VPN: Recommendations & Everything You Should Know

VPN or Virtual Private Network is considered as the holy grail of privacy, security, and anonymity on the internet, and is often recommended left and right by everyone; but is using a VPN the one size fits all solution to all the internet privacy and security issues. Let’s find out what a VPN is, how VPN works, is using a VPN legal, what does a VPN protects, drawbacks of using a VPN, and everything else you need to know about Virtual Private Networks.

What is a VPN?

A VPN or a Virtual Private Network is a tool that secures your internet connection by creating an encrypted tunnel between your devices and the Internet.

Normally, when you connect to the internet and browse a website, do a video chat, etc, your Internet Service Provider (ISP) can nearly see everything you do online — websites that use encrypted connection aka HTTPS (or, SSL or TLS), indicated by a green padlock in the web browser, encrypt your internet connection to that particular website. On websites that use HTTPS, your ISP can still see that you have connected to a website, say techcorpus.com, but they won’t be able to tell what page you are on, and what you are doing on that website.

So… Your ISP can not only see what you are doing online, they can insert ads & spyware into websites, sell your browsing history, block access to certain websites, and a lot of other awful stuff, as they control your entire internet connection from DNS lookup to the web servers of the website or app you are using.

All of this happens on any network you use — your cellular network, all public and private Wi-Fi be it at work, coffee shops, airport, anywhere you connect to the internet.

Thankfully, more and more websites and apps have started using HTTPS, thanks to free SSL certs from Let’s Encrypt, and increased scrutiny by web browsers and app stores over those that don’t use encryption — which is great but your ISP can still see what websites/apps/servers you are connecting to. This is where a VPN service comes to save the day.

How does VPNs Works and Protects You?

VPN works by basically connecting your devices to a remote server (on the VPN provider’s Network) via an encrypted connection, and letting you browse the internet using that server’s internet connection.

So, Your Device <—> Internet becomes Your Device <—> VPN Server <—> Internet and your ISP can only see the You <—> VPN Server part and won’t be able to snoop on your internet activity.

In this way, you will appear to be using the internet from a different location (location of that remote server) than that of your location, as websites and apps get to see the IP address of that remote VPN server not yours. VPNs use different tunneling protocols to encrypt and decrypt sender and recipient data.

This tunneling of your entire internet usage via a VPN server not only prevents the websites from knowing where you are from, but also prevents your ISP aka Internet Service Provider from knowing what websites you are visiting — your ISP only knows that your device has connected to a server (a remote VPN server).

Without a VPN, everything you do online can easily be traced back to you and your physical location. While using a VPN will mask your IP address but you are moving the trust to that VPN service provider, as now all your internet traffic is going through the VPN servers, this is why it’s quintessential that you trust the VPN service provider you are using as they sit between your device and the internet.

Why Use a VPN?

VPNs not only mask your IP and protect your privacy from your ISP, but are very versatile tools; these are other benefits and use cases of VPN:

  • Preventing snooping when on public Wi-Fi (anyone on the same network can see as much as the ISP).
  • Using Internet privately and a bit securely without revealing your IP address, and hence preventing geolocation.
  • Securely accessing a particular network be it Work or Home while travelling.
  • Bypassing Internet Censorship by Governments, ISPs, Offices, Colleges, etc to gain access to blocked websites and apps.
  • Bypassing Geographical Restrictions on streaming websites like Netflix and Hulu.
  • Downloading files privately (P2P torrenting)

How to Choose a Private VPN Service?

Choosing the right VPN service, which is secure, private, and provides faster speeds can be tricky, thanks to fake VPN reviews that are prevalent online. You should always use a trusted VPN service as everything you do online while using a VPN, goes through that VPN’s server.

Your VPN provider is the middleman between you and the internet, this gives them access to an immense amount of personal data just like your ISP, and they can log all of it, sell it to advertisers, governments, and all kinds nasty things.

Here are a few things that you should look for when signing up for a VPN service:

  • Jurisdiction: Jurisdiction aka the place where the VPN company is incorporated and the locations where their servers are located, both are one of the most important factor that you should look into, as privacy laws in different countries vary wildly. Look for VPN providers that are based in countries with strong privacy protection laws, try to avoid the ones from five/nine/fourteen-eyes countries.
  • Modern Technologies: Your VPN provider should support modern technologies like OpenVPN or WireGuard, providing OpenVPN config files is a big plus along with Kill Switch built in to the VPN client. Support for IPv6 and remote port forwarding should also a priority.
  • Open Source: Any, and all things dealing with user data should be open source. Period. Your VPN provider should have open source VPN clients, with a regularly updated code base hosted on a public repository. Closed source clients are black boxes you’d be putting all your data into.
  • Kill Switch: A kill switch basically disables your internet connection when the VPN is disconnected so that your devices don’t accidentally connect to the internet with your ISP’s connection. The way these kill switches work is controversial, i would recommend using an independent firewall to block all packets that aren’t going to the VPN server.
  • Anonymous Payments: Your VPN provider should accept anonymous payments like cash, gift cards, or cryptocurrencies so that you don’t leave a money trail behind. If your VPN provider doesn’t accept anonymous payment methods, you could use a prepaid debit card or better switch to a VPN provider that does accept anonymous payments.
  • Privacy & Data Collection: Your VPN provider should collect as little data as possible, and should not require you to give any personal information. The best ones would just give you an auto-generated username, without need of any email.
  • Security & Encryption: Your VPN provider should use future-proof strong encryption schemes like OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption by default. Supporting RSA-4096 encrypted connections are ideal for maximum security.
  • Perfect Forward Secrecy (PFS): Perfect Forward Secrecy makes each VPN session use a different key every time, so that if an attacker manages to decrypt or get hold of the keys of one of your connections, they won’t also be able to see all your other data.
  • Security Audits & Vulnerability Disclosure Programs: No codebase is completely secure, your VPN provider should perform a comprehensive security audit by a reputable third-party, on a regular basis. Having public bug-bounty program is a big plus.
  • Trust & Ownership: You should know who you are trusting with all of your internet data, your VPN provider should be public about their ownership information. Publishing frequent transparency reports are a big plus, they should also publish information related to government requests.
  • Warrant Canaries: Some VPN providers maintain “Warrant Canary” that supposedly informs users if they are contacted by government agencies about users’ data, but its effectiveness is debated among experts; as governments could force companies into maintaining their warrant canaries. It’s great if a VPN provider maintains a warrant canary, but it shouldn’t be something you should make your judgments on.
  • Servers Number & Location: This depends on your personal preference, ideally higher the server locations, the better.
  • Concurrent Connections Allowed: Some VPN providers have a device limit, and allow only a certain number of devices per account, this varies from plan to plan and is something that you should look for if you plan to share your VPN connection with friends and family.
  • Throttling, Limiting, Restrictions: Some VPN providers are notorious for throttling your connection on certain sites and/or during certain time intervals. Some VPNs are blocked by websites, do research about them before committing to one.
  • Devices Support: Most of the VPN providers should support all of your devices, check if they support using on routers if you plan on using the VPN across your home network.

Last, but not the least, choosing a VPN provider is all about your needs and threat model. If you just want to avoid geographical restrictions, to say watch Netflix or Amazon Prime Video, and don’t really care about VPN logging your traffic, using a VPN that has an exit node in the country of your choice would get the job done.

This doesn’t mean that you should neglect the proper security measures discussed above, it just means that they’re less important if watching Netflix, Hulu, and sporting events are all you need the VPN for.

A VPN provider that adheres to the above criteria for privacy and security concerned individuals, will obviously be just as good for getting around geoblocks as long as that VPN has exit nodes in the country you are trying to connect.

Private VPN Service Providers

Alright, here are the VPN service providers that i use and recommend, all of them adhere to almost all the above mentioned criteria for a private and secure VPN provider:

Mullvad

Mullvad is a premium yet inexpensive VPN service provider with the focus on protecting your right to privacy and security. They are based in Sweden and have been in operation since March 2009 and doesn’t provide a free version or free trial.

Mullvad offers only one flat rate of €5/month with 30-days money-back guarantee, and has fast and reliable 778 servers in 35 countries, all of which are either owned or rented (dedicated servers) that are protected by strong encryption.

Mullvad values open source and transparency, the desktop and mobile clients as well as most of the software programs they use are open source. They have been audited by Cure53 and Assured AB in 2018 and then again in 2020 by Cure53 and the results were pretty positive, the security researchers concluded:

Bringing together evidence from different components clearly suggests that the Mullvad complex came out victorious from this Cure53 external assessment. Despite thorough penetration tests and dedicated audits against various Mullvad apps, clients and APIs,Cure53 was unable to compromise the complex. Mullvad clearly represents a mature design as a function of a sound development process.

Mullvad doesn’t need any personal information to create the account — they generate a new account number for you, no email, no username, nothing, just anonymity, it is now the official partner of Mozilla VPN service.

You can pay for your Mullvad VPN by multiple one-time payment options like Bitcoin, Bitcoin Cash, Cash, Vouchers leaving no money trail behind or use traditional Bank wire transfers, PayPal, credit cards and Swish.

Mullvad supports both OpenVPN and WireGuard, and has a pretty good No Logging policy. They have added support for IPv6 since 2014 as well as for Remote Port Forwarding that allows you to access remote computers within a private local area network.

Mullvad VPN has apps for Windows, macOS, Linux as well as Android and iOS, the android mobile client is also available on F-Droid. You can also use the official WireGiard or OpenVPN clients to use Mullvad VPN.

You can access the Mullvad website via Tor at xcln5hkbriyklr6n.onion and it comes with a built-in Kill Switch to block internet connections outside the VPN. Mullvad VPN AB and its parent company Amagicom AB are fully owned by the founders Fredrik Strömberg and Daniel Berntsson, who are actively involved in the company.

ProtonVPN

ProtonVPN is the popular VPN provider by the same people behind ProtonMail with the focus on security, privacy, and freedom. They are based in Switzerland and have been in operation since June 2016 and offers a limited free tier as well as three premium options.

The premium plans start at €5/month and goes up to €30/month, you can save up to 33% if you sign up for a two-year plan, there is 30-days money-back guarantee. ProtonVPN has over 1000 servers in 54 countries, all of which are owned and operated by them.

All ProtonVPN apps are open source, have been audited by SEC Consult in January 2020, and has a Bug Bounty Program to better enhance the ProtonVPN’s security.

ProtonVPN asks for an email, username, and password to create the account, and doesn’t accept Bitcoin during the sign up process. You can only pay using credit/debit card or PayPal during sign-up; Bitcoin and Cash option is available only for existing customers (Tip: Create a free account and then pay by Bitcoin or Cash).

ProtonVPN currently supports OpenVPN and plans to support WireGuard in the future, it has a pretty good No Logging policy. However, It does not support IPv6 (blocks all IPv6 traffic) and there is no support for Port Forwarding either.

ProtonVPN has apps for all your devices, and a built-in Kill Switch to block internet connections outside the VPN. There is no dedicated Tor address. ProtonVPN is owned by Proton Technologies AG, an employee-controlled company based in Geneva, Switzerland.

IVPN

IVPN is another premium VPN service provider on a mission to “Work for a future free from surveillance”. They are based in Gibraltar and have been in operation since 2009 and offers a 3 days free trial.

The premium plans start at $6/month and $10/month with annual plans getting 16% discount, and has a 7-days money-back guarantee. IVPN has servers in 32 countries across 45 locations, all of which are leased dedicated and co-located bare-metal servers.

All IVPN apps are open source, and has undergone comprehensive pentesting audit of the VPN service infrastructure, internal backend servers, and public web servers by Cure53 in January 2020. IVPN has also undergone a Privacy and No-Log audit from Cure53 in March 2019 in agreement to their no-logging claim.

IVPN also asks for an email, username, and password to create the account, but accepts Bitcoin, Cash along with Paypal and Credit card for payment during the sign up process.

IVPN supports both OpenVPN and WireGuard allowing you to set up IVPN with either of the OpenVPN and WireGuard official clients, and has pretty good No Logging policy backed by an independent audit by Cure53. There is no support for IPv6 right now, but they do support Port Forwarding.

IVPN has apps for all the devices, and a built-in Kill Switch to block internet connections outside the VPN, there is a built-in AntiTracker that blocks ads and trackers. Privatus Limited is the legal name of IVPN, which doesn’t has any parent or holding companies, owned by the CEO Nicholas Pestell.

Warnings & Tips While Using a VPN

Just using a VPN will not in any way make you anonymous, neither will it add any additional security to non-HTTPS traffic aka websites and apps that don’t use encrypted connection or HTTPS (or, SSL or TLS).

Use Tor Browser, self-contained networks like I2P, Freenet, and amnesic operating systems like Tails OS if you are looking for anonymity.

Use an encrypted DNS resolver and make sure you connect to websites via HTTPS (use HTTPS Everywhere), if you are looking for added security — your online stuff is already pretty secure and VPNs don’t add any additional security.

Do not use a VPN for illegal activities; No-Logging policies shouldn’t be trusted — Your VPN provider knows your real IP address, some personal information with a money trail attached.

A VPN will only provide some privacy from your ISP, on a public Wi-Fi network, or while torrenting files.

  • Pick the exit node server nearest to you to have reduced latency; Shorter route (fewer hops) to the destination.
  • Use an independent separate firewall; Don’t rely on kill switch if you want to protect your VPN traffic from leaking.

VPN Logs

Your VPN provider is essentially the middleman between your devices and the internet, and they can log all the data pretty easily, and hand it over to the government, sell it to advertisers — everything that an ISP is capable of doing.

There are VPNs that claim that they don’t keep any logs and have even got audited by third-parties about “no-logging”, but for a regular customer a VPN that doesn’t keep logs is indistinguishable from one that does log all the data.

Don’t rely on “no-logging” policy, a VPN won’t make you anonymous, but it will provide you with reasonable privacy and security.

VPN Encryption & Protocols

Most of the popular VPN service providers use OpenVPN protocol to establish an encrypted connection between your device and the VPN server for the transmission of data, there are other VPN protocols that are also used:

  • OpenVPN: OpenVPN is the most trusted, secure and widely used open source VPN protocol on the planet. It is highly versatile and uses virtually unbreakable AES-256 bit key encryption with 2048-bit RSA authentication.
  • WireGuard: WireGuard is the new guy in the town that aims to simplify things while providing better performance, security, and more power saving than existing VPN protocols. It is being actively development and uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20.
  • L2TP/IPSec: Layer 2 Tunneling Protocol with Internet Protocol Security is another popular VPN protocol that is pretty fast and secure, but can be blocked easily due to reliance of UDP on a single port.
  • IKEv2/IPSec: Internet Key Exchange with Internet Protocol Security provides is a pretty fast VPN protocol; it can easily reconnect whenever the connection drops out and excels at switching connections across network types.
  • PPTP: Point-to-Point Tunneling Protocol is the oldest VPN protocol in this list; it can provide way faster speeds but the encryption used has been cracked, and is no longer recommended.

Avoid Free VPNs

This goes without saying,

If you are not paying for the product, you are the product.

This may not be entirely true for open source and community supported software programs like Ubuntu, WordPress, Firefox, etc as they are often backed and used by enterprise customers, but for a service like Virtual Private Network that requires bandwidth which costs money — either you are the consumer or the product.

And, just because you are paying for something aka a VPN, doesn’t mean your data would not be logged. Many paid VPN providers have been caught logging and selling their user’s data among other shady business practices.

Yes, There are VPN services run by non-profits like Psiphon, Bitmask, VPN Gate, Riseup, Calyx, among others that are free for anyone to use, but they often have bandwidth limitations, collect logs, and are not really made for regular use. Psiphon was created by Citizen Lab & University of Toronto, and is designed to support users in countries considered to be “enemies of the Internet”, it limits your internet speed to 2 MB/s and logs some data. VPN Gate is provided by University of Tsukuba which logs all the traffic and is used for research purpose, I am pretty sure all the others also log data or have some sort of restriction.

These non-profit VPN providers are great if you just want to circumnavigate the internet restrictions for basic internet usage, and you should support them if you can, by donations and other means possible — the entire Tor Network is run by volunteers just like you and me that host nodes all around the globe.

Should You Use a VPN?

Whether you should use a VPN, entirely depends on your needs and threat model. As already discussed in earlier sections, a VPN has many use cases from simply accessing geographically blocked content on Netflix and HULU to downright bypassing internet censorship imposed by your government.

VPNs aren’t really the one size fits all solution that would protect your privacy or enhance your security, unless you pair it with other things — privacy, security, anonymity is not a boolean expression; you won’t somehow become private, secure or anonymous just by using a VPN.

VPNs cannot encrypt data outside the connection between your device and the VPN server, hence won’t add any additional security to non-HTTPS traffic. Your VPN is the middleman and can see, modify and log your traffic just like your ISP.

Here’s a really cool video by Tom Scott debunking VPN Myths:

What If You Need Encryption?

As already discussed, VPNs only encrypt the traffic between your device and the VPN server aka Your Device <—> VPN Server part, and can’t encrypt anything on VPN Server <—> Internet part.

By the way, most of the traffic from websites and apps are already encrypted. Every single website that has padlock in the browser, every iPhone app since 2016, every android app since 2018, uses a trusted encrypted tunnel — HTTPS to protect your data, which means all your traffic is already safe regardless of a VPN, except the DNS traffic, which you can encrypt by switching to an Encrypted DNS resolver.

I haven’t come across a website that deals with personal data and does not use HTTPS, thanks to free HTTPS certificates issued by services like Let’s Encrypt and Cloudflare.

Yes, there have been cases where websites and apps have not done correct implantation of HTTPS, but using a VPN won’t do anything as they can’t magically encrypt the traffic between the VPN server and the website’s server. You are better off using HTTPS Everywhere and Turning on Encrypt All Sites Eligible.

Should You Use an Encrypted DNS with a VPN?

You should use an encrypted DNS provider regardless of whether you use a VPN or not, the VPN provider may have its own DNS servers, but if they don’t, your DNS traffic is not encrypted.

You should not use an encrypted DNS resolver while using Tor as this would direct all your DNS request through a single circuit, allowing that encrypted DNS provider to deanonymize you, defeating the whole purpose of using the Tor Browser.

What If You Need Anonymity?

No VPN provider can provide anonymity. Period. Your VPN provider knows your real IP address, and has some personal information about you from your payment methods. There is no way to determine that your VPN provider is not keeping logs.

Use Tor Browser, self-contained networks like I2P, Freenet, and amnesic operating system like Tails for better anonymity.

Should You Hide Your IP Address?

Um, maybe… Your IP address isn’t really all that personal and sensitive information — your IP address won’t give your home address to anyone, it’s all just part of fearmongering by VPN providers and their marketing.

At any given moment, an IP address is usually shared among many different users, and your IP address changes frequently (DHCP). Your IP address only gives a very generalized location based on your ISP.

Your IP address is insignificant compared to the immense amount of personal data that is used for tracking you online, learn more about it in this device and browser fingerprinting article, and how you can mitigate it.

Should You Use Tor With a VPN?

No. You should never pair Tor with a VPN, it defeats the whole purpose of using the Tor Browser — your VPN provider essentially creates a single point of failure, they have access to your real IP address, some personal information, which often has a money trail attached.

If Tor is blocked in your region or you are trying to hide your Tor usage, just use one of the built-in Tor bridges to connect to the Tor Network. Never use a VPN and the Tor Browser together, it adds zero additional benefit and increases the attack surface.

Are VPNs Actually Useful?

At this point you might be scratching your heads like is there a point of using a VPN? Well, VPNs are basically useful in these scenarios:

  • Hiding your traffic and downloads from your ISP at home, work, public Wi-Fi, etc.
  • Bypassing geographical restrictions and censorship to a certain extent.
  • Accessing a particular network be it your Home or Office network.

A VPN only makes sense if you have a really compelling reason or one of the above reasons, in that case, use one of the recommended VPN providers that i have listed above.

Are VPNs Legal?

VPNs are used routinely by businesses around the globe, and are generally legal in most of the countries, since privacy laws vary from country to country, you are better off checking laws in your respective country.

I haven’t heard of an outright ban on use of VPN in the western world, even in countries like China and Russia, use of VPN is pretty normal, most of the so-called bans on VPNs would just not work, as VPN traffic seems like just another regular HTTPS traffic to anyone looking from outside.

Drawbacks of Using a VPN

A VPN is basically a glorified proxy that encrypt your connection — VPNs aren’t all that powerful tools that will somehow make you anonymous; it doesn’t provide you with any additional security.

Using a VPN basically shifts the access to your traffic from your ISP to the VPN provider — meaning all the traffic your ISP used to had access to, your VPN provider will still be able to. That’s why using a trusted VPN provider is crucial if you are looking to protect your privacy.

There are no ways for average consumers to verify “no logging” claims and you just have to take them at their word, “honeypot” VPN providers might be ubiquitous. Some VPN providers do try to validate their claims by releasing security and privacy audits of their policies and code by independent third-party auditors — but at the end of the day it ultimately comes down to trust.

Lastly, a VPN won’t make you anonymous in any way possible. Your VPN provider has access to your personal IP address and dedicated attackers and trackers will be able to trace a connection back to you fairly trivially. VPN traffic is sensitive to device fingerprinting and your VPN provider probably has a money trail leading back to you.

Additional Resources

VPNs in the end are basically glorified proxies, it’s all about whom you trust your data with, here are some additional information you might be interested in:

Private VPN Providers

Virtual Private Networks provide privacy by policy aka you are trusting that your VPN provider won’t log all of your traffic; there are way better alternatives like the Tor Browser that provider privacy, security, and anonymity by design.

That’s all Folks!

I will be updating this page frequently with more VPN recommendations and information. You should check out all the privacy tools that you should use to get a better hold of your privacy, security, and anonymity.

Do let me know of any feedback, tips, or suggestions based on the VPN you are using, feel free to drop a comment below!

Leave a Comment