5 Things to Consider when Evaluating a VPN for Privacy

Yesterday we explained what a VPN is and covered the benefits of using one. Today we’re examining how to figure out if you have a trustworthy VPN provider. In place of your ISP, your VPN provider receives your browsing data, and it’s good to shop around and compare privacy policies.

What Do You Want?

There are many uses that a VPN can provide, but security and privacy are important ones. If security is your main concern, then most VPNs give you an extra layer of protection by encrypting data between you and the VPN’s servers. That protects it from local spying eyes, including your own ISP.

Having privacy as your main concern is a different story. You have to trust that your VPN provider itself isn’t watching what you do, including tracking and monitoring your data for profit, or for answering to their own local government’s warrants. In this, you’ll have to keep a careful eye out before you fully commit to a VPN.

Unlike your ISP in the U.S., there is little or no regulation for VPN providers in the U.S. or abroad. That doesn’t mean they’re automatically lying to you or doing bad stuff, it just means you are, by definition, forced to trust your VPN provider. But this is important, unlike ISPs, VPNs often make privacy part of their business model. More importantly, almost every VPN has a privacy policy, so let’s start with that.

trustworthy vpn with security

What To Look For

Whenever you sign up for a service, especially a VPN, you should take a look at their privacy policy and terms of service. If you’re using a free VPN, do as much research as possible. Free providers still need to make money, and if they don’t have a premium plan, it’s good to assume they are making money off of your data.

Paid VPN providers are different. You can start by looking for a provider that markets itself as a privacy service. You can mostly ignore marketing terms like “NSA Proof” or even “military-grade encryption,” but you should look out for something called logging. An easy way to do this is just to Google the provider name and “logging.”


Some VPN providers keep minimal logs, others keep no logs at all. Maybe the provider keeps access logs only in order to bill you. If they do log, make sure they delete them after a certain time—say, daily or weekly.

Be wary of VPN providers that say they keep any logs that are required by law. This means whatever law enforcement asks them for, which could really be anything—especially for VPNs operating outside the U.S. You can also contact the provider directly and ask them about their data retention and logging policies.


Don’t assume that because your VPN provider is in another country, that they are safer. If government surveillance is your main concern, don’t use providers in a Five Eyes country. The Five Eyes are Australia, Canada, New Zealand, United Kingdom and the United States. This refers to the level of cooperation surrounding their spy agencies like the NSA and GCHQ.

locations of a trustworthy vpn


When you’re doing your research, examine what type of encryption they use, security features they offer, and whether they have been audited by a third party. Read reviews of the VPN provider and make sure they are unbiased and independent, which can sometimes be difficult.


By doing enough research you should be able to find a trustworthy VPN. The best providers will welcome your questions and go out of their way to help and reassure you.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Oldest Most Voted
Inline Feedbacks
View all comments
Winnie Argueza

Thanks for these tips. So far, the one worthy purchasing for me based on these guidelines is Astrill. Hopefully this one works.

W. Abdullah Brooks, MD

Andrew: This, and your previous piece, provide a meaningful and timely treatment of the subject. One theme that is being repeated around the internet, and that you’ve touched on here, is the concept that, if one is concerned about privacy specifically from one of the five eyes governments, that they should select a VPN that is not in one of those five countries. It might be worth noting that, when it comes to state-sponsored or state-owned surveillance, investigation or hacking, few commercially available privacy solutions can withstand the level of force and range of attack vectors that these agencies can… Read more »

Scott B in DC

A cheap solution is to create a virtual machine and run the TOR browsers from the VM. You don’t need a fancy VM system like Parallels. Get Virtual Box and run something like Tails (tails.boum.org), Whonix (whonix.org), or QubesOS (qubes-os.org). Tails is really designed to run as a standalong OS from a memory card/stick. But with a little fiddling, you can make Tails work under a VM. I installed Tails in an encrypted Sparse Bundle and boot the OS in a Parallels VM. Getting this to work in Parallels was not easy. It was easier under Virtual Box. Could not… Read more »