Most VPN guides are written for people who want to watch Netflix from a different country or stop their ISP from selling browsing data. This article is not that. It’s for people whose digital security has real-world consequences: journalists working with sensitive sources, activists in countries with repressive governments, whistleblowers, lawyers handling confidential cases, and human rights workers operating in hostile environments.
The threat model is different. The tools are different. And “good enough for most users” is not the standard.
The threat model for high-risk users
Casual users worry about their ISP, advertisers, and the occasional hacker on a coffee shop network. High-risk users may face:
- Nation-state level adversaries with legal access to ISP data and the ability to compel VPN providers to disclose information
- Targeted surveillance rather than mass surveillance (which is harder to avoid)
- Physical device seizure
- Social engineering and phishing specifically targeting their identity
- Traffic analysis even when content is encrypted
A VPN addresses some of these threats. It doesn’t address all of them. Understanding the gap is as important as understanding the protection.
What a VPN does for high-risk users
Prevents your ISP from seeing your traffic: In many countries, ISPs are legally required to retain connection metadata. A VPN prevents this metadata from being useful: your ISP sees a connection to a VPN server, not what you’re accessing.
Masks your IP from the sites you visit: If you’re researching a sensitive topic, you don’t want the website operator or their government partners to see your real IP and location.
Encrypts traffic on untrusted networks: Essential when working from hotels, airports, or any network you don’t control.
What a VPN does NOT do for high-risk users
A VPN does not protect against a compromised device: If your device has malware or is subject to remote monitoring, a VPN doesn’t help. The threat is at the device layer, not the network layer.
A VPN does not make you anonymous: Your VPN provider knows your real IP. A court order, a data breach, or an insider threat at the VPN company can expose you. This is why provider choice and jurisdiction matter more for high-risk users than for casual ones.
A VPN does not protect against metadata analysis: Traffic timing attacks, where an adversary correlates when you connect to a VPN with when activity appears at a destination, can partially de-anonymize VPN usage. This requires significant capability (nation-state level) and is rare in practice.
A VPN does not protect your accounts: If you log into identifiable accounts while using a VPN, those accounts know who you are regardless.
The right VPN choices for high-risk users
Mullvad: the gold standard for anonymity
No email required to create an account. Randomly generated account numbers. Cash payment accepted by mail. Monero and Bitcoin accepted. No personal data collected at signup or afterward.
Swedish jurisdiction is technically inside the 14 Eyes, but Mullvad’s court-tested track record (police raid in 2023, left with nothing) is more convincing than any audit. Swedish law does not require Mullvad to retain user data.
For journalists and activists: Mullvad is the right choice if minimizing the data chain from your identity to your VPN usage is the priority.
ProtonVPN: Swiss jurisdiction with maximum transparency
Swiss jurisdiction, open-source apps, KPMG-audited no-logs policy, Secure Core architecture (routes through two ProtonVPN servers before exiting). Run by Proton AG, which has a documented history of resisting government data requests.
The account requires an email address, which is a weaker anonymity starting point than Mullvad. Use a ProtonMail address (also Swiss, same company) to minimize the exposure.
Tor vs VPN for high-risk users
Tor provides stronger anonymity than any VPN because no single party sees both your identity and your destination. For accessing sensitive resources, communicating with sources, or any activity where the destination being linked to you creates real risk, Tor is the appropriate tool.
The tradeoff: Tor is significantly slower and impractical for general internet use.
Tor Browser should be used (not just the Tor network in a standard browser) to also address browser fingerprinting.
VPN over Tor or Tor over VPN are both options depending on the threat. Tor over VPN (VPN first, then Tor) hides Tor usage from your ISP and prevents the entry node from knowing your real IP. Most journalists’ organizations recommend Tor Browser for sensitive research and communication with sources.
Beyond the VPN: the full high-risk toolkit
A VPN is one layer. A complete security posture for high-risk users also includes:
Device security: Full-disk encryption (enabled by default on modern iOS and Android, requires setup on Windows and macOS). Strong device passcode. Automatic lock after idle.
Tails OS: A live operating system that runs from a USB drive, routes all traffic through Tor by default, and leaves no trace on the computer. Recommended for extremely sensitive work where device seizure is a risk.
Signal: End-to-end encrypted messaging with disappearing messages. Verify safety numbers with contacts.
Compartmentalization: Use separate devices or profiles for sensitive work and personal activity. Don’t mix identities.
Source protection: Journalists specifically should use SecureDrop for receiving documents from anonymous sources. A VPN does not provide the protection SecureDrop does for this use case.
Practical recommendations by risk level
Moderate risk (journalist in a democratic country, lawyer handling confidential cases): ProtonVPN or Mullvad. Tor Browser for sensitive research. Signal for communication.
High risk (activist in a repressive country, journalist covering organized crime or government corruption): Mullvad or Tor exclusively. Tails OS for work. No accounts logged in during sensitive sessions. Cash payment for VPN.
Extreme risk: VPN alone is insufficient. Consult with Access Now’s Digital Security Helpline, EFF’s Surveillance Self-Defense guide, or a dedicated digital security trainer from an organization like Committee to Protect Journalists (CPJ) or Reporters Without Borders (RSF).
Want to compare all VPNs side by side? Check our full VPN comparison table with scores across 18 criteria.
For high-risk users, Mullvad and ProtonVPN are the only VPNs worth considering. Mullvad offers stronger anonymity from signup. ProtonVPN offers Swiss jurisdiction with maximum technical transparency. A VPN is one layer of protection, not a complete solution. For work involving sensitive sources or hostile-government environments, Tor and Tails are essential complements.
The discipline layer no tool replaces
The uncomfortable truth this guide owes its readers: every tool above fails against sloppy practice, and most documented compromises of journalists and activists came through phones, accounts and people rather than broken encryption. The tool stack works only inside the discipline stack: separate devices or hardened profiles per identity, no cross-contamination of accounts or writing style, updates applied the day they ship, and the assumption that any single layer can fail. Train the routine before the assignment that needs it; crisis is the wrong classroom.
Organizations matter too: newsroom security teams, press freedom organizations and digital security helplines exist precisely to walk through threat models individually, and a one-hour consultation beats any article, this one included.
(This page deliberately stops short of operational specifics that vary by region and adversary; the organizations named above provide individualized guidance, and reaching them through a clean channel is itself lesson one.)
Keep reading: VPN vs Tor: Which One Should You Use? and Best VPN for Privacy in 2026: Audited, Tested, No Compromises.