What is the best VPN? These three guarantee privacy and security.


Comment

It’s one of the most asked questions at the Washington Post Help Desk: Do I need a VPN — and if so, which one?

Interest in virtual private networks, a technology that helps you hide what you’re doing online, surged after the Supreme Court ended legal abortion in some states and dramatically raised the stakes for privacy digital.

There’s only one problem: there are hundreds of VPNs out there, and some of them are snake oil. Many over-promise, making you think your business is more hidden than it really is. Some may sell themselves as free, but secretly exploit your web browsing for profitWhere hand over to the government. Constant industry consolidation means that a VPN you trust today could be dodgy next month.

And to make matters even more confusing, some VPN reviews are just paid promotions. “We are very concerned that this misleading advertising gives abortion seekers a false sense of security when seeking abortion-related care or information,” said Rep. Anna G. Eshoo (D -Calif.) and Sen. Ron Wyden (D-Ore.) wrote in a recent letter at the Federal Trade Commission.

The short answer: Be especially wary of any free VPN. And three paid VPNs are more successful in earning our trust, according to researchers at consumer reports and press freedom foundation who have each recently conducted independent reviews of the market. They are:

  • IVPNwhich costs $5 per month with a one-year plan.
  • Mullvadwhich costs €5 per month (currently $5).
  • Mozilla-VPN (from the makers of the Firefox browser), which costs $5 per month with a one-year plan.

It’s not necessarily the VPN brands that advertise a lot. If your current VPN isn’t on this list, that doesn’t necessarily mean you have a problem, but keep reading.

Before downloading anything, we should have a chat about whether you even need a VPN. Reader Lev Raphael from Okemos, Michigan asked us the most important question: “What protection, if any, does using a VPN provide?”

Not as much as you might think. What a VPN does is act as a tunnel between your computer and the internet, preventing your service provider from seeing what you are doing online and also hiding your internet address from the sites you visit.

If your problem is being spied on by Big Tech companies like Google, a VPN won’t help you much: once you’re signed into their services on your phone or laptop, they can still track you around the web.

OK, Google: to protect women, collect less data on everyone

There are plenty of other steps I would recommend to improve your privacy and security before getting a VPN. Get started with our super handy step-by-step guides to privacy and security basics. And if you’re particularly concerned about the privacy of reproductive health information, this guide will walk you through the key considerations.

With that out of the way: a VPN can be useful if you want to hide what you’re doing online from your ISP or secure the data that comes back to your computer. ISPs can amass large amounts of sensitive information, even in the United States. Just know that hiding from ISPs has become a little less necessary in recent years as more websites and apps have started encrypting their traffic. (Look for the little lock logo next to the web address.)

A VPN can also be useful if you’re on a public or unsecured network or if you’re in a place where the internet is monitored and censored (like your school, office, or China). Some people also use VPNs to access video streaming services abroad with geo-restrictions, called “geoshifting”.

What Makes a VPN Trustworthy?

“Choosing a VPN is choosing a substitute for your internet service provider — a provider that you’re going to trust with your information,” said Kendra Albert, clinical instructor at Harvard Law School’s Cyberlaw Clinic.

The problem is that too many of them are, in fact, saying, “the pink promise trusts us”.

We therefore owe a debt of gratitude to Yael Grauer’s recent investigations of CR and David Huerta of FPF. Studying many popular VPNs, they tried to see which ones made privacy and security claims that could stand up to scrutiny. Most couldn’t. That’s not to say they’re not necessarily safe, it’s just that it’s hard to know.

Both researchers agreed that Mullvad, Mozilla VPN, and IVPN did a better job. There were five major technological and political factors that made them more trustworthy.

  • They do not log your activity. These three companies go a step further by minimizing information about their users. If a company doesn’t have your data, they can’t sell it or have it stolen. Nor can he turn it over to the government.
  • They take advantage of the latest and most secure technologies. All three use an underlying communication protocol called WireGuard.
  • They carry out (and make public) regular external audits. These services allow security professionals to regularly survey their systems to make sure they are doing what they say they are doing. Then they publish the reports: Here Mullvad, Mozilla-VPN and IVPN.
  • They don’t sell too much: These three “don’t claim to offer a higher level of service than they actually do,” Grauer said. Some 12 of the 16 VPNs she tested weren’t completely honest, including saying they offered “military-grade” encryption — something that doesn’t actually exist.
  • They have a circuit breaker. This can ensure that your internet traffic doesn’t inadvertently leak if your VPN connection fails (which can happen from time to time).

Are there important differences between the three recommendations? Mullvad and Mozilla VPN are essentially the same where it counts: Mozilla outsources its servers to Mullvad, although their app designs and payment systems are different. Mullvad doesn’t accept recurring subscriptions because it says having “a lasting connection to your bank account – and therefore your identity” is a privacy risk. Mozilla VPN can also integrate with some nifty privacy protection features of their Firefox browser.

IVPN takes a few extra steps itself: all the technology to operate and maintain its applications, infrastructure and administrative processes is hosted on its own servers. This means less risk of an unexpected leak.

Remember, these are the recommendations in 2022. “The results might be different the next time we evaluate,” Huerta said. Reports like this raise the bar for VPNs to compete on privacy and security, rather than price, so others can join the recommended list.

What if you’re just trying to stream a video?

In my testing, all three of these services were easy to set up and use, but one big problem arose: I couldn’t stream video. With one of these VPNs enabled, Hulu displays a message that reads: “Hulu is not available in your area, or you may be using a VPN”.

In recent years, streaming services looking to reduce global usage have developed better technology to detect a user’s location.

If you’re less concerned about privacy, you might be able to find different VPNs that might work…for a while. “It’s like a mole-scoring game,” Grauer said. But this problem is not unique to these three or more privacy-focused VPNs.

Even if your priority is streaming, not privacy, you need to be on your toes. The most suspicious VPNs are often those that claim to be completely free. They have to pay the bills one way or another, and your personal information could be the culprit.

Previous Johnson & Johnson CISO Marene Allison: "You can't sit on today's technology"
Next July 18 Webinar: IP Roadshow in Southeast Asia

MENU

Back