This guide was written and maintained by Gizmodo’s cybersecurity software team, who independently test VPN services for speed, privacy, security, and ease of use. Our recommendations are editorially independent and affiliate commissions do not influence our rankings. Gizmodo may earn a commission when you buy through links on the site.
Who does the testing
Our VPN coverage is handled by a cybersecurity software team. Everyone who contributes to a VPN review has hands-on experience with security software. Before publishing, each review goes through a factual check by a second team member.
VPN providers cannot pay to be included in our guides or to improve their position. Rankings are determined by test results and editorial judgment. If a VPN we cover has a flaw, whether that is a logging issue, a leaked IP, or a weak kill switch, that finding is written up and reflected in the score.
Our testing environment
We test on Windows 11, macOS, Android, and iOS. Each app is tested on its native platform, not emulated. Speed tests run over wired Ethernet on a 1 Gbps connection, from two fixed locations: a US home network and a UK-based machine. Tests run in morning and evening sessions on separate days; we take the median of at least five runs per session.
WireGuard, OpenVPN, and any proprietary protocol offered by the provider (NordLynx for NordVPN, Lightway for ExpressVPN) are each tested independently. DNS, WebRTC, and IPv6 leaks are checked on every device and browser we use.
What we test
Privacy and logging policy
We read the full privacy policy, including the parts providers tend to bury. We look at what data is collected at signup, during sessions, and when an account is closed. We check data retention windows and what the provider’s stated position is when a government requests user data. When independent audits of no-log claims exist, we factor them in and note them in the review.
Security and encryption
We verify the protocol stack in use. WireGuard and OpenVPN are the current benchmarks; services relying on PPTP are marked down. We check encryption strength, handshake method, and whether Perfect Forward Secrecy is implemented. We examine sample config files or open-source code when available rather than taking marketing copy at face value. Kill switch behavior is tested under forced disconnection on each platform.
Speed and performance
We measure how much throughput the VPN costs you compared to a baseline without the VPN running, and report that figure as a percentage rather than an absolute number, since raw speeds vary by connection. We test the nearest server, a mid-distance server, and a transatlantic server.
Streaming and unblocking
We test unblock Netflix US, Netflix UK, one additional regional library, Amazon Prime Video, Disney+, and BBC iPlayer. If a provider claims to unblock a specific service, we test that claim. A failed unblock on a claimed service is a score deduction. When unblocking fails, we contact support to see whether the team can point us to a working server.
Apps and usability
We test each VPN app on Windows, Mac, Android, and iOS separately. Mobile apps often have fewer features than desktop versions, so we do not assume parity. We check how many clicks it takes to connect, how the server list is organized, whether the kill switch is on by default, and whether the app clearly shows when the VPN is active or has dropped.
Value and support
We compare pricing across monthly, annual, and multi-year plans. For support, we send at least one live question per provider via chat or email and log the response time and the accuracy of the answer.
How we score
Each area is scored out of 10 by the reviewer. The final score is a weighted average. Privacy and security each account for 25%, performance for 20%, streaming for 15%, apps for 10%, and value for 5%. A low price does not offset a VPN that leaks data.
- Privacy and logging: 25%
- Security and encryption: 25%
- Speed and performance: 20%
- Streaming and unblocking: 15%
- Apps and usability: 10%
- Value and support: 5%
From score to ranking
One reviewer tests the VPN across all six areas and submits scores with supporting notes. A second team member checks the scores against the raw data and flags inconsistencies. The score is then compared against currently ranked services. A new entry does not automatically displace an existing one; it has to outscore it.
When a provider makes a material change, such as a new protocol, an ownership change, a revised privacy policy, or a reported security incident, the service goes back into the testing queue before the ranking is updated.
What affiliate relationships do not change
We earn commissions on some of the VPNs we recommend but it does not determine rankings.
- The top position is determined by test scores alone.
- Scores are submitted before commercial terms are reviewed.
- Flaws in a VPN we earn commission from are reported the same way as flaws in any other service.
- Providers cannot ask us to edit or remove a review they dislike.