Internet service providers (ISPs) in the United States will soon be able to track and sell records of your internet activity, including what websites you visit, messages, emails, searches, and more. Senate Joint Resolution 34 (S.J. Res 34) will repeal an Obama-era FCC privacy rule that barred corporations like Comcast and Time Warner Cable from selling customer’s browsing data without permission.

The bill has already passed both houses of Congress and as of the time of writing only needs President Donald Trump’s signature to become law. No one is exactly sure how far ISPs will be willing to go when selling your info, but as it stands there’s very little regulation preventing them from selling personally-identifiable information (PII) along with private details ranging from sexual orientation to medical records.

Once the bill becomes law as expected, there are only two surefire ways to prevent your ISP monitoring web activity: a VPN or Tor. We prefer VPNs because they are faster and don’t draw undue attention from ISPs or authorities. A VPN encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing. While the VPN is connected, your ISP cannot see what websites you visit, what apps you use, or the contents of anything you send or receive over the web. Nor can the ISP inject advertisements or other content into your browser.

Below, we get into detail on each of the VPN providers that make up this list, but if you only have time for a quick review, here are our top choices:

  1. ExpressVPN Leads the pack with strong encryption, security, and privacy features. Keeps no logs and offers multiple options and apps for protecting all your devices and traffic. 30-day money back guarantee has you covered.
  2. NordVPN Budget provider that built their reputation on security and privacy. Strict zero logs policy and no logs kept of your internet activity.
  3. IPVanish Owns and operates all the servers on their network. Hold no logs or metadata on any of their users. DNS leak protection.
  4. StrongVPN Strong security and privacy features along with a no logs policy, but not the easiest apps to use.
  5. Private Internet Access Solid security credentials. Strict with keeping no logs on user activity. Well priced but displayed inconsistent download speeds in testing.

The best VPNs to prevent ISP tracking

To that end, we’ve compiled a list of the best VPNs to prevent your ISP from tracking what you do online based on the following criteria:

  • No traffic or IP address logs
  • Strong, up-to-date encryption
  • DNS leak protection
  • Dynamic, shared IPs
  • Bonus: not based in the US

1. ExpressVPN

ExpressVPN is incorporated in the British Virgin Islands. It boasts a best-in-class encryption suite, combining the OpenVPN protocol with 256-bit channel encryption, SHA512 authentication, and 4,096 RSA keys that use perfect forward secrecy. The company uses its own DNS servers and routes all DNS requests through the VPN, so nothing leaks out to your ISP. Hundreds of users can share a single IP address, so it’s nearly impossible to track any activity back to you. The ExpressVPN app includes a “network lock” that halts internet traffic should your connection drop at any point until it is re-established. Apps are available for Windows, Mac, iOS, Android, Linux (command-line), and certain wifi routers. ExpressVPN is also great for unblocking geolocked content like Netflix and Hulu when traveling abroad.

BEST VPN FOR PREVENTING ISP TRACKING:ExpressVPN is our first choice It offers military-grade encryption protocols coupled with a neat design and fast speeds. It works instantly and reliably and is suitable for beginners and advanced users alike. Leads the way in unblocking geo-resricted sites and services. Plans include a 30-day no-quibbles money-back guarantee so you can try it risk-free.

Read our full review of ExpressVPN.

2. NordVPN

Panama-based NordVPN offers excellent bang for your buck–up to six simultaneous connections on a standard subscription. But the real value is in the company’s strict zero logs policy and its strong encryption suite: 256-bit encryption on OpenVPN and 2,048-bit Diffie Hellman keys. The NordVPN app includes a process-specific kill switch, so you can specify which programs get blocked from sending un-encrypted traffic over your ISP network should the connection drop. A huge range of servers are available including some optimized for extra privacy, including Tor over VPN and double VPN. Apps are available for Windows, MacOS, iOS, and Android. NordVPN can also unblock geographically-restricted content like Netflix and Hulu if you travel abroad.

BUDGET-FRIENDLY:NordVPN offers great value for money, with a large server network, fast speeds, and great unblocking capabilities. This provider offers a 30-day money-back guarantee.

Read our full review of NordVPN.

3. IPVanish

IPVanish is one of the few VPN providers to actually own, rather than rent, its servers. That means it has greater control over who can access those servers. By default, users connect using OpenVPN with 256-bit AES encryption, SHA512 authentication, and ephemeral 2,048-bit RSA keys with perfect forward secrecy. The company keeps no records of traffic nor metadata on its users, so despite being based in the US, it couldn’t produce any information on users even if it wanted to. DNS leak protection is built in and a kill switch can be enabled in the settings. Apps are available for Windows, MacOS, iOS, and Android.

FAST AND RELIABLE:IPVanish has a large network of servers. Uncongested network achieves good speeds. Strong security and privacy features. Could do with having live customer support. 7-day money back guarantee.

Read our full IPVanish review.

4. StrongVPN

StrongVPN is based in the US but keeps zero logs of any kind on user activity. We recommend users opt for the secure L2TP, SSTP, or OpenVPN protocols and avoid the obsolete option to use PPTP. Although we’re not a fan of the Windows app, StrongVPN does use 256-bit encryption and SHA512 authentication. It owns its physical servers rather than renting them. DNS leak protection and a kill switch can be enabled in the settings. Apps are available for Windows, MacOS, iOS, and Android.

MOST RELIABLE:StrongVPN confidently overcomes geo-blocking. Reliable network of servers. Good on privacy and they retain no internet browsing logs. Ample security. Manual configuration may challenge some users. 45-day money back guarantee.

Read our full review of StrongVPN.

5. Private Internet Access

US-based Private Internet Access, or PIA for short, doesn’t keep any logs and it has even published court documents to prove it. Users can set which VPN protocol they use along with the level of encryption. The most secure configuration is OpenVPN combined with 256-bit AES encryption, SHA256 authentication, and 4,096-bit RSA keys with perfect forward secrecy. PIA operates its own servers and its app includes DNS leak protection and a kill switch to prevent any traffic from leaking onto the unencrypted ISP network. Apps are available for Windows, MacOS, iOS, Android, and Linux.

STRICT NO LOGS POLICY:Private Internet Access has top security, low price, rich security features, and great customer service. Speeds can be inconsistent. 7-day money back guarantee.

Read our full PIA review.

Be wary of free VPNs

There are hundreds of so-called “free” VPN services floating around app stores and Google search results. But as we always say, if you’re not buying the product, you probably are the product. Free VPNs still have to make money, and they often do so by mining users’ data, injecting advertisments, and even installing malware on users’ devices. This makes them just as bad or worse than your ISP.

Not all free VPNs are bad, but even the more trustworthy ones will implement bandwidth limits or data caps. They have a very limited selection of congested servers and might force you to wait in a queue before connecting.

Can my ISP see my VPN?

While using a VPN, your ISP cannot decipher the contents of your internet traffic nor can it figure out where your traffic is traveling to or from. That means your ISP cannot see what sites you visit or anything you do while connected. It can only see that encrypted data is traveling to a server.

It’s possible that your ISP will know that said server belongs to a VPN. VPNs are 100 percent legal in the United States, however, and no American ISPs that we know of block or throttle traffic to VPN servers.

So don’t worry about it. Your ISP isn’t going to punish you for using a VPN. If they do, they’ll be breaking the FCC net neutrality order, and you should give the Electronic Frontier Foundation a call to get them off your back.

That being said, we’re not sure how much longer the net neutrality order will stand under the Trump administration. After removing broadband privacy rules, the Obama-era rule that says all internet traffic should be treated equally could be next on the chopping block.

If that happens, the VPNs we list here can use so-called “obfuscation” techniques and other methods to hide the fact that you’re using a VPN. Hopefully it won’t come to that, though.

Why are no-logging policies important?

If a VPN logs your activity, it’s no better than an ISP that does the same. It could just as easily mine your web traffic for data and sell it to third parties without restriction.

This is why we strongly prefer VPNs that don’t log. We’re primarily concerned with traffic logs, which include the contents of web pages you visit and any unencrypted emails or messages.

Metadata logging is less of a concern and includes things like when you connected to the VPN, for how long, and how much data you used. What’s less acceptable is if those metadata logs include the user’s real IP address, which means their activity can be traced back to them.

Comcast” by Mike Mozart licensed under CC BY 2.0