Adding VPN capabilities to your network isn't a decision to take lightly, although in this 24 x 7 day and age, you might find a VPN implementation impossible to avoid as users demand external access to your network. Just remember: A VPN adds access, not security, to your network. Think of a VPN as just another potential vector for intruders attempting to access your network or information. Done right, a VPN can improve your company's communications and still keep your network safe. So when you take the plunge, use the security checklist that Figure 3 shows to make sure you've done the research and preparation. That way, your VPN won't turn into a Virtual Public Network or your Very Personal Nightmare.
Many installations treat external VPN clients as fully trusted internal hosts. I recommend that you create a second class of VPN user that doesn't have the full privileges of a local host and that can access only the resources that a user of that type requires. Don't give these users access to printers or shares that they don't need for external work.
Since we first recommended IVPN in the spring of 2018, the company has added automatic server selection to its desktop applications, bringing it in line with other top-performing VPN apps. Alternatively, when you click on the location at the bottom of the app, you’ll see a list of all of the global IVPN server locations, color coded by speed. At the top of the list is an option to connect to the fastest one, and once selected, the app remembers your preference through future disconnects and reboots. You can also use IVPN’s multihop servers to route your traffic through two VPN servers—a feature unique to IVPN among the services we tested—though we don’t think this step is necessary for most people, given the slower speeds you’ll likely experience.
Setting up ExpressVPN and connecting to a VPN server was easy enough. Performance, when connected to the VPN server, was average at 49 Mb/s down and 16 Mb/s up, compared to our usual speeds of 125 Mb/s down and 20 Mb/s up. Netflix complained about a proxy being in use when we used the automatic configuration option, but it worked fine when we manually selected a local U.S. server. Amazon Prime Video played just fine, and our other internet tests completed without issue.
To choose the best VPN for you, don’t just look at the price, not least because many services offer massive discounts if you take out a longer term subscription. Start with the basics: how many simultaneous connections can you have? Are there particular security protocols you want to use? Does the provider have servers in the places you’ll want to use it from and the places you want to connect to? How much data will they log about you, and how long do they keep it for?
The VPN client communicates over the public Internet and sends the computer’s network traffic through the encrypted connection to the VPN server. The encryption provides a secure connection, which means the business’s competitors can’t snoop on the connection and see sensitive business information. Depending on the VPN, all the computer’s network traffic may be sent over the VPN – or only some of it may (generally, however, all network traffic goes through the VPN). If all web browsing traffic is sent over the VPN, people between the VPN client and server can’t snoop on the web browsing traffic. This provides protection when using public Wi-Fi networks and allows users to access geographically-restricted services – for example, the employee could bypass Internet censorship if they’re working from a country that censors the web. To the websites the employee accesses through the VPN, the web browsing traffic would appear to be coming from the VPN server.
Speed-wise, Avast SecureLine did well in our European speed tests, with us recording over 9.83MB/s (78.64Mbit/s) in our file transfer tests to the Netherlands. Its US performance was a little below average but still decent at 3.22MB/s (25.76Mbit/s), although UK performance was a bit slower than in our last round of tests, at 6.5MB/s (52Mbit/s) via FTP and 5.8MB/s (46.4Mbit/s) for an HTTP download.
Another example showing the value of VPNs is using these services to access blocked websites. Some governments have decided that it is in their best interest to block certain websites from access by all members of the population. With a VPN, those people can have their web traffic securely tunneled to a different country with more progressive policies, and access sites that would otherwise be blocked. And again, because VPNs encrypt your traffic, it helps protect the identity of people who connect to the open internet in this way.
Tip for Chrome, Firefox, and Opera users: A feature called WebRTC can, in some Web browsers, inadvertently cause your true IP address to leak out even when you’re connected via a great VPN. WebRTC assists with peer-to-peer connections, such as for video chatting, but could be exploited in some cases. You can manually disable this function in Firefox, or use an extension to block most instances of it in Chrome or Opera. For more details and instructions, check out Restore Privacy.
TorGuard is incorporated in St. Kitts and Nevis, and operates out of offices mostly in the US. But most people shouldn’t be worried about the legal jurisdiction of their VPN’s offices—we detail the reach of government surveillance above. In short, we think a privacy-focused VPN with public leadership that can be trusted not to collect information about their customers is a better choice in any country, rather than an opaque company run from the most liberty-ensuring country on the planet.
Surfshark might not be a market leader, but it does not fall behind in any aspect. This provider can stand its ground well when compared with even the Top tier services. You receive a respectable number of server locations, good streaming capabilities, and excellent encryption. To be completely sure of the service though, conducting a complete privacy analysis was necessary. You will feel glad to see the results below, which indicate that we are located in Russia! This includes changes in local IP address, public IP, or DNS!
That's not to say a VPN makes you invisible to spies or law enforcement. Your traffic could still be intercepted in any number of ways. A VPN does make it harder to correlate online activities to you, and adds a layer of encryption during parts of your online traffic's journey. A determined, well-funded adversary that has singled you out for surveillance will likely find a way. But VPNs and widespread adoption of HTTPS make it much harder for mass surveillance to work as it has in the past.
If you're using a service to route all your internet traffic through its servers, you have to be able to trust the provider. Established security companies, such as F-Secure, may have only recently come to the VPN market. It's easier to trust companies that have been around a little longer, simply because their reputation is likely to be known. But companies and products can change quickly. Today's slow VPN service that won't let you cancel your subscription could be tomorrow's poster child for excellence.
Hotspot Shield VPN works in most countries, but that doesn’t mean it’s always legal to use a VPN in a specific country. If you have any doubts about the legality of using a VPN in a certain country, always consult a qualified lawyer because laws can change quickly. If you’re still unsure, then it’s best to play it safe and abide by the most conservative guidelines of a country.
A “kill switch” goes by many names, but the term describes VPN software that shuts off all network traffic in and out of your computer if the encrypted connection fails. A hiccup in your Wi-Fi or even with your ISP can cause a VPN to disconnect, and if you then maintain an unsecure connection—especially if the VPN software doesn’t alert you that it’s no longer protecting your traffic—that wipes out all the benefits of your VPN. We considered kill switches to be mandatory. And although we looked for apps that made it easy to add rules about when to activate kill switches, we considered special config files or manual firewall tweaks to be too complex. (iOS doesn’t support any kill-switch features; we address a few iOS-specific problems that apply to all VPN services in a separate section.)
In the past, some VPN services would offer different pricing tiers, each of which offered a different set of features. One way to separate these pricing tiers was to limit the bandwidth (how much data you can transfer). With premium services, this practice is now almost unheard of, and all of the services we have listed do not limit their users' bandwidth. Bandwidth limits live on, however, in free VPN services.
Buffered VPN doesn't disclose much about the size of its network, but the 30-day money back guarantee means that you can take their service for a test drive and really get a feel for how well it performs for you. The company lost a few points from us because they do keep some connection information. They gained points for their client support, unlimited bandwidth, and generous number of simultaneous sessions allowed.