We summarize the protocols above, and look at them in detail in VPN Encryption: The Complete Guide. Although L2TP/IPsec is fine for most purposes, we only really recommend OpenVPN and IKEv2. OpenVPN is very secure if properly configured. Indeed, Edward Snowden’s documents showed that even the NSA can’t crack well-implemented OpenVPN. It is also supported by almost every provider.  But it is relatively slow. The newer IKEv2 is much faster and is considered secure, but has not been battle-tested in the way that OpenVPN has. It is not as well supported at present, although it is increasingly popular with providers thanks to its speed advantages over OpenVPN.
First and foremost, using a VPN prevents anyone on the same network access point (or anywhere else) from intercepting your web traffic in a man-in-the-middle attack. This is especially handy for travelers and for those using public Wi-Fi networks, such as web surfers at hotels, airports, and coffee shops. Someone on the same network, or the person in control of the network you're using, could conceivably intercept your information while you're connected.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.[2]
Since December 2017, when the FCC decided to burn Net Neutrality to the ground, more and more people have become obsessed with online privacy (or lack thereof). Your internet provider can choose to slow down your internet if they want, and they could also go after sites like Netflix and demand money for offering high viewing speeds. And keeping your illegal stream or questionable search history private? Forget about it.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.[2]
Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps. Prior to PCMag, Max wrote... See Full Bio
This is also a good way to provide support for more than one family member on a single subscription. Generally, there's no good reason for a VPN provider to allow less than two or three connections. If your provider only allows one, find another vendor. We gave extra points in our VPN directory to those vendors who allowed three or more connections.

Routers – When you install the VPN on your router, all the devices that connect to your router will be using the encrypted VPN tunnel – without the need to install VPN software on each device. The router will only count as one VPN connection under your subscription, even if there are numerous devices using the router’s encrypted VPN connection. There are some important considerations before you do this – see my popular VPN router guide for setup tips.


When purchasing VPN service from a provider, consider whether you will access content outside the country you physically are located in. When you browse the internet, you have an address which shows where you are. This is called an “IP address.” If you try to access content in another country, your IP address may not allow you to do so because there may not be an agreement between that country and yours about the legal rights of the content. However, you can use a VPN host with “exit servers” which will show your IP address as being within that country. Thus, you will be able to access the content in another country by using the exit servers. When picking a VPN host in order to do this, you’ll want to look at the locations of your host’s servers in order to ensure that they have servers in the country where you want to access content.
— Mullvad has added iOS support for the new WireGuard VPN protocol. The service has also added an onion site at http://xcln5hkbriyklr6n.onion/ so that Tor users can get Mullvad accounts and download software completely anonymously. It is also urging users to upgrade their client software to at least version 2018.5, as earlier versions will not be supported after March 22, 2019.
When we initially researched and tested VPNs for this guide in early 2018, technical and legal reasons prevented app developers from using the OpenVPN protocol in apps released through Apple’s iOS app store. During 2018, both the technical and licensing hurdles were removed, and VPN providers started adding OpenVPN connections to their iOS apps. We’ve already noted that our top pick, IVPN, has added it, as have ExpressVPN and PIA. In a future update, we’ll specifically test these upgraded iOS apps, but in the meantime the updated IVPN app has worked as promised for several Wirecutter staffers who use it regularly. Because this OpenVPN support makes it much easier for anyone with Apple devices to create a reliably secure VPN connection, we wouldn’t recommend a service without it to anyone with an iPhone or iPad.
In the most recent round of testing, we've also looked at how many virtual servers a given VPN company uses. A virtual server is just what it sounds like—a software-defined server running on server hardware that might have several virtual servers onboard. The thing about virtual servers is that they can be configured to appear as if they are in one country when they are actually being hosted somewhere else. That's an issue if you're especially concerned about where you web traffic is traveling. It's a bit worrisome to choose one location and discover you're actually connected somewhere else entirely.

The free version won’t give you much mileage for streaming mind, which is perhaps just as well. Frustratingly, both BBC iPlayer and U.S. Netflix clocked that we were using a VPN, and stopped us from getting the goods. But if streaming isn’t why you’re seeking out a VPN, and you mainly need one for anonymised web browsing and downloads, then Kaspersky Secure Connection is ideal.


Español: conectarte a una VPN, Italiano: Connettersi a una VPN, Русский: подключиться к виртуальной частной сети (VPN), Português: se Conectar a uma VPN, Deutsch: Mit einem VPN verbinden, Bahasa Indonesia: Terhubung ke VPN, Français: se connecter à un VPN, العربية: الاتصال بشبكة افتراضية خاصة, 中文: 使用VPN, Tiếng Việt: Kết nối tới một Mạng VPN, Čeština: Jak se připojit k VPN, 한국어: VPN 연결하는 방법, हिन्दी: एक वीपीएन (VPN) से कनेक्ट करें, ไทย: เชื่อมต่อ VPN, Nederlands: Een verbinding maken met een VPN
In conjunction with information security experts at The New York Times (parent company of Wirecutter), we reached out to our finalists with questions about their internal security practices. We asked how they handled internal security access, how they communicated securely with customers, in what ways they collected reports on security bugs, and of course whether their statements on logging policies matched their marketing and privacy policies. We also considered which companies had public-facing leadership or ownership, and which ones openly supported projects and organizations that promoted Internet security and privacy. (For a full breakdown of trust and VPNs, check out the section above.)
When we say that in theory VPNs can’t be intercepted, that’s because VPNs are like any other form of security: if you use them on a device that’s already been compromised by malware such as keyloggers or other security threats then they can’t do their job properly. If you’re on Windows, then good quality, up to date anti-virus software isn’t a luxury. It’s absolutely essential.
ButterflyVPN Router is suitable for anyone who seeks a safe and secure way to access the internet and any region-blocked content. Coming in the form of a mini-size USB portable wireless VPN router, this solution is quick and easy to start up as it simply requires users to plug the device in any internet-powered area. Its portability makes ButterflyVPN Router ideal for employees out on business trips, travelers, bloggers, or anyone who is looking to access the internet on the go. It supports all types of internet-capable platform, from mobile devices and laptops to gaming consoles such as Sony’s PlayStation and Microsoft’s Xbox.
We also dove deeper into the desktop apps of the top-performing services. Great apps have automatic location selection, easy-to-use designs, and detailed but uncluttered settings panels. We set up each service’s Android app on a Samsung Galaxy S8 running Android 7.0 Nougat. We took into account how easy each one was to set up and connect, along with what options were available in the settings pane.

Avast SecureLine is also expensive, and based on current speed results for the UK and U.S., you’re probably better off shopping around for a better deal; SecureLine works out at £49.99 a year for a single device (equivalent to £4.17 a month). If you want to connect more than one computer or mobile device, a five-licence account will cost you £64.99 a year.
Private Internet Access, or PIA, is one of the most visible, privacy-focused VPNs available. Because of its reputation and advocacy concerning online privacy and security, it has also been a Wirecutter staff pick. But whether you prioritize speed and performance or trust and transparency, our top pick is a better bet. If you find PIA attractive because of its low price, note that spending just a little more on TorGuard will buy you much better performance.
In the most recent round of testing, we've also looked at how many virtual servers a given VPN company uses. A virtual server is just what it sounds like—a software-defined server running on server hardware that might have several virtual servers onboard. The thing about virtual servers is that they can be configured to appear as if they are in one country when they are actually being hosted somewhere else. That's an issue if you're especially concerned about where you web traffic is traveling. It's a bit worrisome to choose one location and discover you're actually connected somewhere else entirely.

"Following an audit by Leon Juranic of Defense Code Ltd., hide.me are now certified completely log-free. Even free users are no longer subject to data transfer logs. What’s more, hide.me has recently begun publishing a transparency report of requests by authorities for information on users of their service; as they say on their website, their standard response to such requests is to state that, as they keep no logs, they are unable to provide any such information." Jan 8, 2015 BestVPN.com
One of the most important factors when you’re choosing a VPN provider is also the hardest to quantify: trust. All your Internet activity will flow through this company’s servers, so you have to trust that company more than the network you’re trying to secure, be it a local coffee shop’s Wi-Fi, your campus Internet connection, your corporate IT network, or your home ISP. In all our research, we came across a lot of gray areas when it came to trusting a VPN, and only two hard rules: Know who you’re trusting, and remember that security isn’t free.
IVPN goes further than the other leading candidates we considered by being transparent about who runs the service and is responsible for your privacy. The company lists its core team on its website, and its small team has an online presence on a variety of platforms. In contrast, only one employee at ExpressVPN has a public face: VP of marketing Harold Li gave us detailed answers to questions about policies and internal security, but couldn’t tell us much about who else worked there. (We discuss ExpressVPN in more detail in the Competition section—that company was almost our top pick but for this issue.)
Along with securing your private information and activity online, a VPN for home is a great way to stream your favorite TV shows and movies. When using a VPN, you can be sure that your online activity is secure and private, so you can simply enjoy your TV show or movie. Be sure to choose the best home VPN for your needs, such as one that works well with Windows, to help make movie and TV show streaming a possibility for you.  
Sign up and receive your account information. If you are purchasing a VPN service from a VPN provider, then you may need to pay for your new service. After signing up and paying (or verifying that your employer or university does provide such a service), the provider should give you information that will allow you to access your VPN such as a username, password, and IP or server name. You can use one of the methods below to connect to your VPN.

IVPN doesn’t have as many server locations as larger services like ExpressVPN do. When we initially recommended the service, IVPN was limited to 13 countries, compared with ExpressVPN’s 94. But in the months since, IVPN has doubled that to 26, including two additional locations in Asia (Tokyo and Singapore). We’ve yet to test the new servers though, and in the past, IVPN’s single location in Asia—Hong Kong—was slower than competitors.
The only downsides to Private Internet Access are that you can't select your own username — you've got to stick with an assigned random ID — and that you've occasionally got to reinstall a balky driver in Windows. (There's a button to do this.) Selecting Private Internet Access as our VPN service of choice was almost a no-brainer, but because it's based in the U.S., anyone wary of the FBI may want to consider another service.
We used to advise people to do banking and other important business over their cellular connection when using a mobile device, since it is generally safer than connecting with a public Wi-Fi network. But even that isn't always a safe bet. Researchers have demonstrated how a portable cell tower, such as a femtocell, can be used for malicious ends. The attack hinges on jamming the LTE and 3G bands, which are secured with strong encryption, and forcing devices to connect with a phony tower over the less-secure 2G band. Because the attacker controls the fake tower, he can carry out a man-in-the-middle attack and see all the data passing over the cellular connection. Admittedly, this is an exotic attack, but it's far from impossible.

To be fair, not all pay VPN services are legitimate, either. It's important to be careful who you choose. Over on ZDNet's sister site, CNET, I've put together an always up-to-date directory of quality VPN providers. To be fair, some are better than others (and that's reflected in their ratings). But all are legitimate companies that provide quality service.

To be fair, not all pay VPN services are legitimate, either. It's important to be careful who you choose. Over on ZDNet's sister site, CNET, I've put together an always up-to-date directory of quality VPN providers. To be fair, some are better than others (and that's reflected in their ratings). But all are legitimate companies that provide quality service.

Using Wi-Fi on the Windows laptops, we timed how long it took to connect to websites, measured latency times (how long it took a server to respond), and recorded upload and download speeds with Ookla's Speedtest meter, both with and without the VPN activated. We also timed how long it took to download a large video file, both with and without VPN activation.
Even if a company is at fault for deceptive marketing practices, it still has to comply with legal requests for whatever information it does have. Jerome told us, “In the U.S., however, there is a big difference between a request for data regularly stored for business purposes and a demand that a company retain information. VPN providers are not required to keep records just in case law enforcement might need them some day.” That means many companies could provide a list of their customers, but if they practice what they preach when it comes to no-logging policies, innocent customers looking for privacy shouldn’t get swept up in these requests.

VPN services can also be defined as connections between specific computers, typically servers in separate data centers, when security requirements for their exchanges exceed what the enterprise network can deliver. Increasingly, enterprises also use VPN connections in either remote access mode or site-to-site mode to connect -- or connect to -- resources in a public infrastructure-as-a-service environment.
Since December 2017, when the FCC decided to burn Net Neutrality to the ground, more and more people have become obsessed with online privacy (or lack thereof). Your internet provider can choose to slow down your internet if they want, and they could also go after sites like Netflix and demand money for offering high viewing speeds. And keeping your illegal stream or questionable search history private? Forget about it.

The service’s no logs policy means that it does not store user online activity data and promises not to release them unless required by law, ensuring that your information is in safe hands. What sets this service apart from others is its refund policy. Users are able to use it for up to 10 hours or 10GB of bandwith and still get a refund, a far more generous policy than what others have to offer.


Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps. Prior to PCMag, Max wrote... See Full Bio
Inside the Preferences pane, you can also tick boxes to automatically launch or connect the app when you boot your device. Anyone using the Windows or macOS app should tick the box to autoconnect “when joining insecure WiFi networks.” You can also tag individual Wi-Fi networks as trusted or untrusted, to make sure you’re always protected even if you forget to connect the app manually. These network rules—not offered on most apps, including IVPN’s mobile apps or any of TorGuard’s apps—will make sure you don’t forget your VPN when you need it the most.
When choosing between protocols to connect to, consider how you are using your VPN. PPTP is known to be fast over wi-fi; however, it is less secure than L2TP and IPSec. So, if security is important to you, then consider using either L2TP or IPSec. If you are connecting to a VPN for work purposes, then your employer will most likely have a preferred protocol. If you are using a hosted VPN, then ensure that you use a protocol which they support.
Everything you do on the Internet has to pass through your own ISP before reaching the destination. So, when you request Google, for example, the information is sent, unencrypted, to your ISP and then passes through some other channels before reaching the server that holds Google’s website. Basically, VPN services privatize information that can be read by ISPs or any other agency that inspects your traffic.
Like most well-known VPN companies, IVPN supports a variety of privacy groups and causes. Pestell told us he worked with the Center for Democracy & Technology to improve trust in VPNs with a handful of transparency initiatives before they were announced. Neena Kapur of The New York Times (parent company of Wirecutter) information security team noted that IVPN’s leadership transparency and its relationship with CDT were significant pluses that contributed to its trustworthiness. Pestell was also the only representative we spoke with to offer to arrange for one of our experts to audit the company’s server and no-logging policies.1 We cover trust issues with VPNs at length elsewhere in this guide, but we believe that IVPN takes an active role in protecting its customers’ privacy and is not a dude wearing a dolphin onesie.
Pricing is quite flexible, with a three-day plan available for just $2. But for those who want to avail of the complete service and support, A basic plan of $5 per month, a solid plan of $10 a month, and dedicated plan of $25 per month are also available. These packages offer users access to Proxy.sh servers in different countries and unlimited bandwidth. Custom plans can be arranged, all one has to do is contact support.
That said, many VPN providers are based outside the US, which complicates enforcement. Jerome continued: “Users can file complaints in a local jurisdiction, and local data protection laws may have more effective enforcement mechanisms. For example, privacy and confidentiality of communications are fundamental rights in the European Union. Data protection authorities in EU-member states are empowered to handle complaints brought by individuals and then provide users with information about the outcome of any investigation. But it is unclear how effective any of these remedies will be.”

When choosing between protocols to connect to, consider how you are using your VPN. PPTP is known to be fast over wi-fi; however, it is less secure than L2TP and IPSec. So, if security is important to you, then consider using either L2TP or IPSec. If you are connecting to a VPN for work purposes, then your employer will most likely have a preferred protocol. If you are using a hosted VPN, then ensure that you use a protocol which they support.
While a VPN can aid privacy and anonymity, I wouldn’t recommend fomenting the next great political revolution by relying solely on a VPN. Some security experts argue that a commercial VPN is better than a free proxy such as the TOR network for political activity, but a VPN is only part of the solution. To become an internet phantom (or as close as you can realistically get to one), it takes a lot more than a $7 monthly subscription to a VPN.

No company came closer to being a pick than ExpressVPN. It has a huge server network that performed well in our tests, plus easy-to-use applications on tons of platforms, and strong security technologies in place. A representative answered all our questions about company operations at length—except one. As noted in a PCWorld review of the service, ExpressVPN chooses not to disclose the company’s leadership or ownership. The company representative told us that this policy enabled ExpressVPN to build a private and secure product without compromise. “We think that this approach has been effective until now and that coupled with a stellar VPN product, we have succeeded in gaining a solid reputation in our industry. We are fortunate to be trusted by the many users worldwide who choose ExpressVPN.”

IVPN goes further than the other leading candidates we considered by being transparent about who runs the service and is responsible for your privacy. The company lists its core team on its website, and its small team has an online presence on a variety of platforms. In contrast, only one employee at ExpressVPN has a public face: VP of marketing Harold Li gave us detailed answers to questions about policies and internal security, but couldn’t tell us much about who else worked there. (We discuss ExpressVPN in more detail in the Competition section—that company was almost our top pick but for this issue.)
Norton WiFi Privacy performed very well in our latest round of speed tests. In the UK, we got FTP and HTTP download speeds of around 9.5MB/s (76Mb/s). Using endpoints in the Netherlands, that HTTP speed went up to 10.1MB/s (81Mbit/s). U.S. speeds were also very good, exceeding our non-VPN reference download at 5.8MB/s (46.4Mbit/s) for FTP and 4.8MB/s (38.4Mbit/s) for HTTP downloads.
The theme running throughout this service is personal security. From protected DNS queries to automatic kill switches, NordVPN wants you to know that your information won’t fall into the wrong hands. It makes sense, then, that the company also accepts Bitcoin for payments. The company has recently improved its platform support, adding in iOS and Android and thus overcoming its one weakness.
TorGuard offers applications for every major platform, including Windows, macOS, and Android. And unlike our top pick, it also supports OpenVPN on ChromeOS. (Though TorGuard does offer an iOS app, it doesn’t natively support the OpenVPN protocol that allows for the easiest and most reliable secure connections.) Using these apps, you can manually select a server, click Connect, and not worry about the rest. But otherwise, the applications aren’t as refined or easy to use as IVPN’s. New users are likely to find themselves out of their depth when modifying anything but the most basic functions, such as auto-connecting at launch or minimizing the app.

We considered native apps for Windows, Mac, and Android to be mandatory because they’re easier to use than open-source or third-party VPN apps like Tunnelblick; that in turn makes it easier to stay secure. For more-advanced users, adding VPN connections to Wi-Fi routers can help secure all connections on a home network without having to manage devices individually.
However, you've got no choice but to run TunnelBear's client software (unless you use Linux), which may concern some privacy-minded users, and there's no option to set up TunnelBear connections on routers or other devices. Last but not least, this tiny Canadian firm is now owned by U.S. antivirus giant McAfee, which may mean TunnelBear is subject to U.S. search warrants.
— Mullvad has added iOS support for the new WireGuard VPN protocol. The service has also added an onion site at http://xcln5hkbriyklr6n.onion/ so that Tor users can get Mullvad accounts and download software completely anonymously. It is also urging users to upgrade their client software to at least version 2018.5, as earlier versions will not be supported after March 22, 2019.
Reddit users give Nord praise because it actually seems trustworthy, especially compared to other VPNs that may hand over information to the wrong people. Nord is also equipped with the ability to connect to a Double VPN, which encrypts your traffic twice for double the protection. One NordVPN fan on Reddit, Sacredkeep, even mentioned that NordVPN solved the problems that PureVPN and PIA gave them. Plus if you have any issues, Nord offers a 24/7 live chat. If you want a no frills, no worries situation, NordVPN is the simple, smooth operator that has your back. Get one month for $11.95, one year for $6.99/month, or two years for $3.99 per month.
Our VPN-issued IP address was never blacklisted by websites like those of Yelp and Target, but we were unable to access Netflix and BBC iPlayer while connected to TorGuard. No VPN offers a reliable way to access these streaming services, though: All of the VPNs we tried were blocked by Netflix, and of the four that could access BBC content on the first day, two were blocked the next.
Whether the VPNs you’re familiar with are the ones offered by your school or business to help you work or stay connected when you’re traveling or the ones you pay to get you watch your favorite shows in another country as they air, they’re all doing the same thing. For much more detail on what VPNs are, how they work, and how they’re used, check out this How Stuff Works article.
For features, VPN.ac offers double-hop VPN servers, numerous encryption options, obfuscation (stealth VPN), and great apps for all major operating systems and devices. VPN.ac’s apps are very well designed and come in both light and dark modes. In addition to the VPN, you can also use their secure proxy browser extension, which is available for Firefox, Chrome, and Opera browsers.

Credit: Opera VPNAlso, although your data is encrypted as it travels between you and the far-off VPN server, it won't necessarily be encrypted once it leaves the VPN server to get to its final destination. If the data isn't encrypted — and that depends on the website you're connecting to — then the traffic might be intercepted and read. (One well-known VPN provider was recently accused of inserting ads in users' web browsers, which would violate users' security and privacy.)
I had to know why Goose VPN was so named. My first order of business was to reach out to the company's co-founder and ask. Geese, I was told, make excellent guard animals. There are records of guard geese giving the alarm in ancient Rome when the Gauls attacked. Geese have been used to guard a US Air Defense Command base in Germany and a brewery in Scotland.
×