If you’re looking at starting to use a VPN, you should be aware of the features that you want to have. Obviously, everyone wants a VPN that is fast, reliable, and cheap, but it’s a little more difficult to know which security and privacy features are really key to a strong VPN.
Encryption is the single biggest aspect to keeping your browsing data private and secure from your ISP and when using unsecured Wi-Fi networks. Encryption is a process that scrambles your data using a cryptographic cipher and an encryption key. Any encrypted data can only be decrypted by the right encryption key, without it the encrypted data is meaningless.
The most secure modern cryptographic cipher is 256-bit AES. AES stands for “Advanced Encryption Standard”, while 256-bit denotes how many possible encryption keys there are. A 256-bit encryption key has 2^256 possible combinations of keys. The number of potential encryption keys is so large that even if you had the dedicated resources of a super-computer for centuries, you’d still be statistically unlikely to guess the right one.
Tip: “2^256” is a mathematical shorthand for 2 multiplied by itself 256 times. To put it in perspective, scientists believe there are fewer atoms in the universe, than there are possible 256-bit encryption keys. It is unimaginably difficult to guess the correct encryption key.
VPNs that offer 256-bit AES encryption are providing the best possible encryption for your data. Alternatives such as 128-bit AES are still more than secure enough, but 256-bit AES is the gold standard, and if it’s an option, it’s definitely the one you should choose.
Perfect Forward Secrecy
Perfect Forward Secrecy or PFS is a feature that regularly updates the encryption key used to secure your communications. This means that if someone did somehow manage to compromise an encryption key, they would only be able to use it to decrypt a small amount of traffic before the encryption key was changed again.
VPN providers that offer PFS have put care and attention into implementing extra security measures just in case something goes wrong – seeing this option is a relatively good indicator of whether or not you are dealing with a trustworthy service.
VPN Kill Switch
A VPN kill switch is a tool that is used to constantly monitor your device’s connection to the VPN. If for any reason your device can’t connect the VPN (anymore), then the kill switch blocks all of your network traffic until the VPN can reconnect. The idea behind this is that the kill switch will stop any communications from being sent without the protections of your VPN.
A kill switch can protect you from scenarios such as the VPN dropping out, or the VPN not automatically starting after a device restart or software update – things that can happen in the background without you necessarily noticing. The option of a VPN kill switch shows that the VPN provider is careful to make sure that all of your internet traffic is protected by your VPN.
Some data must be used to allow the service to function, but as little as possible should be stored. By not logging any data, the VPN provider proves that it can’t track or sell your usage data. The lack of data also means that if a hacker gains access to the VPN provider’s servers or a government agency demands your data, there will be nothing for them to find.