The first runs in the VPN client app on your computer, so if the VPN connection fails while the VPN client app is running, that VPN client app can turn off the computer or mobile device's internet connection. However, if your VPN connection has failed because the VPN client app itself crashed, then the kill switch may not work, and your IP and data may leak onto the internet.
If your VPN manages to shift your IP address, it does not mean you receive complete anonymity. Many rookie users are not aware that DNS Leaks are equally dangerous. They can easily expose your identity to your local ISP. To ensure ZenMate is safe to use, we performed a separate DNS Leak Test. From the results below, you can see only a single DNS server is visible. It is from Switzerland (the server we connected to).
Not all mobile VPN apps are created equal. In fact, most VPN providers offer different services (and sometimes, different servers) for their mobile offerings than they do for their desktop counterparts. We're pleased to see that NordVPN and Private Internet Access provide the same excellent selection of servers regardless of platform. These apps received an Editors' Choice nod both for desktop VPN apps and Android VPN apps.
Early data networks allowed VPN-style connections to remote sites through dial-up modem or through leased line connections utilizing Frame Relay and Asynchronous Transfer Mode (ATM) virtual circuits, provided through networks owned and operated by telecommunication carriers. These networks are not considered true VPNs because they passively secure the data being transmitted by the creation of logical data streams. They have been replaced by VPNs based on IP and IP/Multi-protocol Label Switching (MPLS) Networks, due to significant cost-reductions and increased bandwidth provided by new technologies such as digital subscriber line (DSL) and fiber-optic networks.
In addition to blocking malicious sites and ads, some VPNs also claim to block malware. We don't test the efficacy of these network-based protections, but most appear to be blacklists of sites known to host malicious software. That's great, but don't assume it's anywhere near as good as standalone antivirus. Use this feature to complement, not replace, your antivirus.
It is possible for some background services to send information across that initial, unsecured connection before the VPN loads. To be fair, the risk is relatively minor for most usage profiles. If you're establishing a connection automatically to your corporate server, you will definitely want to check with your IT team about how they want you to set things up.
One of the most important choices you make when selecting VPN hardware or software is which VPN protocol to use. A VPN product might support multiple protocols or only one. A protocol that's weak or not widely supported could render your VPN unusable if someone exploits a vulnerability. A proprietary protocol could mean future compatibility problems. Although the practice has become less common, a few vendors still try to do their own thing cryptographically. Avoid these vendors' products like the plague. I strongly recommend that you stay away from products that use proprietary, nonstandard protocols and stick to one of the following major protocols.
A “kill switch” goes by many names, but the term describes VPN software that shuts off all network traffic in and out of your computer if the encrypted connection fails. A hiccup in your Wi-Fi or even with your ISP can cause a VPN to disconnect, and if you then maintain an unsecure connection—especially if the VPN software doesn’t alert you that it’s no longer protecting your traffic—that wipes out all the benefits of your VPN. We considered kill switches to be mandatory. And although we looked for apps that made it easy to add rules about when to activate kill switches, we considered special config files or manual firewall tweaks to be too complex. (iOS doesn’t support any kill-switch features; we address a few iOS-specific problems that apply to all VPN services in a separate section.)
Over the course of four months, we scoured articles, white papers, customer reviews, and forums to compile the pros and cons of VPN services and different VPN protocols and encryption technologies. That One Privacy Site and privacytools.io stood out as two of the most thorough and unbiased sources of information. We interviewed Electronic Frontier Foundation analyst Amul Kalia about government surveillance and VPN efficacy. We also got answers from Joseph Jerome, policy counsel for the Center for Democracy & Technology’s privacy and data project, about how accountable VPN providers are for their policies and terms of service, and how that relates to trustworthiness. Alec Muffett, a security expert and software engineer, also shared his views on the usefulness of VPNs to protect against various threats.
Since the VPN connection works by connecting a network to a private server and the encryption of the data needs time, every VPN connection is at least marginally slower. The speed of the connection depends on both endpoints, often an overloaded or far away located VPN server is responsible for the performance loss. Paid VPN services usually guarantee a certain bandwidth in their SLAs.
When we talk about privacy, PureVPN is fairly decent choice among competitors. Not only does it offer high-end encryption but also has a no-logging policy. In regards to DNS leaks and such, not only that PureVPN has IPv6 covered as well as the more commonly used protocols, but you are guaranteed to get your money back, in case something goes amiss.
That depends. VPN use is legal in most countries, but, according to VPN provider CyberGhost, VPN use is illegal in the United Arab Emirates, Turkey, China, Iran, North Korea, Saudi Arabia, and Russia. Vladimir Putin has recently banned VPN use in Russia. Also, be aware that the so-called proxy server alternative to VPNs is also illegal in many countries, which consider any form of IP spoofing to be illegal, not just those services labeled as VPN.
Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps. Prior to PCMag, Max wrote... See Full Bio
If you’re seriously concerned about government surveillance—we explain above why that should be most people’s last consideration when choosing a VPN—some expert sites like privacytools.io recommend avoiding services with a corporate presence in the US or UK. Such experts warn about the “14 eyes,” a creepy name for a group of countries that share intelligence info, particularly with the US. IVPN is based in Gibraltar, a British Overseas Territory. We don’t think that makes you any worse off than a company based in Switzerland, Sweden, or anywhere else—government surveillance efforts around the world are so complicated and clandestine that few people have the commitment, skills, or technology to avoid it completely. But because Gibraltar’s status has been a topic of debate in other deep dives on VPNs, we’d be remiss if we didn’t mention it.
Welcome to the CNET 2019 Directory of VPN providers. In this directory, we're taking a look at a few of the very best commercial VPN service providers on the Internet like CyberGhost, IPVanish, Hotspot Shield, Private Internet Access and others. Rather than looking at the wide range of free providers, which often have a lot of limits (and dubious loyalties), we are looking at those vendors who charge a few bucks a month, but put your interests first, rather than those of shadowy advertisers and sponsors. Our VPN rankings are based more than 20 factors including number of server locations, client software, dedicated and dynamic IP, bandwidth caps, security, logging, customer support and price.