Venturing into the online world represents enjoyment for many people. Unfortunately, this isn’t always the case, especially when thinking about government surveillance, hackers, and snoopers. For these reasons, people opt for something called a VPN or Virtual Private Network. This is a service that encrypts your connection and helps you get secure access to the internet without the risk of getting tracked or attacked by hackers and cybercriminals. With all of their promises that sometimes sound too good to be true, a few questions seem to bother many people – are VPNs REALLY safe to use? Can we use VPNs at no risk of endangering our privacy further? And what about free VPNs? Are they safe as well?
If you have these questions and you’re thinking about subscribing to a VPN service, this is the article for you. We’re going to address all of these questions and doubts and see how safe and secure a service like this can be.
Are VPNs Safe? How Do VPNs Function?
To put it simply, VPNs are indeed safe if you want a short answer to the question. Besides, millions of users around the world use VPNs to safeguard their privacy and enjoy anonymity online. There’s a reason why VPNs are safe and it lies in the way they work.
This service allows you to connect to a remote server located somewhere else. Once you connect to it, your original IP address is hidden and you’re assigned an IP address from that server. That’s basically the definition of a VPN and the way it works.
In doing so, you route your traffic through a secure VPN tunnel, which encrypts your traffic and makes it untraceable by your ISP or even hackers. This has one important benefit, which is total privacy, and another one, which is anonymity, as no one can see what you’re doing online.
Bear in mind that we’re talking about safe VPNs like ExpressVPN, CyberGhost, NordVPN, and others. If you stick to tried-and-tested providers, the VPNs are indeed safe. Not only that, but the change of your IP address allows you to bypass geo-restrictions and unblock restricted sites, for example.
Other benefits include downloading torrents safely, getting on the dark web anonymously, and so forth. Are VPNs really safe then? As said, the answer is YES simply because of the aforementioned benefits that no other service will give you. At least not to this extent.
Recently, we did a comparison between proxies and VPNs so I highly recommend checking it out. Many people confuse these two but in short, VPNs are significantly safer.
What Makes a VPN Safe?
A safe VPN is a service that you can fully trust to anonymize your online activities and protect your private data from snoopers. Not every service can be called safe, so let’s take a look at the features and functionalities that a safe VPN must have to be called that.
1. Strong Encryption & Newest Protocols
The first criterion that the provider must have is strong encryption. By that, we mean 256-bit AES encryption which is the backbone of every quality VPN. This is the strongest level of encryption currently available and is also used by numerous government bodies.
For example, the US military uses the same encryption to protect its confidential data. It’s also used by banks that require cutting-edge security because of obvious reasons. VPNs use different protocols for encrypting your traffic and routing it through a secure tunnel.
They include OpenVPN, IKEv2, WireGuard, Lightway, NordLynx, and older protocols like IPSec, PPTP, and SSTP. Logically, for a VPN to be safe, it must have the latest and greatest protocols. We recommend providers with the first five protocols we mentioned. To repeat, they include:
- OpenVPN
- IKEv2
- WireGuard
- NordLynx (NordVPN’s protocol)
- Lightway (ExpressVPN’s protocol)
These protocols are still used in 2024, although OpenVPN and IKEv2 made space for more recent additions like WireGuard, NordLynx, and Lightway.
2. Zero-Logging Policy (Privacy-Friendly Jurisdiction)
Another, maybe even more important factor is that the VPN is focused on privacy through the implementation of a no-logging business model. By that, we mean that it stores absolutely NO logs of information that can be traced to you.
No-log VPNs are usually based in privacy-friendly jurisdictions such as the British Virgin Islands, Panama, Bulgaria, Romania, Malaysia, and many others. Privacy-unfriendly jurisdictions are the ones inside the 5/9/14 Eyes alliance, such as the US, the UK, Canada, Australia, and Western Europe.
Regardless, a no-log VPN must NOT store information like:
- Your IP address
- DNS requests
- Geolocation
- Connection logs
- Session information
- Browsing history
- Download history, etc…
Even better is when a safe VPN has a third-party audit on its privacy and security claims. This makes the service even more trustworthy and worth investing your money into.
3. Automatic Kill Switch
I always feel like the kill switch is a bit of an underrated feature, especially since it’s turned OFF by default in many services. However, that’s a cardinal mistake since losing the VPN connection means exposing your IP address to the public eye and losing your privacy in an instant.
A kill switch will, in this case, immediately disable all traffic and put you in an “offline” mode until the reconnection attempt is successful. Yes, you’ll be cut out from the internet but you’ll preserve your privacy, which is more important.
Is a VPN safe without a kill switch then? Absolutely NOT. For me, a kill switch is a must, and thankfully, the majority of VPNs have it these days, except for a few free providers. We recently tested Turbo VPN and this free service doesn’t have a kill switch.
Coincidentally or not, it also displayed a few IP leaks, which could be linked to weaker encryption and the lack of crucial security features.
To learn more about this feature, feel free to read our article explaining how a Kill Switch VPN works.
4. Perfect Forward Secrecy (PFS)
Perfect Forward Secrecy, which we’ll call PFS is a feature rarely discussed in the VPN world. VPNs use encryption and in most cases, it’s AES-256 with some encryption keys, and so on. However, very few providers mention the reuse of encryption keys.
Reusing encryption keys means that the service is prone to being compromised by hackers who already decrypted those keys. Next time a user is assigned that compromised key, a hacker or anyone else can still track his activities and steal his data.
PFS ensures that each connection gets a new, unique encryption key. Let’s say you connect to a VPN today at 1 pm. Then, you disconnect and connect again at 3 pm. These connections will have DIFFERENT encryption keys both of which are unique and never reused.
As a result, even if the hacker compromises one of these keys, it won’t be used again, so it doesn’t matter – it’s redundant. Of course, it’s extremely hard to compromise safe and secure VPNs, and in 99.99999% of the cases, this won’t happen.
PFS is a feature found only in top-grade VPNs. Such providers include ProtonVPN, ExpressVPN, NordVPN, Surfshark, CyberGhost, and a few more. Sadly, free providers or at least free versions of paid VPNs don’t offer it.
5. RAM-Based Servers
Last but not least, I should state the importance of RAM-based servers. You’ll see this feature only in top-of-the-line VPNs like ExpressVPN, CyberGhost, NordVPN, and Surfshark. Essentially, RAM-based servers are a crucial thing for privacy.
Random Access Memory or RAM loses its data each time the power is cut off. Hard disks that are used by low-tier providers won’t lose their data until it’s wiped manually or the disk has malfunctioned. Basing a server on RAM has the benefit of wiping every bit of information with each restart.
When the server restarts, all data is lost, so there’s nothing to get from the server. The authorities can, for example, request the provider to hand out its server data but upon inspection, they’ll see that the servers are empty since no data can be found.
Servers based on traditional hard disks store information for months and years, so if the server is compromised, chances are that the authorities, hackers, or anyone else will be able to read this data and endanger your privacy.
In short, for a VPN to be safe and secure, it must have RAM-based servers – don’t settle for anything less.
Why Free VPNs Are NOT Safe to Use?
Every feature I mentioned previously is a characteristic of cutting-edge, top-grade premium VPN services. But what about free services? Why free VPNs aren’t safe? Well, I think you can already guess the answer but let me give you a few answers anyway, just to make sure you understand everything well.
The Lack of Security Features
Unlike paid providers, free VPNs won’t offer you the full roster of features I talked about. Many times, they’re using weaker encryption coupled with the lack of a kill switch, no IP leak protection, and other advanced features.
As such, they’re prone to IP/DNS leaks that will compromise your privacy. Furthermore, RAM-based servers are the feature that free VPNs are missing, which, as stated, is a game-changer in some VPNs. We should also mention the VPN protocols.
Free services don’t have enough resources to upgrade their security, so they stick to older protocols just to make the service work. There’s an interesting study done by the Universities of Berkeley and New South Wales in which they studied free VPNs for Android.
The study showed that 18% don’t encrypt your traffic while a whopping 84% of free services are leaking your private data. Sounds alarming? Well, it surely is, especially when we add intrusive logging practices to the equation.
Intrusive Logging Practices
Since they don’t earn money through subscriptions, free providers often collect your sensitive data and sell it to third parties for additional revenue. This is the case with many free providers that offer unlimited bandwidth and somewhat decent performance, such as Hola VPN.
You’re not paying it with your money but with data like browsing history, your IP address, DNS requests, geolocation, connection timestamps, and other revealing bits of data. Even free VPNs with limited bandwidth and slow speeds tend to do this.
Aside from Hola VPN, we can mention services like Betternet, Opera VPN, and dozens more. Paid VPNs are safe because they already make money from subscriptions and as such, they don’t have the need to collect and sell your data – you’re already paying for a service with your money.
Frequent IP and DNS Leaks
As said, free VPN providers won’t protect your connection properly, which leads to problems with data leaking. I’ve seen this more than a few times, especially with low-quality free services that have questionable security.
The image above shows you Turbo VPN and the leak test I did in a recent review. Despite having a US IP address, you can see a leak with a Serbian IP (my native IP), indicating that my connection isn’t as secure as it should be.
Paid providers like ExpressVPN, CyberGhost, and NordVPN show no signs of leaking, which is why they’re safe and secure, and free providers aren’t.
VPN Limitations That You Should Know About
While VPNs are 100% safe to use, there are certain limitations that I’d like to address:
- Malware protection – VPNs aren’t designed to detect and remove viruses and malware. They’re here to ensure online privacy and make sure you’re browsing the web anonymously. The removal of viruses and malware is done by antivirus software, albeit, some VPNs have anti-malware included as a part of the standard subscription or as a bonus feature.
- Phishing protection – If you’re using a VPN and you expect to be protected from phishing or any similar cyber threat, you need to reevaluate your thoughts. While some VPNs will block malicious domains, most of them won’t, so you still need to be careful about which sites you visit and which personal data you’re leaving on them.
- Third-party account tracking – Account tracking can’t be prevented with a VPN. Using your Facebook account to connect to various sites still leaves you vulnerable to Facebook’s tracking. Even if you use a VPN, Facebook will be able to access your account information and track your activities on every site you associate with your Facebook account.
Some Safe VPN Services We Recommend
One thing I promised is to talk about the VPN providers that are completely safe to use with no issues regarding privacy, data leaking, or anything remotely close.
- ExpressVPN. This provider comes with bank-grade encryption and a certified no-logging policy, offering superb online protection. People enjoy ExpressVPN’s kill switch and the Lightway VPN protocol which brings excellent performance across the board. It’s our #1 VPN in 2024 and you can get its annual plan with a 49% discount and 3 free months backed by a 30-day money-back guarantee for some big savings.
- CyberGhost. CyberGhost comes with 256-bit encryption, RAM-based servers, and more than 90 server locations globally. Its WireGuard support is excellent and the provider includes an ad-blocker, a kill switch, split tunneling, and IPv6 leak protection. There are also transparency reports and a no-logging policy, all at a cheap price for a 2-year plan that comes with a large 45-day money-back guarantee.
- NordVPN. This Panamanian provider has two security audits on its no-logging policy plus other features like bank-grade encryption and Double VPN. NordVPN comes with obfuscated servers, NordLynx, a kill switch, RAM-based servers, and even Private DNS. All of this comes at an affordable price for 2 years with a 30-day refund policy, making testing it out risk-free.
Can VPNs be Hacked?
One more thing to address before concluding this guide is whether VPNs can be hacked. Yes, they can but this practice is extremely rare. Besides, the best providers use bank-grade encryption, which is usually ChaCha20 or the aforementioned AES-256.
These two ciphers are the best on the market and in theory and practice, they can’t be hacked. If we take AES-256 encryption as an example, its 256-bit keys mean 2^256 possible combinations, which is a number so high, that we don’t want to waste time writing it.
But if you have a calculator, do the math and you’ll see. In practice, this means even all of the world’s supercomputers wouldn’t be able to break the encryption and decrypt your data. Not even the most skilled CIA-level hackers. NO ONE.
In this regard, VPNs can’t be hacked, so you can rest assured your data is safe and secure once you connect to a server. However, a VPN like NordVPN has been hacked in another way. NordVPN’s security breach in 2018 is well known at this point but it was minor.
Besides, the security breach influenced only one server in Finland, while the rest of the infrastructure was untouched. It’s good to know that NordVPN wasn’t the one to blame but the security of the data center, which isn’t under direct ownership of NordVPN but rather belonged to one of the “external” ISPs.
All VPNs rent data centers from providers like M247 (and others), which is probably the most used option. Immediately after, the company performed an audit and fixed its vulnerabilities, so everything was under control.
In short, your VPN connection can’t be hacked but data centers that hold VPN servers can – although this is very, very rare.
Bottom Line
Are VPNs really safe to use? Well, having in mind everything we said, the answer for those lazy to read the entire article is YES. Sticking to premium VPNs is the best way to go, as their focus on privacy and security is going to be of the utmost importance.
Recently, I talked about how to get an ExpressVPN free trial for 30 days and the same trick applies to other premium services like NordVPN or CyberGhost. I suggest avoiding 100% free services if you’re looking for a safe VPN that won’t compromise your privacy.
Services like this are limited security-wise and they’re prone to data leaking which won’t do you any good. Instead, take advantage of a refund policy and enjoy what premium services have to offer even for a limited period.