Every year since 2003, Securethoughts.com has extensively researched VPN Services. We work with industry experts and security professionals and regularly poll customers to get their feedback. Our top pick for best VPN service for 2017 is ExpressVPN. Also the table below shows our top three VPN picks for 2017.
Top Pick: Express VPN
Express VPN is our top pick for most users due to its combination of excellent performance and security, attention to usability, a huge number of exit nodes in 36 different countries and attractive pricing. It isn’t perfect—and might not be ideal for everyone—but it offers the best overall value of the services tested.
At $8.25/month, Express is the least expensive of the services tested. (Express also offers a 30-day, money-back guarantee.) Those couple dollars a year will get you multiple simultaneous connections, so you can connect your smartphone, computer and a tablet all at once. Express also offered over 30 servers in numerous countries, one of the strongest resource bases I reviewed. This means it will be easy for you to find an available server with plenty of bandwidth, no matter where.
The installation process for Express on both Windows and Mac was easy and straightforward. However, some obvious settings, such as DNS Leak Protection—which blocks ads and trackers—was not automatically turned on. Turning them on was pretty easy and should be sorted out without a problem with just a click or two.
Once the app’s settings are configured to your liking, you can choose an exit node and connect with just one click. On a PC, right-click the Express logo icon in the Notification Area and choose a country or region; on a Mac, click the Express menu bar icon and choose a country or region. Choose Disconnect from the same menu to end your connection. This is as it should be—too many VPN apps make you jump through additional hoops to open an app, switch to a settings page, select a server, and then connect.
A delightful touch on the Express menu is a Send Slow Speed Complaint command. If you connect to a server with unusually slow throughput, you can simply disconnect and try again, but reporting the slow server before you disconnect can signal to the company that a server is underperforming and help the service reprioritize server selections for other users.
Express offers a VPN Kill Switch option, which is useful but potentially annoying. The idea is that any thing could cause your VPN connection to drop unexpectedly. If that were to happen, you might not notice, and whatever you were doing online would immediately become visible to anyone who happened to be watching your connection. With the kill switch enabled, as soon as it notices that your VPN connection has disappeared, it cuts off all internet access for your device to prevent data leakage. That’s handy for security, but it also means you won’t be able to do any conventional web surfing, emailing or whatever—even with your VPN connection disabled—until you turn off that feature. (And as the Express app warns you, enabling this feature is not reliable if your device has more than one network connection.)
Although the feature set and interface are nice, what really won me over to Express was its performance. In almost every test I performed (with a variety of exit nodes and on multiple platforms), Express’ download and upload speeds were at or near the top—and often way ahead of everyone else. In fact, although the table above shows only averages, I saw downstream throughput as high as 98 percent from U.S. exit nodes, which is truly extraordinary. VPNs always make network access at least a bit slower, but Express had the lowest impact of any VPN I’ve ever used.
Imperfections I Can Live With
I said that Express isn’t perfect, and therefore may not be the best choice for everyone. There’s one thing that wasn’t perfect, but I was more than happy to work with:
- Some blacklisted exit nodes. Despite Express’s SMTP blocking (see the final bullet point), several of the exit nodes I tried had their IP addresses listed on various spam blacklists. This means I might have had trouble sending an email to certain addressees while connected to those exit nodes, and it implies that some Express customers are abusing the system to send spam. However, I never saw a U.S. exit node with a blacklisted IP address, and it was always simple enough to reconnect to a different server.
If Express’s Not For You: IPVanish
As I studied the statistics for the five other VPN services I tested, no second-place contender immediately stood out above the others. But then I realized that during my testing, I’d found something particularly annoying about almost every service (as I explain later). IPVanish was the one that didn’t annoy me! I don’t mean that to sound like a back-handed compliment either. The best thing a VPN service can do is to work quietly and diligently in the background; it shouldn’t require a lot of thought, effort or fiddling. In my experience, IPVanish just works, and even if its throughput is unexceptional, it does have quite a few things going for it, including some features even Express doesn’t have.
The desktop app is easy to install and configure. However, you can’t use the system-wide menu to choose and connect to an exit node directly as you can with Express. Instead, you have to open the app, click to display a list of servers, click again to select one and then click a third time to connect. That’s not exactly an onerous process, but it’s less efficient than Express.
IPVanish has three features not found in Express that I find particularly interesting:
- Multi-hop connections. If you want an extra layer of privacy protection, you can opt for a multi-hop connection in which the VPN client first connects to an intermediate server (in a location of your choice) and then to an exit node in a different location (also of your choice). This makes it harder for an attacker to locate you or trace your connection, although it does impose a non-trivial speed penalty.
- IPVanish’s firewall option is somewhat like Express’s kill switch in that it disables all internet traffic that doesn’t go through the VPN connection. However, unlike a conventional kill switch, the firewall can be active even when the IPVanish app isn’t—including during your computer’s boot process. This protects you even if the IPVanish app crashes. On the other hand, if you enable this option without realizing how it’s designed, you may find yourself scratching your head at why your computer has no internet access when the VPN is disconnected—I did. Luckily, you can customize the behavior of the firewall to meet your needs.
- Perhaps my favorite IPVanish feature is an option that makes the app automatically connect to the last VPN server you used when it detects that you’re on an unsecure WiFi network. For example, I opened the IPVanish app while sitting at a Starbucks, and it immediately informed me it was connecting to the VPN because it noticed that my laptop was connected to a public WiFi network.
In short, the only things about IPVanish that keep me from considering it as my top choice are the lackluster throughput. But as I’ve said a few times, your performance may certainly be different from mine, and you may well find the extra features worth the money.
The four other VPN services that made my shortlist based on the must-have criteria I selected are also worth considering, but impressed me less in my tests.
On the plus side, HideMyAss had the highest downstream throughput from Swedish exit nodes of the services I tested (at least on desktop computers) and excellent throughput from U.K. exit nodes too. (Throughput from U.S. exit nodes wasn’t impressive.)
The company’s Facebook page claims they offer a 12-hour free trial, but I couldn’t find anything about that on their official website. I inquired by email and got a reply the next day pointing me to their Terms of Service page, which explains that if you want a free trial (which in fact lasts 24 hours), you have to sign up for an account and then email their support department. That’s better than nothing, but it’s not exactly a simple or quick process.
HideMyAss is the only one of the services I tested that offers no custom apps for any platform; you must use a third-party OpenVPN app. Configuration guides are provided for each platform, and they’re fairly good, but the process was more laborious than it should have been. I couldn’t shake the feeling that HideMyAs was kind of phoning it in. It was hard for me to take the service seriously when it put no effort into customizing its user experience or adding special features like so many of its competitors and couldn’t be bothered to simplify the process of obtaining a free trial.
Apart from that, the VPN connection itself was fine. The one (very minor) red flag I saw was that when connecting to a U.K. exit node from a desktop app, the service assigned me DNS servers that were located in Sweden. This is only a concern in the sense that it could signal to a website that I’m doing something unusual and likely trying to hide my location.
When I arrived at my shortlist of six contenders, I had every reason to expect they’d be highly competitive with each other. On paper, they all sound fantastic. But although I have some minor gripes about each one, only one genuinely turned me off, and that was Mullvad.
The first sign of danger came when I downloaded Mullvad’s Mac app. It’s almost identical to their Windows app, but the Mac executable is unsigned, which is a huge security no-no because it prevents the system from verifying that the app hasn’t been tampered with. What this means is that when you first launch the app on a Mac, you’ll see a warning that it can’t be opened because it comes from an untrusted source. There are a couple of ways to get past this warning, but no reputable developer—certainly not one in the security profession—should be releasing unsigned apps to the public.
I bypassed the warning and opened the app, which was quite basic (to the point that when you click the Advanced button, extra settings are displayed in a text file you must edit by hand). Then I found that it would offer me a free trial—but only for three hours. And by the way, that doesn’t mean three hours of being connected, but rather three hours on the clock. I left for lunch before connecting the first time, came back and found I had only two hours left in my trial. Although I wasn’t surprised to be asked to authenticate (Mac) or allow the app to make changes (Windows) the first time I launched it, I was irritated to be asked again every single time I opened it.
To change exit nodes, you must open the app, click Settings, and then choose a country from a pop-up menu. Then you go to the Status tab to actually connect. Although there’s a setting for “Stop DNS leaks,” it’s deselected by default. Mullvad does offer a kill switch (“Block the internet on connection failure”), which I did not test.
Mullvad costs 5 € (about $5.60) per month, with no discounts for annual subscriptions. Throughput was fine in some tests, terrible in others; the inconsistency makes it hard to draw any conclusions about performance. But with so many other good choices, I can’t think of a single persuasive reason to recommend Mullvad.
You’ll never guess the target audience for TorGuard. (I’ll wait while you puzzle it out.) I kid, but the fact that the service so evidently caters to file sharing enthusiasts may be either a good sign or a bad sign, depending on your point of view.
TorGuard offers over 1,600 exit nodes in more than 50 countries (including China, Egypt, Indonesia, South Korea and Saudi Arabia, which relatively few VPN providers support), and has native apps for Windows, Mac, iOS and Android. (The iOS app, however, is designed only for the iPhone, so it works on an iPad but looks odd.) I had no particular setup or usage problems.
TorGuard has more customization options than most VPN apps; you can fine-tune many aspects of its behavior to your exact needs. It includes not only a general-purpose kill switch but also an option to kill specific apps (such as, you know, your BitTorrent client) when the VPN disconnects. It can also automatically run scripts before or after a connection and after a disconnection.
Like Mullvad, TorGuard had inconsistent performance in my tests. It had poor downstream throughput from a U.S. exit node, but great upstream throughput from a Swedish exit node. Go figure. On the whole, though, it got the job done.
What I found off-putting about TorGuard was a series of anomalous details that popped up in my testing. For example, four of six exit nodes I tried had IP addresses on spam blacklists, and three of them had mismatches between exit node location and DNS location. (One particularly odd case: I selected a New York exit node, and although the DNS server was indeed in New York, the IP address the system assigned me was in Utah.)
TorGuard’s review at That One Privacy Site criticizes the service for being “shady,” and although I don’t know if that’s quite the word I’d use, my subjective impression was that TorGuard actively courts users who have less than honorable intentions. All things being equal, that’s not the company I prefer to keep, and since there are so many fine alternatives at lower prices, I’m less enthusiastic about TorGuard than Express, IPVanish or even HideMyAss.
The final service I tested, VPNSecure, was a bit of a puzzler. I wanted and expected to like it, and on paper there’s a lot to recommend the service. But apart from a few small annoyances, I had one experience that I’m finding it hard to overlook.
First, the basics. You get access to 130 standard and 62 stealth exit nodes in 48 countries, including Chile, Japan, Malaysia, South Africa, United Arab Emirates and other far-flung locations. You can have up to 10 simultaneous connections, and there’s a 90-day, money-back guarantee. There’s also a free, 30-day trial (2 GB data transfer limit, and only a single U.S. exit node) and a two-day, $2 trial (with no limits on data transfer or exit nodes). And the company offers native apps for Windows, Mac, iOS and Android. All this is exactly what I expect from a top-tier company.
The Windows and Mac apps are a bit odd; it looks like it was designed for an iPhone. The window is small and weirdly flat, with no drop shadow (unlike every other Windows and Mac window)—and on a Mac, no Dock icon. Plus it’s cumbersome to navigate because everything is squished into a needlessly tiny space. Still, it has a solid set of features, including a kill switch, your choice of encryption cipher and a Stealth VPN option (which is designed to work around VPN filtering in countries such as China). The system-wide menu is all but pointless; you can use it to open the app, but not to connect, disconnect or select an exit node—all that requires clicking within the app itself. And, like Mullvad, the VPNSecure app requires you to authenticate (Mac) or agree to let the app make changes (Windows) every single time you launch it.
Although I had no particular problems with the desktop app other than the user interface gripes I mentioned, the iOS app was another story. I tried entering my credentials and got a “Connection Failed” error every time I tried to connect. Tried another iOS device, same thing. I sent email to tech support, and though the site said it would be answered within 30 minutes, it took over an hour to get a response. After quite a bit of back-and-forth, it was determined that the iOS app was rejecting my password because it contained punctuation characters. After I changed my password on the site to remove the punctuation characters (which, I must point out, were accepted both on the site and in the desktop app) and waited about 20 minutes, the mobile app finally let me log in.
But since the technician told me the app uses IPsec, I also decided to try connecting with OpenVPN Connect, which VPNSecure’s site said was possible. Unfortunately, the instructions provided on the site were woefully outdated and unworkable, as were the instructions in the OpenVPN FAQ. Only after guiding me through a series of arcane steps I never would have figured out on my own was I able to log in using OpenVPN Connect. The tech told me he’d look into updating their tutorial, but that he didn’t think there was any customer demand for that technique, which is apparently why the documentation was useless.
In all, I probably spent about three hours just trying to connect to VPNSecure on my iPad. Even though I was eventually successful (and, in fairness, their tech support staff was both competent and responsive), that whole episode left me kind of cold.
Also, I’ll just mention this in passing: Although a few of my tests with VPN providers using U.K. exit nodes left me unable to load the BBC TV website properly, VPNSecure was the only one that caused them to reject my IP as being outside the U.K. (even though every geolocation service I checked said it was in the U.K.). That was odd.
I think VPNSecure could be great with a few small tweaks to their apps (both desktop and mobile) and website. It’s close to great already and may be just fine depending on which platforms, protocols and uses you need. But for the time being, I have to give it a demerit.
So, the final breakdown of my six shortlisted services is as follows:
- Top pick: Express VPN
- Runner-up: IPVanish
- Second-tier choices: HideMyAss
- Not recommended: Mullvad, TorGuard, VPNSecure
Summary: The internet, as you may know, is not a safe place. Sure, if your online activities mainly consist of watching videos and playing games, internet security is likely not a major concern for you. But if you or your family use email, buy goods or services or post any personal details online (including on social media), your identity, money and family are at risk.
The best way to protect yourself and your family is with a Virtual Private Network (VPN). A VPN encrypts, hides and reroutes your online communications so that hackers, the government and would-be criminals can’t intercept your online activities. VPNs also have the added benefit of making your internet connection appear as though you’re logging on from anywhere in the world you want, allowing you to bypass geo-blocking software and access location-restricted videos (including Netflix) from anywhere in the world.
After conducting in-depth research into the more than 200 VPN providers on the market, the best VPN to protect yourself and your family and get access to location-restricted content is ExpressVPN ($8.25/month). It has the best mix of value-for-money, server locations around the world, responsive customer support and top-5 connection speeds to ensure you can continue to use the internet the way you want to without having to worry about undesirables stalking you around the web.
Table of Contents
- Why You Should Trust Us
- Who Is This For?
- How My Analysis Was Conducted
- Testing Methodology
- Best for Most Users: Express VPN
- Imperfections I Can Live With
- It Just Works: IPVanish
- The Competition
- What About Anonymity?
- What About Video Streaming?
- What About VPN Routers?
- Wrapping It Up
Why You Should Trust Us
Who Is This For?
In truth, this review should be useful or anyone who spends time on the internet, as internet security should be a concern for all. For anyone who is new to the concept of internet security though, this review is highly important as I’ll provide detailed analysis and explanations for what each VPN does and why it is important.
For starters, forget about the “virtual” part of the name Virtual Private Network and just think about private networks. Most companies, educational institutions and other organizations have their own internal network, which may include servers and other resources that should not be visible to just anyone who happens to start poking around on the internet. The company will use a device called a firewall to isolate the internal (or private) network from the outside (or public) network. A firewall typically lets those on the private network see all its servers as well as things on the outside internet while blocking incoming network access (or restricting it only to certain devices, such as a public web server).
This is fine for employees who are present in an office, but what does it mean for those who work from home or are traveling? Well, VPNs were originally created for this purpose. With specially configured software (and the right credentials), a remote employee can essentially bypass the firewall and connect to the internal network over the public internet. A Virtual Private Network creates an encrypted tunnel between the employee’s computer and the private network, making it safe to access private resources from the outside. This way all network traffic between an employee’s computer and the internet can flow through this private tunnel. Meaning, for all intents and purposes, a computer on a VPN server can function as if it was actually located in the protected office space.
VPNs are much more useful than that though and can be used in a variety of scenarios. A VPN can:
- Encrypt all your internet data. This means you won’t have to worry about anyone breaking into your connection, even if you’re using an open WiFi network at your local coffee shop or internet cafe. You do get what you pay for though, so while in theory, any VPN should protect your computer from nosy individuals on the internet, it is definitely better to use a well-known and established VPN.
- Change your IP address. Your computer (or mobile device) will get a new IP address, which will make it appear to be part of the local network where the VPN server is located. That will, in turn…
- Hide your location. IP addresses are assigned geographically, so anyone who knows your IP address can figure out (at least roughly) where you are. Your IP address while using a VPN will be based on where the VPN server is located though, which can protect your identity and location. Some VPN services even offer multi-layered VPN protection so your location would be rerouted several times.
These features are great, but what does that mean for you and your internet security? Here are a few benefits of a VPN:
- Protection against hackers. No matter what you’re doing online, whether working on sensitive documents or making online purchases with a credit card, you wouldn’t want this information to be available to be read or stolen by random strangers. It is not that hard today to become a hacker with off-the-shelf software, so it is in your best interest to always be wary.
- Bypass government firewalls. There are many countries across the world who’s governments have put in place restrictive internet walls. Whether you live in one such country or have to travel for work, you don’t want to be stuck without access to what you need. Using a VPN can allow someone in one such country to bypass national firewalls and reach foreign sites.
- Avoid government surveillance. Although the United States and other western countries don’t restrict outside internet access, extensive government surveillance programs mean that the NSA, FBI, CIA and other TLAs could monitor what you do online. Of course, they do this in the name of national security, but it’s easy to find examples of mistakes and blatant overreach. A VPN is no panacea here, but it can help.
- Freedom of Information. While a VPN will not by itself guarantee anonymity, it can go a long way. This is particularly helpful to journalists and those who enjoy or work with controversial and political issues. Of course, you may want to protect your anonymity for other reasons as well, which a VPN can also help with (see What About Anonymity? later in this article).
- Shift your virtual location. This is likely a more common reason than some of the others. Maybe you’re living abroad or traveling for work or play and don’t want to miss your favorite Netflix show or other streaming service. Unfortunately, these services can often be blocked or come with a different catalog depending on where you are in the world. A VPN can make it appear you’re somewhere you’re not. (But restrictions apply. See What About Video Streaming? near the end of this article.)
- Share files privately. Let’s be honest here, many of you are reading this review so you can find out how to safely protect yourself when illegally sharing or downloading content such as music and movies. Lots of people illegally share copyrighted stuff online, typically using BitTorrent or another person-to-person file sharing service. Using a VPN can make it much harder for the copyright holders (or your ISP) to identify who is doing the sharing. We’re definitely not recommending illegal activity here, but understand that it is always better to be safe than sorry.
Truthfully there are many, many more reasons why you might be able to get some use out of a VPN. Contrary to popular belief, you don’t have to be paranoid to want to make sure that you’re protected and safe. Almost anyone can benefit from the added privacy a VPN provides—especially when you’re away from your home network.
How My Analysis Was Conducted
There really are a massive number of VPNs available today. So, when I started the research, I assumed that there would be a fair amount to test. However, when I was getting close to 200, with more still popping up, I knew there had to be a better way. Rather than testing every available VPN I could find (which could take years to complete) I decided to set forth a list of criteria by which I would judge the VPNs, and eliminated all VPN choices that didn’t meet the minimum standards.
After reading countless reviews and feature comparisons, and creating my own monster spreadsheet, patterns began to emerge, which enabled me to remove numerous low-ranking VPNs. However, even after removing the ones with loads of bad reviews, terrible prices or miles of fine print and shady practices, there were still more options than I know you’d care to read about. So I had to take a rather hard line with my analysis. That means there are several truly good VPN services that didn’t make the cut (such as Cloak, NordVPN and WiTopia). It isn’t that there was anything inherently wrong with such services, but as I’m looking for the best of the best here, I had to draw the line.
Finally, after reviewing and improving my process several times, this is the list of criteria by which the VPNs have been judged. They are as follows:
- OpenVPN support. VPNs can use numerous protocols, including PPTP, IPsec (which in turn has several variations) and OpenVPN—and many VPN services support more than one protocol. OpenVPN is generally regarded as the most secure of these protocols, so I included only services that offer OpenVPN, at least optionally. (This requirement ruled out a number of services, including Hotspot Shield.)
- Unlimited bandwidth and data transfer. Most people are already paying for broadband connections, so you don’t want to be paying for a VPN on top of your current bills that will restrict your data usage. The VPNs that made our shortlist place no limitations on data transfer volume or throughput. Any VPN that will offer you a free plan with a data cap and make you pay for unlimited bandwidth usage isn’t worth your time.
- No-logging policy. VPN activity logs are a double-edged sword. One the one hand, they can help a VPN provider troubleshoot problems, track down abusive behavior and improve network efficiency. But on the other hand, logs also provide a means by which governments, big corporations, hackers and other entities can track what you do online. Although I don’t think there’s any intrinsic problem with modest, responsible logging (at least if the logs are anonymized and purged frequently), lots of VPN providers have a strict no-logging policy, and I decided to make that a criterion for my shortlist simply because it reduced the field dramatically (while leaving plenty of solid contenders). Of course, a company could be fibbing when they claim they don’t keep any logs, but a no-logging policy is at least a reasonable place to draw a line in the sand. (This choice ruled out, among many others, Astrill, Cloak, Freedome, ac and WiTopia.)
- Anonymous payments. For reasons I’ll discuss ahead, VPNs can’t promise complete anonymity. Be that as it may, if you’re trying to avoid being identified online, you might prefer not to have your real name in a VPN provider’s database at all. It’s simple enough to sign up with a fake name and a disposable email address, but if you’re required to pay by credit card or PayPal, your real name will be visible to the provider—and your bank or PayPal statement will show that you ordered VPN service. Sometimes you can work around this by using gift cards or mailing cash (yikes!), but all the providers on my shortlist accept Bitcoin, which if used judiciously is about as close to an anonymous payment system as you can get today. (This criterion ruled out providers such as Boleh, CactusVPN, Disconnect, PureVPN and VyprVPN.)
- Official support for Windows, Mac, iOS and Android (at least). There are a wide variety of platforms in use today, so I didn’t want to recommend any service that wouldn’t be available to at least the large majority of our readers. By support, I don’t necessarily mean a custom app for each platform, but at least customer service, instructions and a useable platform for every medium. (For example, if Cloak hadn’t already been ruled out for other reasons, this would have done the trick, because Cloak currently supports only Apple platforms.)
- Support for multiple concurrent connections. Not only do I have a number of computing devices, I frequently use more than one at the same time. I’m one of those guys you’ll see at a coffee shop juggling a laptop, tablet and smartphone. Most VPN providers get that people need to be connected from multiple devices at once, and let you use the same account with two or more devices simultaneously without an extra charge. (This criterion ruled out, for example, CryptoStorm.)
- First-party DNS servers. If a VPN service outsources DNS to another company, there is little to nothing stopping that other company from keeping records of your information, even if the VPN service itself does not. Since the main purpose of using a VPN is to protect your identity, location and records in the first place, putting your information out there to a third party kind of defeats the purpose. (Limiting the shortlist to companies that run their own DNS servers ruled out providers such as EarthVPN and SurfEasy.)
- No P2P blocking. VPNs are often used to provide privacy for P2P activities such as BitTorrent sharing. Some VPNs block P2P traffic (for example, to reduce bandwidth consumption or for legal reasons), but such providers didn’t make my cut. (Examples of providers that do block P2P traffic and therefore didn’t make my shortlist are LibertyVPN, SunVPN and TunnelBear.)
- Free-trials, refunds or money-back guarantees. The VPN game is a rather competitive market afer all. Like I said, your priorities may be different than the ones I had in mind while writing this review, so I only wanted to recommend VPNs that allows you the opportunity to figure out what is best for you. With this in mind, free trials (even if very brief) are great for the customer (you). Next best is an offer to refund your money after a few days or so if you’re not satisfied with the service. (Providers eliminated because they made no mention of either free trials or satisfaction-guaranteed refunds included DoubleHop, Kepard, io, SecureVPN.to and SmartVPN.)
- A minimum of one U.S. exit node. VPN providers are based in numerous countries, and there are interesting reasons (which will be explained shortly) to consider the legal jurisdiction of a provider before you sign up. Regardless of where a service is based, however, it may have exit nodes (servers at the other end of the VPN—in other words, where you’ll appear to be when you connect) in just about any country. The services I wanted to recommend though had to have at least one exit node that was located in the United States though. This was mainly because this means much faster performance for you and partially because some online purchases will be frozen if the site believes you are in a different country or can’t track your IP. (This choice ruled out providers such as BTGuard, IPredator and se.)
- No mandatory SMTP blocking. It is an unfortunate fact that one of the main reasons to use a VPN is to send spam endlessly without any repercussions. As many VPN services don’t want to be associated with this, they will block all SMTP connections (outgoing mail). What this means though is that services such as Gmail, Outlook or Apple Mail won’t work while using such VPN services. A few providers block SMTP only through some of their exit nodes or offer other workarounds if you ask nicely, but I decided to rule out those for whom SMTP is a nonstarter. (This choice knocked AceVPN, CyberGhost, FrootVPN, Invisible Browsing and SlickVPN off my list.)
By using the above criteria, I was able to whittle down our list of 200+ VPN services to a very manageable six services. They are:
This list, I must reiterate, is missing lots of great VPN providers. The criteria I used to narrow down the choices to these six were, to some extent, arbitrary, and I don’t mean to suggest that other VPNs aren’t worth considering. VPNs are used for many purposes, and if your own needs don’t include some of the criteria I listed above, you might be very happy indeed with another provider. But I think the choices above represent an excellent cross-section of inexpensive, flexible and privacy-focused providers.
My next task was to do some serious testing to pick the best of these six, see if there were notable runners-up and make sure there weren’t any duds (spoiler: there kind of were). In rough order of importance, the elements I focused on in my testing were:
- Speed: Because a VPN has to encrypt all your network traffic (and possibly route it through a server in a distant place), you’re guaranteed to get slower download and upload speeds when using a VPN; the only question is how much of a speed penalty you’ll pay. I measured each provider’s download and upload speed for exit nodes in multiple countries on both desktop and mobile platforms and compared those speeds to baseline figures I obtained just before enabling the VPN. Although speeds were highly variable (even among exit nodes in the same city, for the same provider, at the same time of day), the averages I calculated showed pretty strong patterns.
- Security Faults: I carefully checked each connection for IP address leaks, DNS leaks, and other obvious security faults. Although nearly every service passed nearly every one of these tests, I did encounter a few results that made me go “Hmmmm.”
- Ease of use: The providers on my shortlist were all over the place in terms of how simple it was to sign up, install software, configure accounts, choose an exit node and turn on the VPN service. Services that made the process obvious and took evident care to provide a clear and friendly user experience got high marks; those that required hours of painful fiddling and extensive back-and-forth with tech support got lower scores here. (I’ll note that a given service may vary in its ease of use from one platform to another.)
- Special features. Some services offer useful extra features, such as multi-hop connections, firewalls, ad blocking, on-demand activation, kill switches (to cut off your internet connection if the VPN goes down) and other niceties. The services also differed widely in the number and locations of exit nodes, the helpfulness of their websites and other more subjective factors.
Now, I understand that this may be a lot of information to handle. If you don’t necessarily care about the details and just want to find out which VPNs I rank the highest and why, feel free to skip ahead to Best For Most Users: Express VPN. However, if you’re curious about the details of our testing regimen and the statistics collected on each service, read on.
For each combination of VPN service and platform, I tested exit nodes in the United States and Sweden (since those were the only two countries represented by all six services) and also tested U.K. exit nodes in five of the six (Mullvad has no U.K. exit nodes). I did the tests once on a desktop computer and then repeated them on an iPad and mobile device.
Each testing session began with baseline measurements of upload and download speeds. I used sites such as Speedtest.net (with a fixed host in New York City) and SpeedOf.me (with a variable host based on the location of the VPN endpoint) and then averaged the two results. The home broadband connection used theoretically offers 200 Mbps downstream throughout and 20 Mbps upstream, but actual performance varies from moment to moment. With this in mind, all services were tested multiple times to ensure continuity and fairness throughout the comparison process.
After a baseline check, I opened a VPN app, connected to a U.S. exit node and repeated the pair of speed checks. Note that the table below does not list absolute speeds, which are highly variable. Rather, it shows throughput as a percentage of the baseline. For example, if I was able to get 100 Mbps download speeds without a VPN and 70 Mbps with the VPN enabled, I considered the VPN’s throughput to be 70 percent of what the connection is capable of at that moment.
Among other things, these sites enabled me to confirm that our ISP-assigned IP address was not visible to other servers, verify that I was using DNS servers specified by the VPN and check the geographical location of both the VPN and DNS servers. I then repeated all these tests for U.K. and Swedish exit nodes. Following this, I went through the entire process again using iOS and input all our calculations and data again in our spreadsheets. This process was slightly harder as SpeedOf.me continuously crashed on iOS, so Speedtest.net was mainly used for this aspect of our analysis.
OpenVPN is generally considered the most secure VPN protocol, but strangely, no major platform had built-in support of OpenVPN, despite maintaining native support for other the other platforms. Due to security concerns, Apple has discontinued PPTP support in macOS 10.12 Sierra and iOS 10, so I had to use other methods here.
With the exception of HideMyAss, which offers no software of its own, all the VPN providers tested provide custom OpenVPN apps for both Windows and OS X. They also work with third-party OpenVPN clients, such as OpenVPN GUI (Windows), Tunnelblick (Mac) and Viscosity (Windows and Mac).
On iOS and Android, the situation was a little more complicated though. Private Internet Access, TorGuard and VPNSecure offer native iOS and Android apps, but the iOS versions of all three use the IPsec protocol, rather than OpenVPN (in an apparent trade-off between security and functionality, given the API restrictions Apple imposes on third-party VPNs). On both platforms, you also have the option of using a third-party app called OpenVPN Connect (Mac/Android) to connect to any of the providers using OpenVPN, but because that app is more complicated to set up, I opted to use the native apps for the providers that offered them.
While I originally hypothesized that the VPN custom apps would be superior to generic third-party apps, that wasn’t necessarily true. While it was true that native apps were much more user friendly and easily-configured at first, over time some of them fell behind apps such as Tunnelblick and OpenVPN. This will be discussed further in Connectivity.
With that background, here are our findings tables:
|VPN Service||HideMyAss||IPVanish||Mullvad||Express VPN||TorGuard||VPNSecure|
|Price per Month (Annual)||$9.29||$7.50||$9.60||$8.25||$11.54||$8.30|
|1 Month Only Subscription||$16.99||$15.00||$5.60 (5 €)||$12.99||$12.99||$9.95|
|Free Trial||No||No||Yes—3 hours||No||No||Yes—30 days, 1 U.S. server, 2 U.K.|
|Refund Period (Days)||7 (not for 1 month or Bitcoin)||7||0||30||7||90|
|Based In||Sweden||Gibraltar||Sweden||Hungary||USA (parent company in Nevis)||Australia|
|Countries with Exit Nodes||3||12||6||36||50+||48|
|Number of Servers||24||21||not stated||3,343+||1,600+||62|
|SMTP Blocked||No||No||Yes||Yes (whitelist by request)||Yes (whitelist by request)||No|
|VPN Router Support||No||Yes||No||Yes||No||Yes|
|DESKTOP APP TESTS|
|U.S.: Downstream Throughput||43.02%||38.84%||20.66%||73.36%||13.46%||54.01%|
|U.S.: Upstream Throughput||42.47%||57.96%||37.80%||68.04%||64.52%||58.03%|
|U.K.: Downstream Throughput||20.74%||7.26%||N/A||24.21%||9.12%||4.60%|
|U.K.: Upstream Throughput||29.83%||16.55%||N/A||34.96%||20.48%||11.85%|
|U.K.: BBC TV Streaming Test||OK||OK||N/A||OK||OK||page wouldn’t load|
|Sweden: Downstream Throughput||19.25%||5.15%||10.82%||13.85%||8.58%||14.59%|
|Sweden: Upstream Throughput||30.75%||4.74%||28.08%||31.17%||22.97%||12.85%|
|Exit Node/DNS Mismatches||Yes||No||No||No||Yes||Yes|
|Special Features||N/A||Autoconnect when using insecure WiFi networks|
VPN Firewall (kill switch)
|Kill switch||Ad blocker|
|Kill switch (global)|
Kill switches (individual apps)
|MOBILE APP TESTS|
|iOS App||No||No||No||Yes (IPsec)||Yes (IPsec)||Yes (IPsec)|
|U.S.: Downstream Throughput||21.85%||83.59%||24.70%||90.49%||80.19%||89.05%|
|U.S.: Upstream Throughput.||54.56%||92.43%||90.25%||93.27%||92.56%||78.67%|
|U.K.: Downstream Throughput||17.05%||14.81%||N/A||40.74%||33.60%||7.50%|
|U.K.: Upstream Throughput||23.95%||54.13%||N/A||27.09%||0.08%||16.03%|
|U.K.: BBC TV Streaming Test||OK||OK||N/A||page wouldn’t load||OK||NO|
|Sweden: Downstream Throughput||5.67%||1.68%||5.19%||10.26%||6.56%||16.84%|
|Sweden: Upstream Throughput||29.41%||22.70%||46.94%||28.75%||48.78%||38.09%|
|Exit Node/DNS Mismatches||No||No||No||Yes||Yes|
It is important to remember though that many of these tests will be based on individual circumstances, so if you were to run the same tests you may experience different results than our own. Some of the reasons as to why are:
- Your system and network. Aspects such as your WiFi or Ethernet connection, operating system and version, and current network traffic can all affect your VPN’s performance. There are other factors as well such as your broadband connection, router configuration and numerous others.
- Exit node choice. Depending on the provider, you may be able to choose a specific server as the exit node, or just a region (such as a city or country), with the server assigned dynamically. In many cases, VPN performance varies wildly from one region to the next, and even two servers in the same datacenter can yield much different results depending on their current workload. If you disconnect and reconnect immediately, your performance might be much better or much worse.
- Type of traffic. Our speed tests mainly consisted of downloading and uploading smaller files, if you’re moving much larger files, playing games or streaming videos, the results could differ.
The reasons above were why I knew I needed to recommend VPNs that offer free trials or refunds. In truth, the best way to judge a VPN performance is to test it out on the daily tasks you perform so that you know it works well with your equipment and network.
What About Anonymity?
The websites and marketing materials for certain VPN services make bold (and highly misleading) claims that by connecting to a VPN, you’re guaranteed complete anonymity online. And indeed, there is a popular notion that since your IP address is altered, your location is hidden and your DNS lookups and traffic are encrypted, it must be impossible for anyone to find out who you are or what you have been doing online while connected to a VPN.
Sorry to say, that just isn’t so. A VPN can certainly help you hide your identity—from some people in some situations—but it is not a complete or bulletproof solution. Even with a VPN, there are numerous ways a sufficiently resourceful attacker could learn (or at least infer) your identity.
What a VPN can offer is privacy, which is different from anonymity. For example, suppose the presidents of two major countries got together for a closed-door meeting. Everyone knows who they are and where they are—there are reporters and cameras right outside, after all—so they’re not anonymous. But unless the room is bugged, they have privacy, which means the content of their meeting is just between the two of them.
In the same way, privacy online means an outside party won’t know the content of the information you send or receive. But as the articles above explain, that doesn’t mean no one can ever figure out that someone at your address or using your computer visited a certain site at a certain time.
Obviously, there’s a difference in complexity between hiding your online activities from your boss or spouse and hiding them from the FBI. A VPN might well be all you need for the former, but it won’t get you far with the latter. (And sorry, but that’s something I can’t help you with.)
What About Video Streaming?
One reason people like to use VPNs to disguise their location is so they can watch streaming video from other countries, despite geo-blocking (geographical restrictions the streaming providers put in place to ensure that only people living in the “right” places can see their content). I can’t speak to the legality of bypassing geographical restrictions, but I can say that on a technical level, your ability to succeed is almost entirely dependent on the skill and tenacity of the provider.
Some services, such as Netflix, are very against the idea of VPNs and have worked hard to fight against them, thankfully not very successfully. Other services, however, are less draconian in their blocking measures. I’ve successfully streamed Hulu over a VPN (with a U.S. exit node) for example, and as I mentioned earlier, most of the VPN services I tried allowed me to stream BBC TV when using a U.K. exit node. Most individual U.S. TV networks also take less restrictive approaches to blocking than Netflix does. Needless to say, all this could change at any time. But then geo-blocking is one of the reasons so many people turn to torrents for their video content—which is in turn, another reason for using a VPN.
What About VPN Routers?
If you have a computer, tablet or smartphone that can run VPN software, there are plenty of great choices. But what about other internet-connected devices in your home or office—your smart TV, DVR, media streamer, Blu-ray player, game console, smart home products and other devices that can’t run a VPN client?
To solve problems such as this—or simply to make your life easier by routing all your internet traffic through a VPN so you don’t have to fiddle with each device individually—you can use a VPN router, which is to say an ordinary router that’s been flashed with firmware that lets it connect to VPN services. Connect your router to the VPN, and presto! Every device that connects to the router (by WiFi or Ethernet) also uses the VPN for all its traffic.
There are others too—some sold by VPN providers themselves. However, note that these routers don’t work globally with all VPN providers. You should choose a provider whose service is already integrated into the router, and in some cases, you’ll need a special subscription for the router, different from a standard subscription. Of the six services I tested, Express, IPVanish and VPNSecure offer router integrations. (For what it’s worth, so does WiTopia.)
Wrapping It Up
Even if you’re not engaging in what you think of as risky behavior online, ninety-nine bucks (give or take) a year and a couple of clicks, is a small price to pay for the extra protection a VPN offers. If you find a VPN to be too slow or inconvenient for constant use, at least turn it on when using public WiFi networks. It won’t guarantee perfect anonymity, and it won’t necessarily protect you from sophisticated, targeted attacks, but it will prevent you from being the low-hanging fruit that attackers go after first.
I was truly so highly impressed by Express in my testing that I decided to switch to them as my own VPN provider. I think you’ll like them too and encourage you to give them a try. When it comes to online privacy, you can’t have everything, but something is definitely better than nothing.
If you want to protect yourself and your family and get around around geo-blocking, you can get ExpressVPN here.