Prioritize verified no-logs policies, strong encryption (AES-256/ChaCha20), kill switch, and DNS leak protection. Jurisdiction matters less than logging policy. Avoid lifetime deals and most free VPNs.
Quick Checklist
- ✓ Verified no-logs policy (audited)
- ✓ Strong encryption (AES-256/ChaCha20)
- ✓ Kill switch included
- ✓ DNS leak protection
- ✓ Privacy-friendly jurisdiction
- ✓ Transparent ownership
- ✓ Good server network
- ✓ Reasonable pricing (no lifetime deals)
1. Logging Policy
The most critical factor when choosing a VPN. A VPN that logs your activity defeats the entire purpose of using one.
Types of Logs
| Log Type | What It Contains | Privacy Risk |
|---|---|---|
| Usage/Traffic Logs | Websites visited, files downloaded, content accessed | Critical |
| Connection Logs | Timestamps, IP addresses, session duration, bandwidth | High |
| Aggregated Stats | Total users, server load (anonymized) | Low |
| Account Data | Email, payment info (necessary for service) | Acceptable |
How to Verify No-Logs Claims
Independent Audits
Look for VPNs audited by reputable firms like Cure53, PwC, Deloitte, or KPMG. These audits verify the provider's infrastructure and logging practices.
Court Cases
Some VPNs have proven their no-logs policy when subpoenaed-they had nothing to hand over. This is the strongest evidence.
RAM-Only Servers
Servers running entirely in RAM can't store persistent data. When rebooted, all data is wiped-making logging technically impossible.
Open Source
Open-source apps allow independent verification of client-side behavior. Server-side still requires trust, but it's a good sign.
2. Encryption & Protocols
Strong encryption ensures your data can't be intercepted and read. Look for these standards:
What to Look For
- AES-256-GCM or ChaCha20 encryption
- WireGuard protocol support
- OpenVPN as fallback option
- Perfect Forward Secrecy (new keys per session)
- RSA-4096 or ECDH key exchange
Red Flags
- PPTP protocol offered (broken encryption)
- Only L2TP/IPsec available
- Vague encryption claims ("military-grade")
- No protocol options
- Proprietary, closed-source protocols only
For detailed protocol comparisons, see our VPN Protocols Guide.
3. Essential Security Features
Kill Switch
EssentialBlocks all internet traffic if VPN disconnects unexpectedly, preventing your real IP from being exposed. Should be enabled by default or easily accessible.
DNS Leak Protection
EssentialEnsures DNS queries go through the VPN tunnel, not your ISP. Without this, websites you visit can be exposed even with VPN connected.
IPv6 Leak Protection
ImportantEither blocks IPv6 traffic or routes it through the VPN. Many VPNs only handle IPv4, potentially exposing your IPv6 address.
Split Tunneling
UsefulRoute some apps through VPN while others use regular connection. Useful for banking apps or local network access while VPN is active.
Multi-Hop / Double VPN
AdvancedRoutes traffic through two VPN servers for extra privacy. Slower but adds another layer of protection for high-risk users.
Obfuscation
SituationalDisguises VPN traffic to look like regular HTTPS. Essential for bypassing censorship in countries that block VPNs (China, Iran, etc.).
4. Jurisdiction & Ownership
Where a VPN company is legally based affects what data they can be compelled to hand over and to whom.
Intelligence Alliances
5-Eyes
USA, UK, Canada, Australia, New Zealand
9-Eyes
+ Denmark, France, Netherlands, Norway
14-Eyes
+ Germany, Belgium, Italy, Sweden, Spain
These countries share intelligence and may compel companies to assist with surveillance. VPNs based outside these alliances face fewer legal pressures.
Privacy-Friendly Jurisdictions
- Panama: No mandatory data retention, outside intelligence alliances
- Switzerland: Strong privacy laws, neutral stance
- British Virgin Islands: No data retention laws
- Romania: Struck down EU data retention directive
- Iceland: Strong privacy protections
Ownership Transparency
Know who owns your VPN. Some concerns:
- Multiple VPN brands owned by same parent company (Kape Technologies owns ExpressVPN, CyberGhost, PIA, Zenmate)
- Chinese ownership (potential government access)
- Hidden ownership structures
- History of security incidents or data breaches
5. Server Network
Why Server Count Matters
- More locations: Better geo-unblocking options
- More servers: Less congestion, better speeds
- Nearby servers: Lower latency for you
- Specialty servers: Optimized for streaming, P2P, etc.
What to Look For
- Servers in countries you need access to
- Multiple servers per location (redundancy)
- Physical servers vs virtual locations (physical preferred)
- RAM-only servers (better privacy)
- 10Gbps+ server connections
| Server Count | Typical Coverage | Best For |
|---|---|---|
| 100-500 | 20-40 countries | Basic privacy needs |
| 500-2,000 | 40-60 countries | Most users, good streaming |
| 2,000-5,000 | 60-80 countries | Power users, extensive geo-unblocking |
| 5,000+ | 80+ countries | Maximum flexibility and speed |
6. Speed & Performance
VPNs add overhead that reduces speed. How much depends on protocol, server distance, and provider infrastructure.
What Affects VPN Speed
Server Distance
Closer servers = lower latency and faster speeds. Connect to nearest server when possible.
Protocol
WireGuard is fastest, followed by IKEv2, then OpenVPN UDP, then OpenVPN TCP.
Server Load
Overcrowded servers are slow. Good VPNs show server load and auto-select optimal servers.
Infrastructure
Provider's server hardware and bandwidth. Premium VPNs invest in 10Gbps+ connections.
Expected Speed Loss by Protocol
7. Apps & Usability
Platform Support
Ensure the VPN supports all your devices:
- Desktop: Windows, macOS, Linux
- Mobile: iOS, Android
- Browser: Chrome, Firefox extensions
- Router: For whole-network protection
- Streaming: Fire TV, Android TV, Apple TV
- Gaming: PlayStation, Xbox (usually via router)
Simultaneous Connections
How many devices can connect at once:
| Connections | Good For |
|---|---|
| 1-3 | Single user, limited devices |
| 5-6 | Individual with multiple devices |
| 8-10 | Couples, small families |
| Unlimited | Large families, sharing with friends |
App Quality Checklist
- Clean, intuitive interface
- One-click connect to best server
- Easy server selection by country/city
- Protocol selection in settings
- Kill switch toggle easily accessible
- Auto-connect on startup option
- Favorites/recent servers list
8. Pricing & Value
Typical VPN Pricing
| Plan Type | Typical Cost | Notes |
|---|---|---|
| Monthly | $10-15/month | Most expensive, most flexible |
| Annual | $4-8/month | Best balance of savings and commitment |
| 2-3 Year | $2-4/month | Biggest savings, longest commitment |
| Lifetime | $30-100 one-time | ⚠️ Usually unsustainable-avoid |
Avoid Lifetime Deals
VPN services require ongoing server costs, bandwidth, and development. "Lifetime" deals are usually unsustainable-the company either goes bankrupt, degrades service quality, or starts monetizing your data. Pay for ongoing service from a sustainable business.
Money-Back Guarantees
Most reputable VPNs offer 30-day money-back guarantees. Use this to test:
- Speed on your connection
- Compatibility with streaming services you use
- App quality on your devices
- Customer support responsiveness
Payment Privacy
For maximum privacy, look for VPNs accepting:
- Cryptocurrency: Bitcoin, Monero, etc.
- Cash: Some accept mailed cash payments
- Gift cards: Prepaid cards for anonymity
9. Red Flags to Avoid
Serious Red Flags
- No clear privacy policy
- Hidden ownership or shell companies
- Only PPTP protocol available
- Free with no clear business model
- History of data breaches or logging scandals
- Requires excessive permissions on mobile
- No kill switch option
Warning Signs
- Lifetime subscriptions
- Unrealistic claims ("100% anonymous")
- No independent audits
- Fake reviews or astroturfing
- Aggressive affiliate marketing
- Based in China or similar jurisdictions
- No transparency reports
10. Feature Comparison Chart
Use this checklist when comparing VPN providers:
| Feature | Importance | What to Look For |
|---|---|---|
| No-Logs Policy | Critical | Independently audited, proven in court |
| Encryption | Critical | AES-256 or ChaCha20 |
| Protocols | Critical | WireGuard + OpenVPN |
| Kill Switch | Critical | Available on all platforms |
| DNS Leak Protection | Critical | Enabled by default |
| Jurisdiction | Important | Outside 14-Eyes preferred |
| Server Network | Important | 1,000+ servers, 50+ countries |
| Speed | Important | Minimal impact with WireGuard |
| Simultaneous Connections | Useful | 5+ devices |
| Streaming Support | Useful | Works with Netflix, etc. |
| Split Tunneling | Nice to Have | Available on desktop and mobile |
| Multi-Hop | Nice to Have | Double VPN option |
Need help finding the right VPN?
Try Our VPN Finder Tool →