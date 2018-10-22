Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What VPN service are you currently using?
149 points by doorbellguy 7 hours ago | hide | past | web | favorite | 168 comments
And would you recommend it? I've decided to get one and so far my only two requirements seem to be:

1. It should work with OpenVPN

2. It should support SOCKS5 (Proxy)

PIA, Nord, Mullvad, ZorroVPN, ProtonVPN look promising. On the other hand, SigaVPN is based on a not-for-profit model so I was not sure about it. What is your personal preference?






PIA (Private Internet Access) and am a happy customer for 3rd year running.

Why do I choose them? Besides the ease of use over multiple platforms, they are the only VPN (I am aware of) that has held up in court that they do not store any logs when asked to handover personal information.

Sources:

[1] https://torrentfreak.com/private-internet-access-no-logging-...

[2] https://www.scribd.com/doc/303226103/Fake-bomb-threat-arrest

reply


They also donate to FLOSS on a semi-regular basis.

reply


I have 1GB fiber, do they offer 1GB speeds? How badly would using them as my VPN affect my speed?

reply


IPsec at 1gbps needs a powerful router.

A Juniper SRX 320 that I have can only can reach about 500mbps.

reply


This might sound dumb. But, I use ProtonVPN because Mozilla partnered with them and I place trust in Mozilla’s ability to make a more informed choice than I can make — largely due to their access to information and on hand knowledge and expertise.

https://blog.mozilla.org/futurereleases/2018/10/22/testing-n...

reply


As much as I would like to support Mozilla, connecting to protonvpn.com with Firefox 65.0.1 throws me an insecure site error:

Your connection is not secure

The owner of protonvpn.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Doesn't inspire confidence.

reply


Have you messed with your certs? It should be absolutely fine. I read over the weekend that some people were distrusting QuoVadis because or something or other to do with DarkMatter? I don't really understand too much about it, but proton use QuoVadis[0] so you'll get improper SSL for their sites if you did that.

[0]https://old.reddit.com/r/firefox/comments/au7zcz/how_to_remo...

reply


No, but.... The above error was from my office. When connecting to ProtonVPN's website via a VPN, there is no error. Seems like it could be a certificate configuration error with the network I'm using, which is odd because it's a University and I've not seen that error anywhere else I regularly visit.

reply


FWIW, I get the same error connecting to yc.dev. Seems like a bug.

reply


Same thing happened to me with NordVPN yesterday.

reply


I also use ProtonVPN.

*disclaimer, I also work for ProtonMail so my use of ProtonVPN is more of a company perk, but one I enjoy.

reply


There are a lot of previous discussions on Proton{VPN,Mail} to read up: https://hn.algolia.com/?query=protonvpn&sort=byPopularity&pr...

reply


Let me remind everyone that ProtonVPN is the only VPN service publicly available I know of that owns even a small portion of their own hardware and data center.

reply


I also use ProtonVPN, and proton mail, which I can also highly recommend.

reply


The first question you should ask is why you want a VPN.

Because I believe many people newer ask this question and have some vague idea about "it somehow improves security and/or privacy". In most situations this likely isn't true. You add an additional attack vector and you centralize your communication to a single point.

reply


Communication is already centralized for many people, even when you factor in cell and home internet, often without much alternative. When they've got you locked in like that, they can get away with just about anything: tracking; selling data; hi-jacking your connection for their own interests; blocking anything that goes against their interests; cooperating directly with MPAA, RIAA; etc. There's not much you can do about it.

If a VPN get's caught doing any of that, even if they're remotley suspected, switching is less painful than switching any other online service I can think of. Their motives are as clear as can be with an internet service.

reply


> switching is less painful than switching any other online service I can think of.

I'd even say in many cases switching is possible. It isn't always possible to switch your ISP. Or in my case I can, but all other providers cap at 20Mbps in my town (which is fairly common).

reply


100% this. VPN marketing appears to have really gotten to people, everyone's always asking about it.

Real reasons I can see to use a VPN service

1) You want your traffic to reliably egress in that country. i.e. I live in New Zealand but to access some Australian TV on demand, I need to "appear" in Australia. 2) Errr, I can't think of any others.

If you are really trying to hide your traffic from your ISP:

1) Change ISP 2) If that's not possible, buy a cheap VPS and run OpenVPN/Wireguard on it and egress your traffic via it. Disable all logging etc.

i.e. Unless you need traffic to egress via a particular place and you don't care about someone you don't know seeing your traffic, buy a VPN service. If you DO care about your privacy really, buy a VPS service in the country you want it to egress.

reply


For some of us, we live in jurisdictions where all ISPs are legally required to keep all metadata for all connections. (In tinpot pseudo democracies with governments who fail to understand technology but pass intrusive laws governing it anyway, then declare "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.")

In that case, a few bucks per month is a pretty good deal - it won't protect me if the NSA or any of their FVEYs friends get curious about me specifically, but it _will_ protect me against all my internet metadata getting bulk collected by my ISP and handed over to "national security" relevant agencies, such as local councils, dog catchers, and the taxi commission (yes, those agencies really do request and gain access to ISP metadata!)

I can and have run my own VPN (and VPN-like) endpoints on cheapo vpses, but it's worth my while/time to pay FSecure/Freedome, to do that for me.

reply


So to me this filters down to: You care about your privacy and not have your (meta) data gathered up, but you don't care enough about it ensure that you're really protected, you just hope you are by piping your data off somewhere else, even though the place you're piping it to might also be doing the dirty you.

I do understand your point, which is (correct me if i'm wrong) that you trust FSecure/Freedome to be taking care of your privacy correctly and not just reselling your metadata back to your country of origin etc.

Perhaps I am being a pedantic, grumpy old man though. Because now I think about it, even if we all run our own VPSes there's no way to vet the VPS provider doesn't just tap your egress traffic too.

reply


I'd say you are "appropriately grumpy and pedantic".

From my perspective, my ISP is untrustworthy because it's legally required to be where I live. At least FSecure are not subject to that law, and are business-wise and give me a choice of endpoints that are outside of the jurisdiction of that law. They _might_ be collecting and on-selling that metadata, but I believe they are not. I 100% _know_ my ISP (and all my alternative choices for an ISP) are. So using them is a win.

Even if FSecure turn out to be evil - they'll be doing it for different reasons to my ISP (profit motive vs being compelled by local Australian laws), so the nature of my exposure there is different - and so far as I can see, smaller.

I strongly suspect the NSA _are_ tapping the egress of every commercial VPN provider and every commercial VPS provider. But if my adversary ever becomes the NSA I'm fucked, and I accept that.

If the local taxi commission or dog catcher go asking my ISP for my metadata records - even though I don't own a dog or a taxi license, I feel happier knowing my ISP can only tell them "Don't know, sorry. Here's a bunch of encrypted connections to various VPN endpoints around the globe."

reply


Also - it's not so much about " … don't care enough about it ensure that you're really protected … ", but more like "One of my concerns is getting drive-by exploited because my data appeared in a huge dump of randomly breached metadata, rather than anybody targeting me specifically", and it's worth a few bucks a month to stop worrying so much about that. Being "really protected" is not possible (when the ultimate end-of-level boss fight is with the NSA), and getting even _close_ to that becomes exponentially expensive. 60EUR a year for Freedome on my phones/tablet/laptops and not having to do any ongoing maintenance or upgrading or weekend sysadmin work - is a good value deal for me. I don't think there's a significant improvement I can make to my protection in this area for less than an order of magnitude more money and two orders of magnitude more fucking around. I don't think I'm prepared to expend either of those for some incremental improvement in my privacy... If I were an illegal international arms dealer or a trafficker of cocaine by the tonne, I'd without doubt spend more money and effort there ;-)

reply


I'd say you are grumpy ;)

There is no comparison for ISP with TOS saying they can and will sell your data and VPN company which explicitly advertises privacy.

First it is false advertising and second with GDPR such company would be wiped out after somebody figures it out.

reply


Be careful with that assumption. Many, many VPN vendors actually sell their user data even if they advertise otherwise. They can also be far harder to penalize than ISPs, especially if they're outside the US/EU.

reply


Part of me thinks "I don't care. If Facebook or Google or Experian or Equifax or whoever it's work a buck to wants to pay my VPN provider for my metadata - that's kinda bad, but possibly not as bad as being part of a great big juicy pile of government compelled metadata retention records at my ISP which can be easily accessed by random government agencies or evil actors working in government agencies with very little oversight."

I suspect my data leaking through profit motive from a VPN company specifically selected to be in a far away country is much less likely to fall into the hands of an internet troll or griefer, a disgruntled ex employee or partner, or a vindictive neighbour - than the trove of ISP metadata that can quite likely be readily accessed by bribing or blackmailing some random low-level government employee locally...

reply


I can round robin several different VPN. Feels good that somebody would have job doing data integration.

reply


Why do you think it would be discovered at all? Unless the downstream customer buying the data makes it public, nobody will know. And by operating outside of the EU, you can't really be checked. So nobody who knows what's going on has any incentive to make the arrangement known.

reply


GDPR seems to have comprehensively failed to "wipe out" Facebook and Google - who're quite obviously similarly in breach...

reply


I think you misunderstood what GDPR is about.

reply


Well said.

reply


What about traffic aggregation? Correct me if I'm wrong on this but as far as I understood it, VPN services forward multiple users' requests from a single IP address, disabling website owners to track you using your address.

reply


>1) Change ISP 2) If that's not possible, buy a cheap VPS and run OpenVPN/Wireguard on it and egress your traffic via it. Disable all logging etc.

Streisand (https://github.com/StreisandEffect/streisand) is another option. It has the benefit of running on your own VPS (or bare metal if you want) and it is extremely user-friendly to set up and use.

reply


It would be naive not to expect VPS providers to keep logs themselves.

reply


Travel is the other use case; if I know I'll be at a backpackers with free (but open) wifi, then having a VPN is very handy.

reply


As an Australian:

1) Protect against logging and data retention laws

2) Avoid ISP legal universal blocking regimes

3) Shop for and compare cheaper prices: many places implement what we call the 'australia' tax, artificially inflate the prices when they see we're shopping from an Australian location. This is independent of actual tax collection issues.

4) Torrent: Australian's frequently access shows via torrenting still because our licensing/supply regime gives us a vastly sub-standard catalogue, and you can't access individual shows without signing up to full carrier packages, and we can't sign up to the international carrier's catalogue

5) Avoid data-shaping/non-net-neutral policies

6) Easy International and Geo-IP Testing

7) Logging onto services in public places via public wifi or access points

8) Accessing services during international travel

9) Accessing media explicitly geo-blocked in our country

Your solution (i believe) additionally doesn't meet the criteria of being able to egress from multiple countries/sources, nor does it cover the users who don't want the extra step of setting up the VPS.

I haven't checked, but i'm guessing a VPS comes at a far higher price for less (out of the box VPN specific features) than a specialised VPN provider.

reply


If you're in the States, you probably are better off trusting reputable VPN provider than your local ISP. Especially because your communications are already centralized on that point and there's a long history of them being less than trustworthy.

reply


Mostly because I don't trust my ISP/telecomm provider

reply


Many of the people I know who use VPNs do so to avoid geo-blocking restrictions.

reply


I use Algo[1] on a variety of VPS providers. It supports IPSec, but I only use Wireguard through it. Supporting OpenVPN is an explicit anti-goal for Algo[2].

I generally strongly recommend against using VPN providers on false advertisement grounds -- VPNs fundamentally cannot provide strong anonymity properties, but that doesn't stop many providers from listing anonymity as a selling point. In terms of the property VPNs can provide (privacy), you're better off maintaining as much control as possible over the service: you don't want to be tied to someone else's weak cipher or insecure protocol choices.

FD: I work for the company that made Algo, but have nothing to do with its development.

[1]: https://github.com/trailofbits/algo

[2]: https://github.com/trailofbits/algo/blob/master/docs/faq.md#...

reply


Another option via this route is Streisand.

https://github.com/StreisandEffect/streisand

reply


I've used Streisand for a couple of years now with good result (running on a couple of Digital Ocean $5/mo instances). It takes a bit of setting up on new devices initially, but once done, is super smooth and easy to use.

reply


I use streisand on a VPS. Its always fast and reliable. Highly recommend.

Edited to add link: https://github.com/StreisandEffect/streisand

reply


Yes! I don't use it personally, but have heard positive things about Striesand.

reply


Man, I love Wireguard; fast, stable and it doesnt destroy battery life. I only wish nixos didn't mess with configs, but I will fully admit that it is a very niche problem.

reply


Algo is also significantly cheaper than most offerings. A Digital Ocean instance is $5 a month.

reply


Can you please elaborate a bit more why OpenVPN is risky per se?

I'd love to know more about this.

reply


The FAQ I linked has the full details, but in short:

* OpenVPN's user experience isn't as good as IPSec's or (more recently) Wireguard's.

* OpenVPN uses TLS and specifically OpenSSL, meaning that it inherits substantial design and implementation flaws.

* OpenVPN's security track record is poor, both on the client and server sides.

reply


I really appreciate it. I'm gonna read about Algo and give it a try for sure.

reply


I just ran into a case where I needed a VPN for a short lived task. Ally bank blocks creation of time deposit accounts while in a foreign country, despite me already having an account with them.

Takes less than 10 minutes to setup a VPN with algo on DO and I just shut it down after my task was done. Cost me $0.02. The support for Wireguard + OSX Wireguard App is perfect and super easy.

Please tell your coworkers, thank you!

reply


Mullvad, because it has a good interface for port forwarding, and I kinda like the fact that it supports wireguard. It's also fast and reliable (but so are many of the others), and apparently has good privacy.

I've previously used AirVPN, which was great except for not having any servers near me, and ExpressVPN, which was great except for not having such a good interface for port forwarding (and also it's the most expensive of the ones I like).

PIA failed to answer a question that I sent in using their web support form (they didn't even say that they'd received it but couldn't answer it).

reply


P.S. Also, Mullvad's staff have been doing some work to try to improve wireguard.

reply


I used to use Mullvad but switched to AirVPN. Mullvad was extremely slow in the US (under 25mbps most times) where I have found AirVPN to be able to reach ~750mbps. They also publish the congestion on their servers which is very handy for reaching high speeds.

reply


I keep mullvad + Wireguard in my back pocket for when there's no choice but VPNing. It's been a perfectly workable combo so far.

reply


how do you use wireguard from your phone (i assume that's what you meant by pocket).

I thought wireguard was all cli based for now and no good UI (I use Linux desktop and Android phones)

reply


There's an android app (1). Works fine. Running it 24/7.

https://play.google.com/store/apps/details?id=com.wireguard....

reply


Mullvad is amazing. Definitely my first choice as well.

reply


Read this on Wireguard: https://restoreprivacy.com/wireguard/ Be aware.

reply


The claim that Wireguard has not had a security audit is false[1][2]. It's based on the extremely robust Noise protocol framework, it has a formally verified Tamarin security model and two of the most well-known cryptographers in the world have personally reviewed it with no significant findings.

Wireguard also does not do any of the logging claimed by that article by default. I know this because I maintain Wireguard VPN instances on baremetal and public cloud. This strikes me as a misunderstanding of what Jason wrote on the mailing list about Blind Operator Mode[3].

I stopped reading that article after I saw these two (glaring) inaccuracies. Either someone has a vendetta against Wireguard or they seriously misunderstand the protocol's security and default behavior. ________________

1. https://www.wireguard.com/formal-verification/

2. https://eprint.iacr.org/2018/080.pdf

3. https://lists.zx2c4.com/pipermail/wireguard/2017-November/00...

reply


Box in a basement. A friend in the states provided one for me and I'm happy. It does what it needs to do (AKA encrypts traffic on public networks and lets me get to the US only stuff). It's also undetectable compared to commercial VPNs, because the number of people using it is very small and services think it's just a household.

reply


I use Streisand - https://github.com/StreisandEffect/streisand

It's insanely easy to set up a new box (I use linode right now but it works with a bunch of cloud providers) and it works well for my mobile devices too.

I like the fact that it's my own server and I am the only person with a copy of the encryption keys.

Also, I have a buddy who is in a middle-eastern country where using a VPN is illegal who was unable to use any other VPN service but had no issue connecting to and using my Streisand box.

reply


My favorite is IVPN. It's true that I've written stuff for them. But that's in part because I've known the CEO, Nick Pestel, for several years. And to the extent that I trust anyone, I trust him. But also, they're one of the older VPN services, and one of the first to accept Bitcoin. And their apps are well designed.

I also like AirVPN, Mullvad and PIA a lot. I don't know anyone there personally, but they're all strong privacy advocates.

I'm concerned about relationships between Tesonet and NordVPN and ProtonVPN. So I wouldn't use them.

reply


Thanks for introducing me to IVPN. Seems like a good VPN, uses WireGuard.

Can you elaborate on the problem with the relationship between Tesonet, NordVPN and ProtonVPN. Also does your problem with ProtonVPN extend to protonmail? Should I be considering switching to a new email?

reply


There's an old HN thread about it. Basically, the ProtonMail and PIA CEOs got in a catfight, and traded accusations. I don't recall what PIA was accused of. Maybe connections with China? But I've seen nothing more about that.

The PIA CEO basically claimed that Tesonet operated ProtonVPN for the ProtonMail team. And then additional articles appeared, detailing the connections. And adding NordVPN to the mix.

But many of their HN posts were deleted. And much of the other online coverage disappeared, presumably because of pressure from NordVPN and/or ProtonVPN. But I found caches for three of them.[0,1,2]

Maybe it's all bullshit. But it leaves me suspicious. And I gotta say that ProtonVPN's responses seemed evasive.

0) VPNscam.com: NordVPN, ProtonVPN, ProtonMail, Owned by Tesonet CEO Darius Bereika https://keybase.pub/mirimir/NordVPN%2C%20ProtonVPN%2C%20Prot...

1) best10vpn.com: Proof that NordVPN is Owned by Data Mining Company Tesonet https://keybase.pub/mirimir/Proof%20that%20NordVPN%20is%20Ow...

2) airvpn.com: Why You Can’t Trust NordVPN https://keybase.pub/mirimir/Why%20You%20Can%E2%80%99t%20Trus...

Edit: Also FYI

Lawsuit names NordVPN, Tesonet in proxy data extraction scheme https://news.ycombinator.com/item?id=17873164

HolaVPN (luminati) is suing NordVPN (Tesonet) for stealing p2p proxy patents https://drive.google.com/open?id=1_AlNxNN-fiIVW64-605c_OJO0C...

reply


Well that blows. I just set up a proton mail account and was going to migrate from gmail.

reply


There might really be nothing to it, as the Proton* people claim. Or at least, just a somewhat iffy roll-out of their VPN, using Tesonet staff.

But on the other hand, I gather that Mozilla has picked ProtonVPN for its integrated VPN testing. And they seem competent and privacy-friendly.

Also, whatever they did with ProtonVPN, there's no reason to believe that there's anything wrong with ProtonMail. That's arguably their core competency. And they arguably brought in Tesonet because VPNs were not part of their core competency.

reply


If you are migrating away from a centralized email provider you should move to a personal domain. That way you won't be trapped by any service in the future. There are numerous companies[0] that you can point your domain to and they will handle everything else. This costs a bit of money but it means that you will be the customer rather than the product.

[0] I use migadu.com but fastmail.com seems to be very popular with the HN crowd.

reply


Good thread to read up on it. https://www.reddit.com/r/ProtonVPN/comments/8ww4h2/protonvpn...

reply


I'm going to link here the site [1] I found while researching the same topic several months ago. I was overwhelmed by information available and in the end I didn't choose any option. Seems like all providers have pros and cons and I didn't have any specific use case to weight in on the decision.

The person running it provided a number of detailed comparisons of various VPN providers here [2].

[1] https://thatoneprivacysite.net/choosing-the-best-vpn-for-you...

[2] https://thatoneprivacysite.net/vpn-section/

reply


(1) Read this about VPN issues: https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-s...

(2) Then read this about VPN services and deceptive ratings: https://thatoneprivacysite.net/choosing-the-best-vpn-for-you...

(3) REFERENCE -- look up any VPN you're considering here before using it (there are mistakes in this table, e.g., encrypt.me was named cloak but the specs don’t match).

https://thatoneprivacysite.net/vpn-comparison-chart/

Note: products are listed by product name instead of by manufacture, e.g., F-Secure's VPN is listed as "Freedome," not "F-Secure."

Remember: NEVER USE FREE VPN.

reply


Personally, I just use OpenVPN on one of my DigitalOcean instances. I don't place a lot of reliance on a VPN for privacy (disabling JS, using Firefox's tracking protection, blocking third-party cookies, and avoiding most any social media sites are my main defenses), but I've heard fairly good stuff about Streisand if you're looking to set up at a new IP and datacenter more frequently.

One thing that's often missed is making sure you configure your local firewall to disallow all non-VPN traffic, such as startup/network initialization info.

reply


I'm using Freedome, which requires special software (best I can tell). I'm using it because it's made by F-Secure, and I know the F-Secure people from a long time ago.

They have a large commercial business that would get seriously Kaperskied if it turned out they were knowingly doing anything wrong, and I've decided that that's the kind of incentive I want in a VPN provider.

reply


F-Secure Oyj is a Finnish company. Due to cultural and societal standards, Finns take their work and product very seriously. If anyone or anything was shady and put peoples’ privacy at risk, the company would be shutdown immediately. It would be on the Finnish news for decades. ;)

reply


What happened with Kaspersky?

reply


I’m curious to know about use cases. I recently started thinking about anonymizing my web activity because a few minutes after I searched for a particular make/model vehicle, my wife saw an ad for it on Facebook. It seems like this is IP-based tracking, since I was searching in Firefox Focus (and she doesn’t get car ads in general).

Would a VPN help with this? I’ve tried using Tor (through Brave), but I run into tons of captchas and many sites won’t load at all.

reply


A VPN won't solve the problem entirely, but it can help (because you share a public IP with many other users of that VPN service). Of course it's crucial you pick a vpn provider you trust, that won't sell your data etc.

There are many other ways of tracking though, first of all browser cookies and cache, but also browser fingerprinting. So, with these methods, you can even be tracked/uniquely identified while using a VPN.

https://www.privacytools.io/#fingerprint

reply


Not per your requirements, but Wireguard plus digital ocean/linode/etc just blows the others away in terms of robust and efficient service.

reply


ExpressVPN has been a really great experience in terms of price and ease of use. Been a customer for a few years now.

reply


I like it as well, but Netflix blocks it much more than a year ago...it's a shame, because I travel a lot, and changing country means that I can't finish a series that I was watching in another country

reply


I too use ExpressVPN - `expressvpn list` gives you a list of all VPN servers in all countries, not all of them are blocked. Support has been helpful (< 5 minutes reply time in an Australian Saturday night) in ferreting out one that works, even though back then the support person stated that they focus on keeping US servers unblocked.

reply


Netflix blocks majority of VPN but in contrast Spectrum/Brighthouse is in long-term fight with Sling Tv and they block them unless you use VPN. So you win some you lose some.

ExpressVPN has been great to me and I continue to fail finding bad news about them. They dont offer any discounts tho and Im on $99/year plan but I was tempted to get NordVPN for half thatprice. I gave up on setting up their stone-age designed router software and came back to Express. Express has amazing software for N7000 router series and it allows me to exclude iPad that I use to watch Netflix while rest of network continues to be secure. So with their router software and $99/year you have unlimited amount of devices covered. Speed is amazing too and number of servers avail is very hight. Honestly I feel its worth double the proce I would pay for Nord, as I put it in my company costs anyways ;)

I could not recommend them high enough.

reply


I'm using ExpressVPN Miami servers to video chat to Europe from Colombia, and the quality of the video feed is day and night.

reply


also use expressvpn, close to 4 years now, it’s typically quite stable and i live shanghai, the updates are quite frequent, i suppose it’s to circumvent or make the service more available and the locations are plentiful. the cost is pretty high, 99 usd a year, but if you refer enough users, there’s a 20 usd discount.

the speeds are not great, but it just maybe because i’m in china, i couldnt watch hbo go or stream netflix at the time, i use it generally for programming.

reply


I recently answered this in another thread[0]: I'm using Wireguard in combination with Pi-Hole on a cheap VPS as a VPN on my iPhone, it's blazingly fast and super stable. Will be trying this on my Mac as well now.

[0] https://news.ycombinator.com/item?id=19186795

reply


NordVPN

I use it pretty much exclusively to tunnel my traffic when using a public and/or open WiFi with my phone or laptop.

reply


Here's a comparison of different VPN's for anyone who's interested: https://thatoneprivacysite.net/vpn-comparison-chart/

reply


I used a few over the years. Boleh, Nord, PIA, etc.

One day I woke up and realised I do not know who runs those companies. For example, Nord is registered in Panama, a country where declaring company ownership is not mandatory. Why should I trust them with my data?

After a little digging I found that Proton is the only VPN provider whose owners have put their names and reputations on the the line. The only one.

It doesn't mean I trust them 100%. But if someone is willing to put their face on their website, I'd say it gives them an extra incentive to do their job right.

reply


Your approach to this reminded me of an article[1] I bookmarked last week. Their methodology was kinda similar.

---

[1] https://thewirecutter.com/reviews/best-vpn-service/

reply


Private Internet Access has treated me well. Their price and compatibility is great.

reply


Rented a dirt cheap small VPS (256MB RAM, less than $10/year) and setup my own OpenVPN.

To find a cheap VPS hang out on lowendtalk.com / lowendbox.com

Also, tor browser.

reply


Been using Ghostifi for about three months now. You’re the sole user of the VPN, and you get root access to the VPS that it’s built on.

You may ask “how is this different than just running my own vps”, and the answer is the ability to redeploy to another region with no downtime and push of a button. I love that feature and use it often.

Because you’re on your own VPS, so far in my experience, I’ve never even noticed I’m connected to a VPN. It’s blazing fast. I cancelled my PIA account and moved over entirely.

https://ghostifi.net

reply


Since my main use for a VPN is to access things in the UK from the UK, I use a Raspberry Pi which I left hidden behind the TV in my parents' living room, running things including OpenVPN. Their upload bandwidth isn't great, so I try to avoid loading it during the day - one useful effect of being in a very different timezone!

I also setup OpenVPN access on my mum's laptop, so she can access things in the UK when she's traveling...

Bandwidth costs and blocking of known IP blocks makes a VPS-based solution not so attractive to me. I do have a couple of 'lifetime' accounts with random VPN providers as a backup. I also have the OpenVPN client running in a docker container on my PC with a SOCKS server in front of it, for flexibility.

reply


If you use something like sshuttle, you can use any arbitrary VPS. If you insist on openVPN, however, you can always:

$ sudo apt install openVPN

and run your own VPN instance.

But then again, openVPN requires an excessive amount of configuration, in order to achieve something as menial as a key exchange. The silly thing is that it does not achieve more than what "ssh-copy-id" does, without all the silly ceremonies.

By the way, commercial VPN services also tend to be more expensive than renting your own VPS, which you can nowadays even rent by the hour, if you want to.

In other words, OpenVPN is a service for people who do not know what they are doing. The problem with that is, that their security strategy will ultimately not work either. Paying money to an OpenVPN provider will not make any difference to the problem.

reply


It doesn’t support OpenVPN, but I’ll leave a plug for the Outline VPN from Jigsaw (Alphabet). [0]

It’s similar in concept to Algo, in that you deploy your own VPN server on a VPS rather than use a hosted service. However, it provides a polished desktop app for deploying the server, and walks you through creating a VPS on DigitalOcean very easily.

This is incredibly helpful, because most folks I’ve helped with VPN setups are not comfortable aren’t handy with a CLI, and I’ve been able to walk more than one person through setting Outline up very easily.

[0] https://www.getoutline.org/en/home

reply


I'm glad to see Jigsaw tackling the UX side of things, but some caveats about shadowsocks (the protocol backing Outline): it's an encrypted proxy, not a VPN, and there are some open questions about weaknesses (not necessarily flaws) in its design[1].

I think easy-to-manage platforms like Outline will probably be the future, but I'm not convinced that shadowsocks is the right foundation.

[1]: https://crypto.stackexchange.com/questions/39776/evaluatung-...

reply


There's a website[0] that goes into detail comparing different providers. This used to be a shared spreadsheet but the author chose to turn it into a website. I still have the old spreadsheet if anyone wants it (from 2016?).

I was looking for a reasonably priced VPN not based in the 5 eyes territory, and I came to iVPN as the best solution for my criteria and at $110 per year.

[0] https://thatoneprivacysite.net/vpn-comparison-chart/

reply


Sent iVPN an email a few weeks back if they'd check all my requirements:

- Wireguard in Switzerland

- IPv6 /64 subnet

- No bandwidth penalty

Now they can only fill the last point, if they ever get all three they'll get a lifelong customer out of me.

What I now have is Mullvad for IPv4 for their Swiss servers and good bandwidth, AzireVPN for their /64 IPv6 subnet. Both are running on my router, but I'd be happy to have only one provider.

reply


Express VPN. No complaints. Should switch to annual instead of monthly to save money.

reply


IVPN historically, but lately I'm just running wireguard on my home router.

It accomplishes 99% of what I used a VPN for (privacy on the go) and leaves only one point of trust (my ISP provider).

reply


(1) Read this about VPN issues: https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-s...

(2) Then read this about VPN services and deceptive ratings: https://thatoneprivacysite.net/choosing-the-best-vpn-for-you...

(3) REFERENCE -- look up any VPN you're considering here before using it:

https://thatoneprivacysite.net/vpn-comparison-chart/

(Choose "all" instead of 10, 20, etc. for the "Show" number of items to display setting. Click a column heading to sort by that column. Green is good. Red is bad.)

Note: products are listed by product name instead of by manufacture, e.g., F-Secure's VPN is listed as "Freedome," not "F-Secure."

Remember: NEVER USE FREE VPN.

reply


Have used many, the one that stuck is AirVPN. Best capabilities and Linux support.

reply


I agree. I've been using airvpn with pfsense for a while now. The connection is reliable, I can have multiple connections to multiple regions, and it's simple to route an entire vlan out of a particular VPN.

reply


I just use some 5$ cloud offering and ssh tunnel through that. Works fine in my dictatorship.

reply


I have been using PIA for a few years and am very satisfied.

reply


Private Internet Access

reply


For personal use I use ExpressVPN because it's rock solid with simple setup and UX. For work we setup our own OpenVPN server in a cloud vm. ExpressVPN covers both your requirements with a little extra setup.

reply


I used https://encrypt.me and really liked their client. To be honest, I didn’t know a whole lot about them, but that wasn’t a primary concern factor at the time.. it was who I was vpn-ing to be unseen that drove me to a vpn at the time.

reply


Mullvad. I LOVE their signup process and it's really cheap (€5/mo for up to 5 devices at one time I reckon).

reply


The only reason I use a VPN is to shift my traffic to make it look like it's coming from another country. Only for traffic that I don't care about getting sniffed. I close everything I can before activating it.

That said I just use a free one that didn't ask for a signup - https://www.vpnbook.com/

reply


Currently manually pay for an EC2 instance and install wireguard on it (I have my playbook to automate the processes).

reply


I've done the same but for a proxy I needed to circumvent geofencing restrictions. I got a local(non-US) VPS provider and installed squid on it. I found it more affordable than the paid services out there and it's immensely better than free options that are prone to abuse and are rendered essentially unusable.

reply


Trust.Zone, cheap (relatively), outside of the 5 eyes, and has an server in India

reply


IVPN:

https://thewirecutter.com/reviews/best-vpn-service/

reply


I use Windscribe. Very flexible. Pay only $1 for a country (may have multiple locations) , and $1 for unlimited data. (this can be purchased without a premium location as free locations are as good)

reply


Mullvad and NordVPN. Mullvad because they support WireGuard. NordVPN I'm transitioning away from since Mullvad is significantly better. With both I needed Linux support and both deliver that in spades. Not a fan of the performance of OpenVPN anymore after getting a taste of Wireguard. Mullvad is likely one of the more privacy focused services - although YMMV with any of them.

reply


Shameless plug but this is super handy https://github.com/ttlequals0/autovpn

reply


A dedicated server at the Warsaw Hackerspace, which is its own LIR/ISP (AS204880) and has a BGP session to the local IX and an upstream mix.

I highly recommend running your own VPN endpoint on at least a VPS/cloud instance somewhere. Such address blocks are used by tons of other users at immense traffic levels, and as such your traffic is much less likely to be intercepted by the provider itself.

reply


I doubt the scale of the data being intercepted is much concern for the hyperscale providers. AWS already has a customer-facing service that monitors for connections to its own "watchlist", I'd be surprised if all traffic isn't monitored in the same way.

reply


I'm using SurfShark, they're pretty small but development seems quite fast.

reply


I use PIA. No problems so far.

reply


Same, for about 6 years.

reply


What problem are you trying to solve?

reply


I'm using outline on digital ocean.

https://www.getoutline.org/en/home

reply


Here's another question I had for a few weeks:

I tried a server of a certain free VPN via OpenVPN and since it did not support tunneling traffic through their own servers for IPv6 requests, my friend told me to disable IPv6 on my adapter's settings. Now ipleak.net doesn't detect my location. Was it a smart thing to do?

reply


Unless you're using a VPN service that provides its own IPv6 address, as well as an IPv4 address, it's crucial that you disable IPv6 and/or use a firewall to block IPv6 traffic.

Or at least, it is if your ISP provides IPv6 service. If it does, and the VPN both routes IPv6 and doesn't push its own IPv6 address, IPv6-capable websites will see a global IPv6 address that's owned by your ISP.

reply


Thank you very very much.

reply


De nada.

https://test-ipv6.com/ is a good test site.

reply


TorGuard is great, I get excellent speed and very low ping from east coast.

the only thing I like is how they aren't actually associated with Tor in any way... lol...

reply


Private Internet Access

reply


NordVPN, its very good.

reply


I create one on AWS with CloudFormation as needed. It's not the cheapest option overall but for intermittent use, it's far cheaper than paying a monthly subscription.

Also, if you pay your AWS bills using an Amazon Prime credit card, you get 5% back. (just checked on my cc)

reply


Parent informed me of an option I hadn't even considered.

reply


There is alternative option beside VPN, which is shadowSocket, you can search keyword SSR, it works very well, in order to use it, you need to rent a VPS (about $10 per year), which is used to deploy SSR service. it is more secure than VPN I think.

reply


Bandwagon https://bwh1.net/index.php I created a shadowsocks server on Bangwagon

reply


Bandwagon Host， https://bwh1.net/index.php

reply


I use NordVPN for my home server's docker containers, on my phone and on my Mac. Never had any issues and it's v. cheap when purchasing for 3 years.

reply


I use a VPS with OpenVPN. I control both sides so I could switch clients or service providers pretty easy. Current cost is about $20usd/mo

reply


Is there a way to setup an “always on” VPN on my device, such that it disallows any traffic to egress unless connected to the VPN?

reply


On macOS/iOS you can configure the built-in VPN clients to use "on-demand" mode, which wont allow traffic before the VPN connection is established.

The only way to configure this however is using the Apple Configurator tool and create a custom profile.

I run this for my OpenBSD IKEv2 servers which gives me automatic on-demand VPN on cellular and all non-known Wi-Fi networks (== not home).

reply


> The only way to configure this however is using the Apple Configurator tool and create a custom profile.

'Activate on demand' is just a checkbox in WireGuard app settings on iOS, so apparently it's only the built-in VPN types that need Apple Configurator. Since IPSEC/IKEv2 are overengineered and L2TP is outdated, you're better off using wg anyway.

reply


Algo (another commenter mentioned it[1]) allows you to set this up to be the default for the VPN, very nice feature. I use it on my phone since I often connect to random wifi APs. More and more of the web is moving to HTTPS but a disturbing amount of unencrypted traffic abounds.

[1] https://news.ycombinator.com/item?id=19242119

reply


Yep, Algo uses the same approach. It's generating device configuration profiles with the necessary settings. I'm generating mine in the same way but slightly different to allow toggling Ethernet and to support the OpenIKED ciphers etc.

reply


macOS and iOS call this "Connect on Demand." I'm not sure about other systems, but it should be possible.

reply


Nord has a feature they call kill-switch that does this.

reply


Private Internet Access

reply


I use torguard extremely fast and reliable.

reply


I run an OutlineVPN client on my AWS server.

reply


Was using TunnelBear but need an alternative now that they were acquired by McAfee.

reply


anyone use wireguard? i hear it’s extremely lightweight and can be used between containers, but curious if it’s beneficial for common use like netflix?

reply


I use Wireguard for a VPN I run at work and am very happy with it. But for a use like Netflix it doesn't really make a difference compared to any other VPN technology.

reply


I use ProtonVPN since they launched. No issues experienced so far...

reply


I use my own instance of OpenVPN server running on a VPS

reply


I have built a private VPN server on top of wireguard and IPSec, still very early days soft launch this week: https://www.tunnelhero.com early adopters and beta testers welcome, msg me for a discount code!

reply


Nord.

reply


I use ProtonVPN along with ProtonMail.

reply


Seedbox.io

Primarily it's a cheap but good seedbox. VPN is included and works with openVPN. I use it to access piratebay every now and then, which is otherwise blocked in my country.

reply


Have you tried Shadowsocks?

reply


Had not heard of it, but I will certainly take a look. Appreciate it

reply


it is popular in PRC.

reply


using nord. but for apps like intercom its not able to hide the users IP

reply


Freedome by F-secure

reply


NordVPN

reply


I use PIA but it's the only one I've ever used.

I travel a lot in Asia which is why I need it as some countries block websites I need.

Had issues with it in China but put ExpressVPN on my phone which seemed to work fine 70% of the time.

reply


PureVpn

reply


Safer vpn.

reply


I'm using Nord because I got the three year deal for $99.

reply


ExpressVPN

reply


purevpn

reply


ProtonVPN

reply




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: