Key Purchasing Considerations
All VPN services are not created equal. If you're in doubt on this point, try paid and free VPN services side by side and look at the differences in advertising, performance, and privacy policies. You do get what you pay for. Apart from obvious factors such as price and a user-friendly interface, you will want to compare subscription VPN providers based on several criteria that matter most to you and your applications. We recommend at least investigating the following variables.
Personal Data Retention
For many users, this may be the most important criterion of all. You're not truly anonymous if the VPN provider logs your identity and activities. A VPN provider that takes privacy seriously should get right in your face with assurances and details about how they do not monitor traffic, record session activity or IP addresses, or even capture time stamps. This way, if the government or other authority should come knocking, the VPN provider will be largely powerless to sacrifice the user's identity or actions because no record of such doings exist. For instance, TorGuard has gone on record saying that the best (or worst, depending) it can do in the face of a DMCA notice is to filter specific content. This is generally sufficient to appease bandwidth providers.
Supported Client Diversity
With so many apps migrating to the cloud, it's easy to forget that some software, including VPN clients, need to run locally. Thus you'll want to check if your devices and OSes are covered. Windows, Mac, Android, and iOS versions should be a given. Dig deeper to find out about Linux and unconventional platforms, such as smart TVs and game consoles, if these apply to your desired use.
Total Number, Speed, And Location Of Servers
All other things being equal, more servers is better. You want fast servers, and you want them as close to your client as possible to help reduce latency. You also want a provider with a relatively low per-server load count, since a customer base hammering only a handful of servers will naturally lead to congestion and paltry bandwidth allocation. Also be aware that secondary market servers may not offer the same bandwidth speeds as those in primary developed nations. Backbone and trunk speeds will vary widely. Know your bandwidth needs and run speed tests accordingly.
Supported Ciphers And Protocols.
Security buffs will likely know the difference between OpenVPN, AES-256-CBC, SHA3, and plenty of other encryption methods. VPN providers may offer users a range of ciphers from which to pick for their connections. If this matters to you, check out your prospective provider’s list of supported algorithms.
Hopefully, you're running anti-malware software on all of your clients, but some providers will offer additional security by running anti-malware scanning on their traffic.
Accepted Payment Methods
Obviously, credit cards can be tracked and represent a privacy weakness. One path around this is to use pre-paid cards, which require little more than an anonymous email address, but this can be a hassle. You may want to inquire about alternatives, such as PayPal, Bitcoin, Plimus, and even cash. Keep in mind that PCI (payment card industry) requirements (if your provider is PCI-compliant) prohibit the storing of payment data with customer records, but that doesn’t bypass the fact that providers need some way to record payments to user accounts for simple accounting. However, knowing that you paid for a service in no way indicates what you did with that service.
VPN Location, Location, Location
The discrepancy between VPN server location and IP location can be jarring when you first encounter it, as we did. To the uneducated eye, it seems to be a case of bait-and-switch. But is there more to it? We asked the crew at IPVanish and received back this admirably thorough reply from its Digital Community Team:
Geolocation, the method with which websites determine the location of someone accessing their site, is a service provided by third-party entities wherein the website provider purchases access to a database that supposedly has the latest, most accurate information. When someone visits a company's site, the company just references that IP against the database, and the result determines what you see. In these cases, it is important to note that for all VPN providers:
A geolocation company is allowed to misrepresent the actual location, and there is no current legal course that can be taken to have that corrected.
Owners of websites often pay once for a copy of the database, and, to save money, do not pay for regular updates. Thus in the event a correction is made, there is no guarantee that it will affect that website.
Most geolocation providers use crawlers to see what IPs regularly access a server with their database and correlate that with the content being accessed (among other things). They use this automated method to determine a location.
If they get enough conflicting data, providers will simply put the IP address in the middle of the ocean and call it a day. Other times, they will just correlate it to the greatest similarity and determine location based on that. Take, for example, our Atlanta c-server. Some providers say it’s in Blountville, others in Bloomington, others in Stone Mountain, a few actually in Atlanta, and a few that have us in the middle of the ocean.
Ultimately, we have to ask ourselves: What can you do when you physically purchase a server that is physically hosted in a location but others decide that they don't want to report it accurately? To date, and every month going forward, we go through the process of requesting corrections from the affected providers. All of them have a threshold of "if we get X-number of requests from the same people within Y-number of days, we will permanently ignore them." So we have to be careful of that, as well.
That's where we are at with this issue. I apologize for any inconvenience, but you can rest assured that it’s a thorn in our side, too, and we are continuously trying different ways to get our servers reported correctly by these companies.