Best VPNs & Everything You Need to Know about VPNs

A VPN or Virtual Private Network is often considered as the holy grail when it comes to privacy, security, and anonymity on the internet, and is often recommended left and right by everyone. But is using a VPN the one size fits all solution to …

A VPN or Virtual Private Network is often considered as the holy grail when it comes to privacy, security, and anonymity on the internet, and is often recommended left and right by everyone.

But is using a VPN the one size fits all solution to all the internet privacy and security issues; let’s find out what a VPN is, how VPN works, is using a VPN legal, what does a VPN protects, drawbacks of using a VPN, and everything else you need to know about Virtual Private Networks.

What is a VPN?

A VPN or a Virtual Private Network that works by connecting your devices to a remote server (on the VPN provider’s Network) via an encrypted connection, and letting you browse the internet using that VPN server’s internet connection.

So, Your Device <—> Internet becomes Your Device <—> VPN Server <—> Internet and your ISP can only see the You <—> VPN Server part and won’t be able to snoop on your internet activity; this is how you can make yourself appear as if you were using internet from a different location (location of that remote VPN server).

This tunneling of your entire internet usage via a VPN server not only prevents the websites from knowing where you are from, but also prevents your ISP from knowing what websites you are visiting; your ISP only knows that your device has connected to a server (the remote VPN server).

So, essentially, VPNs are good at doing two things:

  • Shifting the risk from your Internet Service Provider to itself
  • Hiding your IP address from a third-party service, be it a website or an app

Note: Using a VPN won’t make you anonymous, nor will it add any additional security to non-HTTPS traffic; Tor browser is what you should be using if you’re looking for anonymity, and for added security, you should always ensure you’re connecting to websites using HTTPS—VPNs are not a replacement for good security practices.

Your VPN provider is essentially the middleman between you and the internet; this gives them access to an immense amount of personal data just like your ISP, and they can log all of it, sell it, do pretty much anything they want; you can’t really rely on their no-log policy, there’s no way for you to verify that, see the VPN FAQ section.

Private VPN Service Providers

With all of that out of the way, here are my VPN recommendations:

Mullvad

Mullvad is a VPN service provider with the focus on protecting your right to privacy and security; they are based in Sweden, have been in operation since March 2009, and don’t offer a free version or free trial.

  • One flat rate of €5/month
  • Owned / rented dedicated servers in 35 countries
  • No logging policy
  • Independently audited VPN clients and infrastructure by Assured AB & Cure53
  • Open-source clients
  • Supports WireGuard as well as OpenVPN
  • Private DNS servers
  • Supports IPv6
  • Allows remote port forwarding
  • Accessible via Tor
  • Allows for anonymous, no email/username signup
  • Accepts credit/debit cards, PayPal, Bitcoin, Bitcoin Cash, Swish, bank wire transfers, and even cash/local currency

Mullvad is hands-down the most transparent VPN provider when it comes to pricing, clients, and servers, they don’t ask for any personal information for signup, and have been independently audited multiple times.

ProtonVPN

ProtonVPN is a popular VPN provider by the same people behind ProtonMail; they are based in Switzerland and have been in operation since June 2016, and offer a free tier as well as multiple subscriptions.

  • Plans from €4/month
  • Owned / dedicated servers in 63 countries
  • No logging policy
  • Independently audited by SEC Consult
  • Open-source clients
  • Supports OpenVPN, IKEv2, and WireGuard
  • Private DNS servers
  • No support for IPv6, blocks all Ipv6 traffic
  • No support for port forwarding
  • Does not have a dedicated Tor address, clearnet site can be accessed via Tor
  • Requires an email address for signup
  • Accepts credit card, PayPal, Bitcoin, and Cash

ProtonVPN also offer ad blocking and malware domains blocking with their DNS service, as well as a “Tor” servers, but we strongly recommend using the official Tor Browser instead for accessing the Tor network.

IVPN

IVPN is another premium VPN service provider based in Gibraltar, they have been in operation since 2009 and don’t offer a free version or free trial.

  • Plans start at $6/mo
  • Owned / rented dedicated servers in 32 countries
  • No logging policy
  • Independently audited by Cure53
  • Open-source clients
  • Supports OpenVPN, WireGuard, and IPSec with IKEv2
  • Private DNS servers
  • No support for IPv6, it is under development
  • Allows remote port forwarding
  • Does not have a dedicated Tor address, clearnet site accessible via Tor
  • Allows for anonymous, no email/username signup
  • Accepts credit/debit cards, PayPal, Bitcoin, Monero, and even cash

IVPN also provides “AntiTracker” functionality, which blocks advertising networks and trackers from the network level, I love their no BS transparency when it comes to what kind of service they offer; they also have pretty good privacy guides.

Avoid Free VPNs

This goes without saying: If you are not paying for the product, you are the product; this may not be entirely true for open-source and community supported software stuff like Linux distros as they are often backed by enterprise customers; but for a service like VPN that has bandwidth costs; either you are the consumer or the product.

And, just because you are paying for something aka a VPN, doesn’t mean your data would not be logged and misused, many paid VPN providers have been caught logging and selling their user’s data among other shady business practices.

Yes, there are free VPN services like Calyx, Riseup, Psiphon, VPN Gate that are free for anyone to use, and have pretty good privacy policies; but they tend to have bandwidth limitations, collect logs, and are not really made for regular use.

These free and open-source VPNs are great if you just want to circumnavigate the internet restrictions for basic internet usage, and you should support them if you can, by donations and other means possible; the entire Tor Network is run by volunteers just like you and me that host nodes all around the globe.

The VPN FAQ

Here are answers to some frequently asked question about VPNs:

Does using a VPN protect you from hackers?

Short answer: No.

The most common pitch for using a VPN is: “when you connect to the internet and browse a web, do a video chat, etc., your ISP and hackers can see everything you do online, and you need to protect it via using a VPN”

However, that’s not really true, most websites and apps use an encrypted connection aka HTTPS (or, SSL/TLS); indicated by a green padlock in the web browser, and on those websites, the most your ISP or an adversary can see is that you connected a particular IP address or a domain, say, techcorpus.com; but won’t be able to tell what you are doing or what page you are on—it’s all encrypted.

Your ISP does have access to things like websites you visit, and there are instances where an ISP has injected ads and spyware into websites, sold browsing history, and even blocked access to certain websites.

But they can’t really see what exactly you are doing on a particular site as long as websites are using proper SSL encryption; although they can do something called deep packet / SSL inspection, which is pretty a man-in-the-middle attack.

Without a VPN, everything you do online can be traced back to you, and while using a VPN will mask your IP address from websites and apps, but you are essentially trusting your VPN provider with all your internet traffic.

Should you use a VPN?

Whether you should use a VPN, entirely depends on your needs and threat model. As discussed in later sections, a VPN has many use cases, from simply accessing geographically blocked content on Netflix and HULU to downright bypassing internet censorship imposed by your government.

A VPN does two things: shifts the risks from your ISP to itself and hides your actual IP address; it’s usually recommended to keep your internet traffic private from your ISP.

VPNs aren’t really the one size fit all solution to online privacy and security, they can’t encrypt data outside the connection between your device and the VPN server.

Why use a VPN?

Here are a few use cases of a VPN that make sense:

  • Preventing snooping when on public Wi-Fi, as anyone on the same network can see as much as the ISP.
  • Using internet a bit more privately without revealing your actual IP address.
  • Securely accessing a particular network, be it your work or home network from anywhere.
  • Bypassing internet censorship to gain access to blocked websites and apps.
  • Bypassing geographical restrictions on streaming websites like Netflix and Hulu.

What about encryption?

As already discussed, VPNs only encrypt the traffic between your device and the VPN server aka Your Device <—> VPN Server part, and can’t encrypt anything on the VPN Server <—> Internet part.

This is a step up from using unencrypted proxies, where an adversary on the network can intercept the communications between your devices and said proxies and modify them.

To keep what you actually do on the websites you visit private and secure, ensure that websites you are connecting to use HTTPS, this will keep your passwords, session tokens, and queries safe.

Should you use an encrypted DNS resolver with a VPN?

No, unless your VPN provider is the one hosting the encrypted DNS servers; using a third-party DoH/DoT resolver on top of a VPN will add more entities to trust, and does absolutely nothing to improve privacy/security.

Your VPN provider, just like your ISP when used without a VPN, can still see which websites you visit based on the IP addresses and other methods; but now instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.

Encrypted DNS providers help protect against DNS spoofing, however, most modern web browsers check for the validity of TLS certificates; Firefox even queries OCSP responder servers to confirm the current validity of certificates, and warns you about it:

Firefox warning about SSL Certificate

Needless to day, don’t use an encrypted DNS resolver while using Tor as this would direct all your DNS request through a single circuit, allowing that encrypted DNS provider to de-anonymize you; defeating the whole purpose of using the Tor Browser.

Should you use Tor with a VPN?

No. You should never pair Tor with a VPN, it defeats the whole purpose of using the Tor Browser; your VPN provider essentially creates a single point of failure, they have access to your real IP address, and some personal information depending on the payment method used.

If you want to hide your Tor usage, just use one of the built-in Tor bridges to connect to the Tor Network, using a VPN and the Tor Browser together adds zero additional benefit while increaing the attack surface.

What if you need Anonymity?

No VPN provider can provide anonymity. Your VPN provider knows your real IP address, and has some personal information about you depending on the payment method used; there is no way for you to determine that your VPN provider is not keeping logs, use Tor or Tails instead.

Should You Hide Your IP Address?

Um, maybe… Your IP address isn’t really all that personal and sensitive information; your IP address won’t give your home address to anyone, it’s all just part of fearmongering by VPN providers and their marketing.

At any given moment, an IP address is usually shared among many different users, and your IP address changes frequently (DHCP); your IP address only gives a very generalized location based on your ISP.

Your IP address is almost insignificant compared to the other tactics like fingerprinting that can be used to track users.

Are VPNs Legal?

VPNs are used routinely by businesses around the globe, and are generally legal in most of the countries, since privacy laws vary from country to country, you are better off checking laws in your respective country.

Most of the so-called bans on VPNs would just not work, as VPN traffic seems like just another regular HTTPS traffic to anyone looking from outside; unless they know that the server you are connecting to is owned and operated by a VPN company.

There are countries where using a VPN is illegal, this post on ProtonVPN lists them.

Should you self-host a VPN?

Yes, absolutely yes. Self-hosting a VPN solves pretty much most of the problems with trusting a VPN provider, as you are pretty much your own VPN provider.

We have guides on self-hosting VPNs using WireGuard, OpenVPN, and Shadowsocks (Outline).

Additional Resources

A VPN is basically a glorified proxy that encrypt your connection, here’s some additional information you might be interested in:

That’s all folks!

I will be updating this page frequently with more VPN recommendations and information, our privacy tools page has more recommendations.

1 thought on “Best VPNs & Everything You Need to Know about VPNs”

  1. Spot on with this write-up, I truly feel this amazing
    site needs far more attention. I’ll probably be back
    again to read more, thanks for the information!

    Reply

Leave a Comment