As such you want a VPN with the best available prefs.
AES is short for Advanced Encryption Standard and is the actual cipher used to encrypt data.
256-bit refers to the size of the encryption key and the number of possible values it can have.
256-bit can also be written as 2^256 or 2 multiplied by itself 256 times.
Even if you had dedicated access to supercomputers for centuries, youd still not be likely to break AES.
The WireGuard protocol uses a different cipher suite, ChaCha20 to perform its encryption.
One final encryption option is PFS or Perfect Forward Secrecy.
PFS is a setting that regularly changes the encryption key being used.
There is no reason not to use PFS if it is available.
The main culprits are IPv6, DNS, and WebRTC.
IPv6 is an update to the IPv4 address scheme used to uniquely address all devices on the internet.
As such its necessary to switch over to the new addressing scheme which has a much larger address space.
IPv6 uptake however has been slow, and many services and even ISPs dont support it.
you might test if your IPv6 address is leaking with sites likeipv6leak.com.
Disappointingly, VPNs have a history of allowing DNS requests to leak out of the VPN connection.
DNS is a plaintext protocol, meaning its not encrypted.
All protocols that send data to the internet, including DNS, should be routed over the VPN.
This allows the encryption of the VPN tunnel to protect your DNS data from snooping.
it’s possible for you to test if your DNS requests are leaking with websites likednsleaktest.com.
WebRTC or Web Real-Time Communication is a web app-based API used for peer-to-peer connections.
Blocking WebRTC is therefore a good idea.
Some VPNs will offer the ability to block it, others will not.
you could test if WebRTC is leaking your IP address on websites likebrowserleaks.com/webrtc.
