How we test VPNs


VPNs, or virtual private networks, are everywhere. If you’ve spent any time at all on YouTube, chances are you’ve seen an ad selling VPNs — there have been literally hundreds and thousands of them.

We test and review VPNs so you don’t have to — but what even is a VPN? The pitch is fairly simple: a VPN can mask your IP address and the identity of your device by routing your traffic through a remote server. Sites and services will see a different IP address to your own, and your internet service provider will only be able to see that you’re connected to a VPN server, rather than what sites you’re visiting. That means a VPN can be an important tool to keep your data private and secure, especially if you need to connect to an unsecured network. If you’re on public WiFi, for example, you can’t be sure what they’re tracking while you’re surfing the internet. With a VPN, there’s an additional layer of privacy — as long as you make sure the VPN provider can be trusted. But a VPN should not be the end of your security journey. Complex passwords, multifactor authentication and other security basics should be way higher on your checklist.

Another commonly advertised feature of VPNs is evading geoblocking techniques that companies use to prevent you from accessing certain content. Because you’re connecting to a remote server, a VPN can effectively change your location, allowing you to watch another country’s Netflix content or, say, watch Doctor Who on the UK-only BBC iPlayer. If you’re in the EU, it can allow you to access sites that are otherwise blocked due to the region’s strict data protection regulations. In the past, VPNs have even been used to skirt political firewalls put up to censor online access.

With many VPN makers making sweeping claims about military-grade encryption, digital invisibility and lightning-fast speeds, it’s tough to know what’s true and what’s marketing hype. That’s why Engadget started evaluating VPNs in 2023, looking at a number of factors such as security, speed, latency, usage limits and price. And while we don’t expect to ramp up to more VPN testing until 2025, our best VPNs guide will continue to be the home base of our coverage. In the meantime, this is our current VPN testing methodology.

Before we install or sign up for a service, our work begins by investigating each product’s lineage. We reference privacy policies, transparency reports and security audits that are publicly available, and note the security specs of each service. We also look into each company’s history of security incidents like data breaches. We rely on some pre-existing academic work from bodies like Consumer Reports, VPNalyzer and others when looking into security specs.

The next step in our review process involves a close look at what it’s like to get set up on the VPN. This involves looking at the various platforms each VPN supports, from certain web browsers to Smart TVs, to better understand how it can be used. We also look to see just how easy it is to get started on a new VPN. Some will automatically connect to a secure server every time you use your device, while others make you jump through hoops to stay signed in. We seek to understand how user friendly and intuitive these VPNs can be.

While many VPN providers promise that their service works across every device all the time, there is often small print to consider. We scan the terms of service for each of the company’s plans to understand what they are offering. Is there a limit to the number of devices a user can have connected at once? Is there a “fair use” limit that kicks in after a certain amount of traffic? Are advanced features multi-hop connections locked to only the priciest plans? We investigate all of these things so you don’t have to. We also conduct many of our more specific tests at the same time, which allows us to verify companies’ claims about simultaneous device use.

The first step in testing speed and latency is to ascertain the baseline of the connection before connecting to a VPN. We then use the “quick connect” feature on VPN apps to connect to the “fastest” provider available when testing internet speed. Once connected, we run internet speed tests by Ookla and ping tests with meter.net. When relaying these results, we will note the average speed and ping across these results, as well as the difference between that average and our baseline when not connected to a VPN.

We test all VPNs from within the US. To check that a service is able to effectively avoid geoblocking, we connect to a Canada-based server and attempt to access content on Netflix that is only available to users in that country. We then connect to a Hong Kong-based server to attempt to watch a news livestream on a YouTube channel that is exclusively available to users in that region. Finally, we conduct a gaming test by playing on servers in the United Kingdom. We’re looking to see not only if we can access the same content from all these servers, but also to test for lag or any other headaches that you could run into when using something.

A DNS leak happens when your device sends an unencrypted DNS query outside of your VPN service’s encrypted tunnel to an ISP’s DNS servers. This effectively nullifies the use of a VPN in the first place by allowing third parties to see and potentially track your browsing activity and IP address.

A WebRTC leak is an issue that can occur in modern web browsers that can similarly expose your personal IP address to a website you’re on. While you can avoid this by configuring your browser to not send such data, a VPN should be able to prevent this from happening.

To check for both of these issues, we use publicly available tools such as NordVPN’s IP address lookup tool and ExpressVPN’s leak tests before and after connecting to a VPN and make sure neither fault is occurring.



Source link