Safe VPNs Determined by Protocol

TwitterGoogle+FacebookLinkedInPinterestTumblrStumbleUponRedditShare This

Alvin Bryan

Alvin Bryan is a freelance writer and online privacy enthusiast enthusiast currently contributing quality tips and troubleshooting on personal VPN services, and online privacy and security news. You can also find him on Google +.

Safe VPNsIf you are trying to determine what the safe VPNs are, you need to look at the protocols used. These protocols determine how safe your data is in transit. The NSA has been trying to break VPN technologies. And some of them have gone through the US government’s National Institute of Standards and Technology (NIST). So, you need to know which ones are safe.


PPTP is still being used by many VPN providers because it’s fast and easy to set up. People want high speeds and convenience. But PPTP doesn’t have its own security and uses authentication like MS-CHAP v2. The problem is that there have been many vulnerabilities found. One is unencapsulated MS-CHAP v2 authentication. There is a patch for this, but even Microsoft, co-developers of PPTP, recommends alternative protocols. And the NSA has cracked PPTP and is most likely routinely decrypting PPTP traffic both new and old. Safe VPNs do not use PPTP, but may provide it as a quick option for unimportant files.


L2TP like PPTP does not have its own security. So it is usually paired with IPSec for encryption capability. L2TP/IPSec is nowadays just as fast and easy to implement as PPTP and is more secure. The issue with L2TP/IPSec is that the UDP port 500 that it uses is often blocked by NAT firewalls. But port forwarding can be used to bypass this problem. This is in contrast to SSL-based systems that can use a TCP port 443. This in addition makes it impossible to tell user traffic apart from the regular SHTTP traffic. L2TP/IPSec is considered quite secure. It is rumored, however, that IPSec has also been compromised by the NSA, possibly while it was being designed. Another problem with L2TP/IPSec is the double data encapsulation which makes it slower than SSL systems like OpenVPN and SSTP. Generally, however, L2TP/IPSec VPNs are still safe VPNs.


OpenVPN Safe VPNsOpenVPN is the newest and most advanced VPN protocol. It is open source and very easy to configure. It also can use both UDP and TCP for versatility. It also cannot be separated from other HTTP over SLL traffic. OpenVPN uses a mixture of different technologies that make it the most stable, reliable and secure protocol. Using the OpenSSL library, this protocol supports many different kinds of encryption. A few of these cryptographic algorithms have their individual vulnerabilities, but OpenVPN as a whole has no known weaknesses. AES and other encryption standards are certified by the NIST, however, so they may also be compromised. And because it used more advanced encryption, OpenVPN is also fast. This is the only protocol that offers both high levels of security and speed at the same time. OpenVPN used to be available for desktops only. But it is now widely supported by all platforms including mobile OS through software. And using customized OpenVPN apps from providers like ExpressVPN is preferable because OpenVPN is not that easy to set up. Finally, OpenVPN cannot been broken by the RSA key attacks that the NSA uses. This is because it uses ephemeral key exchanges. So OpenVPN is now the only protocol that is truly secure and preferred by safe VPNs.


SSTP is another Microsoft product that uses SSL. It is similar to OpenVPN except that it is owned by Microsoft. It is therefore not considered as secure because of Microsoft’s involvement with NSA spying. Used on Windows, it is even more highly suspect because of the rumors of NSA backdoors into this OS. SSTP is only fully compatible with Windows and a few other desktop operating systems like SEIL, RouterOS and Linux. SSTP is not a primary choice for safe VPNs.

The Safe VPNs

ExpressVPN Safe VPNsOpenVPN is therefore by far the best choice when it comes to online security and privacy. It is the only one among the safe VPNs that has not come under suspicion with regard to being broken or compromised by the NSA. And it is open source, which means that any number of concerned developers can check it at any time. It is open to analysis and repair whenever modifications for security are deemed necessary. This is why many VPN providers are working on moving over to OpenVPN from the other protocols that they have been using. But there are also providers like ExpressVPN who have used OpenVPN from the very beginning. So Internet users don’t have to wait for their providers to upgrade.