We’ve posted quite a few VPN reviews over here at TopVPN.review (to be expected, after all…have you seen our name?)
In the actual reviews, we explain what goes into different metrics.
But even with that being the case, it’s still worth getting a FULL account of how we go over VPNs. Even while we acknowledge our biases, we still keep to a consistent line of thinking to make our reviews more objective.
In this article, I’ll go through each metric we use, and explain how it works. I’ll also give examples from our reviews to illustrate the point.
Ready to get started?
Here we go:
How We Review Performance
Performance is the first metric we talk about in our VPN reviews, and for a pretty simple reason:
To most people, the bottom line is performance.
While people may want to save money or have an easy to use the app, there are a lot of VPNs that are roughly equally easy and a lot of VPNs within the same rough price range.
So we get to the first thing first.
The first and most important way we measure performance is with a speed test. This is what most people do first to test VPNs and that’s because it’s a pretty good indicator.
It’s also because VPNs usually lower your speed—it’s the cost of re-routing and encrypting your traffic—and most people want to minimize that loss of speed.
Here’s an example from my review of NordVPN. This was my speed in a café normally, without NordVPN equipped:
And then I tested the speed with the VPN added:
This resulted in minimal speed loss, meaning NordVPN performed very well in the test.
Before you get worried:
I don’t only test in cafés. The baseline for our reviews is whatever speed we get in our homes on a given day.
But many people use VPNs in cafes, airports, or libraries, so we frequently test in those areas IN ADDITION to home speeds.
Usually, only one of the tests will be included in that test is consistent with the others. In the example of NordVPN, my café test was similar to my test at home, so I only included that one in the review.
If you’re already in a place with slow WiFi, like a café or airport, a VPN might actually INCREASE your speed.
We also test servers for that reason, but the key for us is whether at least the CLOSEST server results in good speed.
Now aside from that, we also test how well streaming works. We sometimes test more than one streaming site, but we always at LEAST test Netflix.
Here’s an example of one such test, when I tried to access Brazilian Netflix using ExpressVPN (read more details here):
As you can see, some of these shows are not available on Netflix in the U.S.—so it worked.
The last major thing we test is the ability of a VPN to handle torrents. I usually keep things simple for a baseline: I use Pirate Bay and uTorrent because they’re famous.
Here’s an example from my review of Speedify VPN:
It worked fine.
But some limit torrenting to specific servers or don’t let you torrent at all (though that’s pretty rare). Here’s what it looked like when I tried to torrent using a normal U.S. server on Speedify:
As I said, this is rare for VPNs…but when it DOES happen, we take notice and include it in our results.
For the most part, however, testing torrents is fairly simple: does it work? Is it fast? Is it even faster on servers optimized for torrenting?
Once those questions are out of the way, we’re done with the major components of performance.
Although speed, streaming, and torrenting are the three MAJOR things we test in VPNs, we also make sure to test how the VPN software itself performs over time.
These points are a little more minor in our reviews—if a VPN’s software acts up we’ll talk about it, but if not, we won’t.
This makes a natural lead-in for the next factor of how we review VPNs:
How We Review Ease of Use
Although we say “ease of use,” we’re really reviewing more than just that (“user interface” is useful, and a lot of what we judge, but the good user interface is harder to define because so many customers want different things).
These are the main things we look at for “ease”:
- How easy it is to purchase and install, with a special focus on beginners.
- How easy it is to use regularly for beginners.
- For intermediate users, how easy it is to use more advanced features.
- For proficient users, how easy it is to set up custom/advanced things you want.
In short, we look at what ease of use would mean for different gradients of proficiency.
We also look at other things generally related to user-interface:
- How intuitive the software itself is.
- If there are any quick settings that don’t involve going deep into the app settings.
- How good the software looks. This is subjective and less relevant to utility, but most of us like using good looking software.
There’s a reason we don’t limit ease of use to the beginner’s point of view:
Even people who have never used a VPN before can figure out some of the basics as long as they’ve been using a phone or internet for a while.
Plus, a VPN that’s perfect for people who want a simple experience will often lack more advanced features or settings, which other customers may prefer.
So all of this is relative, and that’s how we take things into account.
For example, TunnelBear may be the simplest VPN I’ve ever tested:
It’s basically just a map of locations, but you can’t even choose locations down to specific cities (like some advanced VPNs)—only countries.
The settings are extremely minimal:
It’s so easy that just about anyone can figure it out.
But, this is WAY too simple for anyone who wants more advanced features.
You can read more in my review of TunnelBear, but my verdict is that it’s great for people who want a super simple experience and to be avoided for people who like more control.
Here’s an intermediate example, from CyberGhost:
These settings are a little more advanced, but CyberGhost explains all of them within the app.
CyberGhost also has a TON of servers to choose from them, but the app makes it very easy to choose by identifying which ones are specialized for which things:
In this example, you can see which servers are optimized for streaming from certain countries.
That’s why, in my review of CyberGhost, I consider the user-interface to be pretty great, and a feature in itself.
And then there’s Private Internet Access. It’s got a really cool interface because it’s customizable.
Here’s a brief example—these are three different ways of viewing the app on desktop:
With more details, but highlighting quick connect buttons and performance displays:
More details, but minimizing the “quick connect” bar and expanding the quick settings:
This only scratches the surface, but that’s why I consider Private Internet Access to be one of the best examples of customizable VPNs and a great option for intermediate to advanced users.
And here’s an example of a VPN that’s really best for advanced users. This is what part of TorGuard’s checkout process:
Yeah, it’s just a bunch of add-ons, but it can be a little confusing for beginners.
So is this part of the installment process:
And that doesn’t even get into the settings and features, which are pretty advanced and aren’t explained very well—but I’ll show you that in the next section.
For now, though, I think you can see why I consider TorGuard good for advanced users but bad for beginners.
So that’s ease of use for us! We look at a lot of things, and all of them are tied to how well they’d work for a customer with x level of experience and/or wants y level of simplicity.
How We Review Pricing and Features
Note: This section is broken up into subsections on price, free VPNs, and features. They all relate under the subject of pricing and features, but it helps to separate a little.
How I review price:
Ah, pricing. This is something especially important for VPNs because of the range of reasons people have for using them.
For example, people investing in business software will still care about price, but they generally know they’re going to be investing in a good product. So they won’t necessarily look for the cheapest option, even if they still would prefer to save money.
Contrast this with VPNs: people who want to stream just need the bottom line of speed, price, and reliable access to Netflix/other streaming services.
It’s the people who want something heavy-duty that are more likely to cough up higher prices.
Okay, but even despite all that, you may know that most commercial VPNs have roughly the same price range. And a lot of them have a similar pricing structure.
Though this isn’t true for every VPN, the vast majority have pricing plans set up as follows:
- One month of service: $8-$13
- One year of service: $4-$7 a month
- Two or three years of service: $2-$5 a month
Yep, that is a VERY general outline. Some VPNs have really expensive one-month plans and great deals for longer commitments.
A lot of VPNs have six-month commitments or even three-month commitments, and some don’t have plans that last longer than a year.
But generally, they follow the rough format of “a lot for a limited time or a proportionately smaller amount for a longer time.”
Now this might sound mundane to you, but let me explain why I take this into consideration when I review a VPN’s prices:
Suppose you’re traveling to another country for vacation or business and you want to be secure, or access regular streaming services, just for a short period of time.
In that case, it’s not only important that you have a good price for a short-term commitment, but the necessary features per that price point.
If you’re committing long term, you’re paying a large amount all at once even if its proportionately a good deal—so it’s really important that you get a price that’s “worth it” to you, especially as you’ll have to deal with the product or waste your money and ignore it if you don’t like it.
What makes a price “good” depends on a lot of things, but generally speaking $5 a month for a year of service is pretty good. On that scale, $10 for a month of service and $6-7 for half a year are good price points as well.
Unlike other digital products, most VPNs don’t restrict features based on price. A small number do offer more premium packages, but most have prices aligned with time the way I mentioned and keep features consistent among packages.
Here’s why that matters:
If I see a VPN that DOESN’T do that, meaning if there are a “regular” VPN package and a premium package that has extra features for a higher price, that VPN gets extra scrutiny.
One good example is VyprVPN. Here’s what VyprVPN’s two plans look like:
The premium plan allows 5 devices, which is normal for most VPNs, plus it has Chameleon Protocol and VyprVPN Cloud.
The Chameleon protocol is more interesting for most ordinary users because it lets you hide the fact that you’re even using a VPN.
Some VPNs do include this feature by default, but it’s not super common.
So because it’s not super common, I thought it made some sense to include in a premium plan. Plus, the premium plan’s price isn’t too far off base from a fully-featured VPN’s base price.
And the regular package? It’s cheaper than other VPNs, at least for the first year, so losing those extra features isn’t as bad.
I took all of this, and more, into account in my review of Vypr, but that’s the gist—it’s about how well a premium or base plan compares to “regular” VPN plans.
Of course, a large part of what makes a price good or not is the features that come with it. Next, I’ll talk about how we assess features:
Advanced and basic features.
You got a hint of this earlier when I showed you VyprVPN—having 5 devices on a premium plan didn’t impress me because that’s kind of normal for other VPN plans.
But having a chameleon mode (and the cloud feature) was impressive, and did more to justify a separate plan.
That’s because the chameleon mode is one of those features that I think is GREAT, but which isn’t ubiquitous.
So let me get into that whole topic more, because it’s really important to how understanding how we assess the features VPNs offer (which in turn affects how ‘worth it’ a price is).
To keep things simple, here’s an overview of the features I’d expect in a ‘decent’ VPN:
- Connect to 5 devices.
- Hundreds of servers in dozens of countries.
- At least 3 VPN protocols.
- Internet kill switch, which automatically kills connection.
- DNS and/or IPv6 leak protection.
Lacking one of these isn’t disqualifying for any VPN, and having more doesn’t guarantee a VPN is good.
But generally speaking, any VPN that has AT LEAST all of these is one I’ll consider well-featured, but not exceptional.
Now, here’s what I consider to be more advanced features:
- Connect to 6+ devices.
- Access to specially secured servers.
- Access to servers specialized for certain things, like streaming or torrenting.
- 5 or more VPN protocols (5 is usually max).
- Adblock and/or malware detecting.
- A ghost mode. Sometimes this is a protocol (like VyprVPN’s Chameleon protocol), sometimes it’s portrayed as a single button that’s not a separate protocol. But essentially, this disguises VPN traffic from the ISP, and is one of the best features a VPN can have.
- Split tunneling: the option of routing only certain network access through the VPN. This would let you use the internet normally with other apps/browsers on the same device.
- Generally having more software/app customization settings. This is related to ease of use but is also a good feature.
Keep in mind that this is really general. Some basic VPNs have one or two of the more advanced features, and some well-featured VPNs lack the more advanced ones as well.
Plus, this is always evolving: split tunneling is very common nowadays, but it’s not as common yet as the kill switch.
Here’s an example of a VPN with more advanced features—ProtonVPN:
ProtonVPN’s extra features come more in the form of extra servers.
Some are specialized for streaming and file sharing.
Others are better for security, like the “secure core” servers—which are in highly protected data centers in “safe” countries—and the Tor servers (which make it easier to connect your VPN traffic through the Tor network, doubling down on security).
You only get 5 devices on the main premium plan (“Plus”), which doesn’t impress me.
But on the whole, I still judge ProtonVPN as an advanced VPN in terms of its features.
TorGuard is another example of a VPN with a lot of features, but unlike ProtonVPN, its advanced nature has less to do with types of servers and more to do with app settings:
And that doesn’t even scratch the surface of what TorGuard offers.
Here’s another example from TorGuard: it’s an internet kill switch, which I normally describe as a “basic” feature to be expected in most VPNs.
But here’s where TorGuard makes it advanced:
Most VPNs have an internet kill switch, but it shuts off the whole device’s access to the network if the VPN disconnects.
TorGuard has an “app kill switch,” which lets you enter in software/apps on your device to apply the kill switch function to. For example your browser, but not Spotify. Pretty advanced.
But I think you get the gist. Let me knock one more thing out of the way:
How we review free VPNs.
Before you ask, I’ll address it:
What about free VPNs?
On one hand, free VPNs have a bad reputation. Part of this is fueled by paid VPNs, which try to explain why they’re worth an investment by denigrating free plans.
But even so, it’s true that free VPNs are generally sketchier than paid ones. Some popular free VPNs expose users to ads to offset the costs, while others actually sell user data (though few admit it).
They tend to have lower standards of privacy and security. Plus, even the free VPNs that are okay on privacy or ads also heavily restrict features or bandwidth allowances.
That’s why most people who are serious about using a VPN should simply find one to buy.
That doesn’t mean some good free ones aren’t out there. At the moment, I would say ProtonVPN and Windscribe have the best free VPN options.
Anyway, let me sum up: I review free VPNs with the same general metrics I review paid VPNs on.
However, the bar is significantly lower. For example:
A free VPN that limits your bandwidth won’t have as much held against it in my review as long as the security and features are good (like Windscribe).
So basically, everything’s the same except the standards are lower.
Now let’s return to the main subject:
Recap: how we review pricing and features.
Prices vary greatly, and what makes a price good or not is what it brings customers.
But overall, I consider a VPN well-priced if it’s on the scale of $5 a month for a year (or $60 a year).
If a VPN has the basic features I outlined and is at that price point…cool. I wouldn’t think much of it, but if the performance is good, I’d say it’s a good and simpler VPN.
If a VPN has that rough price point and a lot of features, it’s a great deal.
But if a VPN has all those features, good performance, and is closer to $7+ a month for a year, I’d say that’s not unreasonable—it’s the price of quality.
For example, ExpressVPN is one of the more expensive VPNs at over $8 a month for the first year (and even more after that).
But I don’t consider it overpriced because it’s one of the highest quality VPNs around, bringing not just good features but solid performance, ease of use, and privacy.
And customer support…which I’ll talk about now!
How We Review Customer Support
Customer support is one of the more straightforward components of our VPN reviews. Which is good, because it’s important (even if people don’t think so).
Customer support mostly boils down to two things:
- Ease and quality of contacting customer support representatives
- Ease and quality of using informational material
Also, if a VPN app has explanations of different features within itself, I consider that a small, “soft” form of customer support (and ease of use).
Now, for the first one, practically all VPNs have at least email support. Most have both email and live chat support.
We test both, but email support tends to be more consistent. Live chat, on the other hand, can sometimes be limited by hours or lackluster in quality, so we always include screenshots of it. It’s also what most people interact with first.
Things get more nuanced when it comes to informational material. This is usually found in a help center, knowledge base, or FAQ page.
Most VPNs have smaller knowledge bases than other software companies, often because VPNs are simpler services.
However, I still prefer to see larger knowledge bases. The more comprehensive, the better!
Here’s an example of a knowledge base that isn’t very good:
It’s VyprVPN’s knowledge base, and it’s combined with the knowledge base of its sibling company. There are very few articles.
On the other end of the spectrum is this—IPVanish’s support pages. They have so much material they actually need several different categories:
And those aren’t weak categories, either. Most have a solid amount of material.
Most impressive are the setup guides—how to configure IPVanish on every manner of device, if you don’t have an app for it (or even if you do):
See? It’s a LOT of information.
I was impressed with it.
Once we’ve tested the customer service representatives and looked through the knowledge base, plus taken note of any user-interface assistance, we’re good to judge the customer support!
How We Review Security and Privacy
This is one of the most fundamental characteristics of VPNs, and I remind users in almost every review.
It’s also the part I get the most excited about because it can sometimes make or break a VPN (in my book).
But here’s where I have to check my bias:
I’m an unabashed privacy enthusiast, and VPNs are fundamentally about giving users anonymity and security in surfing the web. So it’s still important.
But the simple truth is that many customers also want to use VPNs for streaming or social media access more than anything else, and the privacy is either a side bonus or even irrelevant to them.
So I recognize that this section isn’t going to make or break a VPN for EVERYONE, just a solid subset of VPN customers.
Now that we’ve properly placed it in context, let me go over the main things we look into for this section:
- Whether a VPN has a “no logs” policy, and how good that policy is.
- A VPN’s location.
- Whether its servers are managed by third parties or not, and if so, whether there are at least some servers run directly by the VPN.
- Any disclosures by the VPN on requests by law enforcement or corporations.
- Controversies the VPN has been in previously.
The latter two are more serious, and don’t apply to every VPN simply for lack of verifiable information. They also heavily overlap with the first three.
But the first three are the “basics.”
The no-log policy is the most fundamental, bar none. Any VPN that lacks a no-log policy is immediately considered to perform poorly in privacy and security.
But here’s the other thing:
Nearly EVERY VPN claims to have a no-log policy.
So just because a VPN has one, they’re not in the clear. Some VPNs have no-log policies, but a deeper dive into the terms and conditions reveal they actually log more than they should.
For example, VPN Unlimited has a no-logs policy, but also collects all this stuff:
And while VPNs do need to keep a certain amount of logs to run a business, this is more than the bare minimum.
That’s why my review of VPN Unlimited doesn’t declare it awful on privacy but notes that it has work to do.
And then there are some VPNs that say they have no-log policies but are caught—either through hacks or court documents—to have been secretly logging data.
This is why we look into controversies and court orders because it can prove whether or not a given VPN kept logs.
Here’s an example of that:
A while back, a privacy group formally filed a complaint to the Federal Trade Commission, accusing Hotspot Shield of breaking its own anonymity and no-logs policies.
As we noted, it’s not a good look (especially from a reputable complainant), but the FTC hasn’t formally made any rulings yet, so Hotspot Shield isn’t condemned.
I judged IPVanish much more harshly:
Court documents involved in Homeland Security’s chase against a criminal revealed that IPVanish regularly logged users, which allowed DHS, in turn, to identify a user without much difficulty.
IPVanish has come under new management since then, so maybe things are okay…but that really affected how much trust privacy-freaks can put into IPVanish.
The thing is, this kind of news event can also completely vindicate a VPN:
Private Internet Access was in a similar situation to IPVanish: it was ordered to cooperate with federal authorities in a criminal case.
And it did cooperate under the law…but it stayed true to its own policies of not logging users, and thus it’s “cooperation” meant practically nothing.
Rest assured, I had positive things to say about Private Internet Access.
Of course, most VPNs haven’t had such big tests given to them. So oftentimes we must simply acknowledge that we can only put faith in some VPNs.
Some VPNs take note of this and hire independent experts or firms to audit their policies and prove they keep their words.
Hide.me is one such VPN, and you can read more details about that here.
The examples of Private Internet Access and IPVanish do highlight the importance of location, however.
VPNs located in certain countries, like the United States, the United Kingdom, or Russia may be compelled to cooperate with authorities.
Some VPNs may be able to stand up to governments, but it’s dicey: pressure may force them to change policy without even telling users. Not to mention, they could be forced to provide backdoors to intelligence agencies.
If a VPN is headquartered in the “5 eyes” or “14 eyes,” it’s located in a country that participates in a global surveillance treaty.
We don’t automatically dismiss a VPN for that reason (Private Internet Access, for example, is located in the United States) but it’s generally better if a VPN is located in a country with strong privacy laws or an offshore country.
NordVPN is one example, as it’s located in Panama City, as is ExpressVPN (located in the British Virgin Islands).
We also look into server management, for a very simple reason:
If a VPN uses third parties to manage servers around the world, the number of entities you need to trust increases.
You’re already taking a leap in trusting a VPN, but at least you can learn about a VPN’s policies and controversies before you trust it.
But you probably won’t hear anything about a VPN’s data centers unless it manages them itself.
This came into play with the recent hack of NordVPN and TorGuard.
Though both are strong and reputable VPNs that we’re able to prevent their users from being affected by the hack, the problem lay with the data center they used.
But once we’ve checked all those things, we’re mostly solid as far as reviewing a VPN’s security is concerned.
Some VPNs are highly vindicated, some are mediocre, and some have been proven untrustworthy. Some seem good on paper, and we just need to wait until we hear otherwise.
And so on.
Whew! I’ve thrown a lot at you. Let’s wrap things up.
As you now know, a lot of stuff goes into each VPN review.
When we test VPNs, we also test and/or research each factor the review talks about, and usually in more than one way.
We don’t just do a basic speed test, we often do speed tests more than once, and along with that test streaming and torrenting ability.
Plus, how well the software itself works.
That’s a natural lead-in to ease of use, where we examine not just how easy of a time a beginner would have, but how easy a time people of different proficiencies would have.
Pricing and features are complicated because so much goes into it, but we take care to be thorough.
We consider how the prices are relative to the prices of similar VPN products. We identify which features are basic, and which are more advanced, to get a sense of how much the price is really coming with.
We also make sure we judge free VPNs with the understanding that the bar is lowered.
When we look at customer support, it mostly comes down to how good the representatives are and how informative the knowledge bases are.
Security and privacy are the tougher parts for most VPNs, particularly because we’re so thorough.
We don’t just check if they have no-log policies, or claim to be secure:
We read the fine print of the log policies, investigate who runs the VPN’s servers, assess the risk of the VPN’s location, and find any controversies, hacks, or legal battles the VPN has been involved in.
We put it all together to form one picture, of course. And it’s rarely a simple “yes” or “no.” A VPN would need to be very good or very bad for me to recommend it to most people or dismiss it for most people.
Usually, I’ll recommend a VPN for certain people, but not others.
For example, one VPN might be a great free option. Another might be great for your grandma, or anyone who doesn’t want to bother much with settings.
If you just want to stream, the cheapest option with the best performance could be good for you, and if you want privacy above all else, there will be a handful of VPNs better suited for you.
But you know what the best part is?
Almost all VPNs offer free trials or money-back guarantees. If any of the names I mentioned caught your eye, or if you see something mentioned on this site that looks attractive…
Just try it! It’s risk-free.