Three rules for choosing a VPN that takes your privacy seriously

Lesser-known risks of ISPs and why I chose ExpressVPN

Most people know that a VPN is meant to protect your privacy on public or open Wi-Fi. A lesser-known purpose is to protect your privacy right in your own home, from your own internet service provider (ISP).

A set of Federal Communications Commission (FCC) rules entitled Protecting the Privacy of Customers of Broadband and Other Telecommunications Services were unfortunately struck down in 2017. These rules would have prevented ISPs from using and selling your sensitive personal data, such as precise geographic location, health and financial information, web browsing history, and even the content of the messages you send.

Im not comfortable having that data stored anywhere. Handing it over to my ISP makes me even less comfortable, since these treasure troves of sensitive personal data are a frequent and profitable target for ill-intentioned hackers as well.

Your online activities shouldnt be anyones business, and certainly not in a literal money-making sense. Using a VPN helps to keep your private information where it belongs: between you and the person youre sending it to.

Of course, if you type any flavor of VPN vs VPN into a search youll get a smorgasbord of comparison blogs and providers vying for your attention. How do you know what makes a VPN good? (Answer: lots of research.)

If youre a regular reader, you know Im big on security and privacy. (If youre not yet, welcome! Hi!) Since Ive built my career in the cybersecurity industry, I take my VPN fairly seriously. Here are the top three things I look for when choosing my own VPN provider:

1. No DNS leaks
2. A real commitment to privacy, with no logs
3. Ease of use across all operating systems

Ive written about why a VPN is important and even how to deal with the challenges of DNS leaks when using OpenVPN to set up my own. The response I often get to articles like these includes the question, Which VPN do you use?

The answer is ExpressVPN. Heres how my privacy philosophy got me there, and why these three points matter so much.

Why you dont want a DNS leak

In a previous Linux-flavored adventure, I created my own VPN using OpenVPN and AWS EC2. While Ive been told my post was helpful, this was definitely not a plug-and-play solution. After reinstalling a new OS, I once failed to follow my own guide to the letter. It took a few months before I discovered I had a DNS leak.

Using a VPN prevents your ISP from collecting your sensitive personal data, including your web browsing history, but only as long as you dont have a DNS leak. A DNS leak means that your ISP still sees all the URLs that you visit: their servers resolve them for you. This is plenty of information to build a picture of who you are, what your interests might be, any health issues you might have, what you like to spend money on, and much more.

Protocols like DNS over HTTPS will help, but they rely on co-operation between many entities that is still in its early stages. In the meantime, I want my VPN to do everything it can to avoid using DNS servers that could collect or sell my browsing history.

At time of writing, theres really only one fool-proof solution to ensuring that your browsing records arent accidentally shared: run your own private DNS server. So ExpressVPN did just that.

Of course, this only works in my favor when the VPN itself doesnt keep a record of my activities. Which is why

A no-logs philosophy matters

VPN providers do not all value your privacy, and some are no better than your ISP. Many VPN providers, especially free ones, elect to log your personal data and sell it to data brokers and marketers. Using a VPN that does any kind of logging simply transfers the risk from your ISP to the VPN provider.

At a minimum, you want a VPN provider to clearly state a strict no-logs policy. Of course, this still means youll have to trust that they arent being cagey with their definition of logs, and still writing your personal data to disk under a pretence.

A more trustworthy solution would be to remove the possibility of writing any personal data to disk in the first place. So ExpressVPN got rid of the disks.

Dad joke. I know.

I was pretty thrilled to learn about what ExpressVPN calls TrustedServer, which runs only on random-access memory, or RAM, and not on hard drives. Unlike a disk meant for long-term, fault-tolerant storage, RAM is volatile memory. It requires constant power to operate, which guarantees that all data is lost when the server is rebooted.

While you wouldnt want a laptop that runs entirely on RAM, volatile memory is perfectly suited to an ephemeral, no-logs VPN server. The entire software stack including the OS must be re-installed from a central, signed image each time the server boots. This also means its always installing the most up-to-date security patches and configuration. Thats clever.

This post goes into more technical detail on TrustedServer, which was independently audited by PricewaterhouseCoopers.

As a Director of Engineering myself, I have a deep appreciation for a company that builds its technology on its philosophy.

That said, the technology only works if you actually use it.

The best VPN is one you actually use

None of what Ive said so far would matter one iota if my chosen VPN was even just a little bit inconvenient to use.

My preferred platforms are Linux and iOS. Ive had my fair share of struggles finding all kinds of software that works equally well on just these two. ExpressVPN seems to offer one of the few applications Ive come across that isnt trapped in an ecosystem.

Theres a dedicated app for every major platform, including even smart TVs and game consoles. Unlike my experiences with other VPNs, ExpressVPN's Linux app just works, out-of-the-box, the way they said it would.

I especially appreciate the Network Lock kill switch feature, which prevents me from accidentally sending unprotected network traffic when I first open up my laptop and it reconnects to Wi-Fi. It prevents my ISP from seeing anything I do, and only takes a few seconds to reconnect.

ExpressVPN connects fast and then gets out of my way. I havent noticed any reduced speeds or blocked sites. I gave a lot of thought to choosing my VPN so I wouldnt have to think about it on a day-to-day basis. I use ExpressVPN constantly, and it just works.

Privacy is more than personal

When you protect yourself and your family with a VPN, you improve more than your own personal cybersecurity. The less data your ISP can collect, the less they have to lose, sell, or profit from. One day, the risk and cost for ISPs will outweigh the payoff. When you take action to prevent ISPs from scooping up your familys sensitive personal data, everyones privacy can benefit.

If you found this article helpful, I invite you to sign up for ExpressVPN. It only takes a few minutes (assuming you remember where you left your credit card) and will give you the best possible set-it-and-forget-it privacy protection that I can recommend.

For more about privacy, cybersecurity, and reliable cartoon dad jokes, go to victoria.dev or subscribe via RSS.