Does VPN jargon leave you confused? Not sure which features are the best at protecting your data? You’re not alone Luckily, ProPrivacy have already rated ten of the best VPNs for security, so be sure to check those out. It doesn’t hurt to do your own research before you hop onto a subscription, so here are five features you need to look out for.
#1 Leak Protection
One of the key aspects of a VPN is their ability to mask your IP address, and consequently your real life location. Not only is it great for your privacy, but you get the side benefit of unblocking geo-restricted content with only a couple of clicks.
However, there are a few ways your IP address could leak, even while using a VPN. It’s not because of any VPN security flaw, mind you. Instead, certain features in your browser and even your operating system could betray your location to online services. Here’s what VPN leak protection shields you from:
- WebRTC leaks – WebRTC allows you to video call your friends straight from your browser. However, the way the API is built allows websites to make STUN requests to see your real, unmasked IP.
- DNS leaks – Windows 8 and 10 features like Teredo and SMHNR may direct DNS requests to your ISP, instead of having them go through the VPN provider’s servers instead.
- IPv6 leaks – Internet providers have been slow to adopt this new standard for IP addresses. As such, many VPNs don’t currently support hiding IPv6 addresses – opting instead for leak protection (which usually just disables IPv6 traffic altogether).
Leak protection is essential, especially now that ISPs basically have free rein to sell your browsing data to advertisers.
#2 A Kill Switch
Speaking of leaks, a VPN can only encrypt your data when you’re actually connected to the VPN client. Unfortunately, a poor Internet connection or other factors may cause you to disconnect without even realizing. In that case, all your network traffic will pass through your ISP’s servers unencrypted – causing a data leak.
A kill switch can prevent all that by shutting off all network activity the moment you get disconnected. Once you’ve successfully re-established the VPN connection, you can safely resume browsing. In fact, some VPN clients automatically reconnect you if you haven’t manually quit the app. This allows for seamless and secure browsing without having to reconnect manually at every network hiccup.
#3 Perfect Forward Secrecy
VPN encryption is basically airtight. Just to give you an idea, the NSA has approved protocols like AES 256-bit to secure data considered “TOP SECRET.” It would take the fastest supercomputer in the world millions of years to find a decryption key through a brute-force attack. That’s why it’s widely included in all the top security VPNs today.
AES 128-bit and other VPN encryption protocols are weaker, but just as secure and not as resource-heavy. They’re especially useful for the average user, who probably isn’t working with national secrets on a daily basis.
However, on the off-chance that a hacker somehow gets their hands on a decryption key, Perfect Forward Secrecy is there to help. Basically, your VPN client regularly changes the key which encrypts your current network session. For example, ExpressVPN changes it every 60 minutes. This makes it so only a tiny portion of your data is exposed to the attacker – and again, you’ve seen how low the chances are of that happening.
#4 Multi-hop (or Double VPN)
Those with a high need for privacy end up using Tor over VPN for maximum anonymity. However, even Tor users are vulnerable to what’s known as a traffic analysis attack. Using a multi-hop VPN – chaining multiple VPN servers, essentially – allows you to prevent such attacks. Not only that, but your data receives one extra layer of encryption (per chained server) on the way to its destination.
Naturally, this will put quite a dent in your Internet speeds. As such, it’s mostly recommended in high-threat scenarios – whistleblowers, journalists, avoiding surveillance from an oppressive regime, and so on. Your livelihood is more important than a slow network.
#5 Stealth Servers
While we’re on the topic of restrictive governments, here’s another feature that could help you evade Big Brother’s gaze. VPNs may use obfuscation techniques to hide the fact that you’re using one. Whether it’s your ISP, government agencies, or anyone snooping on your network will see “regular” traffic. Of course, they can still resort to deep packet inspection and other advanced techniques to detect VPN usage. In the end, your traffic is still encrypted, so that’s the best they could do.
As a side note, obfuscation is really useful at bypassing filters from streaming services like Netflix. These platforms are known to block VPNs for licensing reasons, so disguising your traffic is a must. Give any of ProPrivacy’s picks a shot if you want top-notch security and restriction-free content on the side.