The security of a VPN is based on two factors, the encryption algorithm used to connect you to the VPN server, and any vulnerabilities included in the actual VPN client. This guide will cover what security features and red flags to look out for when choosing a VPN.
Just like any software, VPN clients can have mistakes or oversights in their code. These issues can result in security vulnerabilities that could compromise some or all of your data or even your device. Resolving security vulnerabilities is an incredibly important reason to apply and run the latest updates to all your software, not just your VPN client. In other words – updates help keep you and your connection safe and secure.
Identifying if software has been coded in a secure manner isn’t as easy as counting how many vulnerabilities have been identified in it, unfortunately. A poorly written piece of software that has never had a security review will have fewer known vulnerabilities than a generally well written and heavily reviewed alternative. The best indicator of a company fixing security issues in its software is the release of regular updates.
The encrypted connection between you and the VPN server is what provides you privacy from your ISP and security on untrusted networks. The key thing to look out for is the use of modern encryption such as 128-bit or 256-bit AES encryption.
Another good indicator is the acronym “PFS” or Perfect Forward Secrecy. PFS is a technique that regularly changes the encryption key used to encrypt your data. This means that if an encryption key is ever cracked, only a small amount of data can actually be decrypted with it.
Where possible, you should avoid VPNs that use the weak PPTP protocol. Additionally, the encryption ciphers involving RC4 or CBC should be avoided as they contain known weaknesses. Thankfully, most VPN providers are well aware of this and avoid them.
One potential vulnerability specific to VPNs is VPN leaks. These can affect single protocols, such as leaking DNS requests or can involve silently disconnecting and not routing any traffic through the VPN. DNS is a service that is used to resolve URLs to IP addresses. If these requests are leaked outside of the VPN to your ISP, they can determine which websites you are browsing to, although they can’t determine which exact page you requested. Some VPNs advertise DNS leak tests or specify that they don’t leak your DNS requests.
If your VPN silently disconnects, you may not notice and could continue to browse the internet in the false assumption that your privacy was still protected. A VPN kill switch is the best solution to this potential issue, as it will automatically block any network communications if your device disconnects from the VPN.