Are you uncertain what a VPN should offer – apart from helping your privacy? Well, join the club. There isn’t a unitary recipe or single protocol for creating a VPN – or even an industry standard for what the minimum security level should be. Even worse, app stores are riddled with apps calling themselves VPNs which do some rather suspicious activities.
From the Avira perspective, there are two core VPN technical features and two operational ones that a secure VPN should offer. The two technical features a VPN should have are complete content encryption and encryption of DNS addresses. Operationally, VPN user logs should be restricted to performance issues and there should be no reselling of user data.
Should you buy a VPN?
Now that we’ve cleared up some of the standards, let’s take a step back and see when and why you would want to buy a VPN. A VPN should be used whenever you are on an insecure network such as a public or hotel Wi-Fi, when you need to have a certain geo-IP address to unlock certain content or web features, or when you want to prevent your ISP and other online trackers from recording your online activities. These three points probably cover most of your time online time, including when you’re on mobile devices and your stay-at-home computer.
What to look for when buying a VPN
As we already pointed out security and privacy are incredibly important when it comes to choosing a VPN. But how do you know a VPN provider meets these criteria? And what are some other aspects to consider? The below gives you an idea of some of the things to look for.
1. Where are the servers?
An exit node is the technical term to describe a VPN server. When connected to a VPN, your data packets go out from the server through this exit node. This provides two important benefits. First, it encrypts the visited site addresses and the contents exchanged. Second, it gives these packets the IP address of this location, creating a new virtual location for you. When selecting a VPN, you not only want one with exit nodes, or servers, near you for more easy connections, you also want one with exit nodes in the specific geographies where you want a virtual location. The more servers a VPN has, the more difficult it is for content providers and nation-states to block it.
2. What VPN protocol is best?
There are a number of acceptable VPN protocols in use. Creating a VPN is like a cooking recipe that can vary according to the device operating system, infrastructure, and type of use – and all put together with the goal of easier connections, faster speeds, and more secure encryption.
OpenVPN is one of the most popular. In addition to using AES-256 bit key encryption, it is open source. This means that users anywhere can and do look closely at the code to uncover any vulnerabilities. L2TP/IPSec L2TP is a combination of L2TP and the IPsec security protocol. It uses the secure AES-256 bit encryption but relies on a single port which makes it easier to block. Two additional acceptable protocols include SSTP and IKEv2. Protocols and encryption techniques evolve so this list will change. WireGuard, a new and fast-developing VPN protocol, is the most notable newcomer to this list. It is being expanded to work with more operating systems and has gotten rave reviews for its code simplicity and speed.
3. Are there data caps?
VPNs usually come with some bandwidth restrictions – especially the free ones. This is where your lifestyle and location can make a big difference. If you are streaming or downloading a lot of media content, your bandwidth requirements will be much higher. In addition, if you use a VPN on your mobile device, you can also use a significant amount of bandwidth with navigation services.
4. What are some useful features?
The most useful VPN functions reinforce the weakest part of the VPN security chain – you the user. If a VPN is working correctly, with full packet encryption and no DNS leakage, the biggest privacy risk for the user is that they will simply not turn it on to use it or not realize when the connection has been broken.
Auto connect will start up the VPN when you connect to an insecure network. This can help prevent you from sending private information over, for example, a public Wi-Fi network. It’s like a seatbelt notification in your car.
A Kill Switch drops the network connection when the VPN connection is disrupted. This is especially useful when the network connection is spotty or when the device is connected to the VPN for a long time and you as the user might not be sitting in front of the device at all times. In both scenarios, the kill switch can keep you from unknowingly using the insecure network after the VPN connection has been broken.
5. Is a VPN proxy just as good?
A VPN proxy is essentially a forwarding note pasted on your data packets that gives them a different IP address but does nothing to encrypt the contents or the DNS addresses. Because of the lack of encryption, they are simpler, faster, and cheaper to operate than most full-flavored VPNs. They can enable you to circumvent some geo-IP restrictions but do not protect privacy. They are especially common among free “VPNs” for android devices.