Another solution for the really paranoid (and well funded) is to locate a second smaller firewall between your internal VPN concentrator and internal LAN, as Figure 1 shows. Then, if an attacker compromises a VPN host, he or she still must penetrate another firewall. You could open up a few common ports, but the firewall would still block ping scans, common worms, and other garbage. Of course, it wouldn't stop someone who's just looking around and it wouldn't work if VPN users need full access to the internal network, but it adds a second line of defense when security is paramount.
Keep in mind, that no VPN service provides complete security and privacy, but just adds one layer of protection in that direction. In addition, a VPN is held by a company. The company may change its policies or provide data to governments if National Security might be at stake. Using a VPN does not deem you free of any rules and regulations – you have to abide by the laws of the country you reside in, the country hosting the VPN service and probably some others. You are not completely anonymous by simply setting and using a VPN.
The only downsides to Private Internet Access are that you can't select your own username — you've got to stick with an assigned random ID — and that you've occasionally got to reinstall a balky driver in Windows. (There's a button to do this.) Selecting Private Internet Access as our VPN service of choice was almost a no-brainer, but because it's based in the U.S., anyone wary of the FBI may want to consider another service.
Switzerland is famed for its privacy-friendly legislation, and that’s where VyprVPN operates from - although its servers operate in 72 other countries to deliver unlimited data. If you’re used to VPN services absolutely killing your data speeds you’ll be positively surprised by VyprVPN: we found that our data speeds actually increased when we enabled the VPN! Not only that but there are plenty of useful options including auto-connect, a kill-switch and enhanced security via the service’s proprietary Chameleon protocol and its own DNS. VyprVPN has a free trial too so you can try it our and see what you think before you commit!
How to buy and pay with bitcoin anonymouslyApril 18, 2018 / by Aimee O'DriscollWhat bitcoin is and how to buy it and use itApril 6, 2018 / by Aimee O'DriscollMonero vs zcash vs dash: which is the most anonymous cryptocurrency?April 4, 2018 / by Aimee O'Driscoll20+ Bitcoin scams and how to spot and avoid themMarch 8, 2018 / by Aimee O'DriscollWhat is Bitcoin mining and how can you do it?March 7, 2018 / by Aimee O'Driscoll
Our rankings are based on our technical assessment of, and our personal experience using, each product. Click here for more information on how we came to our findings. We are paid commissions from all VPN companies on this site for customers referred from this site which convert into sales. Click here for more information about how this site operates.

It usually relies on either Internet Protocol Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection. However, SSL VPNs can also be used to supply secure access to a single application, rather than an entire internal network. Some VPNs also provide Layer 2 access to the target network; these will require a tunneling protocol like PPTP (Point-to-Point Tunneling Protocol) or L2TP (Layer 2 Tunneling Protocol) running across the base IPsec connection.


Your ISP may already be involved in some of these spying operations, but there's an even-newer concern. The FCC has rolled back Obama-era rules that sought to protect net neutrality, and in doing so allowed ISPs to profit off your data. The ISPs wanted a slice of that big data monetization pie that has fueled the growth of companies like Facebook and Google. Those companies are able to gather huge amounts of information about users, and then use it to target advertising or even sell that data to other companies. ISPs now have the green light to bundle anonymized user data and put it up for sale.
To verify that each service effectively hid our true IP address, we looked at a geolocation tool, DNS leaks, and IPv6 leaks. When connected to each service’s UK servers, we noted whether we could watch videos on BBC iPlayer, and using US servers we noted whether we could stream Netflix. We also visited the sites of Target, Yelp, Cloudflare, and Akamai to check whether our VPN IP addresses prevented us from accessing common sites that sometimes blacklist suspicious IP addresses.

A VPN encrypts all of the Internet traffic between your computer and the VPN server, preventing anyone on your local network, or connection points along the way, from monitoring or modifying your traffic. Beyond the VPN server (in other words, on the rest of the way to whatever Internet server you’re connecting to), your traffic mixes with traffic from other people on the VPN and the rest of the Internet. Ideally, that makes your traffic traceable only to the VPN server, not to your home, office, or computer. You can read a more detailed explanation in our post about what a VPN is and when using one makes sense.
Speed-wise, when connected to VPNHub’s UK and Netherlands endpoints, our FTP and HTTP downloads came in at around 10MB/s (80Mbit/s). Connecting to U.S. endpoints gave us 4.8MB/s (38.4Mbit/s) via FTP and 4.2MB/s (33.6Mbit/s) via HTTP. While that’s good enough for everyday browsing and streaming, your results may vary – we connected to U.S Netflix no problem, but, as with many VPNs on this list, BBC iPlayer promptly showed us the door.
You are probably now aware how important conducting a DNS Leak Test is for providers. You would not want to sign up with a provider that fails to meet the most basic demands of users. If you analyze the DNS Leak Test below, you will notice VyprVPN’s Australian server utilizes four different DNS addresses. However, none of them reveal any information of us being based in the US. In fact, if you look closely each address has the “AU” initials.
CyberGhost is one of the better VPNs out there by virtue of having a number of helpful features, such as a killswitch, which will halt all traffic if the VPN tunnel is suspended for whatever reason, ad blockers and tracker blockers, and built-in shortcuts to sites and services which are either geo-locked or the likes of Twitter and Wikipedia, which are frequently censored by authoritarian goverments.
We like that the company offers a connection kill switch feature and, for those who need it, there's an option to get a dedicated IP address. VyprVPN is a standout in their effort to provide privacy, and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog's VyperVPN service added scrambled OpenVPN packets to keep the traffic flowing. 
×