As awareness of global surveillance grows, more people are looking for information about the Five Eyes, Nine Eyes, and 14 Eyes surveillance alliances. This guide is regularly updated with new information and gives you everything you need to know.
The terms “Five Eyes“, “Nine Eyes“, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs and other privacy tools.
In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance data. In other words, they are essentially acting as one global-surveillance entity to spy on you and record your activities.
Right now, data collection is being carried out from a wide variety of sources: your browsing activity, phone calls and text messages, electronic documents, location history, and more. Sound crazy? In many countries, recording and collecting your online activities (data retention) is perfectly legal – and in some cases it is mandatory (UK and Australia). It’s very easy for internet providers to collect your browsing history by simply logging all your DNS requests (unless you’re using a good VPN service).
In this guide we’ll explain all the different “X” eyes surveillance alliances and why this topic is important when choosing privacy tools. Here’s what we’ll cover:
- Five Eyes
- Nine Eyes
- 14 Eyes
- Additional surveillance partners
- NSA and GCHQ cooperation within 5 Eyes
- ECHELON surveillance system
- VPN services located in 14 Eyes
- How to protect yourself from global surveillance
- VPNs that are outside of 14 Eyes
- Trust and jurisdiction
So now, let’s get started.
Five Eyes
The Five Eyes (FVEY) surveillance alliance includes the following countries:
- Australia
- Canada
- New Zealand
- United Kingdom
- United States
The history of this alliance goes all the way back to WWII and the UKUSA Agreement, which was officially enacted after the war in 1946. This agreement formalized a partnership between the United Kingdom and United States for gathering and sharing intelligence. The partnership continued throughout the Cold War and has only strengthened following the “War on Terror” and subsequent “terrorist” events.
Edward Snowden brought renewed focus to the Five Eyes surveillance alliance in 2013 when he exposed the surveillance activities of the US government and its allies.
Below are the different “5 Eyes” surveillance agencies working together to collect and record your activities:
It is no surprise that some of the Five Eyes countries listed above are also the worst abusers of online privacy:
- United Kingdom – Since the passage of the Investigatory Powers Act in 2016, internet service providers and telecoms have been recording browsing history, connection times, and text messages. The data is stored for two years and is available to UK government agencies and their partners without any warrant.
- United States – The US government has been implementing Orwellian mass surveillance collection methods with the help of large telecoms and internet service providers (see the PRISM program). In March 2017, internet service providers were given the legal authority to record user activity and sell this to third parties (and you can’t opt out). Of course, internet providers have been collecting data on their customers for many years, long before this law passed in 2017.
- Australia – Australia has also implemented sweeping data retention laws similar to the United Kingdom. (See the best VPN for Australia guide.)
Broad authority among 5 Eyes countries
Whether it is the NSA in the United States or the GCHQ in the United Kingdom, the “5 Eyes” is home to the most powerful surveillance agencies in the world.
The other drawback with these Five Eyes countries is that they have tremendous authority to force companies to record hand over data. In the United States, the Patriot Act ushered in a new level of power for federal data collection, especially through the use of National Security Letters. These laws basically give the government the authority to compel a legitimate privacy-focused company to become a data collection tool for state agencies. (See the Lavabit example.)
Nine Eyes
The Nine Eyes countries include:
- 5 Eyes countries +
- Denmark
- France
- Netherlands
- Norway
The existence of the Nine Eyes alliance is referenced in various sources online and became well-known following the Snowden revelations in 2013. It is just an extension of the Five Eyes alliance with similar cooperation to collect and share mass surveillance data.
14 Eyes
The 14 Eyes surveillance countries include:
- 9 Eyes countries +
- Germany
- Belgium
- Italy
- Sweden
- Spain
As before, the original surveillance agreement was extended to these other countries. The official name of this group of countries is referred to as SIGINT Seniors Europe (SSEUR).
NSA and GCHQ cooperation within 5 Eyes
Various government document releases, which have come out through official FOIA channels, reveal the close relationship between the NSA and GCHQ. Being the two most powerful surveillance entities in the world, with historical ties, it is no surprise that they work closely together.
A top secret NSA document from 1985, which was released in 2018 via a FOIA request, reveals the close cooperation continues today, based on the broadly-written UKUSA Agreement:
The UKUSA Agreement, dated 5 March 1946, has twelve short paragraphs and was so generally written that, with the exception of a few proper nouns, no changes to it have been made. It was signed by a UK representative of the London Signals Intelligence Board and the U.S. Senior Member of the State-Army-Navy Communications Intelligence Board (a predecessor organization which evolved to be the present National foreign Intelligence Board). The principles remain intact, allowing for a full and interdependent partnership. In effect, the basic agreement allows for the exchange of all COMINT results including end product and pertinent collateral data from each pattern for targets worldwide, unless specifically excluded from the agreement at the request of either party.
Another top secret NSA document from 1997 (officially released in 2018) further elaborates on the close cooperation between the NSA and GCHQ:
Some GCHQ [redacted] exist solely to satisfy NSA tasking. NSA and GCHQ jointly address collection plans to reduce duplication and maximize coverage through joint sites and cross-tasking, despite site closures.
With the reference to “joint sites” above, it’s important to discuss ECHELON.
ECHELON surveillance system
ECHELON is a network of spy stations utilized by Five Eyes countries for large-scale espionage and data collection. The Guardian described ECHELON as follows:
A global network of electronic spy stations that can eavesdrop on telephones, faxes and computers. It can even track bank accounts. This information is stored in Echelon computers, which can keep millions of records on individuals.
Officially, however, Echelon doesn’t exist. Although evidence of Echelon has been growing since the mid-1990s, America flatly denies that it exists, while the UK government’s responses to questions about the system are evasive.
Despite these denials, there have been various whistleblowers who have confirmed what’s going on behind the scenes. Both Perry Fellwock and Margaret Newsham came forward to document various aspects of ECHELON to the public.
VPN services located in 14 Eyes
Jurisdiction is a big consideration for most people when selecting a trustworthy VPN service and other privacy tools. Therefore we will briefly summarize the VPN services that are located in 14 Eyes countries below.
To recap, this list includes VPNs that are located in:
- Five Eyes (United States, United Kingdom, Australia, Canada, and New Zealand)
- Nine Eyes (Five Eyes + Denmark, France, Netherlands, and Norway)
- Fourteen Eyes (Nine Eyes + Germany, Belgium, Italy, Sweden, and Spain)
AceVPN (USA)
ActiVPN (France)
AirVPN (Italy)
AnonVPN (USA)
Anonymizer (USA)
Avira Phantom VPN (Germany)
AzireVPN (Sweden)
BeeVPN (Denmark)
Betternet (Canada)
Blockless (Canada)
BTGuard (USA)
CactusVPN (Canada)
Celo (Australia)
ChillGlobal (Germany)
CloakVPN (USA)
CrypticVPN (USA)
CryptoHippie (USA)
Disconnect.me (USA)
Encrypt.me (USA)
Expat Surfer (UK)
FlowVPN (UK)
FlyVPN (USA)
FoxyProxy (USA)
FrootVPN (Sweden)
FrostVPN (USA)
GetFlix (Canada)
GhostPath (USA)
GooseVPN (Netherlands)
GoTrusted (USA)
GoVPN (Germany)
Hide My IP (USA)
HideIPVPN (USA)
HideMyAss (UK)
Hotspot Shield (USA)
IncognitoVPN (USA)
Integrity.st (Sweden)
Internetz.me (Germany)
IntroVPN (USA)
IPinator (USA)
IPredator (Sweden)
IPVanish (USA)
LibertyShield (UK)
LibertyVPN (USA)
LiquidVPN (USA)
Mullvad (Sweden)
My Expat Network (UK)
MyIP.io (USA)
MyVPN.Pro (USA)
Netshade (USA)
Newshosting (USA)
Norton WiFi Privacy (USA)
OctaneVPN (USA)
Opera Browser VPN* (Norway) [Note: “Opera VPN” is not actually a VPN, but instead a proxy, and it is now owned by a Chinese consortium.]
OverPlay (UK)
OVPN.com (Sweden)
Private Internet Access (USA)
PrivateTunnel (USA)
PrivateVPN (Sweden)
ProXPN (Netherlands)
PRQ (Sweden)
RA4W VPN (USA)
RogueVPN (Canada)
RootVPN (Netherlands)
ShadeYou (Netherlands)
SigaVPN (USA)
SlickVPN (USA)
Speedify (USA)
Spotflux (USA)
Steganos (Germany)
StrongVPN (USA)
SunVPN (USA)
SuperVPN (USA)
SurfEasy (Canada)
TGVPN (UK)
Torguard (USA)
TorVPN (UK)
TotalVPN (UK)
Traceless.me (Germany)
TunnelBear (Canada)
Tunnelr (USA)
TVWhenAway (UK)
Unlocator (Denmark)
UnoTelly (Canada)
Unseen Online (USA)
Unspyable (USA)
VikingVPN (USA)
Virtual Shield (USA)
VPN Land (Canada)
VPN Master (USA)
VPN Unlimited (USA)
VPN.sh (UK)
VPNAUS (Australia)
VPNJack (USA)
VPNMe (USA)
VPNSecure (Australia)
VPNUK (UK)
WASEL Pro (Netherlands)
WifiMask (Netherlands)
Windscribe (Canada)
WiTopia (USA)
WorldVPN (UK)
Zenmate (Germany)
ZoogVPN (UK)
How to protect yourself from global surveillance
First, a disclaimer: If the NSA and GCHQ are personally targeting you for enhanced surveillance with their powerful resources, good luck. We have no way of knowing the full extent of their powers and capabilities. With that being said, we will cover some simple steps you can take to:
- Provide you with a much higher level of privacy and security than the average user;
- Make tracking and surveilling your activities much more difficult
So with that out of the way, let’s cover some quick basics.
1. Your electronic devices are potential surveillance tools, especially all “smart” devices
Whether it is your smartphone or the Amazon Alexa in your living room, all of these devices are tools to surveil your activities. It is an established fact that private companies are working to aid and abet the global surveillance state, as documented in the PRISM program. Therefore it would be wise to limit all “smart” devices in your daily life, or at the very least, start using privacy-friendly alternatives.
2. Use a VPN whenever you go online
A good VPN will safely and effectively encrypt and anonymize your internet traffic, without slowing your internet speed to a crawl. With internet providers in all Western countries snooping the activities of their customers, a VPN is now an essential tool for digital self-defense. Connect it and forget it. (The VPN for beginners guide covers the basics, and here you can find the best VPNs.)
3. Consider using other privacy tools
Your daily online activities can disclose mountains of personal information and private data to various third parties. Here are a few considerations:
- Use a private and secure email service
- Use a privacy-friendly search engine
- Use a private and secure browser
- Use a good ad blocker (most ads function as tracking and data collection tools)
These are just some basic, simple steps that anyone can implement in a matter of minutes. See the privacy tools guide for more information.
4. Advanced online privacy and security
Ok, so you want even more privacy and security than the average user. This is also achievable without too much effort. In addition to all of the above advice, you may also want to consider the following:
- Consider your operating system. Switching to a secure and privacy-friendly flavor of Linux is a good idea, although it may come with some hassle, depending on the distribution you choose.
- Use a privacy-focused VPN service. A good multi-hop VPN service, such as Perfect Privacy, will allow you to encrypt your traffic across multiple servers in different jurisdictions.
- Chain different VPN services. Another great way to compartmentalize your privacy is to chain more than one VPN service. For example, you could run VPN Provider #1 on your router, and then connect to that router through VPN Provider #2 on your computer. This not only distributes and compartmentalizes risk across different VPN providers, it also ensures that no single VPN service has both your originating IP address and your online activity (the sites you connect to). You can also cycle through different VPN providers at different times, thereby preventing any single VPN from having a full picture of your online activities (in the theoretical case that the VPN were to be compromised).
- Use virtual machines. Using virtual machines is a good idea for both privacy and security. You can install VirtualBox, which is free and open source, and then run different Linux VMs for different uses (also free). A virtual machine acts as a separate “virtual” computer on your host machine, which can help keep your host machine and data safe. Additionally, you can easily chain VPN services through the use of virtual machines with VPN #1 running on the host and VPN #2 on the VM.
Note: The Tor browser often comes up when discussing online anonymity. However, I’ve found numerous red flags in my research of Tor – but decide for yourself.
Some people argue against VPNs by saying “I have nothing to hide” or “I don’t trust VPNs”. These are very ill-informed arguments for a number of reasons:
- Your internet provider is likely recording everything you do (via DNS requests) and providing this data (or direct access) to surveillance agencies – see the Room 641a example. Your internet provider also knows everything about you (name, address, billing information, etc.). Why would you give this entity all of your private browsing activity as well, which could be used against you? This just doesn’t make sense.
- With a VPN, you are distributing trust from your internet provider to the VPN service. There are a handful of verified no logs VPN services, which have either been audited by third parties or passed real-life test cases. A VPN in a safe offshore jurisdiction adds additional protection, as it cannot be compelled to hand over data to your government.
- You can also cycle through different VPN services, or utilize two or more VPNs at the same time (chaining the VPNs). This provides an even higher level of privacy and security, especially if the VPNs and the VPN servers are distributed across different jurisdictions.
- If someone wanted to go after you for let’s say torrenting a movie (DMCA complaint), there would be three layers protecting you: 1) the VPN server you used in country A; 2) your VPN provider in country B; 3) your internet provider in Country C.
Since we’re on the topic of VPNs, let’s discuss some VPNs that are outside of the 14 Eyes countries and territories.
VPNs that are outside of 14 Eyes
Many Restore Privacy visitors are looking for a VPN that is based in a good privacy jurisdiction, outside of 14 Eyes countries and territories. This is a wise decision.
Based on personally using, researching, and testing numerous VPNs over the past five years, here are my current favorites from the best VPN service report:
- ExpressVPN (based in the British Virgin Islands, a politically and legally autonomous country that does not fall under UK jurisdiction) [ExpressVPN review] *currently offer a three months free coupon
- NordVPN (based in Panama) [NordVPN review] *currently offer a 70% discount here
- Perfect Privacy (based in Switzerland) [Perfect Privacy review]
- VPNArea (based in Bulgaria) [VPNArea review]
- VPN.ac (based in Romania) [VPN.ac review]
Trust and jurisdiction
In the end, jurisdiction is just one of many factors to consider when selecting the reliable privacy tools for your unique situation. How much it matters to you depends on many factors, particularly your threat model and the types of adversaries you are looking to protect yourself from.
For those seeking higher levels of privacy and security, jurisdiction is indeed an important consideration, especially when you consider the growing power of governments to force companies to hand over data and log users.
Trust is also a major factor you should consider. After all, a VPN can operate in a good “overseas” jurisdiction, yet still lie to customers and provide data to government agencies.
Take for example PureVPN, a provider based in Hong Kong that gave US authorities connection logs for a criminal case. But PureVPN has a poor record and has been involved in numerous scandals over the years, so this case is certainly not the norm.
There are also US-based VPNs that have provided data to authorities, even while promising to be “no logs” to their customers. One example of this is with IPVanish (see the IPVanish logging case), which logged user data and provided it to the FBI for criminal prosecution.
So to summarize what we’ve covered here, choosing the best privacy tools all comes down to trust and finding the best services that align with your unique needs.
Good luck and stay safe!
Fully revised and updated on May 21, 2019.
Sven check this out https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm
Full List of United States Mutual Legal Assistance Treaties and Agreements
MLATs, which are negotiated by the Department of State in cooperation with the Department of Justice to facilitate cooperation in criminal matters, are in force with the following countries: Antigua and Barbuda, Argentina, Australia, Austria, the Bahamas, Barbados, Belgium, Belize, Bermuda, Brazil, Canada, Cyprus, Czech Republic, Dominica, Egypt, Estonia, France, Germany, Greece, Grenada, Hong Kong, Hungary, India, Ireland, Israel, Italy, Jamaica, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malaysia, Mexico, Morocco, the Kingdom of the Netherlands (including Aruba, Bonaire, Curacao, Saba, St. Eustatius, and St. Maarten), Nigeria, Panama, Philippines, Poland, Romania, Russia, St. Lucia, St. Kitts and Nevis, St. Vincent and the Grenadines, South Africa, South Korea, Spain, Sweden, Switzerland, Thailand, Trinidad and Tobago, Turkey, Ukraine, United Kingdom (including Anguilla, British Virgin Islands, Cayman Islands, the Isle of Man, Montserrat, and Turks and Caicos), Uruguay, and Venezuela.
[Seems a jurisdictions to privacy provisions may have less importance than I would of guessed]
Interesting, thanks.
Hello Sven,
great and informative website. Regarding 5/9/14 Eyes, what do you think is more important when using a VPN service? The location/HQ of the VPN provider itself (e.g. Panama for NordVPN) or the location of the used server? Which jurisdiction is more important?
Definitely the location of the business, which is controlling the servers remotely. The US government can compel a US-business to log user data (example) and provide this to authorities, but doing the same for a VPN in an offshore jurisdiction that does not fall under US laws would be very difficult, if not impossible. The agency could then go to the datacenter and seize the server, but this is also a dead end if the VPN is running their servers correctly. There have been a few examples of server seizures that have not been fruitful – discussed in the no logs VPN guide.
And what do you think about cyberghost vpn ?
Here’s the CyberGhost VPN review.
Hi!…The best way to have a good privacy(from my point of view):use the chain of VPN’s,and avoid to use the free VPN(often are used for decoy).
All the best for all!
Fastest server for personal website for US visitors:
Bulgaria vs Romania vs Switzerland vs South Korea?
Romania…CyberGhost…umm..i think :))
Addition: The VPN service ‘OkayFreedom’ by Steganos is located in Germany
What are your thoughts on Avast SecureLine VPN? I’ve been using Avast since 2005 when they were a small outfit. I’d like to read your thoughts.
Thanks.
I’d like to review it soon.
Hi, Sven! How are you?
First of all, I loved your site. I was searching for open source alternatives to Google and did find the ‘Alternatives to Google Products’ post. Very interesting.
Reading this post, I need to ask something: in your opinion, how do you think other services, seemingly secure and private, are affected by being hosted in one of the 14 Eyes Countries?
I ask that because there are a lot of services – mail, instant messaging apps and so on – that are hosted in those countries, like Tutanota e MailFence mail solutions.
What do you think? I would love to hear from you about that and, maybe, to read a long and detailed post about it.
Best regards from Brazil! 🙂
It really varies from provider to provider and how they handle data, and what, if anything they collect. Speaking of Tutanota, you might find this interesting: https://tutanota.com/blog/posts/data-privacy-germany/
Hi Sven,i use vpn PIA. i have had different ip addresses show up when doing a dns leak test and managed to get rid of them by changing connection to different countries and then back to Romania or rebooting.For the last week or so i have constantly had 146.185.236.26 G-Core labs S.A. show up and i can’t get rid of it.I believe it stores logs for 14 days.If i’m using my pia vpn cang-core labs stiil track and log sites visited.I have also tried ip config/stop outsidedns but it hasn’t worked.Any simple suggestions please,(not tech savvy).Thanks Sven,cheers.
Now that we think we know something, the question remains: then what? We are constantly bombarded by information about things we can never change. What is the purpose of that? Apart from that, it is not vitally necessary to be able to go on-line. The “safest” and most “private” computer is no computer at all.
Who taught you that there is such a thing as “privacy” and why do you believe that the universe will collapse without your so-called privacy? Privacy is an illusion. It is simply a chosen notion. Suddenly one decides to experience privacy (or not), based on … Simply having people around means you are being watched, judged, evaluated, etc. What exactly is privacy and why do you feel the need to experience it?
For me, privacy and freedom go hand in hand. Privacy continues to erode throughout the world, as various entities want to record, track, and control everything we do online. The tools I discuss on the site allow you to restore a large degree of privacy and freedom with minimal hassle.
Henry,
Come on guy the US public to business and vice versa world has to big and strong of a foothold with online interactions anymore for your mention of ‘it is not vitally necessary to be able to go on-line’ to be even remotely true. That’s where customer service of many have moved. Try to get a paper account statement without a charge, then e-statements are the only option. A lot of times prices are better online and no electronic identity (email) basically means your saying no to 2019 life today.
–
The privacy you relate to is pulling the drapes closed and specifically not the same as internet privacy, cause if you knew someone was peering into your homes windows you’d call the law. Who you going to call when it happens behind the scene’s at sites and as one transverses the web.
–
The US has laws for snail mail and landline phones because of privacy abuse and crime issues early in history, and in 2019 going forward we need the internet to be given the same consideration here. Because of the content is of the same nature that classified and standardized that same content of the past in snail mail and landline phones. My gosh if you sing bad in the shower you would want a recording floating around the internet – and if it did by your not accessing the internet who’s going to know you want it pulled.
Please read the site starting with what interests you and learn to be grounded on and for your privacy rights on the internet as well as everyone else connecting where the business end requires it or moving that direction.
Hi Sven, have you seen this article ?:
https://www.skadligkod.se/vpn/the-5-9-14-eyes-misleading-vpn-argument/
What´s your opinion about it?
Best regards,
Brad
Had a quick look. The background of the 5/9/14 Eyes alliances is well-documented, real, and backed up by many documents that have come to light, particularly in the Snowden revelations. So to dismiss all this as “marketing” as he does in the conclusion is short-sighted and simply wrong. The cooperation between these entities is also real and well-documented, which affects companies offering privacy services in their jurisdiction. It also seems the author is closely connected to Mullvad, a Swedish VPN (which is a good provider by the way) and is making a case to ignore Sweden’s membership among 14 Eyes.
And his argument that jurisdiction does not matter is crazy: “Whether a VPN provider has its jurisdiction within a 5, 9 or 14 eyes country or not doesn’t matter when it comes to privacy or trustworthiness.”
This is just wrong. Look at the Lavabit example and other cases where US or UK courts compelled VPNs to log user data for authorities.
That article does have a point.
Regardless where the VPN company is registered, if you connect to a VPN server in one of the “eyes” countries then it’s game over, UNLESS, they truly have no-logs in-ram servers. Otherwise, nothing stops the local authorities from accessing the VPN server under their jurisdiction, regardless of where the company is located.
And that’s something to keep in mind, instead of just blindly assume that because a VPN company is in some remote island, their servers located in an “eyes-location” is by default safe. I think that’s what the author means by it being just meaningless marketing.
Also, isn’t Mullvard in particular by some ex-ThePirateBay people? If there’s anyone ready to show the finger to authorities in Sweden, is them (and Bahnhof’s CEO 🙂
> ” if you connect to a VPN server in one of the “eyes” countries then it’s game over”
No definitely not if the VPN has their act together and has properly secured their servers. This has happened before with server seizures in various countries, as discussed in the no logs VPN article.
With multi hop like perfect privacy what jurisdictions would you choose to not even pick up phone from 14 eyes? They have China, Czech Republic, Denmark, Egypt, France, Iceland, Luxembourg, Netherlands, Norway, Romania, Russia, Serbia, Switzerland, or Turkey? China Russia and Serbia maybe least friendly to 14 eyes, or stay away from China Russia because they have their own eyes?
Todd I think the actual location of the server(s) is less important than just using a multi-hop cascade over different jurisdictions.
Sven, what do you make of this article by Freedom.press, with Snowdens name all over it, https://freedom.press/training/choosing-a-vpn/ where, at the bottom, it recommends VPNs providers which are mostly in the countries to be avoided?
If chaining several VPNs would you put tor in the middle of the chain? Ignore speed decrease. Just for privacy.
I personally wouldn’t, no, especially after researching the Tor project.
Would you still recommend a vpn for someone outside the countries mentioned? Or would that just be adding unnecessary layers?
Yes, a VPN is still necessary regardless of where you’re at for privacy and security reasons.
Hello Sven,
You do not recommend ProtonVPN because of its US based funding and ties, etc but you still list ProtonMail in one of the safer email services. Why?
Hello, that is not quite correct. There were many issues with ProtonVPN (see Cons), and the secure email guide was just an overview of different secure and private email services, with my top recommendation being Tutanota.
Sven,
It’s a shame you closed the comments section of the “Best VPN” article, but understandable. What I’d like to ask is; Do you know of a VPN provider with similar a sign-up (account number, no email required) system, and data retention disclosure as Mullvad, but preferably based outside 14 Eyes jurisdiction? Hopefully one that offers a decent mix of protocols (I prefer WireGuard for router and IKEv2/IPSec for mobile), a decent config generator and cryptocurrency or gift card payments. I wouldn’t be surprised if one didn’t exist, but if you know of any, I’d be grateful. Thanks in advance.
Hi Matti, not sure on that one to be honest, but regarding signup, you could just create an anonymous burner account for signup.
Hello Everyone!
First, I must say that the articles presented in this site have me absolutely riveted!
Mr. Sven Taylor please continue with the good work You are Wonderfully sharing with others who are also interested in achieving a good level of privacy and/or anonymity.
Secondly, if I decided to go with a VPN based on one thing it would be Mullvad @ [www.mullvad.net] (even though the entity is based in beautiful Sweden).
I say this because it is the ONLY VPN website that has NO Trackers on its pages!!!
This alone tells me how serious the company is about Privacy.
Thank You,
i
What no comments about the LEO “tunneling” arrangement with China and Russia? Sort of like a VPN for spying.
While there may intense intelligence competition in the military, scientific and national political arenas — it a pretty open secret that these superpowers bypass internal limits on LEOs (both legal and political) via exchanges and leaks of foreign intelligence.
That is, if its impractical to gather LEO info directly with your own LEOs or intelligence —
*** just submit a request to an enemy intelligence service to spy the needed info out and then leak or trade the info to your intelligence agencies. ***
Such a system of intelligence favors has been around for many years and has really seen explosive growth in the modern era of terrorism and well connected international criminals.
Avoid IVPN based in Gibraltar, they email me on my gmail account i never shared with them! If anybody still believe in privacy of any VPN based in a british oversea territory is wrong! Maybe Gibraltar is more strategic for London then other locations being in Europe, so is more under control than British Virgin Islands hopefully.
Mr Hudson, what about CyberGhost VPN based on Romania?
CyberGhost review here.
Hi Sven.
I am currently using SurfShark VPN.
I believe they are pretty new.
Based in the British Virgin Islands which doesn’t belong to 14 eyes.
Anything I need to know about this company?
I have about 16 days left of a 30 day money back guarantee.
Great info by the way.
Cheers
Hi Lewie,
I’d not go with a new VPN company as to much about is unknown.
Just like with a claimed 500 servers in 50 countries – HUM…
You can bet somethings up there, and trying to get known by offering unlimited device connections per account would be something I’d suspect they’ll not keep for long or long term.
–
I don’t like these either-
Surfshark.com registrar is NameBright.com Inc, a Colorado corporation.
Why have any US ties for an offshore jurisdiction of a VPN?
NameBright
2635 Walnut Street
Denver, CO 80205
NameBright is a TurnCommerce corporation.
https://www.namebright.com/Whois/Surfshark.com
See H.R. (1981) Laws: https://privacysniffs.com/data-retention-law/united-states-of-america/
Would that play a roll here with Surfshark VPN ?
–
Surfshark TOS states:
#1. No-logs Policy – We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.
*We do not approve any unlawful, illicit, criminal or fraudulent activities committed by using Surfshark Services. As we are not logging any information about your activities, you are using the Surfshark Services at your own risk.
– Surfshark will not be liable in any way or form for illegal actions done by you arising through or from the use of our Services.
#2. You are solely responsible for all usage or activity on your account including, but not limited to, use of the account by any person who uses your account, with or without authorization, or who has access to any computer on which your account resides or is accessible.
#3. You may share your account, username, or password with your family and friends only. “and” You may be held liable for any losses incurred by Surfshark, its affiliates, officers, directors, employees, consultants, agents, and representatives due to someone else’s use of your account or password.
We reserve the right to terminate your account at anytime.
#4. Surfshark Services renew automatically for the same length at the end of each service period and you are charged according to your chosen payment method.
–
[-[Your payment info. is stored to automatically renew account – and the wordage of “Surfshark will not be liable in any way or form” with the meaning “You may be held liable for any losses incurred by Surfshark”. – – I surely wouldn’t trust or want anything directly related to me in way of payments but only Virtual payment cards or prepaid and gift cards with a set sum added to a VPN service this new.]-]
#9. We also do not guarantee that the Services is free from viruses or other harmful components. @ WOW THEY SAID THAT………..
https://surfshark.com/terms-of-service
–
1. What information is collected?
> Information we collect on our Website and apps.
In addition, when you visit our Website, we may also retain your IP address, a unique identifier for your computer or other access device.
When you use our app, we may collect advertising identifiers.
> Cookies and web beacons / Cookie a small string of information that transfers to your computer for identification purposes.
Web beacon is an invisible pixel-sized graphic image on a web page, web-based document or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the Website, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family.
–
Further down the PP,
# 6. At this time Surfshark does not recognize automated browser signals regarding tracking mechanisms, which may include ‘do-not-track’ instructions.
# 7. We collect and use information about you in the same way and for the same purposes if you access Surfshark from your mobile phone, as we do when you use our Website. If you use our browser extension, we collect the same information as in case of our other Services.
# 8. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Services and that any personal information, general information, or other data or information received from you through the Website or our Services is provided at your own risk.
–
Pretty heavy TOS & PP and looks like they will know you well without logs – that’s why a trustworthy and time tested VPN is most important or it should be to everyone : )
Thanks a ton for such a deep and valuable insight into the subject and also the well-thought reviews (which I’m going through at the moment).
Possible to review ZoogVPN? [https://zoogvpn.com/]
Need to buy a service soon and I see they have a “No” everywhere in this list.
[https://thatoneprivacysite.net/vpn-comparison-chart/]
I’d appreciate it.
Cheers
ZoogVPN
Jurisdiction: United Kingdom => 5 eyes
additionally: 27 servers/ 18 contries
no kill switch
to avoid
Hi Sven,
I think it’s time to seriously work for internet decentralization. The situation is getting worse every day.
If we do nothing internet will soon become our prison.
People must think about political system and capitalism more deeply and by themselves.
Things are going really bad on our world. Earth should be a paradise, not a hell. It’s all in our hands.
Regards.
Would tor be within the eyes if they are based in Germany??
Well, the Tor project is based in the US, but anyone can operate a Tor node – they are all over the world.
I need a free vpn that doesn’t log and require opening an account, recommendations?
Please do not recommend vpns that have trials attached to them.
I’d avoid free VPNs. If it’s free, then you are likely the product.
Spot on
I use Opera’s free VPN feature, and VPN addons with Firefox. I don’t see how this makes me a product, and meanwhile I benefit from the advantages of a VPN connection.
Read Opera’s privacy policy, where they describe how your data is collected and shared with third parties, then you will understand. Also, Opera is lying when they claim to offer a VPN. It’s not a VPN, it’s a proxy server that many consider to be insecure. Final point: Opera was sold to a Chinese consortium for $600 million. No data protection in China, I’m afraid.
You know they are not trustworthy when they lie at the start calling a proxy service a VPN.
What is your opinion on Epic Browser’s VPN proxy ? :
https://www.epicbrowser.com/
Not recommended.
Browser-based proxies are not VPNs.
If it is like the “free VPN” in Opera’s browser, then it is a data collection tool.
You know they are not trustworthy when they lie at the start calling a proxy service a VPN.
Hi Sven,I’m not tech savvy,so this may seem a stupid question.If i’m using PIA and firefox when browsing,will this be recorded on my hard drive? thanks for your help.
Hi Jim, the VPN will not be recording anything, but Firefox may be storing your browsing data depending on your browser’s settings/configurations. You can modify Firefox for more privacy using the steps in this guide.
Hi Sven,i use avast internet security and also avast vpn.I have recently set up PIA and quite often find avast softlayer technologies appearing with the country chosen through PIA(very concerning and frustrating).Most common one is 173.192.103.7 US.another is 169.57.1.216. BTW my avast vpn is not on when this occurs.An earlier comment shed some doubt on PIA no logs,your opinions please.Also,if i use firefox and PIA will browsing be recorded on harddrive.thanks.
Hi, you should configure Firefox to keep as little data as possible. PIA is a US-based provider, which is not a good jurisdiction, but it has also had their “no logs” claims confirmed in court.
Regarding Avast, I’m not sure what is going on. I’ve seen that avast antivirus collects quite a bit of data, and last time I checked their privacy policy, this data could also be shared with third parties. I’m not sure about their VPN though.
Something for you to be aware of Sven, to be honest, I think it’s important enough to have it’s own article.
Yesterday, I found that UK mobile networks require “adult verification” when unblocking adult content restrictions, by submitting driving licence or passport details, if you are using a sim car that isn’t on a contract.
Now, the uninformed might think “It’s just to make sure that children aren’t accessing pornography & to safe guard the vulnerable”.
No. This is used to get a registrar of people who use encrypted communication over their ISP’s, plain & simple, because it explains all of the following…
Yesterday, I had to update my NordVPN Windows app, which at the time, was connected to my 4G hotspot. Upon doing this, I could no longer access the Nord app at all.
In addition, on an un-encrypted connection:
-I couldn’t LOAD any VPN website AT ALL.
-As a test, I tried a number of websites that some might consider “fringe” or “politically controversial” & I couldn’t load them without the “adult verification” prompt.
-I tried to install offline, the NordVPN windows app, couldn’t login.
-I setup the Windows 10 VPN IKEv2 & I couldn’t connect to the internet.
-I tried to install a Express VPN (trial) & ProtonVPN on my mobile & it wouldn’t configure (i.e blocked)
Eventually, I solved the problem by connecting to wifi & setting the connection type to “obfuscated”, but if I was with a VPN provider (or was technically unaware) & using a 4G hotspot to access the internet, I would no longer be able to use a VPN without verifying my identity…at all.
Now, what has prompted all this? It’s a recently passed UK law to “protect children”
This is some background info on the law, prior to it’s passing:
https://www.independent.co.uk/news/uk/politics/internet-laws-social-media-child-safety-terrorism-facebook-twitter-matt-hancock-a8360081.html
I wouldn’t be surprised if public wifi does the same thing soon.
I would now say that any VPN provider that doesn’t have a type of obfuscated connection, cannot be recommended for UK users, at all.
Hi Richard. Wow, this is interesting. If you don’t mind me asking, what is the internet provider you noticed this on? So you are saying that standard OpenVPN (non-obfuscated) connections are getting blocked on 4G mobile networks (without verification) and home networks (your WiFi) – correct? It looks like the UK is following in the steps of China and Saudi Arabia with internet censorship. And then there was the recent EU law passed regarding content filters, copyright for news articles, and link taxes. Probably it’s time for an article on EU censorship…
With home (landline) networks, some providers, by default, will have “adult content” restriction & you’ll need to login to your account to remove it. I know that Virgin & Sky have their adult filter enabled by default & while you can load a VPN site, you’d have to disable it to use a VPN connection. I don’t know about BT or Plusnet (BT owned).
https://betanews.com/2016/07/07/sky-broadband-web-filters/
I don’t know exactly how the recent law change may have affected the landline providers outside of what I’ve seen myself, but considering you need to be 18+ to sign a contract, it might vary from provider to provider & might require more research.
But…mobile networks, non-contract pay as you go…100% have adult verification. If you had a new phone & new sim card & tried to install a VPN app using a 3/4G connection, it won’t work, you would need to login to wi-fi to install & then you can use VPN (I was mistaken, non-obfuscated connections work on 3/4G connection…for now), BUT…if you turn on the hotspot feature on the phone & try & connect a laptop that ALSO has a VPN app…that won’t connect using a non-obfuscated connection using windows 10, which means many VPN servers in countries that can’t or for commercial reasons, aren’t available on a obfuscated connection type, if you’re using a 4G hotspot that isn’t age verified.
That is 100%. My concern is that the government will then force Google & Apple to also do age verification.
https://www.thesun.co.uk/tech/5783907/porn-verification-age-scheme-check-date-uk-when/ <— this gives a simple explanation of the law.
I sent the info to NordVPN, which they said they were unaware of & would investigate what to do about it.
https://www.vpncompare.co.uk/wp-content/uploads/2015/10/o2-age-block.png <—this is the screen I was getting when I tried to access some various "alt-media" that was more "right-leaning".
This dispels the lie of "protecting children from porn".
All the mobile networks are forced to comply with this law, I use 02…I checked the other main ones (Three, Vodafone, EE), they all state that age-verification requires an upload passport/Driving licence details, I think it also said about using a card payment, probably to use the credit check facility to confirm identity.
I did mention in my post yesterday about public wifi, well…I've noticed my local supermarket Morrisons blocks VPN (even obfuscated), as well as another large high street business which…I can't remember who it was, just that it wouldn't work, but that is probably related to the fact these business mine the user data for commercial purposes, maybe…
As for the EU…that article 13 is something that should concern us all.
Thanks for the information, Richard. I’m going to do an article on censorship in Europe, and perhaps also one for the UK specifically.
It seems NordVPN fixed the issue in their last update, although the Killswitch doesn’t work now, trying to connect always times out.
Had a similar issue with Virgin Media here in Ireland using NordVPN. When using NordVPN on an iPhone, servers would connect but no website would be reachable and no apps would be able to access the internet, found out later that the NordVPN iOS app only supports using IKEv2. Setting up manually on the OpenVPN app worked, no issues at all, same when using the NordVPN client with OpenVPN on Windows 10 and Android, worked fine. Issue could be replicated across Virgin Media’s Cellular and Cable internet services, with other providers like Vodafone and Eir having no issues using IKEv2 or NordVPN. Found forum posts littered with people reporting IKEv2 connectivity issues on VM too. So seems some unscrupulous ISPs are blocking IKEv2 and the only way to know if an ISP is doing it is to try using it. A fresh reminder that not all ISPs are created equal.
Hi,
Be very careful with ProtonVPN. They will allow a FREE Version Download/Install. But, should you wish to uninstall/remove it, you will be required to buy a “one year subscription” to have access to that option. My Bitdefender Shredder cannot rid me of it.
I would more than appreciate it, if someone could share a method of accomplishing that feat.
That sounds unlikely to me.
If you’re still afflicted with this uninstall issue maybe you can post a screen capture of the window with the stipulation?
Q: did you download the installer direct from ProtonVPN?
Q: what platform?
A) if possible use another computer in case it’s compromised.
If you can isolate it from the internet and still follow up as mentioned below, disable it’s internet connection(s) physically if possible and make sure any wifi is not able to connect to any hotspot except one(s) you could turn off or unplug (ones you control), then disable the wifi network adapter on the computer.
If by some chance that stipulation is in fact in the terms I’d personally ignore it and go about culling that software from the system manually. If you do not know how to do that yourself you should have no problem finding help with it.
B) do not use the free VPN service anymore on the outside chance you have actually violated/exceeded some sort of limits to the free server which in turn has obligated you via its terms to pay for the excess use.
In the US, courts have been lax on enforcing various types of onerous garbage in terms weather they read the TOS or not. Hijacking your freedom to operate your computer is perhaps even criminal if it is in the terms. They in turn would perhaps be granted the ability to bill you even for predatory terms, read or not.
C) call or write ProtonVPN for support and bring this up to them. At least it should clarify if they are actually responsible for the issue.
D) try to discover if your system is compromised. Snag the Emergency Kit : https://www.emsisoft.com/en/home/antimalware/#emergency-kit
That’s for starters,
JN
Hello, Is there safe to use a VPN provider from Panama and connect to a local location for accessing local content when the local country is on the 9 eyes list?
As you mentioned about PureVPN giving logging users data but what I know after reading their response on their blog is that they only keep timestamp which is Okay. What do you have to say about that?
Hi,
Thank you very much for this site and your work.
Sad for me to see my VPN provider here, It’s office based in Italy.
I noticed, you sometimes advice PerfectPrivacy and VPN.ac, so I looked at their info. I just want to mention that the software they provide is closed-source, so you never can be sure what does this software do exactly. As for me, it looks strange a bit in the context of usage. And it has poor functionality. For example, the VPN I use (but now will look for another) provides an open-source client software, available on gitHub, with lots of views and commits, and so on. It also has much advanced options than PerfectPrivacy’s do, because there is a big suggestion thread on the forum.
VPN.ac looks great for me if there was a way to manage double tunnel on linux with easy steps. I’ll try to find it.
Thank you for this article.
What VPN do you use? Since it’s open source I will check it out on GitHub. Thanks in advance.
It seems that you guys now what you are talking about. I would like to hear a opinion on Mullvad besides that there are part of the fourteen eyes. Looking for a Perfect Privacy alternative
Why ProtonVPN is not on the list? It’s based in a Switzerland and has a cascading VPN option (called Secure Core).
Hi Piotr, check out the ProtonVPN review to see why it’s not recommended here.
Sven, I want to thank you for such a fantastic, well-written, and thorough article on a subject I have been researching for a while now. I have used PIA and others. I am constantly amazed by the amount of “Weasel words” used in their “no logs” policies. FWIW, I don’t do anything illegal online, I don’t even want VPN for torrents and stuff like that, I simple want ABSOLUTE Anonymity. Of course I know there is NO way to get that, as IF what someone is doing is high enough priority, all nations and companies will (and perhaps should) give up a user, for example someone planning to kill a few thousand people. The problem I have, and my main motivation for wanting the best VPN I can find, is the fact that western governments DO NOT go after crime, they don’t care about stuff that hurts PEOPLE, only stuff that hurts THE GOVT! This hypocrisy drives me insane, people buy illegal stuff online all the time and they do nothing, meanwhile they go after people expressing simple freedom of speech which is against the flow of the current government or politically correct agendae which are currently fashionable!
I use the internet to research issues of free speech and government corruption. I am therefore very concerned about spying etc. I simply want the most secure VPN service available, while I understand the fact that IF I was wanted badly enough, they could find me. I just don’t want people getting to me without a court order (as I don’t break any laws!)
Before reading your excellent article, I was wondering about NordVPN. I have PIA currently but feel like a change, not really sure why. Nord says two things which encouraged me, and I wonder if you could comment on these two points….
1. Based in Panama – outside the 14 eyes, safer?
2. They have DoubleVPN – I don’t really want to go near Tor network as I am sure that’s the best way to get spied on, but will it help in this case as my entrance is via a Panamanian based VPN?
Also, is it easy to set up a router as you suggested in one of your articles? Can you set a router up to use VPN all the time, and then connect to VPN on machine as well as and when needed?
Sorry, also !!….. do you know how the speeds compare between VPN providers as I like speed!
Thanks
Hi Ed, good points. The hypocrisy throughout the Western world is getting to be ridiculous. They can lock someone up for 10 years for downloading a song in the UK, but they will turn a blind eye to other crimes and corruption – but this is becoming the norm throughout much of the world I guess.
Regarding NordVPN, it has pros and cons – check out the review here. Yes, you can definitely setup a VPN router to work at all times. And then, for an even higher level of protection, you can connect to the router with your computer, and then connect to another VPN server through your computer, thereby using two different VPNs at the same time.
Hi Sven, thank for you reviews.
I have a question for you…because I could’t find this info..
All VPN providers have their main location (USA, UK, Japan, …) so we can decide how “safe” can be each provider for our privacy…
But what about their servers located in different parts of the world? Can they be influenced by local juridsiction?
I.e, I choose a VPN provider located out of 14 eyes counties, but I connect to one server in US (or UK…).
Is this server under US juridsiction or no? What that VPN provider can be forced to do, considering that that server is in US ?
thanks
Hi Fiore, so the operating jurisdiction will determine what laws the VPN company (business) must comply with. In other words, a Romanian VPN service will not need to comply with an American DMCA (copyright infringement) request. However, a server park (datacenter) would fall under the jurisdiction where it is located. So the answer to your question is yes – servers (datacenter) fall under the jurisdiction where they are physically located. So the VPN provider can’t be forced to do anything, but the police may seize servers in their jurisdiction if they are going after someone. This was the case last year when Dutch authorities seized two Perfect Privacy servers in Rotterdam (no customers were affected due to no logs being saved and the servers being operated in RAM disk mode). Servers could also be monitored externally by authorities, which I would assume is easily within the powers of the NSA or GCHQ – but who knows exactly.
This is where advanced privacy features come into play – such as multi-hop VPN chains and also NeuroRouting.
Hello Sven, thank you for this overview as I think ppl seem not to care so much about the 5/9/14 eyes when it comes to VPN (my experience so far). I was thinking of getting a VPN (perfect privacy seems to be good choice) and was wondering if it makes sense at all to pay for the VPN service anonymously (like, via Bitcoin etc.)? Wouldnt a good VPN NOT log or store any payment information anyway? As in, you buy an account, but the VPN only sees that it’s paid but no further details. And IF you manage to buy it anonymously somehow, you still connect to the VPN with your REAL IP address, thus the VPN provider can see where you’re located via your IP and ofc it’s linked to a certain account. So what do you think? Buy VPN anonymously or not and trust the VPN?
Hi Jaxxx, good questions – but it’s hard to give definitive answers because some people seek more anonymity than others. Ultimately it depends on your threat level. Keep in mind, a VPN does need to do basic accounting if they are accepting payment in return for subscriptions. You mentioned Perfect Privacy – with that service you can pay via Bitcoin or even send cash in the mail to their accountant in Latvia. You can also use a throwaway email when signing up to acquire your password, and then use different throwaway emails if you need to contact support. Some VPNs don’t allow anonymous payment, others do.
For more anonymity, you can also stack VPNs. In other words, use VPN #1 on your router, and then connect to your router and use VPN #2 on your computer. And for more security/privacy, you can also use VPNs through virtual machines.
Sven, then should you ever filter privatevpn and Mullvadvpn in Sweden? mullvad and privatevpn do not keep logs at all.
Hi Jack, I haven’t tested either of those providers, but things aren’t looking good for the future of online privacy in Sweden – see this article.
Regarding “no logs” – you may be interested in this article.
woooowwwwwwww!
It is too bad. I think the answer is to avoid all 14 eyes.
According to Mullvad.s FAQ:
“Do you obey the EU Data Retention Directive?”
“The directive does not apply to Mullvad because we are not considered an electronics communications service. This is also the case for Sweden’s Lagen om elektronisk kommunikation (LEK).”