Many VPN services also provide their own DNS resolution system. Think of DNS as a phone book that turns a text-based URL like "pcmag.com" into a numeric IP address that computers can understand. Savvy snoops can monitor DNS requests and track your movements online. Greedy attackers can also use DNS poisoning to direct you to bogus phishing pages designed to steal your data. When you use a VPN's DNS system, it's another layer of protection.
Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps. Prior to PCMag, Max wrote... See Full Bio
Central America isn’t the first place you’d think of when it comes to cutting edge technology, but NordVPN is up there with the best VPN services in 2019. It has 1015 servers in 59 countries, supports up to six devices simultaneously, runs 2048-bit encryption and has a feature list including an automatic kill switch, dedicated IP addresses, strong DNS leak protection and the ability to pay in Bitcoin. For relatively short connections performance was superb, although we did notice a little latency creeping in from time to time for very long distance connections. However, browsing remained snappy and performance wasn’t degraded significantly. We’d recommend hunting the site for its free trial and if you like it, signing up for the 3-year plan which is currently going for just $99!
Logging: When you connect to a VPN, you’re trusting the VPN service provider with your data. Your communications may be secure from eavesdropping, but other systems on the same VPN—especially the operator—can log your data if they choose. If this bothers you (e.g., you’re the privacy/security advocate or the downloader), make absolutely sure you know your provider’s logging policies before signing up. This applies to location as well—if your company doesn’t keep logs, it may not matter as much where it’s located. (There’s a popular rumor that US-based VPN providers are required to log, in case the government wants them. This isn’t true, but the government can always request whatever data they have if they do log.) For a good list of VPN providers that don’t log your activities when connected (and many that do), check out this TorrentFreak article.
When it comes to servers, more is always better. More servers mean that you're less likely to be shunted into a VPN server that is already filled to the brim with other users. NordVPN, Private Internet Access, and TorGuard currently lead the pack with well over 3,000 servers each—NordVPN is at the forefront with 5,130 servers. But the competition is beginning to heat up. Last year, only a handful of companies offered more than 500 servers, now it's becoming unusual to find a company offering fewer than 1,000 servers.
If you don't know what Kodi is, you're not alone. However, an analysis of searches leading to our site reveals that a surprising number of you are, in fact looking for VPN that works with the mysterious Kodi. Dictionary.com defines Kodi as a possible misspelling of "Jodi," but PCMag analyst Ben Moore clarified for me that Kodi is "free, open-source software for managing your local collection of movies, television shows, music, and photos."
We spent more than 130 hours researching 32 VPN services, testing 12, interviewing the leadership of five, and consulting information security and legal experts. We found that a VPN shouldn’t be your first step toward online security, but for protecting your info on public Wi-Fi (and in some other cases), IVPN is the most trustworthy provider that offers fast, secure connections and easy setup.
One of the most popular VPN services in the market, HideMyAss has a myriad of features that are sure to attract anyone who wants online anonymity. It uses a variety of servers that work with any operating system or mobile device. Aside from PPTP and OpenVPN protocols, the service supports L2TP, which is more difficult to block. Ideal for getting around censorship and firewalls.
Though PIA doesn’t list its leadership on its website, that information isn’t hard to find. The founder, Andrew Lee, has been interviewed by Ars Technica; the CEO, Ted Kim, is also on the record; and privacy activist and Pirate Party founder Rick Falkvinge is listed as Head of Privacy on the company’s blog. PIA can also point to court records showing that when approached by law enforcement for detailed records, the company had nothing to provide. PIA boasts a huge network of servers and locations around the world, and though the PIA app isn’t as polished as those of some competitors, it is easy to use. Like our top pick, IVPN, its iOS app also added OpenVPN support in mid-2018. But in our speed tests, PIA was just okay, not great. When we averaged and ranked all of our speed tests, PIA came in fifth, behind our top picks as well as OVPN and ExpressVPN.
Ideally, every VPN service provider would subject itself to independent audits to verify that it logs and operates as it claims. Right now, audits aren’t common practice in the VPN industry, though there’s a push to change that. Joseph Jerome, policy counsel at the Center for Democracy & Technology, told us about that group’s efforts to bring transparency to the VPN industry: “We would like to see security audits released publicly so security researchers can review them and attest to their veracity, as well as learn from the issues being identified.” The few companies we found that currently performed these types of audits had other dismissal-worthy failings, despite their valiant efforts toward transparency. And while such reports may increase your confidence when you’re shopping, there’s no guarantee that an audit makes a VPN service trustworthy: In other industries, conflicts of interest have led auditors and rating agencies (PDF) to miss or ignore major problems.
Since we first recommended IVPN in the spring of 2018, the company has added automatic server selection to its desktop applications, bringing it in line with other top-performing VPN apps. Alternatively, when you click on the location at the bottom of the app, you’ll see a list of all of the global IVPN server locations, color coded by speed. At the top of the list is an option to connect to the fastest one, and once selected, the app remembers your preference through future disconnects and reboots. You can also use IVPN’s multihop servers to route your traffic through two VPN servers—a feature unique to IVPN among the services we tested—though we don’t think this step is necessary for most people, given the slower speeds you’ll likely experience.
We considered native apps for Windows, Mac, and Android to be mandatory because they’re easier to use than open-source or third-party VPN apps like Tunnelblick; that in turn makes it easier to stay secure. For more-advanced users, adding VPN connections to Wi-Fi routers can help secure all connections on a home network without having to manage devices individually.
Many VPN services claim that if you pay their fee, they'll provide you unlimited data transmission and won't throttle your speeds. Generally, this is true, but I'll give you my standard official "unlimited" warning: It's been my experience that when a vendor says something is "unlimited," it's almost always limited. Somewhere, there will be a note in the fine print or terms of service that allows the vendor to limit you in some way. It pays to read those agreements.
First and foremost, using a VPN prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. Someone on the same network, or the person in control of the network you're using, could conceivably intercept your information while you're connected.
Sadly, I engaged PIA, the number one rated and paid a "great price" for a 3 year service only to findout that dur to a recent SMTP abuses they no longer can be used when using Microsoft servers. So, all of my outbound email is rejected from Microsoft Servers due to this policy. In itself, fine, but as I enrolled in this service and while setting up the servie at no time was this mentioned nor, prior to a May 15 issue, was this a problem.
Many companies proudly display “warrant canaries” on their websites. These are digitally signed notices that say something to the effect of “We have never been served a warrant for traffic logs or turned over customer information.” Law enforcement can prohibit a company from discussing an investigation, but in theory, it can’t compel a company to actively lie. So the theory goes that when the warrant canary dies—that is, the notice disappears from the website because it’s no longer truthful—so does privacy. The EFF supports this legal position, though other highly regarded companies and organizations think warrant canaries are helpful only for informing you after the damage has been done. Such notices may provide a nice sense of security, and they are important to some people, but we didn’t consider them essential.
We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.
When purchasing VPN service from a provider, consider the kind of security you want. If you want to use a VPN in order to send documents, emails, or browse the web more securely, then you’ll want to sign up with a host that offers an encryption method such as SSL (also called TLS) or IPsec. SSL is the most widely used form of security encryption. Encryption is a method of obscuring data from those who should not see it. Also, try to pick a host which uses OpenVPN rather than “point-to-point tunneling protocol” (PPTP) for encryption. PPTP has had several security vulnerabilities in recent years; whereas OpenVPN is commonly considered the more secure method of encryption.
VPNs initially are corporate networks ensuring safely encrypted connections between the company server and the employees. These systems give colleagues who are in different departments the possibility of collaborating without physical contact. VPNs are helpful and assist in office maintenance by allowing their employees to work from anywhere in the world or remotely in the comfort of their homes. The application and use of VPN technologies were started by the Chinese who were after getting the around the restrictions of the great firewall.
You can pay for a Windscribe subscription with bitcoin, and you don't even have to provide an email address. The service is based in Canada, which may appeal to users wary of U.S. authorities. The only feature lacking is a kill switch to stop all internet activity if the VPN connection is lost while in use, but Windscribe argues that its built-in firewall prevents data leakage.
While you're connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet. If you make sure to only connect to websites secured with HTTPS, your data will continue to be encrypted even after it leaves the VPN.
Private Internet Access, or PIA, is one of the most visible, privacy-focused VPNs available. Because of its reputation and advocacy concerning online privacy and security, it has also been a Wirecutter staff pick. But whether you prioritize speed and performance or trust and transparency, our top pick is a better bet. If you find PIA attractive because of its low price, note that spending just a little more on TorGuard will buy you much better performance.
CyberGhost is transparent about its company structure, posting photos and bios on its website of everyone from the CEO to the cleaning lady, and privacy fanatics will like that the company is based in Romania rather than the U.S. But CyberGhost's full-service subscription price is among the most expensive month by month — it's far better to just pay for a year at a time.
ButterflyVPN Router is suitable for anyone who seeks a safe and secure way to access the internet and any region-blocked content. Coming in the form of a mini-size USB portable wireless VPN router, this solution is quick and easy to start up as it simply requires users to plug the device in any internet-powered area. Its portability makes ButterflyVPN Router ideal for employees out on business trips, travelers, bloggers, or anyone who is looking to access the internet on the go. It supports all types of internet-capable platform, from mobile devices and laptops to gaming consoles such as Sony’s PlayStation and Microsoft’s Xbox.
A VPN provides a great many privacy protections that we think everyone should take advantage of. This is especially true in Australia where a 2017 report found that in the previous 12 months, cybercrime rates had increased by 15% to 47,000 incidents. However, within the specific context of Australia’s 2015 data retention law, they won’t do much good.
IVPN also performed well in our speed tests. Though it wasn’t always the fastest in the 54 measurements we took on each service, it ranked near the top on many servers at different times of the week—especially compared with the most trustworthy services. Private Internet Access, one of the most visible, privacy-focused VPNs, had slower speeds when connecting to most servers and less reliable connections than IVPN. For US servers (which we expected to be the fastest locations since we tested from California), IVPN ranked behind only OVPN and TorGuard. We liked OVPN—especially its speed results—but we thought that company’s small team and small selection of servers and locations were too limiting for some people. (Read more in the Competition section.) Though TorGuard edged out IVPN in this test, the difference wasn’t big enough to affect our everyday browsing. And because we tested each application at its default settings, TorGuard’s faster speeds were partially thanks to its default 128-bit encryption; IVPN offers only more secure, but often slower, 256-bit encryption.
ExpressVPN is based in the British Virgin Islands which, although a British Overseas Territory, isn’t beholden to the strict data retention laws of the UK’s Investigatory Powers Act. If you’re after anonymous payment options, you can buy your subscription with bitcoin if you wish – and if you don’t want to, then ExpressVPN has a clearly stated no-logging policy. This has been put to the test by the Turkish authorities, who seized endpoint servers last December, and found no logs.
Individuals that access the internet from a computer, tablet or smartphone will benefit from using a VPN. A VPN service will always boost your security by encrypting and anonymizing all of your online activity. Therefore, both private and business users can benefit from using a VPN. Communications that happen between the VPN server and your device are encrypted, so a hacker or website spying on you wouldn't know which web pages you access. They also won't be able to see private information like passwords, usernames and bank or shopping details and so on. Anyone that wants to protect their privacy and security online should use a VPN.