
Ask HN: Best paid VPN? - o_s_m
How safe and vetted is PrivateInternetAccess?  Any other favorites?
======
rdl
I like mine (cryptoseal.com) obviously, but I don't think there's a single
best VPN for all uses right now. It really depends on how you want to use it:

1) Travel? Travel to China? -- then worry about what VPNs are blocked

2) Need strong anonymity against the US government? You're probably out of
luck, but Tor might be a good technology to use for now. Really, you want
something which is message-based, not streams, and can have mix-net style
latency, not onion routing. Other than email (mixmaster/mixminion, both too
small in deployment to be safe, now), you're out of luck. Stay tuned, though.
(You also probably need more than just the network -- incognito mode, some
kind of filtering proxy, etc.)

3) QoS/etc. evasion on e.g. Comcast for torrenting? I'd probably go with the
torrentfreak recommendations. ([http://torrentfreak.com/vpn-services-that-
take-your-anonymit...](http://torrentfreak.com/vpn-services-that-take-your-
anonymity-seriously-2013-edition-130302/)) Generally I think a seedbox is a
_far_ better solution for torrenting than a VPN, though.

4) Great Mac support? That is GetCloak's focus.

5) Mobile? The PPTP/L2TP stuff built in is the best, although the security is
weaker than SSL or IPsec VPNs.

6) Price? AnchorFree is free. The others range from (generally) $3-20/mo/user.

7) Need to tie in with your existing on-premises networks, AWS VPC, or support
multiple clients, or do DLP, etc? That's what cryptoseal's business product
tries to do, or you could use a conventional on-premises vpn hardware
appliance from Juniper, Cisco, etc.

8) etc.

There isn't one best choice.

~~~
goblinfoblin
What about a recommendation for a secure and private vpn for usage on public
networks. No illegal (torrenting) services needed.

Bonus that it also works well with mobile (android 4.1+).

~~~
_dmd
i operate a VPN server in switzerland for me and a couple of friends; feel
free to contact me via j8BILqZHb4MLSBFF@burnmoney.trillianpro.com (valid for 1
week; spambox.us) to work something out :)

no logging and quasi-unlimited traffic. it works on my iphone so i am assuming
there should not be a problem with android...

------
rasengan
We've been committed to privacy in the form of a VPN service for quite
sometime. The founders of PIA (including myself) were actively involved in the
beginnings of Bitcoin and many related services surrounding it, and have since
devoted all of our time to the proliferation of privacy.

We have the most servers of all paid VPN service providers and are committed
to privacy. We also support many non-profit organizations, including EFF,
Gnome, FFTF amongst others. We are also the hosts of BitcoinTalk.org,
BlockExplorer.com, and proud sponsors of MoDaCo.com and MIUI.us.

Please do take advantage of an offer we have right now going on until the end
of the weekend:

[http://slickdeals.net/permadeal/101860/private-internet-
acce...](http://slickdeals.net/permadeal/101860/private-internet-access-
private-internet-access-20-off-vpn-service-32year-or)

Additionally, please feel free to read this interview:
www.bestvpn.com/blog/7319/an-interview-with-private-internet-access-founder-
andrew-lee/

Lastly, please feel free to checkout our blog for more:
[https://www.privateinternetaccess.com/blog](https://www.privateinternetaccess.com/blog)

edit: And we don't log. Period. No sessions. No IPs. Nothing. Zilch, zero,
nada.

~~~
geekam
I used to be a PIA customer and I liked the idea that they do not log
anything. However, the lack of a good third-party audits that support their
claims, is something that I found weird. Is there a way you can prove that you
do not log anything beyond just blog posts?

~~~
rasengan
Great question - this is indeed an issue as it's difficult to prove to others
that you are/aren't doing something which they cannot verify without gaining
full access to all of your servers in their entirety.

However, our trust comes from the many years that we have operated this
business in this fashion and the good faith of our users.

With that said, we have been in discussions with some well known privacy
organizations regarding the setup of an auditing body that could verify these
sort of things.

~~~
geekam
Thanks for your reply. When can we hear about those bodies or organizations? I
am highly interested in that because that is one of the things that is keeping
me away from PIA at this point.

------
midnightcaller
May I humbly suggest our service:
[https://www.SurfEasy.com](https://www.SurfEasy.com)

We are a No-Log network with support for Mac, PC, iOS and Android. We also
have a unique USB solution that has a browser and VPN client, so you can plug
in and be private at work. (no install or admin rights required)

Michael Geist is an adviser to our company and we work with EFF and Fight for
the Future. (you can check out our AMA here:
[http://www.reddit.com/r/IAmA/comments/1h1y0t/i_am_michael_ge...](http://www.reddit.com/r/IAmA/comments/1h1y0t/i_am_michael_geist_a_law_professor_at_the/))

Also, if you really want to be private you can walk into one of our 4,500
retail partners and pay cash for our service.
[https://www.surfeasy.com/where_to_buy/](https://www.surfeasy.com/where_to_buy/)

We offer a free plan that gives 500mb a month, but you can earn a lot more by
referring friends or just using the service.

If you want to upgrade to an unlimited account here's a discount code that
will get you 20% off our Total VPN Annual plan: Hack20

Thanks

------
davepeck
Mine! I own and operate [https://GetCloak.com/](https://GetCloak.com/).

Cloak is a little different. Our unique features include: (1) zero
configuration, (2) elegant VPN clients with first-to-market security features,
like OverCloak^, and (3) tight integration between our clients and our global
VPN network, to allow things like automatic lowest-latency selection of server
endpoints.

Ask me anything you like!

^ OverCloak: silly name, great feature:
[https://www.getcloak.com/about/overcloak/](https://www.getcloak.com/about/overcloak/)

~~~
marban
Some screenshots might have been nice - Can't even figure out whether it's an
app or just a config enabler for the native VPN feature.

~~~
davepeck
Actually the very first image on the home page slider shows you our apps and
the devices they run on. On the Mac, it's a little menu bar icon that stays
out of your way (and wraps OpenVPN under the hood.) On iOS, it's effectively a
configurator.

~~~
marban
A location picker right from the menu bar would be nice. VyprVPN does that
(Not to say that it's a great app).

~~~
davepeck
Right now it's in Preferences, under Transporter. But we do plan to add your
favorite locations directly to the menu for easy access. Thanks!

------
mkup
VPS on Hetzner + OpenVPN with HMAC firewall.

I think if you are using generic webhosting instead of pure VPN, then your
traffic is less likely to be monitored/recorded in association to your credit
card number.

~~~
hugofirth
I would second this recommendation, if you have the technical chops for it.
Whilst it may seem like more work initially - your vpn will perform _far_
better.

Many paid vpn providers limit you to ~1Mbps down, which may be impractical for
some forms of browsing. By contrast, as your personal vpn's only client - you
can reasonably expect to see speeds comparable to your own connection and (if
you are in europe) only a minor drop in ping.

Furthermore, if you need to use the VPN on a network which blocks ports,
running the vpn yourself allows you to edit the port upon which it accepts
connections.

Lastly - Hetzner is provider without direct ties to the US/UK, which should
afford you some security from drag-net surveillance etc... the Germans seem
pretty upset about the whole US signals intel overreach debacle. A win from
this perspective.

~~~
bluedino
>> Hetzner is provider without direct ties to the US/UK

Which also makes them a bad choice if you're trying to watch US TV channels or
something while you're visiting abroad.

~~~
hugofirth
True - I was making the assumption that the OP's desire for privacy was in
light of all the recent security related press.

However if your suggestion is in line with their intent then the
recommendation still stands, just use a provider like digital ocean and choose
a datacenter location appropriate to your needs.

------
kirubakaran
[http://torrentfreak.com/which-vpn-providers-really-take-
anon...](http://torrentfreak.com/which-vpn-providers-really-take-anonymity-
seriously-111007/)

~~~
shirederby
There is an updated version: [http://torrentfreak.com/vpn-services-that-take-
your-anonymit...](http://torrentfreak.com/vpn-services-that-take-your-
anonymity-seriously-2013-edition-130302/)

------
lcedp
Depends on what's you definition of best.

I use vpnmakers. Reasons:

* Servers in a dozen different countries. You can select which country's IP you want: [http://vpnmakers.com/templates/vpnmakers/includes/hostnames....](http://vpnmakers.com/templates/vpnmakers/includes/hostnames.php)

* Cheap: $3.5-$4.85/month

* "No logs are kept. Only IP address which are deleted at the end of the week."

* 7 days money back, can try safely.

Go [http://vpnmakers.com](http://vpnmakers.com) or
[http://vpnmakers.com/aff.php?aff=433](http://vpnmakers.com/aff.php?aff=433)
if you feel like saying thanks.

------
arunoda
* Create a Digital Ocean Droptlet

* ssh -D 8008 root@<ip>

* add localhost:8008 to your SOCKS Proxy

Now you've VPN equivalent with 1TB bandwidth for just $5/month

~~~
hugofirth
That is not necessarily a vpn equivalent - as a third party program would
require something like proxifier
([http://www.proxifier.com/](http://www.proxifier.com/)) in order to forward
all traffic over the proxy.

~~~
arunoda
Yes. That is a good tool. That's why I said it is an equivalent. Not a VPN :)

------
xenophanes
Recommend
[https://www.privateinternetaccess.com/](https://www.privateinternetaccess.com/)

Never had any problems and can report the bandwidth they give you is good.
It's also quite cheap $40/year.

Had multiple issues including poor bandwidth with a prior VPN whose name i
forgot. Was also accused of being an email spammer by prior VPN, which I'm
not, lol. Got a refund after that...

------
jpinkerton88
been using
[https://www.privateinternetaccess.com/](https://www.privateinternetaccess.com/)
for a while. pretty sweet.

~~~
fencepost
I operate on a basis that the effort required of me is somewhat proportional
to the resources of a potential attacker, so I don't worry enormously about
whether I'm keeping my traffic secure from the US government - given an
adequate budget and a focus, they can conceivably monitor all inbound and
outbound traffic from any commercial VPN provider's connection points. I
advise non-technical people much the same way - it's easy to keep Susie Snoopy
and the Casually Curious out, harder but not much so for someone targeting you
for espionage or investigation (corporate or personal) and I just assume and
advise that any kind of government investigation is going to get your info
even if it's just by brute-forcing passwords.

On that basis of protecting against the casually snoopy and non-targeted
monitoring, I use PIA - I can connect 3 devices to it at once (phone, tablet,
laptop), I can use multiple exit points though I mostly haven't needed to,
it's simple to use, inexpensive, and the technology they support seems to be
at least up to standard. It's also been useful in a couple of cases where I
wanted to test connections to a network from outside that network - tunneling
my traffic out and letting it come back in is handy, and the international
endpoints let you test functionality that restricts connections based on
country of origin.

If you're using a small hosting provider you may also be able to do tunneling
through them, but ask first - when I was using a Linux laptop and my phone was
rooted, I was using SSH tunneling through my hosting company instead because
my traffic levels were insignificant compared to my monthly traffic
allocation. I could certainly do the same things again, but quite frankly I'd
rather just pay the $40/year or so for a drop-in solution that I don't have to
spend time dinking around with.

------
jbackus
I use [https://hide.io/](https://hide.io/) and have 0 complaints. I'm always a
keystroke away from being in 1 of 10 different countries:
[http://i.imgur.com/ijUu3y3.png](http://i.imgur.com/ijUu3y3.png)

I've also heard great things about
[http://www.spotflux.com/](http://www.spotflux.com/). Spotflux is actually
free to use until you want to bring the service to your mobile device. It also
encrypts your traffic and filters for malware and ad-tracking.

~~~
Yoshino
Would you mind sharing how you configured Alfred to let you switch your VPN
endpoint?

~~~
jbackus
[http://www.alfredforum.com/topic/1053-vpn-
toggle/](http://www.alfredforum.com/topic/1053-vpn-toggle/)

------
DrWhax
I like [https://ipredator.se](https://ipredator.se)

------
mpalokaj
Hey guys,

I'm a Dutch national who had the same question a couple of months ago. Our
country has net neutrality by law so has less trouble with government
surveillance etc.

Since there were no good VPN's hosted by a Dutch company I started one as a
pet project, with free accounts and paid ones. The free ones are equal to the
paid ones. The idea of the project was just to give me and my friends
protection when downloading or traveling.

By no means am I trying to spam promote here, but it's free and awesome. Truly
believe that it would be useful for you. You can find it here:
[https://bluevpn.co/](https://bluevpn.co/)

There is indeed no best choice, but unless you are going full metal jacket wit
Tor this will work perfectly and on all devices.

------
polyvisual
I'll add [http://airvpn.org](http://airvpn.org) into the mix.

I've had no speed issues, they have lots of locations, accept bitcoin, no
logging and their owners are quite frequently on the use forums.

I think they're based out of Italy.

------
frank_boyd
I would suggest you avoid any US and UK providers. Surveillance cooperations
like
[https://en.wikipedia.org/wiki/UKUSA_Agreement](https://en.wikipedia.org/wiki/UKUSA_Agreement)
are red flags.

------
pstack
With the degree to which the US government threatens, coerces, or infiltrates
tech businesses, I don't have any real trust for any VPN service, whatsoever.
I pay for one (proxpn - it was the only one that didn't seem completely shady
at the time) and use it, but I certainly don't trust it.

Additionally, finding one is the first part. Being able to pay for it, is
another, apparently. (I was paid up for awhile ahead of time with my service
before the credit card companies stated they'd no longer process transactions
paid to VPN services outside the US).

------
ksec
Depending on what you want for VPN. And what is Best for you. All i cared is
Pricing. And I use VPN is go pass firewall.

I use VPN.sh

And they have a new plan where it is a Pay as You go package. No Monthly fees,
you buy a block of 100GB and use it for as long as you want. Top it up when
you finish with it. For Light browsing usage this is the cheapest I find.

Not to mention they have 6 location for you to choose from. So you get the
best speed for your local website. And You can swap in and out when ever you
need to.

They have some Coupon code in LET. So check them out if you see fit.

------
keyme
The only reason not to roll your own VPN on some private server, is the lack
of deniability. The dedicated IP of the server is tied directly to your
name/credit card. A public VPN, while also tied to your banking info, usually
acts as a NAT. Multiple clients exit the VPN given the same source IP address.
If no logs are kept (as promised on most services), no one can (accurately)
tie an IP address to your name. I personally use the BTGuard VPN for this
reason.

------
deveronian
some basics: \-- always use a secure vpn (that is NOT just any vpn) \-- always
use high-end cryptography for the stream content on the vpn (like IPsec) \--
look for a vpn provider that has absolutely nothing to do, work in, have
equipment installed in, is a subsidiary of a company residing in the US, the
UK and all its commonwealth dependencies, Canada, Australia and New Zealand.
\-- besides that, the vpn provider should also provide you with a voluntary
connection (that is YOU holding the ONLY key in any encryption \-- and the vpn
provider should contractually commit to not having, maintaining for any
purpose any logs of your connectivity \-- always use that from a fully
portable operating system (DVD or USB stick) like Tails \-- use when possible
also Tor (note that Tor traffic remains always visible and is not encrypted)
for anonymity \-- use an automated MAC spoofer \-- always use PGP/GPG with
RSA/RSA subkey set and 4096 bit keys

If you have accomplished all the above, you have a 'relatively' safe
communications vehicle.

happy camping all.

and oh yeah if somebody on this medium operates a vpn service accomplishing
all the minimum demands above for it, please make pr, cause your service is in
high demand.

------
eknkc
Despite the unfortunate name,
[http://www.hidemyass.com](http://www.hidemyass.com) has a pretty decent
service.

~~~
appleflaxen
Not really. They log, and there have been anecdotes about people losing
anonymity because of it. You are much better off with PIA or another product
with stronger anonymity guarantees.

Ultimately, you never know if the guarantee is worth anything until it's
tested, but there have been cases where HMA was tested, and failed.

------
dmix
[https://www.blackvpn.com/](https://www.blackvpn.com/) \+ Bitcoin

------
sareiodata
Browse around [http://www.how-to-hide-ip.info/](http://www.how-to-hide-
ip.info/) Might find something that fits your needs, as @rdl mentioned,
there's no right answer.

------
mrgreenfur
I like tunnelr. They have pretty good log retention rules and a bunch of handy
exit nodes.

[https://www.tunnelr.com/](https://www.tunnelr.com/)

------
manacit
Plugging [http://vpn.sh](http://vpn.sh) here - tons of locations and the price
is right.

~~~
frdmn
> 100GB Bandwidth

and no unlimited plan.

------
moozeek
I like and use Witopia.net. 70 USD p.a. w/ unlimited traffic and gateways in
basically every region of the world.

------
pwg
I like iVPN: [https://www.ivpn.net/](https://www.ivpn.net/)

------
andyzweb
You've been flagged. please assume the party escort submission position

~~~
o_s_m
Why have I been "flagged?"

~~~
MichaelGG
I think it was an attempt at humour, as in the fascist party ruling the
country has now tagged you as a dissenter and will arrest you.

I suggest you get some hosting somewhere (location will depend on where you
are, and where you're communicating too, and who you're worried about). Then
install OpenVPN (requires custom clients) or configure IPSec (will work out of
box on all OSes including Android/iOS).

~~~
stanmancan
This is what I've done. Grab a $5/m VPS from Digital Ocean, which comes with
1TB of traffic, and install OpenVPN on it. Although if you're concerned about
using a US company to hose the VPS you could pick any other company and have
the same results.

edit: typo

~~~
alyandon
I have a two-tier solution. Cheap VPS provider in the US that then chains to a
a dedicated server from OVH which is hosted in Canada.

For sites that are US-only I have a web proxy running on the VPS provider and
use Foxproxy to divert those sites through that proxy.

I don't really have any particular reason to do this other than being bored
and making it annoying for anyone (hacker, government, etc) trying to peek at
my traffic.

------
Sagat
vpntunnel is a pretty good service, and there are no logs.

------
bobberb
Mullvad

