Take a step back and consider how much of your life is transmitted over the inherently insecure internet. Do you feel a creeping sense of dread? That's entirely reasonable, considering the forces arrayed against your privacy. One of the best ways to secure your data is to use a virtual private network (VPN), which also provides some control over how you're identified online.
ProtonVPN is one of the newest VPN services, and it boasts some star-studded founding members. The company was founded at CERN, the birthplace of the internet, and grew out of the ProtonMAIL service that’s been protecting the email of activists and journalists for years. The service acts as a Swiss company and is thus free from the laws of the U.S. and the European Union. It’s also not a member of the “fourteen eyes surveillance network,” and user traffic isn’t logged and passes through privacy-friendly countries, so you needn’t worry about your true IP address being revealed.
That depends. VPN use is legal in most countries, but, according to VPN provider CyberGhost, VPN use is illegal in the United Arab Emirates, Turkey, China, Iran, North Korea, Saudi Arabia, and Russia. Vladimir Putin has recently banned VPN use in Russia. Also, be aware that the so-called proxy server alternative to VPNs is also illegal in many countries, which consider any form of IP spoofing to be illegal, not just those services labeled as VPN.
Think about it this way: If your car pulls out of your driveway, someone can follow you and see where you are going, how long you are at your destination, and when you are coming back. They might even be able to peek inside your car and learn more about you. With a VPN service, you are essentially driving into a closed parking garage, switching to a different car, and driving out, so that no one who was originally following you knows where you went.
Internet Protocol Security (IPsec) was initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation. This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IPsec uses encryption, encapsulating an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
If you’re on a heavily managed Internet connection, be it government censored or just college Wi-Fi, standard VPN connections may be blocked or throttled due to deep packet inspection, a way for providers to analyze what type of traffic is passing over a network even when they can’t see the actual contents. IVPN’s desktop apps include a checkbox for Obfsproxy, which disguises your traffic as more ho-hum data to get it past those types of blocks—like kids stacked in a trenchcoat to pass as an adult, but more convincing. Our budget pick, TorGuard, and competitor ExpressVPN use different methods to disguise traffic, but we couldn’t find documentation on equivalent features from our other top performers.
We summarize the protocols above, and look at them in detail in VPN Encryption: The Complete Guide. Although L2TP/IPsec is fine for most purposes, we only really recommend OpenVPN and IKEv2. OpenVPN is very secure if properly configured. Indeed, Edward Snowden’s documents showed that even the NSA can’t crack well-implemented OpenVPN. It is also supported by almost every provider. But it is relatively slow. The newer IKEv2 is much faster and is considered secure, but has not been battle-tested in the way that OpenVPN has. It is not as well supported at present, although it is increasingly popular with providers thanks to its speed advantages over OpenVPN.
The provider offers two strong encryption ciphers: AES-256-CBC and AES-256-GCM. Almost every VPN in the marketplace uses the former, which makes Surfshark the only service to offer the latter. The difference between the two is of something called “chosen ciphertext attacks”. AES-256-CBC uses a secure Message Authentication Code (MAC), along with the AES algorithm. Conversely, AES-256-GCM has built-in authentication codes, which makes the process a whole lot faster!
Windscribe's network performance was once about average in our tests, but a recent switch in VPN protocols put it on par with Private Internet Access in head-to-head tests. Windscribe is compatible with many platforms (including routers and Amazon Fire and Kodi TV set-top boxes), offers a wide variety of connection options, has a wide geographic reach with hundreds of servers, and presents an appealing, if minimal, user interface. It was also one of the best at connecting to Netflix U.K. and BBC iPlayer, if you're into that sort of thing.
ExpressVPN ranks at the top in almost all categories concerning unblocking, Best vpn for torrenting, privacy/security, and streaming. It does not fail to disappoint in offering excellent user anonymity too. We connected to a server in Canada from US. Upon conducting the WebRTC Leak test – there were no signs of any information escaping. The public IP address is that of a Canadian server. Also, the local IP is different from the one provided by our local ISP.
Even if a company is at fault for deceptive marketing practices, it still has to comply with legal requests for whatever information it does have. Jerome told us, “In the U.S., however, there is a big difference between a request for data regularly stored for business purposes and a demand that a company retain information. VPN providers are not required to keep records just in case law enforcement might need them some day.” That means many companies could provide a list of their customers, but if they practice what they preach when it comes to no-logging policies, innocent customers looking for privacy shouldn’t get swept up in these requests.
No one-size-fits-all VPN exists. Ambiguity in the standards and differences in feature sets from vendor to vendor make the decision process fairly complex. Several factors, including your organization size, privacy requirements, and user sophistication, determine which VPN solution might suit your needs. The right product and operational procedures can securely open your network borders, increasing worker productivity while still letting you sleep at night. If you keep in mind these considerations when purchasing a VPN solution and follow a few recommendations about how to securely run it, you can achieve the Private in your Virtual Private Network without pulling out your hair in the process.
Speed-wise, when connected to VPNHub’s UK and Netherlands endpoints, our FTP and HTTP downloads came in at around 10MB/s (80Mbit/s). Connecting to U.S. endpoints gave us 4.8MB/s (38.4Mbit/s) via FTP and 4.2MB/s (33.6Mbit/s) via HTTP. While that’s good enough for everyday browsing and streaming, your results may vary – we connected to U.S Netflix no problem, but, as with many VPNs on this list, BBC iPlayer promptly showed us the door.
When it comes to servers, more is always better. More servers mean that you're less likely to be shunted into a VPN server that is already filled to the brim with other users. NordVPN, Private Internet Access, and TorGuard currently lead the pack with well over 3,000 servers each—NordVPN is at the forefront with 5,130 servers. But the competition is beginning to heat up. Last year, only a handful of companies offered more than 500 servers, now it's becoming unusual to find a company offering fewer than 1,000 servers.
OpenVPN: OpenVPN is very secure, open-source and widely used. Most VPN services support it, but except for Chrome OS and Linux, few operating systems do. This protocol can be used in either TCP (web) or UDP (streaming) mode; the latter is sloppier but faster. You'll need either the VPN service's client software or one of the many free alternatives. Either way, you'll still need to pay for the VPN service.
Their best plan is 1-year subscription plan: $6.99 ($83.88). While their monthly price of $11.95 is at the high end of the spectrum (and they did lose a few points for that), their yearly price of $83.88 is lower than most our contenders. And yes, they also have a full 30-day refund policy. NordVPN also offers a dedicated IP option, for those looking for a different level of VPN connection. They do offer $2.99/month (75% discount) for a 3-year plan .