The Why and How of Securing Your VPN

A VPN service is an easy way to drastically increase your online privacy and security. But, not all VPNs are made equally.

The two most important features of a VPN are security and privacy.
The two most important features of a VPN are security and privacy.

A VPN lets you use the Internet with freedom. It allows you to circumvent censorship, helps you access content online, and can even increase your Internet browsing speeds if Internet service providers (ISP) cap bandwidth.

The two most important features of a VPN are security and privacy. Since a VPN encrypts and tunnels all Internet traffic between you and the VPN servers, third parties cannot monitor, inspect, or tamper with your traffic. Third parties who might be interested in your Internet traffic include your local network administrators, the providers of your coffee-shop or airport Wi-Fi service, your neighborhood hacker, your ISP, and your local government.

To use a VPN service efficiently, however, you need to be aware of a few details. Here are a few things you can do to increase your protection:

Choose the Right Provider

A VPN will protect you from snooping third parties, but can you trust that your VPN provider will respect your privacy, too? There are plenty of VPN providers to choose from, and they range in price and quality. It’s important to choose one that respects your right to privacy. (Ahem.)

When you’re evaluating VPN services, pay attention to their logging policies. “Logging” refers to the records a company keeps about you and how you use the network. No VPN provider can credibly say they don’t keep any records about you, because at the very least they have to keep track of whether you have paid for the service and how to authenticate you.

Usually when a VPN provider says they have a “no logging” policy, they’re referring to logs about your browsing activity, such as what websites you visit and what you home IP is.

You must carefully read the terms and conditions of your VPN provider and determine if they will respect your privacy. Vetting the promises they make by yourself can be difficult. Theoretically going through dozens and dozens of court cases and looking for behavior of your VPN provider that contradicts their promises is the only reliable way. In reality a VPN provider puts their brand on the line for their promises, and they are under heavy scrutiny from the public and their competitors. Keep your eyes peeled in forums for well substantiated claims that your provider is violating their terms of service (for example by handing out user information to courts).

Choose the Right Protocol

Let’s talk protocols.

Two protocols commonly used by telecommunication providers are PPTP and L2TP. While a protocol like PPTP might deliver the fastest speeds, it does not encrypt your traffic. L2TP encrypts your traffic—but not by default, which is why it is often bundled together with IPSec as an encryption layer. There is plenty of controversy around whether IPSec is secure. The 2013 Snowden leaks and other testimonials alleged that earlier implementations of IPSec contained backdoors, which then found their way into other software.

OpenVPN is the golden standard for secure and private connections. Make sure you enable OpenVPN in your VPN apps. SSTP functions similarly to OpenVPN in that it mimics SSL traffic, but is less commonly supported and not as well maintained as OpenVPN.

Whether you use TCP or UDP doesn’t matter from a security or privacy perspective, but UDP will usually perform better, although it might also be blocked in some local networks like school campuses.

Enable Your VPN on All Your Devices

VPNs don’t just run on computers. You can install them on your phone as well, and on some ebook readers, smart TVs, and video game consoles.

A surefire way to protect all your devices at home is to install a VPN on your router. That way, anyone or anything connected to your Wi-Fi network will automatically be protected, without requiring everyone to register additional VPN accounts or configure VPN software.

When you have a VPN-enabled router, every phone or computer that connects to your home Wi-Fi network will be assigned the same external IP address by the VPN provider. Note that because the connection is set up between the router and the VPN server (and not directly between the phone and the VPN server), connections between your phone and the router might not be sufficiently protected. You need to trust that the router’s connection to your phone is secure and that the router is not logging and revealing compromising information. Verifying this is difficult, and it essentially comes down to whether you trust the person administering the network not to spy on you, as well as how competent they are with technology.

Use Your VPN All the Time

Your VPN works by encrypting and tunnelling all your traffic between your device and the VPN servers. This not only hides the contents of your traffic from snoopers, but also disguises your location by making it appear as if you were at the premises of the server farm rather than at your actual location.

This is a great feature because it prevents the sites you visit and the individuals you interact with online from determining your whereabouts. With no real knowledge of where you are they will be less likely to attack you.

To successfully mask your location, you must run your VPN at all times. If you turn off the VPN for just a second, you might inadvertently access a website or open an app and reveal your home IP instead of your VPN IP address, thereby compromising information about your whereabouts. It’s best to set your VPN to automatically start and connect when you turn on the computer to prevent any identifying information from going out into the Internet!

Turn On the Killswitch Option

If you get unexpectedly disconnected from the VPN while you’re using the Internet, you might unintentionally send out out information from your real IP. To prevent Internet traffic from travelling outside of the VPN tunnel, many VPN software have implemented something commonly referred to as a killswitch.

Different VPN providers might brand their killswitches with different names, but they perform the same function: the killswitch makes sure that, in the event of a dropped VPN connection, no data packets can leave your computer at all.

Pay for Your VPN Anonymously

Without a doubt, finance is the most privacy-intrusive business on the planet. The only personal information that your VPN provider needs to keep about you is information related to your payment. If you pay for your VPN service with a credit card or Paypal account, the VPN company can easily identify you. Credit card and Paypal accounts connect a lot of sensitive information about you, such as your name, your credit card number, and your IP address. Payment processors are also privy to this information about you, and there’s no telling what third parties they may be sharing this information with.

If your VPN provider keeps logs of your Internet activity, these logs could be handed over to governments by request. Since these logs are linked to your credit card number, it is very easy for a government to uniquely identify you.

To safeguard your anonymity when you pay for your VPN, pay with Bitcoin. Most VPN providers accept bitcoin as payment. Although Bitcoin transactions are not perfectly anonymous, they’re much more difficult to track than credit card or Paypal payments. A VPN company would never be able to look up your name in their database when you pay with Bitcoin because unlike with credit card and Paypal accounts, your name is not required to make a Bitcoin transaction. Setting up a Bitcoin account is easy.

Be aware, however, that your email address might serve as a unique identifier as well.

Use Tor

Some of your information might be so sensitive that not even your VPN company can be trusted to protect it it. You need another privacy-enhancing tool in your arsenal. Enter Tor.

To REALLY take control of your privacy, connect your computer to a VPN, then use the Tor Browser to anonymously surf the web. You can also route other information through Tor as well, such as your chats or email traffic. Tor is not a company, but a network of volunteers. Tor routes your web traffic (it can be configured for some other applications as well) through multiple hops around the world to hide the origin and destination of your traffic. Because Tor is free and bandwidth is donated, it is also significantly slower than your VPN.

When you use Tor and a VPN, your VPN company cannot read your Internet traffic, and your Internet Service Provider cannot know that you are using Tor. For any web traffic, email traffic, and chat traffic that cannot be routed through the Tor network, you’ll still enjoy the protection of the VPN.


As you can see, using a VPN service is an easy way to drastically increase your online privacy and security. But, not all VPNs are made equally. A lot of them require you to adjust a few options in order to make full use of their benefits. Boost the power of your VPN by using these tips and tricks. Safe and happy browsing, everybody!

Arthur Baxter is an Operations Network Analyst at ExpressVPN, a leading privacy advocate whose core mission is to make it easy for everyone to use the Internet with security, privacy, and freedom. They offer 100+ VPN server locations in 78 countries. They regularly write about internet security and privacy at the ExpressVPN blog.

The Why and How of Securing Your VPN