One way to resolve the issue of trust is to be your own VPN provider, but that’s not a feasible option for most people, and it still requires trust in any company providing the hardware that your VPN would run on, such as Amazon’s cloud services. Multiple projects can help you cheaply turn any old server into a VPN, including Algo, Streisand, and Outline. By encrypting all the traffic from your home or mobile device to a server you manage, you deprive your ISP and a potentially villainous VPN of all your juicy traffic logs. But most people lack the skills, patience, or energy—or some combination of the three—to do this. If you don’t manage servers or work in IT, it may be harder to manage perfect operation and performance better than trustworthy professionals. Lastly, though you remove one threat from the equation by cutting out a VPN service provider, you also lose the extra layer of privacy that comes from your traffic mixing in with that of hundreds or thousands of other customers.
In conjunction with information security experts at The New York Times (parent company of Wirecutter), we reached out to our finalists with questions about their internal security practices. We asked how they handled internal security access, how they communicated securely with customers, in what ways they collected reports on security bugs, and of course whether their statements on logging policies matched their marketing and privacy policies. We also considered which companies had public-facing leadership or ownership, and which ones openly supported projects and organizations that promoted Internet security and privacy. (For a full breakdown of trust and VPNs, check out the section above.)
When you're away from home or the office and you connect to the internet, you'll most often be doing so via Wi-Fi provided by your hotel or the restaurant, library, or coffee shop you're working out of in that moment. Sometimes, the Wi-Fi has a password. Other times, it will be completely open. In either case, you have no idea who else is accessing that network, and therefore, you have no idea who might be snooping on your traffic.
First and foremost, using a VPN prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. Someone on the same network, or the person in control of the network you're using, could conceivably intercept your information while you're connected.
To ensure that the results we received for both WebRTC and DNS leak tests were accurate, we decided to conduct a complete privacy analysis on the provider using IPLeak.net. If you look at the results below, you can see no signs of any leakages. The IP address is that of a Singapore location, including the local IP. The DNS server to is the same as the cloaked IP, verifying that your identity remains secure!
The testing/analyzing process for CyberGhost took us a good one and a half days. This made us realize the provider is a great choice for unblocking websites! Based in Romania, CyberGhost VPN offers great diversity to its user base. It recently introduced the new CyberGhost 6-user interface on its Mac and Windows dedicated apps. This grants for better user-friendliness, which works in favor of the provider.
We tested each service using both the Netflix-operated Fast.com download speed test and the more comprehensive Internet Health Test; the latter measures speeds up and down through multiple interconnection points between Internet providers. We ran each test on the macOS version of each VPN software in its default configuration, with our test computer connected over Gigabit Ethernet to a cable modem with no other traffic running through it. We recorded baseline download rates without a VPN active of nearly 300 mbps, and we checked our non-VPN speeds at random intervals to ensure that our local ISP wasn’t affecting the tests.
They even offer the most generous simultaneous connection count, with six simultaneous connections through their network, where everyone else offers five or fewer. NordVPN's network isn't as large as some of their competitors, so if you're trying to obfuscate your tracks, you might want a company with more servers. Otherwise, this company is clearly providing a winning offering.