Skip to main content
Tech Radar
  • Tech Radar Pro
  • Tech Radar Gaming
Tech Radar Pro TechRadar IT Insights for Business
Subscribe
RSS
(opens in new tab) (opens in new tab) (opens in new tab) (opens in new tab)
Asia
flag of Singapore
Singapore
Europe
flag of Danmark
Danmark
flag of Suomi
Suomi
flag of Norge
Norge
flag of Sverige
Sverige
flag of UK
UK
flag of Italia
Italia
flag of Nederland
Nederland
flag of België (Nederlands)
België (Nederlands)
flag of France
France
flag of Deutschland
Deutschland
flag of España
España
North America
flag of US (English)
US (English)
flag of Canada
Canada
Australasia
flag of Australia
Australia
flag of New Zealand
New Zealand
Technology Magazines
(opens in new tab)
Technology Magazines (opens in new tab)
Why subscribe?
  • The best tech tutorials and in-depth reviews
  • Try a single issue or save on a subscription
  • Issues delivered straight to your door or device
From$12.99
(opens in new tab)
View (opens in new tab)
  • News
  • Reviews
  • Features
  • Website builders
  • Web hosting
  • Perimeter 81
  • Security
Trending
  • Best standing desk deals
  • Best cloud storage 2023
  • Everything you need to WFH
  • What is Microsoft Teams?
  • Windows 11 for business

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

  1. Home
  2. Features
  3. Computing
Supported (opens in new tab)

VPN audits: what do they mean and why are they important?

By Mike Williams
Contributions from
Rob Clymo

Are VPN providers right to brag about their audits?

In Association with

ExpressVPN logo (opens in new tab)
Businessmen studying a report
(Image credit: Shutterstock)

Install a VPN and you're asking that provider to protect all your most important online activities, so it's vital to pick a company you can trust.

How can you know who lives up to their privacy promises, though, and who might be secretly selling your browsing history on the side?

Providers used to hope you'd take their word for it, so if they said 'WE ARE A NO LOG VPN' on the website, in a really big font, you'd believe them and sign up.

Unfortunately, regular news stories about major VPN security failures have seriously damaged confidence in the industry, and user trust is in very short supply.

The top providers understand the problem, at least, and many now try to provide evidence of their honesty by putting themselves through an independent VPN audit. But what does this mean, and what can a VPN audit really tell you about how the software works?

What is a VPN audit?

A VPN audit is a process where a provider calls in an experienced independent company like PricewaterhouseCoopers to check an aspect or some aspects of its service.

Exactly which aspects are investigated depends on the scope of the report. 

Take Surfshark, for example. In its 2018 audit (opens in new tab), only the service's browser extensions were audited. The results were good, but couldn't tell customers much about the VPN as a whole. And if you never use the VPN extensions, then the audit really told you nothing at all.

In May 2021, though, Surfshark had its servers audited (opens in new tab), a much wider and more interesting test. 

ExpressVPN, on the other hand, had a full no log audit (opens in new tab) carried out that saw PricewaterhouseCoopers check its servers, source code, configurations, even interview its staff. And TunnelBear goes further than most, putting itself through a comprehensive audit (opens in new tab) of its servers, apps and backend systems every year. 

When you next read a VPN boasting about its latest audit, check the areas the auditor inspected, and the information they could access. If they looked at the mobile VPN apps, for instance, did they see the source code. Or were they only able to install and run the apps like regular users? 

Generally, the more areas put under the microscope and the more access given to internal systems, the more significant an audit should be, with TunnelBear's 'look at everything' approach the high watermark.

TunnelBear puts itself through an annual audit

(Image credit: TunnelBear)

Where is the VPN audit report?

The best VPN audits result in a very detailed report about everything the auditor found, and this should ideally be available for everyone to download.

Sometimes the report is only available to customers, but that's usually a condition enforced by the auditors more than the VPN trying to be sneaky. It's not ideal, but as long as it's available somewhere, that's what counts. That's because if the audit report isn't accessible, you're left to rely solely on the VPN's interpretation of the results. 

The company might have published some really enthusiastic blog post about how brilliantly it did, for instance, but has it really listed everything the audit found? If it just says, 'the audit didn't uncover any serious problems', how can you be sure that's true? 

Without access to the report, all you can do is take the VPN's word on trust, which is the very problem the audit was supposed to solve in the first place.

Interpreting VPN audit results

If you can read the audit report or the VPN does accurately summarize it, then the results often seem alarming. We've seen reports which talk about finding 10, 15 or even more problems with a service, which sounds like it could be a very big deal.

Don't rely solely on numbers, though. The best independent audits often report on tiny details with minimal or no security impact. We've seen one report point out that an internal VPN function wasted a little memory by allocating 128KB of RAM when it only needed 64KB, for instance. That's an issue, but only a very small one, yet it was enough to get listed in the audit report.

What's more interesting is to see how many issues have been classed as critical - the most dangerous vulnerabilities. Usually, the report says the provider has fixed these, but that's not entirely reassuring. If a VPN made some big security blunders before the audit, it's entirely likely they'll make new ones after it.

Badge confirming that a VPN's no logging policy has been audited

(Image credit: VyprVPN)

How important are VPN audits, really?

The most impressive VPN audits cover all key areas of a service, including the apps, the servers, and the infrastructure that ties everything together. The more access the auditor was given, the more relevant the results should be.

Don't completely rule out smaller audits, though - they might still give you a general idea of what a provider can do. If an auditor only looks at Android VPN app but says they're amongst the best it's seen, that suggests this VPN has real expertise, and there's an above-average chance that's the case in other areas, too.

Always check the date of an audit, too. A provider might boast that it's 'fully audited', but if that was two or three years ago, it might not say much about how the service works now. 

Overall, though, we think every audit deserves some credit, no matter how narrow the scope, or whether you can read the report or not. At least the provider is making some effort to show you it's trustworthy, and that's more than you can say about many VPNs.

What about non-audited VPN providers?

After reading all this, you might be left wondering what the best advice would be if you choose to use the services of a non-audited VPN. As you’ll have seen from the providers included in the listings here, it’s many of the big names that tend to go for the full audit approach. 

That leaves plenty who don’t get audited, but you’ll probably err on the side of caution and go with a service that does. After all, using a VPN revolves around security and you’ll want to know that the service you’re using is right on top of that fact. What’s more, being audited means you’ve got that extra level of assurance that doesn’t come with using one of the lesser-known names that hasn’t bothered.

What about a cheap VPN?

If you’re still considering a cheap VPN though, there are plenty of services that will fit the bill. The fact that competition is fierce in the more affordable end of the VPN market also means that you shouldn’t have to put up with an inferior service either. While pricing is often at the top of the priority list for people looking at cheap VPN options, there is a surprisingly good level of service that comes with many of these budget bundles. 

You’ll frequently get all the main features and functionality that comes with a decent VPN, including easy to use encrypted internet connectivity, tools for tackling geo-blocked apps and the ability to stream TV shows, movies and your favorite sports from overseas, no matter where you happen to be situated.

Pay something for your VPN

Nevertheless, while there are free VPN options out there, and quite a few to choose from at that, it’s still best to spend at least something on a package. You can certainly pick from a dazzling number of free VPNs, but you can also expect to get rather less back than you would with one of the paid for options, let alone the more major players in the VPN marketplace. 

The other thing to remember is that there’s no such thing as a free lunch, so what you gain in not paying anything for your VPN, you might lose by being subjected to invasive advertising or, worse still, having your browsing data sold on - hardly the result you’re looking for with any VPN provider. There are usually limitations too, with many free VPN services unable to deliver streaming and torrent content. Again, trying the free route might actually end up being more trouble than it’s worth.

Stick with the VPN audit crew

All that brings us full circle and back to where we started off – VPNs that have allowed their services to be fully audited. While you might not be too bothered about who has, or hasn’t had an audit, the results outlined above speak for themselves. If you’re going to be using software that relates to security and is at the root of how, when and why you spend time online, there’s no getting away from the fact that a fully audited VPN is probably going to be the best way to go. 

Verified facts and figures speak for themselves, which means that one of the contenders listed in the best VPN services guide is likely going to be the optimal solution for your online needs.

Protect yourself with market-leading antivirus software.

TechRadar Pro created this content as part of a paid partnership with ExpressVPN. The contents of this article are entirely independent and solely reflect the editorial opinion of TechRadar Pro.

Are you a pro? Subscribe to our newsletter

Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By submitting your information you agree to the Terms & Conditions (opens in new tab) and Privacy Policy (opens in new tab) and are aged 16 or over.
Mike Williams
Mike Williams
Social Links Navigation
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.

With contributions from
  • Rob Clymo
  1. Microsoft Teams Room on Windows new page
    1
    One of the worst parts of Microsoft Teams is getting a welcome makeover
  2. 2
    Final Fantasy 16 may already have been outdone by a new 16-bit RPG
  3. 3
    The Galaxy S23 Ultra’s S Pen is a waste of valuable battery space
  4. 4
    Heard of the Ninja Speedi?
  5. 5
    Intel’s 31TB SSD sees huge price drop at Walmart but it won’t fit your PC
  1. Oura (Third Generation) smart ring
    1
    Apple Watch owners' next must-have gadget is a sleep-tracking smart Oura Ring
  2. 2
    Final Fantasy 16 may already have been outdone by a new 16-bit RPG
  3. 3
    Condivisione password, Netflix non sa più che pesci pigliare
  4. 4
    Microsoft Teams Premium is officially here for everyone
  5. 5
    Netflix is testing the loyalty of younger generations - and it won’t win
Technology Magazines
(opens in new tab)
  • ●
Technology Magazines (opens in new tab)
  • The best tech tutorials and in-depth reviews
From$12.99
(opens in new tab)
View (opens in new tab)

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).

  • About Us (opens in new tab)
  • Contact Us (opens in new tab)
  • Terms and conditions (opens in new tab)
  • Privacy policy (opens in new tab)
  • Cookies policy (opens in new tab)
  • Advertise with us (opens in new tab)
  • Web notifications (opens in new tab)
  • Accessibility Statement
  • Careers (opens in new tab)

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.