VPNdeck.com
What to Look for When Buying a VPN?

What to Look for When Buying a VPN?

Updated: 07-28-2021

Virtual Private Networks (VPNs) provide an encrypted tunnel for online privacy and anonymity. VPNs play an essential role in unlocking online resources in today's world, especially to people living in regions with stringent internet laws. Individuals and businesses are also turning to VPNs to secure their online activities, such as communication.

There are several other reasons people switch to VPN, such as bypassing censorship, geo-blocking, or torrenting. Large organizations implement the use of VPNs to allow remote workers access to their network resources. Individuals also use VPNs to access their home network securely.

For best results, it is always critical to ensure you select a reliable VPN provider that puts your privacy and online security above anything else.

Before selecting a VPN service, there are a few factors you should put into consideration. Different VPNs offer different features, which is why you need to weigh up your options and select an ideal VPN service that suits your needs. If you're unsure what to look for when buying a VPN, this article will guide you.

Here's a preview of what's to come:

  • Factors to consider when selecting a VPN provider
  • Speed
  • Privacy and data logging
  • VPN protocols available
  • Encryption technology
  • Static IP address
  • Customer support
  • Number of server locations
  • Location of servers
  • Price
  • Number of connected devices
  • Frequently asked questions

Factors To Consider When Selecting a VPN Provider

VPNs are becoming an integral part of the internet, but you need to do a thorough assessment before purchasing a VPN service. There are tons of premium VPN providers available, each with its own pros and cons. This makes it challenging for users to choose the right VPN service.

It is important to conduct some research before selecting a VPN service. This is because all your online traffic will be flowing through the VPN, and you might be placing yourself at great risk if you select an unreliable VPN service. As a rule of thumb, always opt for premium VPN services because they offer enhanced security compared to the free versions.

Most free VPNs are not trustworthy and may even sell your data to third-party advertisers or tracking companies to generate revenue. Below is a range of factors you need to take into consideration when selecting a premium VPN service:

Speed

VPNs can significantly reduce internet speed, which is frustrating, especially if you use VPNs to stream content online or play online games. Although VPNs provide an extra layer of security on the internet, they often create latency.

Latency or ping time is the delay or time taken for data processing after a user's action. You should test a VPN using three metrics, namely:

  • latency.
  • upload speed.
  • download speed.

Premium VPN providers offer high speeds because they have more servers and can host many connections simultaneously.

To ensure that a VPN provider has decent upload/download speeds, here are a few things you should look for:

Server Locations

A great VPN provider will have servers located at different locations across the globe. You're guaranteed a faster connection if you connect to a server closer to you than those far away. The longer the distance your data travels to reach the VPN server, the slower the connection speeds.

Server Bandwidth

Always opt for VPN services that offer more server bandwidth per user. Connecting to a crowded VPN server means slower connections. For instance, if 100 people are connected to a 1000Mbps server, the connection speed per person will be about 10Mbps or less.  

VPN Protocol

The type of protocol used by a VPN provider has a significant impact on speed and latency. UDP OpenVPN protocols are known to be faster than TCP OpenVPN protocols because they don't force the server to verify if a data packet has reached the destination or not.

 

Privacy and Data Logging Policy

A good VPN service has a no-logging policy. This policy legally restricts a VPN provider from keeping records of users' internet activity for longer than a stipulated period. Usually, the specified time a VPN provider can store logs is 24 hours. 

There are two types of logs kept by VPN providers, namely usage logs and connection logs.

Usage logs contain your browsing history, connection times, IP addresses of the website you visited, and metadata. On the other hand, connection logs consist of the dates and times you visited particular websites, your original IP address, the VPN servers you connected to, and any diagnostic data you sent to the VPN service. 

Avoid VPN services that store usage logs because most of them are basically spyware. Premium VPN services only store connection logs for a given period to optimize and facilitate the smooth running of the VPN network. It's advisable to settle for a VPN service that keeps zero logs if you want to browse the internet anonymously.

Such a policy means that even if law enforcement authorities compel the VPN provider to release its logs, they'll find no meaningful data to implicate you. Unfortunately, some VPN providers claim to have a no-log policy, but that's not always true.

VPN Protocols Available

There are a variety of protocols that VPNs use to encrypt data. Below is a list of the most common VPN encryption protocols:

OpenVPN: This is an open-source VPN security protocol that uses SSL and TLS to create secure site-to-site connections. The protocol authenticates data using digital certificates and pre-shared secret keys.

It can easily traverse Network Address Translators (NATs), proxy servers, and firewalls. OpenVPN uses both User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) to establish secure tunnels for data transmission.

Layer 2 Tunneling Protocol (L2TP)/IPsec: This is an improved form of the PPTP protocol, which uses double encapsulation. Encapsulation is the process of hiding implementation details from users.

L2TP does not provide any authentication by itself; therefore, you need to use it in conjunction with IPsec to secure and authenticate data packets. It has two endpoints, namely L2TP Network Server (LNS) and L2TP Access Concentrator (LAS).

Any of the endpoints can initiate an L2TP session with traffic for each session isolated. This makes it possible to set up many virtual networks using a single tunnel. This protocol is much slower than OpenVPN and is sometimes blocked by firewalls.

Secure Socket Tunneling Protocol (SSTP): This is a VPN protocol that facilitates the transportation of L2TP traffic or Point-to-Point Protocol (PPP) traffic through an SSL 3.0 channel. PPP supports authentication methods such as EAP-TLS and MS-CHAP, while SSL provides transport-level security and traffic integrity checking.

Given that SSL uses TCP port 443 for data transmission, SSTP traffic can go over all firewalls and proxy servers that are not authenticated. It offers pretty decent speeds if you have enough bandwidth. Windows users commonly use this protocol and is much more secure than PPTP and L2TP/IPsec.

Internet Key Exchange v2 (IKEv2)/IPsec: This VPN protocol handles request and response actions. It secures traffic by establishing the Security Association (SA) attribute found within IPsec. The SA attribute generates the same symmetric encryption key for both the client and the server.

The key is then used to encrypt and decrypt data traveling through the VPN tunnel. IKE has three protocols for identity protection and authentication, namely:

  • Internet Security Association and Key Management Protocol (ISAKMP)
  • Versatile Secure Key Exchange Mechanism (SKEME) 
  • Oakley Key Determination Protocol (OAKLEY)

This protocol offers high-level stability but is not immune to firewall blocks.

WireGuard: This is a new VPN protocol that uses modern cryptographic primitives to ensure faster connection times. It uses the latest encryption protocols such as Curve25519, SipHash24, HKDF, and ChaCha20 for symmetric encryption, hashing, and key derivation. The protocol has a separate packet queue per host mechanism that minimizes packet loss and provides uninterrupted performance for users.

WireGuard has fewer lines of codes than other VPN protocols such as OpenVPN, which means that flaws are easier to detect. It has no cryptographic agility, making it less prone to Man-In-The-Middle (MITM) attacks. Cryptographic agility allows a VPN protocol to exchange encryption algorithms if one is obsolete.

WireGuard uses crypto versioning, which discards the entire algorithm if one becomes obsolete and updates a new version of the algorithm.

Point-to-Point Tunneling Protocol (PPTP): This protocol allows users to access a remote network over the internet by encapsulating one protocol within another protocol. It uses the Point-to-Point Protocol (PPP) inside the TCP/IP protocol to create a connection over the internet. It's easy to set up, fast, and has lower transmission costs.

The protocol is no longer in use because of its security vulnerabilities. It has been replaced by much more secure VPN protocols, such as OpenVPN and IKEv2/IPsec.

OpenVPN stands out as the standard encryption protocol used by many VPN providers. It uses the AES 256-bit encryption algorithm and SSL/TLS Perfect Forward Secrecy (PFS) to ensure data security between the sender and receiver.

L2TP/IPsec is a reasonable alternative to OpenVPN, SSTP works best for Windows users, and IKEv2 is built for mobile devices. PPTP should be used as the last resort because it has the lowest encryption level.

Encryption Technology

Data encryption is the process of turning text into unreadable code such that only a person with a secret key can decrypt it.

Encryption Elements

The key VPN encryption elements to check when selecting a VPN service include:

The encryption algorithm: The mathematical function that converts readable plaintext into unreadable ciphertext and vice versa.

The encryption keys: The secret keys required to decipher encrypted data.

key length: The longer the encryption key length, the stronger the encryption. For instance, a 128-bit key length is inferior to a 256-bit key length. The latter is less likely to be cracked by an attacker.

Encryption Types

Another aspect you should check when it comes to encryption is the type of encryption. Below are the most common types of encryptions used by VPNs:

Symmetric encryption algorithm: This type of encryption uses the same secret key to encrypt data and decrypt ciphertext. The sender and receiver of data ought to have the same key for communication to take place. Algorithms such as Advanced Encryption Standard (AES) and Blowfish use this type of encryption.

Asymmetric: This encryption uses two keys to facilitate communication between the sender and receiver of data. The two keys, consisting of a public and private key, work as a pair such that the public key encrypts data while the private key decrypts it.

Usually, only one party knows the private key, but the public key is known to many users. Algorithms such as the Rivest Shamir Adleman (RSA) use this type of encryption.

 

Encryption Ciphers

The most common encryption ciphers are AES and Blowfish. Here's a quick look at each one of these two:

AES: This is one of the best VPN encryption ciphers recommended by cybersecurity experts, the National Security Agency (NSA), and cryptography enthusiasts. The key length for an AES block cipher ranges from 128 to 156 bits long. AES 256-bit key is the strongest as it has 14 rounds of transformation passes.

As of today, no known attacker has managed to break this encryption. AES is considered practically impregnable, and it would take supercomputers billions of years to crack AES 256-bit encryption.

Blowfish: The fact that AES encryption cipher fits the US government's requirement creates an element of distrust for some users. For this reason, they opt to use Blowfish as their default data encryption cipher. Blowfish is an alternative to AES and is part of the OpenVPN open-source system.

It uses a much smaller array than AES, which makes it inferior to AES. It's more vulnerable to brute force attacks.

RSA

This encryption cipher has a private key consisting of two prime numbers. RSA has long public key lengths that range from 1024 bits to 4096 bits.

The process of encryption and decryption involves a lot of computation, which makes RSA slower. Due to the slow speed, RSA is only used for session establishment procedures and not data encryption by VPNs. It can also be useful in authenticating and protecting AES keys transmission.

Secure Hash Algorithm (SHA)

This encryption cipher authenticates data and SSL/TLS connections. It uses a unique fingerprint to validate the TLS certificate to prevent an attacker from rerouting your traffic to a different server instead of the VPN's server.

Static IP Address

A static Internet Protocol (IP) address is assigned only to you and does not change. As a VPN user, you'll select a location of your choice among the available locations, and you'll be assigned an IP address based on that location.

Advantages of a static IP address

There are various advantages of using a static IP address, as discussed below:

  • Gives you smooth access to IP-restricted networks and geo-restricted content.
  • Offers convenient remote access. Used to securely connect to remote corporate systems and private servers.
  • Used to make secure online payments without triggering a suspicious activity notice from the bank because you'll be connecting from the same virtual location.
  • Helps you bypass CAPTCHA authentication; you don't need to keep proving you're human before being granted access to certain websites.
  • Has better DNS support. You can easily set up and manage static IP addresses with DNS servers compared to dynamic IP addresses.
  • Has reliable and convenient communication via voice and video.

Premium VPN services that offer a static IP address rather than one with shared IP addresses are a little bit expensive but totally worth it, depending on how you intend to use them. You can also opt for a VPN service that allows switching between a shared and dedicated IP address whenever you want. A shared IP is good for peer-to-peer file sharing but does not guarantee you access to IP-restricted networks.

Customer Support

A reliable VPN provider ought to have helpful and readily available customer support. Their website should include setup tutorials and Frequently Asked Questions (FAQs) to guide you whenever you have a problem. A great VPN provider should also offer various customer support options, such as live chat and 24/7 phone and email support.

Number of Server Locations

The number of VPN servers determines the overall performance of a VPN service. The higher the number of servers, the better the speeds. This is because each server handles few users simultaneously, offering better upload/download speeds in the process. Always select a VPN service that has multiple servers distributed across the globe.

Location of Servers

There's a distinct difference between the location of a VPN provider and the physical location where a VPN server is hosted. It's essential to know where VPN servers are based and then find out more about the country's privacy policy.

The best VPN server locations are in countries such as Switzerland, Moldova, or Gibraltar because such countries don't require VPN providers to hand over data logs to the government.

It is difficult to trust VPN providers with servers in countries with internet censorship to implement the no-logs policy. Before selecting a VPN server, you should consider the distance between the VPN server and your physical location.

Connections will be much faster if you're connecting to a VPN server near you. This is because data packets will take less time to travel from your device to the VPN server and back.

If you want to access geo-blocked content, you need to connect to a VPN server from a country where the content is not geo-restricted. For instance, if you want to watch BBC iPlayer and you're not based in the UK, you need to connect to a VPN server in the UK. For this reason, always select a VPN provider with many servers in different countries.

Price

The price of VPNs differ depending on the features and services offered. Most VPNs consider the following factors when coming up with their monthly plans:

  • The number of connected devices.
  • Data caps.
  • Number of server locations you can connect to.
  • Content streaming or torrenting capacity.
  • Duration of the plan.

A VPN service with more features often costs more than one with limited features. But, it is always possible to sign up for a premium VPN for a lower price because most VPN providers often offer discounts for first-time users.

Also, the cost of signing up for a year is less when compared to the cumulative cost of monthly payments. Therefore, to save money on VPN, it is advisable to sign up for a long-term.

Number of Connected Devices

A good VPN service should connect multiple devices simultaneously without compromising on security and privacy. Some VPNs allow the connection of multiple devices but limit the bandwidth usage, leading to frustratingly slow connections. In other cases, a VPN service may allow for the connection of multiple devices but may also be incompatible with some devices.

Why It Is Essential To Choose a Good VPN Provider

Whenever you connect to a VPN service, you're entrusting the service with your personal data and traffic. For this reason, you should conduct due diligence before settling for a VPN service. Unsafe VPNs will place you at greater risk and may even sell your private data to the highest bidder.

Are Free VPNs Worth It?

The majority of free VPNs aren't worth it, especially if you are keen on data privacy and security, which is the whole point of having a VPN in the first place. Free VPNs usually have a limited number of servers you can connect to and have daily data caps.

You may be frustrated if you want to access geo-restricted content because most free VPNs do not support content streaming, or if they do, you'll experience lags and buffering. Lastly, they are less secure and prone to data leaks.

In summary, before selecting a VPN service, you should consider factors such as connection speed, the number of servers, type of encryption technology, privacy, and data logging policy, among others. Also, if possible, avoid free VPNs at all costs.

Always opt for a VPN that offers advanced security, speed and supports multiple simultaneous connections. You may need to pay more for a premium VPN service but the security features offered are worth every penny.

Leave a Reply

Your email address will not be published. Required fields are marked *

23 comments on “What to Look for When Buying a VPN?”