VPNs provide great benefits in terms of privacy and security. However, choosing from hundreds of options available on the market can be a daunting task.Â KeepSolid CEO Vasiliy Ivanov offers some advice on selecting a VPN that keeps your data secure and key features that you may want to take into account when shopping for a VPN.Â
As so much of our daily lives move online, one of the defining features of the past year â€” and the past decade â€” is an increased focus on privacy. Even as early as 2013, leading website dictionary.com named it the word of the yearOpens a new window . Since then, many of us have become increasingly aware of the enormous digital footprint we leave and that awareness has disconcerted us. Our attempts to reduce the traces of our online lives have given rise to multiple best practices, philosophical essays, and new technologies.Â
The VPN, short for â€œvirtual private networkâ€, is one such technology that’s meant to protect our privacy in an uncertain online world. Yet, many people are afraid to use a VPN and some doubt if it’s even legal. While certain concerns are well-funded, others aren’t.Â
Here’s some advice about how to choose a VPN wisely, how to make sure your data remains private, and what you should keep in mind when choosing your VPN provider.
1. Logging Policy
The main objective of data protection is to keep sensitive information beyond others’ reach and, wherever possible, to ensure that it’s either not stored at all or erased immediately. Many VPN providers claim to do that by followingÂ a â€œzero-log policy.â€
The truth, though, is that this is technically close to impossible: A VPN does need to log some data, such as users’ source IP addresses, VPN IP addresses, timestamps for a connection’s start and end, and the bytes used during a session. This is the minimum set of data that lets the service function and allows providers to improve its speed, network connection, and reliability. But does this mean that VPN providers are lying?
Not necessarily. To understand what the zero-log policy really means, let’s consider two questions:
- What exactly does a VPN provider collect?
A zero-log (or no-log) VPN means that no private data and no data on the user’s online activity are collected. This guarantees the absolute anonymity of users because none of their private details are saved. There’s a clear distinction between â€œsafeâ€ data â€“ the minimum data set mentioned above â€“ and â€œunsafeâ€ personal information, such as the websites you’ve visited, the files you’ve downloaded, or the software you’ve used.
- How long are these logs kept?
After collecting minimal connection data, the best VPN providers state clearly how soon they’ll remove or delete that data. Most of the data, such as a user’s IP address, will be removed immediately after the session ends. Some types of logs, like connection logs, will be stored for 30 days.
Best practice: Look for VPN providers that are transparent about their logging policy. A trustworthy provider will usually have a dedicated page that explains the process of logging and its scope.
2. Emergency Measures
Usually, when you decide to use a VPN connection you depend on the provider to ensure that it’s reliable. But a VPN connection can fail, defaulting your computer back to a public IP address and leaving your data exposed.
In this case, it’s important to have an â€œemergency stop buttonâ€ that can automatically disconnect your computer and hide all information about you. For VPNs, this â€œbuttonâ€ is called a VPN Kill Switch, Internet Kill Switch, or Network Lock, and it essentially cuts your connection to the internet when the VPN connection fails.Â
A kill switch constantly monitors your connection and registers any change in the current IP address or in the connection status. If it notices a change, it instantly blocks the connected device from the internet until the VPN connection is restored or the VPN is switched off.
Broadly speaking, there are two types of kill switches:
- Active Protocol registers any disconnection from the VPN, sends an alert to your device, and cuts it off from unsafe networks.
- Passive Protocol doesn’t rely on receiving information from the VPN server. On the contrary, once the VPN application stops receiving an incoming signal from the server, it prevents your device from sending web traffic.
Best practice: Check what your VPN provider actually offers. Though a kill switch is a crucial feature, not every VPN service has it and in many cases, it is switched off by default.
3. Encryption Type
Encryption is a process of encoding information to hide or obfuscate all the data that passes between your computer and a web server. Encryption types, protocols, and ciphers are the cornerstones of any good VPN, as they determine how your data is kept hidden and how your â€œsecure tunnelâ€ to the internet is formed.
It’s a complex process, yet the underlying principles are simple: At a basic level, encryption means substituting letters and numbers for other information so that only a person who knows this code can understand it.
To protect data from attacks, a VPN service can use one or more of the following types of encryption:
- Symmetric encryption, where the key for encryption and decryption is the same. This type of encryption is used to protect data that’s in transitÂ
- Public key encryption that relies on a known public key to encrypt messages, and a hidden private key to decrypt themÂ
- Hashing to confirm data integrity. This encryption method helps to maintain the integrity of the data that is being transmitted and to confirm the source of the messageÂ
Best practice: To understand how secure a given encryption type is, it’s important to consider the cipher used and the key length (also known as the number of â€˜bits’ in a given key). For example, 256-bit â€œlong keysâ€ are the current â€˜gold standard’. It would take billions of years to run through all the possible combinations of letters and numbers in a long key, so it’s considered very well-protected. And in general, asymmetric key encryption is much more robust than symmetric or â€œhandshakeâ€ (RSA) encryption.
4. Additional Protection Services
The most important thing to understand about a VPN is that it doesn’t keep you safe from cyberattacks. As a result, leading VPN providers offer additional protection to safeguard users’ security. In most cases, you can choose a VPN service that offers additional malware protection options â€” usually a DNS firewall and IPv6 leak protection:
A DNS firewall shields the DNS of your device from known malware websites or specific categories of unwanted content. IPv6 leak protection hides your true IP from IPv6-enabled websites and prevents your traffic from being routed outside the VPN.
Best practice: Currently, most reliable VPN providers offer basic services and security protection as a combined package. Because VPNs by themselves can’t offer protection against malware, scams, or phishing attacks, it’s important to find a packaged solution that can tackle the problem of security from different angles.
Learn More: Can SASE Edge Out VPNs for Secure Remote Access?
5. Ð¡ryptocurrency Payments
As an extension of the no-log policy, certain VPN providers offer the option to pay for their service with a cryptocurrency such as bitcoin. In reality, this is a â€œnice to haveâ€ measure, because any trustworthy provider will erase all your data anyway.Â
But payment with a cryptocurrency lets you leave no trace of your identity since by design it provides more secure exchanges for users while keeping a public record of all transactions (thanks to asymmetric encryption with private and public â€œkeysâ€). While traditional payment methods submit information about your credit card number, banking account, or other sensitive data, cryptocurrency keeps these details unknown to third-party platforms.
Best practice: As a rule, the option of cryptocurrency payment isn’t essential; it’s an added protective measure. The most important thing is to choose a high-performing VPN service that has a no-logging policy. If you do opt to pay for your VPN with cryptocurrency, it’s a good idea to use a separate email address that doesn’t contain any personal information.
Protecting Your Privacy
To recap, not every VPN will protect you. Some analyses have found that 85% of free VPNs contain permissions or functions that could compromise a user’s privacy. To protect your privacy while using a VPN connection, it’s important to select technically feasible and effective features that fit your specific use case. By using the best practices we’ve covered above, you can make an informed choice about the VPN that’s best for you.