“Are VPNs safe?” is actually a question with two parts. It invites us to consider both the overall idea of a virtual private network and the slate of VPNs currently available to us.
It’s a bit like the question, “Is it safe to jump out of an airplane?” That question has two possible meanings. It could be asking: “Is the act of jumping out of airplanes generally considered safe?” But it could also mean: “Given the altitude, the weather and our equipment, is it safe to jump out of this airplane in particular?”
Using Virtual Private Networks: Are VPNs Safe?
Both interpretations of the question are important. A VPN is by far the best tool for protecting sensitive information and remaining anonymous while online. But the concepts underlying VPNs aren’t always intuitive. To new users, they can even feel a little shady. The fact that you can’t readily tell when your VPN is working doesn’t help.
When you get down to the level of each individual VPN, the question changes. VPNs that look trustworthy sometimes turn out to have holes in their security by abusing their customers’ trust and selling user data logs.
So how can you tell if a particular VPN is safe? How do we know that VPNs in general work at all? Are VPNs safe to use or not? Read on, and we’ll get to the bottom of all these questions together.
Do VPNs Really Work?
The short answer is “yes.” The long answer is “yes, but I need to explain ISPs to you first.”
To understand why you need to take your online privacy into your own hands by subscribing to a VPN, we first need to go over why online privacy is a problem in the first place. It starts with your internet service provider (ISP). That’s the company you pay every month in exchange for your home WiFi.
When you sign up for WiFi, the ISP provides you with a router. The router is the first stop for your internet connection. It sends the data from your home to the ISP, which sends it to the server that holds the website you want to see, often juggling it between several larger networks first.
It is technically possible to get online without an ISP, more often than not by piggybacking on a cellular data network (which has many of the same problems). The only other way is to build up so much hardware infrastructure that you essentially become an ISP yourself. So, for the purposes of this article, let’s assume you need an ISP to get online.
Every device connected to the internet — from the servers that store websites to the personal computers that browse them — gets assigned an IP address. An IP address is a string of characters (32 under the current IPv6 standard) that identifies a router so it can exchange information with other routers. It’s basically a mailing address for a computer.
The last thing to know about is the Domain Name System (DNS). DNS connects website addresses to IP addresses to ensure a URL takes you to the same place every time (before it launched in 1983, you had to manually type in the destination IP address). When your device asks to view a website, it’s called a DNS request.
Why You Need a VPN: Staying Safe Online
Up until this point, I’ve been describing how this system would work in a perfect world. Sadly, while we may not live in the darkest timeline (which almost certainly would not include donuts), the one we do live in is far from perfect.
The problems start with IP addresses. Each one is completely unique. While they frequently switch between routers, no two routers will ever use the same one. If somebody knows your IP address, they can follow everything you do online.
And who knows your IP address better than the one who provided it? Your internet service provider itself.
ISPs have a history of saving logs of the activities associated with individual IP addresses, then using those logs for profit. Most commonly, they’ll sell your activity to other companies, who use it to send you years of creepy advertisements for things you googled once.
But the problem doesn’t end with ISPs. Hackers are also looking to get their hands on IP addresses, which they can use to snag people’s usernames and passwords. Most ISPs don’t sell data directly to hackers, but they (and many other corporations) often leave information lying around for hackers to snap up.
That’s not the whole story, either, but it’s enough to make my point: the only person who’s going to stand up for your online security is you. The most dangerous activity you can do online is to not use a VPN.
How to Choose a Secure VPN Service
Using a VPN isn’t shady in the slightest. All it does is put extra layers of privacy between you and people who don’t want you to be private. The best ones are highly reliable, and the whole thing is 100% legal.
A VPN takes two steps to protect you from spying individuals, companies and governments. Before your internet connection goes from your router to your ISP, it detours through a server owned by the VPN. To anyone looking on, your connection is now associated with that server’s IP address instead of your own.
Anyone could trace the connection from the VPN server to yours if not for the second function of a VPN: encryption. The moment your connection reaches a (reputable) VPN’s server, it enters what we call an “encrypted tunnel.” All the information in the signal is scrambled into an unreadable form, which can only be decoded when it reaches its destination.
Hackers and interlopers don’t know what they’re looking for as long as your signal is encrypted. Google could be staring directly at some juicy evidence of your toothpaste brand loyalty, and it wouldn’t be able to read a thing.
What Makes a VPN Safe?
If you’ve been following along, you now know a VPN needs three elements before you can call it safe. To summarize:
- A network of private servers. By connecting to these, an internet user can hide their IP address.
- A good VPN protocol. A VPN needs the technology to create a secure tunnel from its servers to other servers across the web. It should be a strong protocol, using a cipher that hasn’t been cracked yet.
I won’t sugarcoat the situation. Some VPNs are not safe. If a VPN provider appears to be missing any of the three elements above, run away as fast as you can.
But how can you tell when a VPN checks all three safety boxes, especially when every VPN service’s homepage looks exactly the same?
Let’s take each requirement one at a time.
Network of Private Servers
This is the easiest one. Every VPN has a server network. Without it, a virtual private network is just a virtual private nothing.
However, you might have stumbled on some apps that claim to be for “hiding your IP address” or something similar but don’t mention being VPNs. Many of those are premium proxy services, which don’t offer you a network of servers. Instead, they conceal your IP address by replacing it with somebody else’s (hopefully someone who’s getting paid for it).
Beware of premium proxy services. They’re not for you, the individual web user. They’re for corporations to pretend they aren’t corporations so they can spy on you, each other and everybody else. If it doesn’t say “VPN,” it’s neither a VPN nor safe.
Almost all virtual private networks encrypt user data, but some do a much better job than others. Your first step here is to get the specifics. Don’t stop at “bank-grade” or “military-grade.” Find the exact name of the protocols the VPN uses.
There is a list of protocols that security experts generally agree are strong and dependable. These field-tested encryption options are:
If a VPN only offers these, it’s safe. If it offers one you don’t recognize from that list, don’t panic. Many VPNs now offer exclusive protocols developed by their own teams, such as ExpressVPN’s Lightway, NordVPN’s NordLynx or VyprVPN’s Chameleon.
Take these case by case. A proprietary protocol is usually good news — it proves the VPN provider is putting in some effort — but it can be a scam, so do your research on each one.
If you see PPTP on the protocols list, be suspicious. PPTP does not encrypt data, and it’s not considered secure. The NSA knows exactly how to read it.
The only thing worse than PPTP is no mention of protocols at all, no matter how far you dig on the website. That’s a sign that the VPN is a money-making operation and you’re the commodity.
An honest VPN will limit its data collection to actions you take on its own website, tracked for marketing and billing purposes. A dishonest VPN will slip in vague butt-covering language like “other relevant data” and admit that it “may provide data to third parties at its discretion.” Or the VPN company might promise that it won’t share the data, but it can’t control what its parent company might do.
The safest VPNs are the ones like ExpressVPN and Windscribe that store all user data on their servers’ RAM instead of their hard drives. The logs get wiped once every hour, so even if they want to share it, they can’t.
If you still aren’t sure whether you can trust a VPN, the best thing to do is consult the news. Every time we review a VPN here at AllAnonymity, we add a “News and Updates” section, which we update with extreme prejudice if the VPN is ever caught abusing its power.
If a VPN misbehaves, the secret doesn’t stay secret for long. The truth will come out. Google “IPVanish” if you don’t believe me.
How to Test if Your VPN Is Safe
If you’ve read any of AllAnonymity’s VPN reviews before, you might have seen us reference ipleak.org. That’s just one quick, easy way to test your VPN security. Other options include ipleak.net and whatismyipaddress.com.
Using these tools is simple. When you’re connected to a VPN, your real IP address should be invisible. You can test whether your VPN is working by following these steps:
- Disconnect from your VPN and load your site of choice from the three suggested above.
- Note down your real IP address, then leave the site.
- Connect to your VPN.
- Return to the same site as before. If you see the same IP address you saw last time, your VPN is not secure. If the IP address is different, your VPN is working fine.
5 VPN Providers to Keep You Safe on the Internet
OK, enough about the bad apples. Which VPNs are the safest, most trustworthy options for secure browsing? In this section, I’ve gathered my top five.
ExpressVPN tops nearly every list of the best VPNs, including most of mine. And it’s not just because it’s media-savvy (many people first heard about it on a podcast). Skeptics sometimes grumble that ExpressVPN buys influence, but I believe it would still be at or near the top without any ad campaign at all.
This is a VPN that just works from start to finish. From its robust server network to its policy of saving user data on RAM that erases every hour, ExpressVPN is always working from a place of deep empathy for the needs of its users. It supports L2TP/IPsec, IKEv2, OpenVPN and its own protocol, Lightway.
There’s something you should know, though. ExpressVPN was recently acquired by Kape Technologies, the security giant that also owns CyberGhost and Private Internet Access.
Kape was formerly CrossRider, a company best known for malware injection programs for macOS, not exactly the kind of people you’d trust with your security. There’s no evidence Kape does anything shady with any of its VPNs, but there’s also no evidence that it doesn’t.
NordVPN is one of the best VPNs out there. In the safety department, NordVPN is nigh impossible to beat. It’s got an enormous server network, and the servers are all real — there’s no relying on virtual servers, which can be less secure. It supports four protocols: IKEv2, OpenVPN over TCP and UDP, and NordLynx.
If you remember, NordLynx is one of those proprietary protocols I told you to be cautiously enthusiastic about. In this case, there’s little caution necessary. NordLynx is awesome; it’s fast, secure and passes every test.
The only thing to note is that it did suffer a security breach in March 2018, when hackers exploited a flaw from the data center provider with a server in Finland. That issue has been resolved, and the VPN has been rock solid since.
Surfshark is a relatively new VPN that’s growing fast. It combines the affordability of a discount VPN with the strength of the premium options into a VPN service with unique appeal.
Surfshark doesn’t have its own special protocol yet. Instead, it offers four standard security options: OpenVPN over UDP and TCP, IKEv2 and Shadowsocks. Each one of these protocols is based on trustworthy code and secure encryption.
Shadowsocks is an open-source protocol designed to get around China’s Great Firewall, making Surfshark one of the best VPNs for China. Shadowsocks isn’t very good at anything else, though, so I still recommend OpenVPN most of the time.
I’m still evaluating VyprVPN in several areas, but I can say one thing for sure: It’s tough to match this VPN provider for security. Although its server network could be more extensive, the servers that exist are well-built and well-protected.
It supports the usual strong protocols, with the notable addition of Chameleon. In addition to encrypting all your traffic, Chameleon also encrypts your metadata, making it impossible to tell that you’re using a VPN — perfect for China and other restrictive governments.
Like VyprVPN, Windscribe grew out of its team’s fury at the modern erosion of privacy. Unlike VyprVPN, Windscribe is available for free. Although you can’t get the full service without paying, that actually makes me trust it more (see the next section to learn why).
Windscribe’s protocols, including OpenVPN, WireGuard and IKEv2, are all highly secure. Its two unique options, Stealth and WStunnel, are great backup options if nothing else works (e.g., if you’re in China).
Windscribe also recently proved its commitment to security by swiftly responding to a security breach involving its servers in Ukraine. After learning the contents of the servers may have been briefly visible to police, Windscribe updated its OpenVPN implementation so that could never happen again.
Are Free VPNs Safe?
Some VPNs claim to be totally free. They let customers use the entire network and all the features free of charge.
You know what else is free? Facebook, the company that would prioritize profits over preventing teen eating disorders or fueling decisiveness in the U.S.
A free VPN still needs money. Maintaining all those data centers isn’t cheap. Far more often than not, free VPNs make money by selling their user activity logs to advertisers, giving them free rein to paw through your personal life.
The only safe free VPNs are the “freemium” ones, like Windscribe (see above) and TunnelBear. These services come with a solid free plan but charge a fee to access the full service. With an above-board way to make money, these VPNs don’t have to go behind users’ backs.
Conclusion: Are VPNs Safe?
Picking a VPN is a lot like dating. When you’re looking for one, you’re more vulnerable than usual. When you get burned, it hurts a lot. You’ll be tempted to adopt a protective attitude: “There’s no such thing as a man/woman/VPN provider you can trust. They’ll all betray you.”
But it’s worth staying in the game to find the VPNs you really can trust. With a ride-or-die VPN, you’ll be safer and more anonymous than you’ve ever been before on the internet. So yes: VPNs are safe, and the right one is out there waiting for you.
Do you have a favorite VPN I didn’t mention? Or a story about a time a VPN kept you safe (or did the opposite)? I’d love to hear from you in the comments. Thanks for reading!