VPNs for Security and Privacy: 2017 Edition

In today's world with everyone - governments, advertising companies, ISPs - spying on ordinary Internet users, it is a very good idea to get a reliable VPN, especially for people living in Five Eyes countries (the US, the UK, Canada, Australia, and New Zealand) and repressive regimes where the governments have decided that their citizens should have no right to basic privacy even though it is a human right and guaranteed by the Fourth Amendment to the United States Constitution.

Let's get one thing out of the way first, it's not a good idea to use a free VPN. The reason they are free is usually because they log everything and sell it to advertisers, and why wouldn't they? It's easy money and hosting VPN servers is not free. Adware, stealing bandwidth, stealing money or Bitcoin, hijacking accounts and ransomware are some other risks with free VPNs that paid VPNs usually stay clear of.
The one exception I've found to the "don't use a free VPN" rule is Small ProtonVPN iconProtonVPN, which I will go into more detail about below. However, when it comes to the free "unlimited" VPNs that you find on app stores and as browser extensions, rather than using them you might as well not be using a VPN at all. In general, if you want a VPN with real privacy and security, you're going to have to pay for it. If you're not paying for it, you're the product.

Do not use VPNs when you shop online or do financial transactions. A rogue VPN can snoop on the traffic and try to steal your money and services like Small PayPal iconPayPal will take action against accounts that are accessed via VPN IP addresses in order to minimize fraud.

Also, please be aware that VPN browser extensions are not as secure and foolproof as VPN desktop clients as certain plugins and technologies such as Small Adobe Flash Player iconAdobe Flash Player directs traffic outside of the web browser, making it impossible for VPN browser extensions to tunnel that traffic.

The VPN industry is plagued with shills since the affiliate programmes are very lucrative, so be skeptical of any VPN review that contain affiliate links and ask them to back up their claims with hard facts.

Requirements for a secure VPN: It should not be based in a Five Eyes country or a country that is on Reporters Without Borders' Enemies of the Internet list, it should not log, offer working leak protection for IPv4 and IPv6 or block IPv6 entirely, have its own first party DNS servers, support OpenVPN, support strong encryption and support anonymous payment methods such as Small Bitcoin iconBitcoin, other cryptocurrencies, cash or prepaid electronic payment methods.
Resources used for verifying compliance to all of these requirements are That One Privacy Guy's VPN comparison chart, VPNTesting.info, and Privacy Tools.
Other useful resources for researching VPNs are Comparitech's Does your VPN Keep Logs? 123 VPN Logging Policies Revealed article, Comparitech's 20+ VPNs rated on privacy and security side-by-side article, Comparitech's Most VPNs can leak personal data despite claims to the contrary article, That One Privacy Guy's VPN reviews, the Most VPN Services are Terrible thread (incomplete list of VPN services using pre-shared keys), TorrentFreak's yearly interview article with VPN operators, /r/VPN, /r/vpnreviews, and /r/VPNTorrents.

There are limitations to what VPNs can and can't do. VPNs can't hide your browser fingerprint and you can never verify that they log and don't log (unless you self-host your own VPN service). If your Internet activity is highly sensitive I recommend running Small Tor Browser iconTor Browser over a secure, leak proof, no-logs VPN. Tor Browser has identical browser fingerprints across all unmodified installations and the VPN will conceal Tor's fingerprint which your ISP and anyone else monitoring your Internet activity would be able to see otherwise (they would see that you are running Tor, but not what you are using Tor for). A Tor bridge would also prevent that, but I would rather use a VPN + Tor than just placing all of my trust in Tor. Tor cannot anonymize BitTorrent traffic and should never be used for downloading torrents.

Please note that this list is ment for VPNs that protect your privacy. They are most likely not good for unblocking Small Netflix iconNetflix / Small Hulu iconHulu / Small Amazon Video iconAmazon Video / other streaming services. This is because privacy-focused VPN services use shared IP addresses, so that you share your IP address with a lot of people and blend in with the crowd. However, this few IP addresses being used by this many people makes it very easy for streaming services to spot unusual activity from VPN services' shared IP addresses. That's why VPN providers that focus on unblocking streaming services usually provide dedicated IP addresses that are not shared between a lot of users. This makes it harder for the streaming service to detect that the IP address belongs to a VPN service, but it also makes the VPN service unfit for privacy purposes as it's no longer possible to blend in with the crowd to the same extent that you could with a VPN service that uses shared IP addresses.
TL; DR: These VPN services aren't Netflix unblockers. For that, go to /r/NetflixViaVPN.


  • Mullvad

    Commercial Mac OS X Windows Linux Web Website

    Mullvad is in my opinion currently the most secure known VPN for Windows. It is listed on Privacy Tools very selective VPN providers with extra layers of privacy list and was one of only six VPNs (of 29 tested) that passed VPNTesting.info's extensive leak test on Windows. They did however not pass the Mac leak test. It also does really well in That One Privacy Site's VPN comparison chart. Mullvad run by Internet activists and is based in Sweden, which has good privacy laws, they keep no logs, support Small OpenVPN iconOpenVPN, and their VPN client is open source. Mullvad allows customers to pay anonymously via Small Bitcoin iconBitcoin or even by mailing them cash, for those who do not want a digital trail left behind after their VPN purchase. They have recently also started selling anonymous activation codes for Mullvad in stores in the Nordic countries. Mullvad requires no personal information to start an account, not even an email address, making it the most anonymous VPN service on this list. Just fill in the captcha, generate an account number and pay to activate the account.

     

    Mullvad icon
  • OVPN.com

    Commercial Mac OS X Windows Linux Web Android ... iPhone Website

    OVPN.se is in my judgement currently the most secure known VPN for Mac. It is listed on Privacy Tools very selective VPN providers with extra layers of privacy list and was one of only four VPNs (of 29 tested) that passed VPNTesting.info's extensive leak test on Mac. OVPN.se did however not pass the Windows leak test. It also does really well in That One Privacy Site's VPN comparison chart. OVPN.se is based in Sweden, which has good privacy laws, they keep no logs, support Small OpenVPN iconOpenVPN, and they allow customers to pay anonymously via Small Bitcoin iconBitcoin or even by mailing them cash, for those who do not want a digital trail left behind after their VPN purchase. OVPN.se has gone to great lengths to ensure physical security by removing any kind of storage media, so their servers have no hard drives, USBs, or CD in them and thus it is impossible for those servers to store any user data. OVPN.se has taken out an insureance for trial costs that covers up to 2.5 million SEK (about $280 000 / 260 000€).

     

    OVPN.com icon
  • AirVPN

    Commercial Mac OS X Windows Linux Android iPhone Website

    AirVPN is a secure VPN for Windows. It is listed on Privacy Tools very selective VPN providers with extra layers of privacy list and was one of only six VPNs (of 29 tested) that passed VPNTesting.info's extensive leak test on Windows. AirVPN did however not pass the Mac leak test. It also does really well in That One Privacy Site's VPN comparison chart. AirVPN is based in Italy, keeps no logs, allows customers to pay anonymously via Small Bitcoin iconBitcoin, supports Small OpenVPN iconOpenVPN, and their VPN client is open source. AirVPN's staff includes activists, hacktivists and members or the Swedish and Italian Pirate Parties.

     

    AirVPN icon
  • ProtonVPN

    Freemium Mac OS X Windows Linux Android iPhone Website

    ProtonVPN is a new VPN service by the former CERN and MIT researchers behind the well-known encrypted Small ProtonMail iconProtonMail email service. The ProtonVPN client has a feature called Secure Core which - much like Tor - routes traffic via two intermediary VPN servers before reaching the final VPN server in order to make surveillance harder for adversaries to preform. VPN servers in countries that are well-known for having some of the strongest privacy laws in the world - Iceland and Sweden - are used as intermediary destinations for the Secure Core feature. ProtonVPN is based in Switzerland, which has good privacy laws. ProtonVPN only keeps connection logs (when you connect and disconnect from the VPN) in order to prevent intrusion attempts into their service, it supports Small OpenVPN iconOpenVPN and accepts Small Bitcoin iconBitcoin. ProtonVPN offer quite a generous free plan, which is ment to convince potential customers to pay for one of their premium plans for more features and higher speeds (the speed on the free servers is still very good though). The free servers do not support BitTorrent, which is understandable since the server load and hosting costs that would result of offering a free torrenting VPN to the world is not sustainable. ProtonVPN has not been thoroughly leak tested by vpntesting.info or anyone else yet, so please keep that in mind and leak test the VPN before using it for anything mission critical as there has been some issues with IP and DNS leaks in the past on various operating systems.

    My personal opinion after trying ProtonVPN for quite a while is that they have a long way to go before I'd recommend paying for their service. As of right now I'm only having them on this list because it's the only decent freemium VPN service that doesn't data mine its users in order to make a quick buck via data broking companies and is a better option than not using a VPN at all and because it's the only one of the VPNs on this list that has a VPN client for Android & iOS. (There are third party mobile VPN clients that can be used for VPN services that don't have their own app).
    The leaks are one thing, it's hard to leak proof a VPN service across all operating systems, especially considering that those OS' and the the Internet in general were never designed to be used anonymously. And to some degree some of the leaks seem to be because of a third party VPN client called Small Tunnelblick iconTunnelblick that a lot of Mac users use, so that's outside of ProtonVPN's control until they've made their own Mac client. (Pro-tip for Mac users: Just pay for Small Viscosity iconViscosity. According to Reddit users it doesn't leak and it only costs $9. If you're getting a VPN you might as well make it work properly.)
    What I have a harder time understanding is why the ProtonVPN client feels like it's still in beta. While it is beautiful design-wise, it has some functionality problems. It often has problem reconnecting after dropping the connection due to the killswitch option killing the VPN connection itself. The client also regularly forgets the login credentials, which it's supposed to remember. These are two well-known issues and why they haven't been fixed yet is beyond me.
    All-in-all, it looks like a promising VPN service that has had a bumpy (and well-publicized) start. I wouldn't choose it over any of the previously mentioned VPNs on this list as of right now, unless you plan on not paying for your VPN at all and are satisfied with a VPN service that might occasionally leak or an official client that has some annoying bugs.

     

    ProtonVPN icon



Comments on VPNs for Security and Privacy: 2017 Edition

Echo echo ... Feels empty in here

Maybe you want to be the first to submit a comment?

Sign up to comment, it's simple!