We checked Google Searches and other metrics to learn that ZenMate exists as one of the most popular choices for most VPN users. As such, we obviously had to review the provider, which took us around 24-hours. We tested its performance for facets relating to privacy, P2P/Torrenting and streaming/unblocking. Overall, we would say that the Berlin-based provider is definitely upping its game, preparing to compete with other hit services.
Some VPNs offer “split tunneling,” which routes all traffic through your VPN except specific services or sites that you allow. For example, you might want to send your Web traffic through your VPN but stream Netflix on your fast, domestic connection. But these types of rules are complicated to implement without also leaking other important information, and we didn’t assess how effective they were in practice.
Using Wi-Fi on the Windows laptops, we timed how long it took to connect to websites, measured latency times (how long it took a server to respond), and recorded upload and download speeds with Ookla's Speedtest meter, both with and without the VPN activated. We also timed how long it took to download a large video file, both with and without VPN activation.
Oh, heck no. A VPN can help make sure you're not snooped on when connecting between your computer and a website. But the website itself is quite capable of some serious privacy violations. For example, a VPN can't protect you against a website setting a tracking cookie that will tell other websites about you. A VPN can't protect you against a website recording information about products you're interested in. A VPN can't protect you against a website that sells your email address to list brokers. Yada, yada, yada.
HTTPS is a powerful tool that everyone should use because it helps keep sensitive browsing private at no extra cost to the people using it. But like most security standards, it has its own problems too. That little lock icon in your browser bar, which indicates the HTTPS connection, relies on a certificate “signed” by a recognized authority. But there are hundreds of such authorities, and as the EFF says, “the security of HTTPS is only as strong as the practices of the least trustworthy/competent CA [certificate authorities].” Plus, there have been plenty of news stories covering minor and even major vulnerabilities in the system. Some security professionals have worried about those least-competent authorities, spurring groups to improve on the certificate standards and prompting browsers to add warnings when you come across certificates and sites that don’t withstand scrutiny. So HTTPS is good—but like anything, it isn’t perfect.
TunnelBear is designed for a very specific group of people: people who want a VPN service but don’t want to mess around with configuration or become IT experts to make their connections more secure. And it caters brilliantly for that market, with a very straightforward interface and jargon-free writing. In truth, all of the VPN services these days do this but TunnelBear tries very hard to stand out. It’s not for power users - there isn’t much you can change - but with up to five simultaneous connections, servers across 20 countries and decent performance on US and Canadian websites. Longer connections can be slower, though: it’s when the relatively small number of server locations makes itself obvious. There’s a free version that limits you to 500MB of monthly traffic, and if you pay annually the price of the full version drops from $9.99 to $4.99 per month.
This helps in streaming seamlessly by unblocking sites like Netflix US, Amazon Prime, HotStar, Hulu, BBC iPlayer, among others. For complete anonymity, you even have 80,000+ static IPs with the choice of purchasing dedicated IP VPN for a $5 additional charge. Security is available through 256-bit AES encryption, 2,048-bit RSA keys, and MD5 HMAC authentication.
Many companies proudly display “warrant canaries” on their websites. These are digitally signed notices that say something to the effect of “We have never been served a warrant for traffic logs or turned over customer information.” Law enforcement can prohibit a company from discussing an investigation, but in theory, it can’t compel a company to actively lie. So the theory goes that when the warrant canary dies—that is, the notice disappears from the website because it’s no longer truthful—so does privacy. The EFF supports this legal position, though other highly regarded companies and organizations think warrant canaries are helpful only for informing you after the damage has been done. Such notices may provide a nice sense of security, and they are important to some people, but we didn’t consider them essential.
Google is full of articles claiming that a VPN will prevent ISPs from gathering metadata, but unfortunately that is not true. A VPN hides the contents of your internet traffic and your location from the outside world, but you still have to rely on your ISP’s network to get there. Strictly speaking a VPN cannot prevent an ISP from logging your location, device details, and traffic volume.
With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques. Home users usually deploy VPNs on their routers to protect devices, such as smart TVs or gaming consoles, which are not supported by native VPN clients. Supported devices are not restricted to those capable of running a VPN client.
Beyond those two factors, it’s difficult to make blanket statements about what makes a trustworthy VPN. At the bare minimum, a good VPN provider should not collect and keep any logs of its customers’ browsing history. If it does, that puts your privacy at risk should someone access (or even release) those logs without authorization. But deciding when to a trust a logging policy isn’t easy. As the EFF points out, “Some VPNs with exemplary privacy policies could be run by devious people.” You don’t need to have done anything illegal to prefer that law enforcement and criminals alike not have access to a browsing history that may include your bank, medical websites, or that one thing you looked at around 2 a.m. that one time.
That said, there’s one provider that doesn’t compromise anything. Windscribe has the best free plan we’ve seen, with multiple options to upgrade to a paid plan in the future. You get 10GB of data transfer and access to a limited server network, but all the other features are left intact. That includes Windscribe’s range of privacy tools for browsers and its URL checker.
^ Cisco Systems, Inc. (2004). Internetworking Technologies Handbook. Networking Technology Series (4 ed.). Cisco Press. p. 233. ISBN 9781587051197. Retrieved 2013-02-15. [...] VPNs using dedicated circuits, such as Frame Relay [...] are sometimes called trusted VPNs, because customers trust that the network facilities operated by the service providers will not be compromised.
As seen in our worst free VPN guide, there are reasons why you should pay for a VPN. That said, you shouldn’t go broke just because you should pay. In addition to finding the cheapest VPNs on the market, we looked for the providers that offer the most value for your dollar. If you can’t afford a VPN, you can read our section below with our free recommendation.
We like that the company offers a connection kill switch feature and, for those who need it, there's an option to get a dedicated IP address. VyprVPN is a standout in their effort to provide privacy, and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog's VyperVPN service added scrambled OpenVPN packets to keep the traffic flowing.