How to buy the best VPN

Should you be using a VPN and, with so many to choose from, which should you trust? 

There are a range of reasons why someone might want to use a VPN. It could be because you want to keep some parts of your online web activity private, you want to access content blocked in the region you’re in, or you want an extra layer of security when working on public wi-fi.

We've put more than a dozen popular brands through our test lab to assess features such as security and privacy, speed and performance, and ease of use. Find out why you'll want to factor all of this in, and what else you need to know before you sign up.

Skip straight to our list of the best VPNs.

What is a VPN for and how does it work?

A virtual private network (VPN, also known as a proxy) means different things to different people, depending on what they’re trying to do online. But whether you’re unlocking overseas TV shows or trying to protect your privacy, a VPN does the same thing. 

To explain how they work, we first have to look at how your internet connection works without a VPN.

If you want to visit a website, you perform a website search – type in the web address, requesting to visit the website. This request is sent from your device via your router to your internet service provider (ISP, such as BT, Sky, Virgin, Plusnet, etc), which sends your request on to the website. The data from the website is sent back to your ISP, then to your router, and then to your device, and you can load the webpage.

With a VPN installed, things work a bit differently. 

• Perform a website search – enter the address of a website into your web browser, such as which.co.uk
• The VPN software scrambles the address, encrypting it.
• The address goes to your router.
• The router sends the address to your internet service provider (ISP), such as Virgin or BT.
• The ISP sends the encrypted address to the VPN company server.
• The website address is unscrambled by the VPN server, and you're sent to the website.
• The process is then reversed, following the same encryption steps, so your ISP doesn't know which website you requested to see and the website doesn't know who is viewing their page.

Some websites like to use the metaphor of a tunnel or a locked envelope to which only your VPN provider has the key. These aren’t wholly inaccurate but don’t provide a full picture of where your data goes. The diagram and bullet points should help clarify how your data is transmitted. Keep in mind that your ISP still knows when you’re online and how much data you are sending and receiving, even if you’re using a VPN, it just doesn't know what websites you're visiting.

In principle, this means everything you do while connected to the internet can’t be seen by anyone aside from the VPN company, and even then all VPN companies claim to have systems in place that make it impossible to trace who is doing what on its VPNs. More on that later.

It also means the requests you send and receive can be diverted to anywhere in the world where the VPN has a presence, which can be useful in certain circumstances.

There are plenty of broadband providers beyond BT, Sky and Virgin. Take a look at the best and worst broadband providers to get one with the best speed, reliability and customer service.

Does a VPN protect my privacy?

It depends on what you mean by privacy.

If you’re a regular home user who just wants to encrypt their connections when using public wi-fi, a VPN is a handy tool and should prevent you getting caught out by a badly secured wi-fi network and an opportunist hacker. 

But it’s not a panacea and is only one tool of many you would need to completely protect your identity online. Any VPN marketing fluff that tells you otherwise isn’t giving you the whole story.

There is an awful lot a VPN doesn’t do. It doesn’t stop websites using trackers and cookies to serve you ads and build advertising profiles about you. It doesn’t stop you getting viruses, and already-running malware on your computer will continue to be a problem. It won’t protect you from phishing scams, either. You need Best Buy antivirus software to properly protect your laptop, a VPN won't do it.

If you use a VPN but are logged into your Facebook and Google accounts, chances are Facebook and Google will know what you’re up to anyway. 

And keep in mind that by sending your data via a VPN, you are simply changing who has control over your data and so you have to trust them to be able to look after it in a responsible way. The encryption needs to be strong, and their own systems need to be robust enough to stand up to hacking attempts or even staff members having a root around. All the VPN companies make big claims about security and privacy, but it is ultimately down to trust. 

No reviewer, no matter how in-depth, can see what goes on inside a VPN company’s systems.

Another point to make is that most apps and services use what are known as software development kits (SDKs) to allow extra functions in their apps that allow developers to see, at a broad scale, how their apps are being used. This is standard practice with almost any app you’ll download for your smartphone. 

But Which? tests reveal that most VPN services also log such data from within their apps and send it to third-parties for analysis. All the VPN companies that replied to our queries about this said the data was anonymously gathered and that users can turn off such data collection from within the apps. However, we still mark them down in our tests because we believe the user of a privacy-focused VPN app should expect zero data sharing, whatever form it takes. We also found at least two VPNs that don’t do this, showing it is possible to run a VPN app without sharing data to third-parties. 

Are VPNs secure?

VPNs make big claims about the security they provide to their subscribers. They will tell you that by using them you will protect your internet traffic behind a layer of security impenetrable to all. This is true, but as with privacy, all you have done with the security of your connection is entrust it to someone aside from your ISP, and given a piece of software on your computer or smartphone cart blanche access to your internet use.

In doing so, you are adding software to your life that could have security holes, bugs and as-yet undiscovered flaws. For example, Which? tests in 2020 uncovered two security issues that could, in extreme circumstances, allow your device to fall victim to a ‘man-in-the-middle’ attack where a hacker pretends to be your VPN and intercepts all your internet use.

Using a VPN for Netflix, iPlayer and other streaming services

Video streaming is one of the most common reasons why someone might subscribe to a VPN. Since television and film rights differ from country to country, it can be hard to access some content in certain countries.

For example, you may want to access UK television catch-up services while on holiday, or in the UK a film may only be available via a pay-per-view service such as Apple TV, but in the United States it’s available on Netflix. If you already have a Netflix subscription you might begrudge paying for the Apple TV edition of a show when you’re already paying for Netflix.

With a VPN, you can ask for your location to appear as if you are in the United States (or any other country the VPN offers). This means, to Netflix, it can appear as if you and your computer are physically located in the United States, so it can show you the content it has licences for in that country. 

Is it legal to use a VPN?

VPNs are not illegal in the UK, but the legality of their use in other countries varies, so you should check your own country’s local laws if you are not in the UK. 

However, this is not a guaranteed ticket to US TV heaven, because streaming services have an obligation to the companies they license content from to prevent access to content that certain users shouldn’t be able to see. As a result, Netflix and Amazon Video in particular often detect a person using a VPN and will block them viewing anything until they disconnect the VPN. 

Netflix, and other streaming services, also reserve the right to terminate your account if you attempt to access content in this way, although we haven’t heard of this happening in practice. Still, the risk is very much there.

Free vs paid VPNs

Free VPNs typically only offer you a limited number of servers to use, and a very tight data limit. They also lack most of the features below. So, if you’re paying for a VPN, you should hope to get some or all of these features.

Apps for all your devices: The majority of VPNs we’ve tested have apps for Windows, Mac iOS and Android, with some also providing software to allow the VPN to run on your router, thereby encrypting your entire household’s internet traffic in one fell swoop. Before you buy, make sure the operating system you want to use it on has an app.

DNS leak protection: It’s possible that some programs on your computer or handheld device might sneak past the VPN installed on your computer. This isn’t normally malicious, but is a result of bad programming (either from the app or the VPN). Leak protection should stop software being able to do this. Our lab tests also check to see whether there are leaks so you maintain maximum privacy.

Kill switch: If your connection to your VPN server drops because of a technical fault, a kill switch will disable your device’s internet connection to ensure no unencrypted data leaves the device. 

Split tunneling: This lets you set which apps on your device are encrypted via your VPN and which go to your ISP. This is helpful when perhaps you only want one app to be fully protected, or disguised, but you want the rest to behave as normal.

Simultaneous connections: This lets you use your VPN software on more than one device at the same time. If you have multiple gadgets you use, or want your household to use, too, you won’t be kicked off for having more than one connection.

Unlimited data and bandwidth: Make sure the VPN you’re subscribing to has no limits on the amount of data you can use. Most have unlimited subscriptions but some may have speed limits. Check the terms and conditions before you pay. Our tests check the average speed of each VPN in half a dozen countries over seven days, so check our reviews to see which ones performed the best.

Rock-solid privacy: As mentioned above, most VPN services claim to protect your privacy in ways that mean that nothing about you or your browsing habits are stored in any way. Some companies go as far as to get themselves audited by external companies. Ultimately, though, it is always down to trust, both whether you trust what a VPN company is telling you, but also that their systems really work well enough to avoid your data leaking online. This is something that can’t be tested by reviews, although we do check all the incoming and outgoing connections from VPN apps. If a VPN app connects to anything that isn’t what you asked it to do, we’ll let you know. 

If you are looking for a new laptop, our lab tests reveal which models are worth your money and which aren't. See our expert pick of the best laptops.

Popular paid VPNs

If you're looking to subscribe to a VPN, you're most likely going to be purchasing directly from a provider. 

Below, we've listed out some of the most popular reviewed VPNs that are widely available. While we'd never recommend a bad product, it's best to read our VPN reviews to make sure you're getting the a package that meets your needs.

• Private Internet Access VPN typically costs around £96 per year, and it has multiple servers per country – with a total of over 10,000 servers as of March 2023.
• NordVPN has servers in 59 different countries, and usually costs around £106 annually.
• ExpressVPN typically costs around £114 per year, and has servers in 160 locations across 94 countries.
• F-Secure Freedome is the VPN service from the same well-known antivirus brand. It has servers across 23 countries, and costs around £40 annually.
• Surfshark VPN hosts servers in across 63 countries and typically costs £44 per year.