How to choose the VPN that best suits your needs
A virtual private network can serve many different purposes and appear in numerous forms, so make your choice wisely
What is a VPN anyway?
A virtual private network (VPN) is an encrypted connection from your device to a remote server. You may have encountered one in the workplace, allowing those working remotely to access an on-premises or cloud-based office network.
But we’re looking at consumer VPN providers. These subscriptionbased services provide an encrypted tunnel for all your internet traffic and typically provide endpoint servers in scores of different locations, allowing you to virtually locate yourself in any of those places.
Privacy is a major selling point for VPN services. Data going to and from your device through an encrypted link to a remote server can’t be inspected by your ISP or, typically, monitoring tools on a local network.
Region shifting
However, the most popular reason for using a VPN is to access regionlocked entertainment content, such as the extended movie catalogue of US Netflix, national TV from a different country, or US newspapers that have blocked UK and EU readers rather than comply with our more stringent data protection laws.
Media licence holders are, for obvious reasons, unhappy about this and have pressured streaming companies to ensure compliance.
As a result, there’s now an arms race between streaming services on one hand and VPN providers on the other. Netflix and the like are increasingly blocking IP ranges they believe are used by a VPN provider, while the VPN providers are increasingly seeking to obtain residential IP addresses from blocks assigned to home users.
If you’re choosing a VPN because you want to stream video from a different country, then note that several VPN services – including Mullvad, Perfect Privacy and TunnelBear among our tested group this month – don’t prioritise region-shifting for streaming and don’t advertise their services on that basis.
The most popular reason for using a VPN is to access region-locked entertainment content, such as US Netflix
Most major VPN providers, however, make efforts to give you access to region-locked content.
The current leaders on this front are NordVPN, ProtonVPN and Surfshark, all of which extensively acquire and test appropriate IP address blocks to evade anti-VPN measures by streaming companies.
We provide an at-a-glance view of which VPN providers streamed a trio of services – BBC iPlayer in the UK, Netflix and Disney+ in the US – in the table on p93.
Privacy
If you’re primarily interested in a VPN for privacy, you should know exactly what you need privacy from. The archetypical example is a public, office or even home network on which you’d like to either protect yourself from sniffing attacks that seek to capture apture data you pass back and forth orth (somewhat less of an issue ue than it once was, as HTTPS TTPS has become ubiquitous) or evade content filtering. This can include national-state or ISP-level filters, ranging from porn blocks designed to keep adult content out of the hands of anyone who can’t an’t prove they’re over 18, to the he great firewall of China.
A VPN provider is essentially an alternative ISP. This is great if you don’t trust your ISP not to either restrict your access to certain websites, apply content-based throttling, or snoop on your activities, but you’re now entrusting that same data to a different third party. Why should you trust them?
Research the service you’re going with, and any features and restrictions that may apply, and any local laws that may affect its activities. Every single VPN provider we’ve tested promises to keep no identifying user logs, but many jurisdictions have laws that can be used to compel a VPN provider to collect or hand over what data they have.
The best services are up front about this and take measures to mitigate risk. These include RAMdisk servers, in which everything is stored in volatile memory that’s wiped on reboot or power down; allowing customers to pay anonymously using cash, gift cards or cryptocurrency; blocking endpoint servers in specific countries from activity such as torrenting, which comes with a legal obligation to keep logs; and headquartering themselves in countries with privacy-friendly laws – Panama, Switzerland and the British Virgin Islands are popular choices.
Don’t take companies at face value. Some VPN providers that claimed to keep no logs – none of which is
included in this group test – have handed logs over upon receiving a court order. Others, particularly those that primarily advertise themselves on mobile app stores, have transpired to exist for the sole purpose of spying on users’ app loadouts or collecting user data to sell to advertisers.
While any service that you don’t have full control of carries risks – and even a VPN endpoint that you deployed yourself, on hardware that you had physical control of, would have to be appropriately secured – being aware of the surrounding security landscape helps to mitigate this.
Extra features
Look at the table on p80 and you’ll see a section labelled “features”.
We don’t recommend you choose any VPN that lacks a kill switch feature. This will stop all network traffic to and from your PC if the VPN drops. It’s a vital way of ensuring that no data is accidentally sent via your standard internet connection, but note that a kill switch usually has to be manually enabled.
Split tunnelling allows you to exclude specific applications or IP ranges over a VPN connection and the rest via your usual net connection. This is handy if you want to have access to other international and local streaming services or want to access content that requires a local IP address.
The most common version of split tunnelling is a tickbox allowing you to access devices on your local networking, but many VPNs, including ExpressVPN, NordVPN and ProtonVPN, allow you to use whitelists and/or blacklists to include or exclude specific apps, URLs or IP ranges from your VPN connection.
Then there’s obfuscation. If you’re using a VPN to work around a national firewall in a country that bans the use of VPNs, such as the UAE, Russia, Turkey, Belarus or China, then a connection mode that hides the very fact that you’re using a VPN is essential. It’s also handy on a corporate network that deploys VPN detection. Techniques include removing packet headers that may identify VPN traffic, using SSL encryption or otherwise disguising VPN traffic as standard HTTPS traffic.
We’ve already mentioned RAMdisk servers. Here, the entire OS runs in volatile memory, and such servers are becoming increasingly popular among privacy-oriented VPN providers. This effectively means that the servers are fully wiped every time they’re powered down or rebooted.
A question of price
Your final decision is likely to boil down to price. We mention obfuscation above, and the same is often true here: trying to negotiate your way through special offers, annual discounts and exchange rates is enough to destroy most people’s lifeforce.
In our table on p80, we have done our best to strip out the extraneous information so you can compare prices directly. Perhaps the key line to focus on is the cheapest monthly cost: this takes the best deal (usually involving an upfront payment for one or two years) and then divides it by the number of months for that contract. For companies that charge in euros or dollars, we’ve used an exchange rate of €1.17 and $1.33 to the pound.
Split tunnelling allows you to exclude specific apps or IP ranges over a VPN connection and the rest via your usual net connection