I’ve tested a variety of VPNs, some free and others paid, and while all promise privacy, not all deliver on it. Over time, I’ve learned to spot the VPN red flags fast. If a VPN shows any of these signs, I’m out before installing.

8

Unclear Logging Policy

A no-log policy is one of the biggest selling points for the best VPNs. If a VPN has an unclear or vague logging policy, it’s a serious red flag. VPNs are meant to, among other reasons, protect your privacy by first masking your IP address and, secondly, encrypting your internet traffic.

If they log your activity, then it defeats the purpose because you’ll just be moving your data from your ISP to the VPN company. Besides, if a VPN provider stores logs, those records could be handed over if the authorities come knocking. Or, your activity could be sold to third parties or exposed in a data breach. When reviewing the logging policy, I don’t simply gloss over the company’s home page and buy into its no-logs claims.

Some VPNs may claim they don’t log data, but their privacy policies tell a different story. The service may claim it doesn’t log your browsing activity, but then admit to collecting other connection metadata that can be used to identify you, such as connection timestamps, device identifiers, session duration, and your IP address, in fine print. If a VPN collects any data, it should be transparent about what’s collected, why, and how it’s handled.

7

Based in a Surveillance-Friendly Country

Where the VPN is based matters more than you may realize. A VPN can claim to offer a no-logs policy, but this can be easily compromised if it’s based in a country with invasive surveillance or strict data retention requirements. What matters is if the VPN’s legal jurisdiction is privacy-friendly.

The most notorious countries I avoid completely are those that are part of the Five Eyes, Nine Eyes, and Fourteen Eyes surveillance alliances, including the UK, USA, Canada, Australia, New Zealand, and Belgium. Countries in either of these alliances have agreements to spy on their citizens, share intelligence, and have legal frameworks in place that can force companies to hand over user data or worse.

Related

5 VPNs Not Located in Five Eyes Surveillance Regions

You think your VPN is keeping you private, but what happens if it is overseen by a member of the Five Eyes surveillance alliance?

Some countries in the alliance have gag orders as well, and can compel any company to start logging activity without ever informing its users. Consequently, a no-log VPN will retain its privacy claims for marketing purposes, but it’s doing quite the opposite in reality, as breaching these gag orders is a criminal offense.

This is why the best privacy-focused apps are based in places with strong privacy laws, such as Panama, Switzerland, and the British Virgin Islands (which are separate from the UK). If a VPN doesn’t disclose its location, it can’t be trusted with your data.

6

No Transparency About Ownership

When you use a VPN, you are essentially handing your internet traffic to a third party, and as such, you deserve to know who’s behind the company. If a provider isn’t open about who owns or operates it, that’s a major red flag.

Whether I trust a certain provider to take care of my data well also depends on who’s behind the curtain. Trust requires transparency and accountability, so if a company hides behind anonymity, it doesn’t deserve access to my private internet activity.

A VPN should be open about its ownership structure, and this information should be clear on the company’s website. The website should also include important information, including the founding team or individual, and the actual person or people behind the VPN. Some providers are part of larger companies that may have conflicting interests, such as adtech companies, which could potentially affect the provider’s data-handling policy.

5

No Kill Switch

A kill switch is a feature that disconnects your device from the internet whenever your VPN connection drops unexpectedly. It prevents your internet traffic from being sent or received outside of the VPN’s secure tunnel until the VPN connection is restored.

This ensures that in the event of a connection drop, while you’re sending or receiving private information, it isn’t exposed to your ISP or even bad actors monitoring your traffic. Various factors can cause your connection to drop, including internet issues, VPN server problems, or even app crashes.

There’s also a brief window that could leave your data vulnerable when switching servers or server locations because the VPN must first disconnect from the first one before connecting to the second. Having a kill switch guarantees that your activity and data are secure at all times, even when your device abruptly disconnects from the VPN server.

It’s a must-have feature, and even more important is that the service should include the kill switch across all platforms it supports. Bonus points if it’s enabled by default.

4

Lack of Leak Protection

Besides a kill switch, leak protection is another important feature to look out for when evaluating a VPN. Just hitting connect to a VPN doesn’t instantly guarantee your activity is private and secure.

Leaks are yet another thing to look out for because even with a secure connection, your real IP address, DNS requests, or IPv6 traffic can leak outside the VPN’s tunnel. If a VPN doesn’t have leak protection, it’s like locking your doors while leaving the windows open. Don’t confuse leak protection and a kill switch: a kill switch prevents leaks while disconnected, while leak protection does so while connected.

One of the most common types of leaks is a DNS leak, where your device directly forwards requests to your ISP’s DNS server instead of the VPN’s. As such, DNS leaks can destroy anonymity, similar to other types of leaks, such as WebRTC (Web Real-Time Communication) and IPv6.

Related

What Are WebRTC Leaks and How Can You Prevent Them?

Your real IP address could leak thanks to WebRTC. Here’s why that’s bad for your privacy and what you can do about it.

If a VPN lacks leak protection or is vague about it, don’t take the risk. One of my go-to ways for testing a VPN’s encryption is to check for DNS leaks.

3

Few Servers and Server Locations

Another red flag that I pay attention to while shopping for a VPN is a limited number of servers and server locations. It might not seem that important, but it plays a key role in the performance of the service and privacy. Fewer servers mean a higher chance of congestion as the number of users increases, because there will be more people connected to a single server.

This leads to slower speeds or unstable connections, making the service unusable for low-latency and high-bandwidth activities such as streaming, gaming, or downloading large files. Even worse, during peak hours, there may be instances where you can’t connect to a specific server or server location due to congestion.

While I check the server count, it doesn’t tell the whole story. Other factors, such as total network capacity and usage, are also important, but since VPNs don’t disclose this information, you can’t make a judgment based on it.

Related

These Are the 5 Features I Always Check Before Signing Up for a Free VPN

Not all free VPN services are reliable and secure.

It’s also essential for a VPN to have servers in different locations, which ensures that there are more IP addresses available for use. That can help in bypassing geo-restrictions and even censorship. Additionally, rotating IP addresses easily enhances anonymity as it makes it harder to track your online activity over time. Fewer servers and server locations mean fewer IPs, and those can be easily flagged or blocked.

2

Offers a Lifetime Subscription Plan

Paying for subscriptions is exhausting, especially for VPNs, as the most reliable ones cost around $10 a month unless you opt for long-term plans. At first glance, a VPN offering a lifetime subscription might seem like a steal. But for VPNs, it’s a huge red flag.

See, running a VPN service isn’t cheap, and it does require ongoing operational costs. A provider must continuously invest in infrastructure, development, security, and support staff. If a service offers lifetime subscriptions, how does it fund ongoing operations? Surely, there won’t be enough new customers signing up each month to sustain the service.

Related

You’re Overpaying for Your VPN: How I Find Cheaper VPN Deals

You can get the best VPNs much cheaper than you realize.

It’s possible that such a service can sell your data to fund operational costs and cut corners in other areas to stay afloat. As with most service categories, you get what you pay for when it comes to VPNs. That’s why I avoid VPNs that offer lifetime subscriptions like the plague. In most cases, such VPNs either shut down or, if they survive, revoke lifetime subscriptions after a few years.

1

No Support for Modern Protocols

The protocol a VPN uses determines how your data is encrypted and transmitted, which directly affects both security and speed. Several VPN protocols exist, and most VPN providers support at least two of them. The major ones include WireGuard, OpenVPN, L2TP/IPsec, IKEv2, and PPTP.

Outdated protocols, such as PPTP, IKEv1, and certain legacy implementations of L2TP/IPsec, are no longer considered secure. So, if a VPN only supports these older protocols, I won’t use it.

That’s why even some of the best VPN providers, like ExpressVPN, NordVPN, and Surfshark, dropped support for older protocols and recommend modern ones like OpenVPN, IKEv2, and WireGuard. If a VPN doesn’t support modern protocols or doesn’t mention the protocols it uses, I write it off.

Since learning the difference between good and bad VPNs, I no longer fall for over-the-top marketing claims. These red flags are far too common, so if you see a VPN provider with even one, don’t take the risk. With numerous private and reliable VPNs on the market, don’t settle for average.