Since December 2017, when the FCC decided to burn Net Neutrality to the ground, more and more people have become obsessed with online privacy (or lack thereof). Your internet provider can choose to slow down your internet if they want, and they could also go after sites like Netflix and demand money for offering high viewing speeds. And keeping your illegal stream or questionable search history private? Forget about it.
Hopefully, you’re not a candidate for government surveillance, but who knows. Remember, a VPN protects against your internet service provider seeing your browsing history. So you’re protected if a government agency asks your internet service provider to supply records of your internet activity. Assuming your VPN provider doesn’t log your browsing history (some VPN providers do), your VPN can help protect your internet freedom.
Our results were similar in other parts of the world, with IVPN ranking near the top regardless of the test, day, or time. The exception was in Asia, where its Hong Kong servers didn’t perform well. At the time of our initial tests in spring of 2018, IVPN didn’t offer any other servers in Asia aside from Hong Kong. Since then, the company has added locations in Singapore and Tokyo, but we haven’t run a new series of standardized tests with either location.
Another solution for the really paranoid (and well funded) is to locate a second smaller firewall between your internal VPN concentrator and internal LAN, as Figure 1 shows. Then, if an attacker compromises a VPN host, he or she still must penetrate another firewall. You could open up a few common ports, but the firewall would still block ping scans, common worms, and other garbage. Of course, it wouldn't stop someone who's just looking around and it wouldn't work if VPN users need full access to the internal network, but it adds a second line of defense when security is paramount.
HTTPS is a powerful tool that everyone should use because it helps keep sensitive browsing private at no extra cost to the people using it. But like most security standards, it has its own problems too. That little lock icon in your browser bar, which indicates the HTTPS connection, relies on a certificate “signed” by a recognized authority. But there are hundreds of such authorities, and as the EFF says, “the security of HTTPS is only as strong as the practices of the least trustworthy/competent CA [certificate authorities].” Plus, there have been plenty of news stories covering minor and even major vulnerabilities in the system. Some security professionals have worried about those least-competent authorities, spurring groups to improve on the certificate standards and prompting browsers to add warnings when you come across certificates and sites that don’t withstand scrutiny. So HTTPS is good—but like anything, it isn’t perfect.
The process of determining the anonymity of a VPN does not just end by a WebRTC leak test. Users need to make sure the provider they select, offers maximum privacy and anonymity. As a result, there should be no DNS leaks. The results below reveal a single DNS server, which is located in the UK. This means, our identity is completely secure, as there are no signs pointing to our official US location!
VPN technology was developed as a way to allow remote users and branch offices to securely access corporate applications and other resources. To ensure safety, data travels through secure tunnels, and VPN users must use authentication methods -- including passwords, tokens or other unique identification procedures -- to gain access to the VPN server.
We also dove deeper into the desktop apps of the top-performing services. Great apps have automatic location selection, easy-to-use designs, and detailed but uncluttered settings panels. We set up each service’s Android app on a Samsung Galaxy S8 running Android 7.0 Nougat. We took into account how easy each one was to set up and connect, along with what options were available in the settings pane.
That said, many VPN providers are based outside the US, which complicates enforcement. Jerome continued: “Users can file complaints in a local jurisdiction, and local data protection laws may have more effective enforcement mechanisms. For example, privacy and confidentiality of communications are fundamental rights in the European Union. Data protection authorities in EU-member states are empowered to handle complaints brought by individuals and then provide users with information about the outcome of any investigation. But it is unclear how effective any of these remedies will be.”
If you’re seriously concerned about government surveillance—we explain above why that should be most people’s last consideration when choosing a VPN—some expert sites like privacytools.io recommend avoiding services with a corporate presence in the US or UK. Such experts warn about the “14 eyes,” a creepy name for a group of countries that share intelligence info, particularly with the US. IVPN is based in Gibraltar, a British Overseas Territory. We don’t think that makes you any worse off than a company based in Switzerland, Sweden, or anywhere else—government surveillance efforts around the world are so complicated and clandestine that few people have the commitment, skills, or technology to avoid it completely. But because Gibraltar’s status has been a topic of debate in other deep dives on VPNs, we’d be remiss if we didn’t mention it.
Ideally, every VPN service provider would subject itself to independent audits to verify that it logs and operates as it claims. Right now, audits aren’t common practice in the VPN industry, though there’s a push to change that. Joseph Jerome, policy counsel at the Center for Democracy & Technology, told us about that group’s efforts to bring transparency to the VPN industry: “We would like to see security audits released publicly so security researchers can review them and attest to their veracity, as well as learn from the issues being identified.” The few companies we found that currently performed these types of audits had other dismissal-worthy failings, despite their valiant efforts toward transparency. And while such reports may increase your confidence when you're shopping, there’s no guarantee that an audit makes a VPN service trustworthy: In other industries, conflicts of interest have led auditors and rating agencies (PDF) to miss or ignore major problems.
PureVPN has a huge choice of 750 servers in 141 countries and counting. The sheer volume of features, toggles, and tools they provide makes it a top contender for the advanced users. There is a stealth browsing mode, online banking security, secure FTP access, multiple protocols and more. They have server lists optimized for P2P and video streaming, so switching is easy.
Also, do be aware that some broadcasters have developed increasingly sophisticated methods to determine whether the IP address you represent is the IP address where you're located. The VPN may be able to protect your original IP address from being seen, but there are characteristics of proxy communications (like a slightly longer time to transfer packets) that can be used to identify users who are trying to bypass watching restrictions.
VPN.ac is a security-focused provider that is based in Romania. It was created by a team of network security professionals with an emphasis on security, strong encryption, and high-quality applications. Their network is composed entirely of dedicated, bare-metal servers that offer great performance, as seen in the latest speed tests for the VPN.ac review.
As seen in our worst free VPN guide, there are reasons why you should pay for a VPN. That said, you shouldn’t go broke just because you should pay. In addition to finding the cheapest VPNs on the market, we looked for the providers that offer the most value for your dollar. If you can’t afford a VPN, you can read our section below with our free recommendation.
Even though Tor is free, we don’t think it’s the best option for most people. If you aren’t familiar with Tor, this handy interactive graphic shows how it protects an Internet connection, and this series goes into more detail about how Tor works. Runa Sandvik, a former researcher with The Tor Project who is now part of the information security team at The New York Times (parent company of Wirecutter), described it as “a tool that allows users to remain anonymous and uncensored.” When we asked expert Alec Muffett about whether he personally used a VPN, he told us he actually spent most of his work time using Tor. But Tor has a reputation for slow connections, can be blocked by some websites, and isn’t suitable for some peer-to-peer applications like BitTorrent.
The last thing anybody needs is connecting to a VPN server only to learn that their DNS address is leaking. This can prove detrimental. Especially, if you live in a country with tough internet and copyright infringement laws. Lucky for you, ExpressVPN offers the latest in VPN protocols, coupled with strong encryption and privacy features. The VPN indicate no leakages at all. As you can see, the results below show a Canadian DNS address.
As YouTube and Netflix make more money, the distribution models become more complex. For example, Annihilation — an instant sci-fi classic, according to your writer — was released in theaters in the U.S., but released exclusively through Netflix in the U.K. and Australia. Similarly, season four of Better Call Saul aired on AMC in the U.S., while new episodes in the U.K. aired on Netflix.
Nokia, Cisco, Nortel, Lucent, and others offer dedicated VPN boxes, although standalone VPN concentrators are becoming less common. Most firewalls, routers, and network appliances—such as those by WatchGuard Technologies, SonicWALL, and NetScreen—provide some VPN functionality. For a good list of IPSec-certified VPN devices, go to http://www.icsalabs.com/html/communities/ipsec/certification/certified_products/index.shtml.
Yet Mullvad is worth a look because it's extremely private. It asks nothing about you when you sign up. Instead, it assigns you a random number that will be your combined username and password. You don't have to provide an email address, and you can pay by mailing cash to the company's headquarters in Sweden. (Mullvad also takes credit cards, PayPal, bitcoin and wire transfers, and offers 30-day money-back guarantees for those.) Unexpectedly, it was pretty versatile at streaming Netflix from overseas — it didn't always get through, but in no country we tried was it always blocked.
In 2016, a federal court in Australia ordered ISPs to block BitTorrent tracker sites including ThePirateBay, Torrentz, TorrentHound, IsoHunt and SolarMovie. This has proven to be somewhat effective as visits from Australia to these sites have dropped by 53%. This doesn’t take into account VPN users — the sites can still be accessed with any of the VPNs we listed above.
We have often said that having to choose between security and convenience is a false dichotomy, but it is at least somewhat true in the case of VPN services. When a VPN is active, your web traffic is taking a more circuitous route than usual, often resulting in sluggish download and upload speeds as well as increased latency. The good news is that using a VPN probably isn't going to remind you of the dial-up days of yore.
ProtonVPN is one of the newest VPN services, and it boasts some star-studded founding members. The company was founded at CERN, the birthplace of the internet, and grew out of the ProtonMAIL service that’s been protecting the email of activists and journalists for years. The service acts as a Swiss company and is thus free from the laws of the U.S. and the European Union. It’s also not a member of the “fourteen eyes surveillance network,” and user traffic isn’t logged and passes through privacy-friendly countries, so you needn’t worry about your true IP address being revealed.
Like Avast, Avira got into the VPN business to complement its antivirus offerings. Phantom VPN is easy to use and gives you up to 1GB of data per month for free, making this service ideal for vacation travelers who just need to check email. Its unlimited paid plans are reasonably priced, but it had slow downloads and dropped connections in our 2017 tests.
The second thing that happens is that the web application you're talking to does not get to see your IP address. Instead, it sees an IP address owned by the VPN service. This allows you some level of anonymous networking. This IP spoofing is also used to trick applications into thinking you're located in a different region, or even a different country than you really are located in. There are reasons (both illegal and legal) to do this. We'll discuss that in a bit.
There are some minor disadvantages to using a dynamic IP. If someone who previously had the IP address you've been assigned did something nefarious on a service you use, it's possible that IP address might be banned. Usually, VPN providers are very careful about checking their IP addresses against blacklists, so the chances of this being a problem for you are slim.
When we test VPNs, we generally start with the Windows client. This is often the most complete review, covering several different platforms as well as the service's features and pricing in depth. That's purely out of necessity, since most of our readers use Windows (although this writer is currently using a MacBook Air). We currently use a Lenovo ThinkPad T460s laptop running the latest version of Windows 10. We periodically upgrade to a newer machine, in order to simulate what most users experience.
Like most well-known VPN companies, IVPN supports a variety of privacy groups and causes. Pestell told us he worked with the Center for Democracy & Technology to improve trust in VPNs with a handful of transparency initiatives before they were announced. Neena Kapur of The New York Times (parent company of Wirecutter) information security team noted that IVPN’s leadership transparency and its relationship with CDT were significant pluses that contributed to its trustworthiness. Pestell was also the only representative we spoke with to offer to arrange for one of our experts to audit the company’s server and no-logging policies.1 We cover trust issues with VPNs at length elsewhere in this guide, but we believe that IVPN takes an active role in protecting its customers’ privacy and is not a dude wearing a dolphin onesie.
Private Internet Access' client interfaces aren't as flashy or cutesy as some other services' software, but they're clear and simple enough for newbies to start right away. A toggle switch reveals all the settings a VPN expert would ever want to play with. You can also skip Private Internet Access' software and connect directly to the servers, or use a third-party OpenVPN client.
Hotspot Shield depends on a custom VPN protocol that's not been publicly analyzed by independent experts. We don't know how private or secure it really is. The company has been accused of spying on users (it denies the allegations), and complaints abound online about Hotspot Shield software installing on PCs without users' permission. All this, and the company's U.S. location, may scare away customers who want to protect their privacy.
Tip for Chrome, Firefox, and Opera users: A feature called WebRTC can, in some Web browsers, inadvertently cause your true IP address to leak out even when you’re connected via a great VPN. WebRTC assists with peer-to-peer connections, such as for video chatting, but could be exploited in some cases. You can manually disable this function in Firefox, or use an extension to block most instances of it in Chrome or Opera. For more details and instructions, check out Restore Privacy.
A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network.
If users are still double-minded about using NordVPN, take a look at this complete privacy analysis. We connected to a stealth server in Hong Kong and then performed a test via IPLeak.net. The results showed that the VPN was successful in hiding our true US location. It displayed a Hong Kong IP Address for our IPv4 and public address. The DNS address also showed that we were connected to a single server located in Hong Kong.
A representative from the VPN Company informed that they are already under review. They have gone through negotiations with three different independent audit companies. We received no exact dates for the audit being available to the public. However, the process can take anywhere from a few weeks to two months During our conversation, the representative also revealed details about releasing “Transparency Reports” for their service.
Our highly thorough and comprehensive review format includes assessing a VPN from every SINGLE ASPECT! We have signed up with a total of 80 providers, taking our complete time in assessing every one of them. This helps us accurately categorize them, according to user needs.Each VPN is tested on multiple platforms like Windows, Mac, Linux, Android, and iOS.
The servers of the company are numbered around 2000, which might be less than other VPN services. However, the spread is wider as it provides more than 148 cities and over 94 countries to choose from. The company allows for up to three devices to use its service. As with NordVPN, this company also keeps the exact numbers and other details around its operations rather vague.
In addition to this, Mullvad supports ShadowSocks, which helps in circumventing internet censorship in China via a special Socket Secure (SOCKS5) Proxy. This can be added to your uTorrent/BitTorrent client for boosting your overall security when engaging in P2P/Torrenting . Then, you have Port Forwarding available to route network requests to specific devices. For the more tech-savvy and privacy-geek crowd, there is Port Selection available. It allows for better configuration of protocols to boost your security at all times.
The IVPN app’s default settings are great for most people, who should be happy just smashing the Connect button and not fiddling with settings. The desktop app defaults to a secure OpenVPN connection with AES 256-bit encryption (what we consider the standard at this point), and the mobile app can (and should) be toggled to OpenVPN as well. Our budget pick, TorGuard, defaults to the weaker (but also acceptable) AES 128-bit encryption unless you manually change it, and hasn’t added OpenVPN support on its iOS app.
Private Internet Access, or PIA, is one of the most visible, privacy-focused VPNs available. Because of its reputation and advocacy concerning online privacy and security, it has also been a Wirecutter staff pick. But whether you prioritize speed and performance or trust and transparency, our top pick is a better bet. If you find PIA attractive because of its low price, note that spending just a little more on TorGuard will buy you much better performance.
However, network performance is another thing entirely. First, keep in mind that if you're using a VPN, you're probably using it at a public location. That Wi-Fi service is likely to range in performance somewhere between "meh" and unusable. So, just the fact that you're remotely working on a mediocre network will reduce performance. But then, if you connect to a VPN in a different country, the connection between countries is also likely to degrade network performance.
A lot of people started using a VPN to evade geo-restrictions. But despite its forbidden benefits to users outside the US, a VPN is a great tool that can protect you and enhance your online experience over the internet by providing you with sufficient security and privacy. When it comes to selecting the best VPN, you have plenty of choices. There are many cost-effective VPN options, and all of them will vary in monthly offerings. Choosing the best VPN is easier once you narrow down the competition. The best indication of a good VPN service provider is that they have the right security and the right support in place for you.