
Detailed VPN Comparison Chart - Spoygg
https://thatoneprivacysite.net/vpn-comparison-chart/
======
inertial
And a few DIY VPN options (open source ansible etc. scripts) that have been
features on HN recently (in order of popularity)

[https://github.com/jlund/streisand](https://github.com/jlund/streisand)
(6000+ stars)

[https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign)
(6000+ stars)

[https://github.com/Nyr/openvpn-install](https://github.com/Nyr/openvpn-
install) (3000+ stars)

[https://github.com/ttlequals0/autovpn](https://github.com/ttlequals0/autovpn)
(1400+ stars)

[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)
(1100+ stars)

[https://github.com/robbintt/popup-openvpn](https://github.com/robbintt/popup-
openvpn) (700+ stars)

~~~
brotherjerky
Has anyone setup OpenVPN via Docker? I've seen some of the images, just
wondering if anyone has actually got it working.

~~~
Smushman
Using openvpn with deluge in UnRaid as a container - runs flawlessly, and not
leaking (re: data out of the VPN) as verified by firewall logs for 3 months
now.

~~~
brotherjerky
Nice, which docker image?

~~~
Smushman
I believe this is what you were looking for:

binhex/arch-delugevpn

If you have trouble reach out again.

------
michaelt
If I was the NSA, I'd certainly be looking to launch a VPN company or two -
maybe even subsidising their offerings, to get them to the top of the
performance and value for money charts.

After all, getting users to voluntarily direct their traffic through your
network would be much easier than installing snooping hardware at every ISP,
backdooring hardware in transit or snooping on undersea cables.

~~~
pilif
_> If I was the NSA, I'd certainly be looking to launch a VPN company or two_

not worth the trouble when you can just compel existing VPN companies to send
all traffic to you.

~~~
ionised
In foreign jurisdictions?

------
RJIb8RBYxzAMX9u
Genuine question: why's OpenVPN so popular over L2TP/IPsec? Configuration on
the server side is maybe a little more complicated, but configuration on the
client side is super simple, as all major OS, mobile or otherwise, have
support built-in.

I've read arguments that firewalls tend to block IPsec packets, but there's
also UDP encapsulation. And IME, I've never had connectivity issues, from
multiple random coffee shop / airport WiFi, in multiple countries. I suspect
it's because Cisco's VPN product used to (still?) uses IPsec, just with
proprietary authentication schemes, and a lot of businesses use it, so most
firewalls are configured to let it through.

~~~
walrus01
at the expense of latency and performance, openvpn can run in purely TCP mode
which is more likely to survive shitty wifi connections and aggressive/stupid
captive portal wifi and firewalls/NATs like you might find in an airport. I
have an openvpn server running its public interface on port 443 in tcp mode
which is frequently accessible when ipsec stuff is blocked.

openvpn can also be used with obfsproxy

~~~
RJIb8RBYxzAMX9u
> [...] openvpn can run in purely TCP mode which is more likely to survive
> shitty wifi connections and aggressive/stupid captive portal wifi and
> firewalls/NATs like you might find in an airport [...]

That's contrary to my own experience, hence my original post. Obviously I've
not been to every airport, but I've been to a handful of different ones over
the last decade, and I've _never_ had problems with IPsec. And IME airport /
coffee shop / hotel WiFi are usually not the ones most locked down, but
corporate guest WiFi. The last one I used blocked everything except TCP port
80, 443...and UDP port 500, 1723, and 4500.

I used to run OpenVPN to my home network, since that's the general
recommendation, and Cisco VPN to the school, and later work, networks, and
I've had more connectivity issues with OpenVPN. Switching to one of ports 53,
80, or 443 generally works, but Cisco VPN always "just works"...connectivity
wise anyway. The client software broke like every other minor OS update. I
even switched to PPTP for a while, because it'd also always worked, plus
support was built into the OS. And that's what drew my attention to
L2TP/IPsec.

Finally, when Tunnelblick stopped working after one of the OS X major upgrade,
I looked into setting up L2TP/IPsec, and have been using it since.

Maybe IPsec is more often blocked in Europe / Asia / Africa?

------
pedro2
That site should have a top 3 pick, tailored for paranoia, torrenting and
normal unsecured wifi hotspot hardening.

Personally: I use AirVPN because to me it matters the client is open source.
For all others, I guess PIA (Private Internet Access) is fine.

~~~
Freak_NL
> I use AirVPN because to me it matters the client is open source.

Don't most VPN providers offer OpenVPN as an option? Private Internet Access
does. I always assumed that the client offered is to have an easy setup method
for users who don't know how to configure a normal VPN client safely.

~~~
subliminalpanda
It's been a while but the last time I used PIA I noticed that their
configurations were woefully insecure (BF-CBC Ciphers, no tls-auth, pre-shared
keys instead of certificates). This was maybe a couple of years ago.

Has that changed recently?

~~~
PTRFRLL
Yes, they recently updated their OpenVPN configuration and now have a 'strong'
OpenVPN config option.

>All our servers are now running OpenVPN on UDP port 1197 with our 4096bit RSA
server certificate, 4096bit Diffie-Helman key exchange, AES-256-CBC, SHA256
and TLS v1.0-1.2 support.

[https://www.privateinternetaccess.com/forum/discussion/20093...](https://www.privateinternetaccess.com/forum/discussion/20093/using-
stock-openvpn-with-strong-encryption-settings)

------
mulrian
Think its suffering from the HN effect - out of resources for me.

~~~
Codywastaken
Internet hug of death

------
Johnny555
I've seen lots of VPN comparisons that rate VPN providers on what they do and
do not log. But who really verifies this? What's to stop VPN provider X from
claiming "We don't log anything", while simultaneously streaming a real-time
log to any government agency that asks for it?

~~~
PTRFRLL
Definitely a valid point. A recent court case involving VPN provider Private
Internet Access seemed to back up their 'no logs' policy.

>“A subpoena was sent to London Trust Media and the only information they
could provide is that the cluster of IP addresses being used was from the east
coast of the United States,” the FBI’s complaint reads.[1]

Unfortunately, waiting for a court case involving your VPN provider isn't a
great way to determine what they log.

[1] [https://torrentfreak.com/vpn-providers-no-logging-claims-
tes...](https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-
fbi-case-160312/)

------
adontz
Error 508. Resource Limit Is Reached

------
Tinyyy
How much profit does a VPN operator make? Since running my own box on
DigitalOcean costs as much as a VPN ($5), at <10% traffic utilisation.

~~~
JorgeGT
I also run my VPN on a cheap VPS. Dedicated VPN companies can easily come
under attack/scrutiny, or could have temptations of selling user data if
subscribers fall, but I doubt anyone is monitoring individual, ephemeral DO
droplets/AWS instances.

~~~
sarsaparilla
If you're the only user of your VPN, doesn't that make it pretty easy to trace
your usage back to you? I would have thought that using a VPN Provider would
assist privacy by making it hard to figure out which client initiated the any
request coming out of the VPN node...

~~~
JorgeGT
A local adversary (in your network) can know that you're establishing a
connection to a certain IP in another country, but they cannot know what that
particular machine is accessing in turn. [This is my threat model, I use this
in public WiFi].

And a remote adversary (who sees your VPS IP) cannot know who is, in turn,
connected to that VPS, unless they can extract that information from the VPS
provider via court order or hacking. [This is of more concern if you plan to
do illegal things or are a dissident].

As always, you must model your threat scenario and proceed accordingly.

~~~
sarsaparilla
That's a fair analysis. I guess I was imagining something like a government.
For example, the UK one would now be able to see that you're establishing a
connection to your VPS IP. However, I don't know if they would then be able to
see the connections from there to various hosts back in the UK.

------
jeppesen-io
Surprised not see Pritunl on the list, or here. Its such a nice product.

[https://pritunl.com/](https://pritunl.com/)

------
ggregoire
I use ExpressVPN mainly for Netflix, but most of their servers are banned and
it's quite expensive. What VPN do you use for this purpose?

~~~
Freak_NL
That's pointless. Netflix bans each and every VPN IP address they can get
their hands on — they are quite thorough. You might as well get a cheaper VPN
subscription with a VPN provider who condones torrenting and access the shows
you are missing that way.

~~~
spookyuser
Well then they haven't got every vpn ip because expressvpn has been working
with netflix for almost 6 months straight in my experience.

------
gambiting
I just get an AJAX error when trying to filter the list.

------
vpnspeedtest
[http://vpnspeedtest.org/](http://vpnspeedtest.org/) tests over 20 VPN
services to find the maximum speed of each VPN from 8 locations around the
world.

ThatOnePrivacyGuy should use their open source speed test tool instead as the
tests are verifiable (unlike his tests from a single location which nobody can
reproduce).

~~~
jlgaddis
I don't see a "disclaimer/disclosure" (kinda standard practice around here) so
I assume your username is entirely coincidental?

~~~
jessaustin
The 'name and the link are less than a centimeter apart on one's screen. That
seems enough to clue in most readers?

~~~
okbake
Yeah, it's not so subtle. But then again:

> ThatOnePrivacyGuy should use _their_ open source speed test tool instead

Using _their_ instead of _our_ makes it sound like there is no affiliation.

------
ryanlol
This is terrible. Whoever "That One Privacy Guy" is, should really consider
not being a dick and stop pushing VPNs as a privacy tool.

And yes, you're a dick if you even kind-of imply that VPNs might be good for
privacy without immediately providing a strong disclaimer: if it matters, they
aren't.

Edit: Oh wow, it's worse than I expected. Check out
[https://thatoneprivacysite.net/choosing-the-best-vpn-for-
you...](https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/)

The vast majority of the recommendations here have absolutely no connection
with reality.

This entire website is bullshit, here's a few quick quotes.

>a. More on Trust

>As a lawyer represents your legal interests, a VPN service (among others)
represents your privacy interests.

>c. Jurisdiction >In the last few years, certain revelations have been made
manifest regarding the mass surveillance programs of various countries around
the globe. These countries are known as the five, nine, and fourteen eyes.
These countries not only spy on their own citizens where they can get away
with it, but they spy on each others, and swap notes to bypass governmental
restrictions on power. If a service, or the people who run a service is based
in one of these countries, it’s not unreasonable to expect that they may be
susceptible to unlawful searches and compromises made in the name of national
security

Suggesting that NSA & Co. don't spy outside of FVEY (or fourteen eyes if
that's what you prefer) countries is utterly ridiculous at it's face and just
makes it look like the author hasn't studied this stuff at all.

Instead of blogging about mass surveillance and unlawful searches, maybe focus
on the more realistic issues like search and wiretap warrants which are
ridiculously easy to get in some countries?

~~~
noja
I can see you complaining, very strongly, but wouldn't it be better provide
some kind of constructive feedback.

~~~
ryanlol
I guess you replied to the wrong post, I made a rather explicit
recommendation.

>you're a dick if you even kind-of imply that VPNs might be good for privacy
without immediately providing a strong disclaimer: if it matters, they aren't.

This website reads like it's written by an amateur from some torrenting
subreddit, there's not much constructive feedback to be given here besides "do
some actual research and do it all again"

~~~
noja
Have you done some research? Can you tell us what you recommend?

~~~
ryanlol
>Have you done some research?

Yes.

>Can you tell us what you recommend?

For privacy? Tor.

