07 February 2019
ExpressVPN is one of the best and most reputable VPN services. It’s based in the British Virgin Islands (BVI) where there are no mandatory data retention laws. But since it’s a British overseas territory, the UK can put pressure on it, but this has never happened. Regarding security, it has the strongest encryption, since it uses the best cipher available, the AES-256-bit Cipher. It also uses the highest level of handshake, the RSA-4096 with a data authentication of HMAC SHA-512. There’s also the Elliptic Curve Diffie–Hellman (ECDH) key exchanges for data channel encryption in the perfect forward secrecy. Literally, this VPN encryption is unbreakable.
For privacy reasons, ExpressVPN has a no logging policy, but it does keep minimal connection logs. Its subscription plans are divided into three different packages: a 1-month plan for $12.95, a 6-month plan for $59.95, and a yearly plan for $99.95. ExpressVPN has 1500+ servers in 94 countries, and some of its servers are equipped with stealth technology. It also a 24/7 support system via a live chat. Other support is offered via email and using the FAQ and guide section
Located in the Republic of Panama, NordVPN enjoys the privileges of the best data laws that favor VPNs – such as zero government surveillance. In addition to these privileges, NordVPN ensures that their users have a secure environment. For encryption, NordVPN uses the AES-256-bit cipher. Unlike ExpressVPN, it uses the ordinary RSA-2048 handshake and HMAC SHA1 for data authentication. For perfect forward secrecy, it uses Diffie-Hellman key exchange(DHE). Generally, its encryption is not as strong as what ExpressVPN offers.
NordVPN also boasts a log policy that says they do not keep any usage activities including metadata such as connection times.
Its pricing plans are divided into three options: a monthly plan for $11.95, a 1-year plan for $69, and a 2-year plan for $79.
NordVPN says it has 2256 servers in 60 countries with special servers for Anti-DDoS, Dedicated IP, DoubleVPN, Onion over VPN, P2P and Obfuscated servers. It has a live 24/7 chat, email support, and also provides FAQs and guides.
CyberGhost is a Romanian-based VPN that also offers one of the best encryption levels available in the industry. In Romania, you don’t have to worry about your privacy, as this country’s laws can’t compromise it. For security purposes, CyberGhost uses the AES-256 CBC cipher coupled with the RSA-4096 handshake. It also uses the HMAC SHA256 for Data authentication. Similar to Express VPN, it uses the Elliptic Curve Diffie–Hellman (ECDH-4096) key exchanges for perfect forward secrecy.
CyberGhost claims it does not log information that can identify users.
It offers 3 subscription plans: a monthly plan for $11.99, a 1-year plan for $91.88, and a 2-year plan for $84.
CyberGhost uses 1300+ servers located 56 countries; it also has P2P servers. It has a 9-hour live chat option, supports email, and provides FAQs and guides.
PureVPN is based in Hong Kong, a country with favorable data retention laws and that doesn’t require VPNs to keep any logs. For encryption, PureVPN relies on the AES-256-CBC cipher. The encryption levels are similar to those of Nord VPN. It also features the RSA-2048 Handshake with a Data authentication hash of HMAC SHA1. For perfect forward secrecy, PureVPN uses Diffie-Hellman key exchange (DHE).
PureVPN doesn’t keep any usage logs; it only logs metadata such as what time you connected to their servers. It offers 3 different subscription plans: a monthly plan for $10.95, a 1-year plan for $59, and a 2-year plan for $69. PureVPN has 750 Servers in 140+ countries with a 24/7 live chat, email support and provides FAQs and guides.
Hotspot Shield is a bit different from the VPNs just mentioned since it’s located in the US, a country known for massive surveillance. Nevertheless, Hotspot Shield VPN uses the Catapult Hydra, a closed source encryption protocol which they built after claiming the other VPN protocols were not secure enough. It relies on the 128-bit AES data encryption with ECDHE key exchanges for perfect forward secrecy.
Hotspot Shield logs information that might compromise your privacy. Its subscription plans are divided into three options: a monthly plan for $ 12.99, a 6-month plan for $ 53.94, and a 1-year plan for $71.88. Hotspot Shield has servers in 25 Countries, and it also P2P servers. It has a 12-hour live chat with email support and provides FAQs and guides.
Internet security relates to how a VPN protects your online activities against threats and attacks. VPNs achieve this protection by encryption and other such security techniques. Internet privacy, on the other hand, relates to how a VPN helps hide your online identity from institutions and people.
Different factors play a role in making a VPN secure. The level of security differs with every VPN according to how the following are implemented:
VPN encryption has a lot of features that help to make it secure – most of the features have been mentioned in the above VPNs. Below are the definitions and explanations of the encryption features.
Checking for encryption levels in a VPN for an ordinary user is a tiresome task. Apart from checking them at their website, the only thing you can do is to verify if your traffic is indeed encrypted. You can do this by using a third-party tool.
With a third-party tool, you can find out only if there’s encryption. The best tool at the moment is Wireshark. Wireshark is a network protocol analyzer tool that can be used by anyone with little knowledge of how it works. Since networks involve security, using this tool can determine if there’s encryption. To find out, follow these simple steps.
An IP leak is a situation where your IP address, which is supposed to be hidden, gets exposed to the public. This is important to know if you are using a VPN because if a leak happens, it means your privacy and your security are at risk.
To check if a VPN is leaking, first, you need to do a test at ipleak.net without the VPN connection, and then note your IP address. After knowing your IP address, connect the VPN and revisit the site. If you still see your original IP address, then your VPN leaks.
WebRTC is a technology that implements the STUN/TURN (Session Traversal Utilities for Nat) protocols used by browsers to communicate with other devices like a webcam and also enables browsers to perform peer-to-peer communication. To accomplish this communication, the involved devices must recognize each other’s IP addresses, and this is where issues arise. At times, webRTC can be tricked into revealing your IP address even when you are using a VPN. This is called a webRTC leak.
A Killswitch is a technique used by VPNs to ensure that your traffic will be protected even if the VPN connection drops. If there’s no VPN connection, no traffic will be allowed to leave your computer until the VPN connection is re-initiated. If there’s no kill switch and your VPN connection drops, you will access the internet normally, and your traffic will be exposed to prying eyes. This can compromise both your security and privacy.
The abovementioned VPNs all implement Kill Switches in their client apps. Some providers have a different name for it, such as ExpressVPN which calls it a Network Lock. Regardless, it performs the same important activity.
To turn on a Kill Switch, you just need to navigate to the settings and the security section. There are two ways that you can set up a VPN Kill Switch depending on the VPN that you use. In the most common method, the Kill Switch will kill all your internet connection whenever your VPN connection drops. The other method is used by a few VPNs which allow you to select particular apps’ traffic that will be killed.
Online security involves protecting you against threats and attacks. To implement security, a VPN uses various encryption schemes. The most secure encryption used by VPN is AES 256-bit, and it has been proven impenetrable. This is combined with authentication techniques to make your traffic secure from hackers and third parties who would like to snoop on your data.
Privacy, on the other hand, is meant to ensure that your identity doesn’t get exposed and that you remain anonymous to any third parties on the internet. First, this is implemented by giving you a new IP address immediately when you connect to a VPN server. Further, VPNs that value your privacy do not keep logs of your online activities. However, these policies vary between VPN providers and while some claim to keep no logs, they actually keep metadata about you or your connection details. This issue is even worse for VPNs located in countries with strict data retention laws. VPNs incorporated in 5 eyes countries can’t really offer you zero logs. It is therefore advisable to go for VPNs located in internet freedom-friendly countries like Romania, Panama, etc.
A lot of factors play a role in making a VPN secure. But most of the time encryption is what makes VPNs secure.
The most secure VPN protocol is the OpenVPN protocol. It has the highest level of security and is open source. For more performance, OpenVPN usually runs best on a User Datagram Port (UDP) port.
Yes, it’s secure but not as much as the OpenVPN protocol.
Point-to-Point Tunneling Protocol (PPTP) is the most unsecure protocol, and few VPNs offer it.
Apart from enhanced security, stronger encryptions affect the performance of a VPN in terms of speed.
For an average user who might only be interested in surfing the net, what’s important is to have privacy. At times, one needs to weigh the importance of both security and privacy and then choose what’s more important. Usually, it all about preference, though in some scenarios, you might need both. Privacy is for individuals who are interested in achieving some form of anonymity. Security is essential when you need to avert internet threats and other attacks and also when implementing some levels of privacy.