
Best VPN Services | |
#1 | ExpressVPN.com |
#2 | Perfect-Privacy.com |
#3 | NordVPN.com |
#4 | ProtonVPN.com |
#5 | VPNArea.com |
#6 | VPN.ac |
#7 | Trust.Zone |
What if many of the “best VPN” services that promise to give you security and privacy are actually exposing your identity to third parties?
In my search for the best VPN for 2019, I’ve reviewed, researched, and tested all of the popular VPN providers – and the results were alarming. Many VPNs recommended on large, trusted websites suffer from data leaks, broken features, and critical flaws. These problems not only render the VPN useless, but they also expose your identity, location, and data to third parties.
Here’s a recent example of a popular VPN I tested that was found to have IPv4 leaks:
These data leaks will undermine your privacy and affect many popular VPN services. This is why our rankings are based on test results – not marketing hype.
What is the best VPN for 2019?
While there is no “one-size-fits-all” VPN service that will be perfect for everyone, the VPN that performed the best in all categories of testing is ExpressVPN. Following behind in second place is Perfect Privacy, with NordVPN coming in third place.
That being said, any of the recommended VPNs in this report may be the best for you – it all depends on your own unique needs.
Ranking criteria – The goal of this best VPN report is to filter through the noise and identify the most secure VPNs that passed all tests and meet the following criteria:
- Located in a good privacy jurisdiction (outside of 5/9/14 Eyes countries) to keep your data safe
- Passed all tests with no leaks found whatsoever (no IP address leaks or DNS leaks)
- Good performance throughout the server network (speed and reliability)
- High-quality VPN apps with all features working correctly
- Supports the OpenVPN protocol and strong encryption standards
- Offers a money-back guarantee (between 7 and 30 days)
- Trustworthy and well-established VPN provider with a good track record
Here are the best VPN services for 2019:
1. ExpressVPN – Best all-around VPN service for 2019
Rank | #1 |
Based in | British Virgin Islands |
Logs | No logs (audited) |
Price | $6.67/mo. |
Support | 24/7 Live chat |
Refund | 30 days |
Website | ExpressVPN.com |
In an overcrowded VPN market, ExpressVPN continues to stand out from the rest and remains the top recommendation on Restore Privacy. While many VPNs suffer from bugs and random issues, ExpressVPN consistently works with excellent performance and the most secure VPN apps.
Based on my own testing and research, here are some highlights from the ExpressVPN review:
- Verified no logs: ExpressVPN is one of the few verified no logs VPNs that has undergone a third-party audit to validate their no-logs policy and privacy protection measures.
- Audited: In January 2019, ExpressVPN passed a third-party audit performed by Cure53, a reputable cybersecurity firm based in Berlin.
- Secure: ExpressVPN uses the highest encryption standards: an AES 256-bit cipher with a 4096-bit RSA key and SHA-512 HMAC authentication. ExpressVPN apps also incorporate a “Network Lock” kill switch feature (no leaks were identified in testing).
- Secure servers: Since April 2019, ExpressVPN runs all servers in RAM-disk mode, rather than on hard drives. This makes it impossible to physically store any logs or data on the servers and also improves security (see the TrustedServer feature).
- Apps for browsers: Browser extensions are available for Chrome, Firefox, and Safari that are open source and incorporate HTTPS Everywhere from EFF.
- Apps for all devices: User-friendly apps are available for all major devices and operating systems, including routers, Linux, Windows, Mac OS, Android, iOS, smart TVs and more.
- Split tunneling: Split tunneling is available with the Windows, Mac OS, and router apps. (This is the ability to route certain apps or website traffic outside of the encrypted VPN tunnel.)
- VPN router: If you want to use a VPN on a router, ExpressVPN offers a dedicated router app. The app makes using a VPN on a router very easy, while also giving you the ability to easily switch between server locations.
- Works with Netflix: ExpressVPN is the best VPN for Netflix, with 24/7 access to many different regions, as well as a high-performance network for HD streaming.
- Torrenting: It is also a great VPN for torrenting, with no restrictions on torrenting traffic or bandwidth.
- Safe jurisdiction: ExpressVPN is based in the British Virgin Islands, an excellent privacy jurisdiction outside of 5/9/14 eyes countries.
- Responsive support: ExpressVPN offers 24/7 live chat support directly through the website, in addition to a huge selection of setup videos and manuals.
- Fastest VPN tested: In terms of speeds, ExpressVPN is the best VPN I’ve used. It consistently gives me around 150 Mbps with nearby servers (on a 160 Mbps connection), as well as great speeds with long-distance connections, such as streaming Netflix from US servers. (All speed tests are posted in the review.)
Main drawbacks:
- More expensive than some competitors (but see the 49% discount coupon)
Refund policy: All subscription plans come with a full 30 day money-back guarantee, no questions asked.
https://www.expressvpn.com/
ExpressVPN Coupon 2019
Sign up for the 12 month plan, and get 3 months FREE (49% Off)
Get Three Months Free + 49% Off ExpressVPN >>
(Discount is applied automatically through the link above.)
(See the ExpressVPN review for more test results and analysis.)
2. Perfect Privacy – Premium VPN with advanced security features
Rank | #2 |
Based in | Switzerland |
Logs | No logs |
Price | $8.95/mo. |
Support | Email & forum |
Refund | 7 days |
Website | Perfect-Privacy.com |
If you are looking to attain the highest levels of privacy and security, Perfect Privacy may be a good choice. Although it may be overkill for some users, Perfect Privacy offers a number of advanced features you won’t find elsewhere.
Here are the main highlights from the Perfect Privacy review:
- Multi-hop: Multi-hop VPN cascades are supported on the Windows and Mac OS apps. (See my multi-hop VPN article for details.) The NeuroRouting feature (supported on all devices) dynamically routes traffic across multiple hops in the VPN network (similar to Tor).
- Unlimited: With Perfect Privacy, you get an unlimited number of connections and unlimited bandwidth (no restrictions).
- Ad/tracking blocker: The TrackStop feature blocks thousands of advertisement, malware, tracking, and phishing domains at the VPN server level.
- Safe jurisdiction: Perfect Privacy is based in Switzerland, a good privacy jurisdiction
- Secure servers: The entire server network is composed of dedicated bare-metal servers that are running in RAM-disk mode (no hard drives). (See the real-time server bandwidth.)
- IPv6 support: Perfect Privacy is one of the few VPNs offering full IPv6 support (you get both an IPv4 and IPv6 address)
- Secure apps: Very secure apps with customizable DNS and IP leak protection (no leaks found in testing)
- No logs: Perfect Privacy is also a verified no logs VPN service (servers were seized in Rotterdam, no customer data affected).
Main drawbacks:
- More expensive at $8.95 per month with the two-year plan
- Does not work well with Netflix and other streaming services (blocked)
- Less user-friendly than other options and limited apps for mobile devices
Refund policy: 7 day refund window with all subscriptions.
https://www.perfect-privacy.com/
(See the Perfect Privacy review for more test results and analysis.)
3. NordVPN – Best budget VPN service with great features
Rank | #3 |
Based in | Panama |
Logs | No logs (audited) |
Price | $3.49/mo. |
Support | 24/7 Live chat |
Refund | 30 days |
Website | NordVPN.com |
NordVPN is another VPN that has climbed in the rankings. In the past few years, I’ve seen NordVPN make major improvements in their service, such as improving the kill switch, adding new features, and greatly expanding their server network to improve performance. NordVPN now holds the #3 spot and it continues to perform well.
Here are some highlights from the NordVPN review:
- Safe jurisdiction: NordVPN is based in Panama, which is an excellent jurisdiction for privacy.
- Huge server network: The server network is very large, with 5,200+ servers in 60 countries
- Apps for all devices: NordVPN offers a large selection of user-friendly apps for all devices and operating systems.
- Specialty servers: There are specialty servers, including double-VPN servers (traffic is encrypted over two locations), Tor-over-VPN servers, obfuscated servers (stealth VPN) and more.
- Ad/tracking blocker: The CyberSec ad blocking feature blocks tracking, malware, and advertising domains at the VPN server level.
- Dedicated IPs: NordVPN offers dedicated IP addresses throughout the world, which can be added on to your subscription.
- No logs: NordVPN is a verified no logs VPN provider, having passed a third-party audit of their logging policies in November 2018, performed by PricewaterhouseCoopers AG, Zurich, Switzerland.
- Works with Netflix: NordVPN provides 24/7 access to Netflix regions all over the world.
- Great value: Competitive price at only $3.49 per month (with the three-year plan)
- Responsive support: You get 24/7 live chat support directly through the website, as well as many support manuals.
- Very secure: Secure VPN apps with no leaks or privacy issues identified; strong encryption standards.
- Reliable: Although NordVPN is not the fastest VPN I’ve tested, the speeds and connections were reliable.
NordVPN hack? In October 2019, news broke about a security incident with NordVPN. As I explained, the “NordVPN hack” was someone obtaining an expired TLS key for a single server in Finland (out of 3,000+ servers). Even with this expired TLS key, NordVPN user traffic and data could not be decrypted since NordVPN uses perfect forward secrecy.
Main drawbacks:
- NordVPN has decent speeds, but there is some variability with performance in the server network (not the fastest VPN, but still above average)
- The 70% discount is only available for three-year plans
Refund policy: All subscription plans come with a full 30 day money-back guarantee.
https://nordvpn.com/
NordVPN Official 70% Off Coupon
Get 70% off NordVPN (drops the price down to $3.49 per month)
70% Off NordVPN >>
(Discount is applied automatically through the link above.)
(See the NordVPN review for more test results and analysis.)
4. ProtonVPN – Secure and privacy-focused VPN in Switzerland
Rank | #4 |
Based in | Switzerland |
Logs | No logs |
Price | $4.00/mo. |
Support | |
Refund | 30 days |
Website | ProtonVPN.com |
ProtonVPN is a VPN service that was launched by the team behind ProtonMail in 2017. Since its debut two years ago, ProtonVPN has made many improvements. For those looking for a privacy-focused VPN with excellent security features, ProtonVPN has a lot to offer.
Here are some findings from the latest ProtonVPN review:
- Secure servers: ProtonVPN runs only dedicated bare-metal servers. They also have a Secure Core network setup to route traffic through high-security dedicated servers in safe physical locations.
- Switzerland jurisdiction: ProtonVPN operates out of Geneva, Switzerland and benefits from Swiss data protection laws.
- Solid reputation: The team behind ProtonMail and ProtonVPN have been developing privacy services since 2014 and have earned a great reputation in the privacy community.
- Transparent: The team and ownership behind ProtonVPN are transparent and publicly verifiable.
- Works with Netflix: ProtonVPN currently works with the following Netflix regions: US, UK, and Germany.
- Secure apps: The ProtonVPN clients I tested include IP address and DNS leak protection along with a good kill switch.
- Can be combined with secure email: If you sign up for the Visionary subscription, you can combine both secure email (ProtonMail) and VPN together under one plan.
Main drawbacks:
- Variable speeds with some servers
- Prices are above average (for access to all servers and features)
https://www.protonvpn.com
(See also my ProtonVPN review for more test results.)
5. VPNArea – Affordable VPN for privacy and security
Rank | #4 |
Based in | Bulgaria |
Logs | No logs |
Price | $2.99/mo. |
Support | 24/7 Live chat |
Refund | 30 days |
Website | VPNArea.com |
VPNArea is a low-profile VPN service that doesn’t get too much attention, but it does well in the areas of privacy, security, and streaming. With the new discount pricing, it also offers a good value for your money.
Here are some highlights from the VPNArea review:
- Secure: VPNArea offers strong security features with good leak protection settings (no leaks identified in testing)
- Ad blocking: Ad-blocking DNS servers are available in the VPNArea apps.
- Dedicated IPs: If you need a VPN with a dedicated IP address, VPNArea is a great option with different locations around the world.
- Live chat support: VPNArea offers 24/7 live chat support, email support, and many installation manuals.
- Account sharing: Although many VPNs prohibit account sharing, VPNArea allows account sharing, with up to six simultaneous connections per subscription.
- No logs: VPNArea is a no logs VPN service (but not yet audited or verified).
- Netflix support: Dedicated server hubs for streaming Netflix, BBC iPlayer, and SkyGo
- Safe jurisdiction: VPNArea is based in Bulgaria, a privacy-friendly jurisdiction not part of 5/9/14 eyes.
- Competitive pricing: VPNArea has lowered prices with a three-year plan for $2.99 per month.
Main drawbacks:
- Limited number of Netflix servers available
- Desktop apps feel a bit clunky, but still work well
Refund policy: There is a 30 day refund policy with one year and three year plans, and a 14 day refund window for one month plans.
https://vpnarea.com/
(See the VPNArea review for more test results and analysis.)
6. VPN.ac – Security-focused VPN service
Rank | #5 |
Based in | Romania |
Logs | Connection logs |
Price | $3.75/mo. |
Support | |
Refund | 7 days |
Website | VPN.ac |
VPN.ac is a security-focused VPN that offers excellent performance and features, for a competitive price. It is based in Romania and was started by a team of network security professionals. VPN.ac did very well in testing. Here are a few highlights from the VPN.ac review:
- Secure: Very secure applications and infrastructure, with support for numerous VPN protocols and encryption options, including WireGuard.
- Secure servers: VPN.ac’s entire network is composed of dedicated bare-metal servers
- Double-hop VPN: VPN.ac offers 22 different double-VPN server configurations.
- Good apps: You get user-friendly VPN apps with support for all major operating systems
- Browser extensions: Secure proxy browser extensions for Firefox, Chrome, and Opera browsers
- Obfuscation: Great obfuscation features to hide VPN traffic and get around VPN blocking (a good VPN for China)
- Safe jurisdiction: VPN.ac is based in Romania, a good privacy jurisdiction that’s not a member of the 5/9/14 eyes alliances.
- Competitive prices: $3.75 per month with the two-year plan. You can also get a discounted one-week trial (see the FAQ page).
Main drawbacks:
- The main drawback with VPN.ac is the connection logs. Basic connection logs (no activity data) are kept for 24 hours for network security and optimization (erased automatically every day). This is explained more on the VPN.ac website.
Refund policy: All plans come with a 7 day refund window.
https://vpn.ac/
(See the VPN.ac review for more test results and analysis.)
7. Trust.Zone – A simple, privacy-focused VPN with great prices
Rank | #7 |
Based in | Seychelles |
Logs | Bandwidth |
Price | $2.88/mo. |
Support | |
Refund | 10 days |
Website | Trust.Zone |
Get a 3 Day Free Trial
(No payment info required)
Trust.Zone is a smaller, privacy-focused VPN service based in Seychelles (a good offshore jurisdiction for privacy). It offers basic, user-friendly VPN apps for Windows and Android, while also supporting other operating systems with third-party apps (such as Tunnelblick).
Despite being a smaller VPN service, Trust.Zone has a lot to offer:
- Great speeds (around 150 Mbps with nearby servers)
- Good leak protection settings with VPN clients
- Works with Netflix
- Dedicated IP addresses available
- Free trial with no payment info required
Trust.Zone also boasts a good selection of servers around the world, despite being a smaller VPN. Prices are also quite reasonable at only $2.88/month with the two-year plan. When you pay with cryptocurrencies, you’ll get an automatic 10% discount.
There are two main drawbacks I found in my Trust.Zone VPN review:
- Limited on features compared to other leading VPNs
- No custom VPN clients for Mac OS and iOS (but can be used through third-party apps)
If you want to give Trust.Zone a test run, you can do so completely free for 3 GB of bandwidth or 3 days, whichever comes first, with the free trial. And if you want to upgrade to a paid plan, use this coupon code for an additional 10% off: RESTOREPRIVACY10
https://trust.zone/
(See also my Trust.Zone review for more details.)
15 Other VPN services (not necessarily recommended)
I regularly receive emails and comments along the lines of, “What about [fill in the blank] VPN service?”
There are many VPNs on the market, and unfortunately, there’s not enough time in the day to review them all. Below is a brief overview of some of the other VPNs that I am regularly asked about by Restore Privacy readers.
Some of these VPNs may be worth considering, but others should probably be avoided.
1. AirVPN – A VPN based in Italy
AirVPN is a well-regarded VPN provider with a good track record. Although it is based in Italy (14 Eyes), AirVPN is a “no logs” service with a strong commitment to privacy. There are a few drawbacks I found when testing the service:
- Average speeds
- Poor customer support
- VPN apps are not very user-friendly (but still work well)
2. CyberGhost VPN – Owned by a company that makes malware
CyberGhost is a VPN with an interesting history. It started out in Romania with a development team from Germany. However, in 2017, CyberGhost was sold to an Israeli company, Crossrider, for about $10 million. Now here’s where things get interesting:
- Crossrider is a company that is well-known for producing malware (a data collection tool).
- Crossrider is also involved in ad injection. Symantic issued an alert about “high” risk Crossrider files that “collect information about the user, such as IP address, operating system, and Web browser information.”
- Ad injection has also been used for state surveillance data collection efforts.
- Due to the various “past activities” of Crossrider, the management decided to change the business name to “Kape” in 2018.
https://www.cyberghostvpn.com/
3. HideMyAss – A UK VPN with a history of providing logs to authorities
The UK VPN service “HideMyAss” – or HMA – also has a troubling history when it comes to logs. According to Invisibler, HideMyAss appears to have logged user data and provided this to authorities, who used this information to arrest and jail a hacker. This case is sometimes called the “LulzSec Fiasco” when the FBI used logs from HMA to identify someone behind a Sony Pictures hack.
I’ve also found that many HideMyAss servers are not where they claim to be (the use of “virtual server locations”). HideMyAss is now owned by Avast.
https://www.hidemyass.com/
4. Hotspot Shield VPN – A free VPN with a troubling history
Hotspot Shield was named in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. Furthermore, analysis of Hotspot Shield VPN’s code revealed that they “actively use more than 5 different third-party tracking libraries.” Hotspot Shield was also found to be redirecting user traffic to e-commerce domains, such as alibaba.com and eBay.com through partner networks.
In 2017, Hotspot Shield was officially named in an FTC complaint for alleged traffic interception. In 2018, Hotspot Shield was again in the news for a security flaw that revealed user locations. The company behind Hotspot Shield is AnchorFree, which runs other free VPN services as well.
https://www.hotspotshield.com/
5. IPVanish – A fast VPN in the US, but with a troubled past
IPVanish is another interesting case of a “no logs” VPN service that provided logs to authorities. As I covered in the IPVanish logs article, IPVanish admitted to providing logs to US authorities who were investigating alleged crimes. IPVanish explained to Restore Privacy, however, that this took place under a previous management structure that is no longer in control of the company.
Speaking of ownership, in April 2019, PCMag claimed that its parent company, Ziff Davis, which is owned by j2 Global, now owns Encrypt.me, IPVanish, and StrongVPN.
6. Ivacy – A white label version of PureVPN?
Ivacy is a VPN service officially based in Singapore. However, as others have noted, there are many connections between Ivacy and PureVPN, which also ties into Gaditek, a company that appears to be running the show out of Pakistan.
For many years there have been rumors (and lots of evidence) connecting Ivacy to PureVPN. Finally, in March 2019, Ivacy admitted that PureVPN has “minor stakes” in Ivacy. (We’ll examine PureVPN more below.) To understand why this is concerning, just look into PureVPN.
[https://www.ivacy.com/]
7. Mullvad – A VPN in Sweden
Mullvad appears to be a decent VPN service out of Sweden, with a good reputation in the industry. It has good privacy and security features and also claims to be a no logs VPN service, with some minor caveats.
There are a few drawbacks with Sweden, however, with the 14 Eyes jurisdiction and troubling data retention policies.
https://mullvad.net/
8. Opera VPN – A proxy browser extension owned by a Chinese Consortium
Although Opera may have started out as a reputable browser from a team in Norway, it was sold to a giant Chinese consortium in 2016 for $600 million. Since then, Opera has been claiming to have a “free VPN” available through the browser. Problem is, this is technically not true: the “free VPN” is actually just a proxy server, which many people consider to be insecure.
As I covered in my discussion of free VPN services, Opera’s privacy policy explicitly states how they are collecting and sharing user data through their various products, including the browser and “free VPN”. As the saying goes, when something is free, you are the product. (Fortunately, there are many other secure browser alternatives to Opera.)
https://www.opera.com/computer/features/free-vpn
9. Private Internet Access – A verified “no logs” VPN based in the US, good performance
Private Internet Access is a decent VPN provider that I’ve found to have good speeds and security in recent testing. The big drawback with PIA, however, is that it’s based in the United States – a bad privacy jurisdiction. That being said, it is also a verified no logs VPN provider, with two separate legal cases confirming that PIA does not keep logs.
Update: Private Internet Access has been purchased by Kape Technologies, a company known for producing malware (discussed more in the CyberGhost review).
https://www.privateinternetaccess.com/
10. PureVPN – A leaky and slow VPN, with a troubling history
In my review of PureVPN, I found lots of troubling issues, including DNS leaks, connection problems, faulty features, and slow speeds. PureVPN is also no stranger to controversy. As I explained in the PureVPN logs article, they were found to be logging customer data and providing it to US authorities, all while claiming to a be “zero log” VPN. There are also reports of PureVPN running various VPN review websites.
https://www.purevpn.com/
11. Surfshark – A newer VPN service based in the British Virgin Islands
Surfshark is a newer VPN service that seems to be getting lots of attention on various sites. It is a very cheap VPN service and is based in the British Virgin Islands, which is a good jurisdiction for privacy.
There have been many VPNs flooding onto the market in the past few years and I’m hesitant to recommend providers without an established track record and good history. Nonetheless, Surfshark does offer some interesting features, which I intend to test out more for an upcoming review.
12. TorGuard – A VPN in the US
TorGuard is a decent VPN service with good speeds and no logs, although it is based in the United States. If you need a VPN for torrenting, it might not be a bad option. TorGuard also offers dedicated IP addresses and is supposed to work with Netflix. The main drawback, of course, is the US jurisdiction.
Interestingly, in 2013, TorGuard underwent a corporate restructuring. They moved the parent company to Nevis, West Indies, effectively getting out of the US jurisdiction. However, today their Terms of Service states they again operate under US jurisdiction in the state of Florida.
13. TunnelBear – A limited free VPN, based in Canada, owned by McAfee
TunnelBear is basically a free trial VPN that gives you a 500 MB trial to test the service for free. Although TunnelBear is based in Canada (Five Eyes), it is now owned by McAfee, a large cybersecurity firm in the United States. This is yet another example of small VPNs getting purchased by large American companies. When I tested out TunnelBear for a review, I found it to have mediocre performance, and it is also pretty limited on features.
https://www.tunnelbear.com/
14. VPN Unlimited – A US-based VPN with some issues
VPN Unlimited is another US-based VPN service with some issues. While it has improved over the past few years, my latest tests identified IPv6 leaks with VPN Unlimited’s Mac OS app. Reading through the privacy policy, I also discovered the VPN Unlimited is collecting quite a bit of data. VPN Unlimited’s apps automatically log IP addresses, browser type, device type, time zone, and more. I also found the speeds to be fairly slow.
https://www.vpnunlimitedapp.com/
15. VyprVPN – A Switzerland VPN
VyprVPN is an interesting VPN service that’s officially based in Switzerland, but with most staff in Texas (USA). Last year VyprVPN transitioned to be a no-logs VPN service while also undergoing a third-party audit. It generally works well for streaming and offers VPN apps on all major operating systems.
The importance of trust when choosing a VPN
When choosing the best VPN for your needs, one of the biggest factors to consider is trust. Trust is difficult to quantify or measure, but it’s very important. After all, a VPN can offer excellent privacy and security, but it could also be a data collection tool for rogue third parties (as is often the case with free VPN services).
Are US VPNs trustworthy?
VPN services based in the United States are generally not recommended for three main reasons:
- The United States has extensive (and powerful) surveillance programs allowing authorities to tap internet infrastructure for bulk data collection. These laws give the NSA tremendous power to snoop and record everything.
- The US government has a long history of working with (and forcing) private tech companies to facilitate mass surveillance and bulk data collection efforts – see the PRISM program.
- US VPN services could be served National Security Letters or other lawful data collection demands, while also being prohibited from disclosing anything to their customers through gag orders.
These laws and capabilities essentially give the US government the authority to compel a legitimate privacy-focused company to become a data collection tool for state agencies. If a VPN were to be compromised, it would likely happen behind closed doors, without a word (or warning) to the users. This was the case with Lavabit, and rather than comply with the data requests, the founder was basically forced to shut down the business.
The same circumstances unfolded with Riseup, a Seattle-based service that offers a VPN and secure email:
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
Ignoring jurisdiction (where the service is based) when selecting privacy tools could put your privacy and security at risk.
These same practices are also unfolding in other countries, particularly the UK and Australia. There are also surveillance alliances between various governments for bulk data collection and sharing (see the 5/9/14 Eyes alliances).
What is the best VPN for privacy and security?
Any of the five VPNs recommended would be good choices for privacy and security because they have all been thoroughly tested and found to be secure (no leaks), while also offering strong encryption. Furthermore, the recommended VPNs in this guide are all located in safe privacy jurisdictions.
With that being said, there is one VPN service that stands out in terms of advanced privacy and security features, and that is Perfect Privacy.
Here are a few ways Perfect Privacy stands out from the crowd:
- Multi-hop cascades + NeuroRouting – Perfect Privacy gives you the ability to create multi-hop VPN cascades across up to four different servers in the network. This protects you against the possibility of a rogue data center logging traffic, targeted monitoring, and other threat scenarios. Additionally, the server-side NeuroRouting feature dynamically routes all traffic through multiple hops in the server network, and can be used with any device.
- TrackStop – TrackStop is another server-side feature that works with any device (no apps needed). It blocks 30,000+ tracking and advertisement domains, 45,000+ malware domains, 20,000+ phishing domains.
- Powerful leak protection – Perfect Privacy’s Windows and Mac OS apps offer three different levels for the kill switch, which I tested for the Perfect Privacy review.
While perfect privacy does very well with security and advanced privacy features, it’s not the best all-around VPN because it is rather expensive, somewhat complex, and does not work well with streaming sites, such as Netflix.
What is the best VPN for streaming?
Many people are turning to VPNs to access streaming content that is blocked or geo-restricted to certain areas. The best VPN for streaming is currently ExpressVPN. (See the ExpressVPN Netflix page for details.)
ExpressVPN works with a wide range of streaming services, including Netflix, BBC iPlayer, Hulu, and more. It has excellent performance and offers the best lineup of apps for all types of devices – from Android TV boxes to tablets, computers, routers, and phones. With ExpressVPN’s 24/7 live chat support, they can help you get everything setup correctly.
Below I’m streaming American Netflix from my location in Europe while connected to an ExpressVPN server in the United States:

In addition to Netflix, ExpressVPN is also an excellent VPN for Kodi streaming, wherever you are located.
Aside from unblocking content around the world, VPNs are also crucial for protecting yourself against ISP snooping and potential copyright issues when streaming from third party sites or when torrenting. (See also the best VPN for torrenting guide.)
How to optimize VPN speed and performance
How can you achieve the best VPN speed and performance?
If you are using a good VPN service, you shouldn’t notice a huge reduction in speed. Of course, the extra work that goes into encrypting your traffic across VPN servers will affect speed, but usually it’s not noticeable for regular browsing, especially if you’re using a nearby server.
Here are some tips for getting the best VPN performance:
- Use the closest server possible to your physical location. This generally reduces latency and improves performance.
- Choose the least crowded server or “recommended” server. Some VPNs help you select the best VPN server by showing server bandwidth loads or having “recommended” servers based on distance and loading, such as with ExpressVPN-best-vpn.
- Experiment with different VPN protocols. OpenVPN UDP offers the best mix of security and speed. Trying different VPN protocols and encryption options may help to find the best fit for your network.
- Consider antivirus and WiFi interference. Sometimes antivirus software or other WiFi networks may interfere with VPN speeds.
- Use a wired (ethernet) connection. Wired connections (with high-quality ethernet cables) generally provide faster and more consistent speeds than WiFi, and are also more secure than WiFi.
- Consider processing power. Processing power on your device may also be limiting speeds, especially if you are using a VPN router.
- Consider your operating system. I’ve found VPN speeds on Linux and Mac OS to generally be better than Windows. When using a VPN on Windows, sometimes the TAP adapter will interfere with speeds, as well as background processes/updates that take up bandwidth and processing power.
- Upgrade your internet connection. Your VPN will not be able to exceed the connection speed of your internet provider.
As you can see, there are many different factors affecting speed. Experimenting with these different variables will help you achieve the best VPN speeds possible.
Are VPNs safe and legal?
First we will address the issue of safety.
If you are using a good, reputable VPN service that effectively secures your traffic (no leaks), then yes, a VPN is safe to use. But therein lies the catch because there are many unsafe VPNs on the market, especially when it comes to free VPN services, which we will explain further below.
The next question: Are VPNs legal?
In general, the answer is yes, it is perfectly legal (and normal!) to use VPNs, even if you are in places like China where VPNs are restricted. VPNs are used every day by businesses and individuals throughout the world for basic privacy and security purposes. Businesses rely on VPN technology and encryption for security reasons and it would not make sense for this to ever become illegal.
That being said, China currently has a “ban” on non-approved VPN services that do not go along with state censorship requirements, as explained in the China VPN guide. The United Arab Emirates also has laws against people using VPNs to evade state censorship, but again, VPNs themselves are not illegal. (But of course, none of this is legal advice!)
What about FREE VPN services?
“When something is free, you are the product.”
This famous quote certainly holds true for “free” VPNs because you are likely paying for the service with your private data, which is sold to third parties.
Free VPN services will offer a free product that collects your data for profit. Here are five well-documented reasons showing why free VPN services are risky:
- Malware – Malware is often hidden in free VPN services to collect your data. One study found malware in 38% of free VPN apps for Android devices.
- Tracking – Tracking libraries hidden in free VPNs are also used for data collection. The popular Betternet free VPN app was found to contain 14 different tracking libraries.
- Third party access to your data – Everything you do through a free VPN could be provided to third parties – and many VPNs explicitly state this in their privacy policies. Hotspot Shield was publicly called out for doing this by the Center for Democracy and Technology.
- Browser hijacking – Some free VPNs have been found to hijack and redirect browsers to e-commerce sites, such as Alibaba and eBay, through partner networks.
- Traffic leaks – This is perhaps the greatest risk for people using a free VPN because it exposes your identity. One study found that 84% of free Android VPN apps leaked user data, thereby rendering the VPN useless.
As a safer alternative to free VPNs, there are also a few free trial VPN services that may be worth considering.
But I have nothing to hide and I don’t trust VPNs…
Some people argue against VPNs by saying “I have nothing to hide” or “I don’t trust VPNs.”
These are very ill-informed arguments for a number of reasons:
- Your internet provider is likely recording everything you do (via DNS requests) and providing this data (or direct access) to various third parties and surveillance agencies – see the Room 641a example. Internet providers in the United Sates, Australia, UK are fully authorized to record everything you do online. Your internet provider also knows everything about you (name, address, billing information, etc.). Why would you give this entity all of your private browsing activity as well, which could be used against you now or in the future?
- With a VPN, you are distributing trust from your internet provider to the VPN service. There are a handful of verified no logs VPN services, which have either been audited by third parties or passed real-life test cases. A VPN in a safe offshore jurisdiction adds additional protection, as it cannot be compelled to hand over data to your government.
- You can also cycle through different VPN services, or utilize two or more VPNs at the same time (via multi-hop VPN chains). This provides an even higher level of privacy and security, especially if the VPNs and the VPN servers are distributed across different jurisdictions.
- If someone wanted to go after you for let’s say torrenting a movie (DMCA complaint), there would be three layers protecting you: 1) the VPN server you used in country A; 2) your VPN provider in country B; 3) your internet provider in Country C.
Can I just use a third-party DNS provider rather than a VPN?
A third-party DNS provider is only handling DNS requests, not providing you with any privacy. Your IP address remains exposed with everything you do online. Additionally, your internet provider can still see every website you visit, and these websites are also able to see your real IP address.
In contrast, a good VPN will conceal your IP address and handle all your DNS requests encrypted within the VPN tunnel. This secures your activities (browsing) from third parties, including your ISP, while also protecting your identity.
What about Tor?
Tor is fundamentally compromised as a privacy tool and there are many court cases proving this over the past five years. When you use Tor, you will stand out like a glow stick from other users, exactly like Eldo Kim, who fell for the lie that Tor provides online anonymity.
Even if you ignore the fact that Tor is a US government/military project (which is still funded and used by the US government today) it still suffers from malicious Tor nodes that can snoop your traffic. Anybody and everybody can operate Tor nodes because there’s no quality control. Lastly, Tor is too slow for most online activities, including streaming, downloading large files, playing games, and anything that requires adequate bandwidth.
See the facts about Tor here. A VPN will encrypt all traffic on your operating system, while Tor only works in your browser, leaving everything else unencrypted, as explained in the Tor vs VPN guide.
Trends in privacy propel VPN usage worldwide
In just the last few years we’ve seen many unprecedented developments in the areas of corporate and government surveillance, which has fueled the rise of VPNs throughout the world:
- USA – With legislation passed in March 2017, internet service providers in the United States can now legally record online browsing history and sell this data to third parties and advertisers. Government surveillance also continues unabated, regardless of which political party is in office. And with the abolishment of net neutrality, internet providers can now charge premiums based on what you’re up to online (unless a VPN is encrypting and anonymizing all your traffic).
- UK – Residents of the United Kingdom are having their online browsing history, calls, and text messages recorded for up to two years thanks to the Investigatory Powers Act. This private information is freely available to various government agencies and their global surveillance partners without a warrant.
- Australia – Australia has also recently implemented mandatory data retention laws, which require the collection of text messages, calls, and internet connection data. Australia is also working hard to force companies to provide backdoors to encryption, thereby giving government agencies the ability to hack devices and spy on their own residents. Online censorship is also a problem in Australia, just like in the UK.
The good news is that there are very effective solutions to these problems. You can protect yourself right now with a good VPN service and the other privacy tools, which will put you back in control of your data. And if you are new to these privacy issues, better late than never.
VPN Comparison Table
As a brief recap, the table below highlights the best VPN services for 2019 that meet the following criteria:
- Located in a good privacy jurisdiction (outside of 5/9/14 Eyes countries) to keep your data safe
- Passed all tests with no leaks found whatsoever (no IP address leaks or DNS leaks)
- Good performance throughout the server network (speed and reliability)
- High-quality VPN apps with all features working correctly
- Supports the OpenVPN protocol and strong encryption standards
- Offers a money-back guarantee (between 7 and 30 days)
- Trustworthy and well-established VPN provider with a good track record
Stay safe and secure online!
$6.67
(49% discount)
(30 day refund)
Review
(ExpressVPN)
$8.95
(7 day refund)
Review
(Perfect Privacy)
$3.49
(70% discount)
(30 day refund)
Review
(NordVPN)
$4.00
(30 day refund)
Review
(ProtonVPN)
$2.99
(30 day refund)
Review
(VPNArea)
$3.75
(7 day refund)
Review
(VPN.ac)
$2.88
(10 day refund)
Review
(Trust.Zone)
Last updated and revised on November 25, 2019.
Comments are open. Please keep comments constructive and on topic to help other readers.
@ HardSell
I saw your comment on the Black Friday sales and wanted to respond. That blog was taken down so I will respond here. First, I appreciate your thoughts. I really do and I really think you bring a lot to the site. I am sorry for the length of the reply but I wanted to share with you that this decision was not just because of a name or some careless thought. Here are my main reasons I went to them:
1) I am sorry your contact with them was as bad as you described. I have not experienced anything like what you are saying. However, I am not brand loyal as much as I am customer service loyal. To me, jumping from one company to another is no big deal, regardless of how big it is. I suffer from Squirrel syndrome (my own term) and I sometimes…Oh Look! Cookies :). To me, I get bored really easy with things. I have literally switched bank accounts and entire banks just because I got bored going into the same parking lot. So if I do start getting treated as you have, I have no issue up and leaving. I would change my cell number every month if I could but then I would get into problems with several friends and family, LOL!
However, as it has stood, Proton worked really hard with me in regards to setting up my account. There was some things going on that I could not figure out on my end and they were struggling to get it to process on their end and it took about three hours to set it up. They stuck with me all the way through. Tutanota, if I could get a response, was very short and UN-yielding.
2) Cost also played a part. I am an NPO. As such, I have documentation that I use to set up my NPO, the bank accounts, the internet that I use and anything else. I reached out to Tutanota and that documentation was not good enough. They wanted several more things that I just did not have. Trying to explain this to them as well as explaining what I was sending was as though I was a problem. When I reached out to ProtonMail, they did not even blink an eye at my documentation. They gave me the NPO discount which is as good if not a little better than their black friday deal they were running. They gave me a code to use. When I went to get a VPN, I reached out to them. All I had to do was activate the VPN under my NPO, punch in the code and I would get that discount as well! I am paying less for both email and VPN than I would if I were to go to two separate companies.
3) As far as privacy, I do wish to have privacy. However, my email for my NPO has my name, my organization and my tag line all connected to it. It literally would be impossible to not find me. I took this into account as to why I wanted a VPN. The main reasons for my VPN was to hide myself if I was on public WIFI, hide myself from other peoples ISP and to hide myself from my cell phone carrier ISP. My NPO ISP encrypts everything before it even reaches me as well as the traffic between me and the Internet. It is a local company and the owner and I are friends so I trust what they say. Besides, my ISP is again connected to my NPO. Hence for me privacy in this regard is only for what I mention above. As I then considered, what I am really paying for is my custom domain name. Hence this leads me to number 4 below.
If I need true privacy, I do not go online. I treat the internet as a postcard. Everything I say and do is filtered through that thought. If I need true privacy I just unplug and avoid all internet. Very easy for me to do as I prefer being outdoors anyway.
4) Security of the system then came into play. I will state right off the bat, I hate Google and Microsoft. For that matter, Fakebook and Tweety are also on my despised list. I am sure there are others but those are the big ones. Therefore, when I was looking, I was using this site as a reference point. It came down to two options to me. First was Tutanota and the second was Protonmail. Tutanota was and is in a 14 eye country. ProtonMail and VPN is not. I am not big on the 14 eye country, but was willing to give them a chance. After #2, my choice was pretty easy to make.
I also have a friend whose job is to discover and uncover weaknesses and exploits in Technology security. I guess his title is IT security and hardening (he kind of makes his own titles he is that good). I had him look at the systems for both Tutanota and Proton. I cannot phrase what he said as I understood a little of it but to break it down as he did for me, I can. He said that you have two solid companies from what he has seen. Both with really good security. However, he said it came down to trust. On one end, you trust the company that runs both a VPN and email to keep everything separate and encrypt (as they say they do) everything going and coming from their data centers. You have to trust that they follow through with what they say (as we do for any privacy and security). On the other hand you have Tutanota that encrypts everything but they are the ones who made and handle their own encryption and keys. His concern was if they set it up correctly, monitor it correctly, upkeep it correctly and handle the systems appropriately. Combined with my conversation with them and also #5, I needed to go with the one I felt safer with.
#5) I also looked at having a constant connection. As I am part of my NPO, my position requires me to be on 24/7/365. I do get days off but even those can be interrupted by a call or email. I have had times, while trying to log in on my Tutanota account, that the system does not connect. That happens on three platforms so I know it is not just me. I never have had an issue with ProtonMail. This of course takes away from any fact if I just do not have cell service. I must, as my NPO is dependent on it, be able to be reached unless it is pre-approved for me to be out of touch and then there are backup systems in place with others who can handle it while I am gone or out. But that is what it is for me. I love it and would not trade my life for anything. I just have to be realistic about my needs.
#6) This website also helped me make a decision. While I know Sven promotes a few other systems first, he does have some glowing reports for Proton.
#7) As far as website and internet, I have also learned to just narrow down my visits. I do have to be on the net but whereas before I had more than two dozen websites I would visit on a regular basis, I have at most ten. Seven or eight of those are only one time a month to either pay bills or some other issue. There are really only two or three sites I visit regularly. This one, and a couple of others. The only one I really post anything to is this one. Everything else I need for my NPO is done with software and only when I add anything to that software base do I visit their website which is a little out of the norm for me.
#8) Lastly, ease of downloading and use. While I wish Proton would move away from Google services (I disabled google off my cell so I do not get push notifications) I was able to download the APK, the bridges for my laptop and Linux and the VPN for my phone and laptop. As I have said, I hate Microsoft but one of my programs requires me to have one working Microsoft laptop. However, I have shut Microsoft off of the computer as much as possible and have gone to LibreOffice and several other platforms that I can. I recognize this not as preferred but just as necessity. If could get my program to work on a Linux, I would do a complete switch and be done with Microsoft as well. To date, that does not work. My work desktop is Linux and to install the VPN was a little more than I could figure out so I am going to need to speak with someone. Tutanota would cover most if not all these basis but when looking at #1-7, I really had to make the best choice for my situation.
So, HardSell, that is my thought going in. As to your comment, the UI for the VPN and Mail are very slick indeed. Easy to use and understand which is good as Technology and I are not on the best of terms many times. I can use it but as I say, I am knowledge enough to get into trouble…not enough to get out. Hope that helps with my understanding. I am sure I had a few other thoughts that I marked down last night in my response to the other thread but I am not remembering them right off the top of my head. If I am wrong in any of the above points, please tell me. I am still learning and I want to be right in my thoughts. @ Sven, if you wish to add anything that maybe I have missed, please also chime in. I appreciate your thoughts, HardSell and I do enjoy reading your comments.
When I speak of them and your comments, it was in connection to me using Proton for my VPN and my Email service. I guess I should have made that clearer in my statement above. Sorry.
@HardSell
Last thought and then I will end. I agree with your thought of not giving too much information to one company. Having both a VPN and Email in one place does give a lot of information and information is power. I just had to look at my specific situation when making the decision and this was the best I could come up with. If another company comes along that gives me these same aspects as Proton, I would really consider switching one of my services.
Hey J.M.
I’ve come to know the site rotates the tiles that you see of the articles when you land on the homepage – I’m guessing in a set time or when Sven updates one not being shown for a time.
– The search symbol in the top right corner opens the box and a single term returns the title results first and everything after – I’ve not studied it’s function for accuracy but that’s what I’d seen for my term.
– – blackfriday in it will bring up that topic and you’ll see the 24 comments there yet. It died till next year I suppose to making a homepage tile’s spot.
I’d say you’d know more than I about your devices and systems from your professional and personal life needs. There’s growth in experimenting I find, like you could always find an email service to try out like a burner account. Sign up using it for when any new account isn’t important to you and it needs an email entered.
Same with a VPN that offers a guarantee to refund in full by x days in. There are VPN’s offering you 30 days given time and use to claim a refund in and some say no reason needed – but you know their going to ask you why.
I”d say you were comparing it to X to see if it seemed a better service to you. As to knowing if X was a problem or your system was causing so slow speeds you had gotten.
I got in to really using the online world with a sony laptop running Vista, never was an XP’er – so I’m thinking it had to be around 2009. Had a smartphone before that nothing like the screens of now, that I surfed from a little.
I got in to trying to modify win 8 OS when I updated to a desktop. There was a couple of programs out and a community following each helping others doing the same modifying theirs (like here just a different topic) where one could modify the OS code I’d guess to omit out different stuff – included in the windows OS version they had. Mainly to strip out the business crud a home user don’t need.
I got a lot of practice of reloading the stock win 8 OS anew on the desktop. Never did fully grasped on to what I was doing tech wise but I could follow a TUT or guide to the letter getting the results.
It’s was like here user choice and nothing set in stone to do – but pointers of what this being discarded has in an effect that to the other functions of the OS.
That was in the days when M$ hadn’t locked the OS down as they seem to have with win 10.
I’ve read a guys pursuit to strip out the telemetry components of his 10 OS when it first was out- long story short every M$ update rolled out had reversed the tweaks he made to the OS. He went as far to have a scrip to redo his tweaks after an update. He busted, in the end as each update changed the OS enough to make his scrip ineffective and it was harder to get the tweaks to hold form restart to restart manually going in setting things as he had.
My focus now of late it to finger the areas that give off clear texts of our personal info related to just going online in the modern age of today. Trying to understand then any ways to defend against these, and if not possible to add some noise to the info give off by my system in someway.
Basically I’m thinking it’s all the areas were the info is collect to fingerprint the device and OS as they can and use.
Have a good December
@HardSell,
Thanks. I found that after my long post.
I agree with you. The trial works great to test. I guess I am not as fast or smart to take that…and putting money upfront always bothers me because of bad past experiences.
I guess if the company is sure of their product, don’t make me pay first. Give me the test full on and let me see.
I did reach out to a couple of the VPN’s on here and they either did not respond or the discount was still more than I pay now, I couldn’t get to them.
7 days free, full service, no money down. That was what Proton offered. Then the NPO discount after…hard to beat.
I do wish, should say hope, they follow my advice and get a third party verification on the no logs. Especially after the links I sent them and the issue and potential due to PIA.
As far as the OS, I should also add that I really hate Windows as well. My wife jokes and says there is nothing I like (LOL). I like Linux and am have a work computer built for me based on Linux (my old system just died today).
If I could figure how to ditch Windows and have Wine work with my required software…I would be happier than a fish in a flood.
Maybe a VM on a linux? I don’t know. But I do agree. While I know my NPO is easy to find and get to me…it is more just the casual snoopers and data copiers and hogs I am hiding from (cell and work ISP) and public Wifi.
Hope you have a great December and a Merry Christmas!
Hey Sven,
Switched to ExpressVPN via your Black Friday/Cyber Monday page and it’s link / supporting the site to I hope.
Things I don’t like are so far.
I paid with paypal and my expressvpn invoice has my real name used there.
I tried finding a way through paymentwall but not for the US was anything offered that I could use. I don’t do crypto-coins and that’s still link able isn’t it to user then account.
Something that might fly under the radar was the activation code needed to install the windows application and with expressvpn’s no logs policy, then with IP address shared amongst users. I don’t need to worry about my account’s payment and the account itself I’ll use be to of an association being linked in anyway.
Could you offer anything specific you’d understand here?
I did notice that with adguard AD BLOCKER running and set as I have, the link from your site was for the EXPRESS ad without any mention of the +3 months and then stating the 15 months for $99.95 and 12 billing to follow of the next year. It was the plan old 12 month ad I seen – so I disabled AG and tried again.
Finding the 15 month deal…
Anyways I still have a year on VPN.ac but the setup I use (ISP over cellular data) and it’s kill switch with the network disconnects I face was a bust for me. I have notice that my slow internet is still slow with first impressions of Express.
Thanks
Hey HardSell, thank you.
After seven great years with PIA, I finally called it off due to news of the Kape acquisition. Or really, not because of the acquisition, but because of how PIA handled the situation and dodged important questions. If they had just opened up with a clear plan for how they would continue to verify their trustworthiness under the new ownership (audits, etc.), I would have stayed. But they didn’t, and I’m not waiting around for them to figure it out. I switched to Mullvad and it’s going great. I expected it to be clunky and slow, but it’s faster than PIA and super easy to use.
Hi Sven,
I noticed you removed VyprVPN from the toplist. Any particular reason(s) for that?
Also do you know if Trust.Zone uses Virtual Private Servers? I couldn’t find any information on their website and they don’t respond to requests thru their website.
I’ll be updating my VyprVPN review soon, but mainly due to performance issues.
I am curious, does Perfect Privacy support perfect forward secrecy (PFS)? It was not listed in the comprehensive review but it is quite important feature imo.
Yes, it does.
Dear Sven,
Longtime reader here. I’ve thoroughly enjoyed perusing all of your reviews, articles, exposés, etc. and have always been satisfied by the quality. You clearly are a man who cares about privacy. As such, I’ve been somewhat shocked at the silence from you, and similar reviewers, about MLATs: Mutual Legal Assistance Treaties. A lot of “private” jurisdictions have been tooting their horns lately, and so I’ve been looking them up
here: http://www.cbi.gov.in/interpol/mlats.php
and here: https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm
and there are a lot of results! An MLAT with the United States basically guarantees an entry into a proto-Eyes situation. It’s just like being in the 14 Eyes, in essence, and it’s scary! Many of the so-called private jurisdictions which VPN providers procure host MLATs with the US, thus making their claims worthless. What are your thoughts?
Sincerely,
Anonymous
P.S. I’ve created a list of some of the more private jurisdictions which don’t have MLATs, appear in the eyes, and have strong data protection laws. Here it is:
1. Iceland
2. Seychelles
3. New Zealand
4. Malta
Interesting, thanks for the info!
@Anonymous I agree and an email service as with the vpn jurisdictions as where our personal data is involved.
https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/#comment-58133
List of government mass surveillance projects
https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects
At the core of it all was the alliance forged after the last world war. Never was good in history. But with so much of the internet’s existence starting in the US and a majority of the traffic routed through it – it’s a core player.
Then no companies privacy policy or the privacy laws in any one location of the world can stands up against it’s own countrys court system. Then the connected eyes network work through these governments down the ladder.
@HardSell I always see you in the comments, and I sincerely admire your dedication. Totally agree. It gets made into a political issue to divide “the masses”, but really, nothing good has ever come out of these shadowy transnational agreements; that goes for corporations too! The Wikipedia articles you linked alone are pretty jarring, even to me, someone probably more read in these areas than the average consumer. Litigious is the word — the death of privacy, clear and simple. This is why we need a decentralized, federated web!
Thank you Anonymous.
Yes something better than the seemingly mafia like hierarchically structured organizational control in a gestapo’s like grip on the web, that we – all the nations use.
As the “eye’s nations” have presented over the modern internet and it’s traffic these symptoms above to warrant our concerns or simply put – to catch and store with the profiling of all users data in a database having that knowledge and control over us.
The MLAT’s as I understood were to help aid the exchange of evidence and information in criminal and related matters.
Of course being used in the Nations outside of the 14 eyes.
Interesting is the “Asset Sharing” https://2009-2017.state.gov/j/inl/rls/nrcrpt/2014/vol2/222469.htm
I could see this as (foot in the door) to the nations that enter into a MLAT to cooperate fully in any request, and then it does speak of getting laws changed.
[offering the possibility of sharing in forfeited assets. A parallel goal has been to encourage spending of these assets to improve narcotics-related law enforcement. The long term goal has been to encourage governments to improve asset forfeiture laws and procedures so they will be able to conduct investigations and prosecutions of narcotics trafficking and money laundering that includes asset forfeiture.]
As we’ve seen with the modern web and in advertisings polluted roll with our privacy’s loss there. The web emits digital exhaust that fingers us and everything then goes into the data profile. It’s probably not hard to get laws changed
in a nations government if the monetary incentive is there as well – then general as a rule of law and not specific.
THE INTERNET AGE has nations far behind in their own privacy protection laws to the tech used today…
Enjoyed your insights in the quest for an online privacy too.
Sven, what do you think about IVPN? Strange you didn’t put them on this list, and it seems to me they have decent reputation.
I’ve spent a year with NordVPN, and didn’t renew the deal. I quit them before the recent “issues”. I had problems because certain online services couldn’t work (namely HBO), and Nord service admittedly could’t help me about that.
It seems pretty good, similar to Perfect Privacy, based in Gibraltar. I need to review it.
Hi Sven,
What do you think about ProtonMail’s VPN (though I realize they’ve ‘sold out’)?
Thanks,
DB
Hey D, although ProtonMail did have some outside investors very early on (circa 2014) the VPN has not been “sold out” to anyone as far as I know. As they state here, “ProtonVPN AG is a wholly-owned subsidiary of Proton Technologies AG which is also based in Geneva, Switzerland. Proton was founded in 2014 by a team of scientists who met at CERN (the European Center for Nuclear Research) and created ProtonMail, the world’s largest encrypted email service.”
I’m actually in the processing of retesting everything with ProtonVPN now and may likely include it in this recommendation list if things go well. It has certainly improved over the past two years.
Sven,
I am glad to hear you are retesting ProtonVPN. I have been using them and while there are times it is slower, mostly, it seems to have no difference.
There’re so many useful information mentioned. It is great to see that more and more people starting understand how much data security is important at the ages of tech world. I use so many security programs, so never been hacked or my data leaked. I see you mentioned Nord, so I use their business solution NordVPN Teams. I am working as freelancer and I like their services, feel secured with it on my computer and phone app. I think their prices are the most relevant, aren’t they?
Yes, NordVPN is one of the best values you’ll find. They are also running a cyber security month special right now.
Hey, I liked your article and all your thoughts.
I’m now opening a small company and I will need a VPN which could be used by 20 people. For my personal use, I was using NordVPN, I kinda liked it and now I saw that they launched a new product for b2b which is called NordVPN Teams. So I’m thinking to take a VPN which is designed only for business, so I could take more benefits from it. Maybe you have any thought about business VPN?
Hi, I haven’t looked into this area too much. I think most VPNs could offer a custom plan if you ask them for a small business. I also know VyprVPN has a business product as well.
Hey Sven,
Was wondering if you could recommend a privacy focused Web hosting company?
Thanks
M
Here are a few worth checking out:
Bahnof in Sweden
Njalla also in Sweden
Orange Website in Iceland
Thanks!
Hey Sven, there is currently situation unwrapping regarding a VPN service NordVPN. As far as I understand – one of the NordVPN servers was compromised, where expired (according to NordVPN’s statement) private key was obtained, but they claim that “the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access nordvpn.com”.
Source (Official statement by NordVPN) – https://nordvpn.com/blog/official-response-datacenter-breach/
I would really like to see your take on this – as once again I’m not really into jumping to conclusions this fast and the statements “concerned” people give seem way too exaggerated.
I’m researching this now for an article and will adjust recommendations based on my findings.
UPDATE: see this article.
really looking forward to your take on this situation, I agree it seems isolated to one server out of 3k
Hi M.D,
Doesn’t seem exaggerated, sincere and eye’s wide open I’d say.
Then a little foolish they were caught off guard by not using some outsourced vetting of any server/company used to supply the business they do.
.
Excerpts – NordVPN Official Response
https://nordvpn.com/blog/official-response-datacenter-breach/
We are not trying to undermine the severity of the issue.
We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers.
We are taking all the necessary means to enhance our security.
.
We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program.
We double-checked that no other server could possibly be exploited this way and started creating a process to move all of our servers to RAM, which is to be completed next year.
We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else.
.
We have also raised the bar for all datacenters we work with. Now, before signing up with them, we make sure that they meet even higher standards.
With this incident, we learned important lessons about security, communication, and marketing.
.
I’d say Nord will only become stronger because of it’s weakness realized today, that it’s self-inflected security concerns will ripple for sometime to come.
So it shot itself in the foot, the mistake now would be to self-doctor the wound that requires more than a band-aid.
My 2 watts
Dear Sven,
First, I’d just like to thank you for keeping this website up-to-date and continually adding new reviews and articles. The one on Tor was especially informative. As a longtime reader, I genuinely appreciate when someone takes the trouble to advocate for a niche position — and you advocate your positions WELL.
That mandatory appreciation aside, I’m wondering if you’ve heard of Mullvad VPN. I’ll admit that I was skeptical when I first heard of them as well (which was actually yesterday), but a number of reviewers have treated them well, they are mostly open-source [https://mullvad.net/en/help/open-source/] and they have been independently audited by Cure53 (a very popular auditor) as keeping no logs [https://cure53.de/pentest-report_mullvad_v2.pdf]. To say the least, they seem to be legit. Despite this, I’ve heard practically nothing about them anywhere; I’ve not even seen them on this site, which is surprising. Do you have any opinion on them?
Thank you so much!
Anonymous
Hello, Mullvad is briefly discussed above, and it looks to be a decent provider, although I haven’t had time for a review because I’ve been so busy with email reviews, updates, and other guides lately. I hope to get to it (and other new VPN reviews) in the coming months.
Hi Sven,
When you do find the time for a review of Mullvad, be sure to give it’s features as I don’t see clue of them on it’s site.
Strange rightly so, to sell something as a VPN service without boasting of and off about it’s talents and abilities.
Appreciated ; )
Hi Sven,
Having followed your guides on use of VPN, browser choice and modification there are a couple of questions based on best practice when using a VPN.
ISPs can see that an individual is connected to a VPN server so
a) Is it best practice to use just one VPN server for everything you do day to day – all traffic.
b) or use different VPN server in a country with strong data protection laws when downloading (raising the question that if your ISP sees high data throughput when connected to a VPN in a given country, is this likely to raise any flags).
Thanks for all you do to help the community.
Hi Jason, to be honest, I don’t think it really matters. VPNs are becoming mainstream with many people using VPNs for torrenting and Netflix streaming, which are both high-bandwidth activities. So I don’t think you have to worry about any “red flags” so to speak. Connecting to a closer server should give you better performance.
I just stopped using Perfect Privacy. Too often recently the connection would cut out or I would not be able to connect to a particular server(s) on the server list (I’m in Germany and could never connect with Frankfurt and only rarely with Erfurt). Also, not being able to access Netflix and other IP dependent streaming services – such as ITV – was a bummer.
Gonna try ExpressVPN for a few months to see what they’re like.
Hi Sven.
First thank you for your website, it has helped me a lot and I have learned many things with it. And I keep learning.
I am currently a VPN.AC user. What it has caught my attention are their policies, they are very clear and technically give concrete explanations. I think they provide solutions that I don’t know if they have any other VPN service.
In general, it is a good VPN service. Good speeds even with the double server jump. I have implemented the VPN on the router and through the computer I use the double jump, which makes it triple and the speeds are still good. The kill switch works perfectly and also allows you to stop the VPN service and not have an Internet connection. The kill switch works both when changing servers and if you stop your VPN service directly. I have not had service interruptions for months.
As for the daily connection log policies, I don’t think it’s a problem.
The company indicates that it is for safety reasons and work procedures and for the own VPN infrastructure. As they own everything (including servers in countries) I understand that they need some control over the system. Besides, I think it’s even good. It is true that there are companies that work with “marketing” to reassure a client by offering many things that personally make me doubt. There are many users who use paid VPN, and they don’t know what is behind them with respect to the loggs, and although they promise that they do not exist, putting reasons of speed, location of servers, I have reason to doubt … I think all VPN companies have some type of log (except Perfect privacy), such as determining the number of simultaneous connections.
Besides, they don’t have a tracking connection to Google or Facebook (indicated in their policies).
I also consider it important to be the owner of the entire infrastructure, including own servers. This makes exclusively they are those who handle the entire system, without third parties.
My attention is largely the work with own DNS servers. As they say, the privacy with a VPN depends of many things, and DNS requests are something that many people forget and it is no less important.
I have used several VPNs for several years: VYPRVPN, EXPRESS VPN, PERFECT PRIVACY and VPN.AC. Everyone has their good and less good things and there is no perfect VPN. There are very good things about some that do not have others, but I prefer to use PERFECT PRIVACY or VPN.AC.
I apologize if there is a mistake in making the comments, I would like to be told it.
Thank you.
Hi Taylor. Thank you very much for excellent job and tremendously useful article!
Eduardas
Hi Sven,
Love your website and your work. I am seriously going to buy some Bitcoin so I can donate to you.
I’d like your comments on the newest VPN and Email service: Unspyable.com
The things that they write about seem great but are they a NSA front? I guess you wouldn’t know. Any comments on have on Unspyable would be greatly appreciated.
Thx
Hi, I have never heard of it before, but I’d generally separate email from VPN for compartmentalization reasons. Under that site’s news/updates section, there hasn’t been anything posted since 2017.
Hello Steve, I have been using Surf Shark for several days. Supposedly does a lot for security and privacy and the servers are very fast in my opinion. So far, I am thrilled. Although I’m skeptical about new VPN, but it is recommended everywhere, even by independent, on Reedit there is a discussion and they are also excited. However, the app makes some problems with Windows 10 Spring Update. Sometimes it just hangs, does not react at all, and then it’s back after 2 minutes. Although I had to shoot it completely once, because it completely hung up. In my eyes Promising VPN. Let’s see what else they can think of.
Do you think chaning VPN across different countries is BETTER done in VM or better done on VPN routers made by different companies?
also, with TOR as the endpoint and multi chained VPN behind it, if TOR is compramised, they would just see your last VPN, and then need to go to your next vpn etc this seems like the best approach as far as I can tell.
I would still like to hear your thoughts on Qubes OS with Whoonix and TOR as a less exploitable surface than VPN chain due to virtualization compartmentalization
1. Do you think no log vpn’s are being targeted by the NSA or other groups? is not that a major liablity for a spying agency? aka going after large hardware purchases and inserting code or bad hardware?
2. Can a no log VPN have an upstream provider that has different policies? Can a no log VPN lie about where the server actually is and have your info pass through a 5 eyes country first before routed to your “safe” swiss location ?
3. Does the diversity of TOR nodes and guards dwarf the security of the few no log VPN that accept bitcoin?
I really can’t say for certain with any of these questions.
1. Not sure, we can only guess.
2. I can’t say for certain on this either. Perhaps certain data centers in specific jurisdictions have issues, but if this is really a concern, you could utilize a multi-hop VPN and/or chain different VPN services. But for the vast majority of people, a standard (single hop) VPN will offer more than enough protection (but this depends on your threat model).
3. There have been numerous issues that have come up over the years raising questions about just how much anonymity Tor offers. Read this. For the truly paranoid, I still recommend chaining different VPN services across different jurisdictions using Linux VMs.
I would like to ask a meta-question about VPNs
I like and use a few of your top picks.
I recently argued with a secuirty professional about the security of VPNs, he argued that something like Qubes OS with whoonix/tor, is far more secure way to protect your real ip than a VPN. His claim was that virtualization of Qubes os and the non-business model of TOR is more secure than a VPN business that could give up your information if pressured or hacked. What are your thoughts?
Do we have a lot of cases of the best VPN’s in the best countires giving up customer information by court order, or are there enough cases of VPN companies not having any data to actually give (no log etc) ?
It is hard to argue with the idea that a VPN can see everything you are doing online and you are basically trusting them in a way Qubes/whoonix/tor would not require.
After thoroughly researching Tor, I have my doubts, many red flags:
https://restoreprivacy.com/tor/
Recent news, also illustrating Tor de-anonymization work going all the way back to 2012:
https://www.zdnet.com/article/hackers-breach-fsb-contractor-expose-tor-deanonymization-project/
With VPNs, yes, there are also risks and examples of VPNs giving up logs. But there are also examples of verified no logs VPN providers that have passed real-world tests:
https://restoreprivacy.com/no-logs-vpn/
Add CryptoSTorm!!!
CryptoStorm is run (or was founded?) by Douglas Spink:
1) Spink was accused of running an illegal “farm” where people engaged in “animal cruelty” acts (sources here, here, and here).
2) Spink was busted for smuggling millions of dollars worth of cocaine. While others in the ring received 17-year sentences, Spink got off with a “lenient, three-year sentence because of his extensive cooperation with investigators.” Key words here: extensive cooperation.
For years there have been rumors this “cooperation” entailed giving authorities backdoor access to CryptoStorm, but again, who knows for sure.
hello sven
I never recommend surfshark.
surfshark collects ip addresses from your computer and other devices from websites.
And collect various error reports. (Metadata Risks)
When you use our app, we may collect advertising identifiers – unique, user-resettable IDs for advertising, – surfshark privacy policy
And they also collect cookies.
This policy is dangerous.
Hi,
You can use OpenVpn client in that case
just trying the Protonvpn trial, and for the record, they got great speeds, same datacenter as airvpn, again around 100Mbps, fast also with double hop. The windows and android clients are very very nice, fast to log in and don’t drop connections, don’t leak that much:
– leaks during user’s configuration change, you need to stop connection to make some changes, weird but it’s one time and can be controlled
– leaks during VPN server change (which is quite fast, but even 100ms is enough for GMS to connect to Google and add your real IP to their unique_ip list)
– no leaks on connection change
– routing messup, packets not coming back will make app stuck & “connected” while there’s no connectivity.. -> restart wifi router to spice it up and it won’t switch to mobile while wifi is already off, -> set wifi back and it will leak via wifi while still stuck
Isn’t it funny that only “Block connections without VPN” works these days…
Still this as a reminder where airvpn needs to improve because it’s even worse on Android: opensource Openvpn client is slow and leaks in every possible situation (at boot, during connection change, during VPN server change or simply by system apps like Download manager), while eddie for android is, while new, a total mess (chaotic UI, long boot leak, boot connect not possible via login, nonstop connection drops, with no other leaks at least). PC and router clients perfect with no leaks there.
I consider using protonmail on mobile device due to 2 less leaks. I’m not having big expectation on android devs grasping the programming logic, but If there’s really leakproof android VPN client/service, i’m interested.
airvpn = many configurations for 8 platforms, port forwarding with custom dns, many target ports, via ssl/tor, privacy focus and fantastic speeds (always maxing out 100Mbps possible by WRT3200ACM router, even more when turn on local PC Eddie and forward traffic via WAN).
but still underrated by all comparisons.
What do you think about RiseUp VPN?
It’s based in the US, so it doesn’t meet the criteria. See also here and here.
Hi all, I’m considering to get a VPN to torrent some obscure film that is generally unavailable to the public and/or unavailable to purchase. However my upload and download speed is mediocre, sitting at just 2Mb and 15Mb (may dip to below 10Mb) respectively. I live in SEA, if that helps.
Should get NordVPN, VPNac, or Zorro?
VPN.ac might be a good option: fast speeds, servers in Seattle, torrenting friendly…
Sven, You’re the best. Thanks for all this. I’d welcome your thoughts though on VPN and email. I recently signed up for Nord, using Firefox and that worked fine. On my iPhone as well. BUT… it totally screwed up my email (Thunderbird sending gmail). They kept telling me to change my outgoing smtp port from 25 to 465, except it always was 465. I also tried others. Nothing seemed to work and no one at Nord seemed to care enough to help me find a solution. Any ideas? Or, do you know of a service that doesn’t screw up emails and/or has customer service help that really helps? Many thanks/ LN
Yes this can be an issue sometimes with VPNs putting in measures to prevent bulk spam email campaigns, which blacklists the VPN’s IP addresses. So you might want to research this with the different providers and the email client you’re using. I know this is an issue with many VPNs and some address it differently than others.
Hi Sven, I read your thoughts and I am now trying to choose between ExpressVPN and vpn.ac. I had a IVPN account for about one year, they were ok, but I want to move on as they are too expensive and also as you mention just „ok“ – no netflix, no browser add-on and ok speeds for Germany. On the positive side I can say there were flawless with a lot of updates among this year. However, everywhere you look for a vpn review you can find ExpressVPN as the total leader and I am not sure if they pay their way in to be on the top or are they that good. Does it worth the price difference (ExprssVPN vs. vpn.ac)? You tested both, so I would relate my question in terms of speed and „feeling of anonymity“. Because vpn.ac logs, but they say they keep only check in and out times and data volume – and only for one day.
Would you consider moving from IVPN to one of your recomended VPNs an improvement (you mentioned you have also tested IVPN)? Thank you
Yes, ExpressVPN is the best all-around VPN in my opinion: excellent speeds (verified with the recent review update), 24/7 Netflix access, very secure apps, support for all devices and operating systems, verified no logs provider, and quite reliable. VPN.ac is also a great option, and even though they don’t advertise it, they do support American Netflix. VPN.ac is also a good value at only $3.75 with the two-year plan. IVPN is also a good provider from everything I’ve seen, although lacking a bit in some areas as you pointed out.
If you’re on the fence about switching, you can get a cheap one-week trial for $2 on the VPN.ac website (see FAQ page). ExpressVPN also offers a 30-day refund window, no questions asked.
Sebastian,
You should read the VPN.ac legal stuff. I like the site and what they seem to provide, but the TOS is a bit hard to digest.
Policy is very broad and basically renders VPN.ac service useless by prohibiting legit VPN use cases.
EG: (couple tos violations)
–
* Transmit any copyrighted, trademark, or patented content
–
service is unusable as worded, too many legit and legal reasons to mention which would fall under this violation
–
* Use P2P programs on other VPN Nodes than those where we allow it
–
peer-to-peer is attractive for many uses other than BitTorrent and many emerging software and services could be considered P2P
–
Regards,
JN
Johnny, nearly every VPN has a clause in their TOS saying “don’t torrent copyrighted material on our servers.”
Why? Because when they inevitably get DMCA takedown notices and threats from data centers, they can say “Well, we don’t allow copyright infringement, it’s right here in our Terms.” Meanwhile, I know for a fact that VPN.ac does not close accounts for torrenting copyrighted material.
Thank you both for the reply. I think when it comes to sharing copyright material and torrenting illegal stuff nobody will encourage the use of their service :-). I was interested in speeds and non leaking apps on the long run. Sometimes they put you on the right server with very good speeds during the test phase and then, after signing up it all goes down (it happened to me with some providers). I was happy with IVPN, but now I‘m also thinking about trying US-Netflix. And also using just a browser extension which will for sure use less memory on the computer. I’ve asked about vpn.ac because not long ago I saw a strange review about them. Somebody wrote on his site he used some servers in Asia, checked the IP and got IPs from Europe or something like that. I am just speculating, maybe it was just intended to discourage the use of the service. BTW Sven, please take a look at Surfshark if you have the time. It‘s the new kid in town and I think many of us would like to hear some unbiased opinions about it (I am sure your readers have a lot of questions and doubts). Once again thank you very much for your answers and your privacy blog
VPN.ac does not use any virtual locations, so the servers are located where they are advertised, you can test this.
Just an afterthought…. I noticed the “Simple Privacy Setup’ recommendation at the bottom of this site.
Banner in itself, but could you – when time allows – give a stepped up version of this?
Something like a 2nd tier and 3rd tier? What I mean is a bumped up security/privacy version, and then as the 3rd tier (what you would consider) an ultra security/privacy version? Hope that makes sense.
Would come in handy and informative to those folks who are non-Geek like me! 🙂
Cheers again from Canada
Thanks George, I’ll keep that in mind.