Using a VPN is the best way to be anonymous online. Consumer VPN apps are designed to be very easy to use, usually cost less than a pint of beer per month, and ensure that no-one can see what you do online, nor who you are.
While many VPNs shout about their amazing security features, a surprising amount of the time they are not enabled by default, or are only present in, say, the Windows version of the app and not the Android or iOS apps. So it pays to understand what those features do and how to check and change settings.
1. Use the best VPN protocol
A VPN protocol determines the method of encryption used to secure your connection. There are a few different ones, and some are a lot better than others. Typically, a VPN app will default to whatever that service prefers, but you might find you can change this by delving into the settings.
It’s worth using OpenVPN in almost every situation. It’s fast and uses 256-bit encryption which is the best security on offer currently for consumer services. Not all VPN providers support it, or only support it on certain operating systems, but if you can't use OpenVPN, then choose IKEv2/IPsec, which is just as secure.
Some VPN apps don't allow you to see which protocol is being used, or pick the one you want. So do read our VPN reviews if you're trying to decide which one to subscribe to. We've also rounded up the most secure VPN services.
2. Enable the kill switch
VPN connections can fail for a variety of reasons, although it isn't common. Maybe the server goes down or there's a different issue. Whatever the problem, when a VPN connection stops, your device will automatically go back back to your regular, unprotected internet connection which could reveal your real IP address and potentially other details, even if the VPN connection is automatically re-establised a few seconds later.
A kill switch, as the name suggests, will stop any data being sent over your internet connection. Many VPN clients will have their own kill switch built into their software, but not all. And often you'll find they are switched off by default.
If your VPN service doesn't offer a kill switch you might want to change to a service that does.
3. Use DNS leak protection
Domain Name Servers (DNS) are essentially the phone books of the internet. They are a directory of domain names (websites) that have Internet Protocol (IP) addresses associated with them. This is why you can type a website’s name instead of the the string of numbers that makes up its IP address. It's no different from tapping a name in your contact list instead of keying in that person's number.
When you’re connected to a VPN, it should automatically use a secure DNS server. But do look for a tick box in the settings to enable DNS leak protection, or similar just in case it's not enabled by default.
However, this is not always the case as your computer may be defaulting to a standard public DNS server or the one provided by your ISP. This is known as a ‘DNS leak’ and it's bad: it can reveal to your ISP which sites you're looking at and clearly compromises your anonymity.
You can test if your VPN service has any DNS leak problems on IPleak.net. First visit the site without your VPN connected. Look at the IP address at the top and the location.
Now connect to a server in a different country in your VPN app, then refresh the site in your browser. You should see a location in that country and a new IP address.
If you see no change, then your VPN is leaking your DNS details.
My real location is London, but as far as any website or online service is concerned, I am in the States – so my DNS is not leaking. If it showed my ISP's DNS servers in the UK, then it would be leaking.
Ideally, a VPN service should use its own secure DNS servers and not Google's public servers: basically you want to use servers which do not log anything.
VPN services which store no data are also preferred, and here are our recommendations for the best no-logs VPNs.
While we’re on the subject of leaks, it's important that your VPN doesn't leak your real IP address, which would reveal your true location and possibly even your identity. This is one of the key jobs of a VPN, so we're not pretending this is a tip for making your VPN more secure.
But some services, such as Hotspot Shield, have a 'Prevent IP leak' option in the settings, a slightly bizarre sight given this is a fundamental feature of a VPN service. So it's worth checking that your VPN isn't leaking your true IP address.
To do that, connect to a VPN server in a different country to the one you're in and head to ipleak.net and make sure the IP address it reports shows the country you just chose.
IPv6 is a version of internet protocol that allows a larger amount of internet addresses than IPv4, which is was the previous standard. Internet providers are in the process of moving to IPv6, but it currently operates outside of the VPN, so it can give away your identity.
Some VPN clients will have the built in ability to disable IPv6, and you can check if your VPN is giving you away here at ipv6leak.com.
If your IPv6 is leaking, you can disable it manually to preserve your anonymity.
Making these changes will ensure that your VPN use experience is as safe as it can be, taking your security that extra step further to give yourself that complete peace of mind.