“We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services.”
Most of these security vulnerabilities can be disabled, but they can also be switched back on without your knowledge during an update. Some cannot be turned off at all.
So how can you protect yourself and keep using Windows 10? First off, check out our giant list of privacy tools; there’s a section just for Windows 10 users.
Next, get a VPN. A VPN encrypts and anonymizes all your online activity. We’ve listed our top 5 favorite VPNs for Windows 10 users with emphasis on the following criteria:
- App quality
- Supports OpenVPN protocol
- DNS leak protection
App quality is pretty self-explanatory. Setup and use of the native Windows client should be easy and intuitive.
The OpenVPN protocol is open-source and audited. It’s relatively fast and widely regarded as the most secure and trusted protocol available. It doesn’t come built into Windows 10 like SSTP, L2TP, and PPTP, so these VPN providers must provide the user with an app that makes setting up OpenVPN easy.
DNS leaks are a known Windows 10 vulnerability, so VPNs that can suppress this are a must. A DNS leak nullifies a user’s anonymity by sending a web page request to their internet service provider instead of to an anonymous DNS server through the VPN. This allows your ISP and possibly Windows to track your web browsing.
Because Microsoft is based in the US and is known to have complied with the NSA’s bulk surveillance program, we prefer VPN providers based outside of the US to avoid any further conflicts of interest.
Here are our top 5 favorite VPNs for Windows users:
Ever among the top 5 in almost any category, ExpressVPN makes this list for it’s superb app. It’s the simplest option for those who want something that just works without fuss, and it boasts the fastest average download speed of any VPN we’ve tested so far. Users can opt to use ExpressVPN’s DNS servers whenever connected by toggling it in the advanced settings. ExpressVPN is incorporated in the British Virgin Islands beyond the reach of the GCHQ and NSA, and it keeps no usage logs. It’s also one of the few VPNs to work with Netflix.
TRY IT RISK FREE: ExpressVPN have offered our readers an extra 3 months free and a 49% discount on the 12 month plan. The 30 day money-back guarantee still applies so you can try it risk free.
Read our full review of ExpressVPN.
US-based IPVanish uses OpenVPN with strong encryption and features a true zero logs policy, meaning it record neither session nor traffic logs. It’s one of the only VPNs to sport a Tier 1 network, meaning it owns all of its own servers rather than renting physical or virtual space from someone else. Because of that, we’ve overlooked the fact that it’s based in the US. IPVanish boasts a selection of almost 60 countries and all connections are DNS leak protected.
Read our full review of IPVanish here.
SAVE 60%: Save 60% here on the IPVanish annual plan.
Panama-based NordVPN has a true logless policy, meaning it keeps neither connection nor usage logs. Extra features include double-hop encryption, Tor over VPN, and a kill switch. Those plus DNS leak protection can all be switched on in the app settings. The Windows client is extremely detailed but not overwhelming for new users. The server list is categorized by recommended use–TV streaming, dedicated IP, Tor over VPN, etc–and each server is pinged so you can see which location offers the least latency.
Read our review of NordVPN.
Cheap deal: NordVPN is running a very popular 3 year deal here which discounts the monthly cost by a huge 77%. It’s a great all round VPN at a low price.
CyberGhost offers easy offers easy-to-use apps and a large network of servers that spans more than 1,100 servers in over 40 countries. CyberGhost’s premium tier stores no identifying logs and protects your data in transit with 256-bit AES military-grade encryption on the OpenVPN protocol. A no-expiry free tier is available, but free users are required to queue and the servers are much slower. Live chat is available should you encounter any issues. Speeds are excellent and Pro subscribers can connect up to five devices at the same time.
Apps are available for Windows, MacOS, iOS, and Android.
Read our full CyberGhost Pro review.
Most of VyprVPN’s team is located in the US, but parent company Golden Frog is officially incorporated in Switzerland. The app gives a graphical readout of real-time data use and a transparent overview of your connection settings including IP address, protocol, and whether the NAT Firewall is enabled or not. DNS leak protection can be toggled in the settings. The slick app comes at a bit higher cost than some competitors, but it’s within reason. One downside to consider is VyprVPN’s logging policy: your real IP address, VyprVPN address, and connection logs are stored for up to 30 days.
Read our full review of VyprVPN.
VPNs to avoid
When deciding which VPNs Windows 10 users should avoid, free options top the list. We listed a couple here that the typical person would likely find on Google, but the same goes for pretty much all free VPN services.
We passed on several paid VPNs as well because they either don’t protect against DNS leaks, are based in the US, or both.
If you Google “free VPN for Windows,” Betternet will be one of the top search results. Betternet doesn’t collect user logs, but the app itself is part of an ad platform that accesses your cookies so as to target you with advertisements, videos, and suggested apps. It also doesn’t protect users from DNS leaks. It’s not that Betternet is malicious–in fact, it’s quite transparent in how it operates. We might even recommend the mobile app as a decent free alternative. But for Windows, we have to say pass.
Hide.me is the other free VPN for Windows that ranks high on Google. While it has premium plans that aren’t so bad, the free version limits speed and data transfers to 3 Mbit/s and 2GB, respectively. It also doesn’t support OpenVPN, which is our recommended protocol for security. Free users are limited to three server locations, and port forwarding is not available (useful for torrenting). On the plus side, Hide.me is completely log-free.
HMA is based in the UK, which is better than the US in the sense that a hernia is preferable to a hemorrhoid. It was implicated in the arrest of two LulzSec hackers by allegedly corroborating with the British government. The US and Sony were believed to be behind the arrests. HideMyAss uses Google DNS rather than its own private DNS servers and lacks built-in DNS leak protection, instead recommending users configure their DNS settings manually. Due to the LulzSec incident, HideMyAss is believed to keep at least partial logs on its users.
Read our full review of HideMyAss.
Double check for DNS leaks
If you want to double-check that your DNS leak protection is working, you can run a DNS leak test here. Run the test with your VPN enabled and then again with it disabled to get an instant readout of the test results.
Can’t unblock Netflix and Hulu? Try disabling IPv6
Even if a VPN advertises DNS leak protection, websites like Hulu and Netflix can sometimes still force a request to leak out over the IPv6 protocol. By default, most VPNs force all DNS requests onto IPv4 and avoid IPv6 altogether. But if IPv6 is enabled on your device, this might not stop an IPv6 DNS leak on Windows 10.
First off, make sure you ask your VPN provider’s customer support if they have servers that unblock US Netflix and Hulu. If it does and you are connected to one of those servers, but the site still detects you are using a VPN, then you may need to disable IPv6.
To do so, follow these instructions:
- Right click the wifi or LAN icon in your system tray and click “Open Network and Sharing Center”
- On the Window that appears, click the link for your network next to “Connections”
- Click Properties
- Uncheck the entry for “Internet Protocol Version 6 (TCP/IPv6)”
- Press “OK” to save changes, then restart your computer
IPv6 is now disabled, and you should no longer leak IPv6 DNS requests.
How to manually set up a VPN on Windows 10
With all of the above providers, you need only download and install an application to get up and running. Connecting is as simple as logging in, choosing a location, and hitting the Connect button.
But if an app doesn’t suit you, Windows 10 has built-in VPN support that can be manually configured. The OS doesn’t support OpenVPN however, so we recommend choosing from L2TP/IPSec, SSTP, or IKEv2. Avoid PPTP; even though it can be faster and is slightly easier to set up, it has known security vulnerabilities.
To get started, you’ll need to get the following information from your VPN provider according to your chosen protocol:
- VPN server address
- Pre-shared secret or certificate
- In the search bar, type “VPN” and click the menu cog at the top of the search results.
- On the menu that pops up, click Add a VPN connection
- Under VPN provider, choose Windows (built-in). Fill in all of the other information mentioned above accordingly.
- Hit Save
- The VPN should now be listed in the VPN menu. Click it and then hit Connect
- Wait a moment for the connection to be completed, and that’s it! You’re connected.
- After you set your VPN up the first time, you can access it more quickly by clicking the wifi icon in your system tray. It should be listed near the top.