VPN
(Photo by Petter Lagson on Unsplash)

You’ve probably been online for a few hours today.

In that time, your browsing habits were exploited, your privacy was compromised and you were most likely overcharged for something.

Consider this is a wakeup call — and then start using a virtual private network (VPN) for all your browsing posthaste.

Setting one up is pretty easy, and you can find the basics of VPNs here. Before you toss this aside as another bit of cyber-fear-mongering that is more trouble than it’s worth, know that the benefits are huge. A good VPN will keep your online activity private, unblock restricted websites and encrypt your connections. It’ll also score you some killer airline deals.

Below, we chat with William Chalk, a researcher at Top10VPN (the world’s largest VPN review site, featured recently in the New York Times, Bloomberg and NBC News) about the benefits of a virtual private network, why you shouldn’t trust the free services and the 10 things you should look for when you’re VPN scouting.

InsideHook: How do you rate and review VPNs? Why are you guys the standard?

William Chalk: Our team regularly runs every VPN through a comprehensive test program. We watch for speed, reliability, security and service. We test across multiple devices for service offering and for key features like kill-switches, AES-256 encryption and split tunneling, privacy flaws like DNS, IP or WebRTC leaks, and the ability to bypass censorship. We’ve developed a global speed testing network that runs every day to deliver accurate and up-to-date figures on speed and connection strength. Our reviews are 100% impartial and free from outside influence; we never take compensation in exchange for positive coverage and providers never have a say in how we rate the products we review.

IH: Should you pay for a VPN? We hear they can be an issue.  

WC: The free VPN marketplace is riddled with apps that are not safe to use. Some are simply redundant (they won’t keep your data secure or your location private) while others will monitor and record what you do online and sell your personal data to third parties.

We recently tested the top 150 free VPN Android apps, which revealed many had security flaws and performance issues. 25% fail to protect user privacy due to DNS and other leaks, while 85% feature excessive permissions or functions with potential for serious privacy abuses. Many of these permissions are categorized as “dangerous” in the official Android developer documentation, including access to location tracking, personal information, camera and microphone access, contacts and even secretly sending SMS messages. As well, 18% of all apps returned positive matches when scanned for potential viruses or malware.

As a result, choosing the wrong VPN service can sometimes be worse than not using one at all. There are a few good free VPN providers out there — like Windscribe and ProtonVPN — but they’re limited in their use, have data caps and simply can’t compare to a good paid provider.

We also looked into the companies operating the top free VPN apps, and some of our findings were disturbing. The vast majority of companies make it very difficult to find out where they are based and who is involved, while 59% have links to China despite its strict ban on VPNs and notorious internet surveillance regime. Many of these explicitly shared data with Chinese third parties.

Users can always try out a top-tier VPN with a free trial. But ultimately, if you’re really concerned about security, privacy and reliability, you should be using a paid VPN. [Note: You can see Top10VPN’s best free VPNs here.]

(Illustration via Top10VPN.com)

IH: Beyond a VPN, should I do anything else to protect my privacy?

WC: It really depends on how private you want to be and exactly who you’d like to protect your data from. You could connect to a VPN and then use the [privacy-forward] Tor browser if you’re really worried, but combining them is overkill for most people and you’d have to choose a provider that supports this. You might be better off using Tor for specific reasons, like private browsing on a public computer, and a VPN for general all-round internet use.

Other than a VPN, there are some general best practices for privacy protection:

  • Maintain effective and updated antivirus/antispyware software
  • Use secure HTTPS websites wherever possible, especially when conducting transactions online.
  • Strong passwords changed regularly — I recommend using a password manager like LastPass, which generates and stores these passwords in one secure place.
  • Turn off third-party cookies in your browser. You can also disable Javascript, though this will make some pages non-functional. It’s worthwhile using a trusted extension to block ads and tracking scripts and disabling any unused plugins.
  • Use private browsing mode and stick to the recommended browsers for privacy, or use a dedicated private browser like Epic. Make sure to change browser settings to opt out of tracking and disable location data.
  • Switch to a private search engine like DuckDuckGo, which doesn’t track personal data or search history.
  • Use digital currency.

In terms of privacy from commercial data collection (Google, Amazon, data brokers, etc.), there’s little you can do besides tempering your use of these services, blocking ads and tracking scripts, and minimising the amount of personal data you reveal.

IH: We noticed you can save money booking travel if you use a VPN. Outside of that example and the benefit of online anonymity, are there other hidden benefits to using a VPN?

WC: Privacy and the security of your network is the priority, but VPNs can also unblock censored websites, allow access to geo-blocked content and open up a new world of streaming services. They can circumvent speed throttling and reduce latency when gaming (in some cases).

IH: Let’s say I’m new to VPNs. What should I be looking for?

WC: You should make your choice based on:

  • Reputation. How well is it received by experts?
  • Speed.
  • Size of server network and server locations. Does it work in the countries you need?
  • Does it work on popular streaming services?
  • What platforms and devices does it work with?
  • What is its logging policy? Is the privacy policy fair and transparent?
  • What additional features does it support? E.g. DNS leak blocking, Kill switch, split tunneling, IPV6 leak blocking, etc. (Editor’s note: Here’s a helpful glossary.)
  • Which protocols and what encryption standard does it offer?
  • Where is it incorporated? E.g. is it a UK company or based in the British Virgin Islands?
  • Setup process, availability of extensions.
Express VPN
(Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)

IH: What is your VPN recommendation for 2019?

WC: Based on this criteria, we recommend ExpressVPN as the best all-round VPN for 2019. NordVPN comes second, and IPVanish third. You can find our rankings (and reasonings) for 2019 in our best VPN 2019 roundup.

IH: What’s the biggest myth about VPNs?

WC:

  1. That you don’t need a VPN if you’re not breaking the law. VPNs are designed to encrypt your communication, thereby securing your data. Shopping, online banking, streaming, and privacy protection from ISP monitoring are all legitimate and common use-cases.
  2. VPNs slow down your connection. The speed of your VPN is obviously limited to the speed of your internet connection, but using a legitimate and high-quality VPN should only slow your connection a negligible — and usually unnoticeable — amount.
  3. Free VPNs are fine/all VPNs are equal. We’ve covered this.
  4. VPNs offer total anonymity/security. A VPN won’t protect you from malware and other attacks, and there are multiple ways to reveal your identity online while using a VPN. It’s just one core piece of a larger puzzle.