A “kill switch” goes by many names, but the term describes VPN software that shuts off all network traffic in and out of your computer if the encrypted connection fails. A hiccup in your Wi-Fi or even with your ISP can cause a VPN to disconnect, and if you then maintain an unsecure connection—especially if the VPN software doesn’t alert you that it’s no longer protecting your traffic—that wipes out all the benefits of your VPN. We considered kill switches to be mandatory. And although we looked for apps that made it easy to add rules about when to activate kill switches, we considered special config files or manual firewall tweaks to be too complex. (iOS doesn’t support any kill-switch features; we address a few iOS-specific problems that apply to all VPN services in a separate section.)
Inside the Preferences pane, you can also tick boxes to automatically launch or connect the app when you boot your device. Anyone using the Windows or macOS app should tick the box to autoconnect “when joining insecure WiFi networks.” You can also tag individual Wi-Fi networks as trusted or untrusted, to make sure you’re always protected even if you forget to connect the app manually. These network rules—not offered on most apps, including IVPN’s mobile apps or any of TorGuard’s apps—will make sure you don’t forget your VPN when you need it the most.
Finally, you may want a VPN to spoof your location to download content you shouldn’t have access to, but this too has limits. A VPN used to be the go-to solution to watch U.S. Netflix overseas. That changed in 2016 when Netflix opened up to almost every country on Earth. Since then, the company has invested a lot in detecting and blocking VPN users. Even people using a VPN inside their own country will be blocked by Netflix if detected.
Avast SecureLine and Avira Phantom VPN are run by antivirus companies as complements to their primary businesses. These services are also limited to Windows, Mac, iOS and Android and don't work without client software. But they offer few features, have a couple of dozen servers at most and don't let you pay anonymously. However, the companies are known quantities, and the services are handy for occasional travelers.

Subscription VPN Providers usually take your privacy a bit more seriously, since you’re paying for the service. It’s unusual for them to show ads, although whether they do logging or store data about your usage varies from company to company. They usually offer free trials so you can give the service a shot first, but remember: just because you’re paying for a service doesn’t mean you shouldn’t do your homework.
— Mullvad has added iOS support for the new WireGuard VPN protocol. The service has also added an onion site at http://xcln5hkbriyklr6n.onion/ so that Tor users can get Mullvad accounts and download software completely anonymously. It is also urging users to upgrade their client software to at least version 2018.5, as earlier versions will not be supported after March 22, 2019.
These folks have been around since 2010, and don't log anything. They provide a generous five connections, a connection kill switch feature, and some good online documentation and security guidance. Our one disappointment is that their refund policy is 7-days instead of 30, but you can certainly get a feel for their excellent performance in the space of a week.

Even TunnelBear's network performance and pricing are just about average compared to other services we've reviewed, except that you can pay with literal jars of honey. The company takes security and privacy seriously, explaining its policies and protocols in plain English, and you can read the results of two third-party security audits on the company website.


The main group of countries that can share information freely is called the Five Eyes. They come from the UKUSA agreement that, although began back in 1941, was only made public knowledge in 2005. The agreement is between Australia, Canada, New Zealand, the United Kingdom and the United States, hence the name Five Eyes. Those countries have agreed to collect, analyse and share information between each other, and much of this intelligence is believed to be related to internet activity these days.

When purchasing VPN service from a provider, consider what platform you will use. Do you want to use mobile devices or your computer? If you travel a lot and the use of mobile devices such as smartphones or tablets is important to you, then ensure that your chosen VPN host supports such a connection or even provides apps for your specific mobile devices.
Developed by Institute of Electrical and Electronics Engineers, Virtual LANs (VLANs) allow multiple tagged LANs to share common trunking. VLANs frequently comprise only customer-owned facilities. Whereas VPLS as described in the above section (OSI Layer 1 services) supports emulation of both point-to-point and point-to-multipoint topologies, the method discussed here extends Layer 2 technologies such as 802.1d and 802.1q LAN trunking to run over transports such as Metro Ethernet.

Since we last tested VPNs, we've given special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN service representatives. What we look for is a commitment to protect user information, and to take a hands-off approach to gathering user data.
The second thing that happens is that the web application you're talking to does not get to see your IP address. Instead, it sees an IP address owned by the VPN service. This allows you some level of anonymous networking. This IP spoofing is also used to trick applications into thinking you're located in a different region, or even a different country than you really are located in. There are reasons (both illegal and legal) to do this. We'll discuss that in a bit.

Israel-based Hola isn’t a traditional VPN in which customers connect to a network of centralized servers owned by the VPN company. Instead, Hola users connect to each other, using other users’ idle bandwidth as part of a large peer-to-peer network. Obviously, this comes with some pretty big security and legal concerns. Users could use each other’s internet for illegal activity, for example. In 2015, Hola used its user’s computers to create a botnet and perform a massive distributed denial-of-service (DDoS) attack. The abuse of customers’ trust happened entirely without their knowledge.
Here's the problem with the internet: It's inherently insecure. When the internet was first designed, the priority was to be able to send packets (chunks of data) as reliably as possible. Networking across the country and the world was relatively new, and nodes often went down. Most of the internet's core protocols (methods of communicating) were designed to route around failure, rather than secure data.
Betternet is a straightforward app that connects to a VPN with a single click allowing for access when needed. No registration is required and unlike some other free VPN services there are no data caps. All of this is provided by occasional ads and a promoted premium version which are manageable and discreet. The traditional problem with free VPN access has been slow connection speed and while this is still apparent it is not too much of an issue.

A "secret" is used to further authenticate your account. Much like the "key" of an RSA Secure ID, the "secret" is typically a series of letters and numbers given to you by a provider or employer. If it has not been provided to you then you either may not need to enter anything in that field or you may need to contact your provider or employer in order to obtain the secret.


A remote-access VPN uses public infrastructure like the internet to provide remote users secure access to their network. This is particularly important for organizations and their corporate networks. It's crucial when employees connect to a public hotspot and use the internet for sending work-related emails. A VPN client, on the user's computer or mobile device connects to a VPN gateway on the company's network. This gateway will typically require the device to authenticate its identity. It will then create a network link back to the device that allows it to reach internal network resources such as file servers, printers and intranets, as if it were on the same local network.
×