I read somewhere recently that there are over 500 VPN companies world-wide in 2019, but what really separates one from the other? How can you be sure which company is best? Well, yesterday I came across this list from Comparitech Privacy Advocate and Raul Bischoff, which is think constitutes the best explanation I have seen to date – which is why I am republishing it here today.
Please note that VPN’s are not a tool for criminals, they are tool through which you can protect your own fundamental rights to freedom and privacy – rights which Governments all around the world are slowly but surely trying to take away from us. So, when you read about Anonymous forms of payment below, this doesn’t mean researchers are trying to show you something dark or illegal, but are rather pointing out which companies are willing to go the furthest to protect your data, identity and privacy – ideals which should be at the heart of any/every VPN specific company. After-all, this is literally the only purpose a VPN serves.
1.) Traffic logging policy: Traffic logs refer to records of user activity and the content they viewed while using the VPN. A VPN provider should have no traffic logs of any sort whatsoever.
2.) Metadata logging policy: This refers to logs that contain the source IP of users. Not considering bandwidth or timestamp logs, which contain no identifying information.
3.) VPN protocol: Must use a secure VPN protocol such as OpenVPN, L2TP, SSTP, or IKEv2.
4.) Channel encryption: Must use the AES 128-bit algorithm or higher.
5.) Authentication protocol: Must be SHA256 or better. SHA1 has vulnerabilities, but HMAC SHA1 is arguably still safe and doesn’t suffer from collisions, so points are not deducted for HMAC SHA1.
6.) Key exchange: RSA and DH keys must be 2,048-bit or higher.
7.) Perfect forward secrecy: Session keys cannot be compromised even if the private key of the server is compromised.
8.) DNS leak protection: DNS leak protection must be built into the provider’s apps.
9.) WebRTC leak prevention: WebRTC leak prevention must be built into the provider’s apps.
10.) IPv6 leak prevention: IPv6 leak prevention must be built into the provider’s apps.
11.) Kill switch: VPNs should have a kill switch that halts traffic when the VPN connection drops is a must.
12.) Private DNS servers: The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.
13.) Servers: Physical server are preferred.
14.) Anonymous payment methods: Accepting Bitcoin as payment earns the point, but also take note of those who accept gift vouchers and other cryptocurrencies.
15.) Torrenting policy: Downloading via BitTorrent must be allowed.
16.) Country of incorporation: Special consideration if a VPN is incorporated outside of the 14 Eyes: Australia, Canada, New Zealand, the United Kingdom, United States, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.
Learn More – Data Servers v Country of Origin: https://roguemedia.co/wp-content/uploads/2019/10/Data_v_Country.pdf
Read Full Doc:
** If you cant navigate the document, hover your mouse over the pdf (above) and notice the up and down arrows at the bottom left. These will help you flip through the pages **