I’ve tried at least a dozen different providers and the two I’ve had the best experience with are Nord and ExpressVPN. They both have great apps and are really good on Mac and iOS.
The reason I use ExpressVPN is because Nord doesn’t work well in China. This was a deal breaker, when I travelled there it just wouldn’t connect to any of their servers. ExpressVPN works every time and I really like their apps.
I’ve heard good things about ExpressVPN, but have some concerns after reading this Wirecutter article. Specifically:
In recent years, a number of VPN companies including CyberGhost, ExpressVPN, PIA, and Zenmate VPN have been bought by Kape Technologies, formerly known as Crossrider. The company previously created software components that were popularly used by invasive ad programs that are largely considered potentially unwanted programs (PUPs), with many search results for “Crossrider” being instructions on how to remove it.
Wirecutter’s top pick is Mullvad. It isn’t a VPN I’m familiar with. Based on some preliminary research, it does seem to be highly regarded.
Unfortunately, anything based on Wireguard (like Mullvad) is easily blocked by the Chinese government. ExpressVPN are one of the few providers that constantly work to circumvent blocking there. In fact, it’s the only one I’ve found that consistently works. This is the main criteria for me in choosing a provider as I need to be able to work while traveling there.
From some of the above articles, it does seem that a VPN really does help with privacy. It’s also clear that many VPNs harvest data. The internet is; sadly; no longer a benign place to be. It appears everyone is after your data. It would therefore make sense to use a VPN most of the time in terms of privacy.
It’s got me to wondering whether all eggs in one basket is good? Proton Unlimited would be cheaper than Fastmail+Mullvad (or any other VPN). My fastmail is also up for renewal shortly.
I’ve noticed more battery drain on mobile with a vpn but glad your experience is better. Keeping a good, uninterrupted cell connection during travel has proved problematic at times, so usually don’t bother with a VPN anyway if I’m moving.
IVPN, Proton, Mullvad, Nord, PIA, Express, Surfshark, Windscribe all used and all seem decent to me.
In regards to the dedicated IP address question, tried one for a month on PIA, but sites that don’t like VPN’s didn’t care and blocked it anyway. Some people have better results.
From a privacy standpoint it’s a disadvantage as it effectively becomes an identifier for your traffic.
I used a VPN with a fixed IP in order to access some web services/sites which themselves limited access bro a predefined list of IP addresses.*
*I’m aware blocking by IP can be hacked around, but it’s another spike strip in the way of hackers randomly attempting to gain access to sites.
No your remarks have been useful: if I ever do use the Tor I contribute to it won’t be for security but to get round ‘firewalls’. What you have said made sense. For me it is almost a point of principle.
I thought the way VPNs work is by giving you a shared identifier with multiple other users, hence being impossible to track an individual? I’m no expert, so my understanding might be wrong!
I don’t understand it very well either. I thought something like that myself, but frankly I had no idea how it was supposed to work. And it seems to me that anything that goes through your provider can, in principle be read or identified. It worries me more than anything else, how much power Verizon have in other words.
So what’s a regular John Q supposed to do if they really want to secure their traffic?
You do indeed get the same IP address as several others, but there are different way to identify you.
For example browser fingerprinting is quite effective and that does not depend on your IP address.
I know that when you turn on a VPN your IP is switched to one they create. Sorry, but unsure as to + - of a dedicated IP.
Yeah, exactly. They solve a lot of the problems that come with the internet, and they’re relatively easy to use. Biggest problem is that criminals use them, of course, so sites start blocking or adding captcha’s, making our attempts at basic privacy harder. Using on your own banking sites in the US gets harder. Certain gargantuan retail doesn’t like them. But privacy and data security are important so you have to find them where you can.
This is a good question and there’s no simple answer. I suppose my take on it is that insecure traffic is much, much less of an issue these days but also that using a VPN doesn’t solve the problem. It only transforms it from a scenario where insecure traffic is at potential risk from a small number of unsophisticated nearby actors to one in which insecure traffic is aggregated, concentrated, and presents a much higher value target for sophisticated actors.
Fortunately nearly no important network traffic falls into the trivially insecure category these days.
The easiest way for John Q to think about it is that network between two endpoints should always be considered a hostile environment and the answer to secure communication is almost never to attempt to secure the network carrying it. So my mantra for John Q is, “If it’s not safe without a VPN then it’s not safe with a VPN.”
Solid advice and outlook, thanks for your input!
It sounds like the goal for most folks here is to simply get around content filters. There are plenty of tools out there that make rolling your own VPN pretty easy. If you’re worried about public Wi-Fi networks you can use the free version of Cloudflare. I trust them WAY more than some of these VPN providers. Really easy to setup and FREE.
Also, there are many types of VPN’s. We
Tend to throw around the term like it means one thing; kind of like “cloud”. My advice is to begin with the end in mind and keep it simple…
That usually means that you are the product instead of the customer.
What makes you feel different about Cloudflare?
(Genuinely interested, since I use other free Cloudflare services and realize I never fully thought about this myself)
Cyber is and has always been data dependent. My guess is the telemetry gained from free users improves efficacy of their paid products. Additionally, the business model is not dependent on data from this free tier of users.
I’ve done a lot of research on the company, and even have a friend and former colleague that works for them and met with the CEO prior to joining. I’m seeing them convert some extremely important customers to their platform as well.
I use the “free” product when necessary (international travel) but am also a paying customer. I think it also depends on what is motivating the company to give the product away and what it costs them to provide the service. In this case, it’s virtually nothing.
I completely agree with your take on “free” products. But, I think users are WAY better of using Cloudflare than most of these VPN providers.
There’s WARP, yes. But there’s also Cloudflare Access/Zero Trust. Both have free plans, with the later giving you more granular control over the traffic that leaves your devices unencrypted by default.
It’s all about your threat model. If the untrusted public Wi-Fi network is what you’re concerned about then using WARP is a really good option. Again, very bullish on Cloudflare. They’re doing an excellent job disrupting some of the larger players; FaaS, Object Storage, CDN, Cyber, etc.