Summary: The PRIVA SCORE evaluates VPN services on their data protection features and can reach a maximum of 306 points. Perfect Privacy, Proton VPN, Express VPN and NorthVPN have the highest level of data protection and do everything or almost everything right. SurfShark and CyberGhost are downgraded due to their audit frequency, while the bottom performers have problems on several levels and are often non-transparent.
The PRIVA SCORE can receive a maximum of 306 points due to the calculation used to evaluate VPN services.
As always, the PRIVA SCORE evaluates how well apps/services Data protection features Data protection features that are standard are not evaluated - in this case, all VPNs examined offer strong encryption.
What is a VPN and why should you use a VPN? (Click to open and close)
- Virtual private networks (VPNs) offer a good mix of security and privacy by routing Internet traffic through a secure "tunnel". The secure tunnel leads to the provider's VPN server and encrypts all data between the end device (smartphone, computer, tablet...) and this server. This ensures that someone monitoring the traffic will not find any usable, unencrypted data.
- Data protection is increased by using such a server. Since the data traffic appears to originate from the VPN server, it is more difficult for websites to track users, collect data about them and determine their locations. A VPN service should also always be used when using a public WiFi network - for example in a café, on the train or in a shopping center. Without the VPN, the Internet provider of the public WiFi network can see the addresses of all the pages accessed, for example.
- While VPNs offer greater privacy and security, they do not provide complete anonymity. VPNs are not a perfect anonymity solution - even if some providers advertise them as such. It is true that VPNs can hide your IP address and location. This is helpful for data protection and security (see above) or when accessing blocked content. Because a VPN can bypass geographical restrictions, it is possible to access content that is blocked in your own country. This ranges from the content of streaming services to bypassing firewalls. In some autocratic states, firewalls are used to deny the population access to unadulterated information. These firewalls can be bypassed using a VPN in order to obtain unadulterated information.
- VPNs do not protect against all types of surveillance, such as browser fingerprinting (a digital fingerprint is essentially a list of characteristics that are unique to individual users, their browsers and devices used), malware or physical surveillance.
- Even if the VPN provider does not keep logs, a certain level of trust in the provider is still required. Because it is not absolutely certain how the provider will behave in the event of an official summons. Another reason: logging in with your login details on a site like Amazon results in clear identification, which a VPN obviously does not protect against.
- Complete anonymity on the Internet is virtually impossible to achieve, as there are always ways to identify users beyond a VPN. However, a VPN reduces the “attack surface”.
When evaluating VPN services Perfect Privacy, Proton VPN, Express VPN and Nord VPN is the best. They have the highest level of data protection (between 281 and 306 out of a possible 306 points) of the services compared here. They allow independent and regular audits and disclose their results, log the usage to not give no data to third parties and offer additional important security features such as the protection of the true IP and DNS address.
Slight devaluations of the winners are caused by the Jurisdiction of Services: Switzerland (ProtonVPN) has a high level of data protection – but it does not fully comply with the GDPR. And Panama (North VPN) or the British Virgin Islands (ExpressVPN) are not necessarily known for their data protection. They are considered “unsafe third countries”.
The midfield (SurfShark and CyberGhost) are due to their Audit devalued. SurfShark has them carried out, but not as frequently as other providers – a slight deduction. However, the Jurisdiction by SurfShark also in the British Virgin Islands. CyberGhost There is no information about audits. Therefore, it makes sense to rate this point as "red".
The companies that are lagging behind have problems on several levels. This also affects transparency towards customers: If there is no information about certain data protection functions such as the Data transfer to third parties “Red” must be assigned automatically here. Special mention is required for Norton Secure: This has absolutely nothing to do with data protection. Avoid at all costs.
Explanation of data protection features
Independent audits: Some VPN providers have their systems and practices audited by independent third parties to ensure transparency and trust. Such audits confirm that privacy promises are being kept.
No logging: VPN providers that do not keep logs of their users do not store any information about their activities (sites visited, etc.).
No data transfer to third parties: Trustworthy VPN providers do not share their users' data with governments, authorities or other third parties. They protect the privacy of their customers.
Kill Switch: Its function is to automatically interrupt the Internet connection if the VPN connection is unexpectedly lost. The kill switch prevents the device's real IP address from being revealed if the VPN connection is lost. This ensures that users' data remains protected.
IP leak protection: This feature prevents users' real IP addresses from accidentally leaking outside the VPN tunnel and thus revealing their identity. An IP address is a unique numerical identifier assigned to each device on a computer network or the Internet to enable communication and identification between devices.
DNS leak protection: This protection ensures that DNS requests are not directed to the user's actual Internet provider, but to secure DNS servers of the VPN provider. A DNS (Domain Name System) is a distributed directory system that translates domain names into the corresponding IP addresses to enable communication between computers on the Internet.
Jurisdiction: The location of the VPN provider and the laws that apply there are important for data protection. Providers in countries with strict data protection laws offer greater security.