If you’ve ever noticed ads popping up for items you’ve recently shopped for online, you’re probably aware that marketing agencies and businesses track your online activity. For those who’d rather keep their activity private and want added security when using a public Wi-Fi network, a Virtual Private Network (VPN) not only encrypts your connection to keep it private but also hides your location, giving you uncensored access to items that are location-specific.
PPTP. A consortium of vendors, including U.S. Robotics, Ascend Communications (now part of Lucent Technologies), 3Com, and Microsoft, developed PPTP. VPN software implementations are more likely than hardware implementations to use PPTP, although some VPN hardware vendors (e.g., Lucent in its MAX and Pipeline communication products and Nortel in its Contivity products) use it. PPTP software implementations can't handle high volumes of traffic, but PPTP hardware implementations can. PPTP 1.2 had major flaws, but version 2.0 fixed most of the problems. However, even this version 2.0 as Microsoft has implemented it is weak cryptographically because it still relies on the user's password to generate keys. In addition, PPTP's design and heavy promotion by a few large vendors such as Microsoft have made it suspect in some quarters.
Speed-wise, Avast SecureLine did well in our European speed tests, with us recording over 9.83MB/s (78.64Mbit/s) in our file transfer tests to the Netherlands. Its US performance was a little below average but still decent at 3.22MB/s (25.76Mbit/s), although UK performance was a bit slower than in our last round of tests, at 6.5MB/s (52Mbit/s) via FTP and 5.8MB/s (46.4Mbit/s) for an HTTP download.
However, the VPN’s reputation has suffered a little. Its Android software made an appearance in the list of “intrusive or malicious” apps. This is of course, a rare instance for a service of this stature. Nevertheless, the VPN still ranks among the greatest and safest choices online, especially for engaging in P2P activities. The monthly pricing starts at $11.99, which is quite expensive.
Private Internet Access, or PIA, is one of the most visible, privacy-focused VPNs available. Because of its reputation and advocacy concerning online privacy and security, it has also been a Wirecutter staff pick. But whether you prioritize speed and performance or trust and transparency, our top pick is a better bet. If you find PIA attractive because of its low price, note that spending just a little more on TorGuard will buy you much better performance.
If you need a more affordable VPN than our top pick and don’t have an Apple device—or if you need ChromeOS support—we recommend TorGuard. Its apps aren’t as simple or user-friendly, but TorGuard is a good option for more tech-savvy people or those willing to spend a little more time fiddling with an app. TorGuard’s CEO has built trust by talking with media outlets (including us) and detailing the company’s commitment to a service built around a lack of activity logs. Though the apps aren’t as easy to use as our top pick, the connections were the fastest of any we tested and the company has more than twice as many server locations.
DNS servers are a bit like the phone books of the Internet: You can type in “thewirecutter.com,” for instance, and one of the many DNS servers behind the scenes can point you to the IP address of a server hosting the site. Most of the time, your DNS requests automatically route through your ISP, giving the ISP an easy way to monitor your traffic. Some VPN services rely on third-party DNS servers, but the best ones keep DNS servers in-house to prevent your browsing history, or your IP address, from getting out.
Closely control access to your VPN box, whether it's a concentrator or Windows machine. In the case of a Windows server, put the machine on a separate domain and have only a few accounts on it. Use the strongest possible passwords, and store and swap them out appropriately. In the case of a hardware device, disable insecure protocols, such as FTP and Telnet, that pass your logon information in the clear. An insecure VPN concentrator box or unpatched Windows VPN server presents a much easier target than do VPN keys that must be brute-forced.
ExpressVPN has 148 locations in 94 different countries which means you can dial your IP address into 148 locations around the world. ExpressVPN delivers great performance - and it’s put the effort into its software too, with dedicated apps for Windows, Mac, Linux, iOS, Android and BlackBerry as well as some Smart TVs, Amazon Fire TV Sticks, Apple TV, PS4 and Xbox and even your router. Not only that but there are solid online tutorials too, so even if VPNs are dark magic to you they’ll have you up and running in no time. P2P is fully supported and it's super speedy so you can torrent using the maximum bandwidth of your broadband connection and there’s a kill switch that keeps your IP address hidden if anything goes wrong with the VPN or with your internet connection. ExpressVPN is reasonably priced, delivers a good service and has support for three simultaneous connections. There’s no free trial available but there is a no-fuss 30-day money back guarantee if the service doesn’t meet your requirements so that's a good way to test it out if you're unsure. We have used the 24/7 customer service a number of times and can vouch for its effectiveness - we had a couple of issues with using the service on a PC and were able to sort it within a few minutes using the instant online chat support.
With their “No Logging” policy, they want to advertise proudly that they do not keep track of any information. In practice, when you check out their Terms of Service, there are some elements they collect, but they do not seem to use the collected information for anything. And while many VPN companies do log the data of the user, CyberGhost VPN do seem to have more paranoid measures to secure themselves against any tracking requests.
VPNs mask your IP address and shift your location to different countries. This ensures all your online activities remain untraceable and secure while protecting you from the prying eyes of hackers, copyright infringement, and surveillance agencies. Add this to the high-level 256-bit AES encryption found in the OpenVPN protocol and you can feel assured your identity remains hidden.
When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your connection as coming from within the USA.
Based in Switzerland and owned by the US company “Gold Frog”, VyprVPN is quite similar to Buffered. It has quickly gained momentum in the marketplace of VPN providers. The VPN offers exceptionally fast speeds, remarkable unblocking features, and huge server database. It also offers advanced technologies, like Chameleon Technology and the famous VyprDNS.
One of the biggest things that can put people off the idea of using a VPN is that they slow down your internet. This is mainly because you are adding an extra leg to the journey your data must take to reach its destination (via the VPN server). These days good VPN services are very fast and if you connect to a server near to you, you will often get 90% or more of your raw internet connection speed.
Some VPNs are notoriously difficult to use — read our AirVPN review for an example — so those that offer a streamlined experience shouldn’t be overlooked. VPNs that exemplify good ease of use have a balance of power and usability, without sacrificing the core features that allow you to customize the experience. Read our TunnelBear review to see what oversimplified looks like.
A VPN client is software that runs on your device in order to securely connect it to a VPN server. All major platforms (Windows, macOS, Android, iOS, and Linux) come with a built-in VPN client that can be configured manually, although OpenVPN always requires a third party client to be installed. Most VPN services now offer custom clients and apps, which are the easiest way to use their service as they come pre-configured with all the correct settings. They also typically offer a range of funky and useful features that are not available by simply manually configuring the built-in VPN client. To clear up any confusion, a ''VPN client'' and a ''VPN app'' are exactly the same thing. Traditionally, the word client is used for desktop software and the word app for mobile software, but it is becoming increasingly common to talk about VPN apps on the desktop. The terms are interchangeable.
For large-scale implementations, choose a hardware device such as a VPN concentrator or VPN-enabled network appliance. Hardware-based VPNs perform better for larger installations. Also, the security of a software-based VPN built on a host with an OS such as Windows, UNIX, or Linux depends on the underlying security of that OS. Thus, you must keep the OS patched as well as keep an eye on the VPN software.
HotSpot Shield is a product that has had some ups and downs in terms of our editorial coverage. Back in 2016, they picked up some very positive coverage based on founder David Gorodyansky comments about protecting user privacy. Then, in 2017, a privacy group accused the company of spying on user traffic, an accusation the company flatly denies. Finally, just this year, ZDNet uncovered a flaw in the company's software that exposed users. Fortunately, that was fixed immediately.