Virtual Private Networks (VPNs) are veritable Swiss Army Knives when
it comes to privacy enhancement, censorship avoidance, anonymous file
sharing, and more. But not all VPNs are created equal and there’s no
sense paying for features you don’t need (or paying at all if a
full-fledged VPN service is overkill for your needs). Read on as we
explore the ins and outs of picking a perfect VPN service.
We’re about to walk you through what VPNs are, why people use them,
how to assess your VPN needs, and the important questions to ask when
shopping for a VPN. If you’re impatient and you just want a really good
VPN right this second, you can always jump right to the end and check
out our recommendations. A thorough read from start to finish, however,
will show you why we’re recommending the services we are.
What Is Virtual Private Networking?
A VPN is a Virtual Private Network. Through the use of software (and
sometimes, at the corporate and governmental level, hardware) a VPN
creates a virtualized network between two physically separate networks.
VPN use, for example, allows an IBM employee to work from home in a
Chicago suburb while accessing the company intranet located in a
building in New York City as if he was right there with the physical LAN
hundreds of miles away. The same technology can be used by consumers to
bridge their phones and laptops to their home network so, while on the
road, they can securely access files from their media server or desktop
computers.
VPNs also have another case use beyond bridging users securely to
their own (or corporate) local networks: connecting users to the greater
Internet through a secure connection such that all their traffic
between their devices is routed through the tunnel to the end point so
no one in between can see what is going on. Not only is their traffic
secure but it will appear to originate not where they are (like Sydney)
but where their VPN exit node is (like New York City).
Why Do People Use VPNs?
We used the words private and secure a lot in the previous section
and that should tip you off to one of the principle draws of using a
Virtual Private Network: to secure your connection and increase the
privacy there of.
In addition to the use cases we highlighted above (securely accessing
a remote network as if you were connected to the network as a local
user) there are also some very valuable use cases that are more
outwardly focused. Why would someone want to, as we mentioned above, use
their computer in Sydney, Australia but appear (to all the websites and
services they use) as if they were in the United States?
Many services are geographically blocked. If you’re a reader outside
the US who has visited a popular YouTube video only to be informed “This
video is not available in your country,” or some variant thereof,
you’ve experienced geo-blocking. You’ve also experienced it if you’ve
attempted to watch Netflix in a country not currently supported by
Netflix.
Even when you can access a service like Netflix in your country there
are often incongruences between what is available in the primary market
(typically the US) and the market you’re in. In addition to absent
videos many people (we’re looking at you, Australians) have to deal with
insanely high import taxes on software that see them paying twice (or
more) what US consumers pay for the same products.
On a more serious note, an unfortunately large number of people live
in countries with high levels of overt censorship and monitoring (like
China) and countries with more convert monitoring (like the US); one of
the best ways to get around censorship and monitoring is to use a secure
tunnel to appear as if you’re from somewhere else altogether.
In addition to hiding your online activity from a snooping government
it’s also useful for hiding your activity from a snooping Internet
Service Provider (ISP). If your ISP likes to throttle your connection
based on content (tanking your file downloads and/or streaming video
speeds in the process) a VPN completely eliminates that problem as all
your traffic is traveling to a single point through the encrypted tunnel
and your ISP remains ignorant of what kind of traffic it is.
In short a VPN is useful anytime you want to either hide your traffic
from people on your local network (like the person who controls the
free Wi-Fi at the shop you’re working at), your ISP, or your government
and it’s also incredibly useful to trick services into thinking you’re
right next door when you’re an ocean away.
Assessing Your VPN Needs
Every user is going to have slightly different VPN needs and the best
way to end up paired with the ideal VPN service for your needs is to
take careful stock of what your needs are before you go shopping. You
may even find you don’t need to go shopping because home-grown or
router-based solutions you already have on hand fulfill your needs just
fine. Let’s run through a series of questions you should ask yourself
and highlight how different VPN features meet the needs highlighted by
those questions.
To be clear many of the following questions can be satisfied on
multiple levels by a single provider, but the questions are framed to
get you thinking about what is most important for your personal use.
Do You Need Secure Access to Your Home Network?
If the only use case you care about is securely accessing your home
network to gain access to local content while away from home, then you
absolutely do not need to invest in a VPN service provider. This isn’t
even a case of the tool being overkill for the job; it’s a case of the
tool being the wrong tool for the job. A remote VPN service provider
gives you secure access to a remote network (like an exit node in
Amsterdam), not access to your own network.
What you need for secure access to your own home network is a VPN
server running on either your home router or an attached device (like a
Raspberry Pi or even an always-on desktop computer). Ideally you’ll run
the VPN server at the router level for best security and minimal power
consumption. To that end we recommend either
flashing your router to DD-WRT
(which supports both VPN server and client mode) or purchasing a router
that has a built in VPN server (like the previously reviewed
Netgear Nighthawk and
Nighthawk X6 routers).
If this is the solution you need (or even if you just want to run it
in parallel with remote solutions for other tasks) definitely check out
our article
How to Set Up Your Own Home VPN Server for additional information.
Do You Need Secure Casual Browsing?
A great use case for VPNs that everyone should adopt, even those who
aren’t particularly security/privacy conscious, is securing their remote
casual computer and mobile device use. When you use Wi-Fi at the coffee
shop, the airport, or the hotel you’re staying at while traveling
cross-country, you have
zero idea whether or not the connection you’re using is secure.
The router could be running outdated and compromised firmware. The
router could actually be malicious and actively sniffing packets and
logging your data. The router could be improperly configured and other
users on the network could be sniffing your data or probing your laptop
or mobile device. You never have any guarantee whatsoever that an
unknown Wi-Fi hotspot isn’t, either through malice or poor
configuration, exposing your data.
In such scenarios you don’t need a beastly VPN provider with massive
bandwidth to secure your casual email, Facebook, and web browsing
activities. In such scenarios the same home VPN server model we
highlighted in the previous section will serve you just as well as a
paid solutions. The only time you might consider a paid solution is if
you have high-bandwidth needs that your home connection can’t keep up
with (like watching large volumes of streaming video through your VPN
connection).
Do You Need to Geo-Shift Your Location?
If your goal is to appear as if you’re in another country so you can
access content only available in that country (e.g. BBC Olympic coverage
when you’re not in the UK or YouTube videos when you’re not in the US)
then you’ll need a VPN service with servers located in the geographic
region you wish to exit the virtualized network in.
Need UK access for that Olympic coverage your crave? Make sure your
provider has UK servers. Need a U.S. IP address so you can watch YouTube
videos in peace? Pick a provider with a long list of US exit nodes.
Even the greatest VPN provider around is useless if you can’t access an
IP address in the geographic region you need.
Do You Need Anonymity and Plausible Deniability?
If your needs are more serious than watching Netflix or keeping some
war kiddie at the coffee shop from snooping on your social media
activity, you need to more closely scrutinize the details of any VPN
service provider you consider. You want a provider that doesn’t keep
logs and has a very large user base. The bigger the service the more
people poring through every exit node and the more difficult it is to
isolate a single user from the crowd.
A lot of people avoid using VPN providers based out of the United
States on the premise that US law would compel those providers to log
all VPN activity. Counterintuitively, there are no such data logging
requirements for US-based VPN providers. They might be compelled under
another set of laws to turn over data if they have any to turn over, but
there is no requirement they even keep the data in the first place.
In addition to logging concerns, an even bigger concern is the type
of VPN protocol and encryption they use (as it’s much more probable a
malicious third party will try and siphon up your traffic and analyze it
later than they will reverse engineer your traffic in an attempt to
locate you). Considering logging, protocol, and encryption standards is a
great point to transition into the next section of our guide where we
shift from questions focused on our needs to questions focused on
capabilities of the VPN providers.
Selecting Your VPN Provider
What makes for a VPN provider? Aside from the most obvious matter, a
good price point that sits well with your budget, other elements of VPN
selection can be a bit opaque. Let’s look at some of the elements you’ll
want to consider.
It’s up to you to answer these questions by reading over the
documentation provided by the VPN service provider before signing up for
the service. Better yet, read over their documentation but then search
for complaints about the service to ensure that even though they claim
they don’t do X, Y, or Z, that users aren’t reporting that they are in
fact doing just that.
What Protocols Do They Support?
Not all VPN protocols are equal (not by a long shot). Hands down the
protocol you want to run in order to achieve high levels of security
with low processing overhead is OpenVPN.
You want to skip PPTP if at all possible. It’s a
very dated protocol that uses weak encryption and
due to security issues
should be considered compromised. It might be good enough to secure
your non-essential web browsing at a coffee shop (e.g. to keep the
shopkeeper’s son from sniffing your passwords), but it’s not up to snuff
for serious security. Although L2TP/IPsec is a significant improvements
over PPTP it lacks the speed and the open security audits found with
OpenVPN.
Long story short, OpenVPN is what you want (and you should accept no
substitutions until something even better comes along). If you want the
long version of the short story, definitely check out our article
Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP for a more detailed look.
There’s currently only one scenario where you would entertain using
L2TP/IPsec instead of OpenVPN and that’s for mobile devices like
iOS/Android phones and tablets. Currently neither Android nor iOS
supports native OpenVPN (although there is third-party support for it).
Both mobile operating systems do, however, support L2TP/Ipsec natively
and, as such, it’s a useful alternative.
A good VPN provider will offer all of the above options. An excellent
VPN provider will even provide good documentation and steer you away
from using PPTP for the same reasons we just did.
How Many Servers Do They Have And Where?
If you’re in the US and you want a VPN to hide your activities (like
filesharing) in a country with lax laws then a VPN with the majority of
its nodes in the US isn’t very useful to you. Conversely, if you’re
looking to access US media sources like Netflix and YouTube without
geo-blocking, then a VPN service with the majority of its nodes in
Africa and Asia is of very little use to you.
Accept nothing less than a diverse stable of servers in multiple
countries. Given how robust and widely used VPN services have become it
isn’t unreasonable to expect hundreds, if not thousands, of servers
across the world.
In addition to checking how many servers they have and where those
servers are located, it’s also wise to check into where the company is
based and if that location aligns with your needs (if you’re using a VPN
to avoid persecution by your government then it would be wise to avoid a
VPN provider in a country with close ties to your country).
How Many Concurrent Connections Are Allowed?
You might be thinking “I only need one?” but what if you want to set
up VPN access on more than one device, for more than one family member,
on your home router, or the like? You’ll need multiple concurrent
connections to the service. Or, perhaps, if you’re particularly security
oriented you’d like to configure multiple devices to use multiple
different exit nodes so your collective personal or household traffic
isn’t all bundled together.
At minimum you want a service that allows for at least three
concurrent connections; practically speaking at least five (to account
for your mobile devices and computers) and with the ability to link your
router to the VPN network is preferable.
Do They Throttle Connections, Limit Bandwidth, or Restrict Services?
ISP throttling is one of the reasons many people turn to VPN networks
in the first place so paying extra for a VPN service on top of your
broadband bill just to get throttled all over again is a terrible
proposition. This is one of those topics some VPNs aren’t perfectly
transparent about so it helps to do a little digging via Google.
Bandwidth restrictions might not have been a big deal in the
pre-streaming era but now when everyone is streaming videos, music, and
more the bandwidth burns up really fast. Avoid VPNs that impose
bandwidth restrictions unless the bandwidth restrictions are clearly
very high and intended only to allow the provider to police people
abusing the service.
In that vein a paid VPN service in this day and age restricting you
to GBs worth of data is unreasonable. A service with fine print that
restricts you to X number of TBs of data is acceptable, but really
unlimited bandwith is to be expected.
Finally, read the fine print to see if they restrict any protocols or
services you wish to use the service for. If you want to use the
service for file sharing read the fine print to ensure your file sharing
service isn’t blocked. Again, while it was typical to see VPN providers
restrict services back in the day (in an effort to cut down on
bandwidth and computing overhead) it’s more common today to find VPNs
with an anything-goes policy.
What Kind of Logs, If Any, Do They Keep?
Most VPNs won’t keep any logs of user activity. Not only is this of
benefit to their customers (and a great selling point) it’s also of huge
benefit to them (as detailed logging can quickly consume disk after
disk worth of resources). Many of the largest VPN providers will tell
you as much: not only do they have no interest in keeping logs but given
the sheer size of their operation they can’t even begin to set aside
the disk space to do so.
Although some VPNs will note that they keep logs for a very minimum
window (such a only a few hours) in order to facilitate maintenance and
ensure their network is running smoothly there is very little reason to
settle for anything less than zero logging.
What Payment Methods Do They Offer?
If you’re purchasing a VPN for securing your traffic against snooping
Wi-Fi nodes while traveling or to route your traffic safely back to the
US while traveling, anonymous payment methods aren’t likely a very high
priority for you.
If you’re purchasing a VPN to avoid political persecution or wish to
remain as anonymous as possible, then you’ll be significantly more
interested in services that allow for payment through anonymous sources
like cryptocurrency or gift cards.
You heard us right on that last bit: a number of VPN providers have
systems in place where they will accept gift cards from major retailers
(that are totally unrelated to their business) like Wal-Mart or Target
in exchange for VPN credit. You could buy a gift card to any number of
big box stores using cash, redeem it for VPN credit, and avoid using
your personal credit card or checking information.
Do They Have A Kill Switch System?
If you are depending on your VPN to keep your activities anonymous
you need some sense of security that the VPN isn’t just going to go down
and dump all your traffic out into the regular Internet. What you want
is tool known as a “kill switch system”. Good VPN providers have a kill
switch system in place such that if the VPN connection fails for any
reason it automatically locks down the connection so that the computer
doesn’t default to using the open and unsecured Internet connection.
Our Recommendations
At this point your head might be, understandably, spinning at the
thought of all the homework you’ve got ahead of you. We understand that
selecting a VPN service can be a daunting task and that even armed with
the questions we outlined above you’re just not sure where to turn.
We’re more than happy to help cut through all the jargon and ad copy
to help get the bottom of things and, to that end, we’ve selected three
VPN service providers that we have direct personal experience with and
that meet our VPN selection criteria. In addition to meeting our
outlined criteria (and exceeding our expectations for quality of service
and ease of use) all of our recommendations here have been in service
for years and have remained highly rated and recommended throughout that
time.
Private Internet Access
If you’re looking for the most bang-for-your-buck it’s really hard to beat
Private Internet Access.
They have 2,000+ servers in 18 countries. They support OpenVPN,
L2TP/IPsec, and PPTP. You can have up to five simultaneous connections
and you can configure supported routers to use the server for whole-home
coverage; bandwidth is unlimited. They have zero logging and accept
everything from your personal credit card to Bitcoin to a Starbuck’s
Gift card as payment. Their support pages are unrivaled and include
detailed setup instructions for every device and OS you can imagine but
for standard configuration on personal computers you can just download
their easy-to-use wizard to set everything up. In addition they also
support proxy services so you can link a single application (such as a
BitTorrent client or chat client) into an anonymizing proxy.
You’d expect to pay a premium for all those features but you can pick
up a PIA account for $6.95 on the month-to-month plan or prepay for the
year and drop your cost down to a mere $3.33 a month. From a
feature-to-dollar standpoint a year subscription to PIA is the best
value in town.
Hide My Ass
Hide My Ass
is a long running and highly regarded VPN provider on par with Private
Internet Access. They have 870 VPN servers distributed between 200
countries. They support OpenVPN, L2TP/IPsec, and PPTP. Like PIA they
also offer unlimited bandwidth and while they say you can have unlimited
users you’re actually limited to two computer users unless you
configure your router for a VPN connection (so it’s not really
unlimited and the five connection limit offered by PIA is actually more
flexible in that it is effectively “unlimited” in your home in the same
fashion).
In addition to the same core features found in Private Internet
Access’s stable, Hide My Ass also has anonymous email, anonymous link
forwarding, and other anonymizing services. Those extra services as well
as Hide My Ass maintaining a presence in 200 countries does add a bit
of a premium to the price tag: if you pay by the month it’s $9.99 but if
you pay by the year your cost drops to $4.99 per month.
TunnelBear
If Private Internet Access and Hide My Ass are the luxury sedans of the VPN world,
TunnelBear
is more like the econo-car (if you get the paid program) or the city
bus (if you use their generous free program). That’s not a knock on
TunnelBear, either, they’ve been around for years and their free service
tier has been of great utility to people in need all over the world.
The free TunnelBear service offers up to 500MB per month. That’s not a
whole lot of data but it’s enough for mobile browsing or light home
browsing. If you need more data than that you can upgrade to their
professional accounts at a cost of $6.99 per month or $4.16 per month if
billed annually.
The free account is limited to a single user while the premium
account enabled unlimited bandwidth for up to five computers or mobile
devices. TunnelBear doesn’t list the total number of servers on their
site but they do offer servers in 14 countries. Their Windows and Mac OS
X client is based on OpenVPN and their mobile VPN system
uses L2TP/IPsec. Unlike the previous two recommendations TunnelBear has a
firmer stance against file sharing activities and BitTorrent is
blocked.
From a feature-to-dollar standpoint TunnelBear doesn’t beat out Private Internet Access or Hide My Ass
but
it does offer a free tier and it is extremely easy to get up and
running with their dead-simple apps for Windows and OS X users.
Whether you’re paranoid that your government is logging your web
browsing activities, you’re sick of your ISP throttling your connection,
you want to secure your browsing sessions while on the road, or you
just want to download whatever the heck you want without the man on your
back, there’s no substitution for a securely deployed Virtual Private
Network. Now that you’re armed with the knowledge necessary to pick a
good VPN (and with three solid recommendations at that), it’s time to
secure your internet traffic once and for all.
Source:
http://www.howtogeek.com/221929/how-to-choose-the-best-vpn-service-for-your-needs/
