Ask HN: Which VPN do you use and why? - nomanisanisland
======
atoponce
You should check out the VPN comparison chart by "That One Privacy Guy" here:
[https://thatoneprivacysite.net/](https://thatoneprivacysite.net/). There are
many factors to consider, such as cipher suite, jurisdiction, and logging.

Even then, don't get your hopes up. It should be worth noting that VPNs can
give a false sense of security (such as not logging). All they're doing is
moving the goalpost from one end of the playing field to another. They're
useful for getting into internal networks, and they're useful for bypassing
outbound firewalls in restrictive networks, like public schools and libraries,
or churches, but that's about it. See
[https://gist.github.com/joepie91/5a9909939e6ce7d09e29](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)

If you want online privacy, you really should be using Tor. if you want
anonymity, you should stay offline. Regardless, realize your VPN provider
isn't going to go to jail for you.

~~~
BrandoElFollito
A VPN is also very useful when you need to emerge in Internet from a specific
country, or simply not the country you are in.

------
koevet
Streisand
([https://github.com/jlund/streisand](https://github.com/jlund/streisand)) and
a cheap Europe-based Digital Ocean box.

~~~
Cyph0n
That takes setting up a VPN to another level.. thanks for sharing!

------
rhblake
I've always liked [https://mullvad.net/en/](https://mullvad.net/en/) (Swedish
company, around since a number of years), especially from a privacy point of
view. You never actually enter any personal information when creating an
account - no name, no email, no password, no nothing; all you get is a random
unique ID. They also claim to keep no logs, point being, "When Swedish law
requires us to divulge information about our customers we make sure not to
have that information stored, so that we have nothing to give out."

Various means of payment are accepted, including btc, and cash (of any(!)
currency) sent by mail. OpenVPN, possible to choose from a number of
countries, no limits on speed or data.

If there are other commercial VPN services that don't necessarily require you
to give them any personal information (for account purposes), I'd be curious
to know. Would be nice to have more alternatives.

~~~
ionised
Seconded. Mullvad is my current go-to.

I'm still essentially trusting everything they say about no logging (and
trusting that it's not a honeypot) and the like but they seem to be the best
I've found so far.

~~~
kfreds
Hi, I'm Fredrik Strömberg, one of Mullvad's founders. I'm a frequent lurker on
HN. Thank you both!

Like you said you can trust what we say regarding logging, but you are unable
to verify it. Since that's true for all VPN services, may I suggest relying on
track record and other signals instead?

Like rhblake said we don't ask for personal information. In fact, we were the
first VPN service with that setup, and we were first with bitcoin and cash
payments as well.

I'm tempted to provide a list of our security track record, but I have
somewhere else to be, so my submission history will have to do :)

~~~
ionised
Good to hear from you!

Your track record. user reviews and endorsements are what made me choose and
stick with Mullvad in the first place.

I definitely haven't been disappointed in any way.

------
rocketcity
I use the following OpenVPN docker container on my homeserver:
[https://github.com/kylemanna/docker-
openvpn](https://github.com/kylemanna/docker-openvpn)

I then send all of the logs to Loggly and get notified anytime someone
connects to my OpenVPN server.

~~~
2bluesc
Same here. Simple.

I use it more for connecting to resources behind NAT then as an anonymizing
proxy.

------
deanclatworthy
The old recommendation here used to be privateinternetaccess.com

I cancelled my subscription months ago. They stopped circumventing
georestrictions a while ago even though it used to be marketed as having that
feature. Support even fixed it a few times for me.

Nowadays I just use one of the vpn scripts on GitHub and a small vps
somewhere.

~~~
davidcollantes
Which is the VPN scripts do you use? Thanks!

~~~
Cyph0n
This is an excellent one: [https://github.com/Nyr/openvpn-
install](https://github.com/Nyr/openvpn-install). You run a single shell
command, and OpenVPN is running in under 5 minutes!

------
quinndupont
I use BlackVPN[1], but mostly because they used to have a referral program and
I ended up with several years of free service. They tend to be quite quick,
have OK (but not exemplary security measures), and offer a nice range of
servers for whatever your needs (geofencing, piracy, etc.).

[1] [https://www.blackvpn.com/](https://www.blackvpn.com/)

------
mehxa
[https://vpn.ccrypto.org/](https://vpn.ccrypto.org/)

It's plain and simple OpenVPN made by nice people, and it's only 3€/month.

~~~
koyote
That looks very decent.

Any cons to using it?

------
akerro
TorGuard because they provide nodes in countries where I want to have my
endpoint and they allow torrenting. Their technical support actually knows
what OpenVPN and Linux/BSD is and they were able to help me with issues I had
(unlike other VPN providers).

------
MattRogish
[https://www.getcloak.com](https://www.getcloak.com) \- works on my Mac and
various iOS devices. Well designed, have been with them since the beginning
with no issues.

~~~
toyg
I used Cloak but moved away because:

1) There was no real interest in expanding the list of exit points.

2) It seemed to protect only http/https traffic.

3) The whole operation felt like someone's "passive income" business
(although, to be fair, the owner responded fairly quickly and honestly when I
queried him about other stuff).

To be fair, their OSX client tries hard to be transparent. This approach falls
apart in some cases (i.e. some captive portals), but feels very smooth when it
all goes right.

~~~
ebcase
Fwiw Cloak just sold: [https://blog.getcloak.com/2016/04/28/cloak-joins-
stackpath/](https://blog.getcloak.com/2016/04/28/cloak-joins-stackpath/)

I don't know if it was a "passive income" business for them, but if it were,
why would that be a reason to not use it?

It has a fantastic UX on both Mac OS X and iOS devices.

~~~
toyg
_> why would that be a reason to not use it?_

Mostly because you can't expect many new features or the product evolving
particularly fast. Which is exactly the case for Cloak -- the feature-set was
basically frozen for years. It's not a crime: if a product works fine, why
mess with it? But I wanted new stuff and it didn't feel like I'd ever get it.

------
subliminalpanda
I rolled my own OpenVPN server on digital ocean. I find that having 2
instances running, one over TCP port 443 and one on UDP over an arbitrary port
works great in most scenarios.

~~~
davb
Me too, although I've found that Netflix recently blocked their subnets. So
even when I'm using it to be a little more secure on open wifi network, I
can't stream.

~~~
subliminalpanda
They blocked it? How unfortunate, guess I have to cancel my subscription now
:-/

~~~
davb
Unfortunately. They might not have blocked every IP range (I assume that,
given the number of customers and datacenters, DO has a large quantity of
public IPs) but they've certainly blocked some of them.

------
CiPHPerCoder
None. VPNs can't provide any meaningful privacy:
[https://gist.github.com/joepie91/5a9909939e6ce7d09e29](https://gist.github.com/joepie91/5a9909939e6ce7d09e29)

Okay, that's not entirely true; I do access a company VPN, but not for privacy
purposes which is probably what's implied. I use Tor for that.

~~~
angry-hacker
A lot of people use it to bypass geoblocking, just like the link advised to
use vpn for, but I don't understand how come people trust random vpns with the
http/plaintext data. Do I understand wrong how vpn/encryption works? It's just
like telling random person every site and text you type with http.

------
toyg
Witopia - [https://www.witopia.net](https://www.witopia.net)

It has a large set of exit points, which is what I use it for (at least until
geoblocks die, which it will happen at some point). Being based in Virginia,
they're probably an NSA front but I have nothing to hide ;) and at least you
know it will work...

------
gorbachev
NordVPN, outside of US jurisdiction and (claims to) does no logging.

The service used to be really spotty, but they really stepped it up lately.

~~~
Udo
Seconded. All my internet traffic has been going through NordVPN for more than
a year now.

In the beginning, servers would go down often and you'd need to try a couple
of server until you found one that actually worked. But that's changed now.
They conveniently provide a list of OpenVPN config files to download, and
using the service from a Linux router works really well.

------
NetStrikeForce
For general browsing from different devices I use Freedome by F-Secure. Just
because it was convenient to get, works on different platforms (Windows, iOS,
Android) and it's cheap. Also their bandwidth has proven enough for my needs
on different exit points. The only downside is that now Netflix identifies it
as a VPN, so I can't keep watching my series while I'm abroad.

For connecting my servers between them (and my laptop) as some sort of secure
virtual network I use my own product
[https://wormhole.network](https://wormhole.network) \- The servers are all in
an overlay private network completely transparent to any application, so I can
move servers to different providers, locations, etc and not have to change a
single configuration line (nor configure any firewalls).

------
hendi_
AirVPN - [https://airvpn.org/](https://airvpn.org/)

    
    
      - claims to be "operated by activists and hacktivists"
      - uses OpenVPN
      - GPLv3 client for many platforms
      - accepts Bitcoin (or PayPal, Credit Cards, ...)
      - has an API

------
rinchik1
[https://ipredator.se/](https://ipredator.se/) name is weird by was rolled out
by pirate bay and quite secure, inactive accounts get deleted with all data
and potential history after about a month.

------
davejamesmiller
For internet browsing, TunnelBear (via the Chrome plugin - technically a proxy
rather than VPN), because it's free and I don't use it often (usually just for
testing sites from a different IP address).

For my own network, OpenVPN because it's open source.

------
lewisl9029
VPNGate [1] is what I usually use for bypassing georestrictions, and it works
quite well for that purpose. The client and server software is based on the
open-source SoftEther VPN project [2], and the actual VPN servers are operated
by volunteers around the world.

I'd hesitate to recommend VPNGate itself for anything that requires real
privacy though. However, SoftEther VPN is an excellent choice if you want to
set up your own VPN on a box somewhere.

[1] [http://www.vpngate.net/en/](http://www.vpngate.net/en/)

[2] [http://www.softether.org/](http://www.softether.org/)

------
arca_vorago
To be perfectly honest, if someone needs to vpn for reasons that could cause
real backlash, aka political dissent, the best thing to have is a owned box
somewhere and tunnel through it. Add one or more layers, and or a use once
discard policy... But the sad fact is thats just about the only way to raise
the barrier of entry for a state level (notice I didnt say nation state)
actor.

Not necessarily condoning illegal activity, just stating things plainly.

I'm pretty sure tor is under attack heavily right now, (see ioerror
accusations), and I have used it very sparingly. Of course only NSA level
actors can comprimise it with enough upstream fiber/exit node taps...

You must always know your enemy.

------
johnpowell
[http://www.frostvpn.com/](http://www.frostvpn.com/)

When I signed up they had a 99 cent a month deal going on. I'm not really
concerned about privacy. I just needed something to help with the connection
to my dedicated server that runs Plex that is hosted with Hetzner.

Comcast here has poor peering to Hetzner and using a VPN solved the problem.

They have a lot of servers all over the world and they few times I have needed
to open a ticket I got a reply in less than a hour.

I also have a Droplet on D.O. that can act as a VPN. I switch to that if I am
doing anything sensitive.

------
neiled
VyperVPN has always been good to me and I've never read anything bad against
it, anyone had bad experiences I should know about?

~~~
oevi
Used it while living in China and never had any problems with it. Love the
native Apps (Mac, iOS) and the fast and reliable connection. I think it's
worth the money.

------
JamyDev
PureVPN because they have lots of countries to connect to. Albeit some sites
using a different geolookup library don't actually recognise them accurately.

Reason? My ISP modem basically dies when there's too many connections opened
at once. So sometimes an innocent `npm install` would kill my internet for a
minute...

------
ancymon
As I understand VPN providers make users share single IP. Doesn't it give some
extra anonymity? For example if you create your own Droplet someone still can
listen for your traffic (but not coming from your PC but from the Droplet) and
you are quite easily identifiable (because you are only user).

------
gkwelding
I used to use privateinternetaccess.com, but various issues with them led me
to look for a new VPN provider. I eventually settled on ivpn.net as they have
a good selection of exit points, their software is easy to use and I can use
it across devices too. Their network speeds have been really good too.

------
teekert
I usually SSH tunnel to my server at home or to my 5$/month Digital Ocean
droplet.

~~~
goldenkey
Not a VPN since DO or well any US hosting company will hand over dox in a
heartbeat. Most VPNs are about mixing connections and varying servers along
with shortlived logs and being stubborn against subpoenas. Their market is
mostly people who need to thwart geolocation for services like Netflix,
security researchers aka whitehats (better to be safe than falsely accused of
being malicious) and blackhats.

~~~
rando444
I think you need to look up a definition of a VPN.

~~~
goldenkey
I think you need to remove snideness from your remarks. It stinks like shit
especially when you end up wrong. A bad way to do intelligent discourse...

Straight from wikipedia:

"Individual Internet users can use some VPNs to secure their wireless
transactions, to circumvent geo-restrictions and censorship, and/or to connect
to proxy servers for the purpose of protecting personal identity and location.
But some Internet sites block access via known VPNs to prevent the
circumvention of their geo-restrictions."

[https://en.m.wikipedia.org/wiki/Virtual_private_network](https://en.m.wikipedia.org/wiki/Virtual_private_network)

~~~
rando444
You shouldn't ever assume malice, especially when there is none. My sentence
is a suggestion that you should try to understand what a VPN is and what it is
not because you don't seem to fully grasp the concept. Lack of knowledge is
nothing to be ashamed of. Everyone is not an expert in every subject.

What makes a VPN has nothing to do with "shortlived logs", subpoenas,
thwarting geolocation, or security researchers.

A VPN is simply a private network stretched over the internet. In fact that
private network might not even be routable back out to the internet, the
network could be purely an internal network.

A VPN connection to your home network is most certainly a VPN, and your
assertion to the person that you were responding to telling him that what he
is doing is not a VPN is incorrect.

Also, if you prefer intelligent discourse, you might want to refrain from such
judgmental language.

~~~
goldenkey
This whole thread is asking for remote VPNs, not home software or setups. So I
fail to see the relevance and your implication to correct my relevant comment
in such a dissonant way. Minor correction OK. But to imply I need to look up
what a VPN is, is silly.

~~~
rando444
I'll refer you to the headline:

 _Ask HN: Which VPN do you use and why?_

First, _all_ VPNs are remote. It doesn't matter if you are connecting to
something you set up yourself or something hosted in a 3rd party facility.

You're seemingly implying some differentiation to the original question that
exists only in your mind.

The parent responded to the asked question with what he uses.

You told him this was "not a VPN", which is just simply not true, and I was
trying to be helpful by pointing out that you might need to get a better idea
of what a VPN is before you go around telling people what is and what is not a
VPN.

~~~
goldenkey
Clearly we just interpreted the semantics differently. I believe he would have
asked "What VPN _software_ do you use" if he wanted anything other than a
remote VPN service for proxy uses.

SSHing to a DO box, really has none of the attributes you would purchase a
remote VPN subscription for. That's what I meant.

Anyhow, we're on the same page. OP never replied so there's not going to be an
answer for what he actually meant. Again, I strongly think he would have
included the word software if he wasn't looking for a remote VPN service for
proxy-like purposes.

------
vowelless
HideIPVPN and Avast SecureLine.

I use HideIPVPN for their European servers. And I use Avast on my phone to
automatically get on VPN when I am on certain Wifi networks (it does SSID
based connections).

------
kawsper
I run my own setup with OpenVPN. I have looked at Pritunl[0] for easier
management of OpenVPN.

[0] [https://pritunl.com/](https://pritunl.com/)

------
evook
Juniper SRX1500 within my private collocation in a friends data centre. Just
worth it, although it could use some redundancy.

------
juiced
WifiMask - [https://www.wifimask.com](https://www.wifimask.com)

------
lukeholder
IVPN - got a heap of recommendations on the last HN VPN discussion.

------
xytop
[http://hola.org](http://hola.org)

~~~
TheGuyWhoCodes
Wouldn't' use them if I was you...
[http://www.csoonline.com/article/2929192/data-
protection/res...](http://www.csoonline.com/article/2929192/data-
protection/researchers-discover-hidden-shell-in-hola-vpn-software.html)

[http://www.techspot.com/news/60828-popular-free-vpn-
service-...](http://www.techspot.com/news/60828-popular-free-vpn-service-hola-
dodgy.html)

[https://torrentfreak.com/hola-vpn-already-exploited-by-
bad-g...](https://torrentfreak.com/hola-vpn-already-exploited-by-bad-guys-
security-firm-says-150602/)

