VPN

VPN Security: Are VPNs Safe?

Author
Janis von Bleichert
Last update
7. Aug 2023
Ad disclaimer: For links on this page, EXPERTE.com may earn a commission from the provider. This supports our work and has no influence on our editorial rating.

Anyone using the Internet should be aware of its dangers. Especially when connected to public WiFi, you're vulnerable to a number of threats, unless you have a VPN. This creates a secure tunnel between your device and the Internet, encrypting your connection, concealing your IP address, and hiding your activities. But just how safe are they?

Those who are familiar with digital threats know that even the best tools aren't able to offer 100% protection. Blanket statements about how secure a particular VPN is should be taken with a grain of salt since experts prefer to speak about safety in terms of degrees.

In this guide, we'll let you know which advantages VPNs offer when it comes to security, their vulnerabilities, and how you can accurately assess how safe a VPN provider actually is.

Top VPN Provider 2024
Sponsored
from $3.79
per month
NordVPN
from $6.67
per month
ExpressVPN
from $0.00
per month
Proton VPN
from $1.99
per month
Surfshark
show all

VPN Provider Security Guarantees

Determining how secure a VPN is depends largely upon what it is that you intend to use it for. VPNs aren't antivirus programs and will do nothing to prevent you from downloading dangerous files or falling victim to phishing. The same goes for Trojans, viruses, and other malware.

This is because the security a VPN provides is of a different nature, and has more to do with your digital privacy. VPNs do offer the following security benefits:

  • A shield from wandering eyes on public WiFi
    Public WiFi networks are ideal for all sorts of digital snooping. For anyone with malicious intent, all that's needed is to connect to the same network, and with a minimum amount of effort, they'll be able to follow your activities. VPNs significantly complicate this.

  • Protect your anonymity anywhere
    Even though it's easy to follow someone's activities when connected to public WiFi, dangers also lurk on safer Internet networks at home or work. There, you'll have to contend with both cybercriminals, as well as businesses and Internet service providers (ISPs), looking to earn a buck from your data. Using a VPN cuts off this channel of surveillance.

  • A digital disguise for journalists and dissidents
    Journalists and dissidents don't only have to worry about cybercriminals and unscrupulous ISPs, but often, their own governments. Particularly in authoritarian countries, anyone with an opposing view is prone to legal prosecution and worse. For that reason, VPNs can be a literal lifesaver, making it possible for dissidents or whistleblowers to communicate with each other, the media, or the outside world.

  • Legal protection
    Many people do not use VPNs for noble goals, but to engage in illegal activities. From downloading copyrighted music, programs, and films, to purchasing narcotics, weapons, or even worse, the sad reality is that VPNs allow criminals to conceal their identity from authorities. Still, illegal activity remains illegal, even if conducted via VPN.

Should you intend or already use a VPN to enhance your digital security in one or more of these areas, you're more secure with it than without it. As mentioned above though, there's no such thing as total security, and each VPN comes with its own risks.

VPN Risks: The Limits of Security

Security vulnerabilities from VPN use can be grouped into a few different categories: Some are of a technical nature, others depend on user behavior, and yet more are connected to your choice of provider.

1.

Technical Vulnerabilities

Even the best VPN provider cannot guarantee your digital anonymity 24 hours a day. Sometimes, DNS, IPv6, or WebRTC leaks can emerge. These temporarily negate the protection afforded by your VPN tunnel, compromising your privacy and anonymity.

When testing Phantom VPN by Avira, we identified a DNS leak.

Even if a VPN doesn't have any leaks, they're still unable to guarantee total security. Cybercriminals are highly creative and always find new ways to prey on victims. VPNs are relatively powerless against most web trackers and do little to prevent browser fingerprinting.

2.

Reckless User Behavior

Contrary to popular belief, VPN tunnels do not allow you to do whatever you want online. Anyone who thinks this will likely paint a bigger target on their back than if they didn't use a VPN. The first general rule is that you should behave just as you would if you weren't on a VPN: Don't download/open email attachments, click on suspicious links, or respond to messages from strangers.

Even with a VPN, your privacy and anonymity can still be compromised. Should you log in to Google or Amazon while on a VPN connection, your behavior will be easy to track.

3.

Dubious Providers

There are countless VPN providers out there, but not all of them adhere to the same security standards. Shady services are particularly dangerous since by using them, you're handing over access to lots of sensitive and personal information. This is because a VPN provider serves as a conduit between you (and your data) and the Internet.

Accordingly, your privacy depends to a large extent upon how seriously your VPN provider approaches security. Risks can arise owing to incompetence, as well as (technical) security vulnerabilities, or even malicious behavior. This is because some VPN providers are actually fronts for criminal groups that misuse data.

Below, we'll provide insight into the specific things to look for in a VPN to ensure that you benefit from the highest degree of security.

What Makes a VPN Safe?

Every VPN service is unique. Differences might exist in terms of features, usage, support, or even security standards. We recommend paying close attention to the following aspects, which we also assess in our reviews:

  • Cutting-edge encryption & technical standards
    There are certain technical prerequisites that each VPN should offer, such as state-of-the-art encryption and up-to-date VPN protocols.

  • No-log guarantee
    Almost all VPN services promise not to log user data or activity. Don't take any provider at their word until you've checked their Terms & Conditions and privacy policies. There, you'll be able to see which data they actually keep on file.

  • Regular audits
    So far as Terms & Conditions are concerned, you'll have to content yourself with what's written down. It's healthy to assume that your provider isn't telling the whole truth. To find out for yourself, read its most current third-party security audits. More and more VPNs have begun participating in these. Services that do are less likely to be engaged in shady practices.

  • No leaks
    Data leaks can impact even the most reputable and popular VPNs from time to time. When these occur frequently, chances are that the provider isn't as security conscious as it should be. Use our DNS, IPv6, or WebRTC leak tools to see how your favorite services perform. We tested every provider from our sample for these, and let you know in the individual reviews how well each service did.

  • Kill switch
    A kill switch is one of the most essential security features of a VPN. It severs your Internet connection as soon as your VPN connection is disrupted. This prevents you from unknowingly surfing without your VPN tunnel's protection.

  • Trustworthy parent company
    Not every business has a good reputation. When it comes to VPNs, pay close attention to the company or legal entity that owns the provider. A quick Internet search can usually tell you everything you need to know about who or what you're actually dealing with. Be wary of those with a shady past, such as selling user data, supplying information to authorities, or spreading malware.

These are just some of the most important security aspects to keep in mind when choosing a VPN. Now, you're likely wondering whether any of the services we reviewed fulfilled all of these criteria. Let's find out.

Which VPNs Are Safe?

So, which VPNs are safe and which aren't? For all the reasons we've outlined above, it isn't possible to label any single service as one or the other, since issues can arise even among the best. With thousands of servers around the world, potential issues can happen anywhere at any time.

Still, there are a few VPNs that we would prefer to trust our data with. Below, we'll introduce you to the best of these, which tick most of the security boxes we mentioned in the previous section. To be as objective as possible, we've also highlighted their security lapses:

1.

NordVPN

Best Overall 2024
NordVPN
NordVPN
(877,857 )
NordVPN is our number one VPN because it combines speed, ease-of-use, and functionality in a slick package that's also pretty affordable.
5,500+ servers, 60 countries
excellent performance
no logs
6 devices simultaneously
affordable 2-year package
9.4
excellent
Data Volume
unlimited
Devices
6
Protocols
5
Contract Period
1 - 24 months
NordVPN 2-year plan
$3.79
monthly price
Visit Website*
30 days money-back guarantee

First place in our ranking went to NordVPN, owing to what we think is the best VPN package on the market. We were impressed not only with its user-friendly apps and variety of features but also with its excellent speeds (first place in our ranking).

In terms of security, there isn't much to complain about: NordVPN possesses all of the technical features needed to ensure that you and your data are safe, promises not to log traffic, and regularly submits to independent audits. We couldn't identify any leaks during testing either.

The company isn't perfect though. In 2018, one of its servers in Finland was targeted by hackers. While in and of itself, this wouldn't be a major issue, Nord only publicized the incident after a significant amount of time had passed. All the same, we rate NordVPN's security highly.

Review
9.4
excellent
Visit Website*
Check Review
Performance
10 / 10
Security & Privacy
9.4 / 10
Bedienung & Features
9.4 / 10
Support
9.4 / 10
Server Network
8.6 / 10
2.

Surfshark

Surfshark VPN
Surfshark VPN
(207,223 )
Surfshark is one of the cheapest providers on the market, but it's a lot more than a great budget option: the relatively new VPN boasts strong protection, many features, and a great support with 24/7 live chat.
3,200+ servers in 100 countries
unlimited number of devices
many apps (Linux, FireTV, ...)
cheap 24-month plan
expensive monthly plan
8.8
good
Data Volume
unlimited
Devices
unlimited
Protocols
3
Contract Period
1 - 24 months
Surfshark 24 months
$1.99
monthly price
Visit Website*
Get 83% Discount

Surfshark isn't just one of the quickest and most affordable VPNs on the market, it's also one of the safest. The service's Privacy Policy is solid, they regularly submit to independent security audits, and we were unable to identify any leaks during testing. Rounding things out, we aren't aware of any scandals or issues in the company's corporate history.

Review
8.8
good
Visit Website*
Check Review
Performance
10 / 10
Bedienung & Features
9.4 / 10
Support
8.6 / 10
Security & Privacy
8.0 / 10
Server Network
8.0 / 10
3.

ProtonVPN

Proton VPN
Proton VPN
(144,686 )
With its open source philosophy and extra security features, Proton VPN targets security-conscious VPN users. But thanks to its user-friendly interface and suitability for streaming, it's worth a look for a wide audience.
open source & external audits
2,900+ servers in 67 countries
great performance
free plan without data limit
not suitable for China
9.1
excellent
Data Volume
unlimited
Devices
1 - 10
Protocols
3
Contract Period
0 - 24 months
Proton VPN Free
$0.00
monthly price
Visit Website*
Free forever

ProtonVPN takes transparency to another level: The provider's app is completely open-source, meaning that its source code is accessible to anyone (and can be checked). On top of that, the Swiss provider also offers a few extra security features, such as "Secure Core", which routes connections through an additional secure server, should your main VPN server encounter any issues.

Security-conscious users might have some issues with Proton though. That company, which operates a secure email program (ProtonMail), was on the receiving end of negative headlines in 2021 for its cooperation with French authorities. For VPN users, this could be an issue, since Swiss courts appear willing to subpoena Proton for privileged information.

Review
9.1
excellent
Visit Website*
Check Review
Performance
10 / 10
Security & Privacy
10 / 10
Bedienung & Features
10 / 10
Server Network
8.0 / 10
Support
7.4 / 10
4.

ExpressVPN

ExpressVPN
ExpressVPN
(736,465 )
ExpressVPN can impress with a strong performance, a huge server network, and excellently designed applications, but this quality also comes at a higher price.
3,000+ servers
160 cities in 94 countries
reliable performance
good for streaming
secure browser extensions
9.4
excellent
Data Volume
unlimited
Devices
5
Protocols
7
Contract Period
1 - 12 months
ExpressVPN 12 Months
$6.67
monthly price
Visit Website*
30 days money-back guarantee

ExpressVPN is one of the priciest VPNs on the market, but also among the most user-friendly and well-performing, boasting a huge server network. Its security standards are also high and backed up by regular independent security audits.

We do have some doubts about the service though: It was purchased by Kape Technologies in 2021, a company that was earlier a malware spreader. For people like Edward Snowden, the ties to Kape Technologies are reason enough to shy away from using it:

Edward Snowden bluntly advised his Twitter followers not to use ExpressVPN.

Despite its purchase by Kape, ExpressVPN continues to operate independently, with nothing having changed so far as its security standards are concerned. All the same, we're keeping an eye on them and would advise anyone considering them to do the same.

Review
9.4
excellent
Visit Website*
Check Review
Performance
10 / 10
Security & Privacy
9.4 / 10
Server Network
9.4 / 10
Support
9.4 / 10
Bedienung & Features
8.6 / 10

The services listed above all offer top-notch security and performed well in our comprehensive EXPERTE.com test. However, as we've shown, even the safest VPN provider isn't without controversy. For that reason, we strongly recommend doing your homework on whatever VPN you're considering booking a subscription with. Most of the time, you're safer online with a VPN than without one.

Conclusion

Whether a particular VPN is safe depends largely on how you define security, what you intend to use the service for, and which provider you've selected. While they won't do anything against malware or phishing, your digital privacy and anonymity will be shielded. Especially if you're using public WiFi, VPNs are a must, even if they can't guarantee 100% security.

How well a VPN fends off threats to your privacy depends upon which provider you choose. Ideally, these shouldn't log your traffic, behavior, or data, or have any leaks, while offering important features like a kill switch. Particularly important is that your VPN regularly submits to independent security audits.

At the end of the day, you'll be able to enjoy safer surfing with a reliable VPN provider than without one, but that doesn't mean issues won't arise. For that reason, be cautious and don't rely on your VPN connection to take care of everything. Comprehensive reviews of 27 VPNs, including exhaustive assessments of their security, can be found in our VPN comparison.

FAQs

How do VPNs make the Internet safer?

VPNs act as a tunnel between your device and the Internet. They conceal your IP address and location while preventing others from snooping on your activities. When connected to public WiFi, this means that other users on the network can't see or follow what you're doing.

How secure is my VPN connection?

The security of a VPN connection depends upon its operator. A VPN provider must fulfill certain technical prerequisites by offering things like state-of-the-art encryption standards. Beyond that, they shouldn't save or store any data that could identify users, and in a perfect world, will regularly submit to independent security audits. Even then, 100% security is illusory. Still surfing with a VPN is safer than without one.

Can VPNs be hacked?

Yes, VPN connections can and have been hacked. At the same time, the likelihood that a powerfully-encrypted VPN connection will be hacked is much lower than a regular Internet connection.

Top VPN Provider 2024
Sponsored
from $3.79
per month
NordVPN
from $6.67
per month
ExpressVPN
from $0.00
per month
Proton VPN
from $1.99
per month
Surfshark
show all
Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of EXPERTE.com. He writes about hosting, software and IT security.
* Ad disclaimer: For links marked with an asterisk, EXPERTE.com may earn a commission from the provider. The commission has no influence on our editorial rating.
Continue Reading
Best Overall 2024
Sponsored
NordVPN
5,500+ servers, 60 countries
excellent performance
no logs
6 devices simultaneously
affordable 2-year package
9.4
Review
excellent
Try NordVPN now
30 days money-back guarantee