TorGuard offers applications for every major platform, including Windows, macOS, and Android. And unlike our top pick, it also supports OpenVPN on ChromeOS. (Though TorGuard does offer an iOS app, it doesn’t natively support the OpenVPN protocol that allows for the easiest and most reliable secure connections.) Using these apps, you can manually select a server, click Connect, and not worry about the rest. But otherwise, the applications aren’t as refined or easy to use as IVPN’s. New users are likely to find themselves out of their depth when modifying anything but the most basic functions, such as auto-connecting at launch or minimizing the app.
Tunneling protocols can operate in a point-to-point network topology that would theoretically not be considered as a VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes. But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols.
Cost: StrongVPN offers two plan options: one month and annual. Their annual plan will give you the biggest bang for your buck, coming out to just $5.83 per month (if you pay $69.96 annually). Their monthly plan is $10. Fortunately, each tier comes with the same set of features, so you won’t get cheated out of certain levels of encryption depending on which plan you subscribe to.
And they manage to do all of this without sacrificing performance, offering one of the fastest download speeds (83 Mbps out of 100 Mbps) and the best 24/7 customer support in the industry. The only downside? It’s a little on the pricey side, with monthly plans starting between $6.67 and $12.95/mo. But it’s a small price to pay for excellent performance in almost every category.

If HTTP browsing is a postcard that anyone can read as it travels along, HTTPS (HTTP Secure) is a sealed letter that gives up only where it’s going. For example, before Wirecutter implemented HTTPS, your traffic could reveal the exact page you visited (such as https://thewirecutter.com/reviews/best-portable-vaporizer/) and its content to the owner of the Wi-Fi network, your network administrator, or your ISP. But if you visit that same page today—our website now uses HTTPS—those parties would see only the domain (https://thewirecutter.com). The downside is that HTTPS has to be implemented by the website operator. Sites that deal with banking or shopping have been using these types of secure connections for a long time to protect financial data, and in the past few years, many major news and information sites, including Wirecutter and the site of our parent company, The New York Times, have implemented it as well.
Oh, heck no. A VPN can help make sure you're not snooped on when connecting between your computer and a website. But the website itself is quite capable of some serious privacy violations. For example, a VPN can't protect you against a website setting a tracking cookie that will tell other websites about you. A VPN can't protect you against a website recording information about products you're interested in. A VPN can't protect you against a website that sells your email address to list brokers. Yada, yada, yada.
The main reason to use a VPN is security - in theory, the data that travels across your VPN should be impossible for anybody else to intercept, so it can protect your online banking or confidential business communications - but there are other benefits too. VPNs can make it much harder for advertising to track you online, and they can overcome geography-specific blocks that prevent you from accessing some country-specific services such as online video.
The student/worker. This person has responsibilities to attend to, and uses a VPN provided by their school or company to access resources on their network when they’re at home or traveling. In most cases, this person already has a free VPN service provided to them, so they’re not exactly shopping around. Also, if they’re worried about security, they can always fire up their VPN when using airport or cafe WI-Fi to ensure no one’s snooping on their connection. Photo by Ed Yourdon.
There are different levels of security protocols, each with its own level of security and features. Some of the most common are IPSec, L2TP, IKEv2, OpenVPN, and PPTP. OpenVPN is a newer technology, but it is highly configurable and easily bypasses firewalls in any country. L2TP isn’t capable of encryption; it instead creates a tunnel, and it should be paired with IPSec, which takes care of encryption. PPTP is a protocol that has been around since the mid-1990s, but because it does not encrypt, you will want to be sure to use another protocol with it that covers encryption. IKEv2 is an IPSec-based tunneling protocol that will reestablish a VPN connection if a user temporarily loses Internet connection. 
When a VPN connection drops, you might just lose your connection. But because the internet is very good at routing around failures, what is more likely to happen is your computer will reconnect to the internet application, simply bypassing the VPN service. That means that -- on failure -- your local IP address may "leak out" and be logged by the internet application, and your data may be open to local Wi-Fi hackers at your hotel or wherever you're doing your computing.
The student/worker. This person has responsibilities to attend to, and uses a VPN provided by their school or company to access resources on their network when they’re at home or traveling. In most cases, this person already has a free VPN service provided to them, so they’re not exactly shopping around. Also, if they’re worried about security, they can always fire up their VPN when using airport or cafe WI-Fi to ensure no one’s snooping on their connection. Photo by Ed Yourdon.

L2TP/IPsec (Layer 2 Tunneling Protocol with Internet Protocol Security): L2TP is not secure itself, so it's generally paired with the IPsec secure-networking standard. The combination of the two was once thought to be very secure when properly implemented, but some VPN services suggest that you use OpenVPN instead. L2TP/IPsec has native support in Windows, OS X/macOS, Android, Chrome OS and iOS. Most VPN services support it.

Speed-wise, Avast SecureLine did well in our European speed tests, with us recording over 9.83MB/s (78.64Mbit/s) in our file transfer tests to the Netherlands. Its US performance was a little below average but still decent at 3.22MB/s (25.76Mbit/s), although UK performance was a bit slower than in our last round of tests, at 6.5MB/s (52Mbit/s) via FTP and 5.8MB/s (46.4Mbit/s) for an HTTP download.
One of the most common types of VPNs used by businesses is called a virtual private dial-up network (VPDN). A VPDN is a user-to-LAN connection, where remote users need to connect to the company LAN. Another type of VPN is commonly called a site-to-site VPN. Here the company would invest in dedicated hardware to connect multiple sites to their LAN though a public network, usually the Internet.
But even if you know who’s behind your VPN, you shouldn’t trust a free one. A free service makes you and your data the product, so you should assume that any information it gathers on you—whether that’s an actual browsing history or demographics like age or political affiliation—is being sold to or shared with someone. For example, Facebook’s Onavo provides an encrypted connection to Onavo’s servers like any VPN, shielding you from the prying eyes of your ISP or fellow network users. But instead of promising not to examine, log, or share any of your traffic, Onavo’s privacy policy promises the opposite. Covering the service, Gizmodo sums it up well: “Facebook is not a privacy company; it’s Big Brother on PCP.” Facebook collects information about your device, other applications you use, and even “information and other data from your device, such as webpage addresses and data fields.” And the company “may combine the information, including personally identifying information, that you provide through your use of the Services with information about you we receive from our Affiliates or third parties for business, analytic, advertising, and other purposes.” That means Facebook can collect anything it wants, and sell it to anyone it wants.
The Android app is actually fun to use, and you got to give TunnelBear credit for really doubling down on its name by really running with the concept. TunnelBear does not currently support torrenting, so if that's an important feature you're best to look elsewhere. If you're only looking for a casual VPN for your phone, TunnelBear is a great free option with affordable pricing for upgrading to the premium service.
With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques.[34] Home users usually deploy VPNs on their routers to protect devices, such as smart TVs or gaming consoles, which are not supported by native VPN clients. Supported devices are not restricted to those capable of running a VPN client.[35]
Even TunnelBear's network performance and pricing are just about average compared to other services we've reviewed, except that you can pay with literal jars of honey. The company takes security and privacy seriously, explaining its policies and protocols in plain English, and you can read the results of two third-party security audits on the company website.
UK FTP and HTTP performance with CyberGhost hovered just under 5MB/s (40Mbit/s). Testing endpoints in the Netherlands yielded around 7MB/s (56Mbit/s), while in the United States, we managed just 2MB/s (16Mbit/s). This is passable for standard web browsing and video streaming but could be a bottleneck if you have a fast internet connection and want to download large files while connected to your VPN. These scores are slightly slower than they were earlier in the year – remember that any speed test only provides a snapshot of a brief period of time.
We considered native apps for Windows, Mac, and Android to be mandatory because they’re easier to use than open-source or third-party VPN apps like Tunnelblick; that in turn makes it easier to stay secure. For more-advanced users, adding VPN connections to Wi-Fi routers can help secure all connections on a home network without having to manage devices individually.

Setting up a Virtual Private Network is a straightforward process. It's often as simple as entering a username and sever address. The dominant smartphones can configure Virtual Private Networks using PPTP and L2TP/IPsec protocols. All major operating systems can configure PPTP VPN connections. OpenVPN and L2TP/IPsec protocols require a small open source application (OpenVPN) and certificate download respectively.
Other features include a kill switch, which will shut down your Internet connection if you lose access to the VPN for whatever reason, and the ability to share encrypted connections as a secure wireless hotspot, if your router supports the feature. Windscribe also supports anonymous payment via Bitcoin and gift vouchers, and you don’t to provide an email address in order to sign up.
With a presence in 148 locations across 94 countries, you also won’t need to worry about international travel. Furthermore, the more than 2,000 servers are all well placed throughout common travel destinations and urban centers. Any package will land you unlimited bandwidth and speed, a guaranteed 99.9 percent uptime, and 24-hour customer service. With so many guaranteed features, it’s no wonder this vendor is considered among the best — although note that ExpressVPN only supports up to three simultaneous connections, which is the least of the services on our list.
The student/worker. This person has responsibilities to attend to, and uses a VPN provided by their school or company to access resources on their network when they’re at home or traveling. In most cases, this person already has a free VPN service provided to them, so they’re not exactly shopping around. Also, if they’re worried about security, they can always fire up their VPN when using airport or cafe WI-Fi to ensure no one’s snooping on their connection. Photo by Ed Yourdon.
Windscribe  offers unlimited device connections. Yes you heard that right! The reason is that unlike the others above on this list, it doesn't offer unlimited data. So you're limited by bandwidth and data, not by devices. You get 10GB every month, and there's a free plan also but that only allows one device. There are apps for Windows, Mac and iOS but not Android, and the service also offers browser add-ons with useful features such as ad-blocking. Short range performance (to US sites) is good, but we noticed lag with transatlantic connections. However, if you’re looking to protect the data from a whole bunch of devices - an office, perhaps, or just a smart home - the support for unlimited connections is a real stand-out feature.
I recommend always using a VPN when using someone else's Wi-Fi network. Here's a good rule of thumb: If you're away from the office or home, and you're using someone else's Wi-Fi (even that of a family member or a friend, because you never know if they've been compromised), use a VPN. It's particularly important if you're accessing a service that has personally identifying information. Remember, a lot goes on behind the scenes, and you never really know if one or more of your apps are authenticating in the background and putting your information at risk.

We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.


For those who are unaware, net neutrality is the much-discussed concept that ISPs treat web services and apps equally, and not create fast lanes for companies that pay more, or require consumers to sign up for specific plans in order to access services like Netflix or Twitter. Federal net neutrality rules would ensure that the internet effectively continues to operate the way it has for its entire existence.
We summarize the protocols above, and look at them in detail in VPN Encryption: The Complete Guide. Although L2TP/IPsec is fine for most purposes, we only really recommend OpenVPN and IKEv2. OpenVPN is very secure if properly configured. Indeed, Edward Snowden’s documents showed that even the NSA can’t crack well-implemented OpenVPN. It is also supported by almost every provider.  But it is relatively slow. The newer IKEv2 is much faster and is considered secure, but has not been battle-tested in the way that OpenVPN has. It is not as well supported at present, although it is increasingly popular with providers thanks to its speed advantages over OpenVPN.
There are different levels of security protocols, each with its own level of security and features. Some of the most common are IPSec, L2TP, IKEv2, OpenVPN, and PPTP. OpenVPN is a newer technology, but it is highly configurable and easily bypasses firewalls in any country. L2TP isn’t capable of encryption; it instead creates a tunnel, and it should be paired with IPSec, which takes care of encryption. PPTP is a protocol that has been around since the mid-1990s, but because it does not encrypt, you will want to be sure to use another protocol with it that covers encryption. IKEv2 is an IPSec-based tunneling protocol that will reestablish a VPN connection if a user temporarily loses Internet connection. 
PureVPN has a huge choice of 750 servers in 141 countries and counting. The sheer volume of features, toggles, and tools they provide makes it a top contender for the advanced users. There is a stealth browsing mode, online banking security, secure FTP access, multiple protocols and more. They have server lists optimized for P2P and video streaming, so switching is easy.
The best VPNs offer a solid balance of features, server location, connectivity protocols, and price. Some are great for occasional use, others are geared towards getting around the location restrictions companies put on their apps and services, and others are targeted at people who do heavy downloading and want a little privacy while they do it. Here’s what you should look for.

A "secret" is used to further authenticate your account. Much like the "key" of an RSA Secure ID, the "secret" is typically a series of letters and numbers given to you by a provider or employer. If it has not been provided to you then you either may not need to enter anything in that field or you may need to contact your provider or employer in order to obtain the secret.
Since we last tested VPNs, we've given special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN service representatives. What we look for is a commitment to protect user information, and to take a hands-off approach to gathering user data.
Most VPN services allow you to connect up to five devices with a single account. Any service that offers fewer connections is outside the mainstream. Keep in mind that you'll need to connect every device in your home individually to the VPN service, so just two or three licenses won't be enough for the average nested pair. Note that many VPN services offer native apps for both Android and iOS, but that such devices count toward your total number of connections.
We didn’t audit any VPN services ourselves (though IVPN, our top pick, offered to arrange such an exercise), but we did ask detailed questions about each service’s operations as a way to judge whether a company was acting in good faith. Good faith is important, because there aren’t many avenues to penalize a VPN company that isn’t following through on its promises. In the US, companies making false claims about their products are policed by the Federal Trade Commission, and to some extent state attorneys general. Joseph Jerome at CDT told us that companies violating their own privacy policy or claims about logging would be “a textbook example of a deceptive practice under state and federal consumer protection laws,” and in theory, “the FTC could seek an injunction barring the deceptive practice as well as potentially getting restitution or other monetary relief.”

Sadly, I engaged PIA, the number one rated and paid a "great price" for a 3 year service only to findout that dur to a recent SMTP abuses they no longer can be used when using Microsoft servers. So, all of my outbound email is rejected from Microsoft Servers due to this policy. In itself, fine, but as I enrolled in this service and while setting up the servie at no time was this mentioned nor, prior to a May 15 issue, was this a problem.
Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization.[citation needed] For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network, but neither secure nor trusted.[24][25]
×