CHOICE membership

Best VPN services

There’s always the Anonymous View option on Startpage, which costs nothing, and they claim it is better than a VPN in some respects.

2 Likes

Something like startpage is fine if you only use the web and nothing else. For everything else theres a VPN. I have a lifetime licence for Ivacy, its been gradually improving over the couple of years I have had it, but I dont have it running all the time. I need to get a router which can handle VPNs. Mine appears to, but doesnt actually do the job.

2 Likes

TorrentFreak is a news site covering torrents (obviously), security, privacy, and the various legal encroachment of governments and content providers. Every year they do a VPN review asking providers for their level of encryption and their logging policies. This is the latest.

4 Likes

I use PIA and also set my parents up on it after the government brought in the metadata tracking laws last year. Will be interesting to see how VPNs are now affected at both a legal and technical level after the ALP spineless caved in yet again over the encryption bill last week.

As the attached article shows PIA is the only VPN provider who - at the time - had their claims of no-logging proven in court.

3 Likes

Worth reading before you give your hard-earned to any VPN service… the “eyes” are everywhere. Well, almost.

3 Likes

Well, the best VPN service I have come across is Ivacy VPN that I have been using for 4 days now. I know it’s too early to conclude that, but keeping in view that I got it for 87% off for This Cyber Monday, I think it was a pretty stellar deal.

How many multi-logins they have? Nord gave me 6 multi-logins per account.

I use my own VPN. I bought a VPS from a VPS provider and use that for many other things, including as a VPN.

I’m not using it for streaming, just to protect my self when Im connected to open WiFi networks.

Pros:

  • You know have better control of your data (VPS company can still snoop in your DNS and figure out certain information)
  • Cost of the VPN a bit lower if you use the VPS for other purposes

Cons

  • it’s DIY. So you have to be technical to set it up
  • need maintenance ( update software, etc)
  • only one location. It’s limited to where you have the VPS
  • If you don’t know how to protect the VPS, you can get hacked and all your data at that point can be intercepted
3 Likes

A timely warning:

4 Likes

Bleeping Computer recently published an article about VPN apps on Android. To summarise, don’t go with a free one.

If you want to use a VPN on Android or your desktop, the best application to use would be Open VPN. Most VPN providers support it, and its protocol is more secure than other commonly offered VPN connectivity options such as PPTP.

4 Likes

On Android (if I used it) the only one I would consider would be ProtonVPN which is free for one device.

I use Ivacy, when I remember. I also have a ProtonVPN account, but because of the one device limitation in the free version, only use it on my phone when out and about.

I usually check torrentfreak when I want to know what’s OK to use. I no longer use torrents, but privacy is important, even if you think you have nothing to hide.

1 Like

I would jump so quickly. Their report states 'One in five apps from the top 150 free VPN Android apps in Google’s Play Store was flagged as a potential source of malware, while a quarter of them come with user privacy breaking bugs such as DNS leaks which expose user DNS queries to their ISPs.".

Out of the 150 free ones they looked at, there still are many which would ‘pass’ their own risk assessment. Also, just because one pays for an app, it doesn’t necessarily mean they will also pass the same risk assessment. There are also paid VPNs which one can use free, with limitations (such as data allowances, number of location of VPN servers which can be accessed or number of devices it can be used on at once).

If one wants to see the 150 they tested as well as those they identified as having some sort of risk, then the full list is here.

https://www.top10vpn.com/free-vpn-android-app-risk-index/

If one is using one what has Risky Permissions, DNS Leaks, Risky Functions and/or Virus / Malware risks, it may be worth considering changing to one that doesn’t. Ones which they assess as not having such risks are also on the same website.

The Top10VPN website which did the assessment also has a page on their website which provides information on the best free VPNs. The page is here:

https://www.top10vpn.com/best-vpn/free/

It is also worth while changing permissions of any apps to a level which one feels comfortable with. I usually turn all permissions off, unless the app refuses to work with the permission off (which is not very common).

It is also worth only installing those apps which are used/needed and removing those which are no longer used.

3 Likes

Be careful which websites you trust online. While they state that they are very thorough and careful in their reviews, Top10VPN is reliant upon affiliate commissions from the very service providers they recommend!

If you choose a free VPN, ask yourself what its business model is. Nobody is running a VPN as a charity, so how do they make money if you’re not paying? The short answer is that you’re not the consumer - you’re the product, and either they are serving you their own ads on the side or they are selling your information.

As for a more reputable comparison of VPNs (no, I don’t trust TorrentFreak either), see what That One Privacy Guy has to say.

ProtonVPN looks half-decent, although it offers different and slower services to its ‘free’ plan members. Its speed (on the faster ‘paid’ servers) is abysmal!

I am a bit confused, this is the source data used and referenced in thr Bleeping Computer article.

2 Likes

Wait - you want me to be consistent?!

I certainly wouldn’t trust Top10VPN to recommend the right VPN for me; I might consider them an adequate source for some fairly basic security research. Now that I’ve had a look at their funding model, though, I suspect that the research may be somewhat less than fully transparent.

2 Likes

We’ve updated our VPN review for 2019.

6 Likes

From the inimitable Mr Schneier:

----begin quote--------------------

NordVPN Breached

[2019.10.23] There was a successful attack against NordVPN:

Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN’s network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the breach.

The revelations came as evidence surfaced suggesting that two rival VPN services, TorGuard and VikingVPN, also experienced breaches that leaked encryption keys. In a statement, TorGuard said a secret key for a transport layer security certificate for *.torguardvpnaccess.com was stolen. The theft happened in a 2017 server breach. The stolen data related to a squid proxy certificate.

TorGuard officials said on Twitter that the private key was not on the affected server and that attackers “could do nothing with those keys.” Monday’s statement went on to say TorGuard didn’t remove the compromised server until early 2018. TorGuard also said it learned of VPN breaches last May, “and in a related development we filed a legal complaint against NordVPN.”

The breach happened nineteen months ago, but the company is only just disclosing it to the public. We don’t know exactly what was stolen and how it affects VPN security. More details are needed.

VPNs are a shadowy world. We use them to protect our Internet traffic when we’re on a network we don’t trust, but we’re forced to trust the VPN instead. Recommendations are hard. NordVPN’s website says that the company is based in Panama. Do we have any reason to trust it at all?

I’m curious what VPNs others use, and why they should be believed to be trustworthy.

----end quote--------------------

I use NordVPN - not happy they have only just disclosed a 19 month old breach.

hmmmm …

But who can you trust? - of course we all know the answer is nobody …

6 Likes

I don’t want a squid running my VPN! Wait - a squid proxy? Is that anything like an octopus?

Unfortunately VPNs - while useful - present a very nice target to governments that want all the datas. A VPN based in Panama is at least outside the jurisdiction of most western spy agencies - something that cannot be said for VPNs homed in Europe or North America. Of course, if you can’t get a warrant to see everything you can still try to get in via the back door - as has apparently occurred with NordVPN.

5 Likes

What is this ‘jurisdiction’ thing of which ye speak? :rofl:

3 Likes

Everything is negotiable.
Everything has a price.

I think ‘jurisdiction’ means the price is higher because you need to buy off the system, as opposed to just a few.:wink:

3 Likes

An old thread but. VPN security remains a ‘trust us or not, we are human and have over employed people like any other technology service or company’ …

Other than employing interested hackers (or reading The Register) how many would know?

3 Likes