Skip the affiliate noise. Here are the criteria that matter, plus how to verify any provider’s claims yourself.
- Pick a VPN on seven criteria, not on a “best VPN” list.
- The non-negotiables are an audited no-logs policy and a kill switch.
- Jurisdiction, RAM-only servers, and modern protocols come next.
- Verify every claim yourself before you pay a cent.
- Our free tools let you test any provider in minutes.
How do you choose a VPN provider?
Knowing how to choose a VPN means starting with why you need one, then scoring providers on seven criteria. The biggest are an audited no-logs policy, a privacy-friendly jurisdiction, modern protocols, RAM-only servers, and a kill switch. Then verify each claim yourself before you subscribe.
Most VPN advice is a thin list of affiliate links. This guide is different. It gives you a repeatable method, not a ranking you have to trust.
The goal is simple. By the end, you can judge any provider on your own terms. You will not need anyone else’s top-ten list.
Start with why you need a VPN
Your reason for using a VPN decides which features matter. Privacy users need audits and RAM-only servers. Travelers need obfuscation. Streamers need wide server coverage. Remote workers need split tunneling. Name your use case first, then weigh the criteria below against it.
A VPN is not one product. It is a different tool depending on the job you hand it.
If you mostly use cafe and airport networks, read do you need a VPN on public Wi-Fi first. It explains exactly what the VPN does and does not protect there.
Newcomers should start with our pillar guide on what a VPN is and how it works. This guide assumes you already know the basics.
The seven criteria that actually matter
Seven things separate a trustworthy VPN from a marketing claim. They are an audited no-logs policy, jurisdiction, protocols, RAM-only servers, a kill switch, encryption, and price. Weigh them against your use case, not in isolation.
1. A no-logs policy backed by an independent audit
Any provider can print “no logs” on a pricing page. You cannot verify that claim from marketing alone.
A third-party audit is the only real proof. Reputable firms inspect the infrastructure and publish the findings.
Check three things. Is there a recent audit, by a recognized firm, with the full report published? An audit from 2019 says little about 2026 systems.
2. Jurisdiction outside surveillance alliances
Where a provider is incorporated decides which government can compel its data. That is the whole point of jurisdiction.
A genuine no-logs provider has nothing useful to hand over. Still, a base outside the major intelligence-sharing alliances removes one pressure point.
Watch for a mismatch. A company with offices in one country may be incorporated somewhere else entirely.
3. Modern protocols
Protocols decide your speed and your security. In 2026, the strong choices are WireGuard and OpenVPN.
Many providers ship a tuned version of WireGuard under their own name. NordVPN’s NordLynx is one common example.
For a deeper breakdown, see our guide to VPN protocols explained. Avoid providers stuck on outdated protocols alone.
4. RAM-only servers
RAM-only servers store nothing on a disk. Every reboot wipes the hardware clean.
This design makes long-term logging far harder, even if a server is seized. It has become a baseline expectation among serious providers.
NordVPN, ExpressVPN, and Surfshark all run RAM-only fleets today. Treat disk-based servers as a warning sign.
5. A kill switch and leak protection
A kill switch blocks your traffic the instant the VPN drops. Without it, a brief disconnect exposes your real IP address.
Leak protection covers DNS, IPv6, and WebRTC requests. A leak can reveal your activity even while the tunnel looks active.
To understand one common failure, read what a DNS leak is. It also shows why hiding your IP is not automatic. Our guide on whether a VPN hides your IP address covers that in full.
6. Strong encryption
Strong encryption is now table stakes, not a selling point. Every major VPN offers it.
Look for AES-256 or ChaCha20 with Perfect Forward Secrecy. That combination is the same standard governments use.
If a provider is vague about its encryption, that vagueness is itself the answer. Move on.
7. Price, device limits, and server coverage
Price matters, but only after the privacy basics are met. A cheap VPN with no audit is a false saving.
Check the per-month cost on a long-term plan, the number of devices, and the server map. Confirm there is a server where you actually need one.
Watch the renewal price too. Many providers advertise a low intro rate that jumps at renewal.
How to verify a VPN’s claims yourself
You do not have to trust a provider’s word. Check your public IP before and after connecting, confirm the location changed, then run a DNS leak check. If your real address or DNS leaks through, the VPN is not doing its job.
This is where NetworkCheckr earns its keep. Most guides tell you to “go test for leaks.” We host the tools, so you can do it here.
Run this quick four-step check on any VPN you are trialing:
- With the VPN off, note your address on our My IP Address tool.
- Connect the VPN, then reload the tool. The IP should change.
- Confirm the new location with our IP Geolocation tool.
- Run a DNS Lookup to confirm queries route through the VPN, not your ISP.
If the address never changes, the tunnel is broken. If your home region still shows, you have a leak.
A trustworthy provider passes every step without effort. That is the test a marketing page cannot fake.
Red flags to avoid
Some warning signs should end your search early. Skip free VPNs that monetize data, providers with no published audit, and vague privacy policies. Be cautious with providers in major surveillance alliances that lack multiple audits. These gaps usually signal a weak privacy posture.
Free VPNs are the clearest trap. Running servers costs money, so many free apps sell your data to cover it.
A missing audit is the next red flag. If a provider refuses to publish results, take its no-logs claim with serious doubt.
Finally, watch for ownership changes and past data handovers. A clean record matters more than a flashy feature list.
What I use, and who it is not for
I use NordVPN, and I recommend it for most readers here. It pairs an independently audited no-logs policy with RAM-only servers and a fast WireGuard-based protocol. It is not the cheapest option, so budget-first users may prefer a lower-cost audited alternative.
Honesty first: this is the provider I actually run, not just the one that pays best. It clears every criterion above.
NordVPN is independently audited, uses RAM-only servers, and is based in Panama, outside the major surveillance alliances. Its NordLynx protocol is fast in daily use.
No VPN has a perfect history, and NordVPN is no exception. A third-party server was breached in 2018, exposing no user logs. The disclosure could have been faster. Still, nearly every long-running provider has faced a security issue at some point. What counts is the response and the audit record since. NordVPN’s has stayed clean.
Who is it not for? If price is your top priority, there is a strong cheaper option. Surfshark meets almost every criterion above and costs noticeably less on a long-term plan. It is independently audited, runs RAM-only servers, and supports unlimited devices.
The one tradeoff is jurisdiction. Surfshark is based in the Netherlands, inside the wider Eyes alliances. Its audited no-logs policy means there is nothing to hand over. A privacy-first user may still prefer NordVPN’s base in Panama. For most budget-minded readers, Surfshark holds up well.
Run the same seven criteria and the verification steps on any choice.
A VPN is one layer of a privacy setup, not the whole thing. For the rest of the tools and services we actually use and recommend, see our Resources page.
Try the provider I trust
NordVPN clears every criterion in this guide. Test it yourself with our tools above.
Get NordVPNFrequently asked questions
How do I choose a VPN provider?
Start with why you need a VPN, then judge providers on seven criteria. The big ones are an audited no-logs policy, a good jurisdiction, modern protocols, RAM-only servers, and a kill switch. Then verify those claims yourself before you pay.
What is the most important feature in a VPN?
An independently audited no-logs policy matters most. Any provider can print a no-logs claim on a pricing page. Only a recent third-party audit confirms the provider cannot quietly keep your data. Treat an unaudited no-logs claim with real skepticism.
How can I tell if a VPN really keeps no logs?
Read the privacy policy, not the headline. Look for a recent audit by a recognized firm, and check that the full report was published. Confirm the provider uses RAM-only servers. An audit from years ago tells you little about current infrastructure.
Are free VPNs safe to use?
Most free VPNs are a poor trade. Running a server network costs money, so many free providers monetize your data instead. That defeats the point of a VPN. A cheap audited paid plan protects your privacy far better than a free one.
Does a VPN provider’s jurisdiction really matter?
Yes. Where a provider is incorporated decides which government can compel it to hand over data. A no-logs provider has nothing useful to share. Still, a jurisdiction outside the major surveillance alliances removes one more pressure point on your privacy.
How do I test whether my VPN is working?
Check your public IP address before and after you connect. The address and location should change once the VPN is on. Then run a DNS leak check to confirm your queries route through the VPN. Our free tools handle both checks.