We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.
While it hides your IP address, a VPN is not a true anonymization service. For that, you'll want to access the Tor network, which will almost certainly slow down your connection. While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes making it much, much harder to track. Using Tor also grants access to hidden Dark Web sites, which a VPN simply cannot do. That said, some services, such as NordVPN, offer Tor access on specific servers.
Reddit users give Nord praise because it actually seems trustworthy, especially compared to other VPNs that may hand over information to the wrong people. Nord is also equipped with the ability to connect to a Double VPN, which encrypts your traffic twice for double the protection. One NordVPN fan on Reddit, Sacredkeep, even mentioned that NordVPN solved the problems that PureVPN and PIA gave them. Plus if you have any issues, Nord offers a 24/7 live chat. If you want a no frills, no worries situation, NordVPN is the simple, smooth operator that has your back. Get one month for $11.95, one year for $6.99/month, or two years for $3.99 per month.
Secure Shell (SSH) is a secure version of Telnet that you can use to log on and open a command line on a remote machine. You can also use SSH to establish an encrypted tunnel between two machines, effectively creating a VPN. Different versions of SSH use RSA or Digital Signature Algorithm (DSA) for secure key exchange and 3DES or Blowfish for data encryption. You can use a free program such as Stunnel (http://www.stunnel.org) along with a free version of SSH such as OpenSSH (http://www.openssh.org) to tunnel protocols such as Web and mail protocols through an encrypted SSH tunnel. All you need is a machine at either end running both these programs. SSH and Stunnel are an inexpensive way to implement a VPN, although setting up such a VPN requires a lot of configuration and might not scale to handle a large number of machines. An SSH VPN can, however, make a nice solution for connecting two servers that need to communicate securely, such as a Web server and a back-end database server.
In 2016, a federal court in Australia ordered ISPs to block BitTorrent tracker sites including ThePirateBay, Torrentz, TorrentHound, IsoHunt and SolarMovie. This has proven to be somewhat effective as visits from Australia to these sites have dropped by 53%. This doesn’t take into account VPN users — the sites can still be accessed with any of the VPNs we listed above.
Closely control access to your VPN box, whether it's a concentrator or Windows machine. In the case of a Windows server, put the machine on a separate domain and have only a few accounts on it. Use the strongest possible passwords, and store and swap them out appropriately. In the case of a hardware device, disable insecure protocols, such as FTP and Telnet, that pass your logon information in the clear. An insecure VPN concentrator box or unpatched Windows VPN server presents a much easier target than do VPN keys that must be brute-forced.
UK FTP and HTTP performance with CyberGhost hovered just under 5MB/s (40Mbit/s). Testing endpoints in the Netherlands yielded around 7MB/s (56Mbit/s), while in the United States, we managed just 2MB/s (16Mbit/s). This is passable for standard web browsing and video streaming but could be a bottleneck if you have a fast internet connection and want to download large files while connected to your VPN. These scores are slightly slower than they were earlier in the year – remember that any speed test only provides a snapshot of a brief period of time.
The country connections, meanwhile, matter most to those who want to spoof their location; however, non-spoofers should also make sure there are connections in their home country. If you live in Los Angeles, for example, and want access to American content, then you’ll need a VPN that provides U.S. connections. It won’t work to try and watch Amazon Prime Video over a Dutch VPN connection, because as far as Hulu’s concerned your computer is in the Netherlands.
One way to resolve the issue of trust is to be your own VPN provider, but that’s not a feasible option for most people, and it still requires trust in any company providing the hardware that your VPN would run on, such as Amazon’s cloud services. Multiple projects can help you cheaply turn any old server into a VPN, including Algo, Streisand, and Outline. By encrypting all the traffic from your home or mobile device to a server you manage, you deprive your ISP and a potentially villainous VPN of all your juicy traffic logs. But most people lack the skills, patience, or energy—or some combination of the three—to do this. If you don’t manage servers or work in IT, it may be harder to manage perfect operation and performance better than trustworthy professionals. Lastly, though you remove one threat from the equation by cutting out a VPN service provider, you also lose the extra layer of privacy that comes from your traffic mixing in with that of hundreds or thousands of other customers.
Another reason to use a VPN is for torrenting. The risks of torrenting with the Digital Millennium Copyright Act present are real. Though doing so may only result in a notice from your ISP in certain countries, in others it may lead to a fine or jail time. We’re not here to condone torrenting copyrighted content, or deter it, but you should be using a VPN if you’re going to pirate.
You might pay for streaming services that enable you to watch things like professional sports. When you travel outside the country, the streaming service may not be available. Not so with a VPN — it allows you to select an IP address in your home country. In effect, you’re protected from losing access to something you’re paying for. You may also be able to avoid data or speed throttling, as well.
Yes. Although Netflix is now available almost everywhere, some places – notably the United States – enjoy a much larger catalog of titles than everywhere else. And some people want to access regional catalogs. In theory, all you need do to watch a local version of Netflix from somewhere else is connect to a VPN server in that country. You can sign into any regional Netflix page with any active Netflix account, no matter where that account is registered. The snag is that due to pressure from its content producers, Netflix now tries to ban IP addresses that it knows belongs to VPN and proxy services. Many VPN services have found sneaky ways around this ban, but it is a cat and mouse game. Please see our best Netflix VPNs for a list of services which still work with Netflix (most of the time).
We tested NordVPN and found that it works well with Netflix and other streaming services that block most other VPNs. It is compatible with all devices, does not retain logs, and offers a 30-day money-back guarantee (it's real, we checked). With a price so low, it's no wonder NordVPN is the most popular VPN out there, used by technology experts all around the world.
Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization. For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network, but neither secure nor trusted.
Most VPN clients also let you set compulsory tunnels or disable split tunnels so that when the client has a VPN tunnel established, the client doesn't allow communications from outside channels. This restriction prevents an attacker who compromises the VPN client computer from leapfrogging from the Internet onto your network. These client measures aren't silver bullets, but they thwart all but the most serious attackers. Unfortunately, most software-based VPNs, including the XP and Win2K VPN clients, don't offer these protections.
This is also a good way to provide support for more than one family member on a single subscription. Generally, there's no good reason for a VPN provider to allow less than two or three connections. If your provider only allows one, find another vendor. We gave extra points in our VPN directory to those vendors who allowed three or more connections.
To prevent middle-man access and to ensure that the data is sent via a secure tunnel, certain criteria should be met. The criteria include a DNS Leak Protection (over IPv4, IPv6 and WebRTC), encrypted traffic via a Private tunnel, and hopefully no logs of the data saved anywhere. However, if the government wants to see which websites and web locations a user visits, the ISP provider can demand and get that information. Thus, no real anonymity is achieved, but the specific data will be encrypted, secure and free from middle-man attacks.
No reputable VPN service logs any kind of user activity, unlike your internet service provider, which can easily log every website you visit by storing all your DNS requests sent in cleartext. The only VPN on this list that maintains 24 hours worth of basic connection logs (no activity) is VPN.ac, and they clearly state their reasons (security) for doing so. There have been shady VPNs that have cooperated with government agencies, such as PureVPN (see logging case) and I do not recommend these providers.
There are about 3,000 CyberGhost connection points in about 60 countries worldwide. You don't need to provide your real name, just a working email address, and you can pay in Bitcoin to remain nearly anonymous. As with most full-fledged VPN services, you can connect directly from your operating system's network settings or use third-party OpenVPN software to do so. You can also select from among VPN protocols and set up a home Wi-Fi router to use CyberGhost all the time.
As we previously noted, we don’t recommend relying on our picks to get around geographic restrictions on copyrighted content. The practice is likely illegal, and it violates the terms of service of your ISP, VPN, and content provider. On top of that, it often doesn’t work—we couldn’t access Netflix over any of the services we tried, and of the four streams we loaded on BBC iPlayer, only two worked a few days later.
Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not. This is actually why we also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy. KeepSolid VPN Unlimited offers a one-week Vacation subscription, for example. Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs.
NordVPN is a popular no logs VPN service based in Panama. It performed well in testing for the latest update to the NordVPN review and offers very competitive prices. While the speeds can be somewhat variable, the latest speed test results were good with the servers I tested. To improve speeds, NordVPN has added hundreds of servers to their network, so there is more available bandwidth for users.
To be fair, not all pay VPN services are legitimate, either. It's important to be careful who you choose. Over on ZDNet's sister site, CNET, I've put together an always up-to-date directory of quality VPN providers. To be fair, some are better than others (and that's reflected in their ratings). But all are legitimate companies that provide quality service.