How we test VPNs at Comparitech

Comparitech VPN reviewers strive to write the most comprehensive, accurate, and useful reviews of VPNs on the web. All of our reviews are based on first-hand experience and a battery of tests—we don’t just regurgitate marketing hype.

We review each VPN from the perspective of a consumer who:

  • Values their privacy
  • Expects the utmost security
  • Wants good value for money
  • Requires fast speeds and reliable service
  • Uses a variety of devices
  • Wants to unblock region-locked content and services
  • May need to bypass censorship
  • Values good customer service

In this article, we’ll explain how Comparitech VPN reviewers evaluate each of these factors:

Privacy

Privacy should ensure that no third parties—including the VPN provider—can identify individual VPN users or see their online activity by monitoring the VPN connection. This is partially accomplished by employing strong security measures, which we’ll get into in the next section, but also indicated by a VPN’s privacy policy.

HideMyAss's new privacy policy.
Example of a VPN logging policy.

Comparitech strongly favors VPNs that adhere to a no-logs policy. That means no logs of:

  • Your online activity including sites and pages visited, apps and services used, search queries, purchases, downloads, streams, etc
  • Your IP address
  • The IP address of the server connected to
  • Connection timestamps

These pieces of information can be used to identify you or corroborate activity logs of another service as a means to identify you.

Some logs do not identify or track users, so we don’t have a problem with them. We don’t count the following types of logs against VPN providers:

  • Dates (not times) of connections
  • Amount of data consumed
  • Which countries you connected to (not specific servers)

Many VPNs that claim to have no-logs policies still log some of the above information. Such policies often only apply to activity logs but not other metadata that could identify a user. As part of our research we have analyzed the log policies of 140 different VPN providers.

A VPN’s country of origin also plays a role in privacy. Different countries have different laws regarding mandatory data retention for service providers like VPNs. Governments in certain countries might be able to coerce VPN providers into installing backdoors or handing over user data to authorities. We prefer VPNs incorporated in countries with no data retention laws, as well as those beyond the reach of major surveillance powers like the US, the UK, and China.

If a VPN accepts anonymous payment methods, such as cryptocurrency, that’s a bonus for privacy. A few VPNs even allow users to sign up through a dark web mirror of their website in order to preserve customer anonymity.

Security

VPN security includes encryption and authentication. These technologies are used to ensure that data is kept confidential, is not modified in transit, and only travels between trusted parties.

ipvanish kill switch

We examine the following security criteria for every VPN we review:

  • VPN protocol: Must use a secure VPN protocol such as Wireguard, OpenVPN, L2TP, SSTP, or IKEv2.
  • Channel encryption: Must use the AES 128-bit algorithm or stronger.
  • Authentication protocol: Must be SHA256 or better.
  • Key exchange: RSA and DH keys must be 2,048-bit or higher.
  • Perfect forward secrecy: Session keys cannot be compromised even if the private key of the server is compromised.
  • DNS leak protection: DNS leak protection must be built into the provider’s apps.
  • WebRTC leak prevention: WebRTC leak prevention must be built into the provider’s apps.
  • IPv6 leak prevention: IPv6 leak prevention must be built into the provider’s apps.
  • Kill switch: A kill switch that halts traffic when the VPN connection drops is a must. A lot of VPNs have kill switches on desktop but lack them on mobile.
  • Private DNS servers: The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.
  • Servers: We are primarily concerned with whether servers are virtual or physical. Physical servers are preferred as they leave no room for ambiguity around which country’s data privacy laws apply.

How we test for VPN leaks

nordvpn leak test
A leak test indicating a WebRTC IPv6 leak. Note this is an old test and NordVPN has since fixed the leak.

A lot of the above criteria deal with VPN data leaks. Leaks occur when data is sent outside of the VPN tunnel over the default network, compromising user privacy.

VPN leaks include:

  • IP leaks: This occurs when the VPN fails to hide your IP address, or data simply isn’t being sent through the VPN. This doesn’t happen very often as it would be a complete failure of the VPN.
  • DNS leaks: DNS traffic is sent to the ISP instead of the VPN’s own DNS servers. The Domain Name System is how computers find each other on the internet by turning domain names like Comparitech.com into IP addresses. If this leaks, third parties like your ISP can see what websites you visit.
  • IPv6 leaks: Some VPNs only route IPv4 traffic, which is more common, but fail to route IPv6 traffic. This leak is especially prevalent on Windows 10.
  • WebRTC leaks: WebRTC is a communication protocol used by voice and video chat services like Discord and Hangouts. This data can be sent outside of the VPN tunnel if not blocked, compromising user privacy.

We can test for these leaks using a website like browserleaks.com and ipleak.net. Such a test informs us of our current IP addresses, DNS servers, and WebRTC addresses. We first run the test without the VPN, and then again with the VPN. If any of the addresses are the same across both tests, that indicates a leak—the VPN should replace every IP address with one of its own in order to hide the user’s device.

Speed

We publish VPN speed test results as global averages. Every VPN is tested nine times: three times of day spread at least four hours apart, and across three locations. Our test machine is in the United States, and we test connections to North America (nearest), Europe, and Asia. The average download speed of these nine tests are averaged together for the final result.

Speed test results.

We perform the tests using each VPN’s Windows app on a 1 Gbps connection. We use the fastest secure protocol available, which as of late has been Wireguard, followed by OpenVPN and IKEv2. Speeds are measured using the Ookla Speedtest.net desktop app.

NordVPN speed test.

Outliers—results that are more than three standard deviations away from the mean—are thrown out, and the VPN retested.

We only report download speed, which is what most readers are interested in. We do not report upload speed.

We also do not measure VPN latency, also known as ping time or lag. These measurements would be more indicative of the test machine’s distance to the VPN server than the VPN server’s actual performance. In other words, connecting to a closer server usually results in a lower ping time.

In addition to the empirical tests, we also stream high-quality video and play competitive online games to ensure the VPN matches readers’ expectations.

Many VPNs claim to be the fastest but in truth, VPN speed is one of the most difficult factors to accurately quantify. We can’t test every server in every location every hour. We always run speed tests as empirically as possible when we review a VPN provider, but the fact of the matter is that the fastest VPN for where you live is not necessarily the fastest VPN for where we live. Likewise, the fastest VPN for streaming video might not be the speediest for online gaming. Even the fastest VPN service at noon probably isn’t the quickest at midnight.

Unblocking region-locked content and streaming services

Amazon Prime Video Game of Thrones

Unblocking streaming services is one of the most popular uses for a VPN today. Streaming services are usually region-locked due to content licensing restrictions, so you can normally only access them from a specific country. VPNs can bypass these restrictions by making it appear as though you’re located in the right country for a given streaming service.

We check to see if each VPN can unblock:

… and others. Tests are run both on the desktop website and mobile app versions of each streaming service, because some VPNs can unblock one but not the other. Our texting of VPNs with Netflix is extensive.

With so many different Netflix catalogs available we have run over 5,000 Netflix VPN tests to see which providers can give you access to which country version of Netflix.

Censorship

VPN users from certain countries are primarily interested in bypassing web censorship. In China, for example, VPNs are used to access content that is normally blocked by ISPs at the behest of the government, including western social media, news outlets, and entertainment.

VPNs can also bypass censorship at a smaller scale, such as at a school or office where certain websites and apps are blocked by local administrators.

We test each VPN’s ability to evade the Great Firewall and other government blocks whenever possible, though these situations often change rapidly and sometimes we have to take VPN providers at their word. In any case, if a particular VPN suddenly stopped working in a given country, it would quickly become apparent and that change would be reflected in our review.

Servers

nordvpn servers

The number of servers a VPN operates is less important than you might think. Servers can vary greatly in capacity and bandwidth, and one VPN might have far more users than another. So having 10,000 servers isn’t necessarily better than having 100 servers.

More important is the number of locations on offer. The average VPN operates servers in 30 to 60 countries. Make sure the one you want to connect to is on that list. Some VPNs, like ExpressVPN, operate servers in more than 90 countries.

Note that some VPNs use virtual locations. These are servers that physically reside in one country but have the IP address of another country. Although the IP address might grant you access to a country’s content, it’s worth noting that the actual server might be in a country where data protection laws are not in place, potentially endangering your privacy. On the other hand, a virtual location could also give you an IP address for a country where you wouldn’t want your VPN to operate a real server, such as China or Iran.

Customer support

expressvpn support live chat

Sometimes you need help, so we make sure to hit up each VPN’s customer service at least once in the course of a review. We note down the time to respond, office hours availability, as well as subjective judgments about knowledge and helpfulness. We prefer VPNs employ both live chat systems and ticket submissions systems, the former being quicker and the latter usually being more private.

In addition to tech support, we also take note of billing practices. Shady schemes like default auto-renewal and burdensome cancellation processes are frowned upon.

We tend to favor VPNs that offer money-back guarantees.

Apps

PureVPN apps.

You need a VPN that works with all of your devices. Most VPNs support the major operating systems:

  • Windows
  • MacOS
  • Android
  • iOS

Other platforms might include Amazon Fire TV, wi-fi routers, Android TV, Windows Phone, Blackberry, and Linux devices. Many providers also offer VPN browser extensions for Chrome, Firefox, Opera, Edge, and Safari. The more the merrier.

Note that some devices flat out don’t support VPNs unless you hook them up to a VPN-protected wi-fi router. They include Chromecast, Roku, Apple TV, smart TVs, and game consoles.

Features that we look for in apps include:

  • Kill switches
  • Split tunneling
  • Automatic wi-fi protection
  • Traffic obfuscation
  • Ad, malware, and tracker blocking

We also judge apps subjectively on design, ease of use, and appearance.

If you live with family or close friends, you may wish to share your VPN account. In that case, you’ll want a VPN with plenty of simultaneous connections, which let you connect more than one device at a time under a single plan. Five is the standard, though many VPNs offer more and a few even allow unlimited simultaneous connections. We’ve rounded up the best VPNs for multiple devices here.