5 Most Secure VPNs

24 Sep 2013 |

While things such as performance, customer service and fully featured software all contribute towards making a VPN service stand out from the crowd, their primary purpose, their raison d’être, is to allow customers to use the internet anonymously.

The way to ensure that users remain anonymous is to have robust and well thought out security measures in place, that make any attempts to compromise this anonymity extremely difficult. A VPN provider who fails to implement such measures is therefore worse than useless; it is a positive liability to its customers!

We discuss the main security factors and issues that you should consider when choosing a VPN provider towards the end of this article.


Summary

Rank Provider Starting
Price
Review Link

1

logo $9.00/mo Read Review Visit Site

2

logo $11/mo Read Review Visit Site

3

cactus_logo $4.99/mo Read Review Visit Site

4

logo $8/mo Read Review Visit Site

5

logo $6.95/mo Read Review Visit Site

Take a look below to see slightly more detailed views about each provider.

Winner – AirVPN

Positives: accepts Bitcoin, no logs, 256-bit AES encryption, dynamic port forwarding, real-time user and server statistics, support for Tor over VPN and VPN through SSL and SSH tunnels, good speeds, 3 day free trial, P2P: yes

Negatives: 0 simultaneous connections by default (but more can be purchased)

Formed by net neutrality and internet freedom activists and hactivists following a Pirate Party festival in Rome, this Italian VPN provider is proud of conforming to European Union directives regarding protection of privacy and codes of best practice. In Italy VPN providers are not covered by the local implementation of the Data Retention Directive, so AirVPN keeps not logs at all. It also encourages the use of disposable email addresses and payment using Bitcoins, in order to preserve maximum user anonymity. On the technical front, AirVPN uses 256-bit AES encryption, while also supporting unusual technologies designed to provide the best possible VPN security, such as VPN over Tor, and VPN through SSL and SSH tunnels. The only downside to AirVPN is that the basic package only lets you connect one device to its service at a time, but additional devices can be added for $1.99/mo each.

» Visit AirVPN


2. NordVPN

Positives: No logs, acepts Bitcoin payments, 256-bit AES encryption, 2 simultaneous connections, P2P: yes

Negatives: inconsistant connection speeds

Based in Panama, which has no mandatory data retention laws, NordVPN keeps ‘no logs at all’, accepts anonymous payment with Bitcoins, and uses high-grade 256-bit AES OpenVPN encryption, giving it pretty much top marks in the security department. NordVPN uses open source OpenVPN software, which while the one hand means that it lacks some of the bells and whistles offered by custom VPN, clients, does mean that it is less unlikely to have been back-doored by the NSA. We did experience a few performance issues with NordVPN (which we hope will be ironed out soon), but where things really matter – security – NordVPN excels.

» Visit NordVPN


3. CactusVPN

Positives: No usage logs, 256-bit AES OpenVPN encryption, P2P: yes, very fast, great custom clinet with per-app killing feature

Negatives: No Bitcoin payments, some connnection logs kept (but only for 3 days) limited iOS and Android support

Operating under the jurisdiction of Moldova (which as far as we can make out is a bit of a ‘Wild West’ when it comes to legal oversight), CactusVPN uses 256-bit AES OpenVPN encryption with 2048-bit key authentication. It keeps no usage logs, and while it does keep some connection logs, these are discarded after 3 days. It is shame that CactusVPN does not accept Bitcoin payments, but it does somewhat make up for this with blazingly fast connection speeds and a very slick custom client featuring a per-app killer.

» Visit CactusVPN


4. iPredator

Positives: No usage logs, accepts Bitcoin, 265-bit AES encryption, P2P: yes, association with The Pirate Bay guarantees VPN is not a honeypot, 2 day free trial

Negatives: Connection and payment logs kept, servers only in Sweden, slow connection speeds, limited support for iOS and Android

Formed by PirateBay co-founder Peter Sunde, you might expect Swedish based iPredator to be very secure, and by-and-large it does not disappoint, with 256-bit AES encryption (using SH1 hash authentication) and no traffic logs (VPN providers are exempted from the DRD in Sweden). Some connection logs are kept however ‘for debugging purposes’, as are transaction ID and emails received from payment processors (which are kept for a little over 6 months). The good news is that these details are encrypted and stored remotely, making seizing them difficult:

‘We try to store the least amount legally possible anywhere. IP-addresses are encrypted and can only be decrypted by non-support staff to ensure a proper process. For example, to work around issues where the police ruffles up the support staff a bit to get data for an abuse report. In the database we only store the details users give us on sign-up and a limited backlog of payments.’

iPredator’s association with The Pirate Bay has resulted in very close scrutiny by anti-piracy bodies, but does mean that we can be very sure it is not a ‘honeypot’. Elsewhere we found the service a little on the basic side, with connection speeds somewhat poor (from the UK), but in terms of security, iPredator is a solid choice.

» Visit iPredator


5. Private Internet Access

Positives: accepts Bitcoin, no logs, fast, up to 256-bit AES OpenVPN encryption, client features port forwarding, VPN kill switch and DNS leak protection, P2P: yes, 3 simultaneous connection

Negatives: No free trial, US based company so is likely infiltrated by the NSA

Given that PIA is a US based company we know this choice will be somewhat controversial, and if NSA tampering is a big concern of yours then you should avoid it like the plague. However, in every other regard PIA provides an outstanding service. It keeps no logs at all, accepts anonymous payment using Bitcoins, and it has just improved its technical security by allowing you to select up to 256-bit AES OpenVPN encryption, with SHA-256 hash authentication and 4096-bit RSA handshake encryption. Throw in a very fully featured custom VPN client, and for most people’s needs PIA remains a very attractive (and secure) service. Just don’t mention the NSA!

» Visit Private Internet Access


Important Security Considerations when choosing a VPN provider

Location

One of the most shocking things to discover when researching VPNs is how many are located in countries that legally oblige them to be fundamentally insecure when it comes to customers’ data, and which makes the notion that they are providing any form of real privacy frankly laughable.

The United States, although it has no mandatory data retention laws, suffers from an incredibly belligerent and powerful anti-piracy lobby, to the extent that most US VPN providers keep usage logs, which they will quite happily turn over to copyright enforcement lawyers at the drop of a hat. On top of this, of course, there is the blanket spying undertaken by the NSA, he scope which is frankly staggering, and beggar’s disbelief. It is safe to say, we feel, that no US VPN service can be considered secure when it comes to the NSA.

The EU wide 2006 Data Retention Directive stipulates that all telecommunications data must be stored and made generally available to (often a very wide and loosely defined range of) ‘competent’ national authorities for at least 12 months. In most EU countries the Directive fully applies to VPN providers,k who therefore cannot be considered able to offer their customers a secure service. However, some countries have not, for one reason or another, implemented the DRD into national legislation, while others have chosen not apply the Directive to VPN providers. We discuss the DRD and which countries can still be considered secure bases for a VPN in detail here.

Keeping logs

The most vital shield a VPN provider has for securely maintaining their customers’ privacy is a commitment to keeping no logs. As we noted above, there are only a limited number of countries where it is legally possible for a provider to do this, and many providers, even when not forced to do so by law (such as most US providers) keep logs anyway.

Despite many providers’ assurances that they will resist attempts to force them to hand logs over to the authorities, if logs exist then they can be handed over. It is only by having no logs to hand over, that a VPN company can genuinely assure its customers that they never will be.

One thing to be careful of is that many VPN providers claim to keep no logs on the basis that they keep no usage logs (also known as traffic logs), and therefore keep no logs of what you get up to on the internet. They do however often keep records such as account details and connection logs (recording things such as time when you connect and disconnect, IP address connected from and suchlike.). These are usually kept ‘for troubleshooting purposes’, but can still amount to quite a lot of potentially damaging metadata in the wrong hands.

Bitcoins

A very good indicator of a VPN provider’s commitment to privacy is whether they accept payment in Bitcoins. If they do, then it means that they are willing to accept anonymous payment. Although they can still trace you through your IP address, this means one less important way of identifying you. Even if you are not concerned with paying anonymously, it is a hallmark of a good VPN provider that it accepts Bitcoin payments.

Encryption

In addition to policies designed to ensure the security of customers’ privacy, at the heart of VPN lays encryption. It has only recently come to light the extent to which the NSA has worked to weaken and subvert international encryption standards, and no-one really knows what the NSA is capable of decrypting. What is known is that the NSA has made great strides in cracking commonly used VPN encryption protocols such as PPTP and L2TP.

To the best of anyone’s knowledge however, OpenVPN remains a secure protocol, although anyone serious about security will now likely want to see it beefed up to at least a 256-bit cypher. While it is possible that the NSA may be able to break even such strong encryption, to do so would almost certainly be a time consuming and arduous task for them, and therefore it is unlikely to be problem unless you are specifically targeted by the NSA (and even then it will generally be easier to co-opt your VPN company, or perform a man-in-the middle style attack on your communications…)

Therefore, what we look for in a secure VPN is strong 256-bit OpenVPN encryption. By far the most popular cypher among security conscious VPNs (and is used by all services recommended here) is Advanced Encryption Standard (AES). Generally considered highly secure, it is the cypher used by the US government for ‘sensitive’ data, and has consequently enjoyed a good reputation, although this has been somewhat tarnished of late thanks to the NSA scandal. As a result of this, there has been much talk of moving away from any cyphers associated with NIST, the US government, or the US at all, but despite a great deal of talk, we have yet to see much in the way of concrete action in this regard.

VPN client

Some VPN providers supply excellent custom VPN clients that add all sorts of funky features, such as internet kill switches, DNS leak protection, port forwarding and server load information. These features are great, and generally help to impress us with a service, but if NSA tampering worries you then you should try to stick with free open source software (FOSS) that can be independently peer-reviewed and audited for malicious code (such as the regular vanilla OpenVPN client), rather than any kind of closed proprietary software.

Shared IP addresses

Any VPN company worth its salt should use shared IP’s, where many customers access the internet using the same shared IP address. While not 100% foolproof, this makes identifying an individual extremely difficult. All the recommended providers above make use of shared IPs.

Conclusion

Given the large number of VPN providers around, it can be somewhat disconcerting to find how many do not take security seriously. All those above do, with AirVPN (closely followed by NordVPN) clearly deserving top place. If you are interested in other seeing how other providers do in this regard, the most canonical source available is TorrentFreak’s VPN Services That Take Your Anonymity Seriously, 2013 Edition.

And here’s the summary once more:

Summary

Rank Provider Starting
Price
Review Link

1

logo $9.00/mo Read Review Visit Site

2

logo $11/mo Read Review Visit Site

3

cactus_logo $4.99/mo Read Review Visit Site

4

logo $8/mo Read Review Visit Site

5

logo $6.95/mo Read Review Visit Site
Author Picture Written by Douglas Crawford
I am a freelance writer, technology enthusiast and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+