A virtual private network (VPN) is an increasingly essential security tool to protect your data and your privacy. Using a VPN has a lot of privacy advantages and offers plenty of value. Unfortunately, not all VPNs are created equal. And since there are hundreds of options to choose from, finding the right one isn’t the easiest. To help you out, we take a look at what data a VPN can access, and what privacy and security features to look for.

You have no privacy if you use a free VPN

The plain and simple truth is that a free VPN is bad news. There are thousands of free VPNs that are appropriately flashy and hit all the right keywords to make you feel at ease. Unfortunately, some free VPNs end up doing the opposite of what they’re supposed to.

Running and maintaining a VPN service is complicated and expensive. A service that is free to the customer will need to recover its cost elsewhere. And some do so by tracking your online activity and selling your data. That is usually the first thing you’re looking to avoid when using a VPN.

You might have to deep dive into their privacy policy to find out how safe it is. If you see anything about advertising partners or third-party users getting access to your online data usage by using cookies or other data-collection tools, it’s probably a good idea to look for alternatives. Given that your data is a key part of the business model of these companies, depending on them to protect it is paradoxical.

If you’ve ever used a free VPN, you might have been inundated with ads. There’s nothing inherently wrong with ads of course. Most businesses offering free services, from Facebook to Android Authority, depend on them. Again, it’s deceitful players that ruin it for everyone else. Some VPN apps contain malware and unsurprisingly, some malware is downloaded to your device by clicking on ads.

Granted, it’s not all doom and gloom. Being extra vigilant is necessary, but that’s good advice for anything you do on the Internet anyway. There are some decent options out there that will do in a pinch. The free VPNs that we recommend are actually akin to trial versions of premium VPN services. More often than not, you’ll find limited servers, fewer features, slower speeds, and data caps. These are a great way to try them out though, and see if getting a subscription is worth it.

Are paid VPNs all that better?

Just like free VPNs, there are a lot of paid options to choose from. It’s important to remember that paying for something doesn’t automatically make it good. More often than not, a paid VPN will be a step up from one that is completely free. However, it can be challenging to understand exactly what you need and what you’re getting.

Price is obviously an influencing factor. That’s why we’re swayed by great deals or a Black Friday offer. But there’s more to it than that. Your VPN choice starts with what you want it for, and which VPNs match this. Features and services that a VPN support are often front and center on their websites. What we don’t see and need to really go searching for are the things you can’t do with a particular service.

Data logging policies can be tricky

VPNs that log your data may choose to do so for their own gain, like bad free VPNs, or they may be forced to log for other reasons, like some kind of restrictive country law.

If privacy is your concern, avoiding VPNs that log anything ensures you aren’t defeating the purpose of securing your data at the first hurdle. Some VPNs claim not to log anything and then still do it anyway. These VPNs may say they don’t store any data logs, but by law must retain connection logs, which might be able to show something about your perfectly normal movements or whereabouts.

A big clue is in the nature of the kind of offer a VPN will make to customers. If they enforce connection or download limits on subscriptions, they must be keeping some kind of connection logs. It’s the only way they can manage this. Of course, a good paid VPN won’t have any download limits at least.

It’s still a good idea to review the privacy policies of the VPNs you’re considering. An ideal no-logging policy will explicitly state that the VPN service doesn’t log activity, browsing history, data content, IP address information, and any connection and session duration logs.

Email addresses and payment info are required

If you are handing over email ID and payment information to sign up for a VPN, much of your anonymity can be lost. Not all payment options are the same, and it’s really only possible to guard your information using Bitcoin or other cryptocurrencies, cash, or gift cards purchased through another service.

The email address issue is relatively easy to work around by simply setting up a dummy account to use for just this purpose. It’s not completely secure and anonymous. Setting up a separate Gmail account will still require a phone number for verification. This adds an extra layer between your actual information and any potential leaks.

However, if your payment information is stored, you are leaving yourself open yet again, and could lead to worse consequences. Most VPNs will use a third-party payment portal, which means they won’t get your data, but another linked party will. You’ll need to go and read the payment service’s terms of service and privacy policy too if you want to know how it uses your data. In short, if you’re only able to pay with a credit card or Paypal, some information will be collected and stored for minimum periods.

VPN connection and encryption features to look for

If you’re browsing and your VPN connection leaks, cuts out, or drops, you’re at risk. Leak checkers are important because they monitor for problems like a DNS or WebRTC leak. Better VPNs will also provide tools for you to check if all your data is going through the provided VPN tunnel. To review the privacy of your VPN, head over to ipleak.net as a basic starting point.

For connection dropouts, premium VPNs offer a “kill switch” or network monitor to constantly check your connection and halt all data if the VPN connection has dropped out. A kill switch is mandatory, and some VPNs will even offer customizable kill switch configurations to fine-tune operations.

It’s also important to have your VPN use connections based on the OpenVPN protocol. This is a technical area, but the short story is that this open-source protocol is superior to the PPTP and L2TP/IPsec protocols, due to security flaws and other disadvantages. The best will use OpenVPN with at least AES 256-bit encryption and with in-house DNS servers as well. Tick that box. Again, a solid paid VPN will offer all of this by default.

An extra layer of security is available with certain VPNs that offer “double-hop” connections. In this case, your encrypted data is routed through two servers. Connection speeds take a huge hit when using this feature though, so use it only if you absolutely must.

VPNs we recommend

ExpressVPN has been my go-to service of choice for a long time. It’s easy to use, supports multiple platforms and devices, and generally very reliable. Connection speeds have been particularly impressive, regardless of which server I’m connected to. Keep in mind though that your experience may vary from my own. It’s one of the more expensive options out there though.

A very close second for me is NordVPN. Nord boasts a truly impressive number of servers and has a lot more security features than ExpressVPN. Its long term three-year plan also make it one of the cheapest VPNs you can get. I get better speeds with ExpressVPN, but Nord has it beat when it comes to almost everything else.

Cyberghost is another personal favorite. It makes everything very simple by sorting everything into modes and categories. A huge number of servers, great security features like malware blocking, and an affordable price tag all work its favor. Connection speeds were an issue, but that’s also improved time.

I’ve also done reviews of more services like BullGuard, SaferVPN, StrongVPN, PureVPN, VPN Unlimited, and IPVanish. SurfShark is another service that I’ve heard a lot of good things about and I’m working on a full review right now.