I like utilizing my digital non-public community, or VPN, for informal actions like staying non-public whereas searching the web or unblocking streaming content from around the globe, similar to anybody else. However once I actually need to lock down and ensure my privateness protections are optimum, I modify a number of of my VPN’s default settings.
Most VPN apps default to optimum pace and usefulness to assist individuals get began with as little friction as potential and make sure the VPN runs easily out of the field. However whereas your VPN’s default settings will sometimes ship sufficient safety, there are often settings you possibly can modify to get a privateness increase.
There are a lot of conditions wherein you’d must optimize your VPN’s privateness settings. In case you’re a lawyer, physician, activist, whistleblower, journalist or anybody else partaking in an exercise that requires critical privacy, you’ll need probably the most you may get out of your VPN always. In case you’re in a area the place VPN use is outlawed or restricted, it is advisable to be further cautious to remain non-public, on prime of taking steps to cover your VPN utilization altogether.
Even in case you’re largely an off-the-cuff VPN person who doesn’t match into any of these classes, you’d need to take further precautions in case you’re torrenting or need to disguise your exercise from community directors on public Wi-Fi — actions that usually carry added danger.
These are the VPN settings I allow once I want optimum privateness
A few of these settings will possible be enabled by your VPN by default, nevertheless it’s nonetheless necessary to double-check the settings to ensure earlier than utilizing your VPN for any privacy-critical actions. Additionally, keep in mind that setting availability and performance could differ barely from one VPN supplier to the subsequent, however usually talking, most of our prime picks incorporate the next options in a method or one other into their settings menus.
Kill swap
This one is often enabled by default, and a few VPNs (like Mullvad) don’t even allow you to disable it. And for good cause: The kill switch is arguably probably the most crucial VPN privateness characteristic. It routinely kills your web connection if the VPN unexpectedly disconnects, serving to be sure that your on-line exercise isn’t inadvertently leaked to your web supplier or community administrator. Having your kill swap enabled is necessary at any time, however particularly when the privateness of your on-line exercise is paramount. In case your VPN doesn’t embody a kill swap, it is best to begin on the lookout for a distinct VPN instantly.
DNS leak safety
Not each service does, but when your VPN has a separate setting for DNS leak safety, be sure it’s enabled always. DNS leak safety helps be sure that your DNS requests — makes an attempt to entry a web site — are resolved by the VPN supplier’s encrypted DNS servers relatively than by your web supplier’s. In case your gadget bypasses the VPN tunnel and sends your DNS requests to your web supplier, a DNS leak happens and your web exercise might be uncovered. You possibly can simply test for DNS leaks by connecting to a VPN server and checking a web site like ipleak.net or dnsleaktest.com.
Safe VPN protocol like OpenVPN, WireGuard or equal
Not all VPN protocols are equal. For optimum privateness, I like to recommend utilizing both OpenVPN, WireGuard or an equal proprietary VPN protocol, if out there. OpenVPN is a safe, time- and battle-tested VPN protocol that delivers respectable speeds coupled with air-tight privateness. WireGuard is a more recent protocol that sometimes provides you quicker speeds whereas providing comparable privateness protections. Some VPNs like ExpressVPN and NordVPN have developed their very own proprietary protocols that additionally supply quick speeds and top-notch privateness. NordVPN and others like Proton VPN and Windscribe additionally supply devoted obfuscation protocols that purpose to disguise your VPN site visitors as common web site visitors that will help you evade firewalls. Outdated VPN protocols like PPTP or L2TP/IPSec ought to be prevented.
A VPN encrypts your web site visitors because it’s routed by a safe server in a distinct location.
Obfuscation
In case you’re in a area that restricts or outlaws VPN use (or in case you’re on a restricted community at college or work), you’ll need to disguise the truth that you’re utilizing a VPN within the first place. Obfuscation is a instrument many VPNs present that may provide help to try this. Some VPN suppliers, like Windscribe, NordVPN and Proton VPN, have devoted obfuscation-focused protocols you should use to try to disguise your VPN use. Surfshark has obfuscation baked into its OpenVPN implementation, and ExpressVPN routinely prompts its obfuscation expertise when it detects community interference. Different VPNs have specialty servers particularly devoted to obfuscating VPN site visitors. Obfuscation is vital for getting round restrictive firewalls and bypassing censorship efforts, however in case you’re dwelling in a rustic the place VPNs are unlawful, take into account that obfuscation could not have a 100% success charge.
Put up-quantum encryption
Increasingly of the highest VPNs are starting to roll out post-quantum encryption, which is designed to guard customers towards potential future threats from quantum computer systems. Relying in your VPN supplier, post-quantum encryption could also be a separate setting you possibly can toggle on or off, or it would routinely be enabled when utilizing a particular VPN protocol. Despite the fact that we’re nonetheless years away from quantum computing being a menace to fashionable encryption, post-quantum encryption remains to be necessary to have now to guard towards attackers who could try to intercept encrypted site visitors now in hopes of decrypting it later with quantum computer systems.
Multi-hop
Multihop, typically known as double-hop or double VPN, routes your connection by two VPN servers as a substitute of only one. This widespread characteristic provides you an additional layer of encryption and might make it even tougher to trace you on-line. Whereas multi-hop is perhaps overkill for many VPN customers, it may well add a bit of additional peace of thoughts for somebody with crucial privateness wants who must take further precautions. Along with multi-hop, some VPN suppliers like NordVPN and Proton VPN additionally embody a Tor over VPN characteristic, which routes your VPN connection by the Tor network and is one other approach so as to add a layer of encryption and increase your privateness.
A double VPN is an additional layer of on-line safety, however comes at a price.
IPv6 leak safety
IPv6 leaks can occur when your gadget or a web site you’re visiting makes use of IPv6 and your VPN isn’t configured to deal with IPv6 site visitors, inflicting that site visitors to route outdoors the encrypted VPN tunnel. This may expose your on-line exercise to your web supplier. Though some VPN suppliers are rolling out full IPv6 help, many nonetheless don’t help IPv6 site visitors and as a substitute are both configured to dam IPv6 site visitors altogether or have an IPv6 leak safety setting you possibly can toggle on or off.
Auto-connect
Particularly in case you’re touring and connecting to completely different public Wi-Fi networks, a VPN auto-connect characteristic can come in useful. This manner, you possibly can have your VPN routinely join if you boot up your laptop or launch your VPN app so that you don’t danger forgetting to connect with the VPN on sure networks. Relying on the VPN, you possibly can configure the auto-connect characteristic to routinely join when on all networks, unknown networks or particular networks that you just designate.
Menace safety options and different extras
Many VPNs supply extras like menace safety options that may assist block advertisements and trackers from following you across the net and constructing a profile on you. Menace safety also can assist block you from connecting to recognized malicious websites, defending you from doubtlessly handing over delicate data to cybercriminals. Different extras like Mullvad’s DAITA, which might shield towards AI-driven assaults, and Windscribe’s anti-fingerprinting characteristic may also help increase your privateness even additional. Verify along with your VPN supplier’s settings to uncover bonus options that may improve your on-line privateness in novel methods.
Backside line
Whereas utilizing a VPN to unblock streaming content material from around the globe is a typical use case, VPNs are primarily designed for privateness. Your VPN app may not optimize for privateness proper out of the field, so be sure to take a little bit of time to undergo the settings and allow those who provide the stage of privateness you require. Needless to say enabling sure settings (like multihop or obfuscation) can gradual your connection speeds, but when your final objective is perfect privateness, a slower connection is a worthwhile trade-off.
It’s additionally necessary to do not forget that VPNs are solely a part of the equation. On prime of your VPN, I like to recommend including a password manager and antivirus software to your toolbelt to actually optimize your on-line privateness and safety.
