
VPN Report – Reviews of the top VPNs - mobitar
https://vpnreport.org
======
kelnos
What's the intended audience for this? As a tech-savvy person, reading his
commentary on TunnelBear completely discredited his site in my eyes. He talks
about things that are completely irrelevant and are incredibly silly to even
remotely care about from a VPN provider.

Despite his listed criteria at the top, the star ratings and rank order seem
to be based on how the provider made him _feel_ , and has nothing to do with
actually how secure and privacy-protecting the provider is. (To be fair,
though, without inside knowledge, it's hard to evaluate how up-and-up they
are.) Based on _his own metrics_ , PIA should be listed as #1, not #8; it's
the only one that hits all nine of his "Important" list.

I'm completely baffled as to why this list was constructed as it is.

On a side note:

"First, I'm upset at Private Internet Access because I had to modify this
site's CSS just for their needlessly long name."

Are you kidding me? Really?

~~~
posguy
PIA has a surprisingly broad reach, financially and in some cases structurally
supporting Freenode, Snoonet, Fight For the Future, EFF, Software Freedom
Conservancy and many more.

Its actually unnerving how many of the same projects and groups they support,
in some cases being the main benefactor.

[https://www.privateinternetaccess.com/pages/companies-we-
spo...](https://www.privateinternetaccess.com/pages/companies-we-sponsor)

~~~
fmap
Unnerving is definitely the wrong word. If you want to be negative about it,
this is just really good advertising to a tech savvy audience. I honestly just
switched my VPN subscription over to PIA after reading this list...

------
abstractbeliefs
Regardless of how you feel about _why_ PIA sponsor the organisations they do,
it is surprising to see someone claiming they "perhaps put [their money] to
better use" given their record of supporting foss and digital/online rights
[1].

Additionally, the characterization as being extremely focused on the tech
illiterate I feel isn't really the case either, they have lots of docs about
how to use OpenVPN [2].

Thirdly, while there's no online free trial, at DEFCON and other events they
do liberally hand out free trial cards.

The above points, as well as reading the commentary, leads me to believe that
the author hasn't spent much time at all using or understanding the various
product offerings, and the written review and star-score seem to clash with
the high feature based score listed above. I can't speak at all for the other
providers, but I don't feel like PIA at least has been well researched.

[1] [https://www.privateinternetaccess.com/pages/companies-we-
spo...](https://www.privateinternetaccess.com/pages/companies-we-sponsor)

[2] [https://www.privateinternetaccess.com/pages/client-
support/](https://www.privateinternetaccess.com/pages/client-support/)

As full disclosure, I'm a unpaid volunteer for a non-profit PIA has
contributed to. I have used in the past, but do not currently use, PIA VPN.

~~~
mobitar
PIA actually scores as one of the highest on the objective measures. The star
count is just a subjective impression and experience with getting it set up.
They connect over HTTP on startup instead of HTTPS (which is unacceptable for
a privacy company). They then ping almost a hundred servers on startup (no
other app does this, at least not to this extent).

~~~
rasengan
Hi mobitar. Thanks for the highest score in regard to the objective measures.
Regarding the subjective impression and experience, I'd like to let you know
what's going on. If you feel that this changes your impression, it would be
great to update accordingly!

The HTTP connection upon startup is for the region data request which is
signed and verified upon receipt. It's tamper proof, but you can read it. It's
something that anyone with the client can read, and the client is free to
download.

Arguably, it's more secure to entrust the communication from PIA to the client
software itself than to blindly entrust it to HTTPS which has provably been
compromised due to bad actors in the past.

We're in #privateinternetaccess on irc.freenode.net to discuss anytime as
well!

Thanks for everything mobitar and for taking the time to produce this report.

~~~
rasengan
Sorry mobitar, I forgot to address the pings. This is to find the best
(closest by network latency) path to you. We're really focused on providing
the best possible experience, and that experience is simply providing what we
do best, in the most unobtrusive way possible.

And to that extent, when it comes to your privacy and fighting for your
internet civil liberties, we'll be second to none.

Cheers,

Andrew

~~~
arca_vorago
I've seen PIA being very active and friendly, along with supporting FOSS which
I love, so I say good work.

That said, a question: is there a way for a power user to control this startup
ping mechanism in favor of using a single server they have selected as the
best? The only reason I see to not do this would be if your IP ranges are
volatile time-wise for some reason. Or perhaps I'm missing another factor?

~~~
rovr138
If you're using the app, I know you can choose a server instead of "Auto". Not
sure if it does the pings.

You can bypass the app. I've identified some servers that work good and are
close to me and just use a separate app with the profiles/configuration I
need. (You can use the built in VPN on your OS or use the OpenVPN app directly
for example if you want).

There are options.

------
joshstrange
Private Internet Access

> A pretty boring company. Extremely transactional. You get in and get out. It
> delivers its experience the way a utility company would. Sometimes, that may
> be a good thing. But in this case, since I have choice, I'd rather give my
> money to a company who would appreciate it a little more — perhaps put it to
> better use.

PIA might be very "transactional" but I like them and I've never had any
issues with their service. I'm surprised it didn't get a better rating. I
don't need a flashy VPN, a utility is exactly what I'm looking for.

~~~
mobitar
They connect on port 80 (HTTP instead of HTTPS) on startup. That's
unacceptable for a privacy company.

~~~
jwfxpr
> That's unacceptable for a privacy company.

 _Why_?

The fact of a connection being established in port 80 is to do with how TCP/IP
works. You aren't even claiming to understand what _protocol_ is in use on
port 80, not to mention whether the data is in the clear, what it is for, etc.
This isn't _analysis_ , it's... something far short of analysis that I can't
think of a kind name for.

------
sp00ls
Lol this site is a joke, how much is TunnelBear paying him for the top spot?
They're the only VPN provider I see consistently spending money on marketing
and sponsoring YouTube videos. 'Fun to use'..what? I don't care if my VPN is
'fun', I want it to protect my privacy.

He mentions that 2 of the VPNs are 'uninspired'. Sorry, I didn't realize that
tunneling traffic to protect privacy was an art project and not a technical
one.

FWIW I've used PIA for 2 years now with no issues. A TON of torrenting has
gone through them and they don't care in the least. In addition when their
Russian servers were seized I received an email immediately letting me know
their current situation and about their key changes due to the event. Plus
they no longer do business in that location due to it. Pretty top notch
company in my eyes even if their site does look 15 years old.

~~~
cityzen
I agree. I have been using PIA for years and though it is not always blazing
fast, it does the job and is very easy to use on both OSX and iOS. I found it
really strange that PIA was the only one that hit all 9 of the highly
desirable but was "very transactional". I felt the same way about the "fun to
use" thing.

------
tptacek
To steal (and paraphrase) what is basically the perfect summary of this from
@SwiftOnSecurity:

Commercial VPNs: for when you want all the security of Ukrainian coffee-house
wifi from the comfort of your own home.

Taylor Swift isn't wrong about this. Use something like Algo to run your own
VPN if you have to. If you must use a commercial VPN to get to Netflix or
whatever, do it from inside a virtual machine that you use for nothing but
that.

~~~
Scarbutt
I heard VPNs don't work on netflix anymore.

~~~
throwaway91111
Sort of; they are good at flagging VPN ips but you can always spin up your own
to get around this.

~~~
tyingq
I assume they are pretty good about blocking popular VPS host ip addresses
too, though.

So not just spinning up your own, but finding a VPS host they don't yet know
about.

~~~
buildbot
Something that can work well on a limited scale is if you have access to ssh
into company/edu servers around the world - then you can use sshuttle and your
traffic looks like it coming from a company/university campus.

~~~
rovr138
Have friends that went back to their homes for summer. They're logging to
their universities via the school VPN to watch game of thrones and other
things...

------
LeoPanthera
This guy has been reviewing VPN services for a while and has put together an
incredibly comprehensive table as well as a selection of more detailed
reviews, selected from the list at random so as to remain impartial.
Recommended.

[https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

For example, TunnelBear scores highly on security, but poorly on ethics.

~~~
davepeck
I suspect that, for less savvy potential customers (read: the vast majority of
them), "That One Privacy Site" can do more harm than good.

I wrote a bit about choosing VPNs, and about my concerns with TOPS, here:
[https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-
vpn...](https://davepeck.org/2017/04/16/why-its-hard-to-choose-a-vpn-
provider/)

PS: Since this is HN, I just want to say that if you can, you should run your
own VPN. Use Algo, full stop -- it's put together by some of the best in the
business. If you _do_ decide to go with a third party provider, hopefully the
six criterion I suggest in my post are helpful.

~~~
WillyTheWalrus
So much wrong about this blog post - first, written by the creator of a VPN
company, someone obviously biased, with a stake in the industry:

Many of the items you claim are not addressed by TOPG absolutely are.
Questionable/sketchy product marketing & SEO, ethical business practices, etc
are all covered in the detailed comparisons Ethics section. Other items you
claim he SHOULD look at go against his methodology and are impossible to
indepdently verify - such as technical architecture and sustainability.

The main purpose of jurisdiction is to see which countries are more likely to
illegally spy on its citizens and which have a track record of being an "enemy
of the internet". You claim a VPN located in the US (like the one you made and
have a stake in) are subject to government agencies such as the FTC, but many
if not most of these companies are regularly allowed to flout FTC rules on
native advertising and bad SEO and such which is why the industry is largely
in the misinformation mess that it is - and we all know about Five Eyes and
why that matters - any laws claiming to protect its citizens are kind of
negated by programs such as PRISM, XKeyScore, and every other one we've
learned about from Snowden.

You claim you get suspicious of TOPS reliability is because the data is wrong
on Cloak - "TOPS claims that Cloak’s native apps leak IPv6 and DNS traffic."
The detailed comparison actually shows whether the service officially tunnels
or actively blocks IPv6 and runs its own first party DNS server. This is
worded plainly in the header and further explained in the glossary. Lastly, if
these are actually not the case for yours or any service, all he requires is a
link to the official site where the data can be validated. I'm wondering if
the point of the article was a lead up to the end in an attempt to turn people
away from TOPS so your joke of a service (which surprise surprise, didn't
score so well on the chart) isn't seen for what it is.

~~~
davepeck
Whoa there, WillyTheWalrus!

Thank you for creating a new and anonymous HN account just to deliver your
important message.

Alas, it is confused in many particulars. Normally I wouldn't feel the need to
reply to posts such as yours, but today the oppressive heat wave seems to have
lifted from Seattle _and_ I happen to have a delicious coffee beverage in
hand.

So I'll bite:

> First, written by the creator of a VPN company

Guilty as charged. That I co-founded a VPN company is disclosed quite clearly,
both here on HN and on my blog. Let there be no confusion. :-)

> someone obviously biased

It's hard to judge another person's biases from afar. I generally refrain from
accusing others of bias when I don't know.

But I definitely understand how you might reach the wrong conclusion here. If
it helps, I will reiterate that I am no longer with my old company (I sold it
quite some time ago); I no longer have skin in the VPN game.

\---

Before I dive into your specific points, I want to make a meta-point that
seems to have been missed both by you and by other people who responded to my
post:

TOPS is, in the right hands, a valuable resource. The person who built TOPS
appears to have extremely good intentions and has done an amazing amount of
useful work.

The problem isn't TOPS in isolation. The problem is when TOPS gets in the
hands of the typical unsavvy potential purchaser of VPN services. It is my
belief that the right axes on which to judge VPN services are _fundamentally_
resistant to objective measure. In my experience, unavvy customers armed only
with objective information are likely to go astray.

Okay, on to the specifics:

> Questionable/sketchy product marketing & SEO, ethical business practices,
> etc are all covered in the detailed comparisons Ethics

Let's take a look at the current ethics columns. Today, they break down more-
or-less into two buckets.

The first bucket has to do with affiliate marketing and effectively asks three
questions of both the VPN provider and its affiliates: is SPAM avoided, is the
copy ethical and is disclosure followed properly? Alas, the gradations of
unethical behavior run pretty deep in the VPN affiliate world (ask me over
beer sometime), and go far beyond copy and disclosure. TOPS is providing
useful information here, but capturing the fullness of affiliate behavior
would probably require an armada of columns.

The second bucket is for "good faith" behavior and has exactly three columns,
including "contradictory logging policies" (do they say 'no logging' but it
looks sketchy?), "claims 100% effectiveness" (nobody can!), and "incentivizes
social media spam". These are interesting in a shallow sort of way... alas,
it's hard to go particularly deep while remaining objective.

Which brings us to the crux of the matter:

> Other items you claim he SHOULD look at go against his methodology and are
> impossible to independently verify

Yes and, again, this is the point of my post!

I believe that some of the _most important attributes of a VPN provider_ to
consider are precisely the ones that cannot be objectively measured. In other
words, trust signals are potentially _far more important_ than many of the
objective columns on TOPS. Perhaps I argue this unsuccessfully, but there you
have it.

At the end of my post, I suggest six trust signals to look for. These are
things that, realistically, cannot be captured objectively. These are also
things that I recommend to all potential VPN customers. A handful of VPN
providers (including the one I co-founded and providers like TunnelBear and
VyprVPN) fit the bill.

> The main purpose of jurisdiction is to see which countries are more likely
> to illegally spy on its citizens and which have a track record of being an
> "enemy of the internet"

Yup, the US is bad... which has little to do with whether a VPN provider based
in the US is fundamentally trustworthy.

There's a bunch of muddled discussion in your paragraph that follows, so I'll
just say this: if one of the "bad" countries wants to get at your VPN traffic,
do you really think it matters where your VPN provider is located? If the NSA
wants your data, they'll probably find a way to get it.

I will provide one specific ding against US-based VPN providers that you _didn
't_ mention: they're subject to National Security Letters. NSLs typically come
with a gag order, so providers must both comply _and_ cannot say they have
done so. That's quite bad; there's a lot of political momentum in the US right
now to change this.

> The detailed comparison actually shows whether the service officially
> tunnels or actively blocks IPv6

This column on TOPS is a bit confusing and in my opinion needs to be fixed,
since it's effectively using a binary to handle tripartite state. The three
possible states seem to be: IPv6 is blocked, IPv6 is supported, and IPv6 isn't
blocked and actually leaks. I suppose the right thing to do is to have two
separate columns.

I elided this detail in my post, I think reasonably so. But it's a good point
to make for people looking at TOPS.

> runs its own first party DNS server

Which the service I co-founded does, despite TOPS's claim to the contrary. A
minor data inaccuracy; given the complexity of maintaining TOPS, I don't count
this against them. I say as much in my blog post.

\---

> I'm wondering if the point of the article was a lead up to the end in an
> attempt to turn people away from TOPS so your joke of a service

Y'know, it really annoys me when thirsty randos show up on the Internet to
cast aspersions. But I'll resist the temptation to go further and just have
another nice sip of coffee instead. :-)

------
revanx_
"The following VPNs were not reviewed due to their website experience being
poorly designed. This can mean heavy use of stock photos, utter disregard for
detail, difficult navigation, excessive and hard to follow text, non-
defaulting to HTTPS, and overall poor usability. "

And apparently that applies to AirVPN? Lol, this guy lost all credibility,
this is just another "honest and totally not payed for online review", thats
why tunnelbear is righ there at the top (you see their commercials everywhere)
and he even says it's his favorite VPN.

0/10

~~~
Accacin
That's what it feels like to me too. No mention of Mullvad either? One of the
most recommended VPN providers and highly regarded.

~~~
wingerlang
Mullvad, what an unexpected word to read on HN. It means mole (as in the
animal) in Swedish. Pretty clever name.

They do have an image of it in their website, but the connection might not be
obvious still.

~~~
surge
It's a Swedish company.

------
mathgenius
> PIA, Somewhat boring company.

I fail to see how being a boring company has anything to do with the service
they offer. If anything, being boring is a very good thing.

~~~
rovr138
No fluff. Down to business.

Sounds like a perfect provider. Prices are clearly stated on the site. You get
what you pay for. They have some guides for people that might need more help
setting it up.

...¿? I don't really need fun. Just want something that's boring, quick and
works.

------
wepple
> Extremely bland, stock-photo website. I felt uncomfortable giving them my
> email address, let alone my payment info.

That's not valuable information.

> A heavily marketed product lacking inspiration which I ultimately couldn't
> get to work properly.

At this point you've given up even trying. It's not a useful comparison any
longer.

~~~
matt4077
This comment is a nice example of how the "I'm a rational person and only
features matter"-mindset actually works against its stated goal.

With any VPN provider, there are certain crucial features where you have to
trust them, "no logging" being the most prominent.

Since you're unable to get to the actual truth (until it's too late), you're
left with trying to get a sense of the provider's character: are they
supporting open source projects in the privacy space? Do they advocate for
causes you believe in (by, for example, participating in the net neutrality
blackout)? Do they take pride in their work ("show source" may be helpful
here)? Do they have humour?

None of these are definitive. But in my experience, it's actually pretty hard
for people who aren't members of a certain community to emulate it
convincingly.

~~~
wepple
I agree with your basic premise, and I definitely use some kind of fuzzy gut
feel metric when doing my own evaluations. That said, if someone is claiming
to do an unbiased review, we need more than gut feel.

If your goal is no logging and one of your metics is "Do they have humor"?
You're in deep trouble.

------
kevinr
lololol. Half of these VPN vendors show up on Kenn White's VPN Hall of Shame
for offering unsafe configurations:

[https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa](https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa)

For anything actually sensitive, you're better off not using a VPN than using
a VPN which provides an unsafe configuration.

If you'd rather not do your own pager duty for something like Algo, here's a
recommendation I put together a while ago:

[https://free-dissociation.com/blog/posts/2017/03/quick-
and-d...](https://free-dissociation.com/blog/posts/2017/03/quick-and-dirty-
vpn-advice/)

~~~
eatbitseveryday
Regarding the blog post you shared [0]

> In general, US persons today on residential broadband are safest not using a
> VPN.

> Only connect to US-based VPN servers while in the US. Even if your VPN
> provider offers servers outside the US.

What? No reasons given. Smells like FUD.

[0] [https://free-dissociation.com/blog/posts/2017/03/quick-
and-d...](https://free-dissociation.com/blog/posts/2017/03/quick-and-dirty-
vpn-advice/)

~~~
DennisP
In the two comments at the bottom, someone asked about both those points, and
got detailed answers.

------
chairmanwow
As someone living in China, a VPN provider that doesn't provide direct
download links to their Android client is completely useless. The only way for
me to install an app from Google Play store is to flash a custom ROM and
install the Google Play Store, install another VPN (?!!) to access the Play
Store, and then download the app in question.

Furthermore, the fact that Apple has just pulled VPN apps from its App Store
and the unfortunate fact that you can't sideload apps makes iOS an untenable
OS choice.

~~~
rahimnathwani
> ... Apple has just pulled VPN apps from its App Store and > ...you can't
> sideload apps makes iOS an untenable OS choice.

I'm pretty sure you can still install VPN apps (e.g. Potatso 2) from the iOS
App Store, although perhaps they're not available if you're logged in with a
China iTunes account. iOS allows you to install apps from multiple iTunes
accounts on the same device, though, so this doesn't seem like much of a
limitation.

(Not sure if they're also blocking by IP address.)

~~~
chairmanwow
Yeah. I was referring to installing the applications from China. I was unaware
of the ability to add a non-Chinese iTunes account to circumvent the issue.
Thanks for correcting me!

------
bitskits
Sad to see AirVPN excluded. While their website isn't the most elegant I've
seen, it's not user hostile enough to abandon altogether, IMO.

It also seems a bit odd to rate VPNs on their specific technical merits and
features, and then disqualify for their homepage UI or sign up flow. I'd
venture most VPN customers would tolerate a lot of ugliness for a truly
private, secure, and reliable service. I would.

~~~
rb666
Agree. I have been with AirVPN for years, after having tested many other of
the highly rated VPN's. AirVPN has a functional website, works great within my
Linux containers and is overall very stable. Highly recommended.

------
Raphmedia
I _strongly_ recommend using That One Privacy Site's detailed VPN comparison
charts. There is a lot more information in there.

[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

Edit: Link to his charts as a Google Document
[https://docs.google.com/spreadsheets/d/1L72gHJ5bTq0Djljz0P-N...](https://docs.google.com/spreadsheets/d/1L72gHJ5bTq0Djljz0P-NCAaURrXwsR1MsLpVmAt3bwg)
for a much better usability than the widget on the website itself.

------
anglebracket
> The screenshot of their app on the iOS App Store shows a bunch of credible
> logos of their mentions, but then quotes "VyperVPN is the best service on
> the market" as coming from a reddit comment by a random user. Questionable
> tactic.

That's referring to reddit the company, and it was quoting one of reddit's
sysadmins: [https://www.goldenfrog.com/blog/reddit-gives-every-
employee-...](https://www.goldenfrog.com/blog/reddit-gives-every-employee-
vyprvpn-business-account-secure-private-online-communication)

~~~
mobitar
Ah good catch, will update that.

------
cgtyoder
Pretty surprised F-Secure Freedome wasn't mentioned - they're a major player
and well-respected.

~~~
kisstheblade
Same thing here. From a respectable company / country, and has been working
wonderfully for me.

------
abalone
Interesting this showed up on HN the same day as the exposé on Facebook's
Onavo VPN logging its users activity.[1] I'm guessing Onavo should be put on
that list and given zero stars.

[1]
[https://news.ycombinator.com/item?id=14972125](https://news.ycombinator.com/item?id=14972125)

------
lalos
PIA has a kill switch on its client. That makes it for me. Lose the VPN
connection and you lose the internet connection.

------
jk2323
"The only thing harder than finding a VPN provider is finding an honest VPN
review website."

100% true since the "best VPN" likely has the highest affiliate commission.

In fact, websites that claim honesty and transparency like BestVPN and
VPNMentor actually display pop-up alerts advertising their highest rated VPN.

"I built this website because I wanted to finally get to the bottom of the
question: which VPN providers are trying to build an honest long-term brand
while also delivering an exceptional product experience?"

This is a fair metric. Unfortunately useless for most VPN users but this is
another question. And to give him credit: He does not use affiliate links.

I suspect that he knows little about VPNs and why many users have to use them.
By the way, I suspect most of these VPNs to fail in China!

Astrill.com is good for China.

vcp.ovpn.to has a good reputation regarding privacy.

------
deadlyllama
I'm disappointed that Mo flat out disregards options "due to their website
experience being poorly designed." A slick website means that money was spent
on the website.

I've been using EarthVPN[1], one of his unreviewed options, for several years,
and am very happy. It's cheap and cheerful, but yes, the website isn't great.
The company is registered in Cyprus, and at USD40/year with three concurrent
connections (from the same IP) and servers in many, many countries, it's a
great way to bypass geoblocked websites.

[1]
[https://www.earthvpn.com/billing/aff.php?aff=1378](https://www.earthvpn.com/billing/aff.php?aff=1378)

~~~
wikibob
Does it currently work with Netflix?

~~~
deadlyllama
I haven't tried. I use one of their UK servers for iPlayer, with dnsmasq and
policy routing so that Netflix NZ still works. I should try putting the Roku's
default route through the US.

That's the advantage of several connections from the same IP :-)

------
gambiting
Why is private Internet access so low? It ticks almost all boxes, has a native
client for windows/Linux/Mac/android/iOS and I have used it on a 300Mbps
connection with no degradation of speed. Yet here it gets 2/5 stars? Why??

------
kevindong
Are you really prioritizing "fun" over an objectively better (by your own
metrics) service (picking TunnelBear rather than OVPN)?

\---

You also seem to be prioritizing aesthetic appeal over function. Is there a
reason for that?

> TunnelBear has somehow figured out how to make VPNs fun.

> Extremely transactional. You get in and get out.

> Heavy use of stock photos, fake customer service agent profiles, and
> sensational marketing copy.

> Extremely bland, stock-photo website. I felt uncomfortable giving them my
> email address, let alone my payment info.

> But I sort of like it when companies show more humility.

> First, I'm upset at Private Internet Access because I had to modify this
> site's CSS just for their needlessly long name.

------
toomanybeersies
Obviously not ideal for non-technical users, but I found it really easy to
spin up a VPN on Digital Ocean.

I'm sure it wouldn't be hard to make it almost a turnkey operation, just run
the script and you're good to go, and then it would be a viable option for
non-technical people.

Of course, not ideal for anonymity, but a perfectly fine solution for if you
want the security benefits of a VPN, or to get around geoblocking (I
originally spun up my VPN to watch something that was geoblocked, now I keep
it for when using open wifi connections).

~~~
newbear
Where do I learn about how to do this?

~~~
avtar
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

------
mtmail
Too be honest despite your reassurance I still expected that there would be
affiliate links, purchase cookies or other tracking somewhere (I checked, all
good). Thanks for sharing your reviews!

~~~
lanewinfield
god forbid they make money for their time (and money) spent!

~~~
mtmail
I don't mind affiliate links. I mind when ratings, scores, ordering of results
are influenced by payment from the reviewed companies. Or companies get
excluded because they don't offer affiliate programs.

Example [http://www.top10bestvpn.com/](http://www.top10bestvpn.com/) "Please
be advised that the operator of this site ACCEPTS advertising COMPENSATION
from certain companies that appear on the site, and such compensation IMPACTS
THE LOCATION AND ORDER in which the companies (and/or their products) are
presented, and in some cases may also IMPACT THE SCORING that is assigned to
them." (emphasis mine)

------
mstaoru
I'm still looking for a reliable provider that would support openconnect and /
or wireguard. Alas, here in China OpenVPN-based VPNs are getting more and more
flaky, with talks of shutting down completely soon (not talking about the fake
Bloomberg article). IPSec and Socks5 never really worked. Streisand only
really works on AWS and having an AWS public IP means no Google most of the
time (they block whole IP ranges), annoying Cloudflare captchas and other
quirks.

~~~
Macuyiko
I once tried to set up OpenConnect on one of my servers as I heard it provided
good results in China. Not only was the setup process relatively annoying, it
was also relatively quickly throttled by the GFW. Shadowsocks / Lantern /
ExpressVPN combo remains the best working option for me ATM.

~~~
mstaoru
Interesting. I had decent results with openconnect over daily rebuilding
t2.nano instances in ap-* regions. Didn't try wireguard yet since I have a
Mac, but UBNT ER-X is on the way and it has wireguard support.

------
gmac
I've been considering setting up a slightly different VPN service — one that
provides each user their own dedicated VPN server (based on my IKEv2 config
script,
[https://github.com/jawj/IKEv2-setup](https://github.com/jawj/IKEv2-setup)).

100% vapourware web presence here:
[http://digitalsnorkel.net/](http://digitalsnorkel.net/)

Feedback?

~~~
jwfxpr
Who is your target market?

I have used both personal VPS hosted and commercial VPN systems at various
times (I currently use a commercial VPN to anonymize some traffic sometimes
and bypass national-level censorship).

In my understanding of the various pros and cons of those two options, I'm not
sure I grasp the core value proposition that this offers. Why do I want: A) A
server with fewer (one) unique user(s), and therefore traffic that is much
easier to analyse; B) A service with a single static IP and geolocation; but
which C) I am trusting a third party to administer.

I seem to be seeing a service which offers me the biggest drawbacks of both
sides. Am I missing something?

------
evancaine
This site seems to me an imitation of sitebuilderreport which was featured on
indiehackers recently [1]. The design and copywriting are similar. OP, was
your site inspired by sitebuilderreport or are you connected with that site?

[1] [https://www.indiehackers.com/businesses/site-builder-
report](https://www.indiehackers.com/businesses/site-builder-report)

------
gerdesj
I'm (British) getting the impression that VPNs are becoming rather important
to Americans (int al). Please bear in mind that us foreigners don't always get
the memo about the current flavour of the day in all countries. I'm well aware
that citizens of CN and many others really need privacy but it seems that
there is a reasonably recent strange US fetish with VPNs.

Could someone please explain?

~~~
bitxbitxbitcoin
US Congress passed a law earlier this year that dismantled FCC internet
privacy protections which prevented peoples' internet service providers from
fully capitalizing on peoples' internet history. VPN use is a way to encrypt
your internet traffic, use not-your-ISP's-DNS, and protecting private
information from being siphoned and ultimately sold.

Hope this helps explain the fetish!

Disclosure: I am a PIA employee.

~~~
olejorgenb
[https://arstechnica.com/tech-policy/2017/03/isps-and-fcc-
cha...](https://arstechnica.com/tech-policy/2017/03/isps-and-fcc-chair-ajit-
pai-celebrate-death-of-online-privacy-rules/) I presume

------
fishywang
From the one line summaries, OP seems to prefer native apps vs. open protocols
(e.g. OpenVPN/L2TP/etc.), why is that?

I looked at the Chrome extension of TunnelBear and it requires some ridiculous
permissions [1], much more than just "change your proxy settings". This
doesn't seem right.

[1] [http://imgur.com/3PuH0tE](http://imgur.com/3PuH0tE)

------
bitexploder
TunnelBear claims to be secure but all they offer is an opaque app. Uhh, no
thanks. I prefer to run my own VPN client that doesn't have potential spyware
in it. I am surprised this was so highly rated by someone reviewing VPNs.

edit: I know you can't make everyone happy, but there are a LOT of VPN options
out there and only the very best should be making it through.

~~~
ehxcaet
[https://www.tunnelbear.com/blog/tunnelbear_public_security_a...](https://www.tunnelbear.com/blog/tunnelbear_public_security_audit/)

They just got audited

~~~
bitexploder
That is nice of them to release a sanitized version of the audit report. I
would still prefer openvpn or some other open source client that has been more
battle tested for something I intend to use as a privacy tool. I don't think
it changes my basic position on a closed source client. Audits are always
point in time.

------
jiggunjer
How do you _not_ get IP vanish to work? it's literally just a windows
installer & reboot. You can manually add a server on Android too using their
guides (they have step-by-step pictures!). O.m.g. I chose IPVanish over
NordVPN because the later required me to upload a photo of my passport (to a
third party) when paying! Who does that?!

------
abavatar
"Facebook uses an internal database to track rivals, including young startups
performing unusually well, people familiar with the system say. The database
stems from Facebook’s 2013 acquisition of a Tel Aviv-based startup, Onavo,
which had built an app that secures users’ privacy by routing their traffic
through private servers. The app gives Facebook an unusually detailed look at
what users collectively do on their phones, these people say.

The tool shaped Facebook’s decision to buy WhatsApp and informed its live-
video strategy, they say. Facebook used Onavo to build its early-bird tool
that tips it off to promising services and that helped Facebook home in on
Houseparty."

via [https://www.wsj.com/articles/the-new-copycats-how-
facebook-s...](https://www.wsj.com/articles/the-new-copycats-how-facebook-
squashes-competition-from-startups-1502293444)

------
captaindoe
Founder of OVPN.com here. I’m happy to answer any questions regarding our
infrastructure, policies or tech stack.

~~~
kensai
Hi, impressed by the specs of your service. You seem to top both this list and
this one ([https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)). And I don't
care if I have to pay a little bit more for such high standards.

But are you planning to add more servers in other countries (than the 5 you
already offer)?

~~~
captaindoe
We are launching three servers in a new country next week, Norway. After that
it will take a couple of months before we're ready to expand further. It's
time consuming to do research regarding datacenters, find ISPs with
satisfactory peering and to ensure that our physical security requirements are
met.

Even though it will take some time for the next location to be added, feel
free to email us with your suggestion.

------
reflexing
I'll just leave it here: [https://torrentfreak.com/vpn-services-anonymous-
review-2017-...](https://torrentfreak.com/vpn-services-anonymous-
review-2017-170304/)

The scene guys know their stuff.

------
rocky1138
I use KeepSolid. I've been really impressed. I think his review has done them
a disservice. They have a really helpful app on all platforms and their staff
are friendly, too.

Disclaimer: none. I have no affiliation other than I am a customer.

~~~
EnragedSnail
They have been fast, and honest with all 2 of the issues I have had with them
over the last almost 3 years. I would strongly recommend them to anyone. If
there was a real issue with the service he should have talked about that.

------
linkmotif
"Honest" is such peacock language. Unsettling seeing it like this.

------
parito
What this review really lacks is the additional features VPN's can provide,
such as malware and fishing protection, location diversity, scale,
jurisdiction, protocols supported, etc etc.

I am a happy user of NordVPN with all of the above points adressed by them
really well. BTW the latest feature, CyberSEC also blocks ads which is a major
plus for me, making the VPN that much faster.

[1] [https://nordvpn.com/blog/security-feature-
cybersec/](https://nordvpn.com/blog/security-feature-cybersec/)

~~~
tbrock
Yeah NordVPN is the best of the bunch. Got my vote as well.

------
Saqwert
I'm looking for a great vpn. After looking at
[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/) I found Hide.me
interesting except for the price but on their website they have guides to
explain how to manually set up the vpn. I never see Hide.me mentioned. Is
there someone using it or thinks it a good choice for privacy on Android,
win10 or mac

------
MBCook
Both iOS and macOS (I don't know about windows, I havent used it recently)
have built-in VPN clients so what would be the advantage to using a client
from the VPN provider?

~~~
joshrivers
The built-in VPN clients support old broken insecure protocols (PPTP) and
expensive, hard to implement and hard to deploy protocols (IPSEC-LLTP),
whereas public vpn providers tend to use simple, secure, easy(er) OpenVPN for
the bulk of their connections. So you need a addon client to use them for
their best features.

~~~
MBCook
Thanks. I've only ever used VPNs to access corporate networks. I'm not going
to pretend to be knowledgeable in this area.

------
thinkMOAR
I kind of expected network based tests as reviews.

E.g. throughput, latency, connection setup, encryption strengths, fixed ip
address etc etc. This is just a feature compare, where one trusts the vpn
provider on their blue eyes, e.g. "No logging or tracking"

I cannot imagine a sane service provider that doesn't have some kind of
logging, not of your (in vpn case,) browsing activity itself, but when you
connected, what accounts are getting brute forced, etc etc. This is logging
too.

------
welder
Could use a breakdown of which criteria each provider supported, because just
a colored circle doesn't show which of those criteria are supported or not.

~~~
mobitar
You can hover over the circles to see the breakdown. I need to add click
support for mobile though.

------
bamboozled
Thanks for this! It's pretty cool and it's nice to have something to pass on
to friends who are interested in subscribing to a VPN service.

------
mirimir
I'm not impressed with this review. The author doesn't even mention the need
to prevent leaks with firewall rules.

Edit: As others note, he doesn't include AirVPN, which is one of the best
activist-focused services around. And his comments about IVPN are bizarre. It
is expensive. But it has no affiliate program, and its apps are among the
best. In particular, for being leak free.

------
blubb-fish
Any opinions on ProtonVPN? I use it now more or less everywhere. No problems
with it - it's fast enough (though definitely slows down my connection from
about 12 to 16Mb/s to about 5 to 10 Mb/s.

I chose it b/c the organization behind it seems trustworthy. I don't know what
the author has in mind when he labels the billing practice "shady".

------
mobilio
Try [http://www.vpngate.net/en/](http://www.vpngate.net/en/)

------
Proof
Horrible article. If he tried the services he didn't like the websites for
(fucking childish excuse btw), he would realise that airvpn offers all the
services he was treating as a pro. This is a dissapointing read, and even more
disgusting it made its way up to the top of this great website.

------
mk89
All this article is missing is the referral links - then I don't see any
difference with other websites, which the author wants to distinguish from.
Actually, there are some good websites around - it just takes a lot of
patience to search...

------
jk2323
Questions, any advise/help appreciated:

1\. oVPN.to Does it work in China? (Support not helpful but I still like them)

2\. Does Softether [https://www.softether.org/](https://www.softether.org/)
work in China?

------
Izmaki
Has the world forgotten about iPredator? The VPN service spawning from the
legal issues with The Pirate Bay. One would assume that a VPN "by crime
riders, for crime riders" would fulfil all the requirements and many more.

------
belorn
A Nice-to-have would be static IP address so that you can run a private home
server. Pity that the site don't include this since only a few vpn providers
have an option for that.

------
newbear
If I just don't like the feeling of being logged on some ISP , is paying for a
VPN something for me? Any free options for privacy ? Or is it more for
torrents and stuff?

~~~
abdelm
If you don't like being logged, then having a logless VPN like ExpressVPN,
Tunnelbear, etc should be fine. For torrents, some VPNs like Tunnelbear
preferred to disable the BitTorrent port completely

So, it's just a matter of finding a VPN that matches your preferences, but I'd
avoid using a free VPN.

------
GTP
I think that
[https://thatoneprivacysite.net/](https://thatoneprivacysite.net/) has a much
better VPN comparison.

------
scottmcdot
Is the TunnelBear "Vigilant" feature like a kill switch? So if the VPN drops
out, it doesn't revert to downloading via non-VPN?

~~~
ehxcaet
Yeah, vigilant is the equivalent of a kill switch. So not connected to VPN =
no internet

------
jianshi
Can you try [https://cypherpunk.com/](https://cypherpunk.com/) and add it to
the list?

------
theprop
We don't know if IPSec or L2TP is compromised...could be either or both. So
why is using Ikev2 with IPSec secure??

------
Mefis
This seems like a good thread to ask this.

I'm about to move to China. What vpn set up is best?

I use and android phone and Mac laptop.

Thanks..

~~~
jwfxpr
You'll find this extensively discussed in a number of other HN threads:
[https://hn.algolia.com/?query=china%20vpn&sort=byPopularity&...](https://hn.algolia.com/?query=china%20vpn&sort=byPopularity&prefix=false&page=0&dateRange=pastYear&type=story)

Hope that helps!

~~~
Mefis
Thanks, it didn't occur to me that I could search the archives.

------
sly010
What's up with all these VPN review websites? Are the affilite fees that good?

------
wyclif
He didn't review OpenVPN, or even mention it.

~~~
jwfxpr
Because OpenVPN is a VPN technology (and client) that can be used for secure
connections, rather than a subscription VPN service.

Unless you mean Private Tunnel VPN, their VPN subscription product? It's one
of many, many products not reviewed here.

~~~
wyclif
Thanks, that distinction is helpful :)

------
WhiteSource1
You know the VPN providers paid for the ranking.

------
rubatuga
I hate to sound like I'm advertising, but I've found blackvpn quite good. It's
based in Hong Kong.

~~~
Zyst
I frankly wouldn't want any of my traffic going anywhere that close to China
regardless of how well they implement their stuff.

------
k734730
If they don't test cryptostorm this review is pretty worthless. They are one
of the best options out there.

------
nerdynerd
shill detected how does this tripe get so high on HN? is this reddit?

------
dbg31415
I use PIA, and it's great. I don't know why they listed it as low stars.

------
vacri
> _The speeds were good and the apps work but are kind of boring_

... isn't the point of a VPN do just do its job and stay out of sight? Why is
'boring' even remotely relevant to the VPN equation?

------
Cozumel
>'It's just so much fun to use'

Given that one of the criteria the VPNs were measured on was 'fun' makes me
inclined to dismiss the whole thing.

VPNs are to stop the secret police from coming and killing your family and
taking you away, 'fun' is coding, not playing with your life.

------
mcrocop
Reading his reviews I felt the author was looking for that warm feeling a
toddler feels when being coddled by his mother. Take a look at his comments on
PIA, "Extremely transactional. You get in and get out. It delivers its
experience the way a utility company would. Sometimes, that may be a good
thing. But in this case, I'd rather give my money to a company who might put
it to better use."

What? Extremely transactional? You're in and out? When using my VPN I want to
click 'connect' to connect, choose US if I want my connection for the US, and
'disconnect' to disconnect... No fancy website or pretty colors needed.

------
MachinShinn-
Surprised few people picked up on this... this site is 100% Bullshit. The
"ratings" are purely driven by which server is offering the author a
commission per sign up.

How do I know this? I do the same thing with my sites.

------
mcrocop
How did this make the front page? People voting this story up must not have
read his actual analysis. Pathetic.

------
mcrocop
He doesn't like PIA, a company that sponsors dozens of security
companies/projects/etc because he would rather the company he chooses put
their money to better use.... Like make bear graphics so his VPN is 'fun' to
use.

Again - how did this make the front page... Embarrassing for HN.

------
darkblackcorner
I think you're better off with this for a proper technical feature-set...
[https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

