When shopping around for a new VPN there are some things that we all check without even thinking – download speeds, server locations and apps to name a few. But there’s something you should absolutely be checking that’s a little less obvious: its jurisdiction.
The majority of the world’s most powerful nations are members of little-known data sharing agreements that see them pass your personal information around between themselves, even aiding in the prosecution of internet users across borders. Here’s some information on the most important ones (where applicable you can click on each one to see their level of internet freedom as scored by Freedom House).
Five nations make up Five-Eyes, and they’re five of the most powerful English-speaking nations in the world.
The pact means that as well as freely sharing surveilled data among one another, they also send and accept all manner of data retentions. This means that one nation can pressure another to hand it the logs of VPN users under their jurisdiction.
We consider these five nations to be the worst to incorporate a VPN within.
In addition to all Five-Eyes members:
These four nations don’t have domestic surveillance quite as problematic as the US’ Patriot Act or the UK’s Snoopers’ Charter, but they still cooperate with each other and all five of the members of Five Eyes.
These four countries are to be avoided if possible – there’s simply no need to take the risk.
In addition to all Nine-Eyes members:
Otherwise known as SIGINT Seniors Europe (or ‘SSEUR’), the original purpose of the 14-Eyes alliance was to coordinate the exchange of military intelligence between members. As you can probably guess, though, its reach has since expanded to include surveillance information on everyday citizens.
Just as with Nine-Eyes, we would recommend you find a VPN based elsewhere if you can.
The European Union (EU)
The EU, a collection of 29 sovereign European nations, is one of the largest and most powerful political and economic unions. It’s also a nightmare for data privacy.
While its cooperative laws are nowhere near as far-reaching as the ones in the alliances mentioned above, its member states still engage in data sharing.
Some states are better than others, but there are plenty that cooperate with Five-Eyes or even ban VPNs outright.
It doesn’t matter what organization or pact a country is a part of if it simply persecutes VPNs censors the internet all on its own. The worst offenders for this are:
While it’s fairly unlikely that you’ll find a VPN based in any of these countries, it always pays to be vigilant. Stay well clear of them.
We actually found a massive number of VPNs with explicit ties to questionable Chinese tech companies in our investigation into free VPN apps.
What Should I Look for in a Jurisdiction?
Even countries that have no affiliation to any of the organizations listed above can pose a threat to your privacy. Take a look for countries that tick the following boxes:
- No connections to intrusive nations: Some nations are beholden to the laws and whims of bigger, more nosy countries – make sure that there are no low-key international ties.
- No history of warrants and subpoenas: Avoid governments with a history of hauling up its citizens and prosecuting them (or someone else) based on the contents of their browsing logs.
- Strong net neutrality: While your VPN being based in a country with questionable net neutrality won’t necessarily affect your ability to browse the internet openly, it does mean that the government has a relationship with ISPs and telecom providers that hurts the consumer. There’s no guarantee that it won’t one day collaborate with them to clamp down on VPNs, rendering your service of choice useless.
When Does Jurisdiction Matter?
The location of your VPN is only half of the issue, though – you also need to know just how much personal information is being stored, too.
‘Logging’, as it’s commonly know, plays a huge factor. If a VPN logs things like your true IP address or timestamps of the sites you visit then it should be avoided outright.
However, if a VPN can prove that it records virtually no logs at all then it can actually negate most of the issues raised from a poor jurisdiction. If authorities can legally obtain servers from a provider, but those servers have no logs stored on them, then nothing can come of it.
Examples of VPNs that managed to score well in our testing despite being based in 14-Eyes or EU states include:
- Bulgaria – VPNArea
- Italy – AirVPN
- Romania – CyberGhost, VPN.ac
- Sweden – PrivateVPN
- US – IPVanish, Private Internet Access, StrongVPN
To learn exactly what to look out for you can read our extensive guide to VPN logging.
Recommended VPNs Outside of 14-Eyes Jurisdiction
The list of countries on this page isn’t exhaustive, and there are still other countries that make for a poor base of operations for a VPN.
There are also plenty of good options, though – below is a list of some of the best choices of jurisdiction we’ve seen from notable VPN providers: