Methodology

How we rank

Four properties decide a provider's ranking. Each is weighted; jurisdiction and court-tested no-logs together account for ~60% of the score because they're the only things that hold up under legal pressure. Speed and streaming compatibility move the score within tiers but don't move a provider between tiers.

• 01Jurisdiction (where the company can be legally compelled): 30%
• 02No-logs evidence tier (court-tested > audited > claimed): 30%
• 03Open-source clients (auditable code): 15%
• 04Speed and protocol implementation (WireGuard quality, base latency): 10%
• 05Streaming reliability across major libraries: 10%
• 06Pricing transparency and renewal cost: 5%

Streaming test methodology

We re-verify streaming compatibility on the first weekend of every month. For each major library (Netflix US/UK/JP/CA, BBC iPlayer, Disney+ regional, Prime Video regional, plus DACH and Benelux services for our country pages), we connect to the provider's recommended servers, sign in, and check whether content plays. Results are captured in a tracker with the date and the specific server tested. Streaming services rotate IP blocks regularly — a result is good for ~30 days, after which we re-test. Failures get the next-most-recent verification date and a 'last working' note rather than being silently dropped.

Jurisdiction analysis

A VPN's legal protection is upper-bounded by where its corporate entity is incorporated. Five Eyes countries (US, UK, Canada, Australia, New Zealand) cooperate on intelligence requests and can compel disclosure under their respective surveillance laws. 14 Eyes (Germany, France, Netherlands, Sweden, Norway, Italy, Spain, Belgium, Denmark) is somewhat better but still cooperates via mutual legal assistance treaties. Outside both — Switzerland, Panama, British Virgin Islands, Romania, Iceland — is best. We check each provider's parent company, holding company, and physical office locations against this matrix.

Three tiers of no-logs evidence

Verification cadence

Streaming: monthly (first weekend). Pricing: quarterly, plus immediately when a provider announces a change. Jurisdiction: annually, plus immediately on relevant rulings (CJEU, US FCC, etc.). Court-tested status: as cases happen — we update within 7 days of a credible report. Every page shows the date of its last verification; pages that haven't been verified within their cadence window are flagged in our internal tracker until refreshed.

Affiliate disclosure

VPN Judge earns affiliate commissions from some — but not all — providers we recommend. Mullvad, our top privacy pick, has no meaningful affiliate program. ProtonVPN's program pays less than alternatives. The two providers we rank highest on privacy are the ones that pay us least; this is intentional. Our rankings are based on the criteria above, not on commission rates. Provider links on the site that earn us a commission are labelled; links that don't are also labelled. The full disclosure appears at the top of every ranking page.

What we don't do

We don't run synthetic speed tests as our primary methodology — speed depends so heavily on your ISP, time of day, and server choice that any single number is misleading. We cite independent benchmarks (PCMag, Tom's Guide, AV-TEST) where we want to compare. We don't publish encryption-implementation analysis — that's the audit firms' job, and we cite their published reports rather than re-creating them. We don't accept paid placement, sponsored rankings, or 'editorial' input from providers; all rankings are determined by the methodology above.