In our review of IPVanish, I gave a four-star rating for its strong encryption, excellent performance, and a large set of servers. While it is based in the U.S., the company promises to keep no logs other than payment information, which you can also avoid by paying with Bitcoin. IPVanish has more than 40,000 unique IP addresses on more than 1,000 servers spread out over more than 60 countries, meaning you get some serious diversity. There's no limit to how many times you can switch servers, allowing you to move around until you find the absolute best. Toss in a kill switch, IPv6 and DNS leak protection, and manual port selection, and this becomes a very attractive option. Yearly plans start at about $6 per month, while monthly plans start at about $10.
Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the OpenVPN project and SoftEther VPN project) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules.
For two years running, Private Internet Access has performed the best in our network tests and remained the cheapest full-fledged VPN service we've tried. It has more than 3,000 servers worldwide, supports platforms ranging from Windows and Mac to open-source routers, and lets you customize your tunneling and encryption protocols. You can pay in bitcoin, and you don't have to provide your real name.
ExpressVPN operates servers in 78 countries, 20 of them in APAC alone. Torrenting is allowed on all servers. It’s consistently performed well in our unblocking tests and our speed tests so is a good option for streaming. It can unblock both the US and Australian Netflix catalogs in a browser as well as in the Netflix app. It keeps no traffic logs and is based in the British Virgin Islands, where it is not subject to any data retention laws. ExpressVPN makes apps for Windows, MacOS, Android, iOS, Linux (command line) and some wifi routers.
Logging: When you connect to a VPN, you’re trusting the VPN service provider with your data. Your communications may be secure from eavesdropping, but other systems on the same VPN—especially the operator—can log your data if they choose. If this bothers you (e.g., you’re the privacy/security advocate or the downloader), make absolutely sure you know your provider’s logging policies before signing up. This applies to location as well—if your company doesn’t keep logs, it may not matter as much where it’s located. (There’s a popular rumor that US-based VPN providers are required to log, in case the government wants them. This isn’t true, but the government can always request whatever data they have if they do log.) For a good list of VPN providers that don’t log your activities when connected (and many that do), check out this TorrentFreak article.
When we say that in theory VPNs can’t be intercepted, that’s because VPNs are like any other form of security: if you use them on a device that’s already been compromised by malware such as keyloggers or other security threats then they can’t do their job properly. If you’re on Windows, then good quality, up to date anti-virus software isn’t a luxury. It’s absolutely essential.
Windscribe's network performance was once about average in our tests, but a recent switch in VPN protocols put it on par with Private Internet Access in head-to-head tests. Windscribe is compatible with many platforms (including routers and Amazon Fire and Kodi TV set-top boxes), offers a wide variety of connection options, has a wide geographic reach with hundreds of servers, and presents an appealing, if minimal, user interface. It was also one of the best at connecting to Netflix U.K. and BBC iPlayer, if you're into that sort of thing.
Cost: You have three pricing options depending on how often you want to pay. The cheapest IPVanish plan is to buy a full year at once for $77.99, making the monthly rate $6.49/month. If you pay for three months at once for $26.99, the monthly cost comes down to $8.99/month. However, to subscribe on a monthly basis with no commitment, it will cost $10/month.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you'll need to connect every device in your home individually to the VPN service, so just two or three licenses won't be enough for the average nested pair. Note that many VPN services offer native apps for both Android and iOS, but that such devices count toward your total number of connections.
Oh, heck no. A VPN can help make sure you're not snooped on when connecting between your computer and a website. But the website itself is quite capable of some serious privacy violations. For example, a VPN can't protect you against a website setting a tracking cookie that will tell other websites about you. A VPN can't protect you against a website recording information about products you're interested in. A VPN can't protect you against a website that sells your email address to list brokers. Yada, yada, yada.
Routers – When you install the VPN on your router, all the devices that connect to your router will be using the encrypted VPN tunnel – without the need to install VPN software on each device. The router will only count as one VPN connection under your subscription, even if there are numerous devices using the router’s encrypted VPN connection. There are some important considerations before you do this – see my popular VPN router guide for setup tips.
If you are interested in an added level of protection, there are intriguing gadgets called Tiny Hardware Firewalls. These devices range from about $30 to $70 and connect via a network port or a USB slot to your laptop. They make the initial network connection, and so your computer's communication is always blocked before it calls out to the internet.
Beyond those two factors, it’s difficult to make blanket statements about what makes a trustworthy VPN. At the bare minimum, a good VPN provider should not collect and keep any logs of its customers’ browsing history. If it does, that puts your privacy at risk should someone access (or even release) those logs without authorization. But deciding when to a trust a logging policy isn’t easy. As the EFF points out, “Some VPNs with exemplary privacy policies could be run by devious people.” You don’t need to have done anything illegal to prefer that law enforcement and criminals alike not have access to a browsing history that may include your bank, medical websites, or that one thing you looked at around 2 a.m. that one time.
This is when the VPN uses a gateway device to connect to the entire network in one location to a network in another location. The majority of site-to-site VPNs that connect over the internet use IPsec. Rather than using the public internet, it is also normal to use career multiprotocol label switching (MPLS) clouds as the main transport for site-to-site VPNs.