5 VPN red flags to help you spot a dodgy VPN
Avoid these 5 things to not get stuck with a dodgy VPN
Many would say that a VPN, or a virtual private network, is a no-brainer if you want to keep yourself safe and private on the internet—me included. VPNs encrypt your internet traffic and spoof your real IP address to anonymize yourself on the internet, essentially hiding your location and what you do online from the prying eyes of hackers, ISPs, and government authorities.
However, the best VPNs are much more than guardians of your general privacy; they can also unblock geo-restricted websites, so you can stream your favorite content from anywhere in the world. Furthermore, you can also use them to enhance your gaming experience, where they'll ward off DDoS attacks and bandwidth throttling.
Now that I've explained why getting a VPN is absolutely crucial, let me also warn you that not all VPNs are created equal. Some of them are limited at their best and outright dangerous at their worst.
Spotting a VPN red flag might not be your strongest suit, especially if you're new to the VPN scene. Lucky for you, in this article I'll help you avoid unscrupulous VPNs and pick out a reliable provider instead.
1. It logs, sells and/or tracks your data
A VPN has no business collecting your data. In fact, it’s meant to do the exact opposite—keeping your browsing anonymous and protecting your data from falling into the wrong hands. A no-logs policy is the gold standard for VPNs, and it’s also one of the first things you should look for when picking a VPN provider. It ensures that even if the VPN is hacked or if authorities come knocking at its doors, it doesn’t have any data that can be stolen or handed over in the first place.
It’s worth noting that if a VPN’s logging policy is vague i.e. if it uses ambiguous language, or if the provider isn’t transparent about its logging policies, or if it mentions collecting more data than necessary, such as the details of your online activities, these are all huge red flags, and I recommend avoiding such providers at all costs.
Additionally, I also recommend choosing a paid-for VPN over a free VPN, especially if it's not a stripped-down version of the provider’s paid plans. This is because free services have to make money from somewhere, and they often resort to logging your activities, keeping track of what you do and where you go online when you're connected. Then they will sell this data to advertisers and data brokers for profit. Check out my free vs. paid VPNs page for more information.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
The best way to make sure your VPN doesn’t log or track your data is to opt for a provider with an independently audited no-logs policy. For example, ExpressVPN, one of the safest providers on the market, recently completed its 18th independent third-party audit. Similarly, NordVPN has also undergone numerous audits to prove its no-logging claims.
2. It throttles your connection
A VPN is supposed to make your life easier on the internet, so it’s going to be counterproductive—and in many ways useless—if your chosen provider throttles your connection, killing your internet speeds. This would lead to buffering, lag, and even small-sized downloads taking ages. In other words, you won’t be able to stream content or play high-octane online multiplayer games, even if your domestic connection speeds are lightning-fast.
To avoid slow speeds, pick a VPN only after looking at independent connection tests. Luckily for you, my team of experts here at Tom’s Guide has conducted over 28,000 speed tests on hundreds of VPNs time and time again over the years. This is how we put together our VPN guides, including the fastest VPNs in 2024. If you’re after a quick answer, pick one from NordVPN, Surfshark, or Proton VPN, all of which offer peak speeds of over 950 Mbps—the fastest in the industry.
We test the provider's connection speeds on a 1 Gbps line across different devices, encryption methods, and speed-testing tools, including the Ookla SpeedTest website and CLI, nPerf, Netflix's Fast, and others. Furthermore, we test in two locations; the first is a home in the US, and the second is a Windows 365 cloud PC hosted in the UK.
It’s worth noting that our test results aren’t evergreen, so if you live in Asia and you're connecting three months after we ran our tests, results may vary. Still, it’s a good representation of what a VPN can do. Plus, since we promise to tell you if we see wild fluctuations in a VPN’s performance, you can rest assured that if you’re picking one of the top-ranking fast VPNs, it’ll deliver consistent speeds.
3. It isn't certified
The Internet Infrastructure Coalition (i2Coalition), which is a group of leading firms within the VPN industry, launched the VPN Trust Seal accreditation program in September 2023 to promote consumer safety and privacy by pushing VPN companies to strengthen their business practices. Consumers can look for the VPN Trust Seal badge on the provider’s website.
What does the badge signify? It's an assurance of the fact that the VPN:
- It uses strong encryption protocols and advanced security features.
- It doesn’t send out misleading or over-promising promotion messages.
- It collects as little information as possible.
- It maintains transparency with its users and the public about its procedures and actions.
- It supports freedom of expression and access to the global internet.
Also, it’s good to see big-name providers welcome this accreditation. For example, according to NordVPN, which is also a recipient of this badge, "In this digital epoch, aligning with ethical practices and gaining trust is not a choice but a necessity." Some of the other most secure VPNs that have received the VPN Trust Seal badge include ExpressVPN, Surfshark, IPVanish, StrongVPN, and IvacyVPN.
This next one’s a biggie, especially for Android VPN app users. It’s worth noting that as of November 2023, the Google Play Store has started handing out a verification badge to VPN apps that have been audited in accordance with Mobile App Security Assessment (MASA) guidelines (created by the App Defense Alliance (ADA)) relating to areas such as data storage and privacy, authentication, cryptography, networking, coding, and permissions.
The badge reads 'Independent security review' and you can find it (or the lack thereof) in the Data Safety section of the app on the Play Store. This will help you avoid downloading unscrupulous VPN apps that can even be Trojan horses for malicious software. Furthermore, even though the chances of iPhone VPNs being shady are pretty low, I still recommend exercising caution, especially now that Apple has opened up the iPhone to third-party app stores.
4. It doesn't unblock content
A fast VPN that keeps you anonymous on the internet and protects your data is undoubtedly good, but it'll still be tough to recommend it if it doesn't double up as a streaming VPN. Plus, these are times when there are a lot of VPNs competing for the top spot, so if a VPN isn't striving to offer the best streaming support, that might be a red flag to consider.
After all, VPNs are also highly popular as potent ways of bypassing geo-restrictions on foreign content on streaming sites such as Netflix, Amazon Prime Video, Disney Plus, BBC iPlayer, and loads more.
If you're a streaming head, there's just no doubt that you should pick a VPN with reliable unblocking capabilities and servers in regions whose content you wish to access. However, even if you're an occasional streamer, it makes a lot more sense to still opt for a high-quality VPN with good streaming capabilities since you'd pretty much be paying the exact same amount of money either way—so, why not get the ability to unblock content, too?
Not just streaming content, though, VPNs with good unblocking capabilities can also give you access to international game stores and discounts that may be unavailable in your region.
5. It doesn’t use post-quantum encryption
I don’t intend to scare you, but we’re now just a handful of years away from having sufficiently large quantum computers that will be able to break all public key schemes currently in use, including algorithms VPN companies use to encrypt your connections.
Furthermore, traditional encryption hasn’t come leaps and bounds in the past few decades, either. In fact, the only advancement we’ve really seen is an increase in the size of encryption keys in order to make brute-force attacks unfeasible. However, quantum computers will be able to break this encryption in a matter of minutes, whereas it might have taken traditional computers thousands of years.
This is because quantum computers use technology built on the laws of quantum mechanics, which makes them multiple times more powerful than classical computers as they’re able to perform a huge amount of calculations simultaneously. On the other hand, traditional computers perform similar calculations one at a time.
Although many would consider getting a VPN that uses post-quantum encryption overkill, it’s actually a highly recommended way (and it’ll soon become a must-have) of future-proofing the protection of your data. This is especially true because cybercriminals are already launching ‘store now, decrypt later’ attacks wherein they are harvesting encrypted data from valuable sources such as banks, governments, etc and storing it, waiting for the day the technology is ready to decrypt it.
This day, i.e. when quantum computing advances to the point that it can break the encryption methods safeguarding most of the Internet, is popularly known as Q-day. However, the good news is that VPN companies are wide awake to the threat posed by quantum computers, and industry leaders such as ExpressVPN have started offering post-quantum protection. I expect others to follow suit soon enough, too.
VPN FAQs
Are VPNs safe?
The vast majority of VPNs are safe, especially the ones that feature on our list of the best VPN services. All of them have a proven no-logs policy, industry-standard AES 256-bit encryption, and foolproof security essentials like a kill switch and leak protection. Additionally, if you want to be extra safe, you can choose a VPN from our list of the most secure VPNs.
Is it legal to use a VPN?
Using a VPN to keep yourself safe on the internet is perfectly within the law in most countries around the world. However, even in countries where VPNs are completely legal, you can be slapped with a fine or jail time if you use the VPN to hide illegal activity such as downloading copyrighted material.
Then there are countries like Iraq, North Korea, and Turkmenistan that have completely banned VPNs. Using a VPN in such countries can be against the law as well. Next, while not as serious, countries like China, Russia, and the UAE have imposed several restrictions on the use of VPNs, and it's best that you read what you may or may not be permitted to use a VPN for before stepping foot within their borders.
Are VPNs easy to use?
The best VPN services are all generally very easy to set up and use, as they come with simple apps where all the options and settings are exactly where you'd expect them to be.
However, if you're new to VPNs, I recommend using ExpressVPN as it comes with an intuitive one-click connect function, which allows you to connect once and stay protected always.
Furthermore, it also has 24/7 customer support and an in-depth knowledgebase, and its proprietary Lightway protocol automatically zeroes in on the best server and encryption for your needs, making the entire process hands-free and idiot-proof.
Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.
- Krishi ChowdharyContributor