INSUBCONTINENT EXCLUSIVE:
Reviewing a VPN can be tricky
There's a lot to consider, an array of factors and features to weigh up, and everyone has their own view on what's important, and what
really isn't.As a result, definitive verdicts are hard to find
you very much if you're interested in connecting from Australia to New York on your Android mobile.What we can do is check out a lot of
different aspects of the service, and tell you more about them
provider is like.In this feature we're going to explain the key issues we consider, and how we go about evaluating and testing them
Although do bear in mind that while full reviews of the top VPN providers will cover everything we're going to discuss here, shorter reviews
will simply focus on the major points.But it's equally worth noting that what we've laid out here is just a fraction of what might
potentially happen in a real review
executable past a security scanner (try Ostorlab), examine the code of a browser extension or use something like dnSpy to decompile and
browse a .NET client.But going into that sort of detail would require an entire book to cover properly, so there's no room for that here
details on the service and its features.Network size matters, though not as much as providers sometimes claim (as long as a VPN has the
locations you need, it doesn't matter whether there are 20 or 2,000 more)
As well as the numbers, we check to see how widely dispersed the locations are, whether they include countries you won't always get with the
competition, or if they leave gaps in coverage elsewhere.It's equally important to understand the services supported by each server
Do they all support P2P, streaming, OpenVPN, and everything else offered by the provider This isn't always easy to find out, but it's worth
making the effort (that list of 300 locations may look much less impressive if you realize you can only use P2P with three of them).A good
VPN should offer custom desktop and mobile apps, as they'll be the easiest way to use the service
Be careful when you're checking this on a website, though
Providers will sometimes give you a long list of platforms, but although some of these will lead to downloads, others might just point you
to a tutorial explaining how you can set up the service manually
Follow each link to find out for sure.Identifying protocols supported by a VPN tells you a lot about the service
(routers, game consoles and so on), even if they're not directly supported by provider apps.We pay close attention to any details of how
each protocol is implemented, too, including the specifics of any encryption and authentication methods which might be employed
These aren't always visible upfront, but there's usually some information tucked away in the support site.Does the VPN have any interesting
bonus features Common examples are ad, tracker and malicious URL blocking; the provider's own DNS system; Onion support; split tunneling,
allowing you to choose which applications use the VPN, and which don't; and maybe Bitcoin support for payments, improving your anonymity
when you sign up.Checking out the price helps us to understand whether the service is good value, but there's more to that than looking at a
Some VPNs don't offer their lowest price unless you sign up for several years, so it's important to look at the range of plans and prices on
offer.If collecting all this data sounds like it could be a lengthy and tedious process, you're right; it is indeed
But it's not just about finding figures and feature lists
Just the experience of looking for the relevant information will give you a good feel for what a VPN is like.A dubious provider might be
short on detail, for instance, with a poorly organized website making it hard to find what you need
Information might be inconsistent or outdated, and you'll sometimes see a little marketing trickery, such as making unrealistic speed or
website unblocking promises which you suspect the company can't deliver.But a professional provider will have a well-designed website which
makes all the most important information visible upfront, with plenty of technical detail tucked away if you want it
Overselling will be kept to a minimum, and honesty and transparency is likely to be the order of the day.Check out our list of the best VPN
providers in the marketPrivacyAssessing the level of privacy offered by any VPN is difficult, as you're relying on the provider to honestly
tell you what they're doing and how the service works
Still, there's often enough information to point you in the right direction.This starts with the technical data you collected earlier on the
protocols supported, the encryption and authentication
OpenVPN support is best, IKEv2 not far behind, L2TP/IPSec is acceptable, but the outdated and insecure PPTP is best avoided entirely.We
might look for AES-256 data encryption, RSA-2048 or 4096 to cover handshaking, and Perfect Forward Secrecy to generate new keys for each
clues, or you can download sample OpenVPN configuration files to give you some idea of how the service works
If the service has live chat, try asking someone; the agents can usually answer pre-sales queries.App features are key
Quality VPNs will use their own DNS servers and implement DNS leak protection (IPv4 and IPv6) to reduce the chance of your internet
activities becoming visible to others
You'll also want to have a kill switch to automatically block internet access if the VPN connection drops.Beware: just because a service has
'kill switch' on a website feature list doesn't mean that this capability will be available on every platform
Mobile apps often have fewer features and functions than their desktop siblings, for instance, so we check each one to fully understand what
it does.To confirm that a VPN is properly hiding your IP address, connect to any VPN location and point your browser at ipleak.net
If you see your real IP address, or an address owned by your ISP, there's a problem which you need to investigate further
Results can vary according to browser setup, so repeat this in every browser and on every device you use.We test kill switches on Windows
VPN clients by using a custom tool to forcibly close our VPN connection, then we check to see how long the internet remains accessible, and
whether our regular external IP is visible to the outside world.To do something similar manually, use Task Manager to close the process
OpenVPN.exe and check whether your internet access goes down immediately, or there's a few seconds delay, and whether it automatically
reconnects.If the kill switch doesn't appear to work, check Settings to make sure it's turned on (sometimes it's disabled by default)
Look for alternative settings which might help, too
Some clients include a 'redial if the connection drops' feature which isn't quite as effective, but will still offer some anonymity
protection.LoggingVPN providers, particularly free services, are regularly accused of selling their users browsing history
Most will try to fight back, typically by yelling 'No logging!' on the front page of their website, but years of review experience has told
us this isn't always true
That's why we always look a little deeper.The privacy policy can tell you a lot about a provider, even before you read it
5,000 words of poorly-formatted, jargon-packed legalese is a bad sign, and so is a 100-word document which tells you almost nothing
What we're looking for is a clearly formatted, well-organized and readable document which allows anyone to find the key details they
need.Those details should be explicit and cover all logging possibilities
A single line saying 'we never under any circumstances log what you're doing online', for instance, doesn't rule out the possibility that
the service might record session data: the date and time you log in, your incoming IP address, the VPN IP address you're assigned, the date
and time you disconnect and the bandwidth you use
That level of detail could be enough to allow others to link an internet action to your account.A better policy will rule out this
possibility by explaining that it doesn't log connect or disconnect times, incoming and outgoing IP addresses, and so on.The best policies
will also tell you what they do record, why they do so, and what happens to that data
For example, a provider might say that it logs the last connection time and the bandwidth used in that session, but doesn't record incoming
It could explain that this data is useful to help the company monitor service use and identify inactive accounts (makes sense), but doesn't
allow anyone to find out what you're doing online (quite true)
And it might tell you that if you no longer use the service, you can email support and they'll delete your old account data entirely.It's
important to keep this in perspective
However well-presented a privacy policy might be, there's no guarantee that anything said in the document is actually true
It's all based on trust.Checking out the small print can sometimes highlight logging that a VPN is admitting takes place, though
And if nothing else, it can give you clues about how honest and open a provider might be.We've previously found dubious free VPNs who have
copied and pasted someone else's privacy policy, changed any company names in the text and pretended it's theirs, for instance
selectionTo properly understand how a VPN performs, we use automated tools to connect to multiple servers and test key aspects of the
service: server availability, location, connection time, latency and download speeds.Our tools connect to each server via OpenVPN, and so
the testing process starts by downloading the VPN provider's configuration files
(If a service asks us to generate them ourselves, we specify UDP-based connections).These files are separated into four location-based
groups (the UK, Europe, North America and the rest of the world), which we then break down further to choose the servers which will be
included in our tests.Some VPN tests use largely fixed locations: one in London, one in Amsterdam, another in New York, and so on
This is good for maintaining consistency between VPN providers, but it won't necessarily make for a fair comparison.For example, if
SmallVPN.com has a single New York location, and BigVPN.com has 10, then testing one server from each provider keeps life simple
But there's no way to know whether BigVPN.com's single server will accurately represent the good or the bad points of the service.To try and
get a more realistic idea of how a VPN performs, we test up to 30 locations within a group, even if this means they're all within a
relatively small area (10 servers in London, say)
In real world testing you might be allocated one of these servers, occasionally, so we need to try them all ourselves, if only to see how
(or if) they vary.If there are significantly more than 30 locations, we choose a subset which best represents the group's geographical area
The North America group will include east coast, mid-American, west coast and Canadian locations where possible, for instance.Of course,
this means we may also miss some of the best (or the slowest) servers, but we think it's enough to give us a representative view of the
performance in that group.YgC4qabSzheJ8iHDmge57K.jpg#
