The IVPN app’s default settings are great for most people, who should be happy just smashing the Connect button and not fiddling with settings. The desktop app defaults to a secure OpenVPN connection with AES 256-bit encryption (what we consider the standard at this point), and the mobile app can (and should) be toggled to OpenVPN as well. Our budget pick, TorGuard, defaults to the weaker (but also acceptable) AES 128-bit encryption unless you manually change it, and hasn’t added OpenVPN support on its iOS app.
ExpressVPN is incredibly fast and super secure, and it can unblock just about any site or service on the internet - including Netflix, Hulu, BBC, and more - with impressive streaming capabilities. It offers servers in over 90 countries, and the 24/7 live chat support is one of the friendliest and most professional. ExpressVPN gives a strong fight to NordVPN, while other VPNs lag behind.
Once on the public internet, those packets travel through a bunch of computers. A separate request is made to a series of name servers to translate the DNS name ZDNet.com to an IP address. That information is sent back to your browser, which then sends the request, again, through a bunch of computers on the public internet. Eventually, it reaches the ZDNet infrastructure, which also routes those packets, then grabs a webpage (which is actually a bunch of separate elements), and sends all that back to you.
Google is full of articles claiming that a VPN will prevent ISPs from gathering metadata, but unfortunately that is not true. A VPN hides the contents of your internet traffic and your location from the outside world, but you still have to rely on your ISP’s network to get there. Strictly speaking a VPN cannot prevent an ISP from logging your location, device details, and traffic volume.
CyberGhost is transparent about its company structure, posting photos and bios on its website of everyone from the CEO to the cleaning lady, and privacy fanatics will like that the company is based in Romania rather than the U.S. But CyberGhost's full-service subscription price is among the most expensive month by month — it's far better to just pay for a year at a time.
Setting up ExpressVPN and connecting to a VPN server was easy enough. Performance, when connected to the VPN server, was average at 49 Mb/s down and 16 Mb/s up, compared to our usual speeds of 125 Mb/s down and 20 Mb/s up. Netflix complained about a proxy being in use when we used the automatic configuration option, but it worked fine when we manually selected a local U.S. server. Amazon Prime Video played just fine, and our other internet tests completed without issue.
DNS servers are a bit like the phone books of the Internet: You can type in “thewirecutter.com,” for instance, and one of the many DNS servers behind the scenes can point you to the IP address of a server hosting the site. Most of the time, your DNS requests automatically route through your ISP, giving the ISP an easy way to monitor your traffic. Some VPN services rely on third-party DNS servers, but the best ones keep DNS servers in-house to prevent your browsing history, or your IP address, from getting out.
Virtual LAN (VLAN) is a Layer 2 technique that allow for the coexistence of multiple local area network (LAN) broadcast domains, interconnected via trunks using the IEEE 802.1Q trunking protocol. Other trunking protocols have been used but have become obsolete, including Inter-Switch Link (ISL), IEEE 802.10 (originally a security protocol but a subset was introduced for trunking), and ATM LAN Emulation (LANE).
ExpressVPN’s “#1 Trusted Leader in VPN” claim may be a bit difficult to prove, but the service offers a compelling list of features nonetheless. It also constantly tries to make consistent improvements in speed and simultaneous streaming capabilities, and with support for all major platforms (Windows, MacOS, Android, etc.), you won’t need to worry about compatibility. ExpressVPN shows up on a number of “best VPN” lists, and so its relatively high prices are justified.
ExpressVPN scored well in our recent round of testing in terms of speed – we recorded around 8.5MB/s (68Mbit/s) via both FTP and HTTP in the UK, while Dutch endpoints gave us 6.3MB/s (50.4Mbit/s) via FTP and 7MB/s (56Mbit/s) via HTTP, more than enough for general browsing, streaming and downloading. US connection speeds, as you’d expect, were rather slower at 2.5MB/s (20Mbit/s) via FTP and a good 3.2MB/s (25.6Mbit/s) over HTTP.
Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like "pcmag.com" into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN's DNS system, it's another layer of protection.
When it comes to servers, more is always better. More servers mean that you're less likely to be shunted into a VPN server that is already filled to the brim with other users. NordVPN, Private Internet Access, and TorGuard currently lead the pack with well over 3,000 servers each—NordVPN is at the forefront with 5,130 servers. But the competition is beginning to heat up. Last year, only a handful of companies offered more than 500 servers, now it's becoming unusual to find a company offering fewer than 1,000 servers.
Central America isn’t the first place you’d think of when it comes to cutting edge technology, but NordVPN is up there with the best VPN services in 2019. It has 1015 servers in 59 countries, supports up to six devices simultaneously, runs 2048-bit encryption and has a feature list including an automatic kill switch, dedicated IP addresses, strong DNS leak protection and the ability to pay in Bitcoin. For relatively short connections performance was superb, although we did notice a little latency creeping in from time to time for very long distance connections. However, browsing remained snappy and performance wasn’t degraded significantly. We’d recommend hunting the site for its free trial and if you like it, signing up for the 3-year plan which is currently going for just $99!
Cybersecurity before, during, and after your moveJanuary 29, 2019 / by Aimee O'DriscollHow to Use Offensive Techniques to Enrich Threat IntelligenceJanuary 29, 2019 / by David BalabanHow to use Tor country codes on Windows, Mac & Linux to spoof your locationJanuary 17, 2019 / by Josh LakeHow to spot and avoid Ponzi schemes onlineJanuary 14, 2019 / by Steve AdamsWhat’s the best popup blocker? We put 12 to the testJanuary 1, 2019 / by Sam Cook
Almost all VPN services now offer a dedicated macOS client. These are sometimes not quite as fully featured as their Windows siblings, but are often all but identical. In general, what makes a great VPN for your Macbook or Mac Mini is exactly the same as what makes a good VPN for any other system. Please check out our Best VPNs for Mac for our top macOS recommendations.
When choosing between protocols to connect to, consider how you are using your VPN. PPTP is known to be fast over wi-fi; however, it is less secure than L2TP and IPSec. So, if security is important to you, then consider using either L2TP or IPSec. If you are connecting to a VPN for work purposes, then your employer will most likely have a preferred protocol. If you are using a hosted VPN, then ensure that you use a protocol which they support.
These services offer many ways to connect, including without the service's client software; support operating systems and devices, such as routers or set-top boxes, beyond just the "big four" operating systems (Windows, Mac, Android and iOS); have hundreds, or even thousands, of servers in dozens of countries; and generally let the user sign up and pay anonymously.
Also worth consideration is Windscribe. For your money you’ll get fast speeds, streamlined access to popular streaming services via dedicated endpoints, an unlimited number of simultaneous connections, and the ability to share your encrypted connection (if your wireless router supports this). Kaspersky Secure Connection proved to be a little faster than Windscribe and its subscription rates are a little more generous, too.
Hi Nathan, We do not censor feedback, and if that is your experience then it is your experience. I'm sorry that you seem to have had so many problems. All I can say is that for me it was just a matter of installing the software, entering my account details, choosing a server location, and hitting start. I have experienced the odd hiccup in the past, but as far as could I see all issues have now been resolved. I tested using Windows 10 (plus Android and both Mac clients). If you are finding everything too hard, then why not just take advantage of the 30-day money back guarantee and try something else?
Best VPNs for Netflix: Get any version of Netflix anywhereJanuary 5, 2019 / by Paul Bischoff8 best VPNs for torrenting & P2P for 2019 (and why many will compromise your privacy)January 1, 2019 / by Paul BischoffThe 19 Best Free SFTP and FTPS Servers for Windows and LinuxDecember 20, 2018 / by Jon WatsonHow to make your own free VPN with Amazon Web ServicesMay 15, 2018 / by Paul BischoffA beginner’s guide to online censorshipAugust 26, 2017 / by Paul Bischoff
With hundreds of VPN services and clients available, it can be difficult to decide which one to use. We've extensively tested several popular VPN services that met three requirements: They had both desktop and mobile client software (with one exception), they had VPN servers in many countries, and they offered unlimited data use, at least in their paid versions.
Not all mobile VPN apps are created equal. In fact, most VPN providers offer different services (and sometimes, different servers) for their mobile offerings than they do for their desktop counterparts. We're pleased to see that NordVPN and Private Internet Access provide the same excellent selection of servers regardless of platform. These apps received an Editors' Choice nod both for desktop VPN apps and Android VPN apps.
There are several different VPN protocols, not all of which are used by all of the VPN services we reviewed. Most operating systems have built-in support for at least one of these protocols, which means you can use that protocol — and a willing VPN service — without client software. The full-fledged VPN services have online instructions for how to do this, as well as how to set up routers to connect directly to the services.
Hotspot Shield depends on a custom VPN protocol that's not been publicly analyzed by independent experts. We don't know how private or secure it really is. The company has been accused of spying on users (it denies the allegations), and complaints abound online about Hotspot Shield software installing on PCs without users' permission. All this, and the company's U.S. location, may scare away customers who want to protect their privacy.
Installing and configuring ProtonVPN’s Windows client was simple enough and it provided some of the best in-use statistics. Performance was at the lower end of our comparison group at 39 Mb/s down and 18 Mb/s up, compared to our usual 125 Mb/s down and 18 Mb/s up. Netflix was blocked, but Amazon Prime Video and our other test services connected without a hitch.
TorGuard offers applications for every major platform, including Windows, macOS, and Android. And unlike our top pick, it also supports OpenVPN on ChromeOS. (Though TorGuard does offer an iOS app, it doesn’t natively support the OpenVPN protocol that allows for the easiest and most reliable secure connections.) Using these apps, you can manually select a server, click Connect, and not worry about the rest. But otherwise, the applications aren’t as refined or easy to use as IVPN’s. New users are likely to find themselves out of their depth when modifying anything but the most basic functions, such as auto-connecting at launch or minimizing the app.
A VPN client on a remote user's computer or mobile device connects to a VPN gateway on the organization's network. The gateway typically requires the device to authenticate its identity. Then, it creates a network link back to the device that allows it to reach internal network resources -- e.g., file servers, printers and intranets -- as though the gateway is on the network locally.
In our review of IPVanish, I gave a four-star rating for its strong encryption, excellent performance, and a large set of servers. While it is based in the U.S., the company promises to keep no logs other than payment information, which you can also avoid by paying with Bitcoin. IPVanish has more than 40,000 unique IP addresses on more than 1,000 servers spread out over more than 60 countries, meaning you get some serious diversity. There's no limit to how many times you can switch servers, allowing you to move around until you find the absolute best. Toss in a kill switch, IPv6 and DNS leak protection, and manual port selection, and this becomes a very attractive option. Yearly plans start at about $6 per month, while monthly plans start at about $10.
A "secret" is used to further authenticate your account. Much like the "key" of an RSA Secure ID, the "secret" is typically a series of letters and numbers given to you by a provider or employer. If it has not been provided to you then you either may not need to enter anything in that field or you may need to contact your provider or employer in order to obtain the secret.
A “kill switch” goes by many names, but the term describes VPN software that shuts off all network traffic in and out of your computer if the encrypted connection fails. A hiccup in your Wi-Fi or even with your ISP can cause a VPN to disconnect, and if you then maintain an unsecure connection—especially if the VPN software doesn’t alert you that it’s no longer protecting your traffic—that wipes out all the benefits of your VPN. We considered kill switches to be mandatory. And although we looked for apps that made it easy to add rules about when to activate kill switches, we considered special config files or manual firewall tweaks to be too complex. (iOS doesn’t support any kill-switch features; we address a few iOS-specific problems that apply to all VPN services in a separate section.)
Even if a company is at fault for deceptive marketing practices, it still has to comply with legal requests for whatever information it does have. Jerome told us, “In the U.S., however, there is a big difference between a request for data regularly stored for business purposes and a demand that a company retain information. VPN providers are not required to keep records just in case law enforcement might need them some day.” That means many companies could provide a list of their customers, but if they practice what they preach when it comes to no-logging policies, innocent customers looking for privacy shouldn’t get swept up in these requests.
Even TunnelBear's network performance and pricing are just about average compared to other services we've reviewed, except that you can pay with literal jars of honey. The company takes security and privacy seriously, explaining its policies and protocols in plain English, and you can read the results of two third-party security audits on the company website.
How much will it cost? If price is important to you, then you may think that a free VPN is the best option. Remember, however, that some VPN services may not cost you money, but you might “pay” in other ways, such as being served frequent advertisements or having your personal information collected and sold to third parties. If you compare paid vs. free options, you may find that free VPNs:
Routers – When you install the VPN on your router, all the devices that connect to your router will be using the encrypted VPN tunnel – without the need to install VPN software on each device. The router will only count as one VPN connection under your subscription, even if there are numerous devices using the router’s encrypted VPN connection. There are some important considerations before you do this – see my popular VPN router guide for setup tips.
Yet Mullvad is worth a look because it's extremely private. It asks nothing about you when you sign up. Instead, it assigns you a random number that will be your combined username and password. You don't have to provide an email address, and you can pay by mailing cash to the company's headquarters in Sweden. (Mullvad also takes credit cards, PayPal, bitcoin and wire transfers, and offers 30-day money-back guarantees for those.) Unexpectedly, it was pretty versatile at streaming Netflix from overseas — it didn't always get through, but in no country we tried was it always blocked.
If HTTP browsing is a postcard that anyone can read as it travels along, HTTPS (HTTP Secure) is a sealed letter that gives up only where it’s going. For example, before Wirecutter implemented HTTPS, your traffic could reveal the exact page you visited (such as https://thewirecutter.com/reviews/best-portable-vaporizer/) and its content to the owner of the Wi-Fi network, your network administrator, or your ISP. But if you visit that same page today—our website now uses HTTPS—those parties would see only the domain (https://thewirecutter.com). The downside is that HTTPS has to be implemented by the website operator. Sites that deal with banking or shopping have been using these types of secure connections for a long time to protect financial data, and in the past few years, many major news and information sites, including Wirecutter and the site of our parent company, The New York Times, have implemented it as well.
IVPN excels at trust and transparency, the most important factors when you’re choosing a virtual private network. After interviewing IVPN’s CEO, we’re convinced that IVPN is dedicated to its promises not to monitor or log customer activity. But a trustworthy VPN is only as good as its connections, and in our tests IVPN was stable and fast. IVPN apps are easy to set up and use with secure OpenVPN connections on Windows, macOS, Android, iOS, plus a few other platforms. Extra features like automatic-connection rules and kill switches to block data on unsecured connections add protection and value that make it worth a slightly higher price than some competitors.
If you’re not looking to take advantage of its Channel Bonding functionality, users still benefit from a few tools designed to ensure users have a stable connection at all times. This includes its error correction algorithm that reduces packet loss and its automated, seamless network switching that acts as a failsafe should users step out of WiFi range or their primary connection fails.
With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques. Home users usually deploy VPNs on their routers to protect devices, such as smart TVs or gaming consoles, which are not supported by native VPN clients. Supported devices are not restricted to those capable of running a VPN client.