The Ultimate Guide to Choosing a VPN

Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

There are now so many VPN services out there that choosing the right one for you can be a frustrating and overwhelming task. That's why it's useful to have a handy guide to follow so that you're picking the right product. So, what should you be looking for, and what red flags do you need to take note of when buying a VPN subscription?

1. Encryption Protocol

green encryption ciphertext on computer screen — Image Credit: Christiaan Colen/Flickr

The most important feature that VPNs offer is encryption. When you use a VPN, your internet traffic is encrypted when it passes through a remote server. In this process, plaintext data is converted to ciphertext, making it unintelligible.

But not all VPNs use the same kind of encryption. AES-256, AES-128, and XChaCha20 are some notable examples of protocols used by popular VPN providers. It's important to know which specific protocol your chosen provider is using so you can determine just how safe your data is.

Out of the protocols mentioned above, AES-256 is the most commonly used. AES, or Advanced Encryption Standard, is considered by many to be the strongest encryption algorithm out there today. This protocol uses a 256-bit key and, at the time of writing, has never been cracked.

In fact, no AES algorithm has ever been cracked, including AES-128, which is also used by some VPN providers. AES-128 uses a 128-bit key. This gives way to some key differences between AES-256 and AES-128. For example, AES-128 uses 10 key processing rounds, and uses a single 128-bit block, while AES-256 uses 14 key processing rounds and two 128-bit blocks.

While it may seem that AES-128 is less secure on paper, both algorithms are uncrackable at the moment.

XChaCha20 is another strong encryption algorithm you may find in your VPN's specifications. This is a single-key encryption protocol that can work up to three times faster than AES-256, though the security integrity of each is considered to be fairly similar.

Algorithms SHA-1 or DES, should be avoided, as they're pretty basic in today's standards.

2. Server Locations

Most VPNs offer users a choice of remote server locations around the world. This isn't just great for obscuring your IP, but can help you to access geo-restricted content, such as TV shows on another country's Netflix.

While some providers offer a myriad of server locations, others are more limited. If you're looking to connect to a specific set of locations, it's worth knowing what your prospective VPN service can give you. Free VPN services are known to have very limited server locations, with the lack of fee bringing certain compromises.

If you want to be able to access the highest number of server locations, a reputable and paid service is the best option. The following providers are worth considering if this is a priority for you:

Express VPN: Over 3,000 servers in 94 locations.
NordVPN: Over 5,000 servers in 60 countries.
SurfShark: 3,200 servers in 100 countries.
CyberGhost: Over 9,000 servers in 90 countries.

Note that the number of servers and server locations are not the same. There can be multiple individual servers in just one location, which is why the two figures tend to vary so much from each other.

There are also VPN server locations that are best to avoid, so steer clear of providers that only offer such options.

3. Price

Naturally, price is an important factor to consider when choosing a VPN—or, indeed, any service. While some VPN tools are entirely free, others come with a hefty monthly or yearly fee.

Below are the current monthly subscription prices for the top VPNs:

ExpressVPN: $12.95
NordVPN: $11.99
SurfShark: $12.95
ProtonVPN: $9.99
CyberGhost: $12.99
WindScribe: $9.00
TunnelBear: $9.99

Most VPN services allow you to sign up for contracts, which can vastly reduce your monthly fee. However, these are lock-in contracts, and the total cost of the contract is usually required upfront before you're given access to the VPN.

If you're trying to stick to a tight budget, there are VPN providers that also offer users a free version of their service, such as WindScribe and TunnelBear. However, the free versions often come with limited features, such as a monthly data cap and fewer server locations.

Additionally, there are some glaring issues that come with numerous free VPNs. The goal of many VPN services is to make money, but if a user fee isn't being charged, the company has to pursue other revenue streams. This may include in-app advertisements, exit nodes, and data sales.

The entire point of a VPN is to keep your internet activity private, but some free VPNs go against this entirely by tracking you. The websites you visit, your IP address, and even your personal information can be collected by shadier VPN services. This data is then sold onto third parties, allowing the provider to make a profit.

Not all free VPN services do this, but it's by no means unheard of. You may also find yourself running into irritating advertisements while using a free VPN client, which can make your experience a lot less streamlined.

4. Additional Features

While the core purpose of a VPN is to encrypt your online traffic and mask your IP, there are additional features that can heighten your online security and privacy even further.

Be sure to look out for the following features when shopping around for the best VPN:

Kill switch: This automatically disconnects you from the internet if the VPN server connection is lost.
Multiple VPN protocols: A choice between various VPN protocols, including OpenVPN, WireGuard, and IKEv2.
Multiple device access: This is the ability to use your VPN on more than one device.
24/7 customer service: Being able to access support whenever you need it.
Double VPN: Double VPNs send your traffic through two remote servers, doubling your encryption.
Onion over VPN: This feature lets you use the Tor browser after connecting to a VPN server.

Some VPN services also offer more unique features. For instance, NordVPN offers dark web monitoring, which scans the dark web to see if your information is being sold anywhere. ExpressVPN, on the other hand, has TrustedServer technology, which ensures that no data passing through a server is ever kept on a hard drive.

While you'll find different features with each VPN service, those listed above are among the most important.

5. Risks and Reputation

padlock and chains on laptop keyboard under red and green light

There are some bad eggs among the hundreds of VPN services available today. But a shady VPN provider can still market itself as a top-tier product, tricking unknowing users into signing up. This is why you need to do a little research into the reputation of your prospective VPN provider before giving it the green light.

Another crucial factor to consider is whether a given VPN service has been independently audited.

An independently-audited VPN service will have had a separate, impartial body sift through its infrastructure (including its data collection, financial records, and security features) to make sure everything is in order. While a VPN can be assessed by its own internal staff, this naturally invites suspicion, as there may be an agenda that those conducting the audit are told to follow.

By using an external auditing body, such as PwC or Cure53, this possible bias is eliminated, allowing for a fair and truthful outcome. Through such independent audits, it can be determined what user data a company is collecting and how they're using it, as well as whether the security and privacy features they claim to have are being used.

Choosing a VPN Doesn't Have to Be a Lengthy Ordeal

The sheer number of VPN services available today can feel overwhelming, especially if it's your first time trying a VPN. But by following the tips above, you can pick out a trusty and reputable VPN that won't leave your data out to dry.