Does a VPN Protect Against Government Surveillance?

Government Surveillance VPN

On May 20th 2013, a previously unknown IT contractor left his job at a National Security Agency (NSA) facility in Hawaii and boarded a flight to Hong Kong.

Just a few weeks later, the information he took with him and shared with the media revealed the extent of government surveillance being carried out not only by the NSA but intelligence agencies in the UK, Australia, and various other countries around the world.

The revelations of Edward Snowden might have been expected to result in a fundamental change in the way democratic governments are allowed to monitor their citizens.

But the stark reality is that not much has changed. In many countries, including the UK, things have got considerably worse. I have been working in this area for years and the initial hope we all felt when Snowden went public has gradually drained aawy.

At the same time, authoritarian regimes around the globe have continued to expand their electronic surveillance capabilities. When challenged, they understandably point to countries like the US and the UK and argue they are no worse. It is a formidable challenge to refute.

What this means for individuals like you and me is that government online surveillance is increasingly becoming the norm around the world.

Some have no problem with their governments watching what they do online every minute of the day and buy into the flawed argument that if you’ve done nothing wrong, you have nothing to worry about.

But those of us who believe that their fundamental right to online privacy is being breached by the new wave of government online surveillance have turned to tools like VPNs to try and protect themselves from it. ‘Why should I lose my privacy just in case I do something wrong’, is the very valid argument that we are all make.

The question is, how much protection does a VPN offer from government surveillance? It is a complicated question to answer with plenty of variables to consider. But that is what I have set out to answer in this guide.

So, if you are keen to keep your online activity and data private and stop your government and other governments around the world from snooping on it, this is the guide for you.

Part One: All about government surveillance

Government surveillance

Some people are unclear about what we mean by government online surveillance. Others are pretty blase about it, usually because they don’t fully appreciate just how pervasive it is.

So, in this opening section, I am going to go into a little more detail about what I mean by government surveillance and which countries have a particularly big issue with it.

I should stress at the very start that this is just a snapshot of the situation, covering certain key issues and certain high-profile countries.

Government online surveillance is a lot broader and deeper than even this guide might suggest, and that is just what we know about thanks to transparency laws in some countries and whistleblowers like Edward Snowden.

There is almost certainly far more going on that isn’t yet in the public domain.

But hopefully, in this section, I will open your eyes to the extent of government online surveillance these days and how it impacts everyone, including me and you.

Edward Snowden

Edward Snowden

Edward Snowden is the still flagbearer for online privacy ten years after his revelations. He is the man who has single-handedly drawn the attention of the world to the issue of government online surveillance programs.

It is therefore fitting that I am beginning this section by focusing on the revelations that his whistleblowing gave us.

There is an awful lot of ground we could cover here, and the Snowden revelations involved millions of classified documents touching on a huge number of secret government surveillance operations.

That is far too much detail for the purposes of this guide, so I am going to zoom in on a few of the most prominent revelations that Edward Snowden made and that I consider to be most important:


Having initially revealed that the NSA had access to the phone records of just about every US citizen, Snowden’s second bombshell revelation was about PRISM.

PRISM was a scheme which allowed the NSA to request any data they wanted from tech companies like Apple, Google, and Microsoft. Initially, it was thought the NSA had direct access to their servers, but this proved not to be the case.

However, these tech companies were legally bound to release any information and data requested by the NSA and were not permitted to reveal publicly that they were doing so. That meant the US Government could legally find out about everything people were doing online.

Its revelation shook the US tech community and observers like me, to its core. They first denied knowledge of PRISM, but then admitted complying and demanded the right to be more transparent about government data requests.

They were partially successful and can now reveal some very broad information about government data requests. But the truth is that the NSA and other intelligence, security, and law enforcement agencies around the world still have the right to see almost all of our online data.


Tempora was a joint programme between the NSA and the UK’s Government Communications Headquarters (GCHQ). It saw the two agencies work together to tap into the fibre optic cables located around the world, which help keep the internet flowing and intercept data.

This programme was data harvesting on a massive scale. It was also completely indiscriminate and would have seen the agencies have access to the private online activity of people from every country and every region of the world. People like you and me.

Snowden’s revelations showed that a number of private companies had helped to facilitate Tempora, including Verizon, BT, and Vodafone.

It was hugely worrying to people like me, not least because if the NSA and GCHQ have the technology to do this, it is quite likely that the regimes in China, Russia, Iran, and other countries around the world could have it too.

In 2018, the European Court of Human Rights ruled that the UK’s mass data interception and retention programmes, including Tempora, “was unlawful and incompatible with the conditions necessary for a democratic society”. Despite this ruling, we have no reason to think that Tempora is not still happening.


XKeyScore is an NSA programme that they proudly described as the “widest-reaching” system to search through Internet data anywhere in the world. This was the tool that brought together all of the data the NSA harvested and made it easily searchable for NSA operatives.

It included “nearly everything a user does on the Internet”, and they could search by people’s names, locations, or a variety of other things.

This is essentially a Google for your internet data and the internet data of every US citizen and many more people around the world. It is a deeply chilling concept and a tool that the NSA shared with other friendly intelligence agencies like GCHQ.

Despite outrage when Snowden revealed it, as far as we know XKeyScore is still being used.

Tailored Access Operations

Tailored Access Operations was the name given to the NSA own team of elite hackers. This group was paid by the NSA to hack into computer systems around the world and infect them with malware that allowed the NSA to monitor activity and collect data.

This team was the NSA’s backup when their regular data collection failed, and the Snowden leaks were the first time we had an insight into how they operated and continue to operate.

Data Centre infiltration

The Snowden files also revealed that the NSA was capable of infiltrating the links between data centres run by the likes of Google and Yahoo! and harvesting the data there.

This revelation made the big tech companies extremely angry since they were supposedly unaware that this was happening. They quickly pledged to plug these gaps and encrypt future links, but how effective this has been in stopping NSA surveillance of this data is anybody’s guess.


Alongside harvesting phone data, the Snowden files also revealed that the NSA intercepts at least 200 million text messages every day in a programme that is called Dishfire.

The NSA said in leaked documents that this was a “goldmine to exploit” for all kinds of personal data.

It was also revealed that the NSA can “easily” crack mobile phone encryption, allowing them to decode and access the content of intercepted calls and text messages with ease.

There was plenty more in the revelations of Edward Snowden, that I for one found hugely shocking, but if these few programmes do not convince you of the scale of Government internet and communications surveillance in the USA and around the world, then nothing will.



One other Snowden revelation related to how the NSA deals with encryption. He revealed that they are not able to crack the most serious encryption algorithms, so instead have developed a variety of tricks to get around it.

This includes promoting the use of weaker algorithms that they can crack, forcing companies to install backdoor access to encrypted data, and hacking into servers or devices.

This revelation has provoked outrage in the USA and around the world. Tech specialists like me were genuinely staggered.

The American Civil Liberties Union (ACLU) said at the time of the Snowden revelations that,

“The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.”

They are absolutely right. But despite the fact that ten years have passed since this comment, nothing much has changed.

Indeed, in the USA, politicians and intelligence agencies continue to rail against the use of encryption.

Critics in both Congress and the Senate have pushed for tech companies to be forced to allow backdoors into all encrypted communications to allow agencies like the NSA to harvest data as they wish.

At the time of writing, there are three Bills that, in my professional judgement, could threaten the use of end-to-end encryption in the USA:

  1. EARN IT Act: This would make tech companies criminally liable for content posted on their platforms and likely force them to remove encryption in order to scan user content before it goes online.
  2. CSAM Act: This Act would give power to courts to view the use of encryption as proof of liability for facilitating or promoting cases of child sexual abuse material (CSAM) distribution on an internet platform or social media site
  3. Kids Online Safety Act (KOSA): Places a requirement on tech platforms to ensure that kids can’t access harmful material. The definitions in this Act are very broad and would likely result in the weakening of encryption as well as greater online surveillance.

Policymakers are still, it seems, either totally oblivious to the fact that this will expose this data to hostile governments and hackers as well, or they just don’t care.

Tech companies are under massive pressure to remove encryption.

Facebook has so far refused to yield in the face of mounting pressure from politicians who want it to pull back from its plans to encrypt its Facebook Messenger communications tool.

US allies around the world, including here in the UK, have also been highly critical of online encryption.

Earlier this year, the UK Government passed the Online Safety Act, a piece of legislation that includes clause 122, the infamous “spy clause”. This gives OFCOM, the designated regulator, the power to demand access to encrypted content. They have yet to make use of that power, but when they do, an almighty battle is likely to ensue. Signal is just one company that has threatened to leave the UK if its encryption is threatened.

As I have discussed many times on this site, undermining encryption has huge consequences for online privacy and also for the various technologies, such as online payments and online banking, which depend on this technology being secure.

In the UK, the Investigatory Powers Act, which was passed in 2016 amid huge controversy, already gives the UK Government the power to force encryption backdoors on companies.

As far as I know, this power has still not yet been used, but there is no reason for me to think it won’t be at some point in the future.

In the recent Kings Speech, reforms to this legislation were announced. But far from improvements, the Government’s plans look set to make the Investigatory Powers Act even worse.

Government Surveillance around the world

Surveillance around the world

So far in this guide, I have focused primarily on the online surveillance activities of the US and UK Governments, but this is an issue which is far from confined to just them.

The truth is that most governments around the world engage in wide-ranging online surveillance activities against both their own populations and others around the world.

In this section, I am going to provide you with an overview of some of the worst offenders that I have come across in my research.

I have split it up into two sections; authoritarian regimes and democratic countries. As you will see, and no doubt be rather shocked by, the difference between the two groups is far smaller than you might think.

The majority of the information included in the following two sections comes from Freedom House, the excellent Not-for-Profit organisation that monitors online freedom and publishes the data it gathers as an annual Freedom on the Net report.

Government Surveillance in Authoritarian Regimes: Top 5 Worst Offenders

1. Communist China

The Communist regime in China has created the world’s most oppressive and intrusive online surveillance and censorship programmes as part of its efforts to maintain its grip on power.

Chinese internet censorship is well-documented and often referred to as the Great Firewall. It blocks millions of different websites and online services that refuse to hide content that goes against the Chinese Communist Party’s propaganda.

Their use of online surveillance is intertwined with this programme since a lot of the censorship of social media and other such platforms is done in real-time by teams of workers and AI programmes. These monitor what people post and delete any content that doesn’t comply with the Party’s rules.

In 2017, the Communist Party passed an infamous cybersecurity law. This requires that all Chinese tech companies hand over any data requested by the state.

It effectively removes any notion of online privacy for Chinese internet users if such a thing existed previously.

It is common practice for people in China who post content online that is deemed in breach of the country’s strict online laws to be arrested, tortured, and locked up for extended spells.

In the East Turkestan / Xinjiang regime, where more than a million innocent Uighur Muslims are currently being held in concentration camps, this is even more common. I was shocked to discover that it is also more prevalent now in Hong Kong too, since China broke international law to seize control of the country.

The same law also banned the use of VPNs, a popular tool for unblocking censored content in China.

Despite this, many VPNs remain accessible inside China and provide a crucial window to the free world for the oppressed people of China, as well as encrypting data to help prevent the authorities from being able to see what people are doing online.

On 1 August 2022, the Regulations on the Administration of Internet User Account Information were issued by the China Internet Information Office. These require Internet accounts to fill in their real occupations, and the user’s real IP location will be logged.

China also saw a further crackdown on online freedoms during the COVID-19 pandemic, which saw widespread criticism of the regime’s handling of the crisis. These restrictions are yet to be lifted, and recently, a Chinese worker was fined US$145,000 just for using a VPN.

2. Russia

While Russia remains a democracy on paper, it is, in reality, a corrupt dictatorship with Vladimir Putin at its head. This view has gone mainstream since Putin kickstarted a war in Europe with his illegal invasion of Ukraine. On his watch, the level of online controls has risen exponentially, and even more so since the Ukraine invasion.

In 2019, Russia passed its Internet Sovereignty Law. This not only required all data generated by Russian citizens to be kept on servers inside Russia (which makes it far easier for the Russian authorities to access it), but it also set in motion long-held plans that would allow Putin’s regime to cut the Russian internet off from the rest of the world.

This so-called sovereign internet has been tested by the Russian regime and is thought now feasible to implement.

The so-called Yarovaya Law, which requires all internet providers to retain all user data and information for an extended period of time, has also removed any last vestiges of online freedom while also pushing up prices for consumers.

The Russian regime has also banned the use of VPNs and threatened VPNs that they have to keep Russian user data on Russian soil.

Of the ten primary VPNs written to, only Kaspersky VPN complied with this ruling, although some other VPNs have removed their Russian servers. Kaspersky VPN has since shut down in the country.

Recently, the Russian authorities announced that 167 VPNs had been blocked in the country and also confirmed a targeted assault on the most popular VPN protocols.

3. Iran

The Islamic Republic of Iran’s theocratic government also operates one of the most intrusive online regimes on the planet. This has become even more apparent since the end of 2019 when the regime faced widespread public protests.

Internet shutdowns across the country were used to prevent protestors from organizing and communicating the reality of the situation to both other Iranians and the outside world.

Iran is another authoritarian regime that has attempted to cut its internet infrastructure off from the rest of the world by creating a National Information Network (SHOMA), which will not only control what people can and cannot see but also strictly surveil them to make sure they are not breaking the law.

The recent protests also saw the regime clamp down more on VPN use which, as in China, is popular with many Iranians.

New laws on this are expected, with plans for some people to be permitted to use VPNs, but only if they submit to even greater government surveillance. VPN retailers in Iran have recently been threatened with execution. But perhaps inevitably, in such a climate, VPN use continues to grow, with the Iranian market alone now estimated to be worth more than US$1 billion.

4. Saudi Arabia

Internet access is both widely available and affordable in Saudi Arabia, but the regime’s use of censorship and online surveillance is widespread.

Criticism of the absolute monarchy which controls Saudi is not permitted, and critics and opponents of the regime are closely scrutinized, arrested, tortured, and in some cases, sentenced to death.

After the regime lured US journalist Jamal Khashoggi into their consulate in Turkey and murdered him, this surveillance was stepped up, as was the use of censorship to repress any online discussion of the atrocity.

There is evidence of the regime using various sophisticated online surveillance tools, such as the Pegasus spyware tool, which was developed by an Israeli company, to spy on activists and anyone who they suspect may oppose them.

5. Vietnam

It is easy to forget that China is not the world’s only single-party Communist dictatorship. Vietnam is the same, and the regime there has also placed severe restrictions on what people can and cannot do online.

In January 2019, a draconian new internet security law was passed in Vietnam, which handed the ruling Communist regime sweeping powers to hoover up internet user data of everyone in the country.

Censorship is widespread, too, and the punishments for breaching this law are severe.

Jail sentences of as much as 20 years have been handed out to activists who post content online that is deemed to be in breach of the law.

The regime has also established a new national unit to monitor social media and other internet content. This unit is believed to have access to various high-tech tools that use AI to scan millions of online posts, log content, and identify anything that challenges the regime or breaks the law

Government Surveillance in Democratic Countries: Top 5 Worst Offenders

1. USA

The USA’s extensive government surveillance of the internet is already widely documented, and I have talked about it a lot already in this guide.

Much of what we have discussed continues to happen, although the presence of a free and fair legal system means that challenges against some aspects of it have been bought successfully.

Nevertheless, under the Trump administration, online privacy and net neutrality laws were rolled back and this allowed government agencies and private companies to monitor people’s online activities and use the data for security purposes as well as for advertising, marketing, and other commercial activities.

Biden has done little to correct these issues since he came into office and, as I have already discussed, there are further Acts that I believe could undermine online freedoms still further being discussed.

2. UK

Given that the UK prides itself on being the home of freedom and liberty, it is actually quite troubling to me how much power the UK government has to surveil its people.

I have already touched on the Investigatory Powers Act, which handed the government and its agencies widespread powers to collect and monitor internet data, and the Online Safety Act.

All ISPs in the UK are legally required to collect their user’s internet records and keep them for a period of 12 months, and the Government is now seeking to amend the Investigatory Act to beef up these powers.

Expert Opinion

Jim Killock, the director of Open Rights Group, called it the “most extreme surveillance law ever passed in a democracy”.

A staggering number of government agencies are allowed to request access to this data on the flimsiest of pretexts and with a minimal amount of oversight.

The UK’s membership of the Five Eyes intelligence-sharing network means that this data can also be shared with intelligence agencies from other countries too.

3. Australia

Rather than being appalled by the UK’s Investigatory Powers Act, Australia was inspired to create its own version known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act.

Passed in 2018, this law gave Australian authorities sweeping powers to require ISPs to store user data and for government agencies to access that data.

The powers it contained have led to raids being carried out on the homes of prominent journalists as well as the Australian Broadcasting Corporation (ABC).

The law also gave the government the right to access encrypted communications and insert backdoors into communications tools.

It has hindered technological innovation in Australia and driven many companies to move their businesses elsewhere while also fundamentally undermining the online rights of Australians.

Laws passed in the wake of the terrorist attack on a mosque in Christchurch, New Zealand, in 2019 undermined these rights still further and placed a criminal penalty on anyone deemed to have shared what they class as “abhorrent content”.

4. The EU

The European Union (EU) has generally been perceived as one of the biggest defenders of online freedom. But as with much of the EU’s legislation, the devil is buried in the very significant amount of detail and bureaucracy that underpins their laws.

For example, its Data Retention Framework, which was in place for ten years, required companies to retain internet metadata for at least two years and make this data available to various government bodies without a warrant and for a whole host of different reasons.

Perhaps the EU’s biggest weakness is that it has failed to consistently enforce rules that should stop member states from carrying out mass surveillance on national security grounds.

The UK, France, and Belgium have all passed laws that appear to be in breach of EU rights and yet the EU’s lengthy and bureaucratic justice system means no action has ever been taken too seriously to challenge these laws.

5. India

In 2008, the Indian Government passed an Information Technology Act with no debate that allowed the government to spy on all communications with no warrant. Since then, numerous laws have been passed that handed the government various online surveillance powers.

There are laws requiring data retention and plans to undermine encryption. There is clear evidence of the Government monitoring social media activity and using information gleaned from there to prosecute and convict people of wrongdoing.

The Modi government is also believed to use online surveillance as a tool in their pro-Hindu policies, and the internet shutdowns in Kashmir and other areas of the country also serve as evidence of their seeking to control online activity.

In 2022, India passed a directive that required all VPNs to hand over user data to the Government. This led to a number of VPN providers exiting the country.

Part Two: VPNs and Government Surveillance


If you are worried about government surveillance and want to take steps to stop your government from being able to monitor and store what you do online routinely, you are likely to be looking around for an online security tool to help you. I can help you with that.

In my professional opinion, the single most important tool that you can use is a VPN.

VPNs are all-purpose online security and privacy tools that can indeed help to protect you from government surveillance and protect your online privacy. But they are not a one-stop solution to all Government surveillance concerns.

If you are of interest to any government, a VPN is not a solution that will protect you. However, my research has shown that it should minimise your exposure to mass data collection and aid in the protection of your data.

Expert Opinion

Chris Duckett of ZDNet said “Using a VPN is not a bad idea, but it is not a cure-all to the bigger issue of surveillance” (Source).

In this section of the guide, I will look at some of the ways that a VPN can help to protect you from government surveillance and some of the ways it can’t.

I will also recommend the best VPNs to use to stay as safe as you can from the prying eyes of the state.

How a VPN can protect you from government surveillance

VPN protection

Data Encryption

When you are connected to a VPN, all of your internet data is pushed down an encrypted tunnel giving you a secure connection.

This ensures that everything you do online is encrypted, and if you choose a decent VPN, this encryption should be unbreakable, even by the most intrusive of government surveillance operations.

But there are some limitations which it is important for you to understand.

When you use the internet, your data travels from your device via your Internet service to the websites or services you visit. When you connect to a VPN, this data is redirected through an external VPN server before being sent to its final destination.

However, this encrypted tunnel is only in place between your device and the VPN server. That means that your ISP cannot read what you are doing online.

Once it reaches the VPN server, your data is stripped of its metadata (the key identifying information such as who you are, where you are located, and your real IP Address).

The IP Address and details of the server are tagged on it instead, and then the data is sent off to the website you want to visit.

Learn More

Discover how and why it’s important to randomise your IP Address.

However, it is important to note that on this leg of the journey, the data is not automatically encrypted.

This means that if your data does contain some identifying information, this will be identifiable by government surveillance operatives as well as hackers or anyone else who wants to look.

So, while a VPN does encrypt your data on that important first leg of the journey, it doesn’t offer end-to-end encryption in the way that some encrypted communications tools do.

But as long as your online data doesn’t contain personal information, this encryption should be enough to stop anyone from seeing that data and tracing it back to you.

Hide your IP Address

Every single internet connection has an IP Address.

This short series of numbers (such as is the equivalent of your online address. It means that if your government does intercept and read your online data, it can trace it back to your precise location.

But when your data is redirected through a VPN server, the IP Address tagged onto your data changes to become the IP Address of the server. This will be in a different location, perhaps even a different country, and often used by multiple people.

This makes it a lot harder for Government surveillance agents to be able to confirm that the online data they intercept originated from you. Obviously, if the data contains personal information, it is not impossible, but a VPN does make their job that much harder.


A lot of guides will tell you that when you connect to a VPN, you are completely anonymous online.

This may be the case when coupled with other technologies, but for most people, it isn’t the case. A lot of VPN companies will use terms like ‘anonymous’, but this is marketing talk, and I would prefer to use ‘semi-anonymous’ or partially anonymous to describe what they can offer.

In truth, the level of anonymity that you can achieve with your VPN is down to what you are doing online in many ways.

Expert Opinion

Jack Schofield of The Guardian said, “As an ordinary citizen with a life, you can’t hide from the security services any more than you can defend your house against a tank regiment. If they want to hack your devices, they will.” (Source).

If you connect to your VPN and then log in to your personal Facebook account or start sending emails from your Gmail account, it doesn’t take too much intelligence for a surveillance agent to figure out who you are and link you to everything else you do online.

But if you avoid using any personal information online, this makes that job more challenging. While you’re never going to be untraceable to the government, it will stop most others from tracking your usage.

How a VPN can’t protect you from Government surveillance

Unencrypted Communications

As I have noted above, a VPN only encrypts your online data between your device and the VPN’s server. After that, your IP Address and metadata are removed, and then the data is forwarded as normal.

This is a clear distinction from end-to-end encryption which is used on some communications tools to secure private messages. This encrypts data for the entirety of its journey from your device to the device of the intended recipient, and often only that device is able to unscramble it.

Not all online messaging and communications tools offer end-to-end encryption, and it is important that people don’t assume that using a VPN is a suitable substitute for sending messages on an encrypted service.

VPNs encrypt data in a different way, so if you want your messages to be encrypted and secure, you need to be using an encrypted messaging service. We will highlight some of the best in the following section of this guide.

Device Hacks

As I noted in the opening section of this guide, one of the tools that the NSA and other government agencies around the world have in their arsenal is hacking.

If you are successfully encrypting all of your internet data, a simple way around the encryption is to compromise your device and syphon off the relevant information before it is encoded.

These hackers can compromise your device in a number of different ways. They might compromise your Wi-Fi connection, fool you with a phishing scam, or use many other methods.

This is something that a VPN cannot protect you against, and if your device is compromised, a VPN will not stop any of your data from being seen by government surveillance operatives.

Unencrypted storage/backups

Be aware that a lot of devices and online accounts will automatically store and back up a lot of your online data. Often, this will be backed up on encrypted and insecure servers that any half-decent government surveillance operative will be able to access and mine for information.

Again, this is something that anyone can fall foul of at any time and that a VPN will offer you no protection against. Be sure the settings on all your devices, personal accounts, and software are not set up to do this.

User error

Perhaps the most significant single issue that a VPN cannot defend you against is user error. And this is something that can happen to everyone at some point.

If you access a personal or identifiable account, write in a certain manner, reference certain things that can identify you and your location, or make even the smallest slip-up on all manner of other things, a VPN cannot prevent your cover from being blown.

There are numerous examples of infamous hackers, drug gangs, and other cybercriminals being unmasked and convicted because they used a personal email account right at the start of their operation or made one slip with the keyboard that exposed them.

No VPN in the world can stop this from happening.

Best VPNs to protect you from Government surveillance

Surveillance best VPN

If you want to protect yourself from government surveillance and do as much as you can to protect your online privacy, a good VPN is something you must be using.

I should stress here that if you are a high-profile target or a suspect that a major government is determined to surveil, a VPN will not be enough to keep you safe.

But if you are an everyday internet user who simply doesn’t want their online data being collected and stored by their government for no apparent reason or who wants to use the internet freely and without fear of reprisals in an authoritarian country, my research has made it abundantly cleat that a VPN is the perfect tool for you.

A note of caution

Before I identify the top VPNs to protect yourself from government surveillance based on my professional research, it is important to stress that choosing the right VPN is vitally important.

When you use a VPN, you are trusting them to protect your online data. All of the VPNs I recommend in this guide and on this site are fully tested by me and totally trustworthy. But not all VPNs are.

It is possible that a VPN (or any other online tool) could have been created by a hostile government or an intelligence agency as a honeytrap to lure unsuspecting people into sharing their data.

For example, recent research has shown that many free VPN owners can be traced back to Communist China.

It is, therefore, vital that you choose a transparent and reputable VPN if you really want to keep your online data private, secure, and out of the hands of government surveillance operatives.

How to choose the best VPNs to protect you from Government surveillance

There are a lot of good VPNs on the market, and if you have already done a quick search, you are probably wondering how on earth you can identify the best VPN for you.

That’s where I come in.

Along with our team of VPN experts, I regularly puts all the top VPNs through their paces to see how their security and privacy protections stack up. No one has tested more VPNs than me, with the support of my team of experts!

We have put their heads together to identify the five top VPNs on the market right now that offer the best protection against government surveillance.

In reaching our decision, we have applied several core criteria to each VPN. The main ones that matter for people who care about security and privacy are:

  • Encryption – A VPN needs to offer strong and reliable encryption. My research has found that 256-bit AES encryption is considered unbreakable and is the minimum that I were looking for.
  • Security Features – A wide range of security features can help to keep you safe online. Leak protection and an effective kill switch are especially important.
  • No user logs guarantee – I was looking for a cast-iron guarantee that a VPN was not keeping any relevant records about what you get up to online.
  • Jurisdiction – The best VPNs are based in a country where local laws permit them to offer you a private and secure service.
  • Works in China – If a VPN works inside Communist China, the regime most hostile to online freedom, you can be pretty sure you will be able to use it anywhere.

Using these core criteria as our starting point, I have reassessed all of the top VPNs on the market to reach a definitive conclusion about which are the best at protecting you against government surveillance.

The results are in, and here is a rundown of my Top 5:

1. ExpressVPN

ExpressVPN apps on multiple types of devices

ExpressVPN is one of the longest-established VPNs and has been our Editor’s pick of the best VPNs on the market for a long time. If you want to protect yourself against government surveillance, ExpressVPN is the best VPN out there.

It uses 256-bit AES encryption as standard for all its customers. This comes alongside a wide range of security features,e including leak protection and the obligatory kill switch.

ExpressVPN offers a no-user logs guarantee which means it will never hand over details of your online activity because it doesn’t hold them. Their no-user logs guarantee has been independently verified by PriceWaterhouseCooper (PWC) and is absolutely watertight.

ExpressVPN is based in the British Virgin Islands, an offshore location which allows it to adopt one of the most robust privacy policies of any VPN. It also offers its own unique, fast, and secure Lightway protocol.

In addition, ExpressVPN offers dedicated apps for Android, Apple iOS, Windows, Mac OS, Amazon Fire TV / Stick, Linux and some select routers. There are also web-browser extensions for Chrome, Firefox and Safari, and you can connect up to eight devices simultaneously.

I love that the service works in just about every country in the world, including Communist China, Russia, and Iran in many instances.

It is not the cheapest VPN available, but there is a generous 30-day money-back guarantee, and if you sign up now, you can save 49% thanks to our exclusive offer for VPNCompare readers.

Read our full review of ExpressVPN to find out more.

2. NordVPN

NordVPN website

NordVPN is another high-profile VPN that offers 256-bit AES encryption as standard.

It also has the most comprehensive selection of security features of any VPN we have tested, with features including double-hop servers, Tor-over-VPN servers, leak protection, and of course, that essential kill switch.

Its adoption of the new, faster, and more secure WireGuard protocol also means it can offer users the quickest and most secure VPN connections available.

NordVPN has another comprehensive no-user logs claim. PWC has also verified theirs, and this means you can trust NordVPN to keep your data and IP Address private, as laid out in the detailed privacy policy, which, being based in Panama, is seriously impressive.

It offers six simultaneous connections, a vast range of user-friendly apps including for Android, iOS, Windows, Mac OS and the Amazon Fire TV Stick devices, and lightning-fast connections across its entire substantial server network.

I am a particular fan of the fact that NordVPN prices are really affordable, and there is a 30-day money-back guarantee available too.

Read our full review of NordVPN to find out more.

3. CyberGhost VPN

Cyberghost Website

CyberGhost VPN is a VPN that has made some significant improvements in recent years and now hits the security heights of many of its rivals. It offers 256-bit AES encryption as standard and user-friendly privacy features that can be managed with the click of a button.

It also has an outstanding no-user logs guarantee that sits at the heart of an impressive privacy policy which has been independently verified by Deloitte.

CyberGhost VPN also offers great user-friendly apps which are ideal for beginners and a big favourite of mine. These apps are available for almost every device, including Android, iOS, Windows, Mac OS, Linux, Routers and the Amazon Fire TV Stick, and you can connect to as many as 7 devices at any one time.

Connection speeds are pretty good, and CyberGhost can work in most countries around the world. Prices are also reasonable, and there is an unbeatable 45-day money-back guarantee on offer too.

Read our full review of CyberGhost VPN to find out more.

4. IPVanish

IPVanish website

IPVanish’s reputation has been on the wane until recently after a historical law-enforcement case raised concerns over their no-log policy. But now it is back with a bang and once again ranks as one of the most secure VPNs on the market.

That no user logs policy is now fully reaffirmed in an independent audit by the Leviathan Security Group, and IPVanish now does not store any user data or connection information.

It has always offered robust 256-bit AES encryption as standard, and this continues to be the case alongside some impressive additional security features.

IPVanish users can now connect an unlimited number of different devices simultaneously, which I love to see, and choose from a massive range of apps, including for Windows, Mac OS, Android, and Apple iOS, as well as the Amazon Fire TV Stick, Linux, and more.

It works in most countries but unfortunately, not in China.

IPVanish has recently upgraded to a 30-day money-back guarantee and also boasts some extremely competitive prices.

Read our full review of IPVanish to find out more.

5. Surfshark

Surfshark Website screengrab

Surfshark VPN is a relatively new provider that has enjoyed a massive impact since it burst onto the VPN scene in 2018.

It is another VPN that offers robust 256-bit AES encryption to all users, along with a whole host of security features. There is a comprehensive no-user logs guarantee and an excellent and transparent privacy policy. It does log a little more data than we would ideally like, however.

Surfshark has excellent, user-friendly apps available for almost every device that you can think of. It works in most countries around the world, but China isn’t absolutely guaranteed, which annoys me a little.

Prices are very competitive, and there is a 30-day money-back guarantee available, as well as some great rates if you sign up for longer.

Read our full review of Surfshark to find out more.

Part Three: How to protect yourself against government surveillance

Protect yourself surveillance

As I have already explained, a VPN can only do so much to protect you from government surveillance. But if you use a VPN as part of a suite of online security and privacy tools, you will be giving yourself the best possible chance of staying safe from state snooping.

In this final section, I will make some expert recommendations for three other types of online security tools that can, if used correctly, help to protect you from government surveillance.

The same caveats apply to all of these. None of them are flawless. If you’re a high-profile target, they’ll find a way to monitor you regardless.

For example, end-to-end encrypted messaging services are secure, but if one or other of the devices used in the discussion is compromised, the messages will not be private. If you use a weak password on your encrypted email account, it can be easily hacked.

But, if you use these tools well alongside a VPN, it is my professional opinion that you are giving yourself the best possible chance of keeping your online data and activity out of the clutches of government surveillance operatives.

Encrypted Messaging Apps

Encrypted chat apps

With emails being viewed by most people as rather passe these days, it is quite likely that you communicate with friends and colleagues through the medium of instant messaging services.

These have a considerable user base these days and infuriate government surveillance operatives because many of the most popular ones are encrypted.

The furore over the decision of WhatsApp to introduce end-to-end encryption has been matched by the fuss over Facebook’s plans to introduce the same technology onto their Messenger app.

The only possible conclusion to reach from this outcry is that these intelligence agencies do indeed monitor these instant messaging apps and don’t want to lose out on this valuable data.

But not all instant messaging apps are encrypted, so which should you use to protect yourself from government surveillance? Here is our rundown of my top 5:

1. Signal

Signal is free, secure, and fully encrypted, and quite frankly, the best-encrypted messenger service out there by a country mile. If you don’t believe us, ask one of its millions of users around the world.

Signal is the only messenger app we have looked at which enables all its privacy-preserving options by default.

This means there is a very low chance of your data message content leaking unless you change the settings yourself or your device is compromised.

Signal allows users to send messages by text or use a voice-calling service, both of which are secured by end-to-end encryption.

Users can also choose from different disappearing message intervals for each conversation they have, and Signal is open source which means the coding is robust and closely scrutinised.

Signal also has no adverts, no user logs, no tracking, and so secure is it that not even Signal itself can see the content of your messages. Signal is by some way the best-encrypted messenger service around. I use it every day and you should too.

2. Telegram

Telegram is the closest challenger to Signal on the market right now. Its determined efforts to prevent the Russian regime of Vladimir Putin from compromising its security is a testament to how seriously it takes the protection of its users.

It offers end-to-end encryption on all text conversations, group chats, and voice calls and also provides a wide selection of additional security options, including self-destructing messages, files, photos, and videos.

Telegram even has a secret chat option, which I love, that forces your contacts Telegram app to delete messages if you choose to do so.

Telegram is another free service and also has millions of users around the world.

Like Signal, there is no advertising on their platform either. There are very few drawbacks to Telegram, and it even lets users send documents and files of any size for free – another good option in my view.

3. Wire

Wire is less well-known than the first two providers on this list, but it is one of very few encrypted messenger services that default to encrypted mode to protect your calls and messages.

Wire even uses a new encryption key for every message you send, which means the chances of a government surveillance operative cracking the encryption is low.

Wire enhances its security by ensuring that all of its coding is open source. It even claims to be the most publicly audited communication tool on the market.

If you are planning to use Wire for personal users, the service is free, but if you want an organisation account, there is a fee to pay. Wire is smaller than Signal and Telegram, but it still boasts hundreds of thousands of users.

Being a more low-key app arguably makes it less of a target for government agencies than the first two on this list, and the security protections it offers mean your messages should always be safe.

4. WhatsApp

WhatsApp is perhaps the best-known instant messaging service on this list and like, me you likely use it all the time,. Its adoption of end-to-end encryption a few years back made it even more popular with privacy-conscious users.

It is not as secure as the other apps on this list, though.

For example, it does back-up content on unencrypted storage sites. It is also owned by Facebook, which makes its profits from exploiting user data and is a known target of the NSA and other intelligence agencies.

Nevertheless, WhatsApp is more secure than any unencrypted messaging app and, with some careful management of the settings and features, can let you communicate securely and privately.

5. Viber

Viber is an encrypted messaging service owned by Japanese media company Rakuten. It allows users to make encrypted voice and video calls, send secure voice and text messages, and share files securely.

Users of Viber need to be aware that encryption of all these services is an option, and it is not set by default, so you do have to fix the settings manually. But this is relatively easy, and once done, it offers an impressively secure service.

Viber also has many additional privacy-friendly features, such as auto-deleting messages and trusted contact verification.

It claims more than a billion users worldwide, and while its user-friendly apps make this number a distinct possibility, the popularity of the app is not what it once was.

Encrypted Emails

Encrypted emails

While emails might be going out of fashion a little, there are still billions sent every day. It is likely that you have several email accounts and use them for all sorts of professional and personal communications.

Most of the popular email providers offer an unencrypted service, something I still find really frustrating.

Email accounts such as Gmail or Outlook are essentially open for anyone to see. Your email provider quite probably logs much of your communication, and any half-decent hacker will be able to intercept and read them.

If you want to keep your email out of the reach of government surveillance, it is my professional opinion that you need to use an encrypted email provider. The same provisos as encrypted messenger services apply here.

Encrypted email is only as secure as you make it. If you don’t keep your account secure or if either device sending or receiving the email is compromised, your emails will still be accessible.

But encrypting them will go a long way to stopping government agencies from being able to read them.

My pick of the top 5 encrypted email providers on the market right now are:

1. ProtonMail

ProtonMail, from the team behind ProtonVPN, is our top recommended encrypted email service.

It is free to use, although this service only allows you to send a maximum of 150 emails a day. If you want unlimited emails, you can pay a little more for their Plus, Visionary, or Business plans.

ProtonMail is open-source and can be used on any computer or mobile device. It employs end-to-end encryption that cannot be broken and helps to ensure that your emails are secure throughout their journey to their intended recipient.

ProtonMail also comes with a 500 MB-large storage. It is easy to use and offers everything you need from a secure email service. It is my personal encrypted email of choice.

2. Tuta

Tuta heralds from Germany and is quite similar to ProtonMail in design and security. It also uses end-to-end encryption on all communication.

With Tuta, only you have the encryption key. This means that if you are sending an encrypted email to an insecure email account, you are able to send the decryption key to the receiver too.

You have control over who can and cannot see your emails.

Tuta is well-designed and offers several domains, custom folders, attachments, and many more features.

It does have a free version, but this is limited to 100 emails a day and 1GB of storage. That will be more than enough for most users, but there is the option to upgrade for unlimited messages and 20GB or 500GB of storage if you are willing to pay a small fee.

3. CounterMail

CounterMail is based in Sweden and offers a reliable encrypted email system that comes with the added bonus of storing all content on fully encrypted servers.

These servers are all located in Sweden, which is extremely privacy-friendly, and they are run from CD-ROMs only, meaning no hard disks are involved, thus increasing security.

CounterMail also offers plenty of additional features. You can modify many account settings, create forms, filter emails, and much more. It also uses anonymous email headers, which means you can use it in a browser or an iOS app.

On the flipside, CounterMail is definitely not the most user-friendly of services, especially for beginners, and its interface is rather dated.

There is only a ten-day free trial available too, after which you will have to pay. But, if you want high security and lots of features, it ticks all the boxes.

4. Mailfence

Mailfence is another well-known encrypted email service which uses end-to-end encryption as standard and has no ads throughout its service.

It also lets you choose your own email address, and you can opt to use either your own domain or a Mailfence address to create an anonymous account.

Mailfence offers a free service, but it only comes with a 500MB storage limit. If you need more, there are paid-for options available.

A downside to Mailfence is that it is not open source, which means it is less secure and private than others on this list.

Its servers are also based in Belgium, which is in the EU and has close ties to the Five Eyes intelligence network. These detract from what is an otherwise excellent service.

5. HushMail

HushMail is another prominent encrypted email service that offers full encryption and is capable of sending secure emails to other HushMail users and those who do not use the service.

The design and interface of HushMail’s platform is extremely user-friendly, and it has a 14-day free trial which gives you plenty of time to try it out. However, after the trial, you do have to pay a fee.

If you use a Mac, then this definitely isn’t the encrypted email service for you, as there is currently no macOS app.

It is also based in Canada, which has privacy laws that are far from ideal. But that aside, it is another strong contender.

Encrypted Storage

Encrypted storage

Earlier in this guide, we touched on the potential risk posed by data storage and backups. Often, these services are not encrypted and can be easily accessed by government agencies, hackers, and anyone else who might be interested.

Backing up and storing data is important for a lot of people. Still, if you want to keep that data out of the clutches of government surveillance operatives, an excellent way to do it is by using an encrypted storage solution. I would go so far as to say you have to be using one of these encrypted storage solutions.

The same caveats as the previous two sections apply once more here. Secure these services with a weak password, and you might as well not bother with the encryption while a compromised device is likely to let whoever is in control access this data.

Otherwise, encrypted storage will usually offer robust protections, but it is crucial to choose the right provider.

Here is my rundown of the top 5:

1. is a fantastic cloud storage service that offers strong encryption, great security, and a large free service provision. It is a zero-knowledge provider, which means even the people behind it have no way of seeing what is stored on their servers.

It uses 256-bit AES to encrypt all stored files, and unlike some encrypted storage providers, it also protects files in transit using the TLS protocol. offers 5GB of storage for free, and if you manage to refer friends, you can grow this by 1GB each up to a maximum of 20GB for free.

If you don’t mind paying, you can get as much as 6TB of storage for as little as US$20 a month. Good value for money in my view.

2. pCloud

pCloud is another highly secure cloud storage service. It also uses 256-bit AES encryption as standard and employs the same TLS protocol to protect files on the move.

pCloud is a zero-knowledge service, so they don’t know what is stored on their system. But this doesn’t apply to their popular free plan.

This free plan gives you 10GB of storage for free and again adds 1GB for every friend you refer. Premium plans which are zero-knowledge, are priced up to around US$8 for 2TB of storage.

pCloud also offers a lifetime subscription for just US$350, but we always hesitate to recommend deals like this as you never know what the future holds.

3. Tresorit

Tresorit is another secure storage solution that uses 256-bit AES encryption and the TLS protocol for moving files.

Tresorit also offers various additional security features, including two-factor authentication, and it uses some of the most robust encryption keys around.#

Learn More

Discover more about how Two-Factor Authentication keeps you safe.

This storage solution is a little bit more expensive, with the cheapest plan being around £7.99 for 1TB of storage. A 4TB capacity will cost £18.99 a month. There is a 14-day free trial available too.

4. OneDrive

Microsoft’s OneDrive could well be the first storage solution on this list that you have come across before. It is not commonly known, but OneDrive also encrypts all your documents with 256-bit AES encryption and uses the TLS protocol for file transfers.

An important distinction is that OneDrive is not a zero-knowledge service. Microsoft holds the keys to your data and given their known links to the NSA and other intelligence agencies, that presents a risk.

OneDrive’s free plan offers just 5GB of storage, but if you have a subscription to Microsoft 365, you will get up to 6TB of storage included in that, depending on which plan you are on.

OneDrive is an extremely user-friendly service, but it is not totally risk-free.

5. SpiderOak

SpiderOak is a cloud backup service that uses 256-bit AES encryption and encrypts data before it leaves your device.

Files are encrypted in transit using SSL protocol, and SpiderOak makes a big deal about the fact that it doesn’t collect your file metadata.

SpiderOak doesn’t have a free plan, but it is priced very reasonably. 400GB of storage will set you back just US$11 a month, while 2TB costs US$14 a month. There is also a 21-day free trial available too.



Government internet surveillance is not a new issue, and the blunt truth is that it is getting far worse right around the world every year. My research has shown this all too clearly.

Authoritarian regimes are using internet surveillance to clamp down on political opponents and secure their grip on power. Meanwhile, democratic governments are increasingly seeing online surveillance as a quick and simple way to protect national security.

The consequences for individual rights and freedoms are catastrophic, as I have outlined in this guide, and many people are seeking their own solutions.

In parts two and three of this guide, I have detailed some of the possible solutions to government surveillance whilst being frank and honest with you about the limitations.

A VPN can help to prevent government surveillance snooping on your internet activity. But it is not a cast-iron solution.

A VPN will work best as part of a suite of privacy tools, and in the third section of this guide, we have detailed the best-encrypted messenger apps, email providers, and storage options on the market right now.

It’s worth remembering there is no beginner-friendly solution if you’re a specific target of government surveillance. However, these measures are the best amateur way to protect your data from being collected and analysed on a more mass-collection basis.

If you have any questions about anything I have covered in this guide, please do drop me a line in the comments section of this guide. I would also love to hear your thoughts and tips on how to limit government surveillance.

I will be regularly updating this guide with the latest information and advice, and it is always helpful to hear your opinions.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *