience leaks which compromise your data – IPv6, DNS, and WebRTC leaks, to be exact.
You need to use a VPN that doesn’t leak your data, and which also takes precautions to prevent leaks. By that, we mean it should offer IPv6, DNS, and WebRTC leak protection. We could overlook WebRTC leak protection because many VPNs don’t have it and you can protect yourself with the uBlock Origin extension. But IPv6 and DNS leak protection is a must.
5. (Mandatory) Kill Switch
A kill switch is a feature that stops all Internet access when the VPN disconnects or when you’re not connected to a VPN server. It’s mandatory because it protects you from traffic leaks – if your VPN disconnects even for a few seconds, your ISP can see your online browsing.
Bonus points if the VPN has an application-level kill switch. That means it lets you pick which apps don’t go online if you’re disconnected from the VPN server. It’s very useful for torrenting.
6. RAM-Only Servers
Some VPNs configure their servers to only write data to the RAM memory instead of the hard drive. This is a cool security feature as it provides more privacy.
7. Open-Source Software
Some VPNs open-sourced their apps to make their service more transparent. That means the apps’ code is available online and anyone can inspect it. Some examples of good VPNs that did this include PIA and ProtonVPN.
It’s not mandatory for a VPN to open-source its apps to be considered safe, but it helps make it easier to trust. If you know you way around lines of code, you’ll be able to audit the apps yourself to make sure everything is alright.
8. Perfect Forward Secrecy
This is a security feature that changes the encryption key (the one used to encrypt your traffic) at regular intervals during the VPN session – like every 10 or 15 minutes, for example.
This is a useful feature because it protects you against hackers. If one of them would somehow be able to get their hands on the encryption key, they wouldn’t be able to decrypt all your traffic – just a small portion of it that wouldn’t prove useful.
This is a feature that hides VPN traffic by adding an obfuscation layer to it. Basically, it makes the VPN connection look like normal web traffic (your ISP won’t know whether you’re using a VPN or browsing Facebook).
Obfuscation is useful if you live in countries where using a VPN is risky, or if your government or ISP blocks VPN connections with DPI (a network traffic analysis method).
10. Ad Blocker
Some VPNs have ad blockers that block ads (like the name implies). But besides that, they also block connections to malware-infected sites. So they protect you from phishing.
NordVPN has a reliable ad blocker called CyberSec, and Surfshark’s ad blocker is called CleanWeb.
Are Free VPNs Secure?
No, free VPNs aren’t safe to use. They usually lack good security features, log and sell your data, and expose you to malware and ads.
What’s more, free VPNs have poor customer support, buggy apps, and very slow speeds.
How Do You Pick Secure VPNs?
What security features do you check to make sure the VPN you’re interested in is safe to use? Did we miss any important features in our list? Please let us know in the comments. And please tell us which VPN providers you think offer the most secure services.
Author | Emily Forbes
An Entrepreneur, Mother & A passionate tech writer in the technology industry!