When you read VPN reviews and other articles on Pixel Privacy, you’ll notice that we sometimes use a few technical terms when covering VPN security features.
So, we decided to create this features list to provide a handy one-stop-shop for the definitions of the VPN security features we discuss.
In the first section of this article, we’ll go over VPN features that many, if not all, VPN providers offer. Then, in the second section, we’ll cover the proprietary features that some individual VPN services offer.
This will allow you to recognize the features we mention in our articles, and what they do if you subscribe to a particular VPN provider.
VPN Security Features List
Advertising and Malware (Malvertising) Blocking
When you’re browsing online, you’re subject to advertising from major companies. However, you’re also subject to ads from hackers and other unsavory characters.
Known as “malvertising,” these ads can masquerade as any other ad you might encounter on the web. However, they can link to websites that can inject malware into your browsing session. Others can link to phishing sites where the bad guys try to trick you out of personal information.
Many VPN providers offer features with the ability to block servers that serve up malvertising. This protects you from seeing unwanted ads and from inadvertently downloading malware.
Automatic Unsecured Wi-Fi Protection
When you connect to a public Wi-Fi hotspot, in most cases, that internet hotspot is not secure.
Anyone can join the hotspot’s network, and without the need for a password. That means your online activities can easily be monitored by other users on the network, like that shifty guy sitting across the room at your local café.
When using a VPN with Automatic Unsecured Wi-Fi Protection (also known as Public Wi-Fi Protection), your VPN app will automatically connect to a VPN server to encrypt and hide your internet activities from prying eyes.
If you’re using a VPN to encrypt your activities, you may find that, on rare occasions, you inadvertently lose connection to your VPN provider. This can leave your internet activities exposed to the outside world.
An auto-reconnect feature will automatically reconnect your device to the VPN’s servers if a disconnect occurs.
You can use the auto-reconnect feature in conjunction with a kill switch (defined further down on this page) for optimal protection, although some providers offer this feature instead of a kill switch.
Connection obfuscation is when your VPN provider can make your VPN traffic appear to be normal internet traffic. This feature comes in particularly handy in countries where VPN usage is illegal or heavily restricted, such as in China or the United Arab Emirates.
The process usually makes use of OpenVPN servers that are set up specifically to disguise your OpenVPN protocol connection as normal traffic.
Some providers will “brand” their obfuscation feature, calling it “Scramble” (IPVanish), “Chameleon” (VyprVPN), “Stealth VPN” (PrivateVPN), etc. Some providers, such as NordVPN, will require you to connect to specific servers to obfuscate your VPN activity.
DNS Leak Protection
A DNS server is a computer server that contains a database containing a list of domain names (such as “pixelprivacy.com”) and their corresponding IP addresses (184.108.40.206). When you enter a URL in your browser’s address bar, the DNS server knows which website to forward your request to.
Ordinarily, the DNS of your Internet Service Provider (ISP) handles your device’s DNS requests. But when you use a VPN, your requests are supposed to go through your VPN provider’s DNS servers instead.
A DNS leak is when your ISP’s DNS server continues to handle your device’s DNS requests, instead of your VPN provider’s DNS servers handling your requests. This can leave your online activities open to monitoring.
Most VPN providers offer DNS leak protection as a feature to ensure all of your device’s DNS requests are safely handled by the VPN’s servers.
Double VPN Protection
Double VPN protection is a solution that routes your internet traffic through two VPN servers instead of just one, further anonymizing your online activities by encrypting your connection twice.
As with other solutions on this list, this feature is known by many names. (For example, Surfshark calls the feature “MultiHop.”)
IPv6 Leak Protection
Whenever your device connects to the internet, it’s assigned an IP address. The IP address allows other devices on the internet to know which computer sent a request for information, so they know who to respond to.
Until now, the format for IP addresses has been in the following format: x.x.x.x, where the value of x can be any number from 0 to 255. (This is known as the IPv4 format.)
As the internet is running out of IPv4 addresses due to the proliferation of internet-connected devices, a new addressing scheme, IPv6, has been introduced to allow for more addressing combinations.
Unfortunately, this has led to IPv6 address leaks. If a VPN either doesn’t support IPv6 or doesn’t properly block IPv6 requests, then requests via IPv6 will jump outside the VPN’s encrypted tunnel, leaking information for all to see.
Most VPN providers offer IPv6 leak protection in their apps, preventing your actual IP address from being leaked.
In the unfortunate event that your VPN-protected device loses its connection to your VPN provider’s servers, your online activities would be once more laid open to monitoring by the outside world.
A VPN’s kill switch protection automatically kills your internet connection in the event of a disconnect from their servers to ensure that this doesn’t happen.
While losing your internet connection is inconvenient, it’s preferable to having your online activities open to inspection. Some providers also offer an auto-reconnect feature (defined further up on this page), which will automatically reconnect your device to their servers in case of disconnect.
“No Logs” Policy
Your Internet Service Provider (ISP) keeps logs recording all of your online activity. These logs are subject to examination by the government, advertisers, and other interested folks.
By connecting to a VPN, your ISP cannot monitor or record your online activities, as the VPN provider’s encryption prevents the ISP from monitoring your travels.
While VPNs could keep logs of your online activities, any VPN worth its price will never keep any logs recording your online antics while connected to their servers. A strict no-logs policy ensures no record of your travels are available if law enforcement, entertainment industry lawyers or other pesky types come a-callin’, subpoena in hand.
See “Connection Obfuscation” above.
Tor Over VPN
Tor Over VPN (sometimes called “Onion Over VPN,” but not to be confused with “VPN Over Tor;” see below) is when a user first connects their device to a VPN server and then uses the Tor Browser to browse the internet.
What this means is that internet traffic is encrypted through the VPN, protecting all internet activity from observation.
Plus, your real IP address is protected from the first Tor relay. The Tor network of relays further obfuscates your true location by relaying your connection through several locations. (Learn more about Tor.)
This is a technique popular among many Tor Browser users, as it adds an additional layer of security for their browsing sessions. You can use Tor Over VPN with any VPN provider.
VPN Over Tor
VPN Over Tor (not to be confused with “Tor Over VPN;” see above) is when a user first connects to the Tor Browser network and then connects to a VPN server.
While Tor Over VPN is a simple thing, as it consists of connecting first to a VPN server and then using the Tor Browser, VPN Over Tor is a bit more complicated, requiring some manual configuration before connecting. Only a few VPN providers offer this option to their users. Learn more about Tor.
Proprietary VPN Security Features
Many VPN providers offer proprietary features to improve their security and privacy offerings. We’ll be taking a look at the proprietary features of some major VPNs in this section.
While I discussed many of these features in a general way above, I’m including this section so readers will readily recognize each feature when using a specific VPN provider’s app.
NordVPN’s proprietary ad-, malware- and cyber threat-blocking solution, CyberSec automatically blocks suspicious website content before it can infect your device. Plus, it can also block ads, speeding up your browsing experience.
This feature is available in NordVPN apps for the macOS, Windows, Linux, and iOS platforms. While CyberSec’s ad-blocking feature isn’t available in the Android app in the Google Play Store, thanks to Google’s policies, it is available in the .apk version of the Android app, which is available from the NordVPN website.
MultiHop is Surfshark’s Double VPN feature, which routes your internet traffic through two servers. This encrypts your internet connection twice, also changing the IP address twice, providing added security for your online activities.
Camouflage Mode is Surfshark’s connection obfuscation feature, hiding your OpenVPN connection by disguising it as normal browser traffic. The feature helps avoid firewall restrictions specifically designed to detect and block VPN usage.
Clean Web is Surfshark’s advertising, tracker, malware, and phishing attempt-blocking technology.
TrustedServer Technology (ExpressVPN)
Most VPN servers rely on hard drives to operate. The hard drives retain all data, even if power is lost or they are rebooted.
This increases the risk that servers could contain sensitive information that something like a data breach could expose. Conversely, a hacker could install a backdoor that remains in place even if the server is restarted. (A backdoor is a bit of code that can be installed on a server that allows a hacker to remotely connect to and control the server.)
ExpressVPN’s servers use a proprietary “TrustedServer” technology that runs entirely from Random Access Memory (RAM), not from a hard drive. As RAM is “volatile” and requires power to retain its stored data (turn off the power and lose whatever is stored in RAM), all information on ExpressVPN servers is securely wiped each time the servers are restarted.
When an ExpressVPN server powers up, it loads a read-only image that contains the entire ExpressVPN software stack and operating system. This process ensures no data remains on the servers from previous sessions and also ensures that any code implanted on the server from a hacker is wiped from the server each time it’s restarted.
Scramble is IPVanish’s connection obfuscation feature. It helps hide your OpenVPN connection, disguising it as normal internet traffic. This helps bypass firewall restrictions in countries where internet access is closely monitored and restricted.
Stealth VPN is PrivateVPN’s connection obfuscation feature. Disguising your VPN traffic as normal browsing traffic, Stealth VPN helps users bypass restrictions in overly restrictive countries.
Chameleon is VyprVPN’s connection obfuscation feature. Chameleon makes your VPN traffic appear as normal, browser-based internet traffic, allowing it to bypass firewalls that can detect and block VPN activity.
For More Information
If you’d like to learn more about how to protect your online activities and your important personal and business information, Pixel Privacy has more information to share with you.
For more information on how to encrypt your internet connection and protect your online activities from prying eyes, check out our How to Encrypt Your Internet Traffic guide. For more information about VPN Encryption, be sure to read our “Ultimate Guide to VPN Encryption.”
We also provide information about other ways to protect your device and its precious data, such as our guides for antivirus software, how to prevent browser hijacking, how to tell if you’ve been hacked and how to browse the web anonymously.
Stay safe out there, my friends.