
Ask HN: Which VPN? - blohs
Which VPN do you recommend?
======
craftyguy
This is a great resource for comparing VPN options, with a focus on privacy
and security: [https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

Be wary of folks recommending individual services... the VPN market has been
hot in the last few years, and most recommendations should be treated with a
fair bit of skepticism.

~~~
quizme2000
That was a great site. I liked the option for a colorblind readable chart, I
have a few colleagues that have to use plugins and other weird gadgets
differentiate red and green. Also bonus point for the CC license.

------
ej12n
IVPN (Gribaltar), Mullvad (Sweden) or PIA (U.S.) are the best bet for most
users IMO. They are all fast, no logging, and have good apps.

IVPN, Mullvad are not in U.S. jurisdiction if you are concerned about that.
Most people are not and just want a VPN to hide shit from ISP, etc...

Although PIA is U.S. based, they keep no logs and then they have their famous
"FBI" case which they did not provide anything to them.

I myself personally use IVPN, but I have used Mullvad as well.

[https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

This is the best resource for vpn reviews, ignore everything else.

Also [https://www.privacytools.io/](https://www.privacytools.io/) is great
overall and they do have a vpn section

[https://www.reddit.com/r/VPN/](https://www.reddit.com/r/VPN/) has a bunch of
more info as well.

~~~
fwdpropaganda
> Although PIA is U.S. based, they keep no logs and then they have their
> famous "FBI" case which they did not provide anything to them.

You know the NSA just puts a gag order and connects directly to the targets
infrastructure. Doesn't matter that PIA doesn't keep logs, NSA's prism is
logging everything.

~~~
willstrafach
I do not know this and many others probably do not. Would be great to see a
source with proof that this has happened with PIA.

~~~
some_account
Just stay away from USA. They can do anything they like with their dumb laws.

------
inertial
Lots of prior info available

[https://news.ycombinator.com/item?id=14974383](https://news.ycombinator.com/item?id=14974383)

[https://news.ycombinator.com/item?id=13425728](https://news.ycombinator.com/item?id=13425728)

[https://news.ycombinator.com/item?id=13249523](https://news.ycombinator.com/item?id=13249523)

Also DIY options :

[https://github.com/ttlequals0/autovpn](https://github.com/ttlequals0/autovpn)

[https://github.com/jlund/streisand](https://github.com/jlund/streisand)

[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

[https://github.com/Nyr/openvpn-install](https://github.com/Nyr/openvpn-
install)

[https://github.com/robbintt/popup-openvpn](https://github.com/robbintt/popup-
openvpn)

[https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign)

------
blacksmith_tb
I have a Streisand[1] server running at DO, it's been good. People also like
Algo[2] but I haven't tried it.

1:
[https://github.com/StreisandEffect/streisand](https://github.com/StreisandEffect/streisand)

2: [https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

~~~
summadat
Algo all day every day, good stuff, use it.

~~~
suh_dude
Yep, this.

------
oedmarap
I use a self-hosted OpenVPN install on a Digital Ocean droplet to simply
encrypt traffic (UDP/443) from my ISP. One plus is that I have a clean US IP
address that isn't blocked by most services. This is just for security and
geolocation, not anonymity.

For anonymity I use Private Internet Access as they have a fast network, lots
of locations, and no logs. They're also very affordable.

I also use IPredator sometimes since they're the same folks that run Njalla
and I simply like to support them.

------
kup0
I haven't used it extensively, but so far MullvadVPN has worked well for me
and they are one of thatoneprivacysite's top recommendations

~~~
orivej
I'm using Mullvad. On the plus side, their servers are the most reliable I
have seen, and they provide IPv6 addresses (behind NAT, which is reasonable
for privacy). On the minus side, since November 2017 they intercept DNS
queries and answer them themselves (hence you can not use DNS service of your
choice), unless you connect to a specific undocumented OpenVPN port (1400 or
1401) available on a small but diverse subset of their servers.

~~~
kup0
Interesting. Good info to know. Have they specified a reason for intercepting
DNS?

~~~
orivej
I believe I can quote the response to my support request:

«We added iptables rules to hijack all DNS requests on port 53 going via the
VPN tunnel, this is to protect users having set a DNS server unknowingly (or
by malware). We are aware that not all users want this behaviour, and we
intend to add an extra port that OpenVPN listens on, where DNS hijacking will
not happen.»

Some VPN providers (including Mullvad) have a client-side feature called DNS
leak protection that configures the system to use the provider's DNS server. I
don't know how Mullvad decided that this was not enough, and they are
justified to intercept DNS. (Note that for the server-side intervention to
work, the client side must be configured not to use ISP DNS, hence the client-
side DNS leak protection is a prerequisite.)

------
jasaloo
NordVPN -- it's one of the best IMO for security/company location. I also made
my decision via the spreadsheets and analysis from the already-mentioned
[https://thatoneprivacysite.net/vpn-
section/](https://thatoneprivacysite.net/vpn-section/)

It's $79 for two years, but they also have per-month subscriptions.

~~~
hbcondo714
I got turned off by their tv commercials. They are really marketing towards
the "clean your PC" crowd

~~~
vpnless
Their tv commercials are so bad I got turned off by vpn.

------
aphextron
There's no reason for anyone even moderately saavy to use a commercial private
VPN. It's really insecure and expensive. Just use Streisand on a DigitalOcean
droplet, AWS, etc.

[https://github.com/StreisandEffect/streisand](https://github.com/StreisandEffect/streisand)

~~~
rlpb
Tunnelling through a hosting provider doesn't provide any additional privacy.
It just moves your exposure.

Perhaps I am unusual, but I trust my ISP with my privacy more than I trust the
typical hosting provider.

I understand that this doesn't apply to most of the US because of your
monopolistic ISP problem. In other places though, I don't think a blanket
"just tunnel through a hosting provider" recommendation is appropriate.

~~~
aphextron
>Perhaps I am unusual, but I trust my ISP with my privacy more than I trust
the typical hosting provider.

You're lucky in this regard. Having no choice but Comcast, the number one
threat to my privacy is my ISP. So that makes tunneling to an outside VPN very
useful. I trust DigitalOcean far more. Although in a different situation I
think you're absolutely right.

------
m-p-3
Depends what is more important to you.

If it's for anonimity I've been told PIA is a good option.

If it's to bypass georestriction and protect your traffic from being snooped
by your ISP or any clients that could attempt to sniff your traffic, hosting
your own on a VPS is a good option. OpenVPN, OCserv or Outline (based on
shadowsocks) are some options.

Links

\-----

[https://openvpn.net/index.php/download/community-
downloads.h...](https://openvpn.net/index.php/download/community-
downloads.html)

[https://ocserv.gitlab.io/www/features.html](https://ocserv.gitlab.io/www/features.html)

[https://openvpn.net/index.php/download/community-
downloads.h...](https://openvpn.net/index.php/download/community-
downloads.html)

[https://getoutline.org/](https://getoutline.org/)

[https://www.shadowsocks.org/en/index.html](https://www.shadowsocks.org/en/index.html)

------
staunch
To answer "Which VPN?" you first need to answer "Why VPN?" because there are a
lot of different reasons for using a VPN.

If it's just privacy from snooping, you'll be fine with setting up your own
VPS with OpenVPN. It's simple enough that any technical person can do it in a
few minutes (or hours).

------
apazgo
Azirevpn[1] (Swedish based) Always been very fast for me. One of the first to
implement wireguard I think, which they offer for free at the moment, tho I
pay anyway for the service...

1: [https://www.azirevpn.com](https://www.azirevpn.com)

------
legitster
Any VPN is better than no VPN. But I use Private Internet Access. The
interface has gotten really slick in the last year - very nice to use. You can
pay using random anonymous gift cards (essentially cash). And they are the
only VPN that has been tested in the court of law (they were ordered to turn
over all the records they had on a customer, and they did - nothing).

~~~
blacksmith_tb
PIA also donates to FOSS projects/organizations[1] and has open-sourced some
of their own projects[2]

1: [https://sfconservancy.org/news/2016/mar/02/PIA-LCA-
matched/](https://sfconservancy.org/news/2016/mar/02/PIA-LCA-matched/)

2: [https://pia-foss.github.io/](https://pia-foss.github.io/)

~~~
craftyguy
PIA is also US-based, which makes it a no-go for some folks since they fall
under US jurisdiction.

------
lming
What's the purpose of the VPN? If travelling to China or other strictly
censored countries, I'd recommend
[https://foxshadowsocks.com](https://foxshadowsocks.com)

------
mpfundstein
ProtonVPN is super good

~~~
diaz
And there's the free tier which has served me well too.

~~~
mpfundstein
If you sign up you get native mac client (beta)! Really good piece of
software, much more teliable than Tunnelblick

------
Avaray
Check these links:

[https://torrentfreak.com/vpn-services-keep-
anonymous-2018/](https://torrentfreak.com/vpn-services-keep-anonymous-2018/)

[https://thatoneprivacysite.net/vpn-comparison-
chart/](https://thatoneprivacysite.net/vpn-comparison-chart/)

[http://vpnspeedtest.org/](http://vpnspeedtest.org/)

------
donttrack
Express VPN if you don’t want to bother with setting up your own server.

If you want to setup your own server, then Streisand.

I used both and they work well. Using ExpressVPN right now in China.

------
jetblackio
Proton VPN is rock solid. I recently made the full switch off gmail to Proton
email, and signed up for the VPN as well. It's worked great so far.

------
donttrack
Don’t use strongVPN. They shared my info. Got a letter from some Hollywood
lawyers after someone had been running a torrent download over my VPN (would
share my WiFi on and off from my phone with visiting colleagues, if they had
trouble with our corporate VPN and someone probably had a movie torrent
download or seed running in the background by mistake).

------
michaelcampbell
Vague question can only lead to a vague answer, but I've been happy with
AirVPN.org for my particular use case and needs.

------
playertuan
TorrentFreak writes up a comprehensive review and interview with all the
popular vpns, [https://torrentfreak.com/vpn-services-keep-
anonymous-2018/](https://torrentfreak.com/vpn-services-keep-anonymous-2018/)

------
cyberpip
Other than that one privacy site already mentioned, Wirecutter did a good
analysis recently:

[https://thewirecutter.com/reviews/best-vpn-
service/](https://thewirecutter.com/reviews/best-vpn-service/)

------
PenguinCoder
I have wireguard setup on a DO instance of <wherever region I need>. It is
very fast and easy to setup for technically inclined :
[https://www.wireguard.com/](https://www.wireguard.com/)

------
jason_slack
I used Astrill while in China and it worked good and the cost wasn't bad.
Works on most all OS's.

[https://www.astrill.com/](https://www.astrill.com/)

------
botskonet
I currently use IPVanish. I'm pleased with the uptime and service. Every now
and then I get disconnected and everything reverts to using my normal
connection, which isn't very secure.

------
kasey_junk
Earlier today
[https://news.ycombinator.com/item?id=17091618](https://news.ycombinator.com/item?id=17091618)

------
mobitar
I created a subjective guide based on my experiences which might be useful to
you:

[https://vpnreport.org](https://vpnreport.org)

------
knguyen0105
I used to pay for IPVanish but now I'm using Algo with much better speed. Some
websites also block requests from commercial VPNs.

------
segmondy
Your own hosted VPN, run one from home for free using a $5-10 raspberry pi
zero.

Or $60 on DigitalOcean or Linode a year at $5/month.

------
samblr
Have been using windscribe - I use it sparingly.

But any vpn should be treated with skepticism as many have noted here.

------
tdfx
Specific use case thread: which VPNs have worked for you in mainland China?

~~~
donttrack
ExpeessVPN works fine. using it right now in china.

------
jmarinez
SomaVPN - currently in beta Based on Algo and Wireguard

~~~
subliminalpanda
link?

------
some_account
I use bahnhof VPN (Swedish) and they are well known for standing up to
pressure from government.

