Internet service providers (ISPs) in the United States will soon be able to track and sell records of your internet activity, including what websites you visit, messages, emails, searches, and more. Senate Joint Resolution 34 (S.J. Res 34) will repeal an Obama-era FCC privacy rule that barred corporations like Comcast and Time Warner Cable from selling customer’s browsing data without permission.
The bill has already passed both houses of Congress and as of time of writing only needs President Donald Trump’s signature to become law. No one is exactly sure how far ISPs will be willing to go when selling your info, but as it stands there’s very little regulation preventing them from selling personally-identifiable information (PII) along with private details ranging from sexual orientation to medical records.
Once the bill becomes law as expected, there are only two surefire ways to prevent your ISP monitoring web activity: a VPN or Tor. We prefer VPNs because they are faster and don’t draw undue attention from ISPs or authorities. A VPN encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing. While the VPN is connected, your ISP cannot see what websites you visit, what apps you use, or the contents of anything you send or receive over the web. Nor can the ISP inject advertisements or other content into your browser.
To that end, we’ve compiled a list of the best VPNs to prevent your ISP from tracking what you do online based on the following criteria:
- No traffic or IP address logs
- Strong, up-to-date encryption
- DNS leak protection
- Dynamic, shared IPs
- Bonus: not based in the US
ExpressVPN is incorporated in the British Virgin Islands. It boasts a best-in-class encryption suite, combining the OpenVPN protocol with 256-bit channel encryption, SHA512 authentication, and 4,096 RSA keys that use perfect forward secrecy. The company uses its own DNS servers and routes all DNS requests through the VPN, so nothing leaks out to your ISP. Hundreds of users can share a single IP address, so it’s nearly impossible to track any activity back to you. The ExpressVPN app includes a “network lock” that halts internet traffic should your connection drop at any point until it is re-established. Apps are available for Windows, Mac, iOS, Android, Linux (command-line), and certain wifi routers. ExpressVPN is also great for unblocking geolocked content like Netflix and Hulu when traveling abroad.
READER DEAL: Save 49% on ExpressVPN here. This includes 3 months extra free and a 30-day money-back guarantee so you can try it risk-free.
Read our full review of ExpressVPN.
Panama-based NordVPN offers excellent bang for your buck–up to six simultaneous connections on a standard subscription. But the real value is in the company’s strict zero logs policy and its strong encryption suite: 256-bit encryption on OpenVPN and 2,048-bit Diffie Hellman keys. The NordVPN app includes a process-specific kill switch, so you can specify which programs get blocked from sending un-encrypted traffic over your ISP network should the connection drop. A huge range of servers are available including some optimized for extra privacy, including Tor over VPN and double VPN. Apps are available for Windows, MacOS, iOS, and Android. NordVPN can also unblock geographically-restricted content like Netflix and Hulu if you travel abroad.
Read our full review of NordVPN.
IPVanish is one of the few VPN providers to actually own, rather than rent, its servers. That means it has greater control over who can access those servers. By default, users connect using OpenVPN with 256-bit AES encryption, SHA512 authentication, and ephemeral 2,048-bit RSA keys with perfect forward secrecy. The company keeps no records of traffic nor metadata on its users, so despite being based in the US, it couldn’t produce any information on users even if it wanted to. DNS leak protection is built in and a kill switch can be enabled in the settings. Apps are available for Windows, MacOS, iOS, and Android.
Read our full IPVanish review.
StrongVPN is based in the US but keeps zero logs of any kind on user activity. We recommend users opt for the secure L2TP, SSTP, or OpenVPN protocols and avoid the obsolete option to use PPTP. Although we’re not a fan of the Windows app, StrongVPN does use 256-bit encryption and SHA512 authentication. It owns its physical servers rather than renting them. DNS leak protection and a kill switch can be enabled in the settings. Apps are available for Windows, MacOS, iOS, and Android.
DISCOUNTED OFFER: Save 41% with StrongVPN’s 1-year deal here. This includes a 7 day money-back guarantee so you can try the service risk free.
Read our full review of StrongVPN.
US-based Private Internet Access, or PIA for short, doesn’t keep any logs and it has even published court documents to prove it. Users can set which VPN protocol they use along with the level of encryption. The most secure configuration is OpenVPN combined with 256-bit AES encryption, SHA256 authentication, and 4,096-bit RSA keys with perfect forward secrecy. PIA operates its own servers and its app includes DNS leak protection and a kill switch to prevent any traffic from leaking onto the unencrypted ISP network. Apps are available for Windows, MacOS, iOS, Android, and Linux.
READER DEAL: Save 58% when you sign up for PIA’s 2-year deal. There’s a 7 day money back guarantee so you can try it risk-free.
Read our full PIA review.
Be wary of free VPNs
There are hundreds of so-called “free” VPN services floating around app stores and Google search results. But as we always say, if you’re not buying the product, you probably are the product. Free VPNs still have to make money, and they often do so by mining users’ data, injecting advertisments, and even installing malware on users’ devices. This makes them just as bad or worse than your ISP.
Not all free VPNs are bad, but even the more trustworthy ones will implement bandwidth limits or data caps. They have a very limited selection of congested servers and might force you to wait in a queue before connecting.
Can my ISP see my VPN?
While using a VPN, your ISP cannot decipher the contents of your internet traffic nor can it figure out where your traffic is traveling to or from. That means your ISP cannot see what sites you visit or anything you do while connected. It can only see that encrypted data is traveling to a server.
It’s possible that your ISP will know that said server belongs to a VPN. VPNs are 100 percent legal in the United States, however, and no American ISPs that we know of block or throttle traffic to VPN servers.
So don’t worry about it. Your ISP isn’t going to punish you for using a VPN. If they do, they’ll be breaking the FCC net neutrality order, and you should give the Electronic Frontier Foundation a call to get them off your back.
That being said, we’re not sure how much longer the net neutrality order will stand under the Trump administration. After removing broadband privacy rules, the Obama-era rule that says all internet traffic should be treated equally could be next on the chopping block.
If that happens, the VPNs we list here can use so-called “obfuscation” techniques and other methods to hide the fact that you’re using a VPN. Hopefully it won’t come to that, though.
Why are no-logging policies important?
If a VPN logs your activity, it’s no better than an ISP that does the same. It could just as easily mine your web traffic for data and sell it to third parties without restriction.
This is why we strongly prefer VPNs that don’t log. We’re primarily concerned with traffic logs, which include the contents of web pages you visit and any unencrypted emails or messages.
Metadata logging is less of a concern and includes things like when you connected to the VPN, for how long, and how much data you used. What’s less acceptable is if those metadata logs include the user’s real IP address, which means their activity can be traced back to them.