VPN Security: Are VPNs Really Safe?

Anyone using the Internet should be aware of its dangers. Especially when connected to public WiFi, you're vulnerable to a number of threats, unless you happen to have a VPN. This creates a secure tunnel between your device and the Internet, encrypting your connection, concealing your IP address, and hiding your activities. But just how safe are they?

Those who are familiar with digital threats know that even the best tools aren't able to offer 100% protection. Accordingly, blanket statements about how secure a particular VPN is should be taken with a grain of salt, since experts prefer to speak about safety in terms of degrees.

In this guide, we'll let you know which advantages VPNs offer when it comes to security, their vulnerabilities, and how you can accurately assess how safe a VPN provider is.

Determining how secure a VPN is depends largely upon what it is that you intend to use it for. Right off the bat, VPNs aren't antivirus programs and will do nothing to stop you from downloading dangerous files or falling victim to phishing attempts. The same goes for Trojans, viruses, and other malware, all of which VPNs offer no defense against.

This is because the security a VPN provides is of a different nature, and has more to do with guarding your digital privacy when online. As such, VPNs do offer:

Should you intend or already use a VPN to enhance your digital security in one or more of these areas, you're more secure with it than without it. As mentioned above though, there's no such thing as total security, and each VPN service comes with its own risks.

Security vulnerabilities arising from the use of VPN services can be grouped into a few different categories: Some are of a technical nature, whereas others depend on user behavior, and yet more are connected to your choice of provider.

Even the best VPN provider cannot guarantee your digital anonymity 24 hours a day. On occasion DNS, IPv6, or WebRTC leaks can emerge. These temporarily negate the protection afforded by your VPN tunnel, compromising your privacy and anonymity.

Even if a VPN doesn't have any leaks, they're still not able to guarantee total security. Cybercriminals are highly creative and always find new ways to prey on victims. VPNs are relatively powerless against most web trackers and do little to prevent users from browser fingerprinting.

Contrary to popular belief, VPN tunnels do not mean that you can do whatever you want online once connected. Those who are unaware of the degree of protection VPNs do afford, are likely to paint larger targets on their backs than if they didn't use a VPN in the first place. The first general rule is that you should continue to adhere to the same security protocols and measures that you would when not using a VPN: Don't download/open email attachments, click on suspicious links, or respond to messages from strangers.

Even with a VPN, your privacy and anonymity can still be compromised. Should you log in to Google or Amazon while on a VPN connection, your behavior will be easily trackable.

There are countless VPN providers out there, but not all of them adhere to the same security standards. Shady or dubious services are particularly dangerous since by using them, you're handing over access to lots of sensitive and personal information. This is because a VPN provider serves as a conduit between you (and your data) and the Internet.

Accordingly, your privacy depends to a large extent upon how serious your VPN provider approaches security. Risks can arise owing to incompetence, as well as (technical) security vulnerabilities, or even malicious behavior since some VPN providers can actually be fronts for criminal groups that misuse data.

Below, we'll provide insight into the specific things to look for in a VPN service, in order to ensure that you benefit from the highest degree of security.

Every VPN service is unique. Differences might exist in terms of features, usage, support, or even security standards. We recommend paying close attention to the following aspects, which we also assess in our reviews:

These are just some of the most important security aspects to keep in mind when choosing a VPN. Now, you're likely wondering whether any of the services we reviewed fulfilled all of these criteria?

So, which VPN services are safe and which aren't? For all the reasons we've outlined above, it isn't possible to label any single service as either-or, since issues can arise even among the best. With thousands of servers around the world, potential issues can come about anywhere at any time.

In spite of this, there are a few VPNs that we would sooner trust our data with than others. Below, we'll introduce you to the best of these, which tick most of the security boxes we mentioned in the previous section. To be as objective as possible, we'll also call your attention to their security shortcomings:

First place in our ranking went to NordVPN, owing to its provision of what we consider to be the best VPN package on the market. We were impressed not only with its user-friendly apps and numerous features but also with its excellent speeds (likewise, first place in our ranking).

In terms of security, there isn't much to complain about: NordVPN possesses all of the technical features needed to ensure that you and your data are safe, promises not to compile traffic logs, and regularly submits to independent audits. We couldn't identify any leaks during testing either.

The company isn't perfect though. In 2018, one of its servers in Finland was targeted by hackers. While in and of itself, this wouldn't be a major issue, Nord only publicized the incident after a significant amount of time had passed. All the same, we rate NordVPN's security highly.

Surfshark isn't just one of the quickest and most affordable VPNs on the market, it's also one of the safest. The service's Privacy Policy is solid, they regularly submit to independent security audits, and we were unable to identify any leaks during our assessment. Rounding things out, we aren't aware of any scandals or issues in the company's corporate history.

ProtonVPN takes transparency to another level, even when compared to its competitors already possessing high security standards. The provider's app is completely open-source, meaning that its source code is accessible to anyone (and can be checked accordingly). On top of that, the Swiss provider also offers a few extra security features, such as "Secure Core", which routes connections through an additional secure server, should your main VPN server encounters any sort of issue.

Security-conscious users might have some issues with Proton though. That company, which operates a secure email program (ProtonMail), was on the receiving end of negative headlines in 2021. They cooperated with French authorities, collecting and turning over a French climate activist's IP information to a court, ultimately leading to his arrest. The case is noteworthy since Proton is based in Switzerland, with the investigating and prosecuting law enforcement body being French. This means that the French police had to lodge a request with the help of Europol, which Swiss courts granted, legally mandating ProtonMail to cooperate. For VPN users, this could be an issue, since Swiss courts appear willing to subpoena Proton for privileged information.

ExpressVPN might be one of the priciest VPNs on the market, however, it is also one of the most user-friendly and well-performing, boasting a huge server network to boot. Its security standards are also high and backed up by regular independent security audits.

Since it was purchased by Kape Technologies in 2021, and that company has a bad reputation for having earlier been a malware spreader, we do have some doubts about the service. For people like Edward Snowden, the ties to Kape Technologies are reason enough to shy away from using it:

Despite its purchase by Kape, ExpressVPN continues to operate independently, with nothing having changed so far as its security standards are concerned. All the same, we're keeping an eye on them and would advise anyone considering using them to do the same.

The services listed above all offer relatively high security standards and performed well in our comprehensive EXPERTE.com assessment. However, as we've attempted to demonstrate, even the most secure VPN provider isn't without controversy. For that reason, we strongly advise doing your homework on whatever VPN you're considering booking a subscription with. Most of the time, you're safer online with a VPN than without one.

Whether or not a particular VPN is secure depends largely upon how you define security, what you intend to use the service for, and which provider you've selected. While they won't do anything against malware or phishing, you can rest assured that your digital privacy and anonymity are shielded. Especially if you're using public WiFi, VPNs are a must, even if they can't guarantee 100% security all of the time.

How well a VPN can ward off threats to your privacy depends upon which provider you select. Ideally, these should not collect logs or suffer from data leaks, while offering important features like a kill switch. Particularly important is that your VPN regularly submits to independent security audits.

At the end of the day, you'll be able to enjoy safer surfing with a reliable VPN provider than without one, however, issues can arise even then. For that reason, stay alert and don't rely solely on your VPN connection to take care of everything. Comprehensive reviews of 22 VPNs, including exhaustive assessments of their security, can be found in our VPN comparison.