How to Choose a VPN

A decision framework for travellers — five questions that cut through the marketing noise and help you pick the right VPN in under five minutes.

See full provider reviews How VPNs work

Start here 1

The 5 questions that matter

Ignore the marketing. Every VPN promises "military-grade encryption" and "blazing fast speeds". These five questions cut through to what actually differentiates providers for travellers.

Where is it based?

The company's jurisdiction determines which government can compel them to hand over data. Panama and Switzerland are ideal; US and UK are less so.

Does it keep logs?

A "no-log policy" means your browsing history is never stored. Look for providers that have had this independently audited — not just self-certified.

Does it work where I'm going?

Not all VPNs work in China, UAE, or Russia. If you're travelling to these countries, this is the most important question on the list.

How many devices can I connect?

Most providers allow 5–8 simultaneous devices. You'll want your phone, laptop, and ideally a tablet covered simultaneously.

What's the real price?

Always look at the annual plan price, not the monthly headline rate. Most providers require a 1–2 year commitment to get the advertised price.

Jurisdiction 2

Where your VPN is based matters

Intelligence alliances like the Five Eyes (US, UK, Australia, Canada, New Zealand), Nine Eyes, and Fourteen Eyes have data-sharing agreements that can compel companies to hand over user data — or secretly monitor it. A VPN based in a non-member country is harder for these agencies to reach.

NordVPN Panama

Outside Five/Nine/Fourteen Eyes

Mullvad Sweden

Fourteen Eyes member — but operates a genuinely audited no-log policy

ProtonVPN Switzerland

Outside EU intelligence alliances, strong privacy laws

ExpressVPN British Virgin Islands

Outside Five Eyes (though now owned by Kape Technologies, UK-based)

Surfshark Netherlands

Fourteen Eyes member — but independently audited

💡 Perspective

Jurisdiction matters significantly for journalists, activists, and high-risk individuals. For most travellers wanting to use Netflix, bank securely, and protect their data on public Wi-Fi, a well-audited no-log policy is more practically important than jurisdiction alone.

Logging policy 3

No-log means your activity is never recorded

There are two types of logs: connection logs (timestamps, IP addresses, session durations) and activity logs (which sites you visited, what you downloaded). A true no-log policy means neither type is stored.

Self-certification is meaningless. The providers worth trusting have had their no-log policies audited by independent firms:

NordVPN PricewaterhouseCoopers (PwC) 2022

ExpressVPN KPMG 2022

Mullvad Cure53 2023

ProtonVPN Securitum 2022

Surfshark Deloitte 2023

Warrant canaries

Some providers publish "warrant canaries" — periodic statements that they have not received government data requests. If the canary goes silent, that tells you something has changed. Mullvad and ProtonVPN both maintain warrant canaries.

The comparison 4

Top 5 VPN providers compared

All five providers below are reputable, independently audited, and appropriate for travellers. The differences are in the details.

Feature	NordVPN	ExpressVPN	Mullvad	Surfshark	ProtonVPN
Jurisdiction	Panama	BVI	Sweden	Netherlands	Switzerland
No-log audit	✅ PwC	✅ KPMG	✅ Cure53	✅ Deloitte	✅ Securitum
Simultaneous devices	6	8	5	Unlimited	10
Price/month (annual)	~$3.09	~$6.67	€5.00	~$2.29	Free / $4.99+
Works in China	✅ Yes	✅ Yes	⚠️ Sometimes	✅ Yes	⚠️ Limited
WireGuard support	✅ NordLynx	✅ Lightway	✅ Yes	✅ Yes	✅ Yes
Kill switch	✅ Yes	✅ Yes	✅ Yes	✅ Yes	✅ Yes