Ideally, every VPN service provider would subject itself to independent audits to verify that it logs and operates as it claims. Right now, audits aren’t common practice in the VPN industry, though there’s a push to change that. Joseph Jerome, policy counsel at the Center for Democracy & Technology, told us about that group’s efforts to bring transparency to the VPN industry: “We would like to see security audits released publicly so security researchers can review them and attest to their veracity, as well as learn from the issues being identified.” The few companies we found that currently performed these types of audits had other dismissal-worthy failings, despite their valiant efforts toward transparency. And while such reports may increase your confidence when you’re shopping, there’s no guarantee that an audit makes a VPN service trustworthy: In other industries, conflicts of interest have led auditors and rating agencies (PDF) to miss or ignore major problems.
Before anything else, understand that if you want to use a VPN you should be paying for it. Free VPNs are either selling your browsing data in aggregated form to researchers and marketers, or giving you a paltry amount of data transfer every month. Either way, a basic rule of thumb is that a free VPN will not protect your privacy in any meaningful way.

Every service we tested accepts payment via credit card, PayPal, and Bitcoin. That’s plenty of options for most people, and you can always use a prepaid debit card if you don’t want your billing information tied to your VPN account. IVPN and OVPN are the only ones to accept cash payment through the mail, if you really don’t want to make a payment online. Private Internet Access and TorGuard accept gift cards from other companies—IVPN doesn’t, but that option isn’t worth the additional hassle for many people when other secure, private methods are available.

The Remote Authentication Dial-In User Service (RADIUS) protocol is used to provide centralized administration of authentication, authorization, and accounting (AAA) and an industry-standard security infrastructure. RADIUS is defined in RFCs 2138 and 2139 in the IETF RFC Database. RADIUS enables administrators to manage a set of authorization policies, accumulate accounting information, and access an account database from a central location.
When you download a file from a server without a VPN, there’s a chance you will encounter network congestion, most likely on your nearby ISP network or at the download server itself. When you use a VPN service, you add a third potential bottleneck to the route. Whether because of server load or congestion on the network surrounding the server, there’s a higher chance that your speed will be affected while connected to a VPN.
Most VPN providers don’t give you the option, anyway, but don’t disable encryption altogether. Additionally, 128-bit AES is the minimum strength encryption necessary for a VPN to do its job and keep your data safe. It’s effectively un-crackable and is slightly faster than 256-bit AES, which is also common. A handful of VPNs use Blowfish encryption, which tends to be slower than its AES counterpart. We recommend at least 448-bit Blowfish encryption if you go that route.
Another reason you might choose to use a VPN is if you have something to hide. This isn't just about folks doing things they shouldn't do. Sometimes people really need to hide information. Take, for example, the person who is worried he or she might be discriminated against by an employer because of a sexual preference or medical condition. Another example is a person who needs to go online but is concerned about revealing location information to a person in their life who might be a threat.

Authentication that occurs during the creation of a PPTP-based VPN connection uses the same authentication mechanisms as PPP connections, such as Extensible Authentication Protocol (EAP), Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge-Handshake Authentication Protocol version 2 (MS-CHAP v2), CHAP, Shiva Password Authentication Protocol (SPAP), and Password Authentication Protocol (PAP). PPTP inherits encryption, compression, or both of PPP payloads from PPP. For PPTP connections, EAP-Transport Layer Security (EAP-TLS), MS-CHAP, or MS-CHAP v2 must be used for the PPP payloads to be encrypted using Microsoft Point-to-Point Encryption (MPPE).
NordVPN also nudged out ExpressVPN in terms of speed, with a few caveats. Most VPN apps select a location, and then the app automatically selects the best server in that location. NordVPN is not so good at this. The auto-select on a couple occasions put us on servers that were complete duds, which resulted in a test result so bad it qualified as a statistical outlier and had to be thrown out. Thankfully, the app allows you to manually select a specific server and view the load capacity on all servers, where we had much better luck. Servers are optimized for specific streaming channels, torrenting, or security measures.
With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques.[33] Home users usually deploy VPNs on their routers to protect devices, such as smart TVs or gaming consoles, which are not supported by native VPN clients. Supported devices are not restricted to those capable of running a VPN client.[34]
AVG Secure VPN Virtual Private Network (VPN) gives you a secure and private connection to unrestricted internet access. It does that by encrypting your connection so nobody can snoop on your online activity. The result? Secure and private access to any site — anywhere, anytime. That’s your favourite sites, shows and subscription services all with uncensored access.
L2TP/IPsec (Layer 2 Tunneling Protocol with Internet Protocol Security): L2TP is not secure itself, so it's generally paired with the IPsec secure-networking standard. The combination of the two was once thought to be very secure when properly implemented, but some VPN services suggest that you use OpenVPN instead. L2TP/IPsec has native support in Windows, OS X/macOS, Android, Chrome OS and iOS. Most VPN services support it.
Consider a public Wi-Fi network, perhaps at a coffee shop or airport. Usually, you would connect without a second thought, but do you know who might be keeping tabs on the network traffic? Can you even be confident the hotspot is legitimate, or might it be operated by a criminal who's hunting for your personal data? Think about the passwords, banking details, credit card numbers, and just any private information that you send every time you go online.
Typically, when you try to access a website on the Internet, your ISP (Internet Service Provider) receives the request and redirects you to your destination. As your Internet traffic passes through your ISP, they can see everything you do online. What’s more, they can track your behavior and sometimes even hand your browsing history over to advertisers, government agencies and other third parties.
We like that the company offers a connection kill switch feature and, for those who need it, there's an option to get a dedicated IP address. VyprVPN is a standout in their effort to provide privacy, and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog's VyperVPN service added scrambled OpenVPN packets to keep the traffic flowing. 
Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not. This is actually why we also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy. KeepSolid VPN Unlimited offers a one-week Vacation subscription, for example. Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs.
×