VPN security and encryption is a rather tricky business when you start digging deeper into the various issues involved. As you’re probably aware, the fundamental purpose of a VPN is to increase your online security and privacy by sending your data through an encrypted tunnel, keeping it away from the prying eyes of governments, ISPs, or indeed malicious types like hackers.
If you want to easily pick out the most secure VPN provider with top-notch encryption, we’ve done the hard work for you and compiled our top five choices right here.
- Check out the best VPN
Most secure VPN in 2019
Best all-round VPN for security and encryption
Number of servers: 2000 | Server locations: 148 | IP addresses: 30000 | Maximum devices supported: 3
With ExpressVPN, you get every ounce of security you could possibly want. The provider uses AES 256-bit encryption and OpenVPN almost exclusively. Additionally, the company uses an RSA-4096 handshake (a form of connection negotiation between your device and a VPN server) and SHA-512 hash message authentication code (HMAC), along with PFS (Perfect Forward Secrecy).
WebRTC leak protection, DNS leak prevention, and a kill switch round off an impressive security effort. Furthermore, the company uses its own private, zero-knowledge 256-bit encrypted DNS on each server.
There is no free plan or trial to test the waters here, though, and the price tags on the three available subscriptions are somewhat higher than many rival VPNs (especially the monthly plan).
Still, you do get a 30-day money-back guarantee, and if you opt for the 12-month plan (with three months extra thrown in for good measure), you’ll be getting a solid value proposition – particularly considering the security features on offer here. The packages available are:
- [$12.95 a month] 1-month
- [$9.99 a month] 6-months - $59.95
- [$6.67 a month] 12-months (plus 3 free months) - $99.95
Best VPN for double encryption
Number of servers: 5206 | Server locations: 62 | IP addresses: N/A | Maximum devices supported: 6
This Panama-based outfit has some real strengths security-wise, most notably ‘Double VPN’ technology which routes your connection through two separate VPN servers (instead of just one) for an additional layer of security.
There are a limited number of Double VPN servers, but the service also offers the usage of the Onion network over VPN, as well as automatic blocking of suspicious websites and ads. 256-bit AES encryption is on hand, while the IKEv2/IPsec security protocol has been adopted as the default in NordVPN’s apps for iOS and macOS, with OpenVPN being the choice for Windows and Android.
The service delivered on the performance front in our tests, and you can connect with a wide range of available clients (plus there are a number of tutorials for devices which don’t have native clients provided). As for privacy, the company implements a ‘no logs’ policy, so it’s all good in that regard.
On the subscription front, NordVPN offers some affordably priced commercial plans (the expensive monthly subscription aside), along with a 30-day money-back guarantee. The limited 3-year plan is great value if you’re happy to make that commitment. The packages available are:
- [$11.95 a month] 1-month
- [$6.99 a month] 1-year - $83.88
- [$3.99 a month] 2-years - $95.75
- [$2.99 a month] 3-years - $107.55
Number of servers: 700+ | Server locations: 70+ | IP addresses: 200,000+ | Maximum devices supported: 3-5
VyprVPN manages its own network which is noticeable instantly, with the service performing amazingly fast. There is a good number of server locations too, so there will be no trouble finding a good connection.
The provider isn't just about speed, it's equally impressive in the security section. Apart from the standard protocols, the service uses the Chameleon protocol which makes it harder for others to detect that you're using a VPN. In other words, it will prevent DPI and VPN blocking. Kill switch and leak protection are also available, and VyprVPN uses its own encrypted zero-knowledge DNS service.
A 3-day trial is available if you want to test out the service, which is a good thing since the company doesn't offer refunds. There are only two plans, with the option of monthly and annual payment. The premium plan is definitely a better choice due to "extras" like the Chameleon protocol. The packages available are:
- Basic: $9.95 monthly or $3.75 per month billed annually
- Premium: $12.95 monthly or $5.00 per month billed annually
Great mix of power and performance
Number of servers: 1100+ | Server locations: 60+ | IP addresses: 40000+ | Maximum devices supported: 10
In our performance testing, IPVanish delivered excellent download speeds for nearby servers, while still managing above-average speeds over longer distances. Native apps are available for all the major platforms, with setup instructions for many others.
The software gives you more than enough low-level settings to tinker with, should you wish, although there is a slight downside with the Windows client. We found the latter was somewhat prone to network issues and didn’t play nice at all if rival VPN clients were installed on the host PC, so bear this in mind.
Moving onto security, IPVanish uses AES-256-CBC encryption with an SHA256 hash algorithm, multiple protocol support, a kill switch (lacking on mobile apps), IPv6 leak protection, both proprietary and third-party DNS, as well as an OpenVPN scramble solution to help avoid the VPN connection being detected and blocked. The service is also one of our favorites when it comes to privacy.
You’ll have to cough up some cash in order to enjoy this service, though, as there’s no free trial to test it (unless you sign up for the iOS app). The prices aren’t the cheapest around, although the yearly plan offers more than palatable value-for-money, and you can save more by signing up through TechRadar’s special offer, of course. The packages available are:
Best balance of performance and price
Number of servers: 223 | Server locations: 20 | IP addresses: N/A | Maximum devices supported: 5
Hailing from Italy, AirVPN is an OpenVPN-based service operated by “activists and hacktivists in defense of net neutrality, privacy and against censorship”. As a result, you get a refreshingly transparent provider that openly addresses all key security and privacy aspects, as well as other details. A good example is that AirVPN guarantees users a minimum allocated bandwidth of 4Mbps (downloads and uploads) upfront.
You get the full scoop on what’s happening on the security front. High-level encryption includes 4096-bit RSA keys, an AES-256-CBC data channel, HMAC SHA1 control channel, and internal VPN DNS solution, and PFS, while every server supports OpenVPN over SSH, OpenVPN over SSL and OpenVPN over Tor. Also, recently the full IPv6 support was added, as well as "tls-crypt" support.
In our tests, performance was fast when using local servers, although we did find subpar speeds with some servers. The company has servers in 20 countries, which is on the low side compared to some rivals.
The native Windows client has an awkward interface that doesn’t help its cause, but on the other hand, it sports numerous bells and whistles that help facilitate a more pleasant VPN experience.
There are six available plans that are fairly affordable overall. There’s a 3-day plan which acts as a cheap alternative to a full-access trial, but as ever, the 2-year plan is the go-to option for the best savings. The packages available are:
- [$1.20] 3-days
- [$8.39 a month] 1-month
- [$6.00 a month] 3-months $17.99
- [$6.00 a month] 6-months - $35.98
- [$5.40 a month] 1-year - $64.76
- [$4 a month] 2-years - $96
Security and Encryption
Encryption can only go so far. If the authorities demand logs or other details on users from a VPN firm, encryption won’t stop the provider from handing said details over – which is why you should always be on the lookout for a firm which has a super-solid ‘no logs’ policy. That’s because while encryption might keep your data private and unreadable to your ISP, it’s still visible to the VPN.
So that’s one of the common misconceptions about VPN security and encryption with regards to online privacy. Further misunderstandings can stem from the mishmash of jargon that surrounds talk of encryption, which is all likely to be meaningless to the casual VPN user. Terms like 128-bit, 256-bit, AES, and other jargon is likely to confuse, so a bit of explanation is in order.
Encryption relies on advanced mathematical formulae to work its magic. Some types of encryption are stronger than others, and that’s where the terms 128-bit and 256-bit come in – the latter is stronger than the former. AES stands for Advanced Encryption Standard and is the computer cipher or the actual algorithm used to perform the encryption.
Blowfish and AES are by far the most common ciphers found in daily VPN usage, and you’ll most commonly see VPN providers offering AES 256-bit encryption. The latter is something of a worldwide standard for solid security, with 256-bit encryption producing a staggering 1.1579 x 10 to the power of 77 possible keys.
Given that, even if you were using the combined power of all the world’s most powerful supercomputers, it’s not possible to pull off a brute-force attack to crack a symmetric 256-bit key (not before the death of the universe rolled around, anyway).
Also worth a mention is Perfect Forward Secrecy (PFS), a system of private encryption keys generated for each new session – this basically ensures that even if the current particular key in use is somehow compromised, the encryption of past sessions can’t be cracked (because they all use a different key).
As for VPN protocols, on the security front, OpenVPN is the recommended choice under most circumstances due to its inherent safety and high configurability.
Those are the basics when it comes to VPN encryption, without delving into the depths of the subject.
- We’ve rounded up the best free VPN