2.6 KiB
| title | date | tags | author | |||
|---|---|---|---|---|---|---|
| Choosing Your VPN Provider | 2022-08-18 |
|
Tommy |
Commercial VPNs are an important privacy tool. They hide your actual IP address from a third-party service, mitigating IP based tracking on the internet. I have written another post regarding their use cases here. In this post I will walk you through what to look for when choosing a VPN provider.
Modern Protocols
The first thing you should look for in a provider is that they use a modern and secure protocol for their VPN tunnels. For a detailed comparison between common VPN protocols, you should read ProtonVPN's blog post on this topic.
In general, OpenVPN, Wireguard, and IKEv2/IPSec would serve you well. PPTP should be avoided at all cost due to various known vulnerabilities.
L2PT/IPSec is an interesting case, as it is quite complex and is difficult to set up properly. Many VPN providers opt into using a common pre-shared key and making themselves vulnerable to MITM attacks. Leaked NSA documents also suggests that the agency is capable to at least weaken it to some capacity. You are better off just not using this protocol as well.
Encryption Key Stregth
Along with supporting a good VPN protocol, VPN providers should use keys with sufficient stregth on their servers. For example, most VPN providers would use a well known encryption standard like AES 256 or ChaCha20 for data transfer and RSA 4096 or at least RSA 2048 for the handshake.
While this is generally not a problem with most providers, there has been instances of VPN providers using very weak encryption, such as ExpressVPN using RSA 1024 for their handshake a few years ago.
Before buying a VPN, you should check the provider's documentation on what type of encryption they use, or if they do not have it, ask their support directly.
Multi-Hopping
This feature is not a must, but it is very nice to have. Not all VPN providers own their hardware, datacenter, and network