X

How to choose a VPN

With terms like 'privacy' and 'data retention' in the minds of more and more Australians, you might be considering subscribing to a virtual private network service. Here's what you need to consider.

Nic Healey Senior Editor / Australia
Nic Healey is a Senior Editor with CNET, based in the Australia office. His passions include bourbon, video games and boring strangers with photos of his cat.
See full bio
Nic Healey
5 min read
Image by Yuri Samoilov, CC BY 2.0

While a lot of Australians considered a virtual private network as "the way to get Netflix," there's a lot more to VPNs than that. In fact, there's a host of reasons while you might consider paying for a VPN service.

VPN use in Australia has skyrocketed in the wake of mandatory data retention laws and the Dallas Buyers Club rights holders winning the court decision to access pirates' details. And don't forget, VPNs are still highly recommended as a basic security precaution if you're a regular user of public Wi-Fi hotspots.

So, if you're thinking of getting a VPN for yourself what should you be looking for? In general, there are a few key points to consider when picking out a VPN provider:

  • The location of the company and its servers
  • The encryption protocols it uses for your data
  • What policies it has around logging activity and the personal details of users
  • Any limitations it might have on bandwidth or how much data you can transfer
  • What operating systems and devices it supports
  • How much are you paying -- and in what currency

Server locations

You might see the server location called an "exit location" or a "virtual location," and this should be one of your big concerns. Many people using a VPN want to get access to sites or content that are unavailable in their country of residence. If you're trying to unlock, for example, geo-fenced TV services in the US then you'll need to ensure that the VPN you choose has US servers. In general, the more exit server locations it has, the more useful the service will be.

If you're more concerned about privacy, then you should also pay careful attention to where the VPN provider is located as a corporate entity. A VPN provider based in the US is subject to US laws in terms of turning over data. Some privacy advocates suggest that you should avoid any provider based in a country with mandatory data retention laws. Others say to be particularly cautious of any of the countries involved in the Five Eyes intelligence alliance -- that's Australia, New Zealand, the UK, Canada and the US.

Encryption protocols

The encryption protocol used by a VPN is a measure of the level of security for your online activities. Without getting too technical, you should look for either L2TP/IPSec or OpenVPN, which are the two best options for VPN security in 2015.

PPTP is generally regarded as insecure due to too many easily exploitable vulnerabilities. The same goes for plain old L2TP (as opposed to L2TP/IPSec).

For the most part, that's all the information you need. But if you're the kind of person who likes to know more, read on.

In L2TP/IPSec the Layer 2 Tunnel Protocol part is a VPN protocol that doesn't offer any encryption -- that's what the IPSec part brings to the table. This can make it a little slower -- traffic needs to be converted to L2TP and then encrypted. The big advantage is that it's easy to implement across both PCs and mobile devices.

OpenVPN is based around open source technologies as the name suggests. It has a lot of options for configuration and is quite secure. It's biggest advantage is that any traffic coming through it should look identical to standard web traffic and be extremely difficult to block, even if someone is hunting for VPN traffic. However it's not built into a wide range of desktop and mobile operating systems -- you'll need to run a third-party app on the device to get it running.

PPTP is Point to Point Tunnelling Protocol -- that's the one you want to avoid. It's older and while it's extremely easy to set up there are just too many issues with the security.

You may also encounter SSTP -- Secure Socket Tunnelling Protocol -- which is a proprietary Microsoft protocol. It's stable and secure but the majority of support for it is on Windows, so it's not great for cross-platform support.

More detailed information on the various protocols can be found here.

Logging and privacy policy

When you entrust a company with personal information, it's good to be aware of the company's privacy policy. That goes double for a VPN provider with the added caveat of making sure you're aware of whether it's logging your data internally.

Piracy and digital rights in Australia

A VPN will (hopefully) keep you safe from external prying eyes, but that doesn't mean that the provider itself isn't keeping a detailed log of your activity. The policy differs from provider to provider -- some might keep a temporary log that's deleted regularly, some might never log, some might record everything. This, of course, relates back to when we talked about where the company is based and what laws it might be subject to.

If you're very concerned about privacy, you may want to go even further and find a VPN that will take payments in cryptocurrency, such as Bitcoin, meaning that you won't need to be providing credit card details or your full name.

Any data or connection limitations?

You don't want to be paying money for a product that will limit the amount of data you can transfer or how many times you can connect to the service in a given time period.

It's worth remembering that a VPN can slow your Internet experience down a little, so you should be checking that the connection speed on offer from your provider won't accidentally be throttling your bandwidth. This is less of an issue in Australia thanks to our relatively slow internet speeds compared to the rest of the world.

OS and device support

Firstly check that the VPN provider allows for multiple connections across multiple devices -- unless you want a single secure device, such as a laptop for travelling with, then you'll probably have multiple devices that you want covered by the VPN.

In the modern world that means more than just a home PC and a few laptops. The list will likely include tablets and smartphones. More importantly, the average Australian home will have devices that run across a variety of operating systems. If you've got an Android smartphone, a Windows laptop and an iPad, you want to make sure that the VPN you're paying for can work across all of those devices.

Price

Don't forget that you're paying for this -- probably in the form of a monthly subscription fee. Also, if you've got an eye on the privacy side of things, you're almost definitely not paying in Australian dollars. That means you might find your monthly payment jumping up and down thanks to the vagaries of international currency exchange.

A recent comparative review from consumer watchdog Choice found that the popular VPN services could differ in price from roughly AU$45 a year through to AU$113 a year, so do some research to make sure you're getting what you pay for.

Summary

Remember to have a clear idea of what you want you need a VPN for -- and even if you really need one. If you're just trying to unlock the occasionally regionally blocked YouTube video, there are free browser plug-ins like Hola that can take care of that for you.

But if you've got concerns about your online privacy moving forwards, then a full VPN service might well be what the digital doctor ordered.

Services and Software Guides

VPN
Cybersecurity
Streaming Services
Web Hosting & Websites
Other Services & Software
Services and Software Coupons