The Best VPN Service
- February 23, 2018 - We’ve updated our review to include additional tips for secure web browsing. We’ve also made some light changes to our methodology to include up-to-date sources. Our top picks haven’t changed — we still think NordVPN is the best VPN service for most users.
The Best VPN Service
“VPN” stands for “Virtual Private Network,” and it’s exactly what it sounds like: an online network that keeps prying eyes away while you surf the web on your laptop or mobile device. A VPN essentially takes the data you send online — which includes personal information such as your IP address — and disguises it so that nobody spying from another computer can identify who’s sending it, or where it’s coming from. The best VPN allows you to continue using the internet at normal or close-to-normal speeds, but scrambles outbound data enough that hackers and government officials will have a much harder time tracking your every movement.
VPNs are essential for small businesses. Because businesses have more proprietary information to protect, they’re a bigger target for thieves. For small businesses in particular, VPNs represent a layer of security that doesn’t require exhaustive resources while allowing remote and travelling employees to keep sensitive information private when connecting to a hotel or public Wi-Fi.
Do you need one? After speaking with security experts, we’d frame it like this: If you wouldn’t ask a complete stranger to hold your wallet for you, then you shouldn’t be using public WiFi without a VPN service. And “public” doesn’t just mean your average coffee shop or an airport. Even if your WiFi connection is password-protected and comes from a trustworthy source, like a hotel or a university, a VPN service can seriously boost your online security. And neither is a VPN service just for laptops. As banking apps and digital wallets become increasingly popular, it’s important to consider VPNs for mobile devices, too. Our picks work well with both types of devices.
If you're looking for additional options, ExpressVPN had the fastest connectivity of any VPN service we tested — a must for users whose primary concern is streaming videos — and also provides top-notch security, but at nearly $100 annually, costs a little more than NordVPN. If you’re looking for a low-cost VPN option that will still get the job done, Private Internet Access has no frills, but gives you the most bang for your buck (or your bitcoin, as the case may be) for just under $40 per year.
But no matter which service you choose, be warned: VPNs are not a one-stop security shop. “If someone really wants to get at what you have, there are tons of ways for them to do it,” explains Jennifer Golbeck, a computer scientist and world-renowned internet security expert at the University of Maryland, College Park. A VPN service improves your online privacy, but even the best cannot make you totally anonymous (as some services imply). A good VPN is “absolutely the first priority if you’re on public WiFi,” Golbeck told us. But she notes that it’s most effective when used in conjunction with other common-sense security measures, such as an online backup service and a solid password manager — we look at some of these additional options down below.
How We Found the Best VPN Services
The Pew Research center found that, as of 2016, the majority of Americans (64%) report personal experience with a data breach, from hacked social media accounts all the way up to credit card and tax fraud. And if 2017’s enormous Equifax breach is any indication, cyber crimes aren’t going away anytime soon.
Adding to the anxiety, not all VPN services live up to their claims. Take Facebook’s 2018 attempt at entering the VPN space: The social media giant is encouraging users to download Onavo Protect, a free “VPN security” service that purports to encrypt the data you transmit. But if you look at the fine print, it’s pretty clear Onavo is uninterested in protecting your privacy. The app’s description states, “Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.” Essentially, Onavo is using a VPN connection to gain exclusive insights into your activity, rather than cloaking it. Talk about shady.
Needless to say, we wanted a VPN service that would offer multiple levels of security, true privacy, and protections against leaks. We asked some of the field’s foremost experts what they look for in a VPN service, then we analyzed the features and performance stats of more than 100 contenders.
We cut services without both Android and iOS compatibility (or that require a separate subscription for desktop and mobile).
As of 2017, the Pew Research Center reports that 51 percent of Americans have made an online purchase via smartphone in the past year. As our cell phone dependence continues to increase, so will mobile data breaches and cell phone security risks. “Intercepting data is just as easy to do via a phone,” Golbeck explains, “but people use VPNs a lot less frequently on their mobile devices than they do on their laptop computers.”
Given this rise of smartphone (and tablet) use, we feel that the best VPN subscription should work across multiple devices (including Android and iOS) without any issues. So we looked for services like ExpressVPN, which not only works across Android and iOS devices, but also features an incredibly easy-to-use mobile app that connects on demand and doesn’t waste a ton of battery life. Because the majority of risky internet connecting is done on your phone, via public WiFi in coffee shops and airports, this mobile consideration is vital.
AlwaysVPN, BartVPN, Bee VPN, Boleh VPN, BTGuard, Buffered VPN, CitizenVPN, Cryptostorm, EarthVPN, Elephant VPN, Faceless.Me, Ghost Path, IPinator, Liquid VPN, NeXTGenVPN, OkayFreedom, Proxify, ProXPN, SecretsLine, Secure Tunnel, SecureVPN.to, Spice VPN, Surf Bouncer VPN, SwissVPN, Unblock US VPN, Unspyable, VikingVPN, VPN.AC, VPN4ALL, VPNBook, VPNMaster, VPNv6, Zen VPN
VPN services that didn’t use shared IP systems got cut, too.
An IP (Internet Protocol) address is a unique series of numbers assigned to a computer or gateway to identify it on a network. Every computer has one, and one of the primary goals of a VPN is to hide yours so no one can use it to track you online. One way VPNs do this is by using shared, anonymous IP addresses that mix in your internet traffic with other client traffic.
Worried about IPv6 leaks?Internet Protocol version 6 (IPv6), was created in the 90s to address the concern that the widely used IPv4 eventually run out of web addresses to assign to users. IPv6 is not yet widespread (accounting for less than 20% of web traffic), so some VPNs fail to properly direct its traffic through their secure tunnels. If you’re worried, some VPNs offer the option to disable IPv6 requests in the OS. You can also test your IPv6 connectivity using test-ipv6.com.
VPN services tend to offer two different kinds of IP systems: shared and dedicated. In a dedicated IP system, VPN users are assigned a single IP that is unique to them and not shared by any other users. In a shared system, users are assigned multiple IPs that are being used by a large pool of clients at the same time. On the surface, a shared system might sound like the worse deal — why pay for a service you have to share? And it does come with a downside: If too many users share the same IP, websites and browsers may assume that the traffic is spam, which could block or slow your connection and force you to reconnect on a different server.
But internet security expert and darknet researcher Bev Robb told us that if you’re serious about protecting your privacy, a shared IP is the only real option. “I would disqualify a VPN service that does not use shared IP systems,” she says. In fact, “if they don’t clearly state that they use shared, anonymous IP systems, I would be wary.” In Robb’s mind, the goal of any VPN service should be to “blend in with the crowd.” So we cut services that didn’t make it clear that they use shared IP systems or allow users to switch back and forth between shared and dedicated systems.
AceVPN, ActiVPN, AzireVPN, Blockless, Global VPN, GoTrusted, GTS VPN, HideIP VPN, Hotspot Shield, Ivacy, Kepard, Liberty VPN, LogMeIn Hamachi, My Private Network VPN, NolimitVPN, PandaPow, Privatoria, SaferVPN, Seed4.Me, ShadeYou, Smart DNS Proxy, SpotFlux, Steganos, Sun VPN, SuperVPN, Switch VPN, Total VPN, Trust.Zone, TunnelBear, VPN Baron, VPN Land, VPN Makers, VPN Tunnel, VPN.ht, VPNinja, WASEL Pro VPN
Not having a VPN kill switch was also a deal breaker.
The whole point of a VPN is to help you stay as anonymous as possible, so we wanted to be extra sure that even in worst-case scenarios, our top picks wouldn’t accidentally release your personal IP address. If a hacker manages to track down your true IP address, they may be able to steal your browser information, router information, and details regarding your internet provider — a pretty good “starter kit” for gaining access to your computer’s hard drive. They might even be able to use your IP address to cloak their own illegal activity, meaning you might come home one day to a scowling FBI agent at your door.
When a VPN connection is working properly, this is almost never an issue. But sometimes VPNs get disconnected or fail to work, and that’s when it’s important to have a feature known as a kill switch.
Think of the kill switch as a referee observing your internet connection from the sidelines. If there’s any kind of change in your IP address or if the VPN unexpectedly drops, it will blow a whistle and stop the session entirely. Just as a basketball player can’t keep shooting after a foul has been called, your computer won’t be able to connect to the internet until a secure VPN connection has been reestablished.
If you don’t have a kill switch when your VPN drops, you’ll stay connected to the internet and your true IP address will be exposed for all the world to see. Worse, you might not even know it. “It’s important to know if your connection gets terminated, but it’s just as important to know what the service does in case that happens,” says Robb. “Does the company kill the connection, or do you just hang there with no VPN? You definitely don’t want to be hanging there with no VPN.”
We should note that some services call their kill switch by a different name (Hide My Ass!, a company that knows a thing or two about great names, calls its “Secure IP-Bind Technology”). But to make it into our next round, a VPN service had to have some form of clearly identified kill switch.
AirVPN, Anonine, Anonymizer, Astrill, BlackVPN, CactusVPN, F-Secure Freedome VPN, FrootVPN, IronSocket, KeepSolid VPN Unlimited, OverPlay, PerfectVPN, SecurityKISS, StrongVPN, SurfEasy, TheSafety.US, TigerVPN, UnoTelly UnoVPN, VPN Reactor
We also cut services that rely on a third-party DNS.
If you’re sensing a theme here, it’s that security is really important when it comes to picking the right VPN service. And one of the biggest security risks we encountered in our research involves DNS.
What is DNS? DNS (Domain Name System) basically works like a telephone directory for the internet, assigning a unique IP address (phone number) to each domain name (website). When you type in the name of a website like Reviews.com and hit “Enter,” your request goes to a DNS server, which then sends you back the IP address that corresponds with that website and loads the page.
If a VPN service gets its IP addresses from a third-party DNS server that it doesn’t control, that third party could be logging your requests without you (or your VPN service, for that matter) knowing about it. It could hypothetically track every site you load — defeating half the purpose of a VPN.
“A third party could definitely log DNS requests,” warns Robb. “My preference is to go with a VPN provider that owns their own data servers and hosts their own DNS servers.” This protects your web history and ensures that all of your requests remain encrypted, as opposed to sending requests in unencrypted form to a third-party DNS. It’s not enough that a VPN service advertises “no logs” if it uses a third-party DNS such as Google DNS, which happens to be one of the most common third-party DNS solutions out there.
While private DNS servers aren’t totally invulnerable to DNS leakage, they do take away the third-party risk. Services like VyprVPN and ExpressVPN do a great job of explaining the benefits of private, encrypted DNS on their websites, while services like Hide My Ass! automatically resort to third-party DNS servers like OpenDNS without much explanation (VPN Shazam’s disclaimer literally amounts to: “It’s complicated! Just trust us!”). We think “no logs” should really mean “no logs,” so we cut from contention any services that don’t use their own, secure servers.
Hide Me, Hide My Ass, LimeVPN, Noodle VPN, PrivateVPN, PureVPN, TorGuard, VPN Area, VPN Shazam
Our 13 Finalists for Best VPN Service:
- Golden Frog VyprVPN
- Invisible Browsing VPN
- IP Vanish
- Private Internet Access
- Slick VPN
- VPN S
We put our remaining contenders through a speed test, looking for minimal slowdown.
At this stage, we were left with 13 remaining contenders, all of which boast the security of an armored tank. But the problem with most tanks is that they’re slow, and we wanted to find one that drives like a Lamborghini. Most VPNs tend to slow down browsing and streaming to some extent, but we hoped to find a service that disrupted our typical browsing experience as little as possible.
For our speed test, we selected 35 popular websites — the top 35 websites from the Alexa Top 100. We then used a Terminal-based command known as “curl” to request each of these 35 websites in sequence and get a readout of the average time it took each VPN to connect to each site. We repeated this test three times per provider. (Note: We had to drop VPN S at this stage, since it wouldn’t connect at all, despite our repeated attempts. Needless to say, this was not the experience we were hoping for.)
In fairness, speed is partly determined by geography: how far away a VPN’s server is from your computer’s location. To account for this variable, we tested multiple servers from each provider and averaged the results. IP Vanish, for example, has servers located in Dallas, Chicago, and Los Angeles, so we tested each once and then took the average of the three. For greater uniformity among our results, we only tested servers in similar locations of the US when possible. We also tested the connection without a VPN multiple times to measure the extent to which each VPN was slowing it down.
IVPN and ExpressVPN turned in the most impressive speed results, each showing a less than 10 percent decrease in speed with the VPN connected. NordVPN and Private Internet Access also turned in acceptable speed scores, with each slowing down browsing by about 10 percent. The worst speed scores belonged to Proxy.sh, OctaneVPN, and Invisible Browsing VPN, which slowed down speed by more than 60 percent. The latter two didn’t help their cause with unwieldy (or just plain ugly) desktop interfaces.
Though it doesn’t translate to “speed” in the literal sense, we were impressed by ExpressVPN and other services that allow unlimited server switches, as this lets users test out as many services as they want to find the absolute fastest connection during each browsing session.
Cyberghost, Invisible Browsing VPN, Mullvad, OctaneVPN, Proxy.sh, Slick VPN
Our Picks for the Best VPN Services
We poked and prodded to find cracks in NordVPN, but we couldn’t find anything that failed to impress us about this simple, elegant, and highly secure VPN service. At $69 for a full year of service, it ranks among the less expensive options (Golden Frog’s VyprVPN, by contrast, can cost as much as $120 per year) but still offers more premium features than just about any other service out there. Users can choose from three encryption methods (PTP, L2TP/IPSec, and OpenVPN) to further customize their security on desktop and mobile, and a single subscription covers six simultaneous connections. That’s three more than other top contenders like IVPN and Proxy.sh, giving you a perfect excuse to go out and buy those three extra cell phones.
These features are all nice on paper, but we truly fell in love with NordVPN once we tried it for ourselves. Connecting to a VPN every time you log onto the internet can seem like a real pain — and with some services it is. VPN S, for example, was never able to establish a stable connection in multiple tries, while OctaneVPN offered up a clunky, confusing desktop interface that reminded us of the ‘90s for all the worst reasons.
But NordVPN’s simple, dedicated mobile app for Android and iOS allows you to establish a secure connection with just a tap of your finger. A lot of VPNs feel like they’re made for coders or criminals — just check out the cheesy image on SlickVPN’s homepage — but NordVPN offers an inviting, unintimidating interface for all levels of user.
While NordVPN probably won’t give you the fastest speeds possible, it’s well above average: Our tests indicated a roughly 14 percent decrease in browsing speed, and since we’re talking milliseconds here, it’s a discrepancy we didn’t even notice. To sweeten the deal, NordVPN also offers dedicated streaming servers.
Another stand-out feature? NordVPN offers an additional level of security simply because it’s based in Panama and operates under Panamanian jurisdiction. Unlike other countries, Panama has no mandatory data-retention laws, so users can be absolutely sure that the company’s “no logs” promise doesn’t contradict local laws. This isn’t something that most people need to worry about, but it does reinforce the notion that NordVPN protects your information as well as — if not better than — any other service out there.
And finally, it’s surprisingly pretty to look at. Rather than simply displaying a list of servers and countries, NordVPN presents you with a beautiful interactive world map that works great on both desktop and mobile. If you do decide to switch over to the list format, it clearly displays the exact distance of each server from your current location, ensuring that you always know where your best connection will be.
As with NordVPN, we are huge fans of ExpressVPN’s clean, simple desktop and mobile interface, which doesn’t bog you down with unnecessary information, but makes it clear that you’re protected. A large graphic of a padlock clicks into place as soon as you successfully connect to a server, and bold green and red color-coding leave no doubt as to your current state of security.
ExpressVPN offers 136 server locations spread out across 87 countries (versus NordVPN’s undisclosed number of servers across 49 countries). This wealth of options means you can find a connection almost anywhere in the world. ExpressVPN also allows unlimited server switches, which lets you test out as many as you’d like to find the fastest connection. And once you do, boy, is that connection fast. ExpressVPN finished at the very top of our speed test, slowing down browsing by less than 10 percent without compromising anything in the way of security (the network is SSL secured with 256-bit encryption).
Combine high speeds with two of the cleanest desktop and mobile apps we tested, and ExpressVPN is a perfect service for people who prefer not to be reminded by slow connection speeds that they’re using a VPN service. It’s pretty stable at those speeds, too; none of the connections we established were dropped at any point of the test. The only real downside we could find was the price: At nearly $100 per year, ExpressVPN is considerably more expensive than NordVPN, without offering much more. It may be worth it if you use a VPN primarily for streaming and other activities that necessitate super-fast speeds, but otherwise it’s hard to justify paying that much more.
Private Internet Access offers a lot of things we like: Speed, a responsive support team, thousands of servers for you to hop between, and a low price. It runs just $40 a year, roughly half the cost of a subscription with NordVPN. In short, Private Internet Access is a VPN that does what it says it’s going to do, and does it on the cheap.
And as you can see from the screenshot above, Private Internet Access also offers compelling features such as a kill switch, DNS leak protection, and PIA MACE, which automatically blocks ads and malware when engaged. There’s even IPv6 leak protection, which ensures that you stay protected when connecting to an IPv6-enabled website (more on that later).
But as you can also see from the screenshot, that is one ugly and unintuitive app. And we found the website similarly confusing. We only recommend Private Internet Access to experienced users who just want a VPN that won’t skimp on the truly important stuff, like speed and security. If you’re new to using VPN services and need help getting set up, this provider will be harder to figure out than our other picks.
Other VPN Services to Consider
We wouldn’t normally suggest a free VPN service, since our research suggests that these providers are typically slower, and offer less-stringent security plus a generally underwhelming experience. But Cyberghost's free VPN hit all of our check boxes, and if cost is your sole determining factor, you won’t find a better free option. The service is easy to use and offers all of the key protections we look for in a top VPN, including shared IPs, a kill switch, and DNS leak protection. There are a few trade-offs: You can only connect on one device, and during our speed tests, service slowed down by about 40 percent, enough of a difference that browsing could become frustrating. If you can spare just a few dollars a month, we’d suggest our budget pick, Private Internet Access, as a more reliable option.
Additional Tips for Secure Browsing
Be cautious about the details you share on social media.
Robert Schifreen, the founder of SecuritySmart and an expert on internet security, warns that a VPN won’t help you if you aren’t smart about how you use the internet. Social media sites like Twitter and Facebook are one area where he sees a real vulnerability.
“If you want to get hacked as a result of using social media, it’s very easy. Just make sure you post loads of personal information. Make it public. And use the same password on your social media accounts as you use everywhere else.”
“A lot of that data — What elementary school did you go to? What was your pet’s name? — is really easy to get from social media profiles,” Golbeck explains. Instead, make sure your security questions revolve around topics that no one else is likely to know, whether long-buried childhood nicknames or hobbies you’ve never shared with anyone.
Invest in a secure password manager.
Between the danger of having your password stolen, the necessity of periodically changing your password to keep Facebook and Gmail happy, and the experts who warn against using the same password for all of your accounts, it can be a struggle to keep up with your own credentials. A good password manager can be a lifesaver, keeping track of all your login info for you — all you have to do is remember one master password.
- Don’t rely on the password manager embedded in your browser. You’ve probably gotten the helpful browser prompts: “Do you want Chrome to remember your password?” Just say no. Wired reports that web browsers don’t have the same commitment to encryption that third-party managers do. Opera, for instance, experienced a data breach in 2016 that exposed the log-in credentials of 1.7 million users.
- Do use an encrypted, third-party password manager. Unlike your web browser, these providers rely upon incredibly complex algorithms that are nearly impossible to crack. We like Dashlane, which offers both a free service tier and a $3.33 a month service tier, and you can also look into similarly priced options like 1Password ($2.99 a month).
Don’t forget about antivirus software, lock screens, and secure connections.
These suggestions might feel too simple to matter, but they all bear repeating:
- Make sure your devices have a lock-screen enabled. Setting your phone down or walking away from your laptop for even a minute or two in a public place can pose a security risk. This may seem like an obvious precaution, but 64% of people don’t use a screen lock at all. For phones, we’d also suggest taking advantage of long passcode options: iPhone goes up to 6-digits, and Androids allows 16 digit passwords.
- Invest in good antivirus software for your computer. Large companies like McAfee, Norton and Kaspersky are perennial favorites, and free antivirus providers like Avast and AVG are also popular (although you’ll have to put up with ads.) These services help flag potential issues if a hacker does slip through your defenses.
- Always check to see if you’re using a secure http connection. When logging onto email or using a social media site like Facebook, look at the URL and make sure there’s a green lock followed by “https” at the front. This means you’re connected through a secure http connection, which ensures that a website is only sending you encrypted information. “If you’re on a site and it’s not secure, just put that ‘s’ after the ‘http’ in the address bar, and on a lot of sites it will switch you over to a secure encrypted connection,” says Golbeck. It should look like this:
- If you’re a Google Chrome user, Golbeck also recommends using the Do Not Track extension so that third-party advertisers can’t track your activity across the web.
- Set up remote wipe, in case your phone is lost or stolen. If you can’t find your property, you can at least protect your information. This setting can be toggled through iCloud or Google Sync, and all data will be remotely erased once your phone is connected to the internet. (PCMag walks you through setup, if you’re not sure how.)
- Don’t ignore your operating system updates. While they often pop up at the most inconvenient times, clicking “remind me later” can be a security risk. These OS updates often patch up security holes, so that hackers and bots don’t gain entry as they become more familiar with the system.
You can set up your router with a VPN.
Rather than connecting to your VPN manually each time you log into the internet, your devices can be automatically routed through a VPN-enabled wireless router. Since the router is the device that distributes WiFi, when a VPN is installed on it, anything connecting to the router is also encrypted. This also allows you to encrypt devices that aren’t typically VPN compatible, like smart TVs and gaming consoles. The only downside is that you’ll have to sacrifice some bandwidth and speed: Expect about a 10 percent reduction.
You can either go the DIY route, or buy a router that comes pre-configured with a VPN. If you opt for DIY, first be sure that your router is compatible with your VPN service (as a client, not server). This information is usually found on the VPN’s website, but in general, any router that supports DD-WRT will work. You’ll work through your router’s access portal, where there should be a menu option for VPN. By adding a VPN client profile, selecting your encryption level, and saving all your settings, you can get a VPN tunnel set up fairly painlessly. Once you’re done, check that the VPN is live by doing a leak test, on a site like ipleak.net. It should display a virtual location, where your VPN server has settled, instead of your actual location.
If you’re in the market for a router, you can also check out our review of the best wireless routers: We especially liked the Asus AC88U for VPN configuration.
If you’re worried about ID theft, look into an identity monitoring subscription.
The best VPN service, coupled with the precautions we’ve listed above, go a long way toward mitigating the risk of having personal data stolen, but if you still crave extra peace of mind, it may be worth looking into an identity monitoring service. We look at some of our favorites in a separate review. Though these services can’t prevent your information from being stolen (that’s where a VPN can help), they can ensure you’ll know about it as soon as it happens and will guide you through the steps to resolve the issue.