In an age of increasing state-level surveillance (and the desire to watch Netflix from other countries), more and more of us are considering using a virtual private network (VPN) service.
And that’s a very good thing indeed.
VPNs are great, high-value tools every internet user in 2020 and beyond should be looking into. That said, not every VPN is created equal, and not all are worthy of your money – or trust.
If you’re not a tech wiz, it can be hard to navigate the market. VPNs pour a ton of money into marketing their product as the best, most full-featured option. So much so that it’s sometimes hard to know which VPN features are essential and which are fluff.
Well, I’m here to help.
In this article, I’ve put together a list of all the essentials expected of a top-notch VPN provider (and explain why they’re so important). It’s something you’ll be able to refer back to anytime you’re choosing a VPN.
Clear No-Log Policy
When you use a VPN, you route your traffic through one of its servers.
This means a provider has visibility into your online activities. So, before we talk about protecting ourselves from different online threats, we should first touch on VPN privacy policies.
Virtually all VPN providers will tell you on their sales page, “We don’t keep any of your personal data and browsing activity, pinky promise!”
Can you blindly trust them? Not really – they have a business interest in telling you that.
So how can you be sure they’re truly being honest about not logging? There are two main ways:
For example, NordVPN states in theirs:
“Nord guarantees a strict no-logs policy for NordVPN Services, meaning that your internet activity while using NordVPN Services is not monitored, recorded, logged, stored, or passed to any third party. We do not store connection time stamps, used bandwidth, traffic logs, IP addresses, or browsing data.”
The statement is clear, easy-to-understand, and there are no loopholes. That’s what we’re looking for.
A better way to make sure the VPN sticks to their no-logging claims is to hear it from a third party.
Sticking with NordVPN, they were the first provider to hire a third-party auditor (PWC, one of the Big 4 auditing firms) to verify their no-logging policy.
They gave PWC full access to review technical details, server information, and interview employees. When the results were in, the report confirmed NordVPN’s promises – there was absolutely no trace of data logging or other privacy breaches.
Ideally, any VPN you pick should have had an independent third-party audit. But, don’t consider a missing audit a deal-breaker, either.
VPNs protect your privacy and information by encrypting traffic as it travels between your device and the VPN server. Encryptions make it hard, if not impossible, for your ISP, the government, a skilled hacker, or anyone else to see what you’re up to online.
Do you frequent P2P sharing networks? How about visit websites others (including the government) may find questionable? Using strong VPN encryption will stop anyone from finding out.
Encrypting your data also adds another layer of protection to any passwords, personal information, or payment information you send over the internet. And that’s never a bad thing.
How VPNs Hide Your Data
When you connect through a VPN, the data you send is mathematically “scrambled” using a long string of numbers (an encryption key).
Even if someone intercepts the message, all they would see is that scrambled gibberish. Only the encryption key holders can revert the data to its original, readable form.
The best chance anyone other than you has at decrypting the message is to guess the key. It’s trial and error, trial and error until they can find the right combination.
Hackers don’t do this by hand, of course. They use a computer to run through all the possible options – this is called a brute force attack.
But if the key is long enough and hard enough to guess, they might as well not even bother. Why? Because they’ll never get it.
And that’s the case with strong AES encryption.
Why AES Encryption Is Unbreakable
AES (Advanced Encryption Standard) algorithms have an ingenious and elegant way of using mathematics to encrypt our data.
More importantly, they use very long encryption keys – 128-bit, 192-bit, or 256-bit. The number of possible key combinations is 2 to the 128th, 192th, or 256th power, respectively.
No one has computers powerful enough to run through all these options. Even if you sneak into IBM’s basement and get their supercomputers to do it, the process would still take billions of years!
That’s why strong AES encryption has never been broken. And that’s why you should only use VPN providers that offer it – ideally the 256-bit version.
Secure VPN Protocols
Strong encryption is a must, but it’s not the whole story when it comes to VPN security features.
VPN protocols are instructions that describe how encryption should be used. There are multiple ways to do things – and hence, numerous protocols.
Popular high-security options include OpenVPN, IKEv2/IPSec, and WireGuard. Any decent VPN should give you at least a few protocols to choose from in the settings section of their app. A few providers even take it a step further and let you fine-tune by picking between the TCP and UDP version of OpenVPN.
So which protocol should you go with? That depends on what you’re doing.
Some protocols are less secure (but still secure enough) and run faster. Others use the most robust encryption ciphers but might slow down your connection.
Consider watching Netflix from your home network, for example. It’s not a high-risk activity, so security isn’t as crucial. But you do want a speedy connection for buffer-free viewing.
When in doubt, opt for OpenVPN or WireGuard. Hence, make sure any provider you choose offers at least one of these.
DNS Leak Protection
When you visit a website, you type up the domain name into your browser. But machines don’t use letters; they prefer numbers.
The website name is first translated into an IP address using a Domain Name Server (DNS.) Only once your browser has made that switch will it load up the site.
DNS leaks happen when DNS requests don’t go to the VPN but to your Internet Service Provider (ISP) instead.
This tells the ISP (and other potential watchers):
- Your IP address
- The target hostname and server IP
In other words, eavesdroppers will know who you are and what websites or services you visit.
To avoid this potential lapse in privacy, choose a VPN that actively works to prevent DNS leaks.
And, when you install the app, double-check that DNS protection is switched on. It’s a default setting for most providers, but it doesn’t hurt to make sure.
VPN Kill Switch
A kill switch is one of the “advanced” features that most new VPN users overlook. Don’t be one of them – kill switches are essential for online privacy and security.
Let’s say you connect to a VPN and start sending sensitive data or downloading a file from BitTorrent. A few minutes later, the VPN suddenly disconnects (maybe there was a momentary glitch with your internet).
You continue transferring data, thinking it, along with your identity, are protected. But that is no longer the case; you’re back to using your regular ISP connection, and everything’s back in the open.
A kill switch is a simple way to prevent this (surprisingly common) issue.
If the VPN connection drops, the feature blocks your internet (i.e., kills it) to prevent unprotected data from leaving your device. You’ll immediately notice that you’re offline and reconnect your VPN to restore protection.
Excellent Server Speeds
Don’t you love endless loading or download times? Or the video buffering until you feel the urge to smash your TV?
Not really? Well, me neither.
That’s why a fast VPN server speed is a must feature of any solid provider.
The top VPNs in the market invest a lot of money in optimizing their infrastructure to improve speed. Combine that with no bandwidth limits or connection throttling for high-bandwidth activities (like watching videos or pulling torrent files), and you’re set.
And, believe it or not, a well-optimized VPN might even speed up your internet.
Some ISPs use bandwidth throttling. They intentionally slow down your connection when you’re streaming video or music (or doing something else that consumes a lot of bandwidth) to avoid network congestion – or to get more money out of you.
VPNs hide your internet traffic from the ISP – they don’t know what you’re doing, so they can’t throttle you. Your speed goes up, and you wave goodbye to choppy streaming and 2 kbps BitTorrent downloads.
VPN Servers Near You
Two main factors go into your VPN connection speed:
- Latency is the time it takes for data to reach the server.
- Bandwidth is the amount of data you can transfer in a specific timeframe (like per second).
Your bandwidth depends on your ISP. So, you need a VPN that doesn’t limit and can keep up with it.
Latency increases dramatically the further away you get from the VPN server – or the VPN server from you.
So, before you choose a provider, check their server map or list. Make sure they have at least a few servers in your area to ensure the highest connection speeds.
If you will be accessing content from another country, check if they have servers in that region, too. For example, to watch Netflix Japan, you want to connect through a Japanese server.
Multi-Platform App Support
You can use a VPN on your computer, phone, smart TV, and the rest of your devices. So, make sure the provider has dedicated apps for all the different platforms and operating systems you’re interested in.
A desktop client and Android or iPhone mobile apps are pretty much a must. If you’re using Linux OS, check if the native application works there, too.
Some VPN providers do not support all operating systems. But they may still offer tutorials and configuration files to help set up the connection manually.
The bottom line is any decent VPN will have multi-platform support to ensure you’re covered across all your internet access points.
If all you’re getting is a Windows and Mac client, the VPN is probably not worth your money.
Regularly Updated Apps
All desktop and mobile VPN software needs regular updates.
Because some bugs and security issues are only found after the software is released, when that happens, developers come up with a fix and update the app.
Apps also may need a refresh when a new version of the operating system comes out.
OS updates patch security holes, remove bugs, and improve user experience. But they might create new safety issues for existing apps, too. That’s why when a new version of Windows (or Mac iOS, or Android) comes out, native apps also often have to make changes.
How do you know if a provider updates their apps regularly? Just check the last time it happened. If it’s been more than a month, that’s not great.
“Small” updates don’t change anything you’ll notice as a user – the layout and functions remain the same. However, they resolve crucial issues and security holes behind the scenes, which inevitably appear as we use the app.
If a VPN provider has ditched the responsibility to fix these problems, this is a major red flag.
Generous Simultaneous Connections
VPNs can protect you from eavesdroppers and help you access geo-blocked content across many devices:
- Your home computer
- Your phone
- Your partner’s phone
- The family TV
- Your kids’ laptops
- The tablet you take on vacation
The list goes on and on.
While plenty of VPNs (at least the good ones) will run on all of those devices, most set a limit on simultaneous use.
If you want to check your email through a secure network while your son watches Doctor Who on UK Netflix in the other room, you want multiple simultaneous connections.
How many? It depends on your needs and the number of family devices (or the number of roommates) in your house.
NordVPN allows up to six connections, ExpressVPN allows five, and Surfshark gives you as many as you need – each provider sets their own numbers.
24/7 Chat Customer Support
You don’t get a VPN with the thought, “I’ll run into problems.”
Then, when issues appear, it’s at the worst time. A national holiday, the weekend, in the middle of a Friday night movie marathon – you know the drill.
This is why 24/7 chat support is the golden standard for VPN customer service. All top providers offer it, and it’s genuinely a must-have.
Email and phone support are also important, of course, but instant access to a human agent cannot be underestimated.
VPN Split Tunneling (Bonus)
Split tunneling is a semi-necessary feature. But I still included it because it can make a big difference in your user experience.
With split tunneling, you can use the VPN for some sites and a regular connection for others.
If the government has blocked a particular online service, for example, you can unlock it with a VPN. But then, you can still use your standard network for pages available in your country.
Since a VPN connection can slow you down, split tunneling is also a way to get the fastest loading speeds on sites you trust.
That said, it’s not an essential function for two reasons:
- A non-VPN connection isn’t safe. You might trust the website, but if you connect through a regular network, your information is still exposed to your ISP, data mining initiatives, hackers, etc.
- Modern VPNs barely affect your speed. VPN providers are continually optimizing their installations for fast connections. Plus, if you choose a server close to your location, the speed bump is negligible.
VPNs are an excellent tool to protect your privacy, safeguard your data, and unlock geo-blocked content. But not all VPN services were created equal.
When choosing your VPN, keep this list of key features on hand. They’ll help you distinguish high-quality VPNs from overly marketed (but decidedly mediocre) products.
The must-haves of a great VPN are:
- Clearly stated no-logs policy (bonus points if it’s third-party confirmed)
- Strong encryption for all traffic
- Multiple secure VPN protocols (and being able to choose among them)
- DNS leak protection
- VPN kill switch
- High connection speeds
- Multiple servers near you (and in regions you want to access)
- Cross-platform app support
- Regular app updates
- Multiple simultaneous connections
- 24/7 chat support
Nord does not, however, offer split tunneling – an optional but still convenient feature. If that’s something you want or need, you also can’t go wrong with Surfshark.
What VPN features are must-haves, in your opinion? Let me know in the comments below!