Virtual Private Networks (VPNs)
What is a Virtual Private Network (VPN)?
A VPN is an encrypted connection from your device to the VPN provider’s server. All your internet traffic is routed through that server. Additionally, your traffic appears to be coming through that server, which can help to obscure your true IP address.
Why do I Need a VPN?
A VPN protects from local attackers. While most of the internet is encrypted, not all of it is, and unfortunately important websites like government websites are typically the worst offenders for this. While unlikely, public wifi is also susceptible to being spoofed or spied on, so a VPN can keep your traffic safe from a malicious or nosey admin. Even at home, your Internet Service Provider can see your traffic and legally can sell your browsing data to marketers or inject their own ads in some countries. A VPN also has the advantage of obscuring your IP address, which is an important piece of identifying information about you online, thus helping to protect your privacy. As a peripheral benefit, many VPN providers offer servers in multiple countries so you can bypass geographic content restrictions on sites like Netflix and YouTube.
What Should I Look For in a VPN Provider?
The most important thing is to look for a VPN provider who doesn’t keep logs. A provider who logs your activity is no better than your current internet provider in that your traffic can still be sold, censored, or spied on. Unfortunately, “no logs” is a buzzword these days, and numerous providers have been caught lying about this. The best way I’ve found to verify this claim is to search “[VPN provider] logs” on your privacy-respecting search engine of choice. If the provider has been around for any amount of time and has any positive reputation, you will likely find articles or posts confirming or denying their logging policy in some way. You’ll also be alerted to any potential accusations of logging, discussions on that claim, and other information to help you decide if the company is serious or not.
On Free VPNs
Running an VPN server is expensive and requires great technical knowledge. “If a product is free, you are the product.” Make sure the company has a viable business plan or else assume they are likely logging and selling your data, or worse. Never trust a free VPN unless it’s a trial, a limited offering as part of a freemium business model, or in a few extremely rare and well-reputed cases (such as Calyx and Riseup, listed below).
Many VPN providers engage in highly unethical and misleading marketing. Be careful not to be taken in by fantastical claims of being “anonymous” or “hackerproof.” For more information, I recommend Naomi Brockwell’s excellent video “The DARK Side of VPNs.”
Listed in alphabetical order, not order of recommendation
Pros
Available on all operating systems
Anonymous payments (cash and Monero) available
Offers malware, tracker, and ad-blocking for all plans
Hardcore Mode blocks all Google and Facebook domains
Trusted/Untrusted networks feature allows the VPN to enable or disable automatically on certain networks
Offers TOTP multifactor authentication for accounts
Cons
Pros
Available on all operating systems
Flat rate of $5/month for all services and payment lengths
Anonymous payments (cash and Monero) available
Offers malware, tracker, and ad-blocking for all plans
Frequently engages in early-adoption practices to improve user privacy and security, like post-quantum safe tunnels, diskless infrastructure, numerous audits, and more.
Cons
Does not offer multifactor authentication for accounts
Pros
Available on all operating systems
Anonymous payments (cash) available
Offers a limited number of free servers
Offers malware, tracker, and ad-blocking (paid plans only)
Advertises to work with streaming services such as Netflix and Disney+ (paid plans only)
Offers TOTP and hardware token multifactor authentication for accounts
Cons
Click here to see my criteria for selecting these services
Honorable Mention: Safing Private Network
VPNs were never designed for privacy. They were designed to allow employees to securely connect to the company network to access company resources and intellectual property while offsite. It’s only in the last few decades that commercial VPNs became widely available to private citizens and were co-opted for privacy uses. However, this has left a significant number of inadequacies in their current protections (see Tips & Tricks below). The Safing Private Network - from Safing, the company behind Portmaster - aims to solve these problems. SPN takes a hybrid approach between a VPN and Tor to achieve to maximum user privacy while also retaining user-friendliness, speed, and stability. Some features include giving each connection a different IP address, a multi-hop node architecture, and the ability to easily split-tunnel apps with the click of a toggle. SPN is still very new technology and may contain some bugs as the developers work to mature the product, however early adopters who desire a stronger solution than traditional VPNs have to offer may wish to look into this option.
Honorable Mention: Calxy VPN
Calyx VPN is a free offering from the nonprofit Calyx Institute, who supports the privacy community through a number of initiatives such as a privacy-respecting custom operating system, research initiatives, microgrants, educational programs, and a variety of digital services like an XMPP server, a Jitsi instance, and Tor contributions. Calxy’s VPN is free but limited in scope: you have no choice of server, location, protocol, or any other advanced features such as split tunneling, custom DNS resolver, or tracker/malware/ad-blocking. Calyx is a reputable, trustwory organization offering a reliable and private VPN but we would only recommend it for those who can’t afford a subscription yet still need a VPN.
Honorable Mention: RiseUp VPN
Like Calyx VPN, Riseup is a free offering from the nonprofit activist group RiseUp Collective. Also like Calxy VPN, it is extremely limited in scope: you have no choice of server, location, protocol, or any other advanced features such as split tunneling, custom DNS resolver, or tracker/malware/ad-blocking. RiseUp offers a reputable, reliable, and private VPN that should meet the most basic needs for those who need a VPN but have no budget to spare.
DNS Leaks & Custom Resolvers
Many of the services I recommend here offer you the opportunity to use a different DNS resolver other than the one offered by the provider. In most cases, I do not recommend this. This is because using a different DNS resolver can cause DNS leaks. To put it simply, a DNS leak is when your DNS requests are exposed. Using the same DNS provided by your VPN provider dramatically reduces the likelihood of this happening, while in my experience using an alternate DNS with a VPN dramatically increases the likelihood. Depending your threat model, the consequences of a DNS leak could range from “virtually meaningless” to “life threatening.” Most of the providers I list here use their own DNS resolvers which block know malware, trackers, ads, and more (in some cases you can even configure this to some extent), therefore you already have a good level of protection from these threats. I do not recommend using a custom DNS resolver unless you are an advanced user who knows the risks.
Tips & Tricks
I recommend using a VPN on all devices whenever possible. For mobile devices, this will not hide your real location from your carrier. It will, however, fool your browser and some apps, and it allows for a secure, encrypted connection - even from your carrier - at all times.
Please note that a VPN is not anonymous. Many companies will advertise that using a VPN will make you invisible to various potential snoops, but VPN protections can be defeated in a variety of ways and do not protect against other advanced tracking features like cookies and browser fingerprinting. VPNs do exactly two things: they change your IP address and they create an encrypted tunnel. They will not block trackers or malware (though some providers employ DNS-based blocking to mitigate some - but not all - of these risks), they will not make you anonymous, and they will not speed up your connection. In some cases they can help with unblocking content that is restricted based on your location because of the changed IP address, but true anonymity is difficult and complicated to achieve online depending on your activites and goals. Please see my notes about the Tor Browser for more information on this.
Some additional tools for vetting a VPN you’re considering or learning more about VPNs in general include Techlore’s VPN Toolkit and Windscribe’s VPN Relationship Map.