10 things we wish more VPNs would do

Illustration of a padlock overlaid on a circuit board

Most VPN providers do their best to deliver the core features that customers expect: plenty of locations, decent speeds, simple clients, and fair pricing.

While that all sounds great – and of course it’s far from a bad thing – we don't think it's enough. These are the most basic technical aspects of a service, features you're entitled to get from every VPN. And you should have higher expectations from providers – companies who want to secure you as a subscriber must do more to win you over.

Such as? Good question. We've come up with 10 VPN-enhancing ideas that could help any provider deliver the service users need and expect.

ProtonVPN Ted Talk

(Image credit: ProtonVPN)

1. Tell us who they are

Every time you use a VPN you're entrusting it with some of your most important details, but many providers do absolutely nothing to show they deserve this trust. Often, you won't know who runs the provider, where it’s based, and indeed whether there's a real company behind the service, or it’s just some guy or gal reselling other people's kit from his or her bedroom.

The solution is simple, at least for genuine providers: stop hiding. Your service is supposed to be about preserving our anonymity, not yours.

So, make some changes. Add an 'About' page to the website to explain how the company started. Not with the usual vague "we're a group of privacy experts who decided to build the best VPN ever" line, but real details. Give us a name or two. Tell us when you started, where you're based, what you've done, give a contact email for questions and reply – quickly – to any messages received. You get the idea.

Surfshark server locations

(Image credit: Surfshark)

2. Present products clearly

Too many VPN websites cram their front pages with generic service benefits you understand already, ('we encrypt your Wi-Fi connection!', 'we give you a new IP address!'), while some of the most basic details, like the number of locations they support, might be hidden away on another page.

Searching the site won't always help. We often find providers spread information about specific topics all around a site, so for instance you might find a couple of sentences about logging on the front page, more details in a FAQ, another take in a blog post and a contradictory view in the small print. Which is correct? There's usually no way to tell.

Here's a revolutionary thought. What if providers actually made an effort to collect relevant information together, make it easier to find, and then present it more clearly?

That means no more saying 'we've got a kill switch', and then leaving the user to spend 30 minutes browsing the website, before they eventually find out that there's only a kill switch on Windows and the other apps are unprotected. Just make the situation clear up front, link to a support page with more details if you like, and you're done. Easy.

ExpressVPN blog

(Image credit: ExpressVPN)

3. Shout about their achievements

The best VPN providers need to show they're active, have real technical expertise and are always working to improve the service. The key word there is ‘show’ – we don't want to read empty claims on the website, but instead see real evidence that this is an active company which knows what it's doing.

This starts with the provider's public face. Social media, blogs and news pages should always be kept up-to-date. Not just with pointless filler, either, like repeated discount offers or retweets of other sites. Give us useful content, maybe expanding on a support issue, pointing users at a relevant new open source tool, or anything else that shows you understand what we need.

The reality is, users need to know a lot of this stuff. Added some locations, a feature, maybe fixed a bug? You've problems unblocking some streaming platforms, or maybe you've started unblocking others? We need to know, so that we can take advantage of new features where they're available, and don't waste time trying to fix problems locally when they're actually the provider's fault.

This information must be easy to access, too. Don't spread it around the web: users don't want to have to visit four Release Notes pages, two app stores, a System Status page, your blog and Twitter account to get a full picture of what's going on. Our lives will be much easier if you give us a single source which covers all your latest news.

WireGuard logo

(Image credit: WireGuard)

4. Support WireGuard

VPN protocols govern every detail of how data moves between your device and a VPN server, so providers should never add support for new protocols until they're sure they offer 100% rock-solid security.

It feels like some VPNs have been saying they'll implement WireGuard for years, though, and somehow they still haven't quite got around to it. The protocol is regarded as secure enough that it was added to the Linux kernel back in March 2020: what else are the late adopters waiting for?

This isn't some technicality, either. Our speed tests regularly show WireGuard connections have download speeds around two to five times faster than OpenVPN. It's a change you can feel, one that makes a real difference to your VPN experience.

It's time for providers to get real, then. Stop making excuses for why you're not offering WireGuard yet, and just get it done, before your customers lose patience and move to a more up-to-date provider.


(Image credit: Windscribe)

5. Get flexible with their pricing

Paying for a VPN normally forces you to choose from a few standard options: either you go for an overpriced monthly plan, or to get the best price you spend a chunk of cash on plans covering one, two, three or more years. These aren't exactly flexible options, and they're unlikely to appeal to light VPN users (and that's a huge audience.)

We'd like to see providers take a more imaginative approach, where the many people who use these services occasionally aren't paying more to sponsor the relatively few P2P users who have their VPNs for torrenting and gobble up hundreds of gigabytes of traffic a week.

A few providers are doing something like this already. Sign up for Windscribe's Build A Plan scheme and you can get unlimited data for $1 a month, and add more locations for $1 each. If you're happy with a single location, you'll only pay $2 a month, billed monthly (most monthly plans are $10 or more.)

But there are other possibilities. Why not allow users to buy, say, a 100GB block of data which doesn't expire at the end of the month? It's easy to see the provider's answer: because that might last them six months, and it's much more profitable to sign them up for a regular subscription. We think there's a significant group who don't want to sign up for a long-term plan, though, and surely it's better for a provider to have these users with them on a PAYG basis, than not at all.

ProtonVPN apps are open source and audited

(Image credit: ProtonVPN)

6. Get a proper security and no-logging audit (and publish the full report)

Sign up with a VPN and you're allowing the provider to protect all your most sensitive online activities, so it's important you can be sure they're trustworthy.

The industry has realized that in recent years, and many providers now try to prove their privacy credentials by putting themselves through a public VPN audit. (Essentially, they hire a respected third-party company to inspect the service and confirm there's nothing shady going on.)

The first problem with this scheme is many providers haven't had any kind of audit. We can sympathize with that, to a degree; it's expensive, smaller providers might struggle to afford it.

But our main issue is even when providers do get audits, these may not be as meaningful as you think. Some might cover such a small part of the service (just the browser extensions) that they prove nothing at all. Other providers boast about audits they took years ago, which prove nothing about what they're doing now. And many give you a few quotes from the audit report, but don't publish the whole thing, so you're left to trust they're telling you the whole story.

We think, if you're going to audit your service, do it properly. Allow the auditors to inspect everything; publish their report in full; and commit to do it all over again, every year or two. Some providers do this already - Tunnelbear published its fourth annual audit in 2021 - and it's time for the rest of the industry to catch up.

Hide.me supports all major cryptocurrencies

(Image credit: Hide.me)

7. Accept Bitcoin

If a VPN says it's a fan of anonymity and privacy, then maybe it shouldn't ask us to pay by card, and log our IP address, and store our payment details indefinitely. And then claim to protect those details with some generic clause along the lines of ‘we promise not to share them, ever, unless we really have to, but it'll all be fine, honest.’

Here's a better approach: just accept Bitcoin (and, ideally, other cryptocurrencies, too.) 

There are already plenty of providers doing just that - Hide.me, ExpressVPN, NordVPN, Surfshark, Private Internet Access and others - but we'd like to see many more.

Mullvad account creation

(Image credit: Mullvad)

8. Allow anonymous signups

No matter how clear and detailed a VPN’s privacy policy might be, it's not an absolute guarantee of anonymity. The reality is it's still just a form of words, and you can't be completely sure a provider will deliver what is promised.

That's why VPNs should provide an extra layer of protection by allowing truly anonymous accounts. Don't ask for names, countries, phone numbers, not even email addresses – none of that is absolutely necessary.

Allow Bitcoin payments, as we suggested previously, and users become much safer. Even if an internet action is linked back to their account, there's little or no data which links the account back to them.

Unrealistic? Nope – Mullvad does it right now. Try it: go to the Mullvad site, click Get Account, complete the CAPTCHA and click Generate Account Number. That creates the ID that represents your account instead of an email address, and you can immediately download a client and sample the service for free with a brief three-hour trial.

ExpressVPN range of VPN routers

(Image credit: ExpressVPN)

9. Offer a VPN router

Most VPNs love to boast that you can use the service on ‘all your devices’, but this isn't always easy. You'll need to separately install clients on every mobile, desktop PC and tablet – maybe set up OpenVPN on unsupported devices – and then figure out how to manually set up smart TVs, game consoles and whatever else you need to use. All while trying to avoid falling foul of the VPN's limit of maximum simultaneous connections.

You can manually set up some services to run on a router, but unless the provider has a quality app (ExpressVPN is a great example) this can introduce many more issues. You can't customise your settings per device, for instance: everyone uses the same protocol, location and more.

Life is much easier if providers offer VPN routers with flexible apps. Getting started becomes as easy as plugging the new router into your old one and providing your account ID. Once it's authenticated, the router appears on your local list of wireless networks and you can log in as usual from any device.

ThunderVPN app interface

(Image credit: Thunder VPN)

10. Get some interface imagination

You're a developer at a VPN provider. You're designing an app interface. Do you spend time trying to come up with something innovative, better than anything that's been done before? Or do think, nah: we'll go with portrait orientation, list of locations, big Connect button, Favorites tab, Settings icon, just like everybody else but not bad for two minutes work. Finished! And time for a coffee.

Okay, there are pluses in having a familiar interface which you can use immediately, but that's not an excuse for the lazy identikit designs we see from some providers.

Why do so many Windows VPN apps use cramped mobile-style interfaces, rather than take full advantage of the extra screen real estate, for instance? We've seen some with tiny location lists which display only four or five countries at a time, and they generally can't be resized to show more.

(There are some great exceptions. Proton VPN's Windows app has a big map, but if you resize this, it automatically adjusts. And if you actually like a compact mobile-type interface, shrink it to the minimum size and that's what you'll get.)

If you've used a few VPN apps you'll have gone through plenty of similar usability hassles over the years. Enough! It's time for providers to stop lazily following the same designs they've used for years, and invest some real time and effort in upgrading their apps with the usability improvements their customers deserve.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.