By Emily Walsh
Are you working from home and need to secure your company data? Maybe you are in the journalism world or trying to blow the lid off government corruption and need to protect your identity? These scenarios, and many more, require top-notch security, and a VPN is a great way to achieve that. Fortunately, you don’t need to be a tech wiz to find the most secure VPN for the job.
If you’re short on time, here’s a list of secure VPNs from ProPrivacy. Each one of their recommendations ticks all the boxes for privacy and security. Read on for the details so you know what keeps your data safe and sound.
#1 It has a kill switch
Even the most secure VPN isn’t perfect, but that’s why safety features are a thing in engineering. Let’s say you have trouble connecting to your provider’s server, or your VPN connection drops for whatever reason and you don’t notice until later. Any cyber criminal worth their salt can take advantage of that small window of opportunity.
Since your network traffic isn’t encrypted (i.e. obfuscated) by your VPN, you can be the victim of a man-in-the-middle attack. This is especially the case if you use an unsecured Wi-Fi network. In fact, due to some security flaws in modern Wi-Fi encryption protocols, even password-protected networks aren’t as safe as you think.
This is where the kill switch comes into play. This feature automatically stops all network traffic until you can safely reconnect to the VPN – preventing any accidental data leaks.
#2 It keeps no logs
If you weren’t aware, many ISPs have been caught selling your data to the highest bidders. VPNs encrypt your traffic so not even your ISP can snoop on your browsing behavior. However, your VPN provider can see the websites you access and which of your apps access the Internet – so you’d better pick someone reliable to protect your data.
One way to know if your provider is trustworthy is to look at their data logging policy. “No-logs” VPNs don’t keep tabs on your browsing behavior, meaning your online data won’t be exposed to potential hacking incidents. Nor do you risk your data being seized by restrictive governments.
Bonus points if they don’t keep “connection logs” either. They are relatively harmless on their own, as they only show non-identifiable data such as connection times, the amount of data used, etc. However, connection logs could leave you open to a traffic correlation attack – which is sometimes used to break the anonymity of TOR users.
#3 Its logging policy has been tested
- Being audited by an independent third party, such as a cybersecurity firm.
- Having their logging policy tested in a real-world scenario. ExpressVPN had that happen in 2017, when one of their servers was seized by Turkish authorities. Similarly, Private Internet Access received court orders for information on potential suspects, twice.
Nothing useful could be found in either case, because the providers don’t keep any logs.
#4 Its jurisdiction is outside the 5/9/14 Eyes
The 5/9/14 Eyes alliance is a group of countries whose intelligence agencies collaborate and share information. This wouldn’t be a problem in itself until you realize they also share data about their own citizens. Moreover, the countries that are part of this collective tend to have dystopian surveillance programs in place (see the UK Investigatory Powers Act).
Ideally, the VPN’s jurisdiction should have strong privacy laws (for example, no mandatory data retention). ExpressVPN is based in the British Virgin Islands (BVI), a small territory with no data retention laws. Furthermore, other countries (such as the UK or the US) can’t compel BVI companies to share data about their users.
Of course, there are exceptions to the rule. The US is a major player in the 5 Eyes alliance, and Private Internet Access is a US-based VPN. However, they’ve had the security of their service proven twice, as seen in the previous section.
#5 It Has Perfect Forward Secrecy
VPNs encrypt your data using complex mathematical equations. The only way that data can be read is by having the correct key to decrypt it. Now, if a VPN used a single “master key” to encrypt your data and a hacker got their hands on that key, they could intercept everything that’s being encrypted with it.
Perfect Forward Secrecy solves that by using a different key for each session. Say, you log into your VPN in the morning before work to make a quick online payment – then log off a few hours later. When you log back in, the VPN will use a different encryption key.
Of course, that’s just one example. Some encrypted messaging apps can generate a new key for every message, as described in the Wired article linked above. VPN providers like ExpressVPN use dynamic encryption keys that change every 60 minutes if you tend to browse the web for longer periods.
In the unlikely event that a hacker obtains one key, all they could see is the data for that specific session. It’s still not an ideal scenario, but certainly not as bad as if they could continue to spy on your online activity with the “master key.”
What else defines the most secure VPN?
We could also talk about how secure VPN clients shouldn’t expose your IP address through things like WebRTC or DNS leaks. Although, truth be told, we consider IP leak protection to be a bare minimum for a quality VPN provider.
Other than that, the encryption protocols they use in their software are another deciding factor. Most providers nowadays offer OpenVPN, which is widely considered the most secure VPN protocol out there. As such, we couldn’t include it as much of a distinguishing feature – though it’s good to keep in mind for your research.