Research before subscribing to a VPN
While many would probably disagree, I consider VPNs essential when it comes to improving your privacy and security on the Internet.
The past couple of years have seen a surge in VPN services that all try to get a piece of the market that grew significantly ever since Edward Snowden revealed how national agencies tracked users across the Internet.
There are big differences between VPN services, from price and availability to privacy and traffic.
While it is easy enough to sign up for any one of those services, it is usually not a good idea to do so before you research the service to make sure it offers all the features you require of it.
Not all questions may be relevant to your use case. If you just want to improve your privacy and security for regular web browsing for instance, you may not care about logging, or whether a service supports P2P or media streaming.
Or, if you want to protect your data while traveling and using hotel Wi-Fi or public connections, then you may not really be interested in anonymous payment options.
Basic questions can be answered quickly usually by browsing the website of the VPN service. They help you sort out the services that are not suitable for you, and help you get a clear comparison of different services that may be suitable.
You should get answers for the following questions:
- How much does the service cost (discounts)?
- Which plans are offered?
- Unlimited bandwidth / traffic?
- What are the payment options (important for anonymity, Bitcoin, Gift cards, cash)?
- Which devices are supported (desktop, mobile, router)?
- How many devices can connect simultaneously to the VPN?
- How many countries and servers are available?
- Is a free trial offered?
- Money back guarantee?
- Support availability?
Advanced questions dig deeper into the service. They address privacy and security related questions but also others that are more technical in nature.
- Does the service or used third-party services keep any logs? If so, for how long and what.
- Which company operates the service and what is the company's jurisdiction?
- Does the company own and control the servers the VPN operates from, or are they controlled by third-party companies?
- Does the company who operates the VPN share data with third-parties?
- Which encryption algorithms and protocols are supported (weakest, strongest)?
- Does the service offer DNS, IPv6 and WebRTC leak protection?
- Is a Kill Switch supported which turns off traffic if the connection to the VPN drops?
- Is the company using a Warrant Canary?
- What's the actual download and upload rate you get when using the service (works best for services that offer free trials).
These questions are important to some users but not all users.
- Does the service allow P2P traffic?
- Do Netflix or other streaming services block the VPNs IP range?
- Is the VPN usable in country xyz?
Some questions may be hard to answer. If a service does not offer a free trial or speed test for instance, you cannot really say anything about your throughput unless you subscribe to it and test it.
The same may be true for information that the company that operates the VPN does not reveal on the website.
The only option you have then is to contact them to ask them directly about it, or drop them and check out other services that are more open about it.
A good starting point for your research is this VPN comparison chart on Google Docs. It answers many of the questions which helps you sort out VPN providers that are not suitable for your use cases.
It is still a good idea to verify the findings.
Now you: Did I miss a question? Let me know in the comments.
14 eyes? Freedom status? Whats all that about? It isn’t mentioned in the article.
14 eyes refers to certain countries that share signals intelligence with each other (https://en.wikipedia.org/wiki/UKUSA_Agreement#9_Eyes.2C_14_Eyes.2C_and_other_.22third_parties.22).
I don’t know about freedom status.
Freedom by country is ranked here:
I hope all GHacks readers are free to read the many interesting reports on the above site.
According to popular lores – which are oversimplified ideas with a source on truth – the 5 Countries (US, UK, CAN, AUS and New-Zealand) are the main actors in Echelon. More wide groups are always found into NATO Countries. Good Source for these jokes:
Jokes, Yes… because by subscribing to any VPN (except local and private ones, created by home users) you always be more logged and more visible. The trick is to use protocols in a different way from their common use. Chatting over DNS? Yes.
That’s one example. Best solution is allow your grandma in another continent to setup and run a VPN Connection only for you.
Martin, you continue to perform an excellent service to the world community. I wish my command of German was half as good as your command of English. When it comes to logical thinking and concern for individual liberties, we are about even.
Now, if I call up the Google Docs VPN comparison chart link you provided above, will I get put on a user list?
Even if I don’t click that link, now that I have revealed my concern here about potentially being put on a list, will I then get put on a list of people who would rather not be on a list?
Not sure what you mean by being put on a list. You can access the document without being signed in to your Google account, and save it to the local system.
Everything hosted on Google Corp. servers is ‘on a list’ so to speak.
Does it allow the torrent protocol?
I’m interested in what you have to say Martin, please continue with this subject. Servus!
Your timing of this article couldn’t be better. Thanks.
That chart Martin linked is excellent, but keep in mind that it comes from someone’s research of publicly available information rather than from specific interviews / questionnaires sent to the companies. I have found some mistakes in there in the past.
However, this is a great place to start your search.
Just to be clear: When your browser asks for an IP online, it’s query goes into many AS (Autonomous Systems) and some of those AS is surely listed here:
Evading the monitoring is difficult if not impossible. So the only solution is:
– use different means
– use encryption
– use fantasy
Imagination… by differentiating the way you communicate you make harder to monitor the sums of your activities.
If Bob calls Anna and they chat on Facebook everything is logged. If Bob and Anna find they are both online, then Bob could tell Anna: I send you a Message on that-other-place.
By sending encrypted mails, zipped files or alternative uses of some protocols, you get into a shadow zone and the sum of your activities is harder to grasp.
I’ve thought about using a VPN but even if a VPN says it doesn’t keep logs, or perhaps deletes logs after a certain time, it’s not possible for them to actually prove this. So I don’t use VPN.
And for privacy, in the end it just comes down to: who do you trust more/least: your ISP or a VPN…
Martin, you offer an invaluable service to humans everywhere through your site and efforts. I don’t know how you do it and I’m certain not everyone understands the true value of ghacks, but I cannot express enough gratitude.
From all of us, thanks for being the superhuman you are!
I’m on the lookout for a new VPN provider, so this overview is good news. I really like the feature about cookies found on the website of each VPN company. A no go in my opinion. recently added Privacy Badger along with Disable WebRTC, and disabled geo location ( set by default ) in firefox. it all adds up. and yes: of course none of these features makes you invisible; but they certainly show their values when I test on https://www.browserleaks.com
Martin, do you have any recommendations here? VPN companies running in Asia or Africa?
Are you taking this seriously?
How did he get all of these? Using some hackery or magic? If so, we might as well not these VPNR, as they don’t seem secure at all.
Also, do you really believe offshore VPN providers keep their TOSs and PPs? I mean, even if they break them, how could you sue them.
As you guys expect, they are out of reach of even police, right? So, how could you catch them, once they dissappear?
Haven’t you guys ever heard XeroBank or FindNot? Both of them were registered in Panama, BTW.
Also, if I were an NSA operative, I would rather set up honeypots offshore than to mess up with a US provider that has an ABA-certified privacy advocate lawyer as a full time member and has a strong tie with privacy advocate groups like EFF, as my job would be to prevent terrorists off of American soil and not to mess up with our own people in our own country.
Plus it must be cheaper than donating as much as $30,000+ every month for privacy advocate groups like EFF, as even OPO providers have register their company offshore.
At any case, look at how high Black VPN, which admitted they took some logs and called all logless VPN providers lairs at reddit numerous times, is rated!
Plus, this guy also admitted that he was their user at reddit.
Thanks Martin, this is a very useful resource, I was not aware of it. There is a HTML version here:
I’ve been using AirVPN for the last several months and am pleased with their service.