VPNs for Security and Privacy: 2019 Edition
In today's world with everyone - governments, advertising companies, ISPs - spying on ordinary Internet users, it is a very good idea to get a reliable VPN, especially for people living in Five Eyes countries (the US, the UK, Canada, Australia, and New Zealand) and repressive regimes where the governments have decided that their citizens should have no right to basic privacy even though it is a human right and guaranteed by the Fourth Amendment to the United States Constitution.
Let's get one thing out of the way first, it's not a good idea to use a free VPN. The reason they are free is usually because they log everything and sell it to advertisers, and why wouldn't they? It's easy money and hosting VPN servers is not free. Adware, stealing bandwidth, stealing money or Bitcoin/other cryptocurrencies, hijacking accounts and ransomware are some other risks with free VPNs that paid VPNs usually stay clear of. The one exception I've found to the "don't use a free VPN" rule is https://alternativeto.net/software/protonvpn/, which I will go into more detail about below. However, when it comes to the free "unlimited" VPNs that you find on app stores and as browser extensions, rather than using them you might as well not be using a VPN at all. In general, if you want a VPN with real privacy and security, you're going to have to pay for it. If you're not paying for it, you're the product.
Be aware that Bitcoin can be de-anonymized, especially when buying from centralized exchanges. https://alternativeto.net/software/monero/ however is anonymous and untraceable in theory and practice (for now, at least). Buying Bitcoin via https://alternativeto.net/software/localbitcoins-com/, https://alternativeto.net/software/localcoinswap/, or https://alternativeto.net/software/bitsquare/ is more anonymous than buying it from a centralized exchange. There's also https://alternativeto.net/software/local-monero/ for buying Monero.
Do not use VPNs when you shop online or do financial transactions. A rogue VPN can snoop on the traffic and try to steal your money and services like https://alternativeto.net/software/paypal/ will take action against accounts that are accessed via VPN IP addresses in order to minimize fraud.
Also, please be aware that VPN browser extensions are not as secure and foolproof as VPN desktop clients as certain plugins and technologies such as https://alternativeto.net/software/flash-player/ directs traffic outside of the web browser, making it impossible for VPN browser extensions to tunnel that traffic.
The VPN industry is plagued with shills since the affiliate programmes are very lucrative, so be skeptical of any VPN review that contain affiliate links and ask them to back up their claims with hard facts.
Requirements for a secure VPN: It should not be based in a Five Eyes country or a country that is on Reporters Without Borders' Enemies of the Internet list, it should not log, offer working leak protection for IPv4 and IPv6 or block IPv6 entirely, have its own first party DNS servers, support OpenVPN, support strong encryption and support anonymous payment methods such as https://alternativeto.net/software/monero/, cash, prepaid cards, vouchers, and gift cards. Resources used for verifying compliance to all of these requirements are That One Privacy Guy's VPN comparison chart and VPNTesting.info. Other useful resources for researching VPNs are Comparitech's , Comparitech's , Comparitech's , That One Privacy Guy's VPN reviews, the Most VPN Services are Terrible (incomplete list of VPN services using pre-shared keys), TorrentFreak's yearly interview article with VPN operators, /r/VPN, /r/vpnreviews, and /r/VPNTorrents.
There are limitations to what VPNs can and can't do. VPNs can't hide your browser fingerprint and you can never verify that they log and don't log (unless you self-host your own VPN service). If your Internet activity is highly sensitive I recommend running https://alternativeto.net/software/tor-browser/ over a secure, leak proof, no-logs VPN. Tor Browser has identical browser fingerprints across all unmodified installations and the VPN will conceal Tor's fingerprint which your ISP and anyone else monitoring your Internet activity would be able to see otherwise (they would see that you are running Tor, but not what you are using Tor for). A Tor bridge would also prevent that, but I would rather use a VPN + Tor than just placing all of my trust in Tor. Tor cannot anonymize BitTorrent traffic and should never be used for downloading torrents.
Please note that this list is ment for VPNs that protect your privacy. They are most likely not good for unblocking https://alternativeto.net/software/netflix/ / https://alternativeto.net/software/hulu/ / https://alternativeto.net/software/amazon-video/ / other streaming services. This is because privacy-focused VPN services use shared IP addresses, so that you share your IP address with a lot of people and blend in with the crowd. However, this few IP addresses being used by this many people makes it very easy for streaming services to spot unusual activity from VPN services' shared IP addresses. That's why VPN providers that focus on unblocking streaming services usually provide dedicated IP addresses that are not shared between a lot of users. This makes it harder for the streaming service to detect that the IP address belongs to a VPN service, but it also makes the VPN service unfit for privacy purposes as it's no longer possible to blend in with the crowd to the same extent that you could with a VPN service that uses shared IP addresses. TL; DR: These VPN services aren't Netflix unblockers. For that, go to /r/NetflixViaVPN.
Mullvad is in my opinion currently the most secure VPN service. It's the VPN recommended by Privacy Tools and it has undergone a security audit. It also does really well in That One Privacy Site's VPN comparison chart. Mullvad is run by Internet activists and is based in Sweden, which has good privacy laws, they keep no logs, support OpenVPN, and their VPN client is open source and written in Rust, which is known as the most secure programming language. Mullvad allows customers to pay anonymously via Bitcoin and Bitcoin Cash or even by mailing them cash, for those who do not want a digital trail left behind after their VPN purchase. They are also selling anonymous activation codes for Mullvad in stores in the Nordic countries. Mullvad requires no personal information to start an account, not even an email address, making it the most anonymous VPN service on this list. Just fill in the captcha, generate an account number and pay to activate the account.
AirVPN is a secure VPN for Windows. It was one of only six VPNs (of 29 tested) that passed VPNTesting.info's extensive leak test on Windows. AirVPN did however not pass the Mac leak test. It also does really well in That One Privacy Site's VPN comparison chart. AirVPN is based in Italy, keeps no logs, allows customers to pay anonymously via cryptocurrencies like Monero and Bitcoin, supports OpenVPN, and their VPN client is open source. AirVPN's staff includes activists, hacktivists and members or the Swedish and Italian Pirate Parties.
ProtonVPN is a new VPN service by the former CERN and MIT researchers behind the well-known encrypted Proton Mail email service. The ProtonVPN client has a feature called Secure Core which - much like Tor - routes traffic via two intermediary VPN servers before reaching the final VPN server in order to make surveillance harder for adversaries to perform. VPN servers in countries that are well-known for having some of the strongest privacy laws in the world - Iceland and Sweden - are used as intermediary destinations for the Secure Core feature. ProtonVPN is based in Switzerland, which has good privacy laws. ProtonVPN only keeps connection logs (when you connect and disconnect from the VPN) in order to prevent intrusion attempts into their service, it supports OpenVPN and accepts Bitcoin. ProtonVPN offer quite a generous free plan, which is ment to convince potential customers to pay for one of their premium plans for more features and higher speeds (the speed on the free servers is still very good though). The free servers do not support BitTorrent, which is understandable since the server load and hosting costs that would result of offering a free torrenting VPN to the world is not sustainable. ProtonVPN has not been thoroughly leak tested by vpntesting.info or anyone else yet, so please keep that in mind and leak test the VPN before using it for anything mission critical.
OVPN.com was one of only four VPNs (of 29 tested) that passed VPNTesting.info's extensive leak test on Mac. OVPN.com did however not pass the Windows leak test. It also does really well in That One Privacy Site's VPN comparison chart. OVPN.com is based in Sweden, which has good privacy laws, they keep no logs, support OpenVPN, and they allow customers to pay anonymously via Bitcoin or even by mailing them cash, for those who do not want a digital trail left behind after their VPN purchase. OVPN.com has gone to great lengths to ensure physical security by removing any kind of storage media, so their servers have no hard drives, USBs, or CD in them and thus it is impossible for those servers to store any user data. OVPN.com has taken out an insureance for trial costs that covers up to 2.5 million SEK (about $280 000 / 260 000€).
Comments
May be a bit out of date but I found this really helpful 🙂 very informative, thank you
Sorry but while initially interesting and easy to read I don't think there is anything other than arbitrary preferences. vpntesting.info seems very out of date not that it gives any details what so ever of what they did and how and thatoneprivacysite was again arbitrary and lacking clear details.
Also too many assertions such as when you point out that your favourite went through a security audit, implying others had not which is definitely not the case.