It's an undeniable fact that there are plenty of sketchy VPNs on the market right now. Despite the hard work of the best VPN providers, there are many VPNs that provide substandard protection or are just flat-out scams.
But instead of focusing on the many VPN red flags, what should those looking to get a VPN (perhaps for the first time) be looking for as a sign they can trust a provider? Well, you've come to the right place, as we'll be going through a few hallmarks of a trustworthy provider, all of which should give you confidence that your VPN of choice is a worthy pick.
1. A solid "no-logs" policy
One of the main reasons to use a VPN is to use the internet more anonymously. No one likes having peeping eyes over their shoulder 24/7. To that end, you'll also want a VPN that doesn't store any information on you. The best way to be confident is to find a provider with a "no-logs" policy, a promise that their servers don't store any user data.
This is an essential, as you need to trust your VPN more than your internet provider. After all, you're sending all of your internet traffic through your VPN, and without a quality privacy policy ensuring that it's not storing your data, there's no point in using a VPN at all.
Unfortunately, some less reputable providers still claim to have a "no-logs" policy even when that's quite clearly not the case if you read their more detailed privacy policy, so give it a look over. The top providers also have regular audits conducted on their services by independent third parties.
2. Up to date encryption protocols
Regardless of whether you can trust your VPN, can you rely on it to be competent? The gold standard of VPN encryption protocols is currently WireGuard. It's the newest and fastest major encryption technique. OpenVPN is also good, and despite being older and slower, it offers industry-leading security.
OpenVPN can also be obfuscated – which means you can hide the fact that you're using a VPN at all – so it's essential for those in countries that restrict VPN use like China and Russia.
IKEv2 is less of a necessity, but is still often used for mobile VPNs – although WireGuard has largely superseded it, and some VPN providers like Proton VPN have stopped supporting it in their first-party apps. It's a decent option to have on hand, but avoid any VPN which offers it as the only choice.
Other protocols like ExpressVPN's Lightway are also safe, but at as a rule of thumb, make sure your VPN offers at least both WireGuard and OpenVPN.
3. A proven track record of privacy
There's no greater proof than the court of law, and some VPN providers have been taken to court by authorities trying to access user data. For example, Private Internet Access has had its no-logs policy proven in court twice, when even under subpoena by the FBI, it had no data logs to hand over. That's about as concrete evidence as you can get that it's legit.
As well as the past, you should also make sure that the VPN is staying up to date with the latest changes in the industry. Much like using an old version of iOS or Android, a VPN that's no longer being updated is dangerous. Earlier this year a fairly large provider disappeared without trace. So, make sure the VPN you're considering is still supported and has functioning customer support details.
4. Based in an appropriate country
VPNs are global digital companies, but they have to be based (or at least registered) somewhere, and that is definitely a factor to consider when choosing a VPN.
States with questionable internet censorship like China and Russia are probably not the best places for a VPN to be based if you want complete peace of mind. Even the likes of the United States, Canada, United Kingdom, New Zealand and Australia are cause for concern, as these countries are part of the notorious Five Eyes Alliance – meaning they share data with each other, and have stricter user-data collection laws that companies must follow.
You probably want your VPN provider to be based somewhere like Switzerland (where Proton is based) or Panama (home of NordVPN) where there are no mandatory data retention laws.
5. A paid subscription
This is not to say that all paid VPNs are trustworthy – instead, we're talking exclusively about the best free VPNs here. You have to ask yourself how the service makes its money. If there's a paid subscription, that is usually a good sign, and suggests the company profits by offering a good VPN people want to upgrade to, rather than by selling your data – or worse.
As a rule of thumb, only use free plans that have a premium version as well. Proton VPN, PrivadoVPN and Windscribe all have effective free options that you can trust.
