Published Dec 5, 2025, 6:00 PM EST
Gavin is the Segment Lead for the Technology Explained, Security, Internet, Streaming, and Entertainment verticals, former co-host on the Really Useful Podcast, and a frequent product reviewer. He has a degree in Contemporary Writing pillaged from the hills of Devon, more than a decade of professional writing experience, and his work has appeared on How-To Geek, Expert Reviews, Trusted Reviews, Online Tech Tips, and Help Desk Geek, among others. Gavin has attended CES, IFA, MWC, and other tech-trade shows to report directly from the floor, racking up hundreds of thousands of steps in the process. He's reviewed more headphones, earbuds, and mechanical keyboards than he cares to remember, and enjoys copious amounts of tea, board games, and football.
When I think about VPNs, I think about how fast I can access content. The first port of call when you fire up a new VPN is almost always a speed test. Just how fast is the VPN provider, and what's the damage to your actual internet speeds?
That's all very well and good, but it gets away from what VPNs are really all about: privacy. And in the race for the fastest VPN, we forget that alongside speed, there are some really important VPN features you must consider.
Sure, speed is important—but these VPN features actually matter more.
Independent security audits
No one wants their VPN to spy on them
For years, VPNs relied on the "Trust me, bro," standard. That is, the VPN provider would say they didn't log your data, and you'd basically just have to accept it. Companies would even plaster "Strict No-Logs Policy" across their homepages, knowing full well that we had no way to actually check.
Then, something changed. Multiple instances of VPN providers handing data over to the authorities eroded trust in VPNs, and people began to question whether those no-log claims were real.
In turn, the big VPN services began bringing in third-party auditing companies such as PwC, Deloitte, or Cure53 to tear apart their infrastructure and confirm whether the VPNs were doing what they said. The shiny badge of "we've been audited and don't log your data" became a boon for VPNs that want to capture the privacy-focused crowd.
After all, that's what a VPN is for. Why hand your privacy over to a third-party when you have no idea if they're actually doing what they say they will?
However, even then, you need to be careful about VPNs that claim to have been audited. Read the fine print to discover what the audit analyzed. Did it conduct a full no-log audit on the company's servers and code? Or was it actually something less intensive in scope? The key is in the details, and any VPN worth its salt will be happy to show its workings.
Jurisdiction and ownership
Just where is that VPN based?
Along with a comprehensive, audited no-logging policy, you'll also want to check where the VPN is based. Where does the company physically and legally exist, and who actually owns it?
Most users treat a VPN server list as a travel brochure. They see that they can connect to Japan, France, or the UK, and assume that is where the company operates. In reality, a VPN provider is bound by the laws of the country where it is headquartered, not where its servers are rented. This distinction is the difference between privacy and prison.
I'd strongly advise that you avoid VPNs in the "Five Eyes" intelligence-sharing countries. That's the US, UK, Canada, Australia, and New Zealand. Companies in these jurisdictions can be legally compelled to share any data the VPN provider holds on you. Now, if you're using a properly audited no-log VPN, there shouldn't be anything to share.
But why take the risk when there are numerous VPN providers outside of these locations?
Typically, you want a VPN based somewhere with strong data laws, such as Panama or Switzerland. These countries do not have mandatory data retention laws and are generally outside the immediate reach of US subpoenas.
Overlapping ownership
Like most tech, over time, VPN providers have been bought out by larger entities, focusing the power and privacy in the hands of a few. It may appear that you're choosing between a few different providers, but they may be owned by a single company.
For example, Kape Technologies owns ExpressVPN, CyberGhost, Private Internet Access, ZenMate, and Goose VPN, controlling a huge portion of the VPN market. Now, I'm not saying Kape is up to anything shady with its ownership of multiple VPNs, but I'd opt for an independent provider instead.
RAM-only servers
Physics dictates that your data can't exist
Completing this trifecta of privacy is the RAM-only server. These are VPN servers that don't use an old-school, disk-based architecture.
Instead, these servers run entirely on volatile memory (RAM). RAM requires a constant power source to retain data. The moment the power is cut—whether by a system reboot or a panicked admin pulling the plug during a police raid—every single byte of data on that server is instantly and irretrievably wiped.
This feature is the ultimate fail-safe. It ensures that even if a government seizes a physical server rack (which has happened to VPN providers in Turkey, Iceland, and Ukraine), there is nothing on the machine to find. It isn't just software promising to delete your data; it is physics ensuring the data cannot exist without power.
Related
Don't muck about: protect your data
When you use a VPN, you're transferring trust from your ISP to the VPN. It's a big deal, especially if you're using a VPN for more than just watching Netflix in a different country.
In some cases, using a VPN is a vital lifeline to the outside world, and trust in what the VPN provides is vital. So, don't take chances and focus solely on your VPN speed. It's only one part of the bigger picture.