IVPN and Mullvad are probably the best VPNs if you simply want to transfer full view of all your internet activity from your ISP to one of these 2 companies. If you want to keep your internet movements private from everyone, use Tor browser. Its slower and doesn't do udp, but it is much closer to real privacy than the commercial VPNs. Of course, if you are a high priority target of a large nation state, then Tor might not be enough for you, but for most people it works well for those things you want private. If you just want to watch movies, torrent and stuff like that, regular VPNs are the way to go.
Proton. It replaced PIA for me when it was introduced. Since I was already paying for Proton mail, there was no reason to keep paying for a separate VPN as well.
Really? Protonmail doesn't have a clean track record. They backtracked their TOS, their onion site forwards to the clearnet, and they outed a French climate activist.
Same story, made the switch and now I use the ecosystem except the password manager. It's a bunch of solid products. Tad Expensive (compared to free like Gmail) but I'm happy.
I've been trying out the password manager these past couple weeks to see how it compares to Bitwarden. Overall I've been impressed. Auto fill actually seems to be superior on Proton as it works on some sites that Bitwarden never would for me. My only real complaint at the moment is that the iOS app will log out of my account at random and it's a hassle to log back in since I don't always have my Proton pw on hand.
I use Mozilla VPN, which is just Mullvad but more expensive. I want to support Mozilla though and enjoy the integration with my multi account containers so i stick with it
If you were in with Mozilla VPN while it was in beta (for $4.99/month), you can keep that price for life as long as you have an active sub. I got lucky with that one.
I use Moz too. It works pretty well, but I do get a lot of "confirm you are not a bot" messages from Cloudflare, especially when I'm using LibreWolf to anonymize my browser headers (fingerprint).
I tried Proton (the free version), but it didn't seem as reliable and it just had too much going on. Mullvad is as simple as choosing a location and connecting.
Douglas Spink was arrested. He was then removed from the team, no longer having access to anything. Df has been the main guy for the past couple years - but that's cryptostorm becoming a honeypot, in your opinion?
Doesn't hurt to be overly paranoid, but this is to the extreme.
I have nothing invested in proving it one way or another. It is something I saw a few years ago, and thought I'd mention it now to warn others. If you think it went from honeypot to non-honeypot, then by all means use it. At the end of the day, you cannot fully trust any traditional VPN because they can do what ever they want and we'd be none the wiser, despite all the big claims. VPN's are for watching geoblocked movies and stuff like that. That's about it. If you want privacy, you'll have to look into other things.
I tried Proton for a month for I'd get A LOT of "confirm you're not a robot" when entering a lot of websites. Was really annoying. Did you ever get around that?
Some have pointed at Kape’s history. The company had previously operated under the name Crossrider and was active in the advertising space. Among other things, it installed toolbars with ‘potentially unwanted software.’ While the company has since switched to a focus on cybersecurity, this past has made some people suspicious.
I use PIA in spite of this because their excellent privacy policy has not changed since this purchase. If their policy changes I will drop them like a bad habit.
I also use PIA, for many years now. The performance for price has always been fantastic, along with their policies. However, I'm becoming worried about the company now, noticing signs of bad health. Software development and updates have stopped (I've now switched to OpenVPN). Help and documentation has stopped (and blog/news). Customer service seems extremely understaffed as well.
Personally for me all three. They offer OVPN profiles to connect even without using their software and their privacy policy includes a “no logs” clause
Port forwarding, got a good deal, reviewed well. It exports Wireguard and OpenVPN files easily, so you are not tied to their Eddie client. I'm happy with it so far.
I might be wrong, but couldn't their privacy policy stay the same but their internal policies of complying with government requests change with new ownership?
It’s been great for me. Servers all over the world, connection remains rock solid for me. I also like that they support port forwarding, which can be a godsend for some torrents.
The traffic is encrypted between my computer and a VPS located abroad that I rent, which acts as a sort of proxy. My ISP only sees traffic between me and the VPS.
All VPN software might affect bandwidth due to the increased progressing needed for encryption, but quantifying it is hard because several factors come into play : mainly the hardware and bandwidth on either side of the tunnel. Giving it a go is easy and you can check which VPS specs give you the speed you require. Regarding the number of connections, I'm not sure of the answer. For all intents and purposes I don't run into a lot of problems on a daily basis and bandwidth is acceptable on a cheap 4€/mo VPS with 2 CPUs.
Bonus tip for privacy, you can use port 443 for wireguard which makes it less obvious you're using a VPN.
I don't. Your ISP can hardly see anything you do online. Almost all websites are encrypted with HTTPS and if you are concerned about them seeing what domains you visit you can just change your dns server to quad9 or something else privacy respecting. A more valid usecase for VPN is preventing websites from tracking you IP address, downloading "Linux ISO's" or bypassing geographical blocks and for that I used mullvad but I am looking for something else now that they blocked port forwarding.
If you torrent copyrighted material in Germany, you definitely want a VPN. Private law firms "representing copyright holders" regularly request information about consumers based on source IPs/protocol/ports from ISPs with a court's rubber stamp, then send out demand letters for hundreds of euros, with a risk of thousands if you choose to fight it.
Sometimes they follow up if you ignore it, sometimes not. It is horribly oppressive.
tl;dr germans who torrent from a consumer internet service should use a vpn
Even DNS traffic and IP address and packet metadata is extremely valuable to ISPs like Comcast and AT&T. They use it to control what you can and can't do -- for example, throttling your access to streaming video services that compete with their own streaming products or partners' products. They spent millions to overturn Net Neutrality regulations so they can use what they know about your traffic to monetize you (steer you to their products).
Yup. An ISP could potentially gain some information based on the IPs you're hitting and the number/frequency of packets sent and received, but that would take serious logging and analysis on their part. It's much easier to collect data through DNS requests.
Deep packet inspection by definition requires the ability to see inside the packet, which if using HTTPS wouldn't be possible for your ISP.
They can still see the destination IP, return IP, and port number, but that's it. It would take a ton of storage to log all of that packet data though, and it'd be difficult to come up with a way not to double count it if it's going through multiple hops on the ISP network.
Logging DNS requests on the DNS server would be a much easier way of collecting that data if they wanted it. I know cloudflare collects aggregate DNS query data through their public DNS server, and Google likely does too.
@just_browsing I was just bullshitting. Sure, they would need a proxy of sorts and a certificate to open your packages if you use HTTPS. I suppose the only thing that can help with carrier surveillance is a good VPN or TOR. But even then, the VPN provider is a problem in and of itself.
What would you suggest now? IVPN and mullvad used to be my go-to VPN providers but now that they both removed port forwarding I really don't know what to use.
I wont go into much detail but ISPs can act as intermediaries in https calls and TLS would work only between you and the ISP and then ISP and the requested server. Software like Zscaler does similar stuff you can look it up if you want
I'm familiar. Other than key exchange for encrypted connections, the whole point of HTTPS/TLS is establishing who you're connecting with is who they say they are and preventing man in the middle attacks just like you described.
If your traffic was being intercepted by something like Zscaler it wouldn't be able to provide the proper signed certificate of that web address and your browser would throw a mismatch error. IT departments using such intermediaries for https traffic inspection only get around this by installing the intermediaries' root CA on your system so it's not flagged by your browser or whatever you're using for TLS traffic.
The only way someone could intercept your TLS traffic and then pass it onto you without you knowing is by having that website's private key to sign the traffic with, which is a major security breach. As soon as something like that is discovered the certificate is revoked and a new one is issued with a different private key.
I use a combination of self hosted wireguard servers at family and friends. They connect together with Tailscale. One of the endpoints connect to the Internet through Mullvad. This makes it easy for every single device I own to connect to either Mullvad or any of a number of possible regular ISPs.
Family not so much. Friends most definitely. It's awesome but takes some trust to lend ones IP out. But having almost 10 different IP addressess to choose from really helps at times. One of them lives abroad too.
I see surprisingly few mentions of WindScribe in this thread. I've had nothing but good experience with them and I always read their promo emails in full (they send very few of them, and their marketing team is hilarious)
I recently switched to windscribe from NordVPN since my initial 3 year plan was coming to an end with nord. I really liked that you can customize a plan. I only need a few specific servers to choose from so I picked those and just pay $4 monthly instead of having to buy 3 years at a time to get a good price. Makes it easier to switch if I choose to but the speeds have been incredible compared to Nord. I do wish they would update their linux client to have feature-parity with the rest of the clients (linux doesn't seem to have split-tunneling as an option).
Windscribe. Prices are great, unlimited bandwidth, and 1Gbps servers for no additional cost. They have a free tier as well. They’re very privacy focused. Been a customer of theirs for probably like 5-6 years now.
I also use Nord. I think it's fine, but self-hosted and open would be better (since you for SURE know what data is passing through and what is happening with it). With Nord it's like a "trust me bro" black box.
That said, I trust Nord enough for my needs. I don't do anything too secretive on the VPN and frankly I think the 80/20 is in favor of just using Nord over self-hosting (I don't really have time for that).
Self hosting a VPN isn't going to help hide traffic from your ISP though. Even if you "self host" on a cloud instance or rack elsewhere, you've still got ISPs there who will see all your traffic. Unless there's some other magic implied that I've overlooked?
yes but you are shifting your trust from your current isp to a different, hopefully more trustworthy, one. there is always trust somewhere in the line. it also gives the benefit of location spoofing for the destination site.
crowd blending is a valuable aspect of commercial vpns but isn't the only aspect that makes a VPN of value.
Excuse me for my lack of understanding, but why are there so many people looking to hide their traffic from their ISP with a VPN? Isn't HTTPS enough? Are you afraid of ISPs resorting to DPI or MiM to spy on their users? Is customer protection so weak in the US that ISPs are free to spy on their customers using aforementioned techniques?
Edit: I just realized that I left out people leaving under authoritarian regimes, for whom VPNs are unfortunately required to evade their government.
They have also injected Javascript into pages (selling new modems) and add(ed) unique headers to HTTP traffic so websites could identify individual users despite their best attempts.
This must have been pre-HTTPS since you'd need to MitM the SSL certificate for that to work
To me, the problem is you are instead giving over all of your info to the VPN company, and still be tracked by other means such as fingerprinting of devices, cookies/site data or browsing patterns. Is some random VPN company more trustworthy than my ISP and who’s to say they aren’t sharing the information? Plus, the could also be subpoenaed/NSLed if that’s the concern.
I'd be more willing to trust a VPN company with this data than an ISP. The former's entire business hinges on providing privacy to their customers while the latter can just sell your data to whoever they want and most people wouldn't bat an eye.
Legitimate questions, but why would it be worse for VPN companies?
The way I see it, I have no way of verifying the answers to any of these regardless of whether it's an ISP or a VPN, but I do know that VPNs have a greater incentive to provide you with proper privacy because if they were found to fail at this, the entire business dies. ISPs run no such risk, especially since many of them are effectively monopolies.
Because HTTPS protects only things you do on the site. ISP still knows which sites you connect to. Which YouTube video you are watching to. etc. F.E. in Russia ISP's have to keep logs of users interactions for half of year and give it to government when they need them.
My opinion. I can't trust any government on this planet anymore. So much fuck ups and stupid decisions. So basically every government is kinda authoritarian for me...
Yes, because they know the IPs your packets go to, but if there are multiple websites behind a single IP they won't know which one (unless you use your ISP DNS server, which you should probably not)
Which YouTube video you are watching to. etc.
No, because the URL is contained within the HTTP packets which are encrypted with SSL (the S in HTTPS), so unless the ISP does MiM, they cannot know which URL you are visiting.
Oh, thanks for this precision, I wasn't aware of this. And now that I think of it, it's obvious that the first exchange with a server has to be unencrypted
Well they changed the IP logging policy of protonmail on a dime, so who's to say that they won't change their VPN's policy? They just don't have as good of a track record as people seem to think around here.
But the point is what Swiss law is. They cannot be compelled by a court order to log data for their VPN service, but they can be compelled by a court order to log email accesses. This needs to be considered by users of Proton, and indeed it is a bad mark against them that this wasn't clear upfront before the French activist case.
I'm not saying all this to defend Proton, really. I don't even use their service anymore, but I did use the vpn for 3 years without incident.
Of course it's dissapointing that protonmail did this, although i wouldn't say that the policy was changed "on a dime", as it said that ip logging was not "on by default"^[1]^. But while dissapointing, i can imagine courts pressuring Proton to start ip logging since it's easier rather than, say, change the entire backend to not encrypt the emails anymore. But to be fair i would say that if your threat model might include the government somehow, you should probably not trust any service with sensitive details like your ip. But as protonmail does what it sets out to do (encrypt your emails + some more) and as there aren't too many alternatives exept maybe tutanota, i think i'll stick with it. As for the VPN, it's open source^[2]^^[3]^^[4]^ (atleast the clients, I don't know about the server), but as I don't know how to audit code, take that with a grain of salt. And it does semi-regular(?) audits, although the last ones seem to be from 2019(?)^[3]^ and a penetration test (or maybe it was an audit, doesnt seem like it though) from 2021^[5]^^[6]^. But they said that they're planning an audit in the next months. ^[7]^.
Selfhosted DigitalOcean VPS with SOCKS 5 SSH tunnelling for masking my home IP when web browsing and OVH VPS with OpenVPN server for masking my home IP for my local seedbox server. I don't really need commercial VPNs since I only really need basic functionality to mask my IP and I don't really need a shared service to do that.
Did you care about traces that you left behind and can be linked directly to you? Is a nice setup but if you pay DigitalOcean VPS with PayPal for example or credit card all your efforts to hide your real IP that is linked to you is useless. I don't know if this is a major concern to you, of course.
Yeah, I'm aware it's dedicated and not shared, and there's billing info etc. It's just so that websites, particularly forums etc cannot have my home IP just like that. It's an additional layer of protection.
I used to have Mullvad but it recently disabled portforwarding-support. Now I ditched it in favor of Proton since I already had a Proton subscription running. I am still looking out for a VPN that supports portforwarding though, in a way that a non-tech-savvy person like myself can run it on Linux. No idea where and how to do that now.
my own wireguard server. i use it to watch one of those iptv "all included" services as well as stream from torrents and hosters.
for anonymity i usually use, proxychains, tor or a mix of both.
VyprVPN. I'm late to the party, but I've spoken to the founder a couple of occasions, he seemed like a guy that really just wants to provide no nonsense VPN. Its not the best or fastest service, and I don't need VPN for everything, but for whatever I need, it's cheap and it's privacy friendly.
I've been trying running a VPN on my phone as a matter of course lately (Proton). I'm assuming it not only keeps your ISP from knowing where you're going but, more importantly, advertisers and trackers as well.
.
....or do I have that last bit wrong?
It can as a side option. I think Proton has something like this. It is done on DNS level. You can use something like NextDNS to achieve this things without VPN.
IVPN initially because it is very privacy focused but now I swapped to Nord because it's basically free if you get cashback offers and it seems to bypass more region restrictions for video streaming etc.
I would note that this list hasn’t been updated in 4 years. How did they gather these rankings exactly? The green/yellow/red categorizations could use some context as well.
This is another great resource, although keep in mind some of the rankings are somewhat flawed, as Tom Spark uses a data-driven approach to ranking. For instance, ExpressVPN is ranked above Mullvad largely because it performs a lot better and is much more polished, but I would always recommend Mullvad over Express.
However, in terms of finding out how VPN's compare in functionality and performance, there is no better resource.
I used to use Proton, but it stopped working in the country I travel to work in, so I changed to SurfShark as it works as a region unblocker, on recommendation from other people here.
Really? Can I ask why? I've been using them for both and had no issues that I've seen, but if they have some flaws in privacy I would like to know what they are.
Because I never got very good speeds from Proton VPN, and the feature parity has never been very consistent especially because I use Linux. I get much better speeds from Torguard and they allow port forwarding, and have an overall much more feature rich Linux client. I still subscribe to and recommend Proton, I just don't use their VPN or password manager.
For every single way that you may be using to reach out the internet, there will always going to be an exit node which won't be able to hide out itself. You may still use ssl or whatever you want (cant think of anything else that widely used) to encrypt the connection, as you normally do on your computer every time like you try to reach out a server with https. But I still take some actions that are not being encrypted between me and other side which I don't want to be related with me. So basically, I don't want some of my traffic to be exposed to ISP or any possible other threat. In order to provide that, I find a vps provider which has enough internet traffic to not use ISP to access internet(like many big tech companies do), and buy a vps from there anonymously(of course my ip is being exposed here but it is also being exposed on other vpn services and I am not doing something that important to make my ip so much important to hide). Afterwards I setup a wireguard or openvpn (depends on your needs) server and connect it from my pc. Which basically works like a vpn service that many people subscribe.
As far as I can see(if I am not mistaken somewhere), if you have a problem with this kind of protocol, then you have a problem with vpn services itself. And if you have a problem with that, and need more anonymity, you can connect to a public wifi and then a vpn and then a distributed network like tor.
I've done a lot of digging, and the only concern I've found is that the company is somehow connected to PureVPN.
I'm not paranoid, so for me this is fine. Take your own threat model into consideration.
Funnily enough, Ivacy knows basically nothing about me, since I bought the offer through a 3rd party site. I have nothing registered on my Ivacy account, aside from my email and password.
I use google one VPN. Its included with the extra storage plan I pay for. I'm curious how it compares to the other services as it's the only one I have used.
ISP says hello, seeing which sites, videos you visit and sharing this info with government. Reputable VPN's exist. Link to reputable resource for comparison.
They do hide your "real" IP address from other peers when using BitTorrent, such that angry letters from copyright holders go to the VPN instead of your ISP. The assumption is that your ISP would be more likely to snitch on you when compared to a reputable VPN.
Mullvad, iVPN
Such a gorgeous answer 🤌🤌🤌
I tried IVPN recently but had a ton of trouble getting MLB.tv streams to work. Switched back to ExpressVPN for now.
IVPN and Mullvad are probably the best VPNs if you simply want to transfer full view of all your internet activity from your ISP to one of these 2 companies. If you want to keep your internet movements private from everyone, use Tor browser. Its slower and doesn't do udp, but it is much closer to real privacy than the commercial VPNs. Of course, if you are a high priority target of a large nation state, then Tor might not be enough for you, but for most people it works well for those things you want private. If you just want to watch movies, torrent and stuff like that, regular VPNs are the way to go.
Nope, use i2p and never go to clearnet
And have 5 sites you can go to most of which are in Russian.
Also wasn’t they’re something about that group supporting Putin or something like that?
Ur right i wish more people used i2p
This.
Proton. It replaced PIA for me when it was introduced. Since I was already paying for Proton mail, there was no reason to keep paying for a separate VPN as well.
Reasonable decision. Proton is good for privacy 🙂
Really? Protonmail doesn't have a clean track record. They backtracked their TOS, their onion site forwards to the clearnet, and they outed a French climate activist.
I seriously considered switching, but they don’t offer enough storage to make it a better value for me.
Same story, made the switch and now I use the ecosystem except the password manager. It's a bunch of solid products. Tad Expensive (compared to free like Gmail) but I'm happy.
I've been trying out the password manager these past couple weeks to see how it compares to Bitwarden. Overall I've been impressed. Auto fill actually seems to be superior on Proton as it works on some sites that Bitwarden never would for me. My only real complaint at the moment is that the iOS app will log out of my account at random and it's a hassle to log back in since I don't always have my Proton pw on hand.
The answers are always going to be Mullvad, IVPN or Proton VPN. Windscribe is also a possibility.
+1 for windscribe
Such a based answer 😍😘
Mullvad VPN paid with Monero and NextDNS paid version.
Why NextDNS if you already query DNS through Mullvad?
Because I prefer the granular control that I have over my queries when I'm using NextDNS something that I don't have with Mullvad DNS.
Don't use express VPN. They make it very annoying to cancel. I thought I canceled once and it didn't work.
It takes three confirmations inside a hidden menu.
I use Mozilla VPN, which is just Mullvad but more expensive. I want to support Mozilla though and enjoy the integration with my multi account containers so i stick with it
If you were in with Mozilla VPN while it was in beta (for $4.99/month), you can keep that price for life as long as you have an active sub. I got lucky with that one.
I use Moz too. It works pretty well, but I do get a lot of "confirm you are not a bot" messages from Cloudflare, especially when I'm using LibreWolf to anonymize my browser headers (fingerprint).
Mullvad. Cheap, simple, good, and everyone here seems to be infatuated with it.
One of the best options. On par with IVPN and Proton. 😘
I tried Proton (the free version), but it didn't seem as reliable and it just had too much going on. Mullvad is as simple as choosing a location and connecting.
Solid. Very solid option 🙂
Proton
Good option for Privacy 🙂
Same, fast cheap and at least one of the absolute best when it comes to privacy.
Mullvad and Cryptostorm
Cryptostorm is a honeypot that was discovered years ago. I'm surprised anyone even talks about it still
Sources for it being a honeypot?
It was a big controversy years ago. You can take or leave the info. I don't have the time to look it up.
Douglas Spink was arrested. He was then removed from the team, no longer having access to anything. Df has been the main guy for the past couple years - but that's cryptostorm becoming a honeypot, in your opinion?
Doesn't hurt to be overly paranoid, but this is to the extreme.
I have nothing invested in proving it one way or another. It is something I saw a few years ago, and thought I'd mention it now to warn others. If you think it went from honeypot to non-honeypot, then by all means use it. At the end of the day, you cannot fully trust any traditional VPN because they can do what ever they want and we'd be none the wiser, despite all the big claims. VPN's are for watching geoblocked movies and stuff like that. That's about it. If you want privacy, you'll have to look into other things.
I don't think it was ever a honeypot, they contributed a lot to the early VPN communities, following both perfect-privacy and blackvpn.
I do not believe so, but to each their own.
Do you work for Cryptostorm?
May I ask why do you think Cryptostorm is a honeypot?
It was a big scandal some years ago and I don't have the time to look it up for you. You can take it as you like.
I pay for proton. I use it on mobile, laptop, and desktop. Its quite seamless and unobtrusive. I like a vpn that allows me to forget im using a VPN
I tried Proton for a month for I'd get A LOT of "confirm you're not a robot" when entering a lot of websites. Was really annoying. Did you ever get around that?
That's almost always caused by one of your nodes' IPs being logged doing sketchy stuff. Try picking a different route.
I often do forget I'm on the VPN and I can't figure out why I can't chromecast music to my speakers.
Private Internet Access
https://torrentfreak.com/private-internet-access-to-be-acquired-by-kape/
I use PIA in spite of this because their excellent privacy policy has not changed since this purchase. If their policy changes I will drop them like a bad habit.
I also use PIA, for many years now. The performance for price has always been fantastic, along with their policies. However, I'm becoming worried about the company now, noticing signs of bad health. Software development and updates have stopped (I've now switched to OpenVPN). Help and documentation has stopped (and blog/news). Customer service seems extremely understaffed as well.
Thanks for sharing this. I might cancel my subscription if things don’t improve then.
Why? Prices? Convenience? Trust?
The price is good, I’ve used them for many years and I’ve never had a problem.
same same
Reasonable 🙂
Personally for me all three. They offer OVPN profiles to connect even without using their software and their privacy policy includes a “no logs” clause
It’s a solid point, but VPN companies have violated “no logs” policies in the past.
https://www.bleepingcomputer.com/news/security/cyberstalking-suspect-arrested-after-vpn-providers-shared-logs-with-the-fbi/
That's concerning, but so far so good with PIA
Very good option!
AirVPN
What reasons drove you to land there?
Personally, I switched from Mullvad after they dropped support for port forwarding. I’ve found AirVPN is easier to use on that front as well.
Port forwarding, got a good deal, reviewed well. It exports Wireguard and OpenVPN files easily, so you are not tied to their Eddie client. I'm happy with it so far.
Good reasons 👍🙂
I've been using Proton for half a year, and I'm considering buying the Unlimited plan
Private internet access. It's super cheap too
I switched to Proton from PIA when I learned of PIAs sketchy new owner Kape Technologies
Fair. But afaik their privacy policy hasnt changed. i will probably drop em asap if I catch wind of something concretely nefarious tho.
I might be wrong, but couldn't their privacy policy stay the same but their internal policies of complying with government requests change with new ownership?
What’s the consistency, speed, security, scale, and availability though.
It’s been great for me. Servers all over the world, connection remains rock solid for me. I also like that they support port forwarding, which can be a godsend for some torrents.
Do you have any details tho or is it just that “it’s been good for you”
Namely security, consistency and speed
Only VPN I would trust is Mullvad
Proton was accused to give access to mails to authorities : https://www.bbc.com/news/technology-58476983
NordVPN and others are usually linked to your email + credit card stuff and you blindly need to trust them
Not only have they provided the data, but they were even called "really easy to work with" by the feds
Do you have a source for this? Thanks
Self hosted WireGuard
From a technical standpoint, how does that work? Are you being an exit-point and get to use others exit points or what am I missing here?
The traffic is encrypted between my computer and a VPS located abroad that I rent, which acts as a sort of proxy. My ISP only sees traffic between me and the VPS.
How does it effect your internet speed, and does inhibit number of connections at all?
Also self hosted Wireguard on a foreign VPS
I literally don't even notice between the VPN being enabled or disabled
All VPN software might affect bandwidth due to the increased progressing needed for encryption, but quantifying it is hard because several factors come into play : mainly the hardware and bandwidth on either side of the tunnel. Giving it a go is easy and you can check which VPS specs give you the speed you require. Regarding the number of connections, I'm not sure of the answer. For all intents and purposes I don't run into a lot of problems on a daily basis and bandwidth is acceptable on a cheap 4€/mo VPS with 2 CPUs. Bonus tip for privacy, you can use port 443 for wireguard which makes it less obvious you're using a VPN.
What does that run you? Is it more cost effective than a few dollars a month for a commercial service?
At the moment I pay 4 euros per month, so slightly more expensive than the cheaper commercial options out there but I control the software completely.
And what do you use to hide your traffic from your VPS provider? Or are there privacy focused providers out there?
That is not something I do at the moment but I would be happy to hear how other people do it.
I don't. Your ISP can hardly see anything you do online. Almost all websites are encrypted with HTTPS and if you are concerned about them seeing what domains you visit you can just change your dns server to quad9 or something else privacy respecting. A more valid usecase for VPN is preventing websites from tracking you IP address, downloading "Linux ISO's" or bypassing geographical blocks and for that I used mullvad but I am looking for something else now that they blocked port forwarding.
If you torrent copyrighted material in Germany, you definitely want a VPN. Private law firms "representing copyright holders" regularly request information about consumers based on source IPs/protocol/ports from ISPs with a court's rubber stamp, then send out demand letters for hundreds of euros, with a risk of thousands if you choose to fight it.
Sometimes they follow up if you ignore it, sometimes not. It is horribly oppressive.
tl;dr germans who torrent from a consumer internet service should use a vpn
Even DNS traffic and IP address and packet metadata is extremely valuable to ISPs like Comcast and AT&T. They use it to control what you can and can't do -- for example, throttling your access to streaming video services that compete with their own streaming products or partners' products. They spent millions to overturn Net Neutrality regulations so they can use what they know about your traffic to monetize you (steer you to their products).
Yup. An ISP could potentially gain some information based on the IPs you're hitting and the number/frequency of packets sent and received, but that would take serious logging and analysis on their part. It's much easier to collect data through DNS requests.
Deep packet inspection by definition requires the ability to see inside the packet, which if using HTTPS wouldn't be possible for your ISP.
They can still see the destination IP, return IP, and port number, but that's it. It would take a ton of storage to log all of that packet data though, and it'd be difficult to come up with a way not to double count it if it's going through multiple hops on the ISP network.
Logging DNS requests on the DNS server would be a much easier way of collecting that data if they wanted it. I know cloudflare collects aggregate DNS query data through their public DNS server, and Google likely does too.
@just_browsing I was just bullshitting. Sure, they would need a proxy of sorts and a certificate to open your packages if you use HTTPS. I suppose the only thing that can help with carrier surveillance is a good VPN or TOR. But even then, the VPN provider is a problem in and of itself.
What would you suggest now? IVPN and mullvad used to be my go-to VPN providers but now that they both removed port forwarding I really don't know what to use.
İ dont know if you are serious but https dors not mean anything, all major https websites are already decrypted anyways
Yeah... that's not how TLS works.
I wont go into much detail but ISPs can act as intermediaries in https calls and TLS would work only between you and the ISP and then ISP and the requested server. Software like Zscaler does similar stuff you can look it up if you want
I'm familiar. Other than key exchange for encrypted connections, the whole point of HTTPS/TLS is establishing who you're connecting with is who they say they are and preventing man in the middle attacks just like you described.
If your traffic was being intercepted by something like Zscaler it wouldn't be able to provide the proper signed certificate of that web address and your browser would throw a mismatch error. IT departments using such intermediaries for https traffic inspection only get around this by installing the intermediaries' root CA on your system so it's not flagged by your browser or whatever you're using for TLS traffic.
The only way someone could intercept your TLS traffic and then pass it onto you without you knowing is by having that website's private key to sign the traffic with, which is a major security breach. As soon as something like that is discovered the certificate is revoked and a new one is issued with a different private key.
So, again, that's just not how TLS works.
https://en.m.wikipedia.org/wiki/Public_key_infrastructure
Long time AirVPN user here - never had any issues.
ProtonVPN. The VPN works great. I'd use some of their other services but they're pretty restrictive unless you're on more expensive plans than I'm on.
I use a combination of self hosted wireguard servers at family and friends. They connect together with Tailscale. One of the endpoints connect to the Internet through Mullvad. This makes it easy for every single device I own to connect to either Mullvad or any of a number of possible regular ISPs.
Are all of said family and friends IT savy , or you installed them at each site yourself? Interesting
Family not so much. Friends most definitely. It's awesome but takes some trust to lend ones IP out. But having almost 10 different IP addressess to choose from really helps at times. One of them lives abroad too.
I see surprisingly few mentions of WindScribe in this thread. I've had nothing but good experience with them and I always read their promo emails in full (they send very few of them, and their marketing team is hilarious)
I recently switched to windscribe from NordVPN since my initial 3 year plan was coming to an end with nord. I really liked that you can customize a plan. I only need a few specific servers to choose from so I picked those and just pay $4 monthly instead of having to buy 3 years at a time to get a good price. Makes it easier to switch if I choose to but the speeds have been incredible compared to Nord. I do wish they would update their linux client to have feature-parity with the rest of the clients (linux doesn't seem to have split-tunneling as an option).
Support team is amazing too, got billed 13 times a while ago and they quickly refunded it + gave me an extra 3 years for free.
None atm. DNS over HTTPS cos im poor using mullvad's DNS server instead of VPN . Makes it bit more difficult for my ISP
Windscribe. Prices are great, unlimited bandwidth, and 1Gbps servers for no additional cost. They have a free tier as well. They’re very privacy focused. Been a customer of theirs for probably like 5-6 years now.
I don’t see nord on this list. Can someone tell me why the others listed are better?
I also use Nord. I think it's fine, but self-hosted and open would be better (since you for SURE know what data is passing through and what is happening with it). With Nord it's like a "trust me bro" black box.
That said, I trust Nord enough for my needs. I don't do anything too secretive on the VPN and frankly I think the 80/20 is in favor of just using Nord over self-hosting (I don't really have time for that).
Self hosting a VPN isn't going to help hide traffic from your ISP though. Even if you "self host" on a cloud instance or rack elsewhere, you've still got ISPs there who will see all your traffic. Unless there's some other magic implied that I've overlooked?
This
yes but you are shifting your trust from your current isp to a different, hopefully more trustworthy, one. there is always trust somewhere in the line. it also gives the benefit of location spoofing for the destination site.
crowd blending is a valuable aspect of commercial vpns but isn't the only aspect that makes a VPN of value.
Thanks for the answer. I just use it for torrenting and it’s convenient
Astrill, only VPN with a good track record in China where I happen to live.
Most others crap out after a few weeks or months, and never bother to fix their protocols.
Huh, interesting that VPNs work in China. I thought the GFW aggressively throttled encrypted connections?
Nah they identify the protocol handshake and block it altogether, so you need to find a VPN with a proprietary protocol that keeps updating.
It's probably a modified openvpn with some package obfuscation, but works surprisingly well.
I trust my ISP more than a random VPN provider. I use HTTPS for everything anyways.
Excuse me for my lack of understanding, but why are there so many people looking to hide their traffic from their ISP with a VPN? Isn't HTTPS enough? Are you afraid of ISPs resorting to DPI or MiM to spy on their users? Is customer protection so weak in the US that ISPs are free to spy on their customers using aforementioned techniques?
Edit: I just realized that I left out people leaving under authoritarian regimes, for whom VPNs are unfortunately required to evade their government.
This must have been pre-HTTPS since you'd need to MitM the SSL certificate for that to work
To me, the problem is you are instead giving over all of your info to the VPN company, and still be tracked by other means such as fingerprinting of devices, cookies/site data or browsing patterns. Is some random VPN company more trustworthy than my ISP and who’s to say they aren’t sharing the information? Plus, the could also be subpoenaed/NSLed if that’s the concern.
I'd be more willing to trust a VPN company with this data than an ISP. The former's entire business hinges on providing privacy to their customers while the latter can just sell your data to whoever they want and most people wouldn't bat an eye.
I'd have plenty of questions about the VPN company though. Some of these would be the same as ISPs, some worse for VPN companies.
Legitimate questions, but why would it be worse for VPN companies?
The way I see it, I have no way of verifying the answers to any of these regardless of whether it's an ISP or a VPN, but I do know that VPNs have a greater incentive to provide you with proper privacy because if they were found to fail at this, the entire business dies. ISPs run no such risk, especially since many of them are effectively monopolies.
Because HTTPS protects only things you do on the site. ISP still knows which sites you connect to. Which YouTube video you are watching to. etc. F.E. in Russia ISP's have to keep logs of users interactions for half of year and give it to government when they need them.
My opinion. I can't trust any government on this planet anymore. So much fuck ups and stupid decisions. So basically every government is kinda authoritarian for me...
Yes, because they know the IPs your packets go to, but if there are multiple websites behind a single IP they won't know which one (unless you use your ISP DNS server, which you should probably not)
No, because the URL is contained within the HTTP packets which are encrypted with SSL (the S in HTTPS), so unless the ISP does MiM, they cannot know which URL you are visiting.
Oh, thanks for this precision, I wasn't aware of this. And now that I think of it, it's obvious that the first exchange with a server has to be unencrypted
Hmm... You have way better knowledge than I am. It seems so. Should think about this things some time later 😉
Because my ISP stopped my internet access last time they were contacted by a copyright holder whose thing I torrented.
Got Express right before they sold. Going to swap very soon! Mainly looking at proton for the swap
Proton doesn't have a good privacy record a few reasons including this
The protonmail case has little to do with how they log records of protonvpn.
Well they changed the IP logging policy of protonmail on a dime, so who's to say that they won't change their VPN's policy? They just don't have as good of a track record as people seem to think around here.
But the point is what Swiss law is. They cannot be compelled by a court order to log data for their VPN service, but they can be compelled by a court order to log email accesses. This needs to be considered by users of Proton, and indeed it is a bad mark against them that this wasn't clear upfront before the French activist case.
I'm not saying all this to defend Proton, really. I don't even use their service anymore, but I did use the vpn for 3 years without incident.
Of course it's dissapointing that protonmail did this, although i wouldn't say that the policy was changed "on a dime", as it said that ip logging was not "on by default"^[1]^. But while dissapointing, i can imagine courts pressuring Proton to start ip logging since it's easier rather than, say, change the entire backend to not encrypt the emails anymore. But to be fair i would say that if your threat model might include the government somehow, you should probably not trust any service with sensitive details like your ip. But as protonmail does what it sets out to do (encrypt your emails + some more) and as there aren't too many alternatives exept maybe tutanota, i think i'll stick with it. As for the VPN, it's open source^[2]^^[3]^^[4]^ (atleast the clients, I don't know about the server), but as I don't know how to audit code, take that with a grain of salt. And it does semi-regular(?) audits, although the last ones seem to be from 2019(?)^[3]^ and a penetration test (or maybe it was an audit, doesnt seem like it though) from 2021^[5]^^[6]^. But they said that they're planning an audit in the next months. ^[7]^.
Sources: ^[1]^https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities/
^[2]^https://github.com/ProtonVPN
^[3]^https://protonvpn.com/blog/open-source/
^[4]^https://itsfoss.com/protonvpn-open-source/
^[5]^https://drive.proton.me/urls/XWPWPN079G#KSgiJSoTkysU
^[6]^https://proton.me/community/open-source
^[7]^https://www.reddit.com/r/ProtonVPN/comments/14kvy1e/comment/jsh0l7u/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button
Additional sources: https://proton.me/blog/security-audit-all-proton-apps
Please tell me if i got something wrong, i'd be happy to fix any issues
Edit: formatting issues and added back the start and the end that was removed
Selfhosted DigitalOcean VPS with SOCKS 5 SSH tunnelling for masking my home IP when web browsing and OVH VPS with OpenVPN server for masking my home IP for my local seedbox server. I don't really need commercial VPNs since I only really need basic functionality to mask my IP and I don't really need a shared service to do that.
YMMV, of course.
Did you care about traces that you left behind and can be linked directly to you? Is a nice setup but if you pay DigitalOcean VPS with PayPal for example or credit card all your efforts to hide your real IP that is linked to you is useless. I don't know if this is a major concern to you, of course.
Yeah, I'm aware it's dedicated and not shared, and there's billing info etc. It's just so that websites, particularly forums etc cannot have my home IP just like that. It's an additional layer of protection.
I use adguard VPN. I got 5 years for really cheap and it integrates well with adguard DNS blocking on my phone.
I used to have Mullvad but it recently disabled portforwarding-support. Now I ditched it in favor of Proton since I already had a Proton subscription running. I am still looking out for a VPN that supports portforwarding though, in a way that a non-tech-savvy person like myself can run it on Linux. No idea where and how to do that now.
Can you tell me why someone would need port forwarding with a VPN? Genuinely don't know.
Running some sort of server, I'd assume.
Increased access to p2p networks
Heard that AirVPN has better port forwarding support which could be an option.
Didn't know them yet, I'll look into it, thanks for the tip
Why do you trust some random VPN provider in a different country more than your local ISP?
Because my ISP is in a country where they can legally sell my data. My VPN is not.
And my VPN provider doesn't know who I am.
Because ISP's are nearly always garbage connected directly with government. So hell no, Mullvad, IVPN, Proton are way ahead local ISP's.
my own wireguard server. i use it to watch one of those iptv "all included" services as well as stream from torrents and hosters. for anonymity i usually use, proxychains, tor or a mix of both.
ProtonVPN, but I've been thinking of switching to Mullvad or maybe PIA(because of price).
VyprVPN. I'm late to the party, but I've spoken to the founder a couple of occasions, he seemed like a guy that really just wants to provide no nonsense VPN. Its not the best or fastest service, and I don't need VPN for everything, but for whatever I need, it's cheap and it's privacy friendly.
I've been trying running a VPN on my phone as a matter of course lately (Proton). I'm assuming it not only keeps your ISP from knowing where you're going but, more importantly, advertisers and trackers as well.
.
....or do I have that last bit wrong?
It can as a side option. I think Proton has something like this. It is done on DNS level. You can use something like NextDNS to achieve this things without VPN.
IVPN initially because it is very privacy focused but now I swapped to Nord because it's basically free if you get cashback offers and it seems to bypass more region restrictions for video streaming etc.
But privacy?))
Oh its not like Nord is bad in fact it ranks very well also on that front too but its not why I swapped I guess. I would highly recommend Nord.
https://thatoneprivacysite.xyz/#detailed-vpn-comparison
For example it ranks better there than PIA does which is very popular.
I would note that this list hasn’t been updated in 4 years. How did they gather these rankings exactly? The green/yellow/red categorizations could use some context as well.
Way better source for information about VPNs. https://www.techlore.tech/vpn
This is another great resource, although keep in mind some of the rankings are somewhat flawed, as Tom Spark uses a data-driven approach to ranking. For instance, ExpressVPN is ranked above Mullvad largely because it performs a lot better and is much more polished, but I would always recommend Mullvad over Express.
However, in terms of finding out how VPN's compare in functionality and performance, there is no better resource.
Not open source? Meh. But it is your choice, nothing against 🙂
Their Linux app is and hopefully they are moving more that way but yeah not as good as others perhaps there.
I cant speak for what nord actually offers but i will never use them cause the marketing they did was very agressive and very missleading. Also leaks.
Yup.
Hide.me is what I use. Had the best score when comparing features I cared about at the time.
Long time Mullvad, now AirVPN
Why switched? Prices? Regional restrictions?)
Mullvad stopped port forwarding. AirVPN gave me more ports than I'd ever need. New accounts get 5 ports.
Ah, and it has a very granular ad blocking and malicious sites blocking option.
PIA is the cheapest that supports port forwarding. But it's not to hide from ISP, it's mostly for content unblocking
TrackerControl for my android and then the router configured to use NordVPN for specific devices.
Allows me to not only allow and block telemetry and tracking for specific applications at a device level but also route traffic how I want to.
Proton
Protooon, bitches
I used to use Proton, but it stopped working in the country I travel to work in, so I changed to SurfShark as it works as a region unblocker, on recommendation from other people here.
What country does Proton not work in? Their whole thing is that they let you access the internet despite government controlled ISPs.
Good, reputable resource for VPN comparison. Link.
Express VPN.
Picked it up a few years back and it’s worked well on all my devices. Speeds are really fast.
Look into kape technology. I wouldn't use express if you paid me. Same for CyberGhost, PIA, NordVPN
Add SurfShark also to that list.
Why?
Look at this YouTube vid. https://youtu.be/8MHBMdTBlok
Here is an alternative Piped link(s): https://piped.video/8MHBMdTBlok
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
Thanks. Probably a good time to start shopping around.
What does Kape have to do with Nord VPN?
ProtonVPN mostly when I need to VPN. Got a plan with them with email and this works well.
tinc
What about nord vpn? Is it still good?
For privacy - mehmehmeh. For Geo restrictions - yup, very good.
Really? Can I ask why? I've been using them for both and had no issues that I've seen, but if they have some flaws in privacy I would like to know what they are.
Go here to understand why it sucks for privacy.
calyxvpn
This this some kind of bot trap post?
?)))
None, I only use anti DPI and dnscrypt-proxy since our govt told ISPs to sniff internet connection using DPI
Used to use Proton, now use Torguard.
Why not Proton anymore?)
Because I never got very good speeds from Proton VPN, and the feature parity has never been very consistent especially because I use Linux. I get much better speeds from Torguard and they allow port forwarding, and have an overall much more feature rich Linux client. I still subscribe to and recommend Proton, I just don't use their VPN or password manager.
👌🙂
Expensive!
If you mean Torguard, they're actually extremely cheap if you don't care about streaming compatibility. Using an affiliate link gets you 50% off.
50% off torguard is still insanely expensive
Riseup VPN
Kinda low speeds but private and free. Good option!
windscribe, but i might switch to mullvad
Vpn unlimited and adguard vpn
What reasons drove you to that decision?)
@FarLine99 I use Vyper, but I'll be honest, I don't know much about VPNs other than the basics.
Self hosted
How does this help keep you private since it's only your traffic using the host? Can you help me understand?
My mistake, sorry. I should have also said on a vps.
That doesn't change the fact only your traffic is coming from that vps's ip
For every single way that you may be using to reach out the internet, there will always going to be an exit node which won't be able to hide out itself. You may still use ssl or whatever you want (cant think of anything else that widely used) to encrypt the connection, as you normally do on your computer every time like you try to reach out a server with https. But I still take some actions that are not being encrypted between me and other side which I don't want to be related with me. So basically, I don't want some of my traffic to be exposed to ISP or any possible other threat. In order to provide that, I find a vps provider which has enough internet traffic to not use ISP to access internet(like many big tech companies do), and buy a vps from there anonymously(of course my ip is being exposed here but it is also being exposed on other vpn services and I am not doing something that important to make my ip so much important to hide). Afterwards I setup a wireguard or openvpn (depends on your needs) server and connect it from my pc. Which basically works like a vpn service that many people subscribe.
As far as I can see(if I am not mistaken somewhere), if you have a problem with this kind of protocol, then you have a problem with vpn services itself. And if you have a problem with that, and need more anonymity, you can connect to a public wifi and then a vpn and then a distributed network like tor.
Ivacy VPN
Got a lifetime deal for 30 bucks.
Fantastic. Lifetime VPN? Too good to be true. But privacy will be bad I assume.
Yes, correct.
I've done a lot of digging, and the only concern I've found is that the company is somehow connected to PureVPN.
I'm not paranoid, so for me this is fine. Take your own threat model into consideration.
Funnily enough, Ivacy knows basically nothing about me, since I bought the offer through a 3rd party site. I have nothing registered on my Ivacy account, aside from my email and password.
Good approach. Basically, if you are anonymous for provider, then you are good to go. Congratulations 🤌
Thanks? lol
You are very active in your own topic. Feels like you genuinely care.
Now let's switch the table, shall we? Which VPN do you use?
I use google one VPN. Its included with the extra storage plan I pay for. I'm curious how it compares to the other services as it's the only one I have used.
lol. Hide your private traffic by routing it all to Google
Such a virtual PRIVATE network 😏
Very private indeed
None. I use HTTPS websites that protect my data.
Wireguard.
vpn's are not what you think. They just more your traffic somewhere else. Honestly just use https only and you'll be fine
ISP says hello, seeing which sites, videos you visit and sharing this info with government. Reputable VPN's exist. Link to reputable resource for comparison.
They don't though unless your not using https for some reason
They do hide your "real" IP address from other peers when using BitTorrent, such that angry letters from copyright holders go to the VPN instead of your ISP. The assumption is that your ISP would be more likely to snitch on you when compared to a reputable VPN.
The VPN company is legally required to report you just as much as your ISP
That's true, but you can hope they don't keep logs, or hope they don't know your identity.