Every VPN review on this site follows the same process. This page explains exactly how we test, what we measure, and how we score — so you can judge our conclusions for yourself.
Why methodology matters in VPN reviews
The VPN review space has a trust problem. Most “independent” review sites earn the majority of their revenue from affiliate commissions paid by the very providers they’re ranking. The incentive to inflate scores is structural, not personal — and it shows in the results.
Publishing our methodology openly serves two purposes: it holds us accountable to a consistent standard, and it gives you the information to disagree with our conclusions if your priorities are different from ours.
Our review approach
Encapsulated.network reviews are built on research and audit analysis rather than lab-style speed benchmarking. This is a deliberate choice, not a limitation.
The most important questions about a VPN — does it actually keep no logs? Has its security been independently verified? Is its jurisdiction a liability? — cannot be answered by running Speedtest.net. They require reading audit reports, analyzing privacy policies in detail, tracking provider history, and understanding what third-party security firms actually found when they looked under the hood.
That’s where our effort goes. Where hands-on testing adds value — leak testing, kill switch behavior, application usability — we do it. Where independent audits from credible security firms give better evidence than any individual test, we use those.
What we evaluate
1. Privacy and logging policy
This is the most important factor for a privacy tool. We evaluate:
- No-log claims: What does the privacy policy actually say, in plain language? Does it match the marketing claims?
- Independent audits: Has the no-log policy been audited by a credible third party (Cure53, SEC Consult, Deloitte, etc.)? When was the most recent audit? Are the full audit reports publicly available?
- Jurisdiction: Where is the company incorporated? Are they subject to data retention laws or intelligence-sharing agreements (Five Eyes, Fourteen Eyes)?
- Transparency reports: Does the provider publish transparency reports? Have they ever received and complied with a law enforcement request?
- Real-world test: Has the provider’s no-log policy ever been tested by an actual server seizure or legal demand? (Mullvad and ProtonVPN have both passed this test in practice.)
2. Security verification
We verify security claims by examining:
- Published third-party audit reports — full reports, not just provider summaries
- Encryption standards in use (cipher suite, key exchange, authentication method)
- Whether perfect forward secrecy is implemented
- Kill switch implementation and reliability based on documented testing
- DNS leak and IP leak test results — conducted personally using ipleak.net, dnsleaktest.com, and browserleaks.com
- IPv6 leak status (many providers tunnel IPv4 but leave IPv6 exposed)
- Post-quantum cryptography roadmap, if any
3. Protocol and technical standards
- Which protocols are available (WireGuard, OpenVPN, IKEv2, proprietary)
- Default protocol and whether the user can change it
- Obfuscation and stealth mode availability — important for users in restrictive network environments
- Split tunneling support and implementation quality
4. Provider history and trustworthiness
A VPN provider’s track record matters more than its marketing copy. We research:
- Ownership structure — who actually owns the company?
- Any history of security incidents, data breaches, or policy changes
- Whether ownership has changed hands (many formerly trusted VPNs have been acquired by holding companies with poor reputations)
- Community reputation among privacy researchers and security professionals
5. Application and usability
- Setup experience across platforms
- UI clarity — can a non-technical user configure the important settings?
- Available platforms and simultaneous connection limits
- Quality of support documentation
6. Pricing and value
- Monthly and annual pricing
- Free tier or trial availability
- Refund policy
- Anonymous payment options (cash, Monero, Bitcoin) — relevant for privacy-conscious users
How we score
Each VPN review includes a score across five categories on a 1–10 scale. The overall score is a weighted average — privacy is weighted most heavily because a fast VPN that can’t be trusted with your data is not a good VPN.
| Category | Weight | What it measures |
|---|---|---|
| Privacy & logging | 35% | No-log policy, audits, jurisdiction, transparency |
| Security | 25% | Leak test results, kill switch, encryption standards |
| Speed | 20% | % of base speed retained across protocols and locations |
| Usability | 10% | App quality, setup experience, feature availability |
| Value | 10% | Pricing relative to what you get |
What we don’t do
- We don’t take marketing claims at face value. “Military-grade encryption” is not a technical specification. We look at what the audit reports and protocol documentation actually say.
- We don’t let affiliate relationships influence scores. Some reviews may contain affiliate links. Affiliate status does not affect the score, the findings, or the recommendation. If a provider we have an affiliate relationship with has a poor audit history or a problematic ownership structure, we say so.
- We don’t summarize provider-supplied summaries of their own audits. We read the original audit reports. Providers occasionally highlight favorable findings while burying the significant ones.
- We don’t recommend a VPN we wouldn’t use ourselves.
How often reviews are updated
VPN providers change. Policies get updated, audits get published, ownership changes hands. We re-evaluate reviews when:
- A new independent audit is published
- A provider changes its logging policy, ownership, or jurisdiction
- A significant security incident occurs
- Major new features (or removed features) affect the score
- At minimum, once per year for any provider in our top recommendations
Every review displays a “Last tested” date. If a review is more than 12 months old without an update, treat the specific scores with caution — the technical analysis will still be relevant but individual details may have changed.
Questions or corrections
If you believe a score is wrong, a test methodology is flawed, or a factual claim is inaccurate, please reach out. We’d rather be corrected than be wrong.
Contact: [email protected]