The Best VPN Service
There’s no such thing as total internet security (or anonymity), but using the best VPN service is the first step you can take to protect your identity online. We looked at over 100 VPN providers and tested the best to determine which offered the most robust and reliable security measures, the fastest connection speeds, and the most competitive prices.
Fast and simple, this service met all of our requirements for top-notch security while you browse the web, including multiple encryption methods and up to six simultaneous connections. Even better: It's pretty to look at and only $69/year.
A heftier $100/year, but it performed best in our speed tests.
Private Internet Access
A clunky, unintuitive web portal, but it's only $40/year.
- January 19, 2018 - We’ve updated our review to include additional tips for secure web browsing. We’ve also made some light changes to our methodology to include up-to-date sources. Our top picks haven’t changed — we still think NordVPN is the best VPN service for most users. But we’ll be taking a comprehensive look at additional providers over the next couple of months, with another updated slated for this March.
The Best VPN Service
“VPN” stands for “Virtual Private Network,” and it’s exactly what it sounds like: an online network that keeps prying eyes away while you surf the web on your laptop or mobile device. A VPN essentially takes the data you send online — which includes personal information such as your IP address — and disguises it so that nobody spying from another computer can identify who’s sending it, or where it’s coming from. The best VPN allows you to continue using the internet at normal or close-to-normal speeds, but scrambles outbound data enough that hackers and government officials will have a much harder time tracking your every movement.
Do you need one? After speaking with security experts, we’d frame like this: If you wouldn’t ask a complete stranger to hold your wallet for you, then you shouldn’t be using public WiFi without a VPN service. And “public” doesn’t just mean your average coffee shop. Even if your WiFi connection is password-protected and comes from a trustworthy source, like a hotel or a university, a VPN service can seriously boost your online security.
If you're looking for additional options, ExpressVPN had the fastest connectivity of any VPN service we tested — a must for users whose primary concern is streaming videos — and also provides top-notch security, but at nearly $100 annually, costs a little more than NordVPN. If you’re looking for a low-cost VPN option that will still get the job done, Private Internet Access has no frills, but gives you the most bang for your buck (or your bitcoin, as the case may be) for just under $40 per year.
But no matter which service you choose, be warned: VPNs are not a one-stop security shop. “If someone really wants to get at what you have, there are tons of ways for them to do it,” explains Jennifer Golbeck, a computer scientist and world-renowned internet security expert at the University of Maryland, College Park. A VPN service improves your online privacy, but even the best cannot make you totally anonymous (as some services imply). A good VPN is “absolutely the first priority if you’re on public WiFi,” Golbeck told us. But she notes that it’s most effective when used in conjunction with other common-sense security measures, such as an online backup service and a solid password manager — we look at some of these additional options down below.
How We Found the Best VPN Services
A lot of people are worried about their information being stolen. We found countless blogs and online forums dedicated to internet security as we prepared to write this review, and it’s a valid concern. The Pew Research center found that, as of 2016, the majority of Americans (64%) report personal experience with a data breach, from hacked social media accounts all the way up to credit card and tax fraud. And if 2017’s enormous Equifax breach is any indication, the situation is likely to get worse before it gets better.
We cut services not compatible with both Android and iOS mobile devices (or that require a separate subscription for desktop and mobile).
Are you reading this on a smartphone? If so, you’re not alone. As of 2017, the Pew Research Center reports that 77 percent of Americans have smartphones (up from two-thirds when we first published our review in 2015). And we’re not just using them to text. Fifty-one percent of US adults report making an online purchase via smartphone in the past year. These figures are likely to keep increasing — and so will mobile data breaches. “Intercepting data is just as easy to do via a phone,” Golbeck explains, “but people use VPNs a lot less frequently on their mobile devices than they do on their laptop computers.”
Given the rise of smartphones, we feel that the best VPN services should seamlessly cover both desktop and mobile: A single subscription should cover multiple devices, and the VPN should work across multiple devices (including Android and iOS) without any issues. Though nearly all VPN services can be “hacked” to work on Android and iOS devices, a surprising number offer no onsite support and no guarantees in terms of compatibility. Cryptostorm, for example, forces users to seek out crowd-sourced guides on the member forum and hope for the best.
Contrast this with a service like ExpressVPN, which not only works across Android and iOS devices, but also features an incredibly easy-to-use mobile app that connects on demand and doesn’t waste a ton of battery life. VPNs that are a pain to use on mobile (or charge extra money to do so) simply aren’t worth your time.
AlwaysVPN, BartVPN, Bee VPN, Boleh VPN, BTGuard, Buffered VPN, CitizenVPN, Cryptostorm, EarthVPN, Elephant VPN, Faceless.Me, Ghost Path, IPinator, Liquid VPN, NeXTGenVPN, OkayFreedom, Proxify, ProXPN, SecretsLine, Secure Tunnel, SecureVPN.to, Spice VPN, Surf Bouncer VPN, SwissVPN, Unblock US VPN, Unspyable, VikingVPN, VPN.AC, VPN4ALL, VPNBook, VPNMaster, VPNv6, Zen VPN
VPN services that didn’t use shared IP systems got cut, too.
An IP (Internet Protocol) address is a unique series of numbers assigned to a computer or gateway to identify it on a network. Every computer has one, and one of the primary goals of a VPN is to hide yours so no one can use it to track you online. One way VPNs do this is by using shared, anonymous IP addresses that mix in your internet traffic with other client traffic.
VPN services tend to offer two different kinds of IP systems: shared and dedicated. In a dedicated IP system, VPN users are assigned a single IP that is unique to them and not shared by any other users. In a shared system, users are assigned multiple IPs that are being used by a large pool of clients at the same time.
But internet security expert and darknet researcher Bev Robb told us that if you’re serious about protecting your privacy, a shared IP is the only real option. “I would disqualify a VPN service that does not use shared IP systems,” she says. In fact, “if they don’t clearly state that they use shared, anonymous IP systems, I would be wary.” In Robb’s mind, the goal of any VPN service should be to “blend in with the crowd.” So we cut services that didn’t make it clear that they use shared IP systems or allow users to switch back and forth between shared and dedicated systems.
AceVPN, ActiVPN, AzireVPN, Blockless, Global VPN, GoTrusted, GTS VPN, HideIP VPN, Hotspot Shield, Ivacy, Kepard, Liberty VPN, LogMeIn Hamachi, My Private Network VPN, NolimitVPN, PandaPow, Privatoria, SaferVPN, Seed4.Me, ShadeYou, Smart DNS Proxy, SpotFlux, Steganos, Sun VPN, SuperVPN, Switch VPN, Total VPN, Trust.Zone, TunnelBear, VPN Baron, VPN Land, VPN Makers, VPN Tunnel, VPN.ht, VPNinja, WASEL Pro VPN
Not having a VPN kill switch was also a deal breaker.
The whole point of a VPN is to help you stay as anonymous as possible, so we wanted to be extra sure that even in worst-case scenarios, our top picks wouldn’t accidentally release your personal IP address. If a hacker manages to track down your true IP address, they may be able to steal your browser information, router information, and details regarding your internet provider — a pretty good “starter kit” for gaining access to your computer’s hard drive. They might even be able to use your IP address to cloak their own illegal activity, meaning you might come home one day to a scowling FBI agent at your door.
When a VPN connection is working properly, this is almost never an issue. But sometimes VPNs get disconnected or fail to work, and that’s when it’s important to have a feature known as a kill switch.
Think of the kill switch as a referee observing your internet connection from the sidelines. If there’s any kind of change in your IP address or if the VPN unexpectedly drops, it will blow a whistle and stop the session entirely. Just as a basketball player can’t keep shooting after a foul has been called, your computer won’t be able to connect to the internet until a secure VPN connection has been reestablished.
If you don’t have a kill switch when your VPN drops, you’ll stay connected to the internet and your true IP address will be exposed for all the world to see. Worse, you might not even know it. “It’s important to know if your connection gets terminated, but it’s just as important to know what the service does in case that happens,” says Robb. “Does the company kill the connection, or do you just hang there with no VPN? You definitely don’t want to be hanging there with no VPN.”
We should note that some services call their kill switch by a different name (Hide My Ass!, a company that knows a thing or two about great names, calls its “Secure IP-Bind Technology”). But to make it into our next round, a VPN service had to have some form of clearly identified kill switch.
AirVPN, Anonine, Anonymizer, Astrill, BlackVPN, CactusVPN, F-Secure Freedome VPN, FrootVPN, IronSocket, KeepSolid VPN Unlimited, OverPlay, PerfectVPN, SecurityKISS, StrongVPN, SurfEasy, TheSafety.US, TigerVPN, UnoTelly UnoVPN, VPN Reactor
We also cut services that rely on a third-party DNS.
If you’re sensing a theme here, it’s that security is really important when it comes to picking the right VPN service. And one of the biggest security risks we encountered in our research involves DNS.
What is DNS? DNS (Domain Name System) basically works like a telephone directory for the internet, assigning a unique IP address to each domain name. When you type in the name of a website like Reviews.com and hit “Enter,” your request goes to a DNS server, which then sends you back the IP address that corresponds with that website.
If a VPN service gets its IP addresses from a third-party DNS server that it doesn’t control, that third party could be logging your requests without you (or your VPN service, for that matter) knowing about it.
“A third party could definitely log DNS requests,” warns Robb. “My preference is to go with a VPN provider that owns their own data servers and hosts their own DNS servers.” This protects your web history and ensures that all of your requests remain encrypted, as opposed to sending requests in unencrypted form to a third-party DNS. It’s not enough that a VPN service advertises “no logs” if it uses a third-party DNS such as Google DNS, which happens to be one of the most common third-party DNS solutions out there.
While private DNS servers aren’t totally invulnerable to DNS leakage, they do take away the third-party risk. Services like VyprVPN and ExpressVPN do a great job of explaining the benefits of private, encrypted DNS on their websites, while services like Hide My Ass! automatically resort to third-party DNS servers like OpenDNS without much explanation (VPN Shazam’s disclaimer literally amounts to: “It’s complicated! Just trust us!”). We think “no logs” should really mean “no logs,” so we cut from contention any services that don’t use their own, secure servers.
Hide Me, Hide My Ass, LimeVPN, Noodle VPN, PrivateVPN, PureVPN, TorGuard, VPN Area, VPN Shazam
Finally, we cut any services that didn’t pass our speed test.
At this stage, we were left with 13 remaining contenders, all of which boast the security of an armored tank. But the problem with most tanks is that they’re slow, and we wanted to find one that drives like a Lamborghini. Most VPNs tend to slow down browsing and streaming to some extent, but we hoped to find a service that disrupted our typical browsing experience as little as possible.
For our speed test, we selected 35 popular websites — the top 35 websites from the Alexa Top 100. We then used a Terminal-based command known as “curl” to request each of these 35 websites in sequence and get a readout of the average time it took each VPN to connect to each site. We repeated this test three times per provider. (Note: We had to drop VPN S at this stage, since it wouldn’t connect at all, despite our repeated attempts. Needless to say, this was not the experience we were hoping for.)
In fairness, speed is partly determined by geography: how far away a VPN’s server is from your computer’s location. To account for this variable, we tested multiple servers from each provider and averaged the results. IP Vanish, for example, has servers located in Dallas, Chicago, and Los Angeles, so we tested each once and then took the average of the three. For greater uniformity among our results, we only tested servers in similar locations of the US when possible. We also tested the connection without a VPN multiple times to measure the extent to which each VPN was slowing it down.
IVPN and ExpressVPN turned in the most impressive speed results, each showing a less than 10 percent decrease in speed with the VPN connected. NordVPN and Private Internet Access also turned in acceptable speed scores, with each slowing down browsing by about 10 percent. The worst speed scores belonged to Proxy.sh, OctaneVPN, and Invisible Browsing VPN, which slowed down speed by more than 60 percent. The latter two didn’t help their cause with unwieldy (or just plain ugly) desktop interfaces.
Though it doesn’t translate to “speed” in the literal sense, we were impressed by ExpressVPN and other services that allow unlimited server switches, as this lets users test out as many services as they want to find the absolute fastest connection during each browsing session.
Cyberghost, Invisible Browsing VPN, Mullvad, OctaneVPN, Proxy.sh, Slick VPN
Our Picks for the Best VPN Services
We poked and prodded to find cracks in NordVPN, but we couldn’t find anything that failed to impress us about this simple, elegant, and highly secure VPN service. At $69 for a full year of service, it ranks among the less expensive options (Golden Frog’s VyprVPN, by contrast, can cost as much as $120 per year) but still offers more premium features than just about any other service out there. Users can choose from three encryption methods (PTP, L2TP/IPSec, and OpenVPN) to further customize their security on desktop and mobile, and a single subscription covers six simultaneous connections. That’s three more than other top contenders like IVPN and Proxy.sh, giving you a perfect excuse to go out and buy those three extra cell phones.
These features are all nice on paper, but we truly fell in love with NordVPN once we tried it for ourselves. Connecting to a VPN every time you log onto the internet can seem like a real pain — and with some services it is. VPN S, for example, was never able to establish a stable connection in multiple tries, while OctaneVPN offered up a clunky, confusing desktop interface that reminded us of the ‘90s for all the worst reasons.
But NordVPN’s simple, dedicated mobile app for Android and iOS allows you to establish a secure connection with just a tap of your finger. A lot of VPNs feel like they’re made for coders or criminals — just check out the cheesy image on SlickVPN’s homepage — but NordVPN offers an inviting, unintimidating interface for all levels of user.
While NordVPN probably won’t give you the fastest speeds possible, it’s well above average: Our tests indicated a roughly 14 percent decrease in browsing speed, and since we’re talking milliseconds here, it’s a discrepancy we didn’t even notice. To sweeten the deal, NordVPN also offers dedicated streaming servers.
Another stand-out feature? NordVPN offers an additional level of security simply because it’s based in Panama and operates under Panamanian jurisdiction. Unlike other countries, Panama has no mandatory data-retention laws, so users can be absolutely sure that the company’s “no logs” promise doesn’t contradict local laws. This isn’t something that most people need to worry about, but it does reinforce the notion that NordVPN protects your information as well as — if not better than — any other service out there.
And finally, it’s surprisingly pretty to look at. Rather than simply displaying a list of servers and countries, NordVPN presents you with a beautiful interactive world map that works great on both desktop and mobile. If you do decide to switch over to the list format, it clearly displays the exact distance of each server from your current location, ensuring that you always know where your best connection will be.
Best for Streaming
As with NordVPN, we are huge fans of ExpressVPN’s clean, simple desktop and mobile interface, which doesn’t bog you down with unnecessary information, but makes it clear that you’re protected. A large graphic of a padlock clicks into place as soon as you successfully connect to a server, and bold green and red color-coding leave no doubt as to your current state of security.
ExpressVPN offers 136 server locations spread out across 87 countries (versus NordVPN’s undisclosed number of servers across 49 countries). This wealth of options means you can find a connection almost anywhere in the world. ExpressVPN also allows unlimited server switches, which lets you test out as many as you’d like to find the fastest connection. And once you do, boy, is that connection fast. ExpressVPN finished at the very top of our speed test, slowing down browsing by less than 10 percent without compromising anything in the way of security (the network is SSL secured with 256-bit encryption).
Combine high speeds with two of the cleanest desktop and mobile apps we tested, and ExpressVPN is a perfect service for people who prefer not to be reminded by slow connection speeds that they’re using a VPN service. It’s pretty stable at those speeds, too; none of the connections we established were dropped at any point of the test. The only real downside we could find was the price: At nearly $100 per year, ExpressVPN is considerably more expensive than NordVPN, without offering much more. It may be worth it if you use a VPN primarily for streaming and other activities that necessitate super-fast speeds, but otherwise it’s hard to justify paying that much more.
Best If You're On a Budget
Private Internet Access offers a lot of things we like: Speed, a responsive support team, thousands of servers for you to hop between, and a low price. It runs just $40 a year, roughly half the cost of a subscription with NordVPN. In short, Private Internet Access is a VPN that does what it says it’s going to do, and does it on the cheap.
And as you can see from the screenshot above, Private Internet Access also offers compelling features such as a kill switch, DNS leak protection, and PIA MACE, which automatically blocks ads and malware when engaged. There’s even IPv6 leak protection, which ensures that you stay protected when connecting to an IPv6-enabled website (more on that later).
But as you can also see from the screenshot, that is one ugly and unintuitive app. And we found the website similarly confusing. We only recommend Private Internet Access to experienced users who just want a VPN that won’t skimp on the truly important stuff, like speed and security. If you’re new to using VPN services and need help getting set up, this provider will be harder to figure out than our other picks.
Other VPN Services to Consider
We wouldn’t normally suggest a free VPN service, since our research suggests that these providers are typically slower, and offer less-stringent security plus a generally underwhelming experience. But Cyberghost's free VPN hit all of our check boxes, and if cost is your sole determining factor, you won’t find a better free option. The service is easy to use and offers all of the key protections we look for in a top VPN, including shared IPs, a kill switch, and DNS leak protection. There are a few trade-offs: You can only connect on one device, and during our speed tests, service slowed down by about 40 percent, enough of a difference that browsing could become frustrating. If you can spare just a few dollars a month, we’d suggest our budget pick, Private Internet Access, as a more reliable option.
Did You Know?
It’s easier than you think to get hacked through social media.
Robert Schifreen, the founder of SecuritySmart and an expert on internet security, warns that a VPN won’t help you if you aren’t smart about how you use the internet. Social media sites like Twitter and Facebook are one area where he sees a real vulnerability.
“If you want to get hacked as a result of using social media, it’s very easy. Just make sure you post loads of personal information. Make it public. And use the same password on your social media accounts as you use everywhere else.”
“A lot of that data — What elementary school did you go to? What was your pet’s name? — is really easy to get from social media profiles,” Golbeck explains. Instead, make sure your security questions revolve around topics that no one else is likely to know, whether long-buried childhood nicknames or hobbies you’ve never shared with anyone.
Invest in a secure password manager.
Between the danger of having your password stolen, the necessity of periodically changing your password to keep Facebook and Gmail happy, and the experts who warn against using the same password for all of your accounts, it can be a struggle to keep up with your own credentials. A good password manager can be a lifesaver, keeping track of all your login info for you — all you have to do is remember one master password.
- Don’t rely on the password manager embedded in your browser. You’ve probably gotten the helpful browser prompts: “Do you want Chrome to remember your password?” Just say no. Wired reports that web browsers don’t have the same commitment to encryption that third-party managers do. Opera, for instance, experienced a data breach in 2016 that exposed the log-in credentials of 1.7 million users.
- Do use an encrypted, third-party password manager. Unlike your web browser, these providers rely upon incredibly complex algorithms that are nearly impossible to crack. We like Dashlane, which offers both a free service tier and a $3.33 a month service tier, and you can also look into similarly priced options like 1Password ($2.99 a month).
Additional security measures are also important: antivirus software, lock screens, and secure connections.
These suggestions might feel too simple to matter, but they all bear repeating:
- Make sure your devices have a lock-screen enabled. Setting your phone down or walking away from your laptop for even a minute or two in a public place can pose a security risk.
- Invest in good antivirus software for your computer. Large companies like McAfee, Norton and Kaspersky are perennial favorites, and free antivirus providers like Avast and AVG are also popular (although you’ll have to put up with ads.) These services help flag potential issues if a hacker does slip through your defenses.
- Always check to see if you’re using a secure http connection. When logging onto email or using a social media site like Facebook, look at the URL and make sure there’s a green lock followed by “https” at the front. This means you’re connected through a secure http connection, which ensures that a website is only sending you encrypted information. “If you’re on a site and it’s not secure, just put that ‘s’ after the ‘http’ in the address bar, and on a lot of sites it will switch you over to a secure encrypted connection,” says Golbeck. It should look like this:
- If you’re a Google Chrome user, Golbeck also recommends using the Do Not Track extension so that third-party advertisers can’t track your activity across the web.
But you don’t need to worry about using your credit card — as long as you trust the site.
Concerned about identity theft?We take a look at identity monitoring services in a separate review. These services do nothing to prevent sensitive data from being stolen (that’s what measures like a VPN are meant to do), but they ensure that you’ll find out about suspicious account activity almost immediately.
Because VPN services are so concerned with anonymity, nearly all of them offer the option to pay via PayPal or bitcoin instead of a credit card. This is a nice option to have, but Golbeck says that paying with a credit card isn’t actually that risky, so long as you aren’t on an unsecured WiFi connection. “A credit card is often a good way to pay for things, because in many countries you’re covered if the VPN operation turns out to be a scam,” she notes.
None of our top picks are scams, so no worries on that front. But the same rule of thumb holds true for other credit card transactions. Many credit card companies offer some form of protection that ensures you’re not on the hook for fraudulent charges.
You’ll probably never be totally secure, so act accordingly.
No level of encryption or security feature is enough to keep you totally free from being spied on, so don’t treat the internet like it’s your own personal playground. The best a VPN can do is make it much harder for hackers to see your activity, and that’s usually more than enough for most people. But if you happen to be a journalist with sensitive information or a person that the National Security Agency (NSA) is targeting, don’t bet on a VPN protecting you. “If you’re a target, they’ll be able to get at you,” cautions Golbeck, who warns that some hackers or agencies might even resort to physically stealing your computer. If you do suspect that you’re being individually targeted, think twice before trusting your fate to a VPN and ignoring other security measures, including everything from malware protection to physical locks.
IPv6 leaks may be a cause for concern.
To understand what IPv6 is, it helps to know what IPv4 is. Until a few years ago, all IP addresses were defined by the Internet Protocol version 4, or IPv4. But when IPv4 addresses started running out around 2011, a new protocol — IPv6 — was created to expand the total available number of web addresses. Because IPv6 is still relatively new, most VPNs don’t do a great job of directing IPv6 traffic through their secure tunnels. This means that, when your browser makes an IPv6 DNS request, it may not be protected by your VPN.
This is referred to as an “IPv6 leak,” and it may compromise your security if and when it occurs. Some VPNs offer the option to disable IPv6 requests in the OS, but if you really want to be sure that you aren’t experiencing IPv6 leakage, test your IPv6 connectivity using test-ipv6.com. The good news is that most VPNs, including all of our top picks, are in the process of adding IPv6 support, and this problem should be temporary. It’s hard to say when IPv6 will be fully deployed, but it now accounts for roughly 20 percent of internet users. Google continuously updates a chart that shows the percentage of users accessing the site over IPv6, and that’s as good an indicator as any.