How to Pick a VPN

If you are looking to protect yourself and your computer communications by using a VPN, the hardest part often is knowing where to start.  There are dozens of companies providing VPN services for a fee.  How can you know which one is best for you?

There are a number of features to consider when shopping for a VPN service.  Some of the features to look for are:

  • Jurisdiction – You may want to look for a VPN service headquartered outside of the US.  Or Australia for that matter.  Australia just passed legislation requiring encryption vendors and services to provide a “backdoor” for law enforcement.  Look for a country with good privacy and identity protection laws for computer users.  The European Union, Switzerland, Sweden, or Hong Kong might be good choices.
  • Logging – You do not want to be choosing a VPN provider who logs your browsing history for any reason.  Logs can be subpoenaed by law enforcement.  You especially want to avoid a company selling this information for advertising or marketing purposes.  This is what you are trying to get away from, the intrusive location and browsing tracking a la Google and the rest.  Logging should be for billing purposes only.
  • Servers and IPs – Lots of VPN services brag about the number of IP addresses and servers they have, but this probably doesn’t really matter.  Theoretically, if they have a bigger pool of IP addresses, you are less likely to get the same one twice.  But this is mostly a canard.
  • Countries – If you are using your VPN to escape the packet sniffers at your local coffee shop, or to prevent tracking by your ISP or Google, the countries that your provider serves is not important.  If you are connecting to someone or something in Zimbabwe or Kirghistan, then you need a service with servers in that country, but other countries won’t matter to you..
  • Devices and connections – If you are trying to protect a smartphone, tablet, and laptop simultaneously, make sure your service provider allows for multiple simultaneous connections.  Also make sure they support your operating system, whether it is Windows, OSX, Linux, iOS, or Android.  If you are trying to set up a VPN using your Internet router or gateway device, make sure your service supports that platform, too.
  • Encryption method – Different companies and service offerings may use different encryption technologies to change the message from plaintext to cyphertext.  Not all methods are equal, some are stronger than others.  We will take a look at encryption option in our next post.
  • Speed – Everyone says they are the fastest, but this really depends on the speed of your Internet connection wherever you are (home, office, library, hotel) and the speed at the destination.  You will only go as fast as the slowest part of the route, and you really don’t have control over that.  This is why TOR can seem very pokey at times.  It depends where your route goes.  So speed is important, but not a decisive reason for choosing one vendor over another.
  • Price –  It is always enticing to choose the lowest priced alternative, but if you are using a VPN to hide from a drug cartel hit team, the cheapest VPN may be a bad decision.  If your use is for business or professional reasons, mid-range pricing may be fine.  If the situation is life and death – spending more may be the wiser choice.
  • Free Trial – Does your proposed VPN vendor offer a free trial period?  The first service you pick may not work the way you hoped. Longer is definitely better, to give you a fair shot at testing it for your own purposes.    A generous trial period will let you try before you buy, and you can try out several vendors before making a final selection.

You may need to do more research to make an informed selection.  Checking reviews of popular VPNs can help, but I would stick with well-known sources such as CDnet or PC Mag.  A quick search in Google will reveal dozens of websites dedicated to VPN ‘reviews” with names like, but most of them are sponsored sites promoting a particular service in exchange for advertising revenue.  Stick with independent sites for reviews.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.