PAGE MENU

Advertiser Disclosure

This website is an informative comparison site that aims to offer its users find helpful information regarding the products and offers that will be suitable for their needs. We are able to maintain a free, high-quality service by receiving advertising fees from the brands and service providers we review on this website. These advertising fees, combined with our criteria and methodology, such as the conversion rates, our team of reviewer's finding and subjective experience and product popularity, impact the placement and position of the brands within the comparison table. In the event rating or scoring are assigned by us, they are based on the position in the comparison table, or according to other formula in the event specifically detailed by us. See our How we Rate page and Terms of Use for information. The reviews, rating and scoring are provided “as-is” without guaranties or warranties regarding the information contained in our website, which shall not be considered as endorsement. We make the best efforts to keep the information up-to-date, however, an offer’s terms might change at any time. We do not compare or include all service providers, brands and offers available in the market.

ExpressVPN

ExpressVPN is one of the best and most reputable VPN services. It’s based in the British Virgin Islands (BVI) where there are no mandatory data retention laws. But since it’s a British overseas territory, the UK can put pressure on it, but this has never happened. Regarding security, it has the strongest encryption, since it uses the best cipher available, the AES-256-bit Cipher.  It also uses the highest level of handshake, the RSA-4096 with a data authentication of HMAC SHA-512. There’s also the Elliptic Curve Diffie–Hellman (ECDH) key exchanges for data channel encryption in the perfect forward secrecy. Literally, this VPN encryption is unbreakable.

For privacy reasons, ExpressVPN has a no logging policy, but it does keep minimal connection logs. Its subscription plans are divided into three different packages: a 1-month plan for $12.95, a 6-month plan for $59.95, and a yearly plan for $99.95. ExpressVPN has 1500+ servers in 94 countries, and some of its servers are equipped with stealth technology. It also a 24/7 support system via a live chat. Other support is offered via email and using the FAQ and guide section

Read ExpressVPN review »

NordVPN

Located in the Republic of Panama, NordVPN enjoys the privileges of the best data laws that favor VPNs – such as zero government surveillance. In addition to these privileges, NordVPN ensures that their users have a secure environment. For encryption, NordVPN uses the AES-256-bit cipher. Unlike ExpressVPN, it uses the ordinary RSA-2048 handshake and HMAC SHA1 for data authentication. For perfect forward secrecy, it uses Diffie-Hellman key exchange(DHE). Generally, its encryption is not as strong as what ExpressVPN offers.

NordVPN also boasts a log policy that says they do not keep any usage activities including metadata such as connection times.

Its pricing plans are divided into three options: a monthly plan for $11.95, a 1-year plan for $69, and a 2-year plan for $79.

NordVPN says it has 2256 servers in 60 countries with special servers for Anti-DDoS, Dedicated IP, DoubleVPN, Onion over VPN, P2P and Obfuscated servers. It has a live 24/7 chat, email support, and also provides FAQs and guides.

 

Read NordVPN review »

CyberGhost

CyberGhost is a Romanian-based VPN that also offers one of the best encryption levels available in the industry. In Romania, you don’t have to worry about your privacy, as this country’s laws can’t compromise it. For security purposes, CyberGhost uses the AES-256 CBC cipher coupled with the RSA-4096 handshake. It also uses the HMAC SHA256 for Data authentication. Similar to Express VPN, it uses the Elliptic Curve Diffie–Hellman (ECDH-4096) key exchanges for perfect forward secrecy.

CyberGhost claims it does not log information that can identify users.

It offers 3 subscription plans: a monthly plan for $11.99, a 1-year plan for $91.88, and a 2-year plan for $84.

CyberGhost uses 1300+ servers located 56 countries; it also has P2P servers. It has a 9-hour live chat option, supports email, and provides FAQs and guides.

Read CyberGhost review »

PureVPN

PureVPN is based in Hong Kong, a country with favorable data retention laws and that doesn’t require VPNs to keep any logs. For encryption, PureVPN relies on the AES-256-CBC cipher. The encryption levels are similar to those of Nord VPN. It also features the RSA-2048 Handshake with a Data authentication hash of HMAC SHA1. For perfect forward secrecy, PureVPN uses Diffie-Hellman key exchange (DHE).

PureVPN doesn’t keep any usage logs; it only logs metadata such as what time you connected to their servers. It offers 3 different subscription plans:  a monthly plan for $10.95, a 1-year plan for $59, and a 2-year plan for $69. PureVPN has 750 Servers in 140+ countries with a 24/7 live chat, email support and provides FAQs and guides.

Read PureVPN review »

Hotspot Shield

Hotspot Shield is a bit different from the VPNs just mentioned since it’s located in the US, a country known for massive surveillance. Nevertheless, Hotspot Shield VPN uses the Catapult Hydra, a closed source encryption protocol which they built after claiming the other VPN protocols were not secure enough. It relies on the 128-bit AES data encryption with ECDHE key exchanges for perfect forward secrecy.

Hotspot Shield logs information that might compromise your privacy. Its subscription plans are divided into three options: a monthly plan for $ 12.99, a 6-month plan for $ 53.94, and a 1-year plan for $71.88. Hotspot Shield has servers in 25 Countries, and it also P2P servers. It has a 12-hour live chat with email support and provides FAQs and guides.

Read Hotspot Shield review »

Security and Privacy with a VPN

Internet security relates to how a VPN protects your online activities against threats and attacks. VPNs achieve this protection by encryption and other such security techniques. Internet privacy, on the other hand, relates to how a VPN helps hide your online identity from institutions and people.

What makes a VPN secure

Different factors play a role in making a VPN secure. The level of security differs with every VPN according to how the following  are implemented:

  • Encryption – Encryption is one of the main factors that help make a VPN secure. Encryption involves algorithms that transform readable VPN traffic into unreadable data. The stronger the encryption, the more secure a VPN is.
  • Protocols –  VPNs use protocols to establish secure communication channels to the server. They are standards that govern how communication is done and also how the channel security is implemented.
  • Killswitch – This is a feature that VPNs use to ensure that your data traffic doesn’t go through your ISP when the VPN connection drops. It doesn’t really make a VPN secure, but it facilitates the security of your session.
  • Jurisdiction and logging policies – These are factors that broadly determine if your security and privacy remain intact when using a VPN service. Jurisdiction is all about the data retention laws governing the state where a VPN service is located. Logging policies stipulate what VPN usage activities a VPN service keeps. VPNs with a strict no logging policy and are located in a country where data retention laws are favorable, so these VPNs are more secure and offer more privacy.

Encryption in detail: secure VPN tunnel

VPN encryption has a lot of features that help to make it secure – most of the features have been mentioned in the above VPNs. Below are the definitions and explanations of the encryption features.

  • Cipher – A cipher is a set of keys that are used to facilitate the encryption or decryption of the VPN tunnel.  For ciphers, VPNs use the Advanced Encryption Standard (AES). In this type of encryption, the top-level cipher is the AES-256-bit cipher. The other recommendable level is the AES-128 bit, but it is not considered the strongest encryption in the VPN market today.
  • Handshake – A VPN handshake is a procedure that VPNs use to verify the keys used in the encryption process. In handshakes, asymmetric encryption is used. Keys in this encryption are usually longer than the ones in symmetric encryption (AES). VPNs frequently use the RSA-4096 key size as it is considered to be of the highest levels of security. The other recommendable keys size is the RSA-2048.
  • Data authentication – Usually shortened as Data AUTH, this is the process VPNs use to confirm the validity and integrity of data. The hashing algorithms usually do this type of authentication. The highest level of Data AUTH in VPNs is the HMAC SHA 512. They are also other high levels, but they are not applicable to VPNs. Other adequate levels are the HMAC SHA 256 and the HMAC SHA1. HMAC stands for keyed-hash message authentication code while SHA is for Secure Hash Algorithm.
  • Perfect forward secrecy – Forward secrecy is a new technique used by most VPNs to beef up their security. In forward secrecy, VPNs usually divide their connections into sessions. These sessions are encrypted using a different key every time; new unique keys are generated for every session. These sessions use ephemeral keys that disappear once they are used. This means even if your connection is compromised and the attacker has the key, only one session can be at risk. For forward secrecy, the Diffie-Hellman key exchange or the Elliptic Curve Diffie–Hellman method is used. The levels of forward secrecy vary with the method and the type of encryption used.

How to Check VPN Encryption Levels

Checking for encryption levels in a VPN for an ordinary user is a tiresome task. Apart from checking them at their website, the only thing you can do is to verify if your traffic is indeed encrypted. You can do this by using a third-party tool.

With a third-party tool, you can find out only if there’s encryption. The best tool at the moment is Wireshark. Wireshark is a network protocol analyzer tool that can be used by anyone with little knowledge of how it works. Since networks involve security, using this tool can determine if there’s encryption. To find out, follow these simple steps.

  1. Connect your VPN and let it run for a few seconds.
  2. Open Wireshark and select your network interface, and then start recording.
  3. After some packets have been recorded, navigate to the protocol section
  4. Right-click on any OpenVPN and select follow and then choose the available option (UDP/TCP stream).
  5. A window will open, and if you can read the contents and make sense, no encryption is involved. If the content is unreadable, there’s encryption.

IP Leaks and their importance in VPNs

An IP leak is a situation where your IP address, which is supposed to be hidden, gets exposed to the public. This is important to know if you are using a VPN because if a leak happens, it means your privacy and your security are at risk.

How to Check if your VPN has IP leaks

To check if a VPN is leaking, first, you need to do a test at ipleak.net without the VPN connection, and then note your IP address. After knowing your IP address, connect the VPN and revisit the site. If you still see your original IP address, then your VPN leaks.

WebRTC issues

WebRTC is a technology that implements the STUN/TURN (Session Traversal Utilities for Nat) protocols used by browsers to communicate with other devices like a webcam and also enables browsers to perform peer-to-peer communication. To accomplish this communication, the involved devices must recognize each other’s IP addresses, and this is where issues arise. At times, webRTC can be tricked into revealing your IP address even when you are using a VPN. This is called a webRTC leak.

Kill Switch Explained

A Killswitch is a technique used by VPNs to ensure that your traffic will be protected even if the VPN connection drops. If there’s no VPN connection, no traffic will be allowed to leave your computer until the VPN connection is re-initiated. If there’s no kill switch and your VPN connection drops, you will access the internet normally, and your traffic will be exposed to prying eyes. This can compromise both your security and privacy.

The abovementioned  VPNs all implement Kill Switches in their client apps. Some providers have a different name for it, such as ExpressVPN which calls it a Network Lock. Regardless, it performs the same important activity.

How to Set up a Kill Switch

To turn on a Kill Switch, you just need to navigate to the settings and the security section. There are two ways that you can set up a VPN Kill Switch depending on the VPN that you use. In the most common method, the Kill Switch will kill all your internet connection whenever your VPN connection drops. The other method is used by a few VPNs which allow you to select particular apps’ traffic that will be killed.

Security vs Privacy

Online security involves protecting you against threats and attacks. To implement security, a VPN uses various encryption schemes. The most secure encryption used by VPN is AES 256-bit, and it has been proven impenetrable. This is combined with authentication techniques to make your traffic secure from hackers and third parties who would like to snoop on your data.

Privacy, on the other hand, is meant to ensure that your identity doesn’t get exposed and that you remain anonymous to any third parties on the internet. First, this is implemented by giving you a new IP address immediately when you connect to a VPN server. Further, VPNs that value your privacy do not keep logs of your online activities. However, these policies vary between VPN providers and while some claim to keep no logs, they actually keep metadata about you or your connection details. This issue is even worse for VPNs located in countries with strict data retention laws. VPNs incorporated in 5 eyes countries can’t really offer you zero logs. It is therefore advisable to go for VPNs located in internet freedom-friendly countries like Romania, Panama, etc.

Secure VPNs FAQs

What makes a VPN secure?

A lot of factors play a role in making a VPN secure. But most of the time encryption is what makes VPNs secure.

What’s the most secure VPN protocol?

The most secure VPN protocol is the OpenVPN protocol. It has the highest level of security and is open source. For more performance, OpenVPN usually runs best on a User Datagram Port (UDP) port.

Is IKEv2 secure?

Yes, it’s secure but not as much as the OpenVPN protocol.

What’s the most unsecure VPN protocol

Point-to-Point Tunneling Protocol (PPTP) is the most unsecure protocol, and few VPNs offer it.

What are the effects of stronger encryptions?

Apart from enhanced security, stronger encryptions affect the performance of a VPN in terms of speed.

Conclusion

For an average user who might only be interested in surfing the net, what’s important is to have privacy.  At times, one needs to weigh the importance of both security and privacy and then choose what’s more important. Usually, it all about preference, though in some scenarios, you might need both. Privacy is for individuals who are interested in achieving some form of anonymity. Security is essential when you need to avert internet threats and other attacks and also when implementing some levels of privacy.

Written by: Graeme Messina

Graeme is an IT professional with a special interest in computer forensics, security, and software. When not building networks and researching the latest software trends, he enjoys writing technical articles and blog posts.

arrow