It all starts with a list of trustworthy companies that have a ready-to-use consumer VPN product. Trust is the core of all VPNs — and why we strive for accuracy in all our reviews and recommendations.
Here are the criteria we use along with the weight we give each factor in our reviews.
Contents
Jurisdiction
Impact on reviews: High
The location where the VPN company is registered determines the laws that govern its behavior. Note that jurisdiction is not the same as headquarters. We check each VPN company’s registration location to determine if it’s in a country with strong privacy laws. If these laws allow for data-sharing agreements, we give them a low score in this section.
Speed Testing
Impact on reviews: High
We list the VPN’s claim for speed in megabits per second (Mbps) but then we also test this claim using Speed Test.
First, we do one test without using the VPN. Immediately thereafter, we test again by connecting to three countries available from the VPN’s server list:
- US
- UK
- An Asian country like China or Japan, depending on the number of servers available with that VPN provider
We categorize speeds as follows:
- Faster than average
- Average
- Slower than average
This method gives a good overview of server speeds on 3 continents. However, note that the speed varies by ISP and location.
Security Evaluation
Impact on reviews: High
Security is arguably the most important factor when choosing a VPN. We take several factors into account when deriving a VPN’s security score, in order of priority:
- Number and frequency of security incidents
- Third-party audit(s)
- Encryption types offered
- DNS leaks
- WebRTC leaks
- Country of jurisdiction
We search their court case history, logging, headquarters, owners, reputation, and more.
Company profiles and 3rd party audit reports, if available, usually give us an overview of a company’s business practices.
We check if the VPN uses strong encryption standards (ideally AES-256). The VPN gets a good score if it supports multiple secure protocols such as OpenVPN, IKEv2/IPsec, WireGuard, and any proprietary protocols.
Leak tests are done after connecting to a random server of the VPN. We use 4 main web tools to detect DNS leaks – our very own VPN Testing platform and 3 other standard ones for additional information.
Privacy Assessment
Impact on reviews High
Privacy is a combination of several areas that we use to review VPNs: the company’s privacy policy, the presence of kill switch functionality, whether the provider logs users’ activities, and whether its jurisdiction belongs the “5 Eyes” alliance or similar data-sharing agrements.
It’s also impacted by whether or not the VPN supports torrenting, multi-hop encryption, and split tunneling.
Privacy Policy
We read the VPN’s entire privacy policy word-by-word. Some of the things that we call out are data collection practices, data retention policies, and sharing with third parties and law enforcement authorities.
Kill Switch
A good VPN needs to have a kill switch to ensure that there are no leaks in case your internet connection drops at any point. We test this functionality by intentionally disconnecting from the internet at a point and then connecting again.
No Logs
We look at whether a VPN claims to not keep any logs of user activity including sites visited, device details, IP addresses, etc. We verify this claim by looking for features such as RAM-only servers and the VPN company’s historical response to court warrants asking for user data.
Note that many VPNs do collect non-sensitive data such as total bandwidth usage, date of last connection, and billing details. This data is important for purposes such as product improvement, troubleshooting, and refunds. We will not mark a VPN down for such data as long as it is stored securely.
Torrenting
We check if the VPN supports torrenting and offers good speeds to enable faster downloading.
5/9/14 Eyes Agreements
If a VPN company has its jurisdiction in a 5/9/14 Eyes country, it is more prone to share user information due to the intelligence-sharing agreements and laws in these countries. Ideally, a VPN that does not store logs or has RAM-only servers would not be able to turn in any data. However, we will still call out the risk to enable readers to decide.
- 5 Eyes Alliance Countries: Australia, Canada, New Zealand, United Kingdom, United States
- 9 Eyes Alliance Countries: The countries above and Denmark, France, Netherlands, Norway
- 14 Eyes Alliance Countries: The countries above plus Belgium, Germany, Italy, Spain, Sweden
Split Tunneling
We check if the VPN offers split tunneling to enable users to have a section of their apps connect directly without going through the VPN tunnel.
Multi-Hop Encryption
For extra security, a good VPN should have multiple ‘hops’ between various servers to make it difficult to trace traffic back to the user.
Cost Rating
Impact on reviews: Medium
As a baseline, we look at how much a month-to-month subscription costs. We have 4 tiers for pricing:
- Free
- Cheap: Less than $6.00
- Average: $6.01 – $11.99
- Premium: $12.00+
We may also bump up the score in this section based on the discount you can get when clicking through via our links.
Performance and Usability Testing
Impact on reviews: Medium
In this scoring category, we take into account how easy the VPN is to use and how it performs under load. Performance includes the number of servers available, how many devices you can use with it, and how easy it is to start using.
Apps Supported
Windows, Mac, Linux, Android, iOS, Router, LGTV, Samsung TV, Amazon Sticks, Consoles
Streaming Services Blocks
We test for Netflix blocking from 3 different US servers and torrenting as well. If a connection is established the first time when torrenting with the server, we don’t repeat the process. However, if it fails, we will try 2 more servers.
Here are all the streaming services we test:
Netflix US, BBC iPlayer, Amazon Prime Video, Hulu, Fubo, Sling TV, Disney+, Apple TV+, and Max
Ease of use
We tune every knob and checkbox checking for usability issues. Setting up the software is part of the user experience and it’s important to take note of the time spent on configuring the client.
Not all VPNs have a standalone program. If the configuration files must be integrated with VPN-implementing software like OpenVPN, we note it as a drawback.
If the provider offers service on iOS or Android devices, we also do a simple usability test to see how navigation through the application feels for the users.
Does it Work in China?
We also test from an international perspective. We use data gathered by Circumvention Central, a tool from the nonprofit GreatFire. It offers a live table of VPNs alongside their stability and speed from within China. They rely on testers and users in China to get this data.
Customer Support Rating
Impact on reviews: Medium
We score a VPN’s customer support based on how many ways you can contact them (email, phone, text, chatbot, etc.), how many languages they offer, and whether it’s available 24/7. Multiple support methods are always preferable.
Additional Features Review
Impact on reviews: Low
In this category, we assess all the extras a VPN offers with its basic service to determine how much value is added to your subscription. Additional features include ad blocking, malware protection, dark web alerts, mesh networks, dedicated IP addresses, and other perks.
Scoring
For each category above, we give each VPN a score of 1 (worst) to 10 (best) and then add up the scores and rank the VPNs.
But we don’t stop with the score. Our reviewers and editors realize that for different use cases, some categories should count more than others so we may weigh them differently, depending on the use case.
A Final Note
Any website that you visit can currently see the following information about you:
- IP Address
- Location
- Internet Service Provider (ISP)
Don’t want to share this information? Use a VPN!
We recommend ExpressVPN as our top overall pick.