Recommended Secure VPNs 2024

Security and Privacy with a VPN

Security and privacy are core concepts that make up a VPN. They are also what you look for when choosing the best VPN to use for your daily online needs. Often, you may end up confusing one concept with the other, and you might not get the VPN you want. But worry no more, because we’ll explain these concepts for you.

Internet security relates to how a VPN protects all your online activities against threats and attacks. VPNs achieve this protection by using encryption and other security techniques.

On the other hand, internet privacy is how a VPN helps hide your online identity from prying eyes.

What makes a VPN secure

Different factors play a role in making a VPN secure. The level of security differs with every VPN due to the way the following  factors are implemented:

  • Encryption – Encryption is one of the leading factors that help make a VPN secure. Encryption involves algorithms that transform readable VPN traffic into unreadable data. The stronger the encryption, the more secure a VPN is.
  • Protocols –  VPNs use protocols to establish secure communication channels to the server. They are standards that govern how communication is done and also how the channel security is implemented.
  • Killswitch – This is a feature that VPNs use to ensure that your data traffic doesn’t go through your ISP when the VPN connection drops. It doesn’t really make a VPN secure, but it facilitates the security of your session.
  • Jurisdiction and logging policies – These are factors that broadly determine if your security and privacy remain intact when using a VPN service. Jurisdiction is all about the data retention laws governing the state where a VPN service is located. Logging policies stipulate what VPN usage activities a VPN service keeps. VPNs with a strict no logging policy and are located in a country where data retention laws are favorable, so these VPNs are more secure and offer more privacy.

Encryption in Detail: Keeping the Tunnel Secure

VPN encryption has a lot of features that help to make it secure – most of the features have been mentioned in the above VPNs. Below are the definitions and explanations of the encryption features.

  • Cipher – A cipher is a set of keys that are used to facilitate the encryption or decryption of the VPN tunnel.  For ciphers, VPNs use the Advanced Encryption Standard (AES). In this type of encryption, the top-level cipher is the AES-256-bit cipher. The other recommendable level is the AES-128 bit, but it is not considered the strongest encryption in the VPN market today.
  • Handshake – A VPN handshake is a procedure that VPNs use to verify the keys used in the encryption process. In handshakes, asymmetric encryption is used. Keys in this encryption are usually longer than the ones in symmetric encryption (AES). VPNs frequently use the RSA-4096 key size as it is considered to be of the highest levels of security. The other recommendable keys size is the RSA-2048.
  • Data authentication – Usually shortened as Data AUTH, this is the process VPNs use to confirm the validity and integrity of data. The hashing algorithms usually do this type of authentication. The highest level of Data AUTH in VPNs is the HMAC SHA 512. They are also other high levels, but they are not applicable to VPNs. Other adequate levels are the HMAC SHA 256 and the HMAC SHA1. HMAC stands for keyed-hash message authentication code while SHA is for Secure Hash Algorithm.
  • Perfect forward secrecy – Forward secrecy is a new technique used by most VPNs to beef up their security. In forward secrecy, VPNs usually divide their connections into sessions. These sessions are encrypted using a different key every time; new unique keys are generated for every session. These sessions use ephemeral keys that disappear once they are used. This means even if your connection is compromised and the attacker has the key, only one session can be at risk. For forward secrecy, the Diffie-Hellman key exchange or the Elliptic Curve Diffie–Hellman method is used. The levels of forward secrecy vary with the method and the type of encryption used.

How to Check VPN Encryption Levels

Checking for encryption levels in a VPN for an ordinary user is a tiresome task. Apart from checking them at their website, the only thing you can do is to verify if your traffic is indeed encrypted. You can do this by using a third-party tool.

With a third-party tool, you can find out only if there’s encryption. The best tool at the moment is Wireshark. Wireshark is a network protocol analyzer tool that can be used by anyone with little knowledge of how it works. Since networks involve security, using this tool can determine if there’s encryption. To find out, follow these simple steps.

  1. Connect your VPN and let it run for a few seconds.
  2. Open Wireshark and select your network interface, and then start recording.
  3. After some packets have been recorded, navigate to the protocol section
  4. Right-click on any OpenVPN and select follow and then choose the available option (UDP/TCP stream).
  5. A window will open, and if you can read the contents and make sense, no encryption is involved. If the content is unreadable, there’s encryption.

IP Leaks and their importance in VPNs

An IP leak is a situation where your IP address, which is supposed to be hidden, gets exposed to the public. This is important to know if you are using a VPN because if a leak happens, it means your privacy and your security are at risk.

How to Check if your VPN has IP leaks

To check if a VPN is leaking, first, you need to do a test at ipleak.net without the VPN connection, and then note your IP address. After knowing your IP address, connect the VPN and revisit the site. If you still see your original IP address, then your VPN leaks.

WebRTC issues

WebRTC is a technology that implements the STUN/TURN (Session Traversal Utilities for Nat) protocols used by browsers to communicate with other devices like a webcam and also enables browsers to perform peer-to-peer communication. To accomplish this communication, the involved devices must recognize each other’s IP addresses, and this is where issues arise. At times, webRTC can be tricked into revealing your IP address even when you are using a VPN. This is called a webRTC leak.

Kill Switch Explained

A Killswitch is a technique used by VPNs to ensure that your traffic will be protected even if the VPN connection drops. If there’s no VPN connection, no traffic will be allowed to leave your computer until the VPN connection is re-initiated. If there’s no kill switch and your VPN connection drops, you will access the internet normally, and your traffic will be exposed to prying eyes. This can compromise both your security and privacy.

The abovementioned  VPNs all implement Kill Switches in their client apps. Some providers have a different name for it, such as ExpressVPN which calls it a Network Lock. Regardless, it performs the same important activity.

How to Set up a Kill Switch

To turn on a Kill Switch, you just need to navigate to the settings and the security section. There are two ways that you can set up a VPN Kill Switch depending on the VPN that you use. In the most common method, the Kill Switch will kill all your internet connection whenever your VPN connection drops. The other method is used by a few VPNs which allow you to select particular apps’ traffic that will be killed.

Security vs Privacy

Online security involves protecting you against threats and attacks. To implement security, a VPN uses various encryption schemes. The most secure encryption used by VPN is AES 256-bit, and it has been proven impenetrable. This is combined with authentication techniques to make your traffic secure from hackers and third parties who would like to snoop on your data.

Privacy, on the other hand, is meant to ensure that your identity doesn’t get exposed and that you remain anonymous to any third parties on the internet. First, this is implemented by giving you a new IP address immediately when you connect to a VPN server. Further, VPNs that value your privacy do not keep logs of your online activities. However, these policies vary between VPN providers, and while some claim to keep no logs, they actually keep metadata about you or your connection details. This issue is even worse for VPNs located in countries with strict data retention laws. VPNs incorporated in 5 eyes countries can’t really offer you zero logs. It is therefore advisable to go for VPNs located in internet freedom-friendly countries like Romania, Panama, etc.

Secure VPNs FAQs

What makes a VPN secure?

A lot of factors play a role in making a VPN secure. But most of the time encryption is what makes VPNs secure.

What’s the most secure VPN protocol?

The most secure VPN protocol is the OpenVPN protocol. It has the highest level of security and is open source. For more performance, OpenVPN usually runs best on a User Datagram Port (UDP) port.

Is IKEv2 secure?

Yes, it’s secure but not as much as the OpenVPN protocol.

What’s the most unsecure VPN protocol

Point-to-Point Tunneling Protocol (PPTP) is the most unsecure protocol, and few VPNs offer it.

What are the effects of stronger encryptions?

Apart from enhanced security, stronger encryptions affect the performance of a VPN in terms of speed.

Conclusion

For an average user who might only be interested in surfing the net, what’s important is to have privacy.  At times, one needs to weigh the importance of both security and privacy and then choose what’s more important. Usually, it all about preference, though in some scenarios, you might need both. Privacy is for individuals who are interested in achieving some form of anonymity. Security is essential when you need to avert internet threats and other attacks and also when implementing some levels of privacy.

Written by: Graeme Messina
21 October 2018

Graeme is an IT professional with a special interest in computer forensics, security, and software. When not building networks and researching the latest software trends, he enjoys writing technical articles and blog posts.

Written by: Graeme Messina

Graeme is an IT professional with a special interest in computer forensics, security, and software. When not building networks and researching the latest software trends, he enjoys writing technical articles and blog posts.

arrow