Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.

Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like "pcmag.com" into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN's DNS system, it's another layer of protection.


VPN technology was developed to allow remote users and branch offices to access corporate applications and resources. To ensure security, the private network connection is established using an encrypted layered tunneling protocol and VPN users use authentication methods, including passwords or certificates, to gain access to the VPN. In other applications, Internet users may secure their transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers to protect personal identity and location to stay anonymous on the Internet. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions, and many VPN providers have been developing strategies to get around these roadblocks.


Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not. This is actually why we also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy. KeepSolid VPN Unlimited offers a one-week Vacation subscription, for example. Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs.
A “kill switch” goes by many names, but the term describes VPN software that shuts off all network traffic in and out of your computer if the encrypted connection fails. A hiccup in your Wi-Fi or even with your ISP can cause a VPN to disconnect, and if you then maintain an unsecure connection—especially if the VPN software doesn’t alert you that it’s no longer protecting your traffic—that wipes out all the benefits of your VPN. We considered kill switches to be mandatory. And although we looked for apps that made it easy to add rules about when to activate kill switches, we considered special config files or manual firewall tweaks to be too complex. (iOS doesn’t support any kill-switch features; we address a few iOS-specific problems that apply to all VPN services in a separate section.)
Everywhere you go, be it a review website, community, forum – you will notice a pseudo ID or someone claiming to be a security professional. They share their different experiences with a provider. 9 times out 10, none of these experts bother discussing the offsets, drawbacks, or disadvantages of a particular VPN service. They just go on praising and urging other users to sign up too. We are sure that these fakes are marketing minions, who have no idea about the technicalities of VPNs.
Unlike traditional head-end concentrator hardware, which are capital intensive and have long lead times for distributed enterprises, CP Secure VPN allows IT managers to secure their expanding Edge Networks using architectures that scale quickly and are easy to maintain. Configured, deployed, and managed from the cloud, CP Secure VPN delivers a virtual private data network that minimizes both cost and complexity.
Over the course of four months, we scoured articles, white papers, customer reviews, and forums to compile the pros and cons of VPN services and different VPN protocols and encryption technologies. That One Privacy Site and privacytools.io stood out as two of the most thorough and unbiased sources of information. We interviewed Electronic Frontier Foundation analyst Amul Kalia about government surveillance and VPN efficacy. We also got answers from Joseph Jerome, policy counsel for the Center for Democracy & Technology’s privacy and data project, about how accountable VPN providers are for their policies and terms of service, and how that relates to trustworthiness. Alec Muffett, a security expert and software engineer, also shared his views on the usefulness of VPNs to protect against various threats.
We didn’t audit any VPN services ourselves (though IVPN, our top pick, offered to arrange such an exercise), but we did ask detailed questions about each service’s operations as a way to judge whether a company was acting in good faith. Good faith is important, because there aren’t many avenues to penalize a VPN company that isn’t following through on its promises. In the US, companies making false claims about their products are policed by the Federal Trade Commission, and to some extent state attorneys general. Joseph Jerome at CDT told us that companies violating their own privacy policy or claims about logging would be “a textbook example of a deceptive practice under state and federal consumer protection laws,” and in theory, “the FTC could seek an injunction barring the deceptive practice as well as potentially getting restitution or other monetary relief.”
When you access the internet via Wi-Fi, do you think about who might be spying on your data, or even stealing it? If not, you're in the majority—unfortunately. Everyone ought to be using a virtual private network, or VPN, whether it's at a coffeeshop or even at home. Yet when PCMag ran a survey on VPN usage, we found a surprising 71 percent of our 1,000 respondents had never used a VPN at all. Even among net neutrality supporters—who you might think would be better informed on security and privacy issues—55 percent had never used a VPN.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.[2]
IPSec. Probably the best supported and most widely used protocol, IPSec is rapidly becoming the standard for VPNs. IPSec, which the Internet Engineering Task Force (IETF) developed, consists of multiple subprotocols; each handles a different element of the process, and some are optional or interchangeable. IPSec is a broad specification, and vendors' IPSec implementations differ. Make sure you read the fine print to understand what parts of IPSec a product uses.
My recommendation, and the protocol I most often choose to use, is OpenVPN. OpenVPN is a non-proprietary, open-source implementation of a VPN communication layer protocol. It's well-understood, well-regarded, generally quite secure, and robust. In addition, it has the benefit of being able to communicate over port 443, which is the standard port for https communication, which means almost all firewalls will allow OpenVPN traffic -- and most won't even be able to detect that a VPN is being used.
Providers can also log less-specific data about when or how often you connect to your VPN service. In some cases, these logs are a routine part of server or account management, and can be responsibly separated and scrubbed. In other cases, VPN providers take note of every connection and use that information to actively police individual customers. Though it’s reasonable for companies to protect their networks from abuse, it becomes a dealbreaker when companies keep extensive connection data for a longer period of time. Some VPN companies we spoke with explained how a log might note your current connection for authentication purposes, but that log is deleted as soon as you disconnect. This kind of “live log” isn’t a concern, and even those culled every few hours—or as long as the end of each day—shouldn’t be confused with logs of your traffic and online destinations.

Before you decide which best home VPN network client you want to download and install on your device, take some time to ask yourself a few questions, the most important of them being “what exactly do you need the VPN for?” For example, do you want a VPN for your Windows computer? Regardless of the platform or firmware that your devices operate on, certain aspects of a VPN are critical and should be considered before making the purchase. Regardless of why you need a VPN, unlimited access to all the Internet has to offer is of top importance when making your decision. With a VPN like Express VPN or NordVPN, you will be able to surf securely and privately. There are a number of features you might want from a VPN - unlimited number of devices, fast surfing speeds, Android and iOS apps, major VPN protocols. All are important in choosing the right VPN for you. Check out our guide to choosing the right unlimited VPN for your needs to help you decide which of the best VPNs in 2018 is right for you. 
Yes. Although Netflix is now available almost everywhere, some places – notably the United States – enjoy a much larger catalog of titles than everywhere else. And some people want to access regional catalogs. In theory, all you need do to watch a local version of Netflix from somewhere else is connect to a VPN server in that country. You can sign into any regional Netflix page with any active Netflix account, no matter where that account is registered. The snag is that due to pressure from its content producers, Netflix now tries to ban IP addresses that it knows belongs to VPN and proxy services. Many VPN services have found sneaky ways around this ban, but it is a cat and mouse game.  Please see our best Netflix VPNs for a list of services which still work with Netflix (most of the time).

TunnelBear is designed for a very specific group of people: people who want a VPN service but don’t want to mess around with configuration or become IT experts to make their connections more secure. And it caters brilliantly for that market, with a very straightforward interface and jargon-free writing. In truth, all of the VPN services these days do this but TunnelBear tries very hard to stand out. It’s not for power users - there isn’t much you can change - but with up to five simultaneous connections, servers across 20 countries and decent performance on US and Canadian websites.  Longer connections can be slower, though: it’s when the relatively small number of server locations makes itself obvious. There’s a free version that limits you to 500MB of monthly traffic, and if you pay annually the price of the full version drops from $9.99 to $4.99 per month.

IPSec. Probably the best supported and most widely used protocol, IPSec is rapidly becoming the standard for VPNs. IPSec, which the Internet Engineering Task Force (IETF) developed, consists of multiple subprotocols; each handles a different element of the process, and some are optional or interchangeable. IPSec is a broad specification, and vendors' IPSec implementations differ. Make sure you read the fine print to understand what parts of IPSec a product uses.


With hundreds of VPN services and clients available, it can be difficult to decide which one to use. We've extensively tested several popular VPN services that met three requirements: They had both desktop and mobile client software (with one exception), they had VPN servers in many countries, and they offered unlimited data use, at least in their paid versions.


Finally, you may want a VPN to spoof your location to download content you shouldn’t have access to, but this too has limits. A VPN used to be the go-to solution to watch U.S. Netflix overseas. That changed in 2016 when Netflix opened up to almost every country on Earth. Since then, the company has invested a lot in detecting and blocking VPN users. Even people using a VPN inside their own country will be blocked by Netflix if detected.

We used to advise people to do banking and other important business over their cellular connection when using a mobile device, since it is generally safer than connecting with a public Wi-Fi network. But even that isn't always a safe bet. Researchers have demonstrated how a portable cell tower, such as a femtocell, can be used for malicious ends. The attack hinges on jamming the LTE and 3G bands, which are secured with strong encryption, and forcing devices to connect with a phony tower over the less-secure 2G band. Because the attacker controls the fake tower, he can carry out a man-in-the-middle attack and see all the data passing over the cellular connection. Admittedly, this is an exotic attack, but it's far from impossible.

A P device operates inside the provider's core network and does not directly interface to any customer endpoint. It might, for example, provide routing for many provider-operated tunnels that belong to different customers' PPVPNs. While the P device is a key part of implementing PPVPNs, it is not itself VPN-aware and does not maintain VPN state. Its principal role is allowing the service provider to scale its PPVPN offerings, for example, by acting as an aggregation point for multiple PEs. P-to-P connections, in such a role, often are high-capacity optical links between major locations of providers.


The process of determining the anonymity of a VPN does not just end by a WebRTC leak test. Users need to make sure the provider they select, offers maximum privacy and anonymity. As a result, there should be no DNS leaks. The results below reveal a single DNS server, which is located in the UK. This means, our identity is completely secure, as there are no signs pointing to our official US location!
For connectivity, the provider does not to disappoint and offers amazing speeds on its expanding server list. This number of servers have now stretched to 500+ in 45 countries in just 2 months. The VPN despite being a new player is also perfect for unblocking Netflix (since you even have dedicated IPs available). If you need any assistance, the 24/7 live chat support proves to be quite helpful and responsive too.  You have apps for all platforms/devices too, along with a Router app.
Multi-hop cascades + NeuroRouting – Perfect Privacy gives you the ability to create multi-hop VPN cascades across up to four different servers in the network. This protects you against the possibility of a rogue data center logging traffic, targeted monitoring, and other threat scenarios. Additionally, the NeuroRouting feature dynamically routes all traffic through multiple hops in the server network, and can be used with any device (explained more here).

Speed-wise, when connected to VPNHub’s UK and Netherlands endpoints, our FTP and HTTP downloads came in at around 10MB/s (80Mbit/s). Connecting to U.S. endpoints gave us 4.8MB/s (38.4Mbit/s) via FTP and 4.2MB/s (33.6Mbit/s) via HTTP. While that’s good enough for everyday browsing and streaming, your results may vary – we connected to U.S Netflix no problem, but, as with many VPNs on this list, BBC iPlayer promptly showed us the door.
Upon digging into the matter, the authorities found that the police officer’s Facebook and Gmail were deleted. That too, right after the assassination of the Ambassador. Digital traces revealed the action was done over a private connection, operated by ExpressVPN.  Turkish authorities seized the server in question and conducted a thorough inspection, but could not find any find anything.
It does not matter if a VPN offers strict no logging policies. If it exists outside every major surveillance alliance, or offers lightening speeds. The minute it leaks your IP, everything goes to the garbage, as your private identity comes forward. Buffered VPN, despite being new, follows through on all its promises. The DNS leak test did not reveal our true location.
Things can get tricky when it comes to trusting a VPN. Recently, PureVPN handed over log information the company had to federal investigators building a case against a cyberstalker and general dirtbag. Some were surprised that the company had any information to hand over, or that it did cooperated with investigators at all. It seems to us that PureVPN stayed within the bounds of its stated privacy policy. But it's also true that other companies, such as Private Internet Access, aren't able to connect any of your personal information to your account information.

Users need to make sure the provider they select, offers maximum privacy and anonymity. As a result, there should be no DNS leaks. Below we conduct a leak test to ensure that you are not caught by government agencies or copyright infringement trolls in your country. We connected to a server in Singapore, and the DNS address claims the same. Nothing points to our original US location, which means you are completely secure when using Mullvad!
I recommend always using a VPN when using someone else's Wi-Fi network. Here's a good rule of thumb: If you're away from the office or home, and you're using someone else's Wi-Fi (even that of a family member or a friend, because you never know if they've been compromised), use a VPN. It's particularly important if you're accessing a service that has personally identifying information. Remember, a lot goes on behind the scenes, and you never really know if one or more of your apps are authenticating in the background and putting your information at risk.
A Virtual Private Network is a connection method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet. Virtual Private Networks are most often used by corporations to protect sensitive data. However, using a personal VPN is increasingly becoming more popular as more interactions that were previously face-to-face transition to the Internet. Privacy is increased with a Virtual Private Network because the user's initial IP address is replaced with one from the Virtual Private Network provider. Subscribers can obtain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a Virtual Private Network, you can appear to live in Amsterdam, New York, or any number of gateway cities.
Along with securing your private information and activity online, a VPN for home is a great way to stream your favorite TV shows and movies. When using a VPN, you can be sure that your online activity is secure and private, so you can simply enjoy your TV show or movie. Be sure to choose the best home VPN for your needs, such as one that works well with Windows, to help make movie and TV show streaming a possibility for you.  

There are about 3,000 CyberGhost connection points in about 60 countries worldwide. You don't need to provide your real name, just a working email address, and you can pay in Bitcoin to remain nearly anonymous. As with most full-fledged VPN services, you can connect directly from your operating system's network settings or use third-party OpenVPN software to do so. You can also select from among VPN protocols and set up a home Wi-Fi router to use CyberGhost all the time.


VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. To ensure safety, data travels through secure tunnels, and VPN users must use authentication methods -- including passwords, tokens or other unique identification procedures -- to gain access to the VPN server.
Billed at $99.00, you save a staggering 41% on the original monthly pricing, which is quite budget-friendly, to say the least. Once you sign up, you receive fast speeds for streaming/downloading all types of content and engage in P2P/torrenting. You also gain the ability of connecting to 5 devices simultaneously, and leveraging a 30-day refund guarantee.
Thank you for the reply. I read Express and Nord privacy policy thoroughly and they might not keep logs, but they do use cookies and Google analytics for statistics, affiliate cookies and personalizing cookies. Yes you can block them through the browser but they’ll probably cause issues to the VPN service. They also mention that they can process the users data for like email for improving their services or marketing purposes IF the user consents, BUT they can do it anyway without any consent if applicable law demands it of legal basis legitimate interest. I find these details worrisome.
We're slightly surprised that ExpressVPN wasn't #1 in the rankings, as Reddit users really seem to love it (or as close to love as you can get with the ultra picky Reddit community). If you do a Reddit search on any other VPN, someone in the comments will say Express is better. At first glance, it already looks a lot more user friendly and a lot more trustworthy than PureVPN. In his ExpressVPN review, Redditor bigkenw writes:

Depending on how ISPs respond to a newly deregulated environment, a VPN could tunnel traffic past any choke points or blockades thrown up by ISPs. That said, an obvious response would be to block or throttle all VPN traffic. Or perhaps ISPs will come up with an entirely novel way to monetize the letitude given them by the current lack of net neutrality legislation.
×