Choosing The Best VPN

VPN services vary in the types of protection they offer. While there is no single 'best' VPN for all users, individual users should determine which service works best for them.

Common Threats
VPN Resources
Glossary

Choosing The Best VPN

Learning Objectives

After reading this article you will be able to:

  • Describe several important features offered by VPNs
  • Explain why there is no best VPN for all users

What’s the best VPN service?

Virtual Private Network (VPN) services vary in cost and in the range of features they offer. The truth is there is no ‘best’ VPN option for everyone, and the purpose of this article is not to promote one service over the others. Instead we will provide the criteria one should consider when choosing a VPN service.

Beware of articles and blogs that recommend specific VPN services

Users that are searching the web for resources to help them choose a VPN service will likely come across spammy-looking sites that have top 10 lists or comparisons of VPNs. Many of these pages are actually covert advertisements for specific VPNs run by affiliate marketers. Users should be wary of any privacy company that uses a dishonest tactic to create a business relationship with them.

Is a VPN service necessary to remotely access a home network?

For users that simply want to be able to access their home network from a remote location, a VPN service will not meet their needs. A VPN service connects users to a remote network operated by the service, not a home network. To be able to access a home network, users can instead run their own VPN at home for free. Instructions can be found online for running a VPN server off of a home computer or router.

Choosing a VPN service for changing geolocation

If a user is only looking for a service that will let them change their geolocation, then pretty much any VPN will do and they should look for the one with the lowest price point. For example, someone who has no concerns about security or privacy and just wants to change their IP location for the purpose of watching Hulu or some other streaming service won’t need many of the security features that come from more robust VPNs. They have no need to pay for the extra features they won’t use.

Is the protocol a VPN service uses important? Is OpenVPN more secure than PPTP and L2TP/IPsec?

The protocol which a VPN service uses matters a great deal; a modern and secure protocol is a requirement for proper privacy and security. OpenVPN is currently the gold standard, it’s the most secure VPN encryption protocol. L2TP/IPsec (layer 2 tunneling protocol with IPsec encryption) is also considered to be very secure, but it is significantly slower than OpenVPN. PPTP (point-to-point tunneling protocol) is a dated protocol and its encryption is no longer secure. Any service that only offers PPTP should be avoided.


The only caveat here is that some mobile operating systems do not yet support OpenVPN. For many mobile devices, L2TP/IPsec is still the best protocol available.

Does a VPN need to provide concurrent connections?

Concurrent connections are another good feature to look out for. Most users want a VPN service that allows multiple concurrent connections so that they can protect every device in their household.

Does the size of a VPN’s user base matter?

A VPN service with a large user base helps increase the privacy and anonymity of the users on that service. The more people using a particular VPN service, the harder it will be to single out one person’s activity.

Which VPNs are best for bypassing restricted networks?

Users behind a restricted network will require special features from a VPN service. Restricted networks like China’s Great Firewall have VPN blocking features built into them. Technologies such as SSH tunnels, TCP Port 443, and multihop can help users get around these restrictions.

What is a VPN killswitch?

Some VPNs offer a killswitch to prevent users from accessing the Internet if the VPN disconnection gets dropped; this way users won’t accidentally access the Internet without VPN protection. These killswitches are a useful feature, and there are a couple of ways to implement them. Some killswitches can only shut down Internet traffic for certain programs, such as web browsers, while more secure killswitches shut down all Internet activity on a device. It should be noted that no killswitch is 100% secure, as some packets can still be exchanged on an unprotected connection before the killswitch is engaged.

Why do some VPNs suffer from DNS leaks?

When a user connects to the Internet without a VPN, they use their ISP’s DNS resolver, which can log data about their behavior. A VPN gets around this, but if the VPN service is using its ISP’s DNS resolver or even a public DNS resolver, this creates a data leak. A good VPN service will run their own private DNS servers. In the event the VPN does not use it’s own DNS, users can ask to see if the DNS used is optimized for security, like the 1.1.1.1 DNS service, which purges logs after 24 hours.

Does using 2 VPNs simultaneously increase protection?

Some people who are transferring extra-sensitive information utilize two different VPNs. By connecting to a second VPN while already connected to a first VPN, they add another layer of security. Their data travels through an encryption tunnel that’s inside of another encryption tunnel. Chaining two VPN services is an extreme measure, but may be a reasonable choice for those who can’t afford a data leak.

Are free VPN services too good to be true?

There are some VPN services out there that are free of charge, and while they don’t offer the same sets of features as the more robust paid services, they can be a good option for some users. Free VPN services often come with bandwidth throttling and usage limits, but as long as they meet the other criteria of a good VPN, they can be a good choice for a casual user.

Conclusion

The features outlined above are all worth considering when choosing a VPN service. By deciding which features matter most to them, a user can utilize this guide to help them choose a VPN to meet their needs.