VPN privacy comparison: which one is the best?

The best VPN for privacy is the one that is up-to-date and trustworthy. And to measure these criteria, your favorite YouTube creator reading a VPN ad isn’t enough. In this article, I’ll look deeper into how major VPN suppliers stack up in terms of privacy. Of course, I’m not a neutral observer here, so I’ll try to show that Surfshark VPN is the best for your privacy. 

How does a VPN protect your privacy?

A VPN (Virtual Private Network) protects your online privacy in several ways:

• Encrypting your traffic: the VPN turns your online traffic into unreadable gibberish, and only the VPN server can decrypt it. Any data intercepted between those two points is worthless to the thieves. 
• Changing your IP: VPN encryption wouldn’t work without the VPN server. But when you connect to the VPN server, your IP (Internet Protocol) address is replaced with the server’s. Websites and services consider you to be connecting from the server’s location. This means that your real IP remains hidden. Plus, the more servers the VPN has, the more IP addresses can be used.
• Hiding your location: IP address is but one of the components that can be used to determine your approximate (think “city”) geographical location. But as mentioned before, if a service/website believes you’re connecting from the VPN server’s IP, they also believe that you’re connecting from its location.
• Shielding your activities: whoever maintains your access to the internet may monitor what you do online. But they can’t know what you’re connecting to if you’re always connected to a VPN server — and they can’t see what you’re doing when your data appears like encrypted VPN traffic.

Discovering the best VPN service for privacy

You need to compare major VPNs — their histories, technologies, and features — until you find the best VPN service for your privacy. Let me help: 

Surfshark vs. NordVPN

NordVPN and Surfshark are both leaders in the VPN industry. They’re also both established in countries unlikely to give up your data: Panama for Nord and the Netherlands for Surfshark. Remember: being hosted in a Five Eyes country isn’t a death sentence if that country has serious data privacy laws. 

Now, for the next comparison: audits! Both Surfshark and NordVPN have passed audits from well-known experts. Surfshark was inspected by Cure53 in 2018 and 2021, with a Deloitte audit in 2022. NordVPN had its own Deloitte audit that same year. Nord also passed audits by PricewaterhouseCoopers in 2018 and 2020 and a complete app security audit by VerSprite in 2019. 

And guess what? If a no-logs policy is what makes a good VPN for privacy, both Surfshark and NordVPN have had their policies audited. And on a more technical level, both Surfshark and NordVPN have upgraded to fully RAM-only servers. This means that any data passing through the server would be deleted in the case of server seizure. 

Surfshark vs. ExpressVPN

ExpressVPN is another perennial VPN market great. It’s also well-situated for your privacy needs. ExpressVPN’s headquarters are in the British Virgin Islands, which — just like The Netherlands — don’t have any data retention laws. This allows the providers to protect your privacy and stick to their no-logs policies.

Surfshark and ExpressVPN are well audited as well. The latter has undergone multiple audits over the years: PwC and KPMG looked into its policies, while Cure53 checked the proprietary Lightway VPN protocol. Incidentally, Cure53, along with Deloitte, has audited Surfshark as well. 

On the other hand, ExpressVPN is now owned by Kape Technologies. That company was previously known as Crossrider and had a history of spreading adware and malware. They may have turned a new leaf these days — that’s for you to decide. 

Surfshark vs. CyberGhost

Surfshark and CyberGhost have a similar commitment to privacy. Neither the Netherlands nor Romania are likely to be giving out user data anytime soon. Both companies have comprehensive privacy policies and have been audited by Deloitte. 

And those audits are very important when you consider that CyberGhost is owned by Kape Technologies, just like ExpressVPN. At the same time, CyberGhost publishes a quarterly transparency report that shows both important infrastructure statistics and the number of data requests received from various authorities. 

When it comes to technology, Surfshark and CyberGhost both use top-of-the-line encryption. CyberGhost does have an edge in total server count, with 7000+ spread over 90 countries. It does lack some privacy and security features, such as obfuscated servers or a double VPN. 

Surfshark vs. PIA

Surfshark and PIA (Private Internet Access) have some areas where they compete neck and neck: PIA has more servers (10K+), but Surfshark offers more countries (100 to 84). On the other hand, PIA is based in the United States, which is not the best country for companies keeping your data safe. 

However, just like Surfshark, PIA has been audited by Deloitte. After running an audit of their infrastructure in 2022, the Big Four auditing giant found that PIA doesn’t log any details that could be used in identifying users or their activities. 

PIA also allows users to opt out of providing anonymous user metrics, such as connection events and device identifiers. So this removes some of the sting of being based in the country at the center of the Five/Nine/Fourteen Eyes networks.

Surfshark vs. IPVanish

When it comes to comparing IPVanish vs. Surfshark, a big point of departure is RAM-based servers. When seized, these kinds of servers lose all the data going through them as soon as the plug is pulled. Surfshark’s infrastructure runs on 100% RAM-only servers — IPVanish hasn’t embraced this technology at all. 

Moreover, IPVanish has logged user activity, which was then provided to the authorities. This was some years ago, and Leviathan has audited their current no-logs policy adherence. 

That does little for the fact that IPVanish is headquartered in Dallas, US. Meanwhile, Surfshark is stationed in the Netherlands, and Cure53 and Deloitte have audited various parts of the infrastructure and no-logs compliance. 

Surfshark vs. ProtonVPN

Proton VPN is another big name in the VPN industry for privacy business. One factor that works for them is that their HQ is in Switzerland. As far as data privacy goes, that is as good a country as the Netherlands, where Surfshark’s HQ is found. 

On the technical side, the VPN providers are largely comparable. Both Surfshark and ProtonVPN use the same protocols and employ the same AES-256 encryption. There’s a minor bit of difference as Proton uses a 4096-bit version of the RSA (Rivest-Shamir-Adleman) cipher. It’s a bit more secure than a 2048-bit key. Is that a big difference? 

It would already take approximately 300 trillion years for an ordinary conventional computer to crack a 2048-bit key. At this point, going higher is largely unnecessary. On the other hand, shorter keys are processed quicker on the server, making the Surfshark service faster.

Surfshark vs. Mullvad

Mullvad is much smaller than Surfshark in terms of raw numbers: it has roughly 700 servers in 43 countries (compared to 3200+ in 100+). However, it doesn’t fall too far behind in its commitment to privacy. For one, Mullvad is headquartered in Sweden, which is, like the Netherlands, a good country for customer data purposes. 

Both Surfshark and Mullvad have no-log policies. And while Mullvad performed an independent audit of it like Surfshark has, there have been no incidents in the company’s history that would cast doubt on it. 

On the technical side, Surfshark moved to a RAM-only server infrastructure in 2020. Mullwad’s transition has been much more recent: they only announced the completion of migration in September 2023.

There is one area where Mullvad can’t be beaten: anonymity. While Surfshark accepts payments in cryptocurrencies, Mullvad accepts payments in cash. You don’t even need an email to register, either. Mullvad’s website generates an account number, which you write down on a piece of paper. Then you drop it in an envelope with the money and send it to them. Hardcore! 

How to choose the best private VPN

Choosing the best VPN for privacy means taking a few factors into account:

• The country it’s based in: not all countries provide the same level of security when it comes to user data. Companies based in the US are suspicious; Russia and China are straight up out. 
• Company history: has the company had data breaches or passed on user data to the authorities? Maybe it has come under the ownership of a shady new company? Best check the news archives!
• No-logs policy: a private VPN should maintain a strict policy of not keeping any user logs. Best companies even have their policy independently audited. 
• RAM-only servers: as far as physical VPN infrastructure goes, nothing grants privacy more than RAM-only servers. If they are seized and unplugged, any data passing through them will vanish. 
• Privacy features: the best VPNs for privacy will offer features like Kill Switch (disconnecting you from the internet if your VPN connection drops for any reason) and the ability to connect via multiple VPN servers (like Surfshark’s MultiHop). 

In conclusion: get the VPN provider that suits your privacy needs

Not all VPN services are equally suitable for keeping you private online. That’s why you must carefully compare VPN companies before choosing. Hopefully, this article will help casual VPN users make the right choice. Of course, we’d like it if their choice was Surfshark!