Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Best paid VPN?
55 points by o_s_m on Sept 7, 2013 | hide | past | favorite | 59 comments
How safe and vetted is PrivateInternetAccess? Any other favorites?

I like mine (cryptoseal.com) obviously, but I don't think there's a single best VPN for all uses right now. It really depends on how you want to use it:

1) Travel? Travel to China? -- then worry about what VPNs are blocked

2) Need strong anonymity against the US government? You're probably out of luck, but Tor might be a good technology to use for now. Really, you want something which is message-based, not streams, and can have mix-net style latency, not onion routing. Other than email (mixmaster/mixminion, both too small in deployment to be safe, now), you're out of luck. Stay tuned, though. (You also probably need more than just the network -- incognito mode, some kind of filtering proxy, etc.)

3) QoS/etc. evasion on e.g. Comcast for torrenting? I'd probably go with the torrentfreak recommendations. (http://torrentfreak.com/vpn-services-that-take-your-anonymit...) Generally I think a seedbox is a far better solution for torrenting than a VPN, though.

4) Great Mac support? That is GetCloak's focus.

5) Mobile? The PPTP/L2TP stuff built in is the best, although the security is weaker than SSL or IPsec VPNs.

6) Price? AnchorFree is free. The others range from (generally) $3-20/mo/user.

7) Need to tie in with your existing on-premises networks, AWS VPC, or support multiple clients, or do DLP, etc? That's what cryptoseal's business product tries to do, or you could use a conventional on-premises vpn hardware appliance from Juniper, Cisco, etc.

8) etc.

There isn't one best choice.

What about a recommendation for a secure and private vpn for usage on public networks. No illegal (torrenting) services needed.

Bonus that it also works well with mobile (android 4.1+).

i operate a VPN server in switzerland for me and a couple of friends; feel free to contact me via j8BILqZHb4MLSBFF@burnmoney.trillianpro.com (valid for 1 week; spambox.us) to work something out :)

no logging and quasi-unlimited traffic. it works on my iphone so i am assuming there should not be a problem with android...

We've been committed to privacy in the form of a VPN service for quite sometime. The founders of PIA (including myself) were actively involved in the beginnings of Bitcoin and many related services surrounding it, and have since devoted all of our time to the proliferation of privacy.

We have the most servers of all paid VPN service providers and are committed to privacy. We also support many non-profit organizations, including EFF, Gnome, FFTF amongst others. We are also the hosts of BitcoinTalk.org, BlockExplorer.com, and proud sponsors of MoDaCo.com and MIUI.us.

Please do take advantage of an offer we have right now going on until the end of the weekend:


Additionally, please feel free to read this interview: www.bestvpn.com/blog/7319/an-interview-with-private-internet-access-founder-andrew-lee/

Lastly, please feel free to checkout our blog for more: https://www.privateinternetaccess.com/blog

edit: And we don't log. Period. No sessions. No IPs. Nothing. Zilch, zero, nada.

I've been using PIA for a year now and it's been fast and easy to use. It works without a third party client on MacOS X and iOS which is awesome.

I used to be a PIA customer and I liked the idea that they do not log anything. However, the lack of a good third-party audits that support their claims, is something that I found weird. Is there a way you can prove that you do not log anything beyond just blog posts?

Great question - this is indeed an issue as it's difficult to prove to others that you are/aren't doing something which they cannot verify without gaining full access to all of your servers in their entirety.

However, our trust comes from the many years that we have operated this business in this fashion and the good faith of our users.

With that said, we have been in discussions with some well known privacy organizations regarding the setup of an auditing body that could verify these sort of things.

Thanks for your reply. When can we hear about those bodies or organizations? I am highly interested in that because that is one of the things that is keeping me away from PIA at this point.

May I humbly suggest our service: https://www.SurfEasy.com

We are a No-Log network with support for Mac, PC, iOS and Android. We also have a unique USB solution that has a browser and VPN client, so you can plug in and be private at work. (no install or admin rights required)

Michael Geist is an adviser to our company and we work with EFF and Fight for the Future. (you can check out our AMA here: http://www.reddit.com/r/IAmA/comments/1h1y0t/i_am_michael_ge...)

Also, if you really want to be private you can walk into one of our 4,500 retail partners and pay cash for our service. https://www.surfeasy.com/where_to_buy/

We offer a free plan that gives 500mb a month, but you can earn a lot more by referring friends or just using the service.

If you want to upgrade to an unlimited account here's a discount code that will get you 20% off our Total VPN Annual plan: Hack20


Mine! I own and operate https://GetCloak.com/.

Cloak is a little different. Our unique features include: (1) zero configuration, (2) elegant VPN clients with first-to-market security features, like OverCloak^, and (3) tight integration between our clients and our global VPN network, to allow things like automatic lowest-latency selection of server endpoints.

Ask me anything you like!

^ OverCloak: silly name, great feature: https://www.getcloak.com/about/overcloak/

Some screenshots might have been nice - Can't even figure out whether it's an app or just a config enabler for the native VPN feature.

Actually the very first image on the home page slider shows you our apps and the devices they run on. On the Mac, it's a little menu bar icon that stays out of your way (and wraps OpenVPN under the hood.) On iOS, it's effectively a configurator.

A location picker right from the menu bar would be nice. VyprVPN does that (Not to say that it's a great app).

Right now it's in Preferences, under Transporter. But we do plan to add your favorite locations directly to the menu for easy access. Thanks!

VPS on Hetzner + OpenVPN with HMAC firewall.

I think if you are using generic webhosting instead of pure VPN, then your traffic is less likely to be monitored/recorded in association to your credit card number.

I would second this recommendation, if you have the technical chops for it. Whilst it may seem like more work initially - your vpn will perform far better.

Many paid vpn providers limit you to ~1Mbps down, which may be impractical for some forms of browsing. By contrast, as your personal vpn's only client - you can reasonably expect to see speeds comparable to your own connection and (if you are in europe) only a minor drop in ping.

Furthermore, if you need to use the VPN on a network which blocks ports, running the vpn yourself allows you to edit the port upon which it accepts connections.

Lastly - Hetzner is provider without direct ties to the US/UK, which should afford you some security from drag-net surveillance etc... the Germans seem pretty upset about the whole US signals intel overreach debacle. A win from this perspective.

I run a vpn server on a $5 digital ocean vps. My isp throttle ftp connection, so it's very useful when I need to transfer files via ftp. I'd rather use sftp, but some of my clients use rackspace cloud sites (only support ftp and sshfs).

Also, I notice that if I use vpn when using 3g connection, I don't experienced many dropped connections anymore. Without vpn, if I open too many tcp connection, some connections would start to drop. Could it be that when using vpn, the mobile network sees my internet traffics as one socket connection to the vps? I probably need to learn how vpn works under the hood and not just take them for granted.

Another benefit is I can install mosh on the vps, and if I need to login via ssh to a remote server (that don't have mosh installed), I would login to my vps with mosh, and then proceed to login to the remote server via ssh. This (mostly) eliminates the annoying typing delay on ssh terminal.

>> Hetzner is provider without direct ties to the US/UK

Which also makes them a bad choice if you're trying to watch US TV channels or something while you're visiting abroad.

True - I was making the assumption that the OP's desire for privacy was in light of all the recent security related press.

However if your suggestion is in line with their intent then the recommendation still stands, just use a provider like digital ocean and choose a datacenter location appropriate to your needs.

Depends on what's you definition of best.

I use vpnmakers. Reasons:

* Servers in a dozen different countries. You can select which country's IP you want: http://vpnmakers.com/templates/vpnmakers/includes/hostnames....

* Cheap: $3.5-$4.85/month

* "No logs are kept. Only IP address which are deleted at the end of the week."

* 7 days money back, can try safely.

Go http://vpnmakers.com or http://vpnmakers.com/aff.php?aff=433 if you feel like saying thanks.

* Create a Digital Ocean Droptlet

* ssh -D 8008 root@<ip>

* add localhost:8008 to your SOCKS Proxy

Now you've VPN equivalent with 1TB bandwidth for just $5/month

That is not necessarily a vpn equivalent - as a third party program would require something like proxifier (http://www.proxifier.com/) in order to forward all traffic over the proxy.

Yes. That is a good tool. That's why I said it is an equivalent. Not a VPN :)

Recommend https://www.privateinternetaccess.com/

Never had any problems and can report the bandwidth they give you is good. It's also quite cheap $40/year.

Had multiple issues including poor bandwidth with a prior VPN whose name i forgot. Was also accused of being an email spammer by prior VPN, which I'm not, lol. Got a refund after that...

been using https://www.privateinternetaccess.com/ for a while. pretty sweet.

I operate on a basis that the effort required of me is somewhat proportional to the resources of a potential attacker, so I don't worry enormously about whether I'm keeping my traffic secure from the US government - given an adequate budget and a focus, they can conceivably monitor all inbound and outbound traffic from any commercial VPN provider's connection points. I advise non-technical people much the same way - it's easy to keep Susie Snoopy and the Casually Curious out, harder but not much so for someone targeting you for espionage or investigation (corporate or personal) and I just assume and advise that any kind of government investigation is going to get your info even if it's just by brute-forcing passwords.

On that basis of protecting against the casually snoopy and non-targeted monitoring, I use PIA - I can connect 3 devices to it at once (phone, tablet, laptop), I can use multiple exit points though I mostly haven't needed to, it's simple to use, inexpensive, and the technology they support seems to be at least up to standard. It's also been useful in a couple of cases where I wanted to test connections to a network from outside that network - tunneling my traffic out and letting it come back in is handy, and the international endpoints let you test functionality that restricts connections based on country of origin.

If you're using a small hosting provider you may also be able to do tunneling through them, but ask first - when I was using a Linux laptop and my phone was rooted, I was using SSH tunneling through my hosting company instead because my traffic levels were insignificant compared to my monthly traffic allocation. I could certainly do the same things again, but quite frankly I'd rather just pay the $40/year or so for a drop-in solution that I don't have to spend time dinking around with.

I don't know how to evaluate its trustworthiness, but I use PIA too and like it. Quite fast, servers in many countries, and support for L2TP (so you can use it in Android without a client -- though they provide one).

I use https://hide.io/ and have 0 complaints. I'm always a keystroke away from being in 1 of 10 different countries: http://i.imgur.com/ijUu3y3.png

I've also heard great things about http://www.spotflux.com/. Spotflux is actually free to use until you want to bring the service to your mobile device. It also encrypts your traffic and filters for malware and ad-tracking.

Would you mind sharing how you configured Alfred to let you switch your VPN endpoint?

Hey guys,

I'm a Dutch national who had the same question a couple of months ago. Our country has net neutrality by law so has less trouble with government surveillance etc.

Since there were no good VPN's hosted by a Dutch company I started one as a pet project, with free accounts and paid ones. The free ones are equal to the paid ones. The idea of the project was just to give me and my friends protection when downloading or traveling.

By no means am I trying to spam promote here, but it's free and awesome. Truly believe that it would be useful for you. You can find it here: https://bluevpn.co/

There is indeed no best choice, but unless you are going full metal jacket wit Tor this will work perfectly and on all devices.

I'll add http://airvpn.org into the mix.

I've had no speed issues, they have lots of locations, accept bitcoin, no logging and their owners are quite frequently on the use forums.

I think they're based out of Italy.

I would suggest you avoid any US and UK providers. Surveillance cooperations like https://en.wikipedia.org/wiki/UKUSA_Agreement are red flags.

With the degree to which the US government threatens, coerces, or infiltrates tech businesses, I don't have any real trust for any VPN service, whatsoever. I pay for one (proxpn - it was the only one that didn't seem completely shady at the time) and use it, but I certainly don't trust it.

Additionally, finding one is the first part. Being able to pay for it, is another, apparently. (I was paid up for awhile ahead of time with my service before the credit card companies stated they'd no longer process transactions paid to VPN services outside the US).

Depending on what you want for VPN. And what is Best for you. All i cared is Pricing. And I use VPN is go pass firewall.

I use VPN.sh

And they have a new plan where it is a Pay as You go package. No Monthly fees, you buy a block of 100GB and use it for as long as you want. Top it up when you finish with it. For Light browsing usage this is the cheapest I find.

Not to mention they have 6 location for you to choose from. So you get the best speed for your local website. And You can swap in and out when ever you need to.

They have some Coupon code in LET. So check them out if you see fit.

The only reason not to roll your own VPN on some private server, is the lack of deniability. The dedicated IP of the server is tied directly to your name/credit card. A public VPN, while also tied to your banking info, usually acts as a NAT. Multiple clients exit the VPN given the same source IP address. If no logs are kept (as promised on most services), no one can (accurately) tie an IP address to your name. I personally use the BTGuard VPN for this reason.

some basics: -- always use a secure vpn (that is NOT just any vpn) -- always use high-end cryptography for the stream content on the vpn (like IPsec) -- look for a vpn provider that has absolutely nothing to do, work in, have equipment installed in, is a subsidiary of a company residing in the US, the UK and all its commonwealth dependencies, Canada, Australia and New Zealand. -- besides that, the vpn provider should also provide you with a voluntary connection (that is YOU holding the ONLY key in any encryption -- and the vpn provider should contractually commit to not having, maintaining for any purpose any logs of your connectivity -- always use that from a fully portable operating system (DVD or USB stick) like Tails -- use when possible also Tor (note that Tor traffic remains always visible and is not encrypted) for anonymity -- use an automated MAC spoofer -- always use PGP/GPG with RSA/RSA subkey set and 4096 bit keys

If you have accomplished all the above, you have a 'relatively' safe communications vehicle.

happy camping all.

and oh yeah if somebody on this medium operates a vpn service accomplishing all the minimum demands above for it, please make pr, cause your service is in high demand.

Despite the unfortunate name, http://www.hidemyass.com has a pretty decent service.

Not really. They log, and there have been anecdotes about people losing anonymity because of it. You are much better off with PIA or another product with stronger anonymity guarantees.

Ultimately, you never know if the guarantee is worth anything until it's tested, but there have been cases where HMA was tested, and failed.

Just don't think they'll ignore US subpoenas.

really? I think you should read this: http://invisibler.com/lulzsec-and-hidemyass/

heh. it's pretty catchy. quite like the name

Browse around http://www.how-to-hide-ip.info/ Might find something that fits your needs, as @rdl mentioned, there's no right answer.

I like tunnelr. They have pretty good log retention rules and a bunch of handy exit nodes.


Plugging http://vpn.sh here - tons of locations and the price is right.

> 100GB Bandwidth

and no unlimited plan.

I like and use Witopia.net. 70 USD p.a. w/ unlimited traffic and gateways in basically every region of the world.

I like iVPN: https://www.ivpn.net/

You've been flagged. please assume the party escort submission position

Why have I been "flagged?"

I think it was an attempt at humour, as in the fascist party ruling the country has now tagged you as a dissenter and will arrest you.

I suggest you get some hosting somewhere (location will depend on where you are, and where you're communicating too, and who you're worried about). Then install OpenVPN (requires custom clients) or configure IPSec (will work out of box on all OSes including Android/iOS).

This is what I've done. Grab a $5/m VPS from Digital Ocean, which comes with 1TB of traffic, and install OpenVPN on it. Although if you're concerned about using a US company to hose the VPS you could pick any other company and have the same results.

edit: typo

I have a two-tier solution. Cheap VPS provider in the US that then chains to a a dedicated server from OVH which is hosted in Canada.

For sites that are US-only I have a web proxy running on the VPS provider and use Foxproxy to divert those sites through that proxy.

I don't really have any particular reason to do this other than being bored and making it annoying for anyone (hacker, government, etc) trying to peek at my traffic.

vpntunnel is a pretty good service, and there are no logs.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact