Choosing a VPN is a trust decision. You’re asking a company to handle all of your Internet traffic. That means trusting them with your privacy, your security, and your safety.
Most people don’t come to VPNs as experts. They shouldn’t have to. This guide is written for everyday users who want to know when something feels off and how to recognize warning signs.
Think of this as the reverse of our How to Pick a Safe and Reliable VPN guide. Instead of what to look for, this is what should make you pause.
1. The company is hard to identify
Start simple: can you tell who runs the VPN?
A trustworthy provider makes this easy. Their website will clearly show a company name, where they are based, and who runs the organization. You should be able to find an “About” page that features an identifiable management team.
If you can’t figure out who runs the VPN, where the company is located, and who is accountable if something goes wrong, that’s a major red flag. A VPN handles sensitive data. Hiding basic company identity makes it impossible to trust.
2. There is no mention of audits or outside verification
Many VPNs say things like “no logs” or “strong security.” What matters is whether anyone outside the company has checked those claims.
You don’t need to read technical audit reports. Just look for signs that they exist. A trustworthy VPN will mention independent audits and names the firm that conducted them.
If you can’t find any reference to audits, or if the language is a vague statement like “we review ourselves” or “independently tested” with no details, that should give you pause. Claims without verification are marketing.
3. The privacy policy is confusing or overly broad
When it comes to privacy, clarity matters. You don’t need to understand every term. You should be able to answer one question: Do they clearly say they don’t track what I do online?
A good privacy policy is easy to find, readable and unambiguous. It explains what data is collected and what is not collected. Both are equally important.
Be cautious if the policy feels intentionally dense, if the VPN claims “no logs” but the privacy policy says information may be shared with “partners” or “affiliates” without explanation.
4. The VPN is completely free with no explanation
Running a VPN costs money: servers, engineers, bandwidth, security testing, and support staff.
If a VPN is entirely free, it’s reasonable to ask how the business survives. Sometimes the answer is advertising. Sometimes it’s selling data. Sometimes it’s much worse. If you’re using a free VPN, due diligence is critical.
Historically, many free VPNs have been caught tracking users, using weak encryption, injecting ads, turning users into botnets, or even having ties to state-backed surveillance efforts. Free does not automatically mean unsafe, but “free with no explanation” is a serious warning sign.
5. The marketing sounds too good to be true
Be skeptical of absolute claims like “100% anonymous,” “untraceable,” or “guaranteed protection.”
No responsible security company promises perfection. Real providers talk carefully about what their service does and does not do. When marketing language feels more like fantasy than engineering, that’s a signal that trust may not be their priority.
6. The site doesn’t explain basic security features
You don’t need technical depth, just plain explanations. A good VPN will clearly explain that it uses strong encryption, protects against leaks, and offers a kill switch if the connection drops.
If you can’t find any mention of:
- Encryption
- Leak protection
- A kill switch
… then that’s concerning. A company that takes security seriously wants users to understand the protections they are getting.
7. There is no way to report security problems
Responsible companies expect scrutiny. They assume mistakes can happen and prepare ways for researchers and users to report them.
Look for a security contact email, a vulnerability disclosure page, or mention of a bug bounty program. If none of these exist, it suggests the company may not welcome outside review of its security practices.
8. Customer support is hard to find or reach
Before you subscribe, try finding their support options. Is there a clear email address, live chat, or help center?
If support information is buried, vague, or nonexistent, that’s a warning sign. A VPN that is difficult to reach before you pay is unlikely to be responsive after.
9. They say very little about their servers or locations
You don’t need infrastructure knowledge, but transparency matters. Trustworthy VPNs explain where their servers are located and how they are managed at a high level.
If claims feel exaggerated (“thousands of servers everywhere”) with no explanation, or if server locations are never mentioned at all, that’s another reason to slow down.
10. The sales process feels manipulative
Privacy tools should empower users, not pressure them.
Be cautious if you notice:
- Hidden fees
- Auto-renewals that aren’t clearly explained
- Difficulty canceling
- Fear-based messaging (“you are unsafe without us”)
Trust grows from clarity, not urgency or pressure.
The Easy Shortcut: Look for the VPN Trust Seal
Doing all of this research can feel overwhelming. That’s exactly why the VPN Trust Initiative Trust Seal exists.
When you see the VTI Trust Seal, it means the provider has:
- Met industry-backed standards
- Undergone independent verification
- Committed to transparency and accountability
- Demonstrated strong privacy and security practices
It turns a complex trust decision into a simple one.
If you don’t want to play detective, look for the symbol that shows the work has already been done: the VPN Trust Initiative Trust Seal.
About i2Coalition’s VPN Trust Initiative
i2Coalition’s VPN Trust Initiative (VTI) is an industry-led consortium that promotes consumer safety and privacy online by increasing understanding of VPNs and strengthening business practices in an industry that already protects millions of Internet users. The VTI leverages firsthand knowledge to advocate, create, vet, and validate guidelines that strengthen trust and transparency and mitigate risk for users.
To learn more about the VTI, please click here.
[Top photo by Petter Lagson on Unsplash]