So many VPNs compete for your attention that they can all start to seem the same.

How do you determine which is the best VPN for you?

That’s where we come in.

Comparitech puts every VPN we review through a battery of speed tests, security checks, and real-world use cases. We scrutinize privacy policies, attempt to unblock a range of region-locked content, and see whether they can bypass online censorship. As part of our research we have read the small print of over of 140 VPN logging policies, run 5,000+ tests to see which VPNs work with Netflix and performed thousands of VPN speed tests.

Whether you’re looking to unblock Netflix or other streaming services, torrent privately, or trying to access the open internet from a place like China, we’ve got you covered.

We selected the best VPNs on the following criteria:

  • Security and privacy
  • Speed
  • Ability to unblock region-locked content (Netflix, Amazon, Disney+ etc)
  • Usability
  • Customer support
  • Value for money
  • Device compatibility

You can read more here on how we test VPNs and our methodology.

Best VPNs of 2021

Once you know what to look for in a VPN and have an idea of what it can be used for, we would like to make a few recommendations. The following top VPNs have outshone the competition and fulfill all of the criteria discussed above.

If you don’t want to read the whole article, here’s a shortlist of the best VPN services:

  1. NordVPNBest all round VPN. Fast speeds. Great for streaming, lots of servers, and strong security. Minimal logs.
  2. Surfshark: Best budget VPN. The cheapest VPN on this list. Unlimited simulatenous connections.
  3. ExpressVPN: Fastest VPN. Unblocks region-locked content, works in China, fast speeds, no logs, and impeccable security.
  4. CyberGhost: Best streaming VPN. Another good budget VPN. A great option for novice users who want all the benefits of a powerful VPN, including speed, security, and unblocking for a low cost.
  5. IPVanish: Best VPN for Kodi. A security-focused provider that ensures you can access any app or website safely and privately.
  6. PrivateVPN: Best VPN for privacy and security. A new VPN with great speeds. It excels at unblocking streaming content including Netflix.
  7. Hotspot Shield: Best free VPN. A secure VPN that’s good for streaming with free and paid plans.
  8. Private Internet Access: Best Linux VPN. Great for users who like to fine tune their VPN to their needs.
  9. VyprVPN: Best VPN for torrenting. A secure, no-logs VPN with an option for extra stealth.
  10. Windscribe: Best VPN for beginners. Paid users can use Windscribe’s novice-friendly apps to stream, torrent, and browse securely on an unlimited number of devices.

Comparison of best VPNs

No valueNordVPNSurfsharkExpressVPNCyberGhostIPVanishPrivateVPNHotspot ShieldPrivate Internet AccessVyprVPNWindscribe
Lowest monthly price$3.30$2.21$6.67$2.25$2.92$2.50Free$2.03$8.33Free
Simultaneous connections6Unlimited57Unlimited55103 (5 with premium)Unlimited
Average speed tested115 Mbps71 Mbps135 Mbps58 Mbps52 Mbps71 Mbps48.4 Mbps68.2 Mbps44.2 Mbps36.9 Mbps
Works with NetflixYesYesYesYesYesYesYesYesYesYes
Allows torrentingYesYesYesYesYesYesYesNoYesYes
ProtocolsNordLynx, IKEv2, OpenVPNWireGuard, OpenVPN, IKEv2, ShadowsocksOpenVPN, L2TP, PPTP, LightspeedWireGuard, OpenVPN, IKEv2OpenVPNOpenVPN over UDP or TCP, L2TP, PPTPCatapult Hydra, OpenVPN, WireGuard, IKEv2OpenVPN, WireGuardChameleonTM, OpenVPN, IKEv2,WireGuardIKEv2, WireGuard, OpenVPN over UDP or TCP, Stealth, Websocket Stealth
Encryption256-bit AES256-bit AES256-bit AES256-bit AES256-bit AES256-bit AES256-bit AESUp to 256-bit AES 256-bit AES256-bit AES
Log policyLimited logsNo logsNo identifying logsNo identifying logsNo logsNo logsNo logsNo logsNo identifying logsNo identifying logs

Best VPNs in detail

1. NordVPN

NordVPN Dec 2021

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.NordVPN.com

Money-back guarantee: 30 DAYS

NordVPN emphasizes security and privacy above all else, but it won’t let you down when it comes to other features and capabilities. The Panama-based provider operates a blazing fast network of servers in over 60 countries. It uses strong encryption and maintains a true zero-logs policy.

NordVPN is capable of unblocking Netflix, Hulu, BBC iPlayer, and other streaming sites that normally block VPN users. With up to six simultaneous connections on a single low-price subscription, NordVPN offers one of the best value plans on the market.

Some servers are specialized for faster streaming or added security, including Tor over VPN and double VPN servers. A process-specific kill switch allows you to choose which apps get cut off from the internet in the event that the VPN connection unexpectedly drops.

Beginner-friendly apps are available for Windows, MacOS, iOS, Android, Linux, and Fire TV.

Speed

Our tests show NordVPN averages 115 Mbps per second, making it one of the fastest VPNs we’ve reviewed.

Privacy and Security

NordVPN keeps some minimal logs, including device identifiers. It does not record your online activity or real IP address. The company is incorporated in Panama, which has no data retention laws.

NordVPN servers run entirely on volatile memory (RAM) so that no data remnants are left behind upon rebooting, and that the server software has not been tampered with.

The apps are well protected against DNS, WebRTC, and IPv6 leaks.

Encryption and Protocols

NordVPN employs 256-bit AES encryption and perfect forward secrecy to keep your data safe. The encryption is effectively uncrackable, and even if a server is somehow compromised, PFS ensures attackers can’t decrypt previous or future sessions.

By default, NordVPN uses a proprietary protocol based on Wireguard dubbed NordLynx. It uses a double-NAT system to keep your IP address hidden. NordLynx greatly improved the service’s speed over previous protocols. OpenVPN and IKEv2 are also available in the apps.

Pricing

  • 2 year plan $99 ($4.13 per month)
  • 1 year plan $79 ($6.58 per month)
  • 1 month plan $11.95

New features

NordVPN has started rolling out infrastructure upgrades in the form of colocated servers. Unlike most VPN servers, which are rented out from third-party data centers, NordVPN fully owns and maintains colocated servers.

As mentioned above, the latest version 6 of NordVPN’s apps introduced the NordLynx VPN protocol, which gave the service a huge speed boost.

Pros:

  • Zero logs policy
  • Strong security
  • Fastest VPN we have tested
  • Unblocks Netflix, Hulu, Prime Video, Disney+, HBO
  • Six simultaneous connections allowed
  • 5,000+ servers in 60+ countries

Cons:

  • A few unreliable servers
  • Suffered a data breach in late 2019

BEST BUDGET VPN:NordVPN’s simple interface hides its trove of tweak-able options and features so you can customize your experience. Great for streaming.

Read our full NordVPN review.

NordVPN Coupon
SAVE 72% on the 2-year plan
Black Friday TagGet Deal >
Discount applied automatically

2. Surfshark

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.Surfshark.com

Money-back guarantee: 30 DAYS

Surfshark is another newer provider that competes with larger providers at nearly every level. It excels at unblocking region-locked content like Netflix and other streaming services. Notably, Surfshark allows an unlimited number of simultaneous connections per account. Although it doesn’t have as many server locations, the speed and security are on par with the veteran providers.

Surfshark keeps no logs and is suitable for torrenting. Live chat support is at your disposal around the clock. It bypasses censorship in China and other countries where internet access is restricted.

Apps are available for Windows, MacOS, iOS, Android, Fire TV, and Linux, with browser extensions for Firefox and Chrome.

Speed

Surfshark scored above average in our speed tests, averaging 71 Mbps globally.

Privacy and Security

Surfshark has a strict zero-logs policy. Other than some non-identifying diagnostic data, it does not record your online activity or any metadata that could identify you. The company is incorporated in the British Virgin Islands, which is a separate country from the UK and one that has no data retention laws.

Surfshark doesn’t leak IPv6, DNS, or WebRTC data, and has a kill switch that cuts your internet connection if the VPN connection drops for any reason. Surfshark uses its own private DNS servers.

Encryption and Protocols

In late 2020, Surfshark introduced the Wireguard protocol to its service, replacing the OpenVPN and IKEv2 protocols as the default options. Shadowsocks is also an option for Windows and Android users.

Surfshark employs 256-bit AES encryption in conjunction with SHA512 authentication and 2048-bit RSA keys. Those keys are generated upon starting each session using perfect forward secrecy, which means past and future sessions can’t be decrypted even if the server is somehow compromised.

Pricing

  • 2 year plan $59.76 ($2.49 per month)
  • 6 month plan $38.94 ($6.49 per month)
  • 1 month plan $12.95

New features

The latest version 2 of Surfshark’s MacOS app is now compatible with all M1 processors.

As mentioned above, Wireguard is not available on most Surfshark apps, which greatly improves its speed.

Pros:

  • Unlimited devices
  • Works in the UAE and China
  • Unblocks Netflix, Hulu, and BBC iPlayer
  • Keeps no logs whatsoever

Cons:

  • Relatively small server network
  • Occasional slow server

GREAT LOW COST VPN: Surfshark is a great budget VPN and an all-round strong performer

Read our full Surfshark review.

Surfshark Coupon
Get 3 Months FREE with a 2-year plan
Black Friday TagGet Deal >
Discount applied automatically

3. ExpressVPN

ExpressVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.ExpressVPN.com

Money-back guarantee: 30 DAYS

ExpressVPN excels in every facet of being a great VPN. It operates servers in 94 countries. You’ll rarely, if ever, encounter downtime. Speeds are the fastest of any VPN on this list, enough to stream 4K video and even live streams.

Torrenting is allowed, and the company keeps no identifying logs of traffic or metadata. Users can unblock Netflix, Hulu, HBO Go, and HBO Now on select servers. Live customer support is available around the clock. ExpressVPN bypasses China’s Great Firewall as well as any other censorship system thrown at it.

All connections are protected with bleeding edge security standards, second to none in the VPN space. A kill switch and DNS leak protection are built into the apps.

Available for Windows, MacOS, iOS, Android, Linux, Fire TV, and certain wi-fi routers. The apps are simple enough for even a complete novice to use. You will have to pay a bit more than the competition to avail of all these great features, but ExpressVPN is well worth the price.

Speed

ExpressVPN is the fastest VPN we’ve tested yet, with an average global download speed of 135 Mbps.

ExpressVPN
Average Connection Speed – North America (USA) 135.7 Mbps
Average Connection Speed – Europe (UK) 134 Mbps
Average Connection Speed – Asia (Hong Kong) 136 Mbps

Privacy and Security

ExpressVPN doesn’t collect any identifiable data from users. That means no logs of your online activity, IP address, or username while using the VPN. It does collect some minimal diagnostic data, like total amount of bandwidth consumed and dates (not times) of connections.

ExpressVPN is based in the British Virgin Islands, which has no mandatory data retention requirements. Despite the name, it is not part of the UK.

All ExpressVPN servers run entirely in RAM, with no data left on hard drives. That makes the server software more difficult to tamper with and doesn’t leave any remnant user data behind.

ExpressVPN doesn’t leak DNS, WebRTC, or IPv6 data, and it operates private DNS servers. A kill switch, called a “network lock” in ExpressVPN parlance, is also built into the apps.

Users who wish to stay anonymous can pay with cryptocurrency and sign up through a dark web .onion site.

Encryption and Protocols

ExpressVPN’s Lightway protocol is now default in all of its apps. The proprietary protocol shows massive speed improvements over OpenVPN without sacrificing security or privacy. That being said, OpenVPN, IKEv2, and L2TP are all still supported in the apps.

256-bit AES encryption protects every connection, along with 4096-bit RSA keys, SHA512 authentication, and perfect forward secrecy. PFS ensures your past and future sessions cannot be decrypted even if the key for the current session is compromised.

Pricing

  • 1 year plan $99.95 ($6.67 per month). Plus 3 months extra free.
  • 6 month plan $59.95 ($9.95 per month)
  • 1 month plan $12.95

New features

ExpressVPN’s new Lightway protocol sent it to the top of our speed test charts. It’s now available across all of the provider’s apps (version 10 or later).

TrustedServer is ExpressVPN’s technology for running VPN servers entirely on volatile memory (RAM). It was introduced in a fairly recent update and is already being imitated by competitors.

ExpressVPN’s router app just got a fresh redesign.

Pros:

  • Strong security
  • Fast speeds
  • No identifying logs
  • Unblocks Netflix, Hulu, Prime Video, etc
  • Easy to use
  • 24/7 live chat support
  • Works in China

Cons:

  • Slightly more expensive
  • Doesn’t always work with BBC iPlayer

BEST FOR SPEED DEMONS: ExpressVPN excels on every front whether you’re an advanced power user or a novice just getting started.

Read our full ExpressVPN review.

ExpressVPN Coupon
SAVE: 49% plus 3 months Free!
Black Friday TagGet Deal >
Discount applied automatically

4. CyberGhost

CyberGhost

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.Cyberghost.com

Money-back guarantee: 45 DAYS

CyberGhost has really come a long way in the past couple of years. It checks off every box when it comes to security and privacy. That includes strong encryption, leak protection, a kill switch, and a no-logs policy.

CyberGhost makes it easy to unblock your favorite streaming sites, including Netflix, Hulu, and BBC iPlayer, among many others. And instead of guessing at which server location will work best, you can simply choose the streaming service you want to unblock from a list in the app.

CyberGhost allows up to seven simultaneous connections. Apps are available for Windows, MacOS, iOS, Android, and Amazon Fire TV.

Speed

CyberGhost averages 58 Mbps download speed according to our tests.

Privacy and Security

CyberGhost boasts a zero-logs policy and promises not to record your online activities, IP address, or other identifying information.

The apps don’t leak IPv6, DNS, or WebRTC data. Kill switches are included in the apps on all platforms. CyberGhost uses its own private DNS servers.

NoSpy servers are an extra-secure option, offering privately-owned servers in CyberGhost’s own data center.

Encryption and Protocols

CyberGhost protects connections with 256-bit AES encryption, 2,048-bit RSA keys, and SHA256 authentication. Perfect forward secrecy ensures that even if your current session’s encryption key is compromised, it can’t be used to decrypt past or future sessions.

CyberGhost recently added Wireguard to its app, improving speed without sacrificing security. OpenVPN and IKEv2 are also on the table.

Pricing

  • 3 year plan $87.75 ($2.25 per month) + 3 months free
  • 2 year plan $83.76 ($3.49 per month)
  • 6 month plan $47.88 ($3.99 per month)
  • 1 month plan $12.99

New features

The addition of WireGuard in version 8 of the CyberGhost app makes some noticeable speed improvements.

CyberGhost is in the midst of adding a standalone smart DNS service that can be activated through the app. It looks like this will function similarly to ExpressVPN’s MediaStreamer service, which allows you to unblock streaming services without the full protection of a VPN. Although this is less secure, it does work on a lot of devices that don’t support VPN apps, like game consoles and Apple TV, and your connection isn’t slowed down by the VPN.

Pros:

  • Fast, streaming-optimized servers
  • Connect up to seven devices simultaneously
  • Kill switch on all apps and keeps no logs
  • Apps are great for beginners

Cons:

  • Doesn’t reliably work in China or UAE

GOOD ALL-ROUND VPN: In addition to all of CyberGhost’s great features, speed, and security, it also comes with a 45-day money-back guarantee, longer than any other provider on this list.

Read our full CyberGhost review.

CyberGhost Coupon
SAVE 83% +3 Months FREE on the 2 year plan
Black Friday TagGet Deal >
Discount applied automatically

5. IPVanish

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.IPVanish.com

Money-back guarantee: 30 DAYS

IPVanish offers a sizable network of servers that it actually owns, rather than rents, in more than 60 countries. The US-based company holds to a strict no-logging policy and sports a top-end encryption suite. Torrenting is allowed, and IPVanish’s simple interface is particularly well-suited to Kodi and Plex users who operate their devices via a remote control instead of a keyboard and mouse.

Speeds are extremely fast for quick downloads and seamless HD streams with very little buffer time. A kill switch and DNS leak protection are built in, as is a “scramble” feature that obfuscates traffic so your internet provider can’t tell that you’re using a VPN.

Simultaneous connections are unlimited, so it’s a solid option for a family or group of housemates. Apps are available for Windows, MacOS, iOS, and Android.

Speed

IPVanish averaged 488 Mbps in our speed tests, making it the fastest VPN as of time of testing. It should be more than enough for HD or even 4K streaming.

Privacy and Security

IPVanish is based in the USA, but it keeps no logs of users’ online activity or identities. So even if the FBI came knocking and asking for user data, IPVanish wouldn’t have any to hand over.

An option kill switch will cut off your internet connection in case the VPN connection drops for any reason. You can set your IP address to change at regular intervals, making you more difficult to track. You can even obfuscate your connection using the “Scramble” feature, which makes VPN usage harder for your ISP and other third parties to detect.

IPVanish operates its own private DNS servers.  The apps don’t leak IPv6, WebRTC, or DNS data.

Encryption and Protocols

IPVanish uses 256-bit encryption, SHA512 authentication, and 2,048-bit RSA keys with perfect forward secrecy. PFS ensures past and future VPN sessions can’t be decrypted even if the current one is somehow compromised.

IPVanish recently implemented Wireguard, which greatly improves speeds without compromisingsecurity. OpenVPN and IKEv2 are also solid options on offer.

Pricing

  • 1 year plan $34.69 ($2.62 per month)
  • 1 month plan $3.49 (rises to $9.99 after first month)

New features

IPVanish in 2021 expanded its network and added Wireguard, which improved speeds considerably.

In late 2020, IPVanish introduced SOCKS5 proxy servers. A SOCKS5 proxy doesn’t offer the same encryption as a VPN, but it will hide your IP address. Connections to these servers must be manually configured and can’t be enabled within the IPVanish app for now.

Pros:

  • Fast speeds
  • Great security
  • No logs
  • Huge server network
  • Great for Kodi
  • Unlimited simultaneous connections

Cons:

  • Blocked in UAE
  • Blocked in China
  • Doesn’t unblock as many streaming services

FAST VPN: We run hundreds of automated speed tests every day, and IPVanish routinely scores highly.

Read our full IPVanish review.

IPVanish Coupon
SAVE 73% on the two-year plan
Black Friday TagGet Deal >
Discount applied automatically

6. PrivateVPN

PrivateVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.PrivateVPN.com

Money-back guarantee: 30 DAYS

PrivateVPN is a relatively young provider compared to others on this list, but that hasn’t stopped it from offering a competitive service. Every connection is protected by military-grade encryption, a kill switch, and leak prevention.

Despite it’s smaller server network, it’s proven to be adept at unblocking various streaming services, including Netflix and Hulu. Speeds are great, fast enough to stream in HD without buffering. Live chat support is at your disposal, though it’s not manned at all hours. PrivateVPN keeps no logs.

Apps are available for Windows, MacOS, iOS, Android, and Amazon Fire TV.

Speed

PrivateVPN’s average global download speed was 71 Mbps in our latest tests, placing it among the fastest VPNs.

Privacy and Security

PrivateVPN is based in Sweden, which does have data retention laws. But PrivateVPN says it keeps no logs of user activity or other identifying data.

Customers can pay with Bitcoin for a more anonymous signup option.

Whereas the provider previously used Google DNS servers, PrivateVPN now operates its own private DNS servers. We didn’t record any DNS, IPv6, or WebRTC leaks in our testing.

A kill switch is only available in the Windows app.

A “Stealth VPN” feature obfuscates your connection to make the VPN less detectable in countries like China.

Encryption and Protocols

PrivateVPN is one of the few providers to offer adjustable encryption. Users can choose between 128-bit and 256-bit. The former offers slightly quicker speeds but weaker encryption.

SHA256 is used for authentication, and 2,048-bit RSA keys for authentication. Perfect forward secrecy ensures past and future VPN sessions can’t be decrypted even if the current session key is somehow compromised.

Pricing

  • 2 year plan $49.99 ($2.08 per month)
  • 3 month plan $16.99 ($5.66 per month)
  • 1 month plan $8.99

New features

PrivateVPN now uses its own DNS servers instead of Google’s.

All of the apps went through a hefty redesign for version 3, on both desktop and mobile.

Pros:

  • Fast speeds
  • Great at unblocking Netflix, Hulu, etc from abroad
  • Strong security
  • No logs
  • Works in China

Cons:

  • Small server network
  • Live chat not 24/7

SMALL VPN, BIG PERFORMANCE: PrivateVPN is an up-and-coming provider that performs on a level we normally expect from serious veterans.

Read our full PrivateVPN review.

PrivateVPN Coupon
SAVE 79% on the two year plan
Get Deal >
Discount applied automatically

7. Hotspot Shield

Hotspot Shield

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.Hotspotshield.com

Money-back guarantee: 45 DAYS

Editor’s Note: Hotspot Shield is owned by Pango, Comparitech’s parent company.

Hotspot Shield is a solid option for users who primarily want to stream region-locked content like Netflix. You’ll get all the speed you need to stream Hulu, BBC iPlayer, Amazon Prime Video, and ITV Hub from anywhere in the world without buffering or a drop in quality.

Hotspot Shield operates servers in more than 80 countries. It can bypass China’s Great Firewall to access sites and apps otherwise restricted there.

Apps are available for Windows, MacOS, iOS, Android, Linux, and Fire TV. You can connect five devices at once.

Speed

Hotspot Shield’s average download speed was 48 Mbps in our tests.

Privacy and Security

Hotspot Shield has greatly improved its logging practices so that it no longer retains any identifying information about VPN users.

The latest versions of Hotspot Shield no longer leak WebRTC or IPv6 data. A kill switch is available in the Windows and Android apps.

Encryption and protocols

Hotspot Shield uses 256-bit AES encryption, 2,048-bit RSA keys, and perfect forward secrecy. PFS ensures past and future VPN data can’t be decrypted if the current session key is somehow compromised.

Hotspot Shield uses its own proprietary protocol called Catapult Hydra. We wouldn’t normally trust a closed-source protocol, but it has been adopted by some reputable security firms like McAfee and Bitdefender.

Pricing

  • 3 year plan $107.64 ($2.99 per month)
  • 1 year plan $95.88 ($7.99 per month)
  • 1 month plan $12.99

New Features

Earlier reviews of Hotspot Shield showed its apps leaked WebRTC and IPv6 data. Those leaks have since been plugged.

Hotspot Shield recently published apps for Android TV, Linux, and certain wi-fi routers.

Pros:

  • Good speeds
  • 80+ server locations
  • Works in China
  • Unblocks most streaming services

Cons:

  • Only Windows app has a kill switch
  • Leaks IPv6 and WebRTC
  • More expensive than rivals

BEST FREE VPN:Hotspot Shield is a solid VPN with both free and paid plans. The latter comes with a 30-day money-back guarantee.

Read our full Hotspot Shield review.

Hotspot Shield Coupon
Special Deal - save 77% on the 3 year plan
Get Deal >
Discount applied automatically

8. Private Internet Access

Private Internet Access

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux
  • Background FireTV

Website:  www.PrivateInternetAccess.com

Money-back guarantee: 30 DAYS

Private Internet Access, not to be confused with PrivateVPN, is a veteran player in the VPN space with a sterling reputation when it comes to protecting its users’ privacy. It boasts lightweight, highly customizable apps that let you adjust encryption and network settings. PIA keeps no logs and is particularly well suited to torrenters.

PIA scored above average in our speed tests. It’s not the most adept at unblocking streaming services, but does work with Netflix and BBC iPlayer.

PIA makes apps for Windows, MacOS, iOS, Android, Linux, and Amazon Fire TV. You can connect up to 10 devices at a time.

Speed

Private Internet Access’ average global speed test result is 43 Mbps, according to our tests. Connections to nearby servers in North America were considerably higher.

Privacy and Security

Private Internet Access places a strong emphasis on privacy and security. The service keeps zero logs of anything that could identify a VPN user. It is, however, based in the United States.

PIA operates its own DNS servers, but users have the option of setting their own. The app prevents DNS, IPv6, and WebRTC leaks, and has a kill switch.

Encryption and protocols

Private Internet Access allows users to customize their VPN encryption, protocol, and network settings. For example, you can choose between 128-bit or 256-bit AES data encryption. The handshake, remote port, configuration method, and packet size are all adjustable as well.

Likewise, the protocol can be set to Wireguard or OpenVPN.

Pricing

  • 2 year plan $69.95 ($2.69 per month)
  • 1 year plan $39.95 ($3.33 per month)
  • 1 month plan $9.95

New features

Private Internet Access launched the option to use a dedicated IP address in late 2020. Unlike the typical shared, dynamic IP addresses used in the standard VPN service, a dedicated IP address does not change and is assigned to a single account.

Last year, Private Internet Access finished upgrading its servers for its Next Generation Network, which features faster speeds and Wireguard support.

Pros:

  • Strong, customizable security
  • No logs
  • 10 simultaneous connections allowed

Cons:

  • Doesn’t reliably work in China
  • Doesn’t unblock some major streaming services

TORRENT SAFELY:Private Internet Access is a lightweight, customizeable VPN with strong security. It comes with a 30-day money-back guarantee.

Read our full Private Internet Access review.

Private Internet Access Coupon
Save 83% on the 3 year plan
Black Friday TagGet Deal >
Discount applied automatically

9. VyprVPN

VyprVPN

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.VyprVPN.com

Money-back guarantee: 30 DAYS

VyprVPN is a Switzerland-based provider with strong privacy and security standards. The company owns, rather than rents, its servers, and maintains a no-logs policy. It’s long been a favorite of expats in China who want to access western news, social media, and streaming services.

VyprVPN isn’t the fastest VPN but is suitable for HD streaming. It unblocks a few streaming services including US Netflix. If you’re unsure which server to connect to, live chat support is available 24/7.

You can connect up to five devices at once on a single plan. Apps are available for Windows, MacOS, iOS, Android, and Amazon Fire TV.

Speed

VyprVPN pegged an average global download speed of 44 Mbps in our tests.

Privacy and Security

VyprVPN used to record users’ source IP addresses, but no longer does so. That brings its privacy policy in line what what we expect and want from a no-logs VPN.

A proprietary protocol called “Chameleon” is available for an extra fee. The protocol obfuscates your VPN traffic so that it can’t be detected, which is useful in places like China.

The apps do not leak IPv6, WebRTC, or DNS traffic. A kill switch is built into the desktop apps.

Enabling the public wi-fi protection feature ensures your device connects to the VPN automatically whenever you connect to an untrusted wi-fi network.

Encryption and protocols

Users can choose between IKEv2, Chameleon, OpenVPN, and Wireguard. All protocols are protected by 256-bit AES encryption, 2,048-bit RSA keys, and SHA256 authentication.

Perfect forward secrecy ensures that a compromised encryption key can’t be used to decrypt data from past or future sessions.

Pricing

  • 3 year plan $60.00 ($1.67 per month)
  • 18 month plan $45.00 ($2.50 per month)
  • 2 month plan $12.95 ($6.47 per month)

New Features

VyprVPN 4.0 introduced the Wireguard protocol in May 2020. Wireguard offers much faster speeds without sacrificing security.

VyprVPN natively supports Apple’s new M1 chips.

Pros:

  • Privately owned servers and data centers
  • No logs
  • Unblocks Netflix

Cons:

  • Average speeds
  • Smaller server network
  • No Linux app

PRIVATE NETWORK:VyprVPN ensures speed and security through its self-owned servers and data centers. It comes with a 30-day money-back guarantee.

Read our full VyprVPN review.

VyprVPN Coupon
SAVE 44% on the annual plan
Get Deal >
Discount applied automatically

10. Windscribe

Windscribe

Apps Available:

  • PC
  • Mac
  • IOS
  • Android
  • Linux

Website:  www.windscribe.com

Money-back guarantee: 30 DAYS

Windscribe is a Canada-based VPN provider with free and paid plans. The free version gets you 10GB of data per month and access to servers in 11 countries. The paid version offers 60 countries and unlimited data. Whether you’re a free or paid user, Windscribe won’t record any identifying logs and keeps your data safe with strong encryption.

Windscribe unblocks Netflix, Amazon Prime Video, ITV Hub, and All 4, and it clearly labels its streaming servers in the UK and US. Windscribe can bypass web censorship in China as well.

Apps are available for Windows, MacOS, Android, iOS, and Fire TV, along with browser extensions for Chrome, Firefox, and Opera.

Speed

We are updating our speed test results for Windscribe. Stay tuned!

Privacy and Security

Windscribe adheres to a strict no-logs policy, meaning it doesn’t record your online activity or any other identifying metadata, such as your IP address.

Windscribe operates its own DNS servers, and the apps protect users from DNS, WebRTC, and IPv6 leaks.

A double-hop VPN, which routes your connection through two VPN servers instead of just one, can be set up by connecting through both the browser extension and native desktop app. This doubles your encryption and makes you harder to track.

Encryption and protocols

Windscribe uses 256-bit AES encryption, SHA512 authentication, and 4,096-bit RSA keys.

Protocols include Wireguard, OpenVPN UDP and TCP, IKEv2, SOCKS, and “Stealth”. Stealth is an obfuscated OpenVPN over TCP connection that’s more difficult to detect in places like China.

Pricing

  • Basic plan: Free
  • 1 year plan $49.00 ($4.08 per month)
  • 1 month plan $9.00

Note: Additional cost for static IPs priced between $24.00 to $96.00 per year.

New Features

Windscribe added Wireguard support in mid-2020. The protocol greatly improves speeds without sacrificing security.

Version 2.0 of the desktop app was completely redesigned from the ground up and added a few new features, including split tunneling, MAC address spoofing, a command line interface, and customizable network rules and configurations.

Pros:

  • Unblocks Netlfix and some other streaming sites
  • No logs
  • Strong encryption
  • Works in China

Cons:

  • Doesn’t unblock some popular streaming services like BBC iPlayer
  • Limited mobile app
  • No 24/7 support

UNBLOCK FOR FREE:Windscribe can unblock many streaming services on both free and paid plans. The latter comes with a 30-day money-back guarantee.

Read our full Windscribe review.

Windscribe Coupon
$4.08 per month for the annual plan
Black Friday TagGet Deal >
Discount applied automatically

Choosing a VPN provider

Connecting to a VPN, or virtual private network, has two primary functions: encrypting internet traffic and tunneling it through an intermediary server in a remote location.

The result of these two tasks is a tool with several useful applications, most of which are centered around unblocking content and improving privacy while online:

A VPN provider operates a network of servers to which VPN users can connect. In addition, they typically design the apps through which their users connect, offer support, and implement additional features that improve user experience.

When choosing a VPN, ask the following questions:

  • How much speed and data do I need?
  • Is it important that I hide my identity and online activity?
  • How much do I want to pay?
  • What, if any, streaming services do I need to unblock?
  • Do I need to bypass censorship in places like China and UAE?
  • What devices do I need to run the VPN on? How many devices in total?
  • Are you a novice? Consider getting a VPN with good customer support.

There is no one-size-fits-all best VPN for everyone, but neither are all VPNs created equal. Finding the VPN that best suits you depends on a variety of factors and how you intend to use it.

Methodology and how we test VPNs

Comparitech evaluates VPNs using a series of empirical tests as well as first-hand experience in day-to-day activities like streaming, web browsing, and torrenting. Our research analyzes each VPN’s speed, security, and usability, among other factors.

Comparitech VPN reviewers assess VPNs on the following criteria:

Privacy

We prefer VPNs with no-logs policies, that are based in countries without data retention laws or invasive government surveillance, and that accept anonymous signups and payment methods.

Ideally, VPNs should not store any identifying logs, including logs of your online activity, IP address, or connection timestamps.

HideMyAss's new privacy policy.
Example of a simple VPN logging policy.

VPNs should also be protected against leaks of your IP address and identifying data, such as DNS requests, IPv6 data, and WebRTC traffic. Kill switches that halt internet traffic when the VPN disconnects are also welcome. We’ve analyzed 140 VPN logging policies as part of our research.

Security

VPNs must meet a minimum set of criteria for VPN protocols, encryption, and leak prevention, among other factors.

We evaluate each VPN’s encryption on a number of factors, including encryption strength, authentication protocol, key length, perfect forward secrecy, and leak prevention.

Every VPN we review is tested for IPv6, DNS, and WebRTC leaks.

nordvpn leak test
Example of a WebRTC IPv6 leak in our tests. Note that NordVPN has since patched this leak.

The VPN must use a secure protocol, such as Wireguard, OpenVPN, or IKEv2.

Speed

We test every VPN’s speed when connected to a range of servers around the world. The faster, the better!

We publish average global download speed test results for most VPNs we review. Each result in the graph below is the average of nine tests: three times of day staggered at least four hours apart, and across three locations. Our test machine is in the United States, from where we test connections to VPN servers in North America (nearest), Europe, and Asia.

VPN speed test results

Speed is measured on a minimum 1 Gbps connection using the Ookla Speedtest.net desktop app, using the fastest available secure protocol for each VPN.

In addition to those tests, we also try out bandwidth-intensive day-to-day activities like 4K streaming, video conferencing, and competitive online games.

Unblocking

Most streaming services are region-locked, meaning they can only be accessed from a specific country. We test each VPN’s access to major streaming services like Netflix, Hulu, Prime Video, Disney+, HBO Max, and BBC iPlayer.

Our tests pit each VPN against both the desktop website and mobile app of each streaming service to find out of the VPN can unblock them from abroad. In the case of Netflix, we also test access to several international libraries.

Sometimes we also test VPN access to live events and sports.

Censorship

We prefer VPNs that can bypass web censorship in countries like China. Because of China’s advanced Golden Shield Project, a.k.a. The Great Firewall, much of the web is censored. Authorities also block access to most VPN services, so China is usually a good bellwether for whether a VPN works in other countries that censor the web.

If the VPN can bypass censorship and detection in China, it can work anywhere.

Servers

We assess the number of locations available, whether servers are physical or virtual, and the use of virtual locations.

NordVPN server map

VPNs typically have servers in somewhere between 20 to 100 countries. The total number of servers isn’t strictly important as performance is more determined by server capacity and the number ofa active users.

Some VPNs use virtual locations, which entails a VPN server with an IP address from one country that’s physically located in another country. The practice might be good or bad depending on how it’s used.

Customer support

We contact each VPN’s customer support as a normal user would to find out how quickly support responds and how knowledgeable they are. We test live chat, support ticket, and email support systems for each review.

Apps

Support for more simultaneous connections and more types of devices is always welcome. Most VPNs make apps for Windows, MacOS, iOS, and Android.

Less common are apps for Amazon Fire TV, Linux, and wi-fi routers.

We use and test at least one desktop and one mobile app for each VPN review, taking into account design, features, and responsiveness.

Most VPNs put a limit on how many devices you can connect at one time. The standard is five, but many go higher and a couple even allow unlimited simultaneous connections.

Check out this overview of our VPN testing process for more details.

What to look for in a VPN

In this section, we’ll detail the main factors by which you should judge and compare VPNs. We’ll cover privacy and security, speed and reliability, apps, server selection, customer service, and more.

Privacy and security

For many VPN users, privacy and security are the top priority. The two most important factors here are encryption and logging policy, but there are a few other details to look for as well.

Logging policy refers to the records about user activity that a VPN collects. These records can be divided into two main categories: traffic logs and metadata logs. The former is our prime concern.

  • Traffic logs, also called usage logs, are records of a user’s online activity while connected to the VPN. They can include websites visited, emails, messages, videos watched, downloads, purchases, and much more. Any reputable VPN provider worth its salt will not keep any logs of this sort. This should be stated clearly in the company’s privacy policy, if not the front page of the provider’s website.
  • Metadata logs include data about how you use the VPN, but not the actual contents of your VPN traffic. This typically includes timestamps of when you used the VPN, the amount of data and bandwidth consumed, and which servers you connected to. These are typically used for diagnostic purposes and are not too much of a concern for most users. The exception is if the VPN records the user’s real IP address or VPN server IP address of the user, which can tie activity on the VPN back to a particular device. We recommend staying away from VPNs that record your IP address.

Note that many VPNs advertise a “no logs” service, when in fact they are solely referring to traffic logs. These claims often do not apply to metadata logs. The real logging policy is usually buried somewhere in the provider’s privacy policy.

Even if a provider says it does not log, there is really no way to know for sure if they are being truthful. At a certain point, you must take them at their word and based on any public precedent of law enforcement inquiries or court orders to access user logs.

Encryption suite entails three main things: channel encryption, key exchange, and authentication. Without getting too technical, these three stages of encryption make up a VPN’s encryption suite that is used to secure your internet traffic so no one else can see it. If your internet traffic is intercepted, the encryption ensures that all the person who intercepted it can see is jumbled text. VPNs use asymmetric encryption, similar to what’s used when you access an HTTPS website.

Most VPNs only advertise their channel encryption, which is the encryption level of data in transit to and from the VPN. This is usually 128-bit or 256-bit AES. As you might have surmised, 256-bit is stronger, but 128-bit is perfectly fine and uncrackable with today’s computing power. If 128-bit encryption takes 5 years to crack and 256-bit takes 50 years, the difference doesn’t really matter–no one is going to see your online activity.

Just as important but less advertised are the encryption level on the key exchange and authentication. Before you start transmitting data, your device and the VPN server need to verify that the other side is who they say they are. This is done using authentication. They then must exchange a secret key over a secure channel. That key is then used for channel encryption. This process is called “asymmetric encryption” or “public key cryptography“. VPNs use a system called RSA to perform this key exchange.

Without getting too technical, prospective VPN users should look for sufficiently strong RSA key sizes and authentication. We recommend 2,048-bit RSA keys and SHA2 (which includes SHA256 and SHA512) authentication. A bonus is perfect forward secrecy, which routinely changes the keys so old ones cannot be used to compromise old ones. All of this will ensure that no one will be able to decrypt your VPN traffic.

DNS leak protection prevents DNS requests from being sent outside of the encrypted VPN tunnel over the unencrypted ISP network. DNS, or domain name system, is used like a phone book to associate domain names like “comparitech.com” with an IP address for the server that a site is hosted on. Anytime you access a site for the first time, a DNS request is sent to a DNS server to look up this information.

Normally, this request is sent to the nearest DNS server owned by your internet service provider. But when using a VPN, it’s preferable for the DNS requests to be tunneled to the VPN server along with all of the other traffic. A DNS leak occurs when the DNS request is sent outside the VPN tunnel, thus disclosing what websites you are visiting to your ISP and your approximate location to the website.

To prevent this undesirable behaviour, many VPNs have implemented DNS leak protection that ensures all DNS requests are sent through the VPN tunnel. The best VPNs operate their own private DNS servers at each location, but some others will use public DNS servers such as those supplied by Google.

Note that even VPNs that claim to protect against DNS leaks still struggle to contain IPv6 requests. Most VPNs simply block IPv6 requests and force everything onto IPv4. But even then IPv6 requests can slip through, particularly on Windows 10 computers that send multiple requests in parallel. You can check if your VPN is leaking DNS requests using our DNS leak test tool. You may consider disabling IPv6 on your device if IPv6 leaks are a concern. Learn more about IPv4 and IPv6 in this article.

ipvanish 2021 kill switch

Kill switch is a mechanism built into a VPN app that halts all internet traffic to or from a device in the event that the VPN connection suddenly drops. This has become a common and important feature built into VPN apps made by the best VPNs. If the VPN unexpectedly disconnects, internet traffic can leak over the unencrypted ISP network and reveal your activity, location, IP address, and other details. A kill switch, sometimes called a network lock, prevents this from happening until the connection is reestablished. Kill switches are particularly important for P2P filesharing.

Country of incorporation is an important factor to consider when choosing a VPN. Some countries have invasive data retention laws that require VPN providers to disclose customer information on demand. Others, like the United States, don’t have such laws but do have overreaching intelligence and law enforcement agencies. In the United States, for example, it became all too common for the NSA and FBI to request data on users from technology companies using warrants, subpoenas, and national security letters (NSL), often placing gag orders barring the companies from revealing that they were under investigation.

The United States does not have data retention laws that apply to VPNs, but it is doubly vital that VPNs incorporated there have strict no-logging policies. Then, if the company receives a court order to disclose user information, they simply will have nothing to disclose. We recommend avoiding VPNs incorporated in countries with data retention laws, such as the UK, as they will have no choice to but to log.

Speed and reliability

Many VPNs claim to be the fastest, but “fast” is a vague term and in reality there is no such thing as one single “fastest” VPN. That being said, some VPNs are certainly faster than others.

NordVPN speed test

To start off, look for VPNs that offer unlimited bandwidth and no data caps. That will include most paid VPN services and all of those on our list.

VPN speed varies for several reasons: network congestion, server load and capacity, proximity to the server, level of encryption, protocol, compression, and more. Recently, many VPNs have migrated to Wireguard-based protocols, which have proven substantially faster than older protocols like OpenVPN and IKEv2.

For the fastest speed, you will generally want to connect to the geographically nearest server during a time when no one else is using it. That’s easier said than done, as you will likely want to connect to a VPN in another country. Some VPN apps include built-in speed testers or display the current server load, so you can check which ones are likely to be the quickest.

Even on the fastest server, you should expect at least a 10 percent reduction in speed from your normal ISP connection. This accounts for the encryption and decryption of data on the VPN server and your device, plus the extra time it takes to route traffic through the VPN server instead of transmitting directly.

When most people talk about speed, they’re referring to download bandwidth, or how much data you can download at a time. Similar to ISP services, this is measured in megabits per second, or Mbps. We conduct download speed tests in all of our reviews.

Some users might be more concerned about latency, also known as lag or ping time. This is the time between when your device requests information from a server and to receiving that server’s response. Whenever a quick response time is crucial, such as when online gaming or video chatting, latency can be a bigger concern. Latency is measured in milliseconds. To get the lowest latency on a VPN, choose the server either nearest you or nearest the server hosting the content you are accessing.

Possibly more important than speed is reliability. VPNs vary widely in speed depending on the time of day and what content you’re accessing, among other factors. But poor reliability means connections can unexpectedly drop altogether, or the speed suddenly sinks so low that the VPN is unusable. When VPNs score poorly in our tests, it is usually because they are unreliable, not because they are consistently slower than competitors.

We actively curate a list of what we believe to be consistently fast VPNs, while also taking into account stability, security, unblocking, number of servers, and other important factors.

Apps

Most commercial VPN providers make their own bespoke app that their customer can use to quickly get set up and connected to the VPN. While it’s usually possible to use a third-party and/or open-source app, or use the VPN support built into your operating system, doing so usually entails the tedious task of configuring each VPN server separately.

ExpressVPN app

Most VPNs make apps for:

Some make apps for Linux, Fire TV, and wi-fi routers as well. If you use a BlackBerry or Windows Phone, your search might well be in vain.

Apps can also come with added security and features not available in third party apps. This includes DNS leak protection, kill switch, server testing, and more.

We evaluate VPN apps based on what features they include as well as their overall design and quality. A good app should be lightweight, intuitive, and simple enough for an absolute layman to set up and use.

If you have an Android device but no access to Google Play, check to make sure you can download the .apk file directly from the VPN provider’s website instead.

Router apps

A rare few VPNs make wifi router apps or replacement firmware to get your whole house or office on the VPN. This is especially useful to connect closed environment devices that don’t support VPNs at all, including game consoles (PlayStation, XBox) and video streaming devices (Roku, Chromecast, Apple TV). Any device connected to the VPN-enabled router can have its internet traffic sent through the VPN.

ExpressVPN router app

Setting up a router to use a VPN often requires flashing new firmware onto the device. That means replacing the existing firmware with either a bespoke firmware created by your VPN provider or an open-source firmware such as DD-WRT or Tomato. This process varies depending on the firmware and router model, so make sure you’re using the correct firmware version for your specific model and follow the instructions to the letter. Failure to do so could brick your router and permanently damage it.

Some router firmware not only supports VPNs, but also supports a feature called split tunneling. This will allow you to choose which devices will have their traffic tunneled through the VPN, and which will use the standard internet connection.

Servers

The core purpose of a VPN provider is to provide servers for their customers to connect to. The server is the exit point through which you access the internet, and it determines your perceived location and sets your IP address.

IPVanish server map

When choosing a VPN, the number of servers isn’t indicative of performance, and should not weigh in your decision. VPN servers can have different sizes, performance, and bandwidth, and some VPNs have more users than others, so a total server count doesn’t actually mean much. It’s more important to find a VPN with servers in the locations you want.

VPN providers usually advertise one of two metrics: the total number of servers, and the total number of locations. The number of servers a VPN provider needs depends on how many customers it has, which should be enough to prevent the most popular servers from being overloaded at any one time.

For the average user, the location of servers is probably more important. For accessing geo-locked content in other countries, it’s obviously useful to have servers in as many places as possible.

The United States and Europe are the most popular places to operate servers, while countries with invasive data retention or internet snooping systems are far less popular, such as China and Iran.

Some VPNs will list every server in every location for users to connect to, while others will simply list the location and automatically connect to the best one.

IP addresses

The majority of commercial VPN providers rely on shared, dynamic IP addresses. This means dozens, and even hundreds of users who connect to the same VPN server are assigned a single IP address. This setup is mutually beneficial for the customer and the provider.

Sharing and IP address with other people makes it far more difficult to trace activity back to a single user. “Dynamic” means the IP address regularly changes, so you aren’t using just one IP for a long period of time, which adds another layer of anonymity.

For the provider, using shared dynamic IP addresses results in significant overhead savings. Assigning every user their own permanent IP address would be far too expensive. Shared dynamic IPs allow the company to assign a fraction of the IP addresses and recycle them as needed.

Some providers do, however, offer private, static, and even dedicated IP addresses. A static IP never changes, which is useful for websites that require you log in from the same device, such as banking sites. Static IPs can be shared or private and are sometimes included for free with the standard VPN service.

Dedicated IPs are both static and private. They are assigned to you and you alone. Dedicated IPs are typically used by businesses or for special cases in which the user needs to host content behind a VPN. Dedicated IPs usually cost extra and are assigned on a case-by-case basis.

Customer service

Customer service is an important aspect to consider when deciding on a VPN. Whether you need help getting set up, need to troubleshoot some technical difficulties, or just want to know which servers can unblock Netflix on a particular day, good support can go a long way in ensuring a frustration-free experience.

VyprVPN live chat

Most VPN providers rely on either live chat support or a ticket submission system. Phone support is rare because customers are scattered around the globe, and it would be too costly to offer phone support in every country. We’re assuming you speak English since you’re reading this article, but if you prefer another language, make sure the VPN you choose has customer support in that language.

Ideally, 24/7 live customer support chat is the best option. But be aware that live chat systems often introduce a third party into the mix to help provide that service, such as Zendesk. If privacy is your top concern, you may not want your chats and details passing through Zendesk’s hands. In this case, opt for a provider that uses an in-house ticket submissions system.

Some VPNs also host their own forums where users can post questions or suggestions in public for company representatives and other users to respond to. This creates a useful knowledge base of information.

Simultaneous connections

Most paid VPN providers allow you to connect more than one device to the VPN at the same time, but how many varies depending on your plan. For a single subscription, the number of simultaneous connections usually ranges between two and six. If you plan on sharing your VPN subscription with housemates or family members, this can be an important factor to consider.

Sometimes these connections are device-agnostic, while other times they may require you connect different types of devices. For example, you may be allowed to connect one laptop and one smartphone, but not two laptops or two smartphones.

Note that if you connect your wifi router to the VPN, it counts as a single device no matter how many downstream devices are connected to it. You could connect a dozen devices to a VPN enabled router, and the provider would only register a single device connected. Note that this might start cutting into your speed, though.

Surfshark and IPVanish both offer unlimited simultaneous connections.

Split tunneling

Split tunneling lets you choose what internet traffic goes through the VPN and what goes through an unencrypted, direct connection. Split tunneling can happen at an app level or at a device level.

expressvpn split tunneling 2021

Many VPN providers now have apps with built-in split tunneling that lets you decide which apps do and don’t use the VPN. For example, you can set your torrenting app to always use the VPN and your music app to use a direct connection.

For VPNs with router apps, split tunneling can happen at a device level: you choose which devices in your household use the VPN and which do not.

Price

For most people, price will play a significant role in their decision to buy a VPN. This is understandable, but we encourage you to give equal or more weight to the other factors we’ve discussed here.

Many VPNs offer free trials or money-back guarantees so you can test them out before committing. Typically, you’ll get a much lower monthly price if you pay for a whole year or two up front rather than paying month-to-month.

In particular, we strongly recommend you avoid free VPN services. As the adage goes, if you don’t pay for the product, you probably are the product. Free VPNs typically offer a lower-quality service and can even have counterproductive consequences for your privacy.

Other features

Lastly, VPN subscriptions often come with bonus features that extend your VPN’s capabilities. These include SOCKS5 and DNS proxies, obfuscation, Tor over VPN, double VPN connections, modulating IP addresses, malware and ad blocking, DDoS protection, and so on.

Depending on what you need, these can be the deciding factor between two or more VPNs.

What you can do with a VPN

VPNs are used for a wide variety of purposes. Generally speaking, the two primary reasons people use VPN are to improve privacy and unblock content and services. We’ll cover a few of the major use cases here.

Uncensor the web

In many countries and certain environments, the web is censored. Nationwide censorship is especially prevalent among autocracies in Asia and the Middle East, although they are far from the only countries to block websites, apps, and other online content.

In countries like China, Iran, and the UAE, VPNs have become commonplace, especially among expatriates, as a reliable means to bypass censorship systems and access the web normally. A VPN allows someone in Beijing to use Facebook or someone in Dubai to make Skype calls, for example.

VPNs can also uncensor the web in government or corporate settings, such as offices and schools where firewalls and blacklists prevent staff and students from accessing restricted content.

Unblock region-locked content

Due to an archaic content licensing system, many of our favorite movies, TV shows, video games, and music are fragmented by country. Netflix might stream a show in the US that it is not allowed to stream in the UK, for example, because a different company owns the distribution rights to that show in England. Some streaming services like Hulu and HBO Now are not available outside the US at all, even if you are just traveling outside the country for a few days.

These rules are extremely frustrating for customers and can often seem arbitrarily unfair. But a VPN can help.

When you connect to a VPN, you are assigned the IP address of the server you connect to. Most apps and websites determine your location according to this IP address. So by connecting to a VPN, you can “spoof” your location and access content available to whatever country or region the server is located.

VPNs can unblock:

Note that while unblocking a region-locked streaming service is not illegal, you might be breaking the streaming company’s terms of service, although that’s rarely enforced.

Some companies have taken action against VPN users by blocking connections from known VPN servers. Only a handful of VPNs still work with Netflix and Hulu, for example.

As more and more events are live streamed online, regional blackouts are another problem VPNs can help with. A blackout occurs when a live event is unwatchable online because a local alternative has purchased exclusive broadcasting rights. This is often the case with sports games and matches, to the outrage of users who can’t stream the games they want to see most–those played by their favorite local teams. By connecting to a VPN server outside of the blackout region, however, blackouts can be bypassed.

See also

Stop ISP snooping

All the data you transmit and receive online goes through infrastructure owned by your internet service provider, or ISP. That means your ISP can know more about what you do online than any other entity. If it so wishes, your ISP can monitor every web page you visit, item you purchase, message you send, video you watch, and file you download. It is not uncommon for ISPs to collect this information and use it to sell advertising.

The situation in many countries has recently become more invasive. In the US, ISPs can now sell this data without restrictions to third parties without your consent. ISPs are also known to work with law enforcement and government intelligence agencies to spy on both citizens and non-citizens alike, even if they are not suspected of any wrongdoing.

A VPN effectively nullifies ISP snooping. By encrypting all your internet traffic before it leaves your device, your ISP cannot decipher it and see your online activity. Nor can it determine where you go online because it can only see that data is travelling to a VPN server, not the final destination.

Note that this still requires you to trust your VPN provider not to turn around and snoop on your traffic itself. Most VPNs have strict no-logging policies, but those policies are voluntarily enforced and require you trust the provider with your data. It’s also important to double check that your VPN is not leaking DNS requests onto your ISP’s network. You can read more about logging policies and DNS leak protection above.

Secure Wi-Fi connections

When you connect to the internet at a cafe, hotel, or airport, you’re doing so either on an open network or at least a network that a stranger knows the password to. This means the network is effectively unsecured. Hackers can take advantage of this vulnerability and use it to capture traffic sent by other users over the internet. That means the hacker can monitor and log anything you do online that isn’t encrypted.

Not only can hackers view your data; they can modify it. In a man-in-the-middle attack, a hacker can intercept data and change it for nefarious purposes. This could be used to direct you to malware-infested websites or change the contents of messages before they are received, for example.

By encrypting all the internet traffic going to or from a device instead of just some of it, a VPN secures connections made on open wifi networks against hackers.

Anonymous torrenting and streaming

If you download files via torrent or stream content from unsanctioned sources, then a VPN is your best friend. Torrenting and streaming content from certain websites online are often frowned upon by ISPs. As a result, ISPs can throttle your bandwidth or even suspend your service.

BitTorrent and other P2P services like Acestreams also open you up to a number of security vulnerabilities by disclosing your ISP to anyone else downloading or uploading the same content. This can create a possible attack vector or allow you to be targeted by copyright trolls, who send threatening settlement letters in order to pressure downloaders into forking over large sums of cash.

By assigning you an IP address that’s shared with dozens or even hundreds of other VPN users, a VPN makes you effectively impossible to trace without the explicit help of the VPN provider. Because most reputable VPN providers don’t keep logs of who does what when, this isn’t a problem. And since all your traffic is encrypted, ISPs can only see that data is being downloaded, but not what that data contains or where it is coming from.

VPN protocols

One of the first things you might notice when researching VPNs is all of the different protocols they use. A protocol is simply the format in which a VPN transmits data. Protocols are usually paired with a layer of encryption to keep the contents of your data in transit a secret. Different protocols offer varying ranges of speed and security.

  • Wireguard is the latest trend being adopted by several major VPNs, including NordVPN, StrongVPN, and Surfshark. It is a lightweight, open-source protocol that has proven to be quite a bit faster than the others. It requires a third-party app to use on most devices.
  • While there is no one agreed-upon “best” protocol, OpenVPN has become the standard for most commercial VPNs that offer a custom app. It is open source and therefore subject to inspection and audit by the public.
  • L2TP/IPSec and SSTP are common protocols frequently built into major operating systems like Windows, MacOS, Android, and iOS. These are not open source but are generally regarded as secure, with no significant difference in speed from OpenVPN.
  • PPTP is the “original” VPN protocol. It is faster than its rivals and easier to configure, and it is built into most major operating systems. It is no longer secure, however, and contains many known vulnerabilities. We therefore do not recommend using it if privacy is at all a concern.
  • Finally, there is IKEv2, a newer protocol that’s especially useful for users on 3G and LTE connections. IKEv2 is secure and adept at quickly reconnecting if the connection drops, making it a favorite among iOS and Android users.
  • A few VPNs have developed their own custom protocols, such as ExpressVPN’s Lightway or Hotspot Shield’s Hydra. We recommend sticking to open-source protocols like Lightway over black box proprietary protocols like Hydra.

You can read more about VPN protocols here.

 Free VPNs might track your activity

It’s common practice for free VPNs to monitor and record user activity, insert tracking libraries and persistent cookies to gather data for advertisers, and even inject advertisements into your web browser. Free VPNs can also contain malware that will infect your system. A 2017 report (PDF) published by a group of researchers from several institutions including UC Berkeley and CSIRO showed that 38 percent of the Android VPN apps on Google Play contained malware or malvertising, 84 percent leaked users’ web traffic, and 18 percent didn’t encrypt data at all.

Other than those obviously bad practices, free VPNs also typically have far fewer servers to choose from, are significantly slower, limit bandwidth, and cap your data.

Should I use a free VPN?

Free VPNs are plentiful, but we don’t recommend them. VPNs are not charities, and they require funding to maintain. So you should question the business model of any supposedly “free” VPN.

Many free VPNs lack sufficient encryption to keep your online activities private from third parties. Worse yet, they might well keep logs of your online activity and identity, which can be sold to third parties and/or used to target you with ads. That pretty much defeats the privacy-preserving purpose of a VPN.

Free VPNs tend to offer fewer servers and are much slower than paid counterparts. Their servers get quickly congested with users. Most set strict data caps or bandwidth limits. They are not well suited to unblocking streaming sites.

Some VPN apps are even used to deliver malware payloads to your device.

In short, we recommend sticking to paid VPNs.

What’s the best free VPN?

Not all free VPNs are bad, but the reputable ones usually have usage limits that can be lifted by signing up for a paid tier. If you insist on using a free VPN, then check out our list of the best free VPNs in 2021.

Some of the free VPNs we do recommend are:

  • Hotspot Shield
  • Windscribe
  • ProtonVPN

These VPNs meet our basic security and performance standards without sacrificing users’ privacy.

VPN usage and statistics

Whether they’re used for privacy, streaming, or bypassing censorship, VPNs are catching on worldwide. Here are some key statistics showing how the VPN trend is shaping up:

  • The shift to remote work, spurred by the pandemic, increased VPN usage by 27.1 percent in 2020
  • The Middle East and Africa have the highest rate of VPN use at 35 percent
  • 22 percent of VPN users use their VPN to unblock streaming services
  • 51 percent of users connect to VPNs so they can enjoy better privacy
  • VPNs are banned or restricted in 10 countries
  • The VPN market is expected to be worth $107.5 billion by 2027

How does a VPN work?

how a VPN works

VPNs use a variety of authentication measures, encryption, and protocols, but here’s a broad overview of how a VPN works when visiting a website:

  • The client device, such as a smartphone or laptop, requests a connection to a VPN server. The user might choose this server from a list in the VPN app.
  • The VPN server responds and requests the user authenticate themself. The client app responds with the user’s login credentials.
  • An encrypted connection is set up between the VPN server and client. By default, all of the internet traffic going to and from the client is now routed through the VPN server.
  • When the user visits a website, the client encrypts the page request, and then sends it to the VPN server.
  • The VPN server receives the request, decrypts it, and sends it to the website. 
  • In response, the website sends the web page back to the VPN server.
  • The VPN server encrypts the page and sends it to the client.
  • The client decrypts the page and views it in their web browser.

Note that encryption is only in place between the client and VPN server. The VPN does not encrypt data between the second party (website) and the VPN server.

Privacy and security guide

A VPN can greatly improve your online privacy and security, but it’s just one of a few tools in your arsenal.

A VPN protects you from:

A VPN does not protect you from:

With that in mind, you can combine a VPN with a few free tools and features to maximize your online privacy. These might include:

  • Incognito or in-private browsing modes
  • Ad and tracker blocking browser plugins
  • Tor browser
  • Signing up with an fake personal information
  • End-to-end encrypted services, such as chat apps and online backup
  • Disabling location services or using a GPS spoofing app

How to hide or change your IP address with a VPN

Hiding or changing your IP address with a VPN is easy. “Hide”, “mask”, and “change” all mean the same thing in this context: causing apps and websites to see the VPN’s IP address instead of your own.

IP addresses are all unique, so if someone knows your IP address, they could reasonably identify your device and location. Using a VPN hides your IP address from everyone except your internet service provider.

To hide your IP address with a VPN, follow these steps:

  1. Sign up for one of the VPNs we recommend above.
  2. Download and install the VPN app for your device.
  3. Open the app and select a server location. Your new IP address will be associated with that location.
  4. Hit the Connect button and wait a few moments for the connection to be established.

That’s it! Your device’s IP address is now replaced with the VPN server IP address.

Note that you’ll want a leak-proof VPN to ensure your IP address is never revealed. All of the VPNs we recommend prevent DNS, IPv6, and WebRTC leaks.

VPN FAQs

What's the best VPN?

The best VPN depends on what you intend to use it for. Our testing found NordVPN to be the best all-round VPN, Surfshark the best value for money VPN and ExpressVPN is the best for those who need the fastest speeds. The other seven VPNs listed in this article all make good alternatives.

What is a VPN?

Short for Virtual Private Network, a VPN encrypts a device’s internet traffic and tunnels it through an intermediary server in a location of the user’s choosing. A VPN sets up an encrypted proxy between a client---usually an app on your computer or smartphone---and a server operated by the VPN provider.

VPNs are used to securely access remote resources. For consumer VPNs like the ones we recommend above, that remote resource is the entire internet. The VPN server acts as a middleman between you and the web, hiding your IP address and associated location from websites, apps, and streaming services. The encryption prevents your online activity from being monitored by your internet service provider or other third-party snoopers.

Using a VPN protects your data on unsecured networks, bypasses web censorship, unblocks region-locked content, and hides your downloads.

Is using a VPN legal?

Using a VPN is 100 percent legal in almost every country, with a small handful of exceptions such as Iran and possibly the United Arab Emirates. Even though many countries censor the web, accessing censored content through a VPN does not constitute breaking the law.

Note, however, that what you do while connected to a VPN is a completely different matter. If you use a VPN to do something that is illegal in your country, such as pirating copyrighted material or accessing online gambling sites, those are activities are still illegal. A VPN can hide such activity from your internet service provider and authorities, but we advise against doing anything illegal and expecting the VPN to shield you.

In some countries, even though there are no laws against using a VPN, it may be illegal to operate a VPN. This is the case in China, where a recent regulatory notice made it illegal for VPN providers to operate in the country without a license. Other countries, like the UK, have implemented mandatory data retention laws that require VPN providers to log the activity of their users. This defeats the privacy purpose of a VPN, so be wary of VPNs that operate servers or are incorporated in these countries. Be sure to read privacy policies before signing up.

Why use a VPN?

VPNs have several uses, including:

  • Protecting your privacy from hackers and your internet service provider
  • Accessing region-locked content
  • Torrenting safely
  • Bypassing web censorship in schools, offices, and countries like China
  • Secure public wi-fi connections

Should I pay for a VPN? How much does a VPN cost?

Paid VPNs typically cost between $3 and $10 per month, with lower rates for longer subscription terms.

We strongly recommend avoiding free VPN services, which lack the privacy and security of their paid counterparts, don't unblock streaming sites like Netflix, don't allow torrenting and won't bypass censorship like China's Great Firewall. Many free VPNs harvest user data and sell it to advertisers, which defeats the purpose of using a VPN for privacy.

Finally, free VPNs tend to have data caps, bandwidth limits, and long queue times.

Can I use a VPN to access streaming sites like Netflix from abroad?

Yes, but not every VPN will work. Check out our list of the best VPNs for Netflix.

With a VPN you can change your IP address, which is how most websites and apps determine your location. For example, if you live in the UK and would like to access the US Netflix catalog, you can select a US-based server and browse freely from there. Similarly, you can do so if you live in a country where Netflix is not yet available. You will still need to purchase a subscription.

In early 2016, Netflix started blocking many VPNs, but most of the VPNs we recommend still work.

Will a VPN slow down my internet speed?

Yes, but it might not even be enough to notice.

Some VPNs are faster than others, but assuming you can max out your available bandwidth, expect your download speeds to slow down about 10 percent.

There are other factors to consider, such as your CPU speed, distance to the VPN server, and congestion on the network.

Will a VPN work in China?

It will depend on the VPN provider that you choose. Check out our list of the best VPNs for China. Those VPNs will allow you to access western social media, news sites, and streaming services, among others.

Some VPN providers have been blocked or banned, including both their servers, their websites, and the app stores where users can download VPN apps.  This makes it difficult to access the means to download the software. If you travelling to China and would like to use a VPN while there, we recommend downloading it before you leave.

How does a VPN differ from Tor or a proxy?

Tor is a volunteer-run decentralized network of computers that anyone can connect to for free. Tor is designed for anonymity, so it’s almost impossible to track a user’s activity back to them. When you connect to Tor, your connection is routed through several of these computers, called nodes, in a random sequence.

While Tor has its uses, it’s much slower than a VPN. It’s not suitable for torrenting or streaming. Many websites block connections from the Tor Network, and depending on where you live, connecting to Tor might raise eyebrows at your ISP or local law enforcement. Tor is used to access websites on the dark web, and is often associated with criminal activity.

VPNs usually only route your connection through a single server operated by the VPN provider. Using one requires you to trust that the VPN provider is properly securing data and not snooping on your internet traffic. But you can be more specific about the location that you’re connecting to, and speeds are much faster. Your IP address remains hidden from everyone except the VPN provider, and your ISP can’t decrypt the contents of your internet traffic.

Other types of proxies like SSL proxies, HTTPS proxies, SOCKS proxies, and DNS proxies are similar in that they route internet traffic through an intermediary server. But they might be limited to specific apps or types of data, and they don’t offer the same level of security as an encrypted VPN. They can be useful for unblocking a website or app, but if you want full protection for your entire device with fast speeds to boot, stick with a VPN.

How do I set up a VPN?

All of the providers we recommend on our site make their own VPN apps. Getting set up is a simple matter of downloading and installing the app, inputting your username and password, and hitting the Connect button. Configurations for all of the servers come built in, so selecting a location is as easy as browsing through a list.

Some VPNs do not make apps, however, and require manual configuration. Many operating systems have built-in VPN settings, but setting up a VPN this way is much more tedious and doesn't offer the additional security benefits that come with good VPN apps.