So many VPNs compete for your attention that they can all start to seem the same.
How do you determine which is the best fit for you?
That’s where we come in.
Comparitech puts every VPN we review through a battery of speed tests, security checks, and real-world use cases. We scrutinize privacy policies, attempt to unblock a range of region-locked content, and see whether they can bypass online censorship.
Whether you’re looking to unblock Netflix, torrent privately, or trying to access the open internet from a place like China, we’ve got you covered.
Our comprehensive reviews assess each VPN on the following criteria:
- Security and privacy
- Ability to unblock region-locked content (Netflix, etc)
- Customer support
- Value for money
- Device compatibility
- Best VPNs of 2021
- Choosing a VPN provider
- 1. NordVPN
- 2. Surfshark
- 3. ExpressVPN
- How do the top VPNs compare?
- VPN FAQs
- What is a VPN?
- How does a VPN work?
- Is using a VPN legal?
- Why use a VPN?
- Should I pay for a VPN? How much does a VPN cost?
- Can I use a VPN to access streaming sites like Netflix from abroad?
- Will a VPN slow down my internet speed?
- Will a VPN work in China?
- How does a VPN differ from Tor or a proxy?
- How do I set up a VPN?
- What to look for in a VPN
- What you can do with a VPN
- VPN protocols
- Avoid free VPNs
Best VPNs of 2021
Once you know what to look for in a VPN and have an idea of what it can be used for, we would like to make a few recommendations. The following VPNs have outshone the competition and fulfill all of the criteria discussed above.
If you don’t want to read the whole article, here’s a shortlist of the best VPN services:
- NordVPN: Our top choice. Fast speeds. Great for streaming, lots of servers, and strong security. Minimal logs.
- Surfshark: A good all-round budget VPN. The cheapest VPN on this list. Unlimited simulatenous connections.
- ExpressVPN: Unblocks region-locked content, works in China, fast speeds, no logs, and impeccable security.
- CyberGhost: Another good budget VPN. A great option for novice users who want all the benefits of a powerful VPN, including speed, security, and unblocking for a low cost.
- IPVanish: A security-focused provider that ensures you can access any app or website safely and privately.
- PrivateVPN: An new VPN with great speeds. It excels at unblocking streaming content including Netflix.
Choosing a VPN provider
Connecting to a VPN, or virtual private network, has two primary functions: encrypting internet traffic and tunneling it through an intermediary server in a remote location.
The result of these two tasks is a tool with several useful applications, most of which are centered around unblocking content and improving privacy while online:
- Uncensoring the web in autocratic countries like China
- Unblocking geographically restricted apps, websites, and services like US Netflix, Hulu, and BBC iPlayer
- Preventing ISPs from snooping on your internet activity
- Securing open Wi-Fi connections
- Anonymous torrenting and Kodi streaming
A VPN provider operates a network of servers to which VPN users can connect. In addition, they typically design the apps through which their users connect, offer support, and implement additional features that improve user experience.
There is no one-size-fits-all best VPN for everyone, but neither are all VPNs created equal. Finding the VPN that best suits you depends on a variety of factors and how you intend to use it. To get you started, we’ve rounded up some of the most highly rated VPN providers in our comparison table.
Once you know what to look for in a VPN and have an idea of what it can be used for, we would like to make a few recommendations. The following VPNs have outshone the competition and fulfill all of the criteria discussed above.
We see these as the 6 best VPNs in 2021:
NordVPN emphasizes security and privacy above all else, but it won’t let you down when it comes to other features and capabilities. The Panama-based provider operates a blazing fast network of servers in over 60 countries. It uses strong encryption and maintains a true zero-logs policy.
NordVPN is capable of unblocking Netflix, Hulu, BBC iPlayer, and other streaming sites that normally block VPN users. With up to six simultaneous connections on a single low-price subscription, NordVPN offers one of the best value plans on the market.
Some servers are specialized for faster streaming or added security, including Tor over VPN and double VPN servers. A process-specific kill switch allows you to choose which apps get cut off from the internet in the event that the VPN connection unexpectedly drops.
Beginner-friendly apps are available for Windows, MacOS, iOS, Android, Linux, and Fire TV.
- Zero logs policy
- Strong security
- Fastest VPN we have tested
- Unblocks Netflix, Hulu, Prime Video, etc
- Six simultaneous connections allowed
- 5,000+ servers in 60+ countries
- A few unreliable servers
- Suffered a data breach in late 2019
BEST BUDGET VPN:NordVPN's simple interface hides its trove of tweak-able options and features so you can customize your experience. Great for streaming.
Read our full NordVPN review.
Surfshark is another newer provider that competes with larger providers at nearly every level. It excels at unblocking region-locked content like Netflix and other streaming services. Notably, Surfshark allows an unlimited number of simultaneous connections per account. Although it doesn’t have as many server locations, the speed and security are on par with the veteran providers.
Surfshark keeps no logs and is suitable for torrenting. Live chat support is at your disposal around the clock. It bypasses censorship in China and other countries where internet access is restricted.
Apps are available for Windows, MacOS, iOS, Android, Fire TV, and Linux, with browser extensions for Firefox and Chrome.
- Unlimited devices
- Works in the UAE and China
- Unblocks Netflix, Hulu, and BBC iPlayer
- Keeps no logs whatsoever
- Relatively small server network
- Occasional slow server
Read our full Surfshark review.
ExpressVPN excels in every facet of being a great VPN. It operates servers in 94 countries. You’ll rarely, if ever, encounter downtime. Speeds are the fastest of any VPN on this list, enough to stream 4K video and even live streams.
Torrenting is allowed, and the company keeps no identifying logs of traffic or metadata. Users can unblock Netflix, Hulu, HBO Go, and HBO Now on select servers. Live customer support is available around the clock. ExpressVPN bypasses China’s Great Firewall as well as any other censorship system thrown at it.
All connections are protected with bleeding edge security standards, second to none in the VPN space. A kill switch and DNS leak protection are built into the apps.
Available for Windows, MacOS, iOS, Android, Linux, Fire TV, and certain wi-fi routers. The apps are simple enough for even a complete novice to use. You will have to pay a bit more than the competition to avail of all these great features, but ExpressVPN is well worth the price.
- Strong security
- Fast speeds
- No identifying logs
- Unblocks Netflix, Hulu, Prime Video, etc
- Easy to use
- 24/7 live chat support
- Works in China
- Slightly more expensive
BEST FOR SPEED DEMONS:ExpressVPN excels on every front whether you’re an advanced power user or a novice just getting started.
Read our full ExpressVPN review.
CyberGhost has really come a long way in the past couple of years. It checks off every box when it comes to security and privacy. That includes strong encryption, leak protection, a kill switch, and a no-logs policy.
CyberGhost makes it easy to unblock your favorite streaming sites, including Netflix, Hulu, and BBC iPlayer, among many others. And instead of guessing at which server location will work best, you can simply choose the streaming service you want to unblock from a list in the app.
CyberGhost allows up to seven simultaneous connections. Apps are available for Windows, MacOS, iOS, Android, and Amazon Fire TV.
- Fast, streaming-optimized servers
- Connect up to seven devices simultaneously
- Kill switch on all apps and keeps no logs
- Apps are great for beginners
- Doesn’t reliably work in China or UAE
GOOD ALL-ROUND VPN:In addition to all of CyberGhost's great features, speed, and security, it also comes with a 45-day money-back guarantee, longer than any other provider on this list.
Read our full CyberGhost review.
IPVanish offers a sizable network of servers that it actually owns, rather than rents, in more than 60 countries. The US-based company holds to a strict no-logging policy and sports a top-end encryption suite. Torrenting is allowed, and IPVanish’s simple interface is particularly well-suited to Kodi and Plex users who operate their devices via a remote control instead of a keyboard and mouse.
Speeds are fast enough for quick downloads and seamless HD streams with very little buffer time. A kill switch and DNS leak protection are built in, as is a “scramble” feature that obfuscates traffic so your internet provider can’t tell that you’re using a VPN.
Simultaneous connections are unlimited, so it’s a solid option for a family or group of housemates. Apps are available for Windows, MacOS, iOS, and Android.
- Fast speeds
- Great security
- No logs
- Huge server network
- Great for Kodi
- Unlimited simultaneous connections
- Blocked in UAE
- Blocked in China
- Doesn’t unblock as many streaming services
FAST VPN:We run hundreds of automated speed tests every day, and IPVanish routinely scores highly.
Read our full IPVanish review.
PrivateVPN is a relatively young provider compared to others on this list, but that hasn’t stopped it from offering a competitive service. Every connection is protected by military-grade encryption, a kill switch, and leak prevention.
Despite it’s smaller server network, it’s proven to be adept at unblocking various streaming services, including Netflix and Hulu. Speeds are great, fast enough to stream in HD without buffering. Live chat support is at your disposal, though it’s not manned at all hours. PrivateVPN keeps no logs.
Apps are available for Windows, MacOS, iOS, Android, and Amazon Fire TV.
- Fast speeds
- Great at unblocking Netflix, Hulu, etc from abroad
- Strong security
- No logs
- Works in China
- Small server network
- Live chat not 24/7
SMALL VPN, BIG PERFORMANCE:PrivateVPN is an up-and-coming provider that performs on a level we normally expect from serious veterans.
Read our full PrivateVPN review.
How do the top VPNs compare?
|Lowest monthly price||$3.71||$2.49||$6.67||$3.33||$2.25||$2.08|
|Unblocks Amazon Prime||Yes||Yes||Yes||Yes||Yes||Yes|
|Unblocks BBC iPlayer||Yes||Yes||sometimes||Yes||No||Yes|
|Average speed tested||115 Mbps||71 Mbps||135 Mbps||58 Mbps||52 Mbps||71 Mbps|
|Encryption||256-bit AES||256-bit AES||256-bit AES||256-bit AES||256-bit AES||256-bit AES|
|Log policy||Limited logs||No logs||No identifying logs||No identifying logs||No logs||No logs|
|Protocols||NordLynx, IKEv2, OpenVPN||WireGuard, OpenVPN, IKEv2, Shadowsocks||OpenVPN, L2TP, PPTP, Lightspeed||Wireguard, OpenVPN, IKEv2||OpenVPN||OpenVPN over UDP or TCP, L2TP, PPTP|
|Works in China||Yes||Yes||Yes||No||No||Yes|
What is a VPN?
Short for Virtual Private Network, a VPN encrypts a connected device’s internet traffic and tunnels it through an intermediary server in a location of the user’s choosing.
How does a VPN work?
When you connect your computer or smartphone to a VPN and access a website, for example, all of the data traveling to and from that website first travels through the VPN server. Between the VPN server and your device, the data is encapsulated in an encrypted tunnel.
This has two main effects. The first is that your connection is secured against anyone who might try to intercept your data between you and the VPN server. This could include a hacker on the local wifi network, the internet service provider, or even government snoops. Second, you can access the internet as if you were located wherever the VPN server resides. If you live in Europe and connect to a VPN server in the US, for example, you can access American content and services.
Is using a VPN legal?
Using a VPN is 100 percent legal in almost every country, with a small handful of exceptions such as Iran and possibly the United Arab Emirates. Even though many countries censor the web, accessing censored content through a VPN does not constitute breaking the law.
Note, however, that what you do while connected to a VPN is a completely different matter. If you use a VPN to do something that is illegal in your country, such as pirating copyrighted material or accessing online gambling sites, those are activities are still illegal. A VPN can hide such activity from your internet service provider and authorities, but we advise against doing anything illegal and expecting the VPN to shield you.
In some countries, even though there are no laws against using a VPN, it may be illegal to operate a VPN. This is the case in China, where a recent regulatory notice made it illegal for VPN providers to operate in the country without a license. Other countries, like the UK, have implemented mandatory data retention laws that require VPN providers to log the activity of their users. This defeats the privacy purpose of a VPN, so be wary of VPNs that operate servers or are incorporated in these countries. Be sure to read privacy policies before signing up.
Why use a VPN?
VPNs have several uses, including:
- Protecting your privacy from hackers and your internet service provider
- Accessing region-locked content
- Torrenting safely
- Bypassing web censorship in schools, offices, and countries like China
- Secure public wi-fi connections
Should I pay for a VPN? How much does a VPN cost?
Paid VPNs typically cost between $3 and $10 per month, with lower rates for longer subscription terms.
We strongly recommend avoiding free VPN services, which lack the privacy and security of their paid counterparts, don't unblock streaming sites like Netflix, don't allow torrenting and won't bypass censorship like China's Great Firewall. Many free VPNs harvest user data and sell it to advertisers, which defeats the purpose of using a VPN for privacy.
Finally, free VPNs tend to have data caps, bandwidth limits, and long queue times.
Can I use a VPN to access streaming sites like Netflix from abroad?
Yes. With a VPN you can change your IP address, which is how most websites and apps determine your location. For example, if you live in the UK and would like to access the US Netflix catalog, you can select a US-based server and browse freely from there. Similarly, you can do so if you live in a country where Netflix is not yet available. You will still need to purchase a subscription.
In early 2016, Netflix started blocking many VPNs, but most of the VPNs we recommend still work.
Will a VPN slow down my internet speed?
Yes, but it might not even be enough to notice.
Some VPNs are faster than others, but assuming you can max out your available bandwidth, expect your download speeds to slow down about 10 percent.
There are other factors to consider, such as your CPU speed, distance to the VPN server, and congestion on the network.
Will a VPN work in China?
It will depend on the VPN provider that you choose.
Some VPN providers have been blocked or banned. If you check the GreatFire.org resource, you can find a list of sites that are blocked. Among this list are the sites of several VPN providers. This makes it difficult to access the means to download the software. If you travelling to China and would like to use a VPN while there, we recommend downloading it before you leave.
How does a VPN differ from Tor or a proxy?
Tor is a volunteer-run decentralized network of computers that anyone can connect to for free. Tor is designed for anonymity, so it’s almost impossible to track a user’s activity back to them. When you connect to Tor, your connection is routed through several of these computers, called nodes, in a random sequence.
While Tor has its uses, it’s much slower than a VPN. It’s not suitable for torrenting or streaming. Many websites block connections from the Tor Network, and depending on where you live, connecting to Tor might raise eyebrows at your ISP or local law enforcement. Tor is used to access websites on the dark web, and is often associated with criminal activity.
VPNs usually only route your connection through a single server operated by the VPN provider. Using one requires you to trust that the VPN provider is properly securing data and not snooping on your internet traffic. But you can be more specific about the location that you’re connecting to, and speeds are much faster. Your IP address remains hidden from everyone except the VPN provider, and your ISP can’t decrypt the contents of your internet traffic.
Other types of proxies like SSL proxies, HTTPS proxies, SOCKS proxies, and DNS proxies are similar in that they route internet traffic through an intermediary server. But they might be limited to specific apps or types of data, and they don’t offer the same level of security as an encrypted VPN. They can be useful for unblocking a website or app, but if you want full protection for your entire device with fast speeds to boot, stick with a VPN.
How do I set up a VPN?
All of the providers we recommend on our site make their own VPN apps. Getting set up is a simple matter of downloading and installing the app, inputting your username and password, and hitting the Connect button. Configurations for all of the servers come built in, so selecting a location is as easy as browsing through a list.
Some VPNs do not make apps, however, and require manual configuration. Many operating systems have built-in VPN settings, but setting up a VPN this way is much more tedious and doesn't offer the additional security benefits that come with good VPN apps.
What to look for in a VPN
In this section, we’ll detail the main factors by which you should judge and compare VPNs. We’ll cover privacy and security, speed and reliability, apps, server selection, customer service, and more.
Privacy and security
For many VPN users, privacy and security are the top priority. The two most important factors here are encryption and logging policy, but there are a few other details to look for as well.
Logging policy refers to the records about user activity that a VPN collects. These records can be divided into two main categories: traffic logs and metadata logs. The former is our prime concern.
Metadata logs include data about how you use the VPN, but not the actual contents of your VPN traffic. This typically includes timestamps of when you used the VPN, the amount of data and bandwidth consumed, and which servers you connected to. These are typically used for diagnostic purposes and are not too much of a concern for most users. The exception is if the VPN records the user’s real IP address or VPN server IP address of the user, which can tie activity on the VPN back to a particular device. We recommend staying away from VPNs that record your IP address.
Even if a provider says it does not log, there is really no way to know for sure if they are being truthful. At a certain point, you must take them at their word and based on any public precedent of law enforcement inquiries or court orders to access user logs.
Encryption suite entails three main things: channel encryption, key exchange, and authentication. Without getting too technical, these three stages of encryption make up a VPN’s encryption suite that is used to secure your internet traffic so no one else can see it. If your internet traffic is intercepted, the encryption ensures that all the person who intercepted it can see is jumbled text. VPNs use asymmetric encryption, similar to what’s used when you access an HTTPS website.
Most VPNs only advertise their channel encryption, which is the encryption level of data in transit to and from the VPN. This is usually 128-bit or 256-bit AES. As you might have surmised, 256-bit is stronger, but 128-bit is perfectly fine and uncrackable with today’s computing power. If 128-bit encryption takes 5 years to crack and 256-bit takes 50 years, the difference doesn’t really matter–no one is going to see your online activity.
Just as important but less advertised are the encryption level on the key exchange and authentication. Before you start transmitting data, your device and the VPN server need to verify that the other side is who they say they are. This is done using authentication. They then must exchange a secret key over a secure channel. That key is then used for channel encryption. This process is called “asymmetric encryption” or “public key cryptography“. VPNs use a system called RSA to perform this key exchange.
Without getting too technical, prospective VPN users should look for sufficiently strong RSA key sizes and authentication. We recommend 2,048-bit RSA keys and SHA2 (which includes SHA256 and SHA512) authentication. A bonus is perfect forward secrecy, which routinely changes the keys so old ones cannot be used to compromise old ones. All of this will ensure that no one will be able to decrypt your VPN traffic.
DNS leak protection prevents DNS requests from being sent outside of the encrypted VPN tunnel over the unencrypted ISP network. DNS, or domain name system, is used like a phone book to associate domain names like “comparitech.com” with an IP address for the server that a site is hosted on. Anytime you access a site for the first time, a DNS request is sent to a DNS server to look up this information.
Normally, this request is sent to the nearest DNS server owned by your internet service provider. But when using a VPN, it’s preferable for the DNS requests to be tunneled to the VPN server along with all of the other traffic. A DNS leak occurs when the DNS request is sent outside the VPN tunnel, thus disclosing what websites you are visiting to your ISP and your approximate location to the website.
To prevent this undesirable behaviour, many VPNs have implemented DNS leak protection that ensures all DNS requests are sent through the VPN tunnel. The best VPNs operate their own private DNS servers at each location, but some others will use public DNS servers such as those supplied by Google.
Note that even VPNs that claim to protect against DNS leaks still struggle to contain IPv6 requests. Most VPNs simply block IPv6 requests and force everything onto IPv4. But even then IPv6 requests can slip through, particularly on Windows 10 computers that send multiple requests in parallel. You can check if your VPN is leaking DNS requests using our DNS leak test tool. You may consider disabling IPv6 on your device if IPv6 leaks are a concern. Learn more about IPv4 and IPv6 in this article.
A Kill switch is a mechanism built into a VPN app that halts all internet traffic to or from a device in the event that the VPN connection suddenly drops. This has become a common and important feature built into VPN apps made by the best VPNs. If the VPN unexpectedly disconnects, internet traffic can leak over the unencrypted ISP network and reveal your activity, location, IP address, and other details. A kill switch, sometimes called a network lock, prevents this from happening until the connection is reestablished. Kill switches are particularly important for P2P filesharing.
Country of incorporation is an important factor to consider when choosing a VPN. Some countries have invasive data retention laws that require VPN providers to disclose customer information on demand. Others, like the United States, don’t have such laws but do have overreaching intelligence and law enforcement agencies. In the United States, for example, it became all too common for the NSA and FBI to request data on users from technology companies using warrants, subpoenas, and national security letters (NSL), often placing gag orders barring the companies from revealing that they were under investigation.
The United States does not have data retention laws that apply to VPNs, but it is doubly vital that VPNs incorporated there have strict no-logging policies. Then, if the company receives a court order to disclose user information, they simply will have nothing to disclose. We recommend avoiding VPNs incorporated in countries with data retention laws, such as the UK, as they will have no choice to but to log.
Speed and reliability
Many VPNs claim to be the fastest, but “fast” is a vague term and in reality there is no such thing as one single “fastest” VPN. That being said, some VPNs are certainly faster than others.
To start off, look for VPNs that offer unlimited bandwidth and no data caps. That will include most paid VPN services and all of those on our list.
VPN speed varies for several reasons: network congestion, server load and capacity, proximity to the server, level of encryption, protocol, compression, and more. Recently, many VPNs have migrated to Wireshark-based protocols, which have proven substantially faster than older protocols like OpenVPN and IKEv2.
For the fastest speed, you will generally want to connect to the geographically nearest server during a time when no one else is using it. That’s easier said than done, as you will likely want to connect to a VPN in another country. Some VPN apps include built-in speed testers or display the current server load, so you can check which ones are likely to be the quickest.
Even on the fastest server, you should expect at least a 10 percent reduction in speed from your normal ISP connection. This accounts for the encryption and decryption of data on the VPN server and your device, plus the extra time it takes to route traffic through the VPN server instead of transmitting directly.
When most people talk about speed, they’re referring to download bandwidth, or how much data you can download at a time. Similar to ISP services, this is measured in megabits per second, or Mbps. We conduct download speed tests in all of our reviews.
Some users might be more concerned about latency, also known as lag or ping time. This is the time between when your device requests information from a server and to receiving that server’s response. Whenever a quick response time is crucial, such as when online gaming or video chatting, latency can be a bigger concern. Latency is measured in milliseconds. To get the lowest latency on a VPN, choose the server either nearest you or nearest the server hosting the content you are accessing.
Possibly more important than speed is reliability. VPNs vary widely in speed depending on the time of day and what content you’re accessing, among other factors. But poor reliability means connections can unexpectedly drop altogether, or the speed suddenly sinks so low that the VPN is unusable. When VPNs score poorly in our tests, it is usually because they are unreliable, not because they are consistently slower than competitors.
We actively curate a list of what we believe to be consistently fast VPNs, while also taking into account stability, security, unblocking, number of servers, and other important factors.
Most commercial VPN providers make their own bespoke app that their customer can use to quickly get set up and connected to the VPN. While it’s usually possible to use a third-party and/or open-source app, or use the VPN support built into your operating system, doing so usually entails the tedious task of configuring each VPN server separately.
Most VPNs make apps for Windows, MacOS, iOS, and Android. Some make apps for Linux, Fire TV, and wi-fi routers as well. If you use a BlackBerry or Windows Phone, your search might well be in vain.
Apps can also come with added security and features not available in third party apps. This includes DNS leak protection, kill switch, server testing, and more.
We evaluate VPN apps based on what features they include as well as their overall design and quality. A good app should be lightweight, intuitive, and simple enough for an absolute layman to set up and use.
If you have an Android device but no access to Google Play, check to make sure you can download the .apk file directly from the VPN provider’s website instead.
A rare few VPNs make wifi router apps or replacement firmware to get your whole house or office on the VPN. This is especially useful to connect closed environment devices that don’t support VPNs at all, including game consoles (PlayStation, XBox) and video streaming devices (Roku, Chromecast, Apple TV). Any device connected to the VPN-enabled router can have its internet traffic sent through the VPN.
Setting up a router to use a VPN often requires flashing new firmware onto the device. That means replacing the existing firmware with either a bespoke firmware created by your VPN provider or an open-source firmware such as DD-WRT or Tomato. This process varies depending on the firmware and router model, so make sure you’re using the correct firmware version for your specific model and follow the instructions to the letter. Failure to do so could brick your router and permanently damage it.
Some router firmware not only supports VPNs, but also supports a feature called split tunneling. This will allow you to choose which devices will have their traffic tunneled through the VPN, and which will use the standard internet connection.
The core purpose of a VPN provider is to provide servers for their customers to connect to. The server is the exit point through which you access the internet, and it determines your perceived location and sets your IP address.
When choosing a VPN, the number of servers isn’t indicative of performance, and should not weigh in your decision. VPN servers can have different sizes, performance, and bandwidth, and some VPNs have more users than others, so a total server count doesn’t actually mean much. It’s more important to find a VPN with servers in the locations you want.
VPN providers usually advertise one of two metrics: the total number of servers, and the total number of locations. The number of servers a VPN provider needs depends on how many customers it has, which should be enough to prevent the most popular servers from being overloaded at any one time.
For the average user, the location of servers is probably more important. For accessing geo-locked content in other countries, it’s obviously useful to have servers in as many places as possible.
The United States and Europe are the most popular places to operate servers, while countries with invasive data retention or internet snooping systems are far less popular, such as China and Iran.
Some VPNs will list every server in every location for users to connect to, while others will simply list the location and automatically connect to the best one.
The majority of commercial VPN providers rely on shared, dynamic IP addresses. This means dozens, and even hundreds of users who connect to the same VPN server are assigned a single IP address. This setup is mutually beneficial for the customer and the provider.
Sharing and IP address with other people makes it far more difficult to trace activity back to a single user. “Dynamic” means the IP address regularly changes, so you aren’t using just one IP for a long period of time, which adds another layer of anonymity.
For the provider, using shared dynamic IP addresses results in significant overhead savings. Assigning every user their own permanent IP address would be far too expensive. Shared dynamic IPs allow the company to assign a fraction of the IP addresses and recycle them as needed.
Some providers do, however, offer private, static, and even dedicated IP addresses. A static IP never changes, which is useful for websites that require you log in from the same device, such as banking sites. Static IPs can be shared or private and are sometimes included for free with the standard VPN service.
Dedicated IPs are both static and private. They are assigned to you and you alone. Dedicated IPs are typically used by businesses or for special cases in which the user needs to host content behind a VPN. Dedicated IPs usually cost extra and are assigned on a case-by-case basis.
Customer service is an important aspect to consider when deciding on a VPN. Whether you need help getting set up, need to troubleshoot some technical difficulties, or just want to know which servers can unblock Netflix on a particular day, good support can go a long way in ensuring a frustration-free experience.
Most VPN providers rely on either live chat support or a ticket submission system. Phone support is rare because customers are scattered around the globe, and it would be too costly to offer phone support in every country. We’re assuming you speak English since you’re reading this article, but if you prefer another language, make sure the VPN you choose has customer support in that language.
Ideally, 24/7 live customer support chat is the best option. But be aware that live chat systems often introduce a third party into the mix to help provide that service, such as Zendesk. If privacy is your top concern, you may not want your chats and details passing through Zendesk’s hands. In this case, opt for a provider that uses an in-house ticket submissions system.
Some VPNs also host their own forums where users can post questions or suggestions in public for company representatives and other users to respond to. This creates a useful knowledge base of information.
Most paid VPN providers allow you to connect more than one device to the VPN at the same time, but how many varies depending on your plan. For a single subscription, the number of simultaneous connections usually ranges between two and six. If you plan on sharing your VPN subscription with housemates or family members, this can be an important factor to consider.
Sometimes these connections are device-agnostic, while other times they may require you connect different types of devices. For example, you may be allowed to connect one laptop and one smartphone, but not two laptops or two smartphones.
Note that if you connect your wifi router to the VPN, it counts as a single device no matter how many downstream devices are connected to it. You could connect a dozen devices to a VPN enabled router, and the provider would only register a single device connected. Note that this might start cutting into your speed, though.
Surfshark and IPVanish both offer unlimited simulatenous connections.
Split tunneling lets you choose what internet traffic goes through the VPN and what goes through an unencrypted, direct connection. Split tunneling can happen at an app level or at a device level.
Many VPN providers now have apps with built-in split tunneling that lets you decide which apps do and don’t use the VPN. For example, you can set your torrenting app to always use the VPN and your music app to use a direct connection.
For VPNs with router apps, split tunneling can happen at a device level: you choose which devices in your household use the VPN and which do not.
For most people, price will play a significant role in their decision to buy a VPN. This is understandable, but we encourage you to give equal or more weight to the other factors we’ve discussed here.
Many VPNs offer free trials or money-back guarantees so you can test them out before committing. Typically, you’ll get a much lower monthly price if you pay for a whole year or two up front rather than paying month-to-month.
In particular, we strongly recommend you avoid free VPN services. As the adage goes, if you don’t pay for the product, you probably are the product. Free VPNs typically offer a lower-quality service and can even have counterproductive consequences for your privacy.
Lastly, VPN subscriptions often come with bonus features that extend your VPN’s capabilities. These include SOCKS5 and DNS proxies, obfuscation, Tor over VPN, double VPN connections, modulating IP addresses, malware and ad blocking, DDoS protection, and so on.
Depending on what you need, these can be the deciding factor between two or more VPNs.
What you can do with a VPN
VPNs are used for a wide variety of purposes. Generally speaking, the two primary reasons people use VPN are to improve privacy and unblock content and services. We’ll cover a few of the major use cases here.
Uncensor the web
In many countries and certain environments, the web is censored. Nationwide censorship is especially prevalent among autocracies in Asia and the Middle East, although they are far from the only countries to block websites, apps, and other online content.
In countries like China, Iran, and the UAE, VPNs have become commonplace, especially among expatriates, as a reliable means to bypass censorship systems and access the web normally. A VPN allows someone in Beijing to use Facebook or someone in Dubai to make Skype calls, for example.
VPNs can also uncensor the web in government or corporate settings, such as offices and schools where firewalls and blacklists prevent staff and students from accessing restricted content.
Unblock region-locked content
Due to an archaic content licensing system, many of our favorite movies, TV shows, video games, and music are fragmented by country. Netflix might stream a show in the US that it is not allowed to stream in the UK, for example, because a different company owns the distribution rights to that show in England. Some streaming services like Hulu and HBO Now are not available outside the US at all, even if you are just traveling outside the country for a few days.
These rules are extremely frustrating for customers and can often seem arbitrarily unfair. But a VPN can help.
When you connect to a VPN, you are assigned the IP address of the server you connect to. Most apps and websites determine your location according to this IP address. So by connecting to a VPN, you can “spoof” your location and access content available to whatever country or region the server is located.
VPNs can unblock other country’s Netflix libraries, Hulu, HBO Go, HBO Now, BBC iPlayer, and much more. Note that while doing so is not illegal, you might be breaking the streaming company’s terms of service, although that’s rarely enforced.
Some companies have taken action against VPN users by blocking connections from known VPN servers. Only a handful of VPNs still work with Netflix and Hulu, for example.
As more and more events are live streamed online, regional blackouts are another problem VPNs can help with. A blackout occurs when a live event is unwatchable online because a local alternative has purchased exclusive broadcasting rights. This is often the case with sports games and matches, to the outrage of users who can’t stream the games they want to see most–those played by their favorite local teams. By connecting to a VPN server outside of the blackout region, however, blackouts can be bypassed.
Stop ISP snooping
All the data you transmit and receive online goes through infrastructure owned by your internet service provider, or ISP. That means your ISP can know more about what you do online than any other entity. If it so wishes, your ISP can monitor every web page you visit, item you purchase, message you send, video you watch, and file you download. It is not uncommon for ISPs to collect this information and use it to sell advertising.
The situation in many countries has recently become more invasive. In the US, ISPs can now sell this data without restrictions to third parties without your consent. ISPs are also known to work with law enforcement and government intelligence agencies to spy on both citizens and non-citizens alike, even if they are not suspected of any wrongdoing.
A VPN effectively nullifies ISP snooping. By encrypting all your internet traffic before it leaves your device, your ISP cannot decipher it and see your online activity. Nor can it determine where you go online because it can only see that data is travelling to a VPN server, not the final destination.
Note that this still requires you to trust your VPN provider not to turn around and snoop on your traffic itself. Most VPNs have strict no-logging policies, but those policies are voluntarily enforced and require you trust the provider with your data. It’s also important to double check that your VPN is not leaking DNS requests onto your ISP’s network. You can read more about logging policies and DNS leak protection above.
Secure Wi-Fi connections
When you connect to the internet at a cafe, hotel, or airport, you’re doing so on either on an open network or at least a network that a stranger knows the password to. This means the network is effectively unsecured. Hackers can take advantage of this vulnerability and use it to capture traffic sent by other users over the internet. That means the hacker can monitor and log anything you do online that isn’t encrypted.
Not only can hackers view your data; they can modify it. In a man-in-the-middle attack, a hacker can intercept data and change it for nefarious purposes. This could be used to direct you to malware-infested websites or change the contents of messages before they are received, for example.
By encrypting all the internet traffic going to or from a device instead of just some of it, a VPN secures connections made on open wifi networks against hackers.
Anonymous torrenting and streaming
If you download files via torrent or stream content from unsanctioned sources, then a VPN is your best friend. Torrenting and streaming content from certain websites online are often frowned upon by ISPs. As a result, ISPs can throttle your bandwidth or even suspend your service.
BitTorrent and other P2P services like Acestreams also open you up to a number of security vulnerabilities by disclosing your ISP to anyone else downloading or uploading the same content. This can create a possible attack vector or allow you to be targeted by copyright trolls, who send threatening settlement letters in order to pressure downloaders into forking over large sums of cash.
By assigning you an IP address that’s shared with dozens or even hundreds of other VPN users, a VPN makes you effectively impossible to trace without the explicit help of the VPN provider. Because most reputable VPN providers don’t keep logs of who does what when, this isn’t a problem. And since all your traffic is encrypted, ISPs can only see that data is being downloaded, but not what that data contains or where it is coming from.
One of the first things you might notice when researching VPNs is all of the different protocols they use. A protocol is simply the format in which a VPN transmits data. Protocols are usually paired with a layer of encryption to keep the contents of your data in transit a secret. Different protocols offer varying ranges of speed and security.
- Wireguard is the latest trend being adopted by several major VPNs, including NordVPN, StrongVPN, and Surfshark. It is a lightweight, open-source protocol that has proven to be quite a bit faster than the others. It requires a third-party app to use on most devices.
- While there is no one agreed-upon “best” protocol, OpenVPN has become the standard for most commercial VPNs that offer a custom app. It is open source and therefore subject to inspection and audit by the public.
- L2TP/IPSec and SSTP are common protocols frequently built into major operating systems like Windows, MacOS, Android, and iOS. These are not open source but are generally regarded as secure, with no significant difference in speed from OpenVPN.
- PPTP is the “original” VPN protocol. It is faster than its rivals and easier to configure, and it is built into most major operating systems. It is no longer secure, however, and contains many known vulnerabilities. We therefore do not recommend using it if privacy is at all a concern.
- Finally, there is IKEv2, a newer protocol that’s especially useful for users on 3G and LTE connections. IKEv2 is secure and adept at quickly reconnecting if the connection drops, making it a favorite among iOS and Android users.
- A few VPNs have developed their own custom protocols, such as ExpressVPN’s Lightway or Hotspot Shield’s Hydra. We recommend sticking to open-source protocols like Lightway over black box proprietary protocols like Hydra.
You can read more about VPN protocols here.
Avoid free VPNs
It’s common practice for free VPNs to monitor and record user activity, insert tracking libraries and persistent cookies to gather data for advertisers, and even inject advertisements into your web browser. Free VPNs can also contain malware that will infect your system. A 2017 report (PDF) published by a group of researchers from several institutions including UC Berkeley and CSIRO showed that 38 percent of the Android VPN apps on Google Play contained malware or malvertising, 84 percent leaked users’ web traffic, and 18 percent didn’t encrypt data at all.
Other than those obviously bad practices, free VPNs also typically have far fewer servers to choose from, are significantly slower, limit bandwidth, and cap your data.