Virtual Private Networks (VPNs) are veritable Swiss Army Knives when it comes to privacy enhancement, censorship avoidance, anonymous file sharing, and more. But not all VPNs are created equal and there’s no sense paying for features you don’t need (or paying at all if a full-fledged VPN service is overkill for your needs). Read on as we explore the ins and outs of picking a perfect VPN service.
We’re about to walk you through what VPNs are, why people use them, how to assess your VPN needs, and the important questions to ask when shopping for a VPN. If you’re impatient and you just want a really good VPN right this second, you can always jump right to the end and check out our recommendations. A thorough read from start to finish, however, will show you why we’re recommending the services we are.
What Is Virtual Private Networking?
A VPN is a Virtual Private Network. Through the use of software (and sometimes, at the corporate and governmental level, hardware) a VPN creates a virtualized network between two physically separate networks.VPN use, for example, allows an IBM employee to work from home in a Chicago suburb while accessing the company intranet located in a building in New York City as if he was right there with the physical LAN hundreds of miles away. The same technology can be used by consumers to bridge their phones and laptops to their home network so, while on the road, they can securely access files from their media server or desktop computers.
VPNs also have another case use beyond bridging users securely to their own (or corporate) local networks: connecting users to the greater Internet through a secure connection such that all their traffic between their devices is routed through the tunnel to the end point so no one in between can see what is going on. Not only is their traffic secure but it will appear to originate not where they are (like Sydney) but where their VPN exit node is (like New York City).
Why Do People Use VPNs?
We used the words private and secure a lot in the previous section and that should tip you off to one of the principle draws of using a Virtual Private Network: to secure your connection and increase the privacy there of.In addition to the use cases we highlighted above (securely accessing a remote network as if you were connected to the network as a local user) there are also some very valuable use cases that are more outwardly focused. Why would someone want to, as we mentioned above, use their computer in Sydney, Australia but appear (to all the websites and services they use) as if they were in the United States?
Many services are geographically blocked. If you’re a reader outside the US who has visited a popular YouTube video only to be informed “This video is not available in your country,” or some variant thereof, you’ve experienced geo-blocking. You’ve also experienced it if you’ve attempted to watch Netflix in a country not currently supported by Netflix.
Even when you can access a service like Netflix in your country there are often incongruences between what is available in the primary market (typically the US) and the market you’re in. In addition to absent videos many people (we’re looking at you, Australians) have to deal with insanely high import taxes on software that see them paying twice (or more) what US consumers pay for the same products.
On a more serious note, an unfortunately large number of people live in countries with high levels of overt censorship and monitoring (like China) and countries with more convert monitoring (like the US); one of the best ways to get around censorship and monitoring is to use a secure tunnel to appear as if you’re from somewhere else altogether.
In addition to hiding your online activity from a snooping government it’s also useful for hiding your activity from a snooping Internet Service Provider (ISP). If your ISP likes to throttle your connection based on content (tanking your file downloads and/or streaming video speeds in the process) a VPN completely eliminates that problem as all your traffic is traveling to a single point through the encrypted tunnel and your ISP remains ignorant of what kind of traffic it is.
In short a VPN is useful anytime you want to either hide your traffic from people on your local network (like the person who controls the free Wi-Fi at the shop you’re working at), your ISP, or your government and it’s also incredibly useful to trick services into thinking you’re right next door when you’re an ocean away.
Assessing Your VPN Needs
Every user is going to have slightly different VPN needs and the best way to end up paired with the ideal VPN service for your needs is to take careful stock of what your needs are before you go shopping. You may even find you don’t need to go shopping because home-grown or router-based solutions you already have on hand fulfill your needs just fine. Let’s run through a series of questions you should ask yourself and highlight how different VPN features meet the needs highlighted by those questions.To be clear many of the following questions can be satisfied on multiple levels by a single provider, but the questions are framed to get you thinking about what is most important for your personal use.
Do You Need Secure Access to Your Home Network?
If the only use case you care about is securely accessing your home network to gain access to local content while away from home, then you absolutely do not need to invest in a VPN service provider. This isn’t even a case of the tool being overkill for the job; it’s a case of the tool being the wrong tool for the job. A remote VPN service provider gives you secure access to a remote network (like an exit node in Amsterdam), not access to your own network.What you need for secure access to your own home network is a VPN server running on either your home router or an attached device (like a Raspberry Pi or even an always-on desktop computer). Ideally you’ll run the VPN server at the router level for best security and minimal power consumption. To that end we recommend either flashing your router to DD-WRT (which supports both VPN server and client mode) or purchasing a router that has a built in VPN server (like the previously reviewed Netgear Nighthawk and Nighthawk X6 routers).
If this is the solution you need (or even if you just want to run it in parallel with remote solutions for other tasks) definitely check out our article How to Set Up Your Own Home VPN Server for additional information.
Do You Need Secure Casual Browsing?
A great use case for VPNs that everyone should adopt, even those who aren’t particularly security/privacy conscious, is securing their remote casual computer and mobile device use. When you use Wi-Fi at the coffee shop, the airport, or the hotel you’re staying at while traveling cross-country, you have zero idea whether or not the connection you’re using is secure.The router could be running outdated and compromised firmware. The router could actually be malicious and actively sniffing packets and logging your data. The router could be improperly configured and other users on the network could be sniffing your data or probing your laptop or mobile device. You never have any guarantee whatsoever that an unknown Wi-Fi hotspot isn’t, either through malice or poor configuration, exposing your data.
In such scenarios you don’t need a beastly VPN provider with massive bandwidth to secure your casual email, Facebook, and web browsing activities. In such scenarios the same home VPN server model we highlighted in the previous section will serve you just as well as a paid solutions. The only time you might consider a paid solution is if you have high-bandwidth needs that your home connection can’t keep up with (like watching large volumes of streaming video through your VPN connection).
Do You Need to Geo-Shift Your Location?
If your goal is to appear as if you’re in another country so you can access content only available in that country (e.g. BBC Olympic coverage when you’re not in the UK or YouTube videos when you’re not in the US) then you’ll need a VPN service with servers located in the geographic region you wish to exit the virtualized network in.Need UK access for that Olympic coverage your crave? Make sure your provider has UK servers. Need a U.S. IP address so you can watch YouTube videos in peace? Pick a provider with a long list of US exit nodes. Even the greatest VPN provider around is useless if you can’t access an IP address in the geographic region you need.
Do You Need Anonymity and Plausible Deniability?
If your needs are more serious than watching Netflix or keeping some war kiddie at the coffee shop from snooping on your social media activity, you need to more closely scrutinize the details of any VPN service provider you consider. You want a provider that doesn’t keep logs and has a very large user base. The bigger the service the more people poring through every exit node and the more difficult it is to isolate a single user from the crowd.A lot of people avoid using VPN providers based out of the United States on the premise that US law would compel those providers to log all VPN activity. Counterintuitively, there are no such data logging requirements for US-based VPN providers. They might be compelled under another set of laws to turn over data if they have any to turn over, but there is no requirement they even keep the data in the first place.
In addition to logging concerns, an even bigger concern is the type of VPN protocol and encryption they use (as it’s much more probable a malicious third party will try and siphon up your traffic and analyze it later than they will reverse engineer your traffic in an attempt to locate you). Considering logging, protocol, and encryption standards is a great point to transition into the next section of our guide where we shift from questions focused on our needs to questions focused on capabilities of the VPN providers.
Selecting Your VPN Provider
What makes for a VPN provider? Aside from the most obvious matter, a good price point that sits well with your budget, other elements of VPN selection can be a bit opaque. Let’s look at some of the elements you’ll want to consider.It’s up to you to answer these questions by reading over the documentation provided by the VPN service provider before signing up for the service. Better yet, read over their documentation but then search for complaints about the service to ensure that even though they claim they don’t do X, Y, or Z, that users aren’t reporting that they are in fact doing just that.
What Protocols Do They Support?
Not all VPN protocols are equal (not by a long shot). Hands down the protocol you want to run in order to achieve high levels of security with low processing overhead is OpenVPN.You want to skip PPTP if at all possible. It’s a very dated protocol that uses weak encryption and due to security issues should be considered compromised. It might be good enough to secure your non-essential web browsing at a coffee shop (e.g. to keep the shopkeeper’s son from sniffing your passwords), but it’s not up to snuff for serious security. Although L2TP/IPsec is a significant improvements over PPTP it lacks the speed and the open security audits found with OpenVPN.
Long story short, OpenVPN is what you want (and you should accept no substitutions until something even better comes along). If you want the long version of the short story, definitely check out our article Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP for a more detailed look.
There’s currently only one scenario where you would entertain using L2TP/IPsec instead of OpenVPN and that’s for mobile devices like iOS/Android phones and tablets. Currently neither Android nor iOS supports native OpenVPN (although there is third-party support for it). Both mobile operating systems do, however, support L2TP/Ipsec natively and, as such, it’s a useful alternative.
A good VPN provider will offer all of the above options. An excellent VPN provider will even provide good documentation and steer you away from using PPTP for the same reasons we just did.
How Many Servers Do They Have And Where?
If you’re in the US and you want a VPN to hide your activities (like filesharing) in a country with lax laws then a VPN with the majority of its nodes in the US isn’t very useful to you. Conversely, if you’re looking to access US media sources like Netflix and YouTube without geo-blocking, then a VPN service with the majority of its nodes in Africa and Asia is of very little use to you.Accept nothing less than a diverse stable of servers in multiple countries. Given how robust and widely used VPN services have become it isn’t unreasonable to expect hundreds, if not thousands, of servers across the world.
In addition to checking how many servers they have and where those servers are located, it’s also wise to check into where the company is based and if that location aligns with your needs (if you’re using a VPN to avoid persecution by your government then it would be wise to avoid a VPN provider in a country with close ties to your country).
How Many Concurrent Connections Are Allowed?
You might be thinking “I only need one?” but what if you want to set up VPN access on more than one device, for more than one family member, on your home router, or the like? You’ll need multiple concurrent connections to the service. Or, perhaps, if you’re particularly security oriented you’d like to configure multiple devices to use multiple different exit nodes so your collective personal or household traffic isn’t all bundled together.At minimum you want a service that allows for at least three concurrent connections; practically speaking at least five (to account for your mobile devices and computers) and with the ability to link your router to the VPN network is preferable.
Do They Throttle Connections, Limit Bandwidth, or Restrict Services?
ISP throttling is one of the reasons many people turn to VPN networks in the first place so paying extra for a VPN service on top of your broadband bill just to get throttled all over again is a terrible proposition. This is one of those topics some VPNs aren’t perfectly transparent about so it helps to do a little digging via Google.Bandwidth restrictions might not have been a big deal in the pre-streaming era but now when everyone is streaming videos, music, and more the bandwidth burns up really fast. Avoid VPNs that impose bandwidth restrictions unless the bandwidth restrictions are clearly very high and intended only to allow the provider to police people abusing the service.
In that vein a paid VPN service in this day and age restricting you to GBs worth of data is unreasonable. A service with fine print that restricts you to X number of TBs of data is acceptable, but really unlimited bandwith is to be expected.
Finally, read the fine print to see if they restrict any protocols or services you wish to use the service for. If you want to use the service for file sharing read the fine print to ensure your file sharing service isn’t blocked. Again, while it was typical to see VPN providers restrict services back in the day (in an effort to cut down on bandwidth and computing overhead) it’s more common today to find VPNs with an anything-goes policy.
What Kind of Logs, If Any, Do They Keep?
Most VPNs won’t keep any logs of user activity. Not only is this of benefit to their customers (and a great selling point) it’s also of huge benefit to them (as detailed logging can quickly consume disk after disk worth of resources). Many of the largest VPN providers will tell you as much: not only do they have no interest in keeping logs but given the sheer size of their operation they can’t even begin to set aside the disk space to do so.Although some VPNs will note that they keep logs for a very minimum window (such a only a few hours) in order to facilitate maintenance and ensure their network is running smoothly there is very little reason to settle for anything less than zero logging.
What Payment Methods Do They Offer?
If you’re purchasing a VPN for securing your traffic against snooping Wi-Fi nodes while traveling or to route your traffic safely back to the US while traveling, anonymous payment methods aren’t likely a very high priority for you.If you’re purchasing a VPN to avoid political persecution or wish to remain as anonymous as possible, then you’ll be significantly more interested in services that allow for payment through anonymous sources like cryptocurrency or gift cards.
You heard us right on that last bit: a number of VPN providers have systems in place where they will accept gift cards from major retailers (that are totally unrelated to their business) like Wal-Mart or Target in exchange for VPN credit. You could buy a gift card to any number of big box stores using cash, redeem it for VPN credit, and avoid using your personal credit card or checking information.
Do They Have A Kill Switch System?
If you are depending on your VPN to keep your activities anonymous you need some sense of security that the VPN isn’t just going to go down and dump all your traffic out into the regular Internet. What you want is tool known as a “kill switch system”. Good VPN providers have a kill switch system in place such that if the VPN connection fails for any reason it automatically locks down the connection so that the computer doesn’t default to using the open and unsecured Internet connection.Our Recommendations
At this point your head might be, understandably, spinning at the thought of all the homework you’ve got ahead of you. We understand that selecting a VPN service can be a daunting task and that even armed with the questions we outlined above you’re just not sure where to turn.We’re more than happy to help cut through all the jargon and ad copy to help get the bottom of things and, to that end, we’ve selected three VPN service providers that we have direct personal experience with and that meet our VPN selection criteria. In addition to meeting our outlined criteria (and exceeding our expectations for quality of service and ease of use) all of our recommendations here have been in service for years and have remained highly rated and recommended throughout that time.
Private Internet Access
If you’re looking for the most bang-for-your-buck it’s really hard to beat Private Internet Access. They have 2,000+ servers in 18 countries. They support OpenVPN, L2TP/IPsec, and PPTP. You can have up to five simultaneous connections and you can configure supported routers to use the server for whole-home coverage; bandwidth is unlimited. They have zero logging and accept everything from your personal credit card to Bitcoin to a Starbuck’s Gift card as payment. Their support pages are unrivaled and include detailed setup instructions for every device and OS you can imagine but for standard configuration on personal computers you can just download their easy-to-use wizard to set everything up. In addition they also support proxy services so you can link a single application (such as a BitTorrent client or chat client) into an anonymizing proxy.
You’d expect to pay a premium for all those features but you can pick up a PIA account for $6.95 on the month-to-month plan or prepay for the year and drop your cost down to a mere $3.33 a month. From a feature-to-dollar standpoint a year subscription to PIA is the best value in town.
Hide My Ass
Hide My Ass is a long running and highly regarded VPN provider on par with Private Internet Access. They have 870 VPN servers distributed between 200 countries. They support OpenVPN, L2TP/IPsec, and PPTP. Like PIA they also offer unlimited bandwidth and while they say you can have unlimited users you’re actually limited to two computer users unless you configure your router for a VPN connection (so it’s not really unlimited and the five connection limit offered by PIA is actually more flexible in that it is effectively “unlimited” in your home in the same fashion).
In addition to the same core features found in Private Internet Access’s stable, Hide My Ass also has anonymous email, anonymous link forwarding, and other anonymizing services. Those extra services as well as Hide My Ass maintaining a presence in 200 countries does add a bit of a premium to the price tag: if you pay by the month it’s $9.99 but if you pay by the year your cost drops to $4.99 per month.
TunnelBear
If Private Internet Access and Hide My Ass are the luxury sedans of the VPN world, TunnelBear is more like the econo-car (if you get the paid program) or the city bus (if you use their generous free program). That’s not a knock on TunnelBear, either, they’ve been around for years and their free service tier has been of great utility to people in need all over the world.
The free TunnelBear service offers up to 500MB per month. That’s not a whole lot of data but it’s enough for mobile browsing or light home browsing. If you need more data than that you can upgrade to their professional accounts at a cost of $6.99 per month or $4.16 per month if billed annually.
The free account is limited to a single user while the premium account enabled unlimited bandwidth for up to five computers or mobile devices. TunnelBear doesn’t list the total number of servers on their site but they do offer servers in 14 countries. Their Windows and Mac OS X client is based on OpenVPN and their mobile VPN system uses L2TP/IPsec. Unlike the previous two recommendations TunnelBear has a firmer stance against file sharing activities and BitTorrent is blocked.
From a feature-to-dollar standpoint TunnelBear doesn’t beat out Private Internet Access or Hide My Ass but it does offer a free tier and it is extremely easy to get up and running with their dead-simple apps for Windows and OS X users.
Whether you’re paranoid that your government is logging your web browsing activities, you’re sick of your ISP throttling your connection, you want to secure your browsing sessions while on the road, or you just want to download whatever the heck you want without the man on your back, there’s no substitution for a securely deployed Virtual Private Network. Now that you’re armed with the knowledge necessary to pick a good VPN (and with three solid recommendations at that), it’s time to secure your internet traffic once and for all.
Source: http://www.howtogeek.com/221929/how-to-choose-the-best-vpn-service-for-your-needs/