Orion/VPN
EN RU
Download app
◇ Guide 12 min read

How to choose a VPN: a 7-point buyer's checklist

Logs, jurisdiction, protocols, speeds, server count, app quality, refunds — the seven things that matter when choosing a VPN. Try Orion/VPN free with 10 GB and zero card.

Lena Kepler Privacy & encryption editor

If you have ever tried to figure out how to choose a VPN, you already know the problem: every site claims to be the fastest, the most private, the one with the most servers, and the one ranked number one this year. They cannot all be right. The “best VPN” market is saturated to the point of parody, and the loudest voices are usually the loudest because they pay the most for affiliate placement, not because their product is better.

This guide is the opposite of that. It is a plain, seven-point buyer’s checklist you can use whether you are a privacy hobbyist, a remote worker on shaky hotel Wi-Fi, or someone who just wants Netflix to stop nagging about your location. By the end, you should have a clear sense of what to look for, what to ignore, and how to test a service before you commit a year of payments to it. We will use Orion/VPN as a running example where it is useful, but the criteria apply to any provider on the market.

How to read this checklist

Each of the seven items below is something you can verify yourself in roughly five minutes per provider. Together they form a buyer’s guide that filters out maybe ninety percent of the noise. You do not need every item to score perfectly — but you should refuse to accept hand-waving on items 1, 2, and 7, because those are where bad providers hide.

A useful background read before you start is why a VPN is worth using at all. Once you are clear on the threat model, the criteria below stop being abstract and start sorting providers very quickly.

1. Logs and privacy policy

The first and most-talked-about VPN claim is “no logs.” Almost every provider says it. The actual question is whether the privacy policy backs the marketing copy.

Open the policy and look for three concrete things:

  • What is logged at connection time. A trustworthy policy explicitly says it does not record your source IP address, the destination IP, the timestamp of the session, or the bytes transferred per session. Vague language like “minimal logs to maintain service quality” is a red flag — that wording can cover quite a lot.
  • What is logged about your account. Email, payment method, and a hashed identifier are normal. Device fingerprints, browser history, and DNS queries are not.
  • What happens on legal request. A serious provider tells you what they would hand over if compelled. If the answer is “the bare minimum required by law in our jurisdiction,” ask yourself what that minimum actually is.

If you want a longer version of this section, the no-log VPN explainer walks through the difference between marketing claims and verifiable architecture in plain language. The short version: read the policy, look for transparency reports, and look at how the provider has handled past incidents — those three together tell you more than any badge on the homepage.

2. Jurisdiction and incident history

Where the company is registered matters more than most buyers realise. A VPN can be technically perfect and still be obligated to log under local law, or to share what little it has when a court demands it. Jurisdiction is the legal floor under everything else.

You do not need a law degree. You need two answers:

  • Where is the operating company registered, and what is the data-retention regime there? Some countries have aggressive mandatory-retention laws; some do not. Some are part of intelligence-sharing arrangements; some are not. None of this is secret — it is on the company’s “about” page or in the privacy policy.
  • Has the provider been compelled to share data before, and what happened? Past incidents are the single best predictor of future behaviour. A provider that was served a warrant and produced no useful data because it had nothing to produce is telling you a lot. A provider that quietly handed over connection logs while continuing to advertise “no logs” is telling you even more.

This is also where a public, regularly updated transparency report earns its keep. RAM-only servers — meaning the server runs entirely from memory and forgets everything on reboot — are another concrete architectural signal worth checking for. A node that cannot persist a session log because it has no disk to write to is a stronger guarantee than any marketing copy on a homepage, and it is the kind of design choice you can verify from public documentation rather than take on faith.

3. Protocol options (without the jargon)

Most “VPN comparison” pages will drown you in protocol names. Ignore them. What you actually need is two modes, named however the provider names them:

  • A speed mode for everyday use — streaming, video calls, downloads, normal browsing. It should be fast, low-latency, and stay connected when you switch networks.
  • A stealth mode for restrictive networks — hotel Wi-Fi that blocks VPNs, corporate networks, countries with active filtering. The traffic should look enough like ordinary HTTPS that aggressive filters leave it alone.

That is the entire decision tree. If a provider has both, you are covered. If they only have a speed mode, you will hit walls in restrictive networks. If they only have a stealth mode, you will pay a small speed tax all the time for no reason.

Orion/VPN exposes exactly two named modes — Horizon for speed, Wind for stealth — with a one-click switch between them. That is the ideal design from a buyer’s perspective: you do not need to know which one you want until you hit a network that breaks the default. If you want a deeper look at the tradeoff, the stealth-vs-speed protocol guide walks through when each mode pays off.

4. Speed and server count

Server count is the number every provider advertises and the number that matters least on its own. “10,000 servers in 100 countries” sounds impressive until you realise that what determines your speed is the one server you actually connect to.

Three things actually move speed:

  • Proximity. A nearby server with decent peering will outperform a far-away server on a fancy backbone almost every time. If the provider has nothing within a few hundred kilometres of you, raw count does not save you.
  • Peering. A server hosted in a data centre with good upstream relationships to your ISP will feel snappier than one parked in a cheap colocation with a single congested transit link. This is invisible from a marketing page, which is why the next bullet matters most.
  • Real measurement. The only honest way to evaluate speed is to test it from your actual network, on your actual device, at the times of day you actually use the internet. Anything else is a vendor benchmark.

This is one of the strongest arguments for trying before you buy. A free tier — Orion/VPN gives you 10 GB free without a card — is enough to run a week of real browsing through the service and see whether it disappears into the background or keeps reminding you it is there. Server count by itself is a vanity metric; experienced speed is what you are paying for.

5. App quality and platform support

A VPN’s app is the part you actually live with. A clever backend behind a clumsy UI is still a clumsy product, and most providers underinvest here. When you evaluate an app, three things matter more than the feature list:

  • It feels native. On macOS, that means a real menu bar app, real keyboard shortcuts, and behaviour that matches the rest of the system. On iOS, it means respecting battery and background-task limits. On Windows, it means not dragging in a kernel driver that fights with the rest of your machine. An app that feels like it was ported from a different operating system will frustrate you every day for a year.
  • The kill-switch is honest. When the VPN tunnel drops — and they all drop sometimes — the app should block traffic until the tunnel is restored, not silently let your real IP leak for a few seconds. Test this by toggling airplane mode mid-session. If anything reaches the internet outside the tunnel during the gap, the kill-switch is decorative.
  • Multi-device coverage. A typical household has a laptop, a phone, sometimes a tablet, sometimes a partner’s devices. A reasonable plan covers five to ten simultaneous connections. Anything fewer than five is a deliberate squeeze.

Orion/VPN ships a SwiftUI-native macOS app today, with iOS, Windows, Linux, and Android in the public roadmap. The macOS build was designed for the platform rather than translated into it, which is the standard you should expect from anything you pay for.

6. Pricing and free tier

Pricing tells you almost as much about a VPN as the privacy policy. Three patterns are worth recognising:

  • “Free forever, unlimited.” Be very careful. Running a VPN costs real money — bandwidth, servers, support, engineering. If a service is free and you are not paying with money, you are usually paying with something else. The free-vs-paid breakdown goes into the specifics, but the pattern is well-documented: ad injection, data sale to brokers, or a quiet pivot to selling the user list to whoever asks.
  • Freemium with a quota. A capped free tier — for example, 10 GB free per month — is a healthy model. It lets you actually try the product on your real connection before you pay, and the company is upfront that you are using a sample of a paid service. Orion/VPN’s 10 GB free tier exists for exactly this reason.
  • Paid only. Workable, but you are buying blind. A trial period or a real refund window helps here.

For paid plans, the sustainable price band for a serious VPN sits around $4.99/mo or $34.99/yr. Below that, the economics start eating into infrastructure quality; far above it, you are paying for marketing budget. Multi-year deals at “$1.99/mo for three years” usually require you to pay everything up front, which is a different product — closer to a prepaid commitment than a subscription, and worth less if the provider’s service quality slips a year in.

7. Refunds, support, transparency

The last item on the checklist is also the one that separates serious providers from disposable ones. After you pay, three things matter:

  • A real refund window. Seven days is a token gesture; thirty days is the established standard, and it is enough time to test the service across a few different networks. If the refund policy is buried, conditional, or “store credit only,” that is a tell.
  • Support that responds. You do not need 24/7 human chat. You need email or ticket support that replies in under a working day with someone who can read a log file, not a script-bound first-line agent who tells you to reinstall the app.
  • Public transparency. A roadmap. A changelog. A status page. Engineering posts. None of this is mandatory, but in aggregate it tells you whether a real team is behind the product or whether you are subscribing to a brand. Orion/VPN publishes its protocol modes, its node setup, and its roadmap publicly for that reason.

If you want a related comparison angle here, VPN vs Tor vs proxy covers how the support and transparency expectations differ across those three categories — useful if you are trying to figure out whether a VPN is even the right tool for what you are doing.

Putting it all together

The checklist as a whole, in the order you should walk through it:

  1. Logs and privacy policy. Read the policy. Look for transparency reports and past incident handling. Refuse vague language.
  2. Jurisdiction and incident history. Know where the company is registered and what it has done when compelled. Look for RAM-only servers as an architectural signal.
  3. Protocol options. A speed mode and a stealth mode, named however the provider names them. One-click switching is the bar.
  4. Speed and server count. Proximity and peering beat raw count. Test from your real network.
  5. App quality and platform support. Native feel, honest kill-switch, multi-device coverage.
  6. Pricing and free tier. Avoid “free forever, unlimited.” A quota-based free tier is healthier. Around $4.99/mo or $34.99/yr is the fair band.
  7. Refunds, support, transparency. Thirty-day refund, real human support, public roadmap and changelog.

The single best move you can make on top of this list is to test before you commit. A free tier with a real quota — Orion/VPN’s 10 GB free is a clean example — lets you run a week of normal browsing through the service before you pay anything. You will learn more in that week than in any number of comparison articles.

There is no perfect VPN, and there will not be one next year either. There are, however, providers that are honest about what they collect, designed for the platform you actually use, and priced in a band that lets them stay in business without selling you out. Walk the checklist. The choice gets a lot smaller, very fast — and the providers that survive your filter are usually the ones still around in three years, which is the timescale that actually matters when you are picking infrastructure you intend to leave running in the background of your life.

Try Orion/VPN free
10 GB on us. macOS app available now. Both protocols, every region, no card required.
Download for macOS → See plans →
◇ Comparison 11 min read

Free vs paid VPN: what you actually get for $0

Most free VPNs sell your data, throttle speeds, or limit servers. Here's how to spot the trade-offs — and why Orion/VPN gives you 10 GB free without the catch.

Read article →
◇ Education 9 min read

No-log VPN: what it really means and how to verify

"No logs" gets thrown around a lot. Here's what a real no-log VPN means, what to check before you trust one, and how Orion/VPN is built so we can't read your traffic.

Read article →
◇ Comparison 11 min read

VPN vs Tor vs proxy: which one for what (with examples)

VPN, Tor, and proxies solve different privacy problems. A plain-English comparison, when each one fits, and why most people start with a VPN like Orion/VPN — 10 GB free.

Read article →