Be wary of folks recommending individual services... the VPN market has been hot in the last few years, and most recommendations should be treated with a fair bit of skepticism.
That was a great site. I liked the option for a colorblind readable chart, I have a few colleagues that have to use plugins and other weird gadgets differentiate red and green. Also bonus point for the CC license.
Cannot agree with this enough. When I first started looking for a VPN, the only source of information I found were these disingenuous websites that based their reviews off how much vpns were paying them, with every off-site link being a referral. thatoneprivacysite is by a landslide most unbiased source of information I found on VPNs.
If you're a US citizen, perhaps not. NSA has open season for anything that isn't in the U.S. They can bring their full offensive capability to bear on foreign targets and largely do whatever the hell they want.
Domestic? Not as much. It becomes more of a legal/NSL game then. Granted, I'm sure GCHQ can (and does) compromise U.S. VPN providers.
Obviously it's far more complex than that, but if you're a U.S. citizen using a US-based service, there are some protections afforded.
On the other hand, I tend to believe Russ Tice when he says NSA conducts full-take domestic collection, so the aforementioned protections are largely data minimization practices, and thus they already have all your data.
Of course, Obama significantly weakened those protections prior to leaving office, as well as increasing the scope of NSA's sharing to include a disturbing amount of federal law enforcement agencies.
I can also rep Mullvad, they also allow people to pay in Bitcoin or even mail them money (with your account number attached) and they'll add time to your account.
I've been using them for a few years now and never had any issues.
> Although PIA is U.S. based, they keep no logs and then they have their famous "FBI" case which they did not provide anything to them.
You know the NSA just puts a gag order and connects directly to the targets infrastructure. Doesn't matter that PIA doesn't keep logs, NSA's prism is logging everything.
Yup I know about gag orders, etc... I completely agree with the statement that if you care about privacy better go with something else not in U.S. or anywhere in the 14 eyes countries if you are really paranoid.
I use a self-hosted OpenVPN install on a Digital Ocean droplet to simply encrypt traffic (UDP/443) from my ISP. One plus is that I have a clean US IP address that isn't blocked by most services. This is just for security and geolocation, not anonymity.
For anonymity I use Private Internet Access as they have a fast network, lots of locations, and no logs. They're also very affordable.
I also use IPredator sometimes since they're the same folks that run Njalla and I simply like to support them.
I'm using Mullvad. On the plus side, their servers are the most reliable I have seen, and they provide IPv6 addresses (behind NAT, which is reasonable for privacy). On the minus side, since November 2017 they intercept DNS queries and answer them themselves (hence you can not use DNS service of your choice), unless you connect to a specific undocumented OpenVPN port (1400 or 1401) available on a small but diverse subset of their servers.
I believe I can quote the response to my support request:
«We added iptables rules to hijack all DNS requests on port 53 going via the VPN tunnel, this is to protect users having set a DNS server unknowingly (or by malware). We are aware that not all users want this behaviour, and we intend to add an extra port that OpenVPN listens on, where DNS hijacking will not happen.»
Some VPN providers (including Mullvad) have a client-side feature called DNS leak protection that configures the system to use the provider's DNS server. I don't know how Mullvad decided that this was not enough, and they are justified to intercept DNS. (Note that for the server-side intervention to work, the client side must be configured not to use ISP DNS, hence the client-side DNS leak protection is a prerequisite.)
NordVPN -- it's one of the best IMO for security/company location. I also made my decision via the spreadsheets and analysis from the already-mentioned https://thatoneprivacysite.net/vpn-section/
It's $79 for two years, but they also have per-month subscriptions.
There's no reason for anyone even moderately saavy to use a commercial private VPN. It's really insecure and expensive. Just use Streisand on a DigitalOcean droplet, AWS, etc.
Can't echo this enough. Without a VPN, your ISP can see some of your traffic (unencrypted + who you talk to). When you use a commercial VPN, the ability to snoop like your ISP just transfers to them. As much as we love to hate our ISPs, some of those services seem pretty shady by my estimation, and have very little oversight / no barriers to being unscrupulous.
Streisand is just a couple commands + whatever steps your cloud provider requires to get API keys. Take advantage of different regions to place your VPN(s) wherever you want in the world. Each installation comes with detailed instructions to configure VPN clients on your desktop or phone. Works great once you've got it running, and probably ends up being cheaper than most of those other shady services.
Tunnelling through a hosting provider doesn't provide any additional privacy. It just moves your exposure.
Perhaps I am unusual, but I trust my ISP with my privacy more than I trust the typical hosting provider.
I understand that this doesn't apply to most of the US because of your monopolistic ISP problem. In other places though, I don't think a blanket "just tunnel through a hosting provider" recommendation is appropriate.
>Perhaps I am unusual, but I trust my ISP with my privacy more than I trust the typical hosting provider.
You're lucky in this regard. Having no choice but Comcast, the number one threat to my privacy is my ISP. So that makes tunneling to an outside VPN very useful. I trust DigitalOcean far more. Although in a different situation I think you're absolutely right.
If you care about privacy, don't host it on US infrastructure. There has been so much exposure about this, that should have been enough to teach you not to burn yourself.
What if the VPS provider logs? My guess would be that DO keep logs of assigned IP to account which is arguably worse than what is done by the private VPNs.
If it's for anonimity I've been told PIA is a good option.
If it's to bypass georestriction and protect your traffic from being snooped by your ISP or any clients that could attempt to sniff your traffic, hosting your own on a VPS is a good option. OpenVPN, OCserv or Outline (based on shadowsocks) are some options.
To answer "Which VPN?" you first need to answer "Why VPN?" because there are a lot of different reasons for using a VPN.
If it's just privacy from snooping, you'll be fine with setting up your own VPS with OpenVPN. It's simple enough that any technical person can do it in a few minutes (or hours).
Azirevpn[1] (Swedish based)
Always been very fast for me.
One of the first to implement wireguard I think, which they offer for free at the moment, tho I pay anyway for the service...
Any VPN is better than no VPN. But I use Private Internet Access. The interface has gotten really slick in the last year - very nice to use. You can pay using random anonymous gift cards (essentially cash). And they are the only VPN that has been tested in the court of law (they were ordered to turn over all the records they had on a customer, and they did - nothing).
Don’t use strongVPN. They shared my info. Got a letter from some Hollywood lawyers after someone had been running a torrent download over my VPN (would share my WiFi on and off from my phone with visiting colleagues, if they had trouble with our corporate VPN and someone probably had a movie torrent download or seed running in the background by mistake).
I have wireguard setup on a DO instance of <wherever region I need>. It is very fast and easy to setup for technically inclined : https://www.wireguard.com/
I currently use IPVanish. I'm pleased with the uptime and service. Every now and then I get disconnected and everything reverts to using my normal connection, which isn't very secure.
Depends on what you need from a VPN. If you just want a browser extension you may try Surfshark VPN -- I heard it is rapid and supports unlimited devices. If you want to watch Netflix, you may want to try NordVPN, many servers to choose from and secure. Again, what do you want from a VPN?
I personally use NordVPN for extra security and good speeds. Another worthy consideration is VPN.ac. Or if you want there's a kinda new Surfshark VPN which supports unlimited devices and is quite fast.
Be wary of folks recommending individual services... the VPN market has been hot in the last few years, and most recommendations should be treated with a fair bit of skepticism.
IVPN, Mullvad are not in U.S. jurisdiction if you are concerned about that. Most people are not and just want a VPN to hide shit from ISP, etc...
Although PIA is U.S. based, they keep no logs and then they have their famous "FBI" case which they did not provide anything to them.
I myself personally use IVPN, but I have used Mullvad as well.
https://thatoneprivacysite.net/vpn-section/
This is the best resource for vpn reviews, ignore everything else.
Also https://www.privacytools.io/ is great overall and they do have a vpn section
https://www.reddit.com/r/VPN/ has a bunch of more info as well.
Domestic? Not as much. It becomes more of a legal/NSL game then. Granted, I'm sure GCHQ can (and does) compromise U.S. VPN providers.
Obviously it's far more complex than that, but if you're a U.S. citizen using a US-based service, there are some protections afforded.
On the other hand, I tend to believe Russ Tice when he says NSA conducts full-take domestic collection, so the aforementioned protections are largely data minimization practices, and thus they already have all your data.
Of course, Obama significantly weakened those protections prior to leaving office, as well as increasing the scope of NSA's sharing to include a disturbing amount of federal law enforcement agencies.
You know the NSA just puts a gag order and connects directly to the targets infrastructure. Doesn't matter that PIA doesn't keep logs, NSA's prism is logging everything.
https://news.ycombinator.com/item?id=14974383
https://news.ycombinator.com/item?id=13425728
https://news.ycombinator.com/item?id=13249523
Also DIY options :
https://github.com/ttlequals0/autovpn
https://github.com/jlund/streisand
https://github.com/trailofbits/algo
https://github.com/Nyr/openvpn-install
https://github.com/robbintt/popup-openvpn
https://github.com/sovereign/sovereign
1: https://github.com/StreisandEffect/streisand
2: https://github.com/trailofbits/algo
For anonymity I use Private Internet Access as they have a fast network, lots of locations, and no logs. They're also very affordable.
I also use IPredator sometimes since they're the same folks that run Njalla and I simply like to support them.
«We added iptables rules to hijack all DNS requests on port 53 going via the VPN tunnel, this is to protect users having set a DNS server unknowingly (or by malware). We are aware that not all users want this behaviour, and we intend to add an extra port that OpenVPN listens on, where DNS hijacking will not happen.»
Some VPN providers (including Mullvad) have a client-side feature called DNS leak protection that configures the system to use the provider's DNS server. I don't know how Mullvad decided that this was not enough, and they are justified to intercept DNS. (Note that for the server-side intervention to work, the client side must be configured not to use ISP DNS, hence the client-side DNS leak protection is a prerequisite.)
It's $79 for two years, but they also have per-month subscriptions.
https://github.com/StreisandEffect/streisand
Streisand is just a couple commands + whatever steps your cloud provider requires to get API keys. Take advantage of different regions to place your VPN(s) wherever you want in the world. Each installation comes with detailed instructions to configure VPN clients on your desktop or phone. Works great once you've got it running, and probably ends up being cheaper than most of those other shady services.
Perhaps I am unusual, but I trust my ISP with my privacy more than I trust the typical hosting provider.
I understand that this doesn't apply to most of the US because of your monopolistic ISP problem. In other places though, I don't think a blanket "just tunnel through a hosting provider" recommendation is appropriate.
You're lucky in this regard. Having no choice but Comcast, the number one threat to my privacy is my ISP. So that makes tunneling to an outside VPN very useful. I trust DigitalOcean far more. Although in a different situation I think you're absolutely right.
If it's for anonimity I've been told PIA is a good option.
If it's to bypass georestriction and protect your traffic from being snooped by your ISP or any clients that could attempt to sniff your traffic, hosting your own on a VPS is a good option. OpenVPN, OCserv or Outline (based on shadowsocks) are some options.
Links
-----
https://openvpn.net/index.php/download/community-downloads.h...
https://ocserv.gitlab.io/www/features.html
https://openvpn.net/index.php/download/community-downloads.h...
https://getoutline.org/
https://www.shadowsocks.org/en/index.html
If it's just privacy from snooping, you'll be fine with setting up your own VPS with OpenVPN. It's simple enough that any technical person can do it in a few minutes (or hours).
1: https://www.azirevpn.com
1: https://sfconservancy.org/news/2016/mar/02/PIA-LCA-matched/
2: https://pia-foss.github.io/
https://torrentfreak.com/vpn-services-keep-anonymous-2018/
https://thatoneprivacysite.net/vpn-comparison-chart/
http://vpnspeedtest.org/
If you want to setup your own server, then Streisand.
I used both and they work well. Using ExpressVPN right now in China.
https://thewirecutter.com/reviews/best-vpn-service/
https://www.astrill.com/
https://vpnreport.org
Or $60 on DigitalOcean or Linode a year at $5/month.
But any vpn should be treated with skepticism as many have noted here.
I personally use NordVPN for extra security and good speeds. Another worthy consideration is VPN.ac. Or if you want there's a kinda new Surfshark VPN which supports unlimited devices and is quite fast.