Criteria To Consider When Purchasing A VPN

I read somewhere recently that there are over 500 VPN companies world-wide in 2019, but what really separates one from the other? How can you be sure which company is best? Well, yesterday I came across this list from Comparitech Privacy Advocate and Raul Bischoff, which is think constitutes the best explanation I have seen to date – which is why I am republishing it here today.

Please note that VPN’s are not a tool for criminals, they are tool through which you can protect your own fundamental rights to freedom and privacy – rights which Governments all around the world are slowly but surely trying to take away from us. So, when you read about Anonymous forms of payment below, this doesn’t mean researchers are trying to show you something dark or illegal, but are rather pointing out which companies are willing to go the furthest to protect your data, identity and privacy – ideals which should be at the heart of any/every VPN specific company. After-all, this is literally the only purpose a VPN serves.

1.) Traffic logging policy: Traffic logs refer to records of user activity and the content they viewed while using the VPN. A VPN provider should have no traffic logs of any sort whatsoever.

2.) Metadata logging policy: This refers to logs that contain the source IP of users. Not considering bandwidth or timestamp logs, which contain no identifying information.

3.) VPN protocol: Must use a secure VPN protocol such as OpenVPN, L2TP, SSTP, or IKEv2.

4.) Channel encryption: Must use the AES 128-bit algorithm or higher.

5.) Authentication protocol: Must be SHA256 or better. SHA1 has vulnerabilities, but HMAC SHA1 is arguably still safe and doesn’t suffer from collisions, so points are not deducted for HMAC SHA1.

6.) Key exchange: RSA and DH keys must be 2,048-bit or higher.

7.) Perfect forward secrecy: Session keys cannot be compromised even if the private key of the server is compromised.

8.) DNS leak protection: DNS leak protection must be built into the provider’s apps.

9.) WebRTC leak prevention: WebRTC leak prevention must be built into the provider’s apps.

10.) IPv6 leak prevention: IPv6 leak prevention must be built into the provider’s apps.

11.) Kill switch: VPNs should have a kill switch that halts traffic when the VPN connection drops is a must.

12.) Private DNS servers: The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.

13.) Servers: Physical server are preferred.

14.) Anonymous payment methods: Accepting Bitcoin as payment earns the point, but also take note of those who accept gift vouchers and other cryptocurrencies.

15.) Torrenting policy: Downloading via BitTorrent must be allowed.

16.) Country of incorporation: Special consideration if a VPN is incorporated outside of the 14 Eyes: Australia, Canada, New Zealand, the United Kingdom, United States, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.

Learn More – Data Servers v Country of Origin:

Read Full Doc:

[pdf-embedder url=””%5D

** If you cant navigate the document, hover your mouse over the pdf (above) and notice the up and down arrows at the bottom left. These will help you flip through the pages **


Survey: Despite Buying Smart Devices, 80% of Customers Claim Not To Trust Any Internet Connected Devices

Earlier this week, funded by BlackBerry, researchers working at Atomic Research released the result of a new study designed to gauge the public’s level of trust in the devices they purchase, as well as what their levels of expectation were for the regulation of data security and privacy as it relates to the internet connected devices or products they buy. Conducted throughout the early half of December 2018, researchers interviewed approximately 4,100 individuals across three countries – the United States, United Kingdom and Canada – revealing that:

  • 80% say they do not trust their current internet connected smart devices to secure their data or privacy
  • 84% said they would be more likely to buy a product based on their historic reputations for protecting data/privacy
  • 82% of respondents said they would embrace the adoption of a set of industry standards regulating the data privacy industry, requiring devices to be certified before being released to the public
  • 25% of respondents stated that they trusted their own in car AI from Google more than any other, followed by Siri (19%) and Alexa (16%)
  • 67% of respondents stated they would pay more for a car if they knew it offered more secure software than a competitor
  • 58% said they would pay more for Internet of Thing (IoT) devices if they offered built in security
  • On average, 20% of respondents said they would pay up to 10% more for any product for the piece of mind knowing it was more secure
  • 36% of respondents claim to have no knowledge whatsoever of any industry standards or security certifications when it comes to data security

Results from study:

Browse Through The Release:

[pdf-embedder url=””%5D