VPN (virtual private network)

File Extensions and File Formats

VPN – virtual private network
While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes making it much, much harder to track. A VPN is also a service that will only become more important as our more of our devices become connected. Automatic IP address cycling. A virtual private network VPN extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Keep in mind, however, that some VPN services specifically forbid the use of their services for copyright infringement. These networks are not considered true VPNs because they passively secure the data being transmitted by the creation of logical data streams. This means the traffic will be unencrypted, but also accessible locally.

Navigation menu

The Best VPN Services of 2018

Some journalists and political activists rely on VPN services to circumvent government censorship and safely communicate with the outside world. Check the local laws before using a VPN in China , Russia, Turkey, or any country with with repressive internet policies.

Others restrict such activity to specific servers. Learn the company's terms of service—and the local laws on the subject. That way you can't complain if you run into trouble. It is also possible emphasis on "possible" that VPNs may be able to save net neutrality repeal. For those who are unaware, net neutrality is the much-discussed concept that ISPs treat web services and apps equally, and not create fast lanes for companies that pay more, or require consumers to sign up for specific plans in order to access services like Netflix or Twitter.

That said, an obvious response would be to block or throttle all VPN traffic. We'll have to see how this plays out. The VPN services market has exploded in the past few years, and a small competition has turned into an all-out melee. Many providers are capitalizing on the general population's growing concerns about surveillance and cybercrime, which means it's getting hard to tell when a company is actually providing a secure service and when it's throwing out a lot of fancy words while selling snake oil.

It's important to keep a few things in mind when evaluating which VPN service is right for you: Don't just focus on price or speed, though those are important factors.

In fact, not all VPN services require that you pay. Several services we've listed here also have free VPN offerings. You tend to get what you pay for, as far as features and server locations go, but if your needs are basic, a free service can still keep you safe.

Some VPN services provide a free trial, so take advantage of it. Make sure you are happy with what you signed up for, and take advantage of money-back guarantees if you're not. This is actually why we also recommend starting out with a short-term subscription—a week or a month—to really make sure you are happy.

Yes, you may get a discount by signing up for a year, but that's more money at stake should you realize the service doesn't meet your performance needs. Most users want a full graphical user interface for managing their VPN connection and settings, though a few would rather download a configuration file and import it into the OpenVPN client.

Most VPN companies we have reviewed support all levels of technological savvy, and the best have robust customer support for when things go sideways. If you're using a service to route all your internet traffic through its servers, you have to be able to trust the provider. It's easier to trust companies that have been around a little longer, simply because their reputation is likely to be known.

But companies and products can change quickly. Today's slow VPN service that won't let you cancel your subscription could be tomorrow's poster child for excellence.

We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.

Since we last tested VPNs, we've given special attention to the privacy practices of VPN companies and not just the technology they provide. In our testing, we read through the privacy policies and discuss company practices with VPN service representatives.

What we look for is a commitment to protect user information, and to take a hands-off approach to gathering user data. As part of our research, we also make sure to find out where the company is based and under what legal framework it operates. Some countries don't have data-retention laws, making it easier to keep a promise of "We don't keep any logs. The best VPN services have a privacy policy that clearly spells out what the service does, what information it collects, and what it does to protect that information.

Some companies explain that they collect some information, but don't inform you about how they intend to use that information. Others are more transparent. While a VPN can protect your privacy online, you might still want to take the additional step of avoiding paying for one using a credit card, for moral or security reasons.

Several VPN services now accept anonymous payment methods such Bitcoin, and some even accept retailer gift cards. Both of these transactions is about as close as you can get to paying with cash for something online.

That Starbucks gift card may be better spent on secure web browsing than a mediocre-at-best latte. A tool is only useful when it's used correctly, after all. For that, you'll want to access the Tor network , which will almost certainly slow down your connection. While a VPN tunnels your web traffic to a VPN server, Tor bounces around your traffic through several volunteer nodes making it much, much harder to track. Using a VPN will prevent most kinds of DNS attacks that would redirect you to a phishing page, but a regular old page made to look like a legit one in order to trick you into entering your data can still work.

Some VPNs, and most browsers, are pretty good about blocking phishing pages, but this attack still claims too many victims to be ignored. In addition to blocking malicious sites and ads, some VPNs also claim to block malware.

We don't test the efficacy of these network-based protections, but most appear to be blacklists of sites known to host malicious software. That's great, but don't assume it's anywhere near as good as standalone antivirus. Use this feature to complement, not replace, your antivirus. Lastly, keep in mind that some security conscious companies like banks may be confused by your VPN.

If your bank sees you logging in from what appears to be another US state or even another country, it can raise red flags. Some important things to look for when shopping for a VPN are the number of licenses for simultaneous connections that come with your fee, the number of servers available, and the number of locations in which the company has servers. It all comes down to numbers. Most VPN services allow you to connect up to five devices with a single account.

Any service that offers fewer connections is outside the mainstream. Keep in mind that you'll need to connect every device in your home individually to the VPN service, so just two or three licenses won't be enough for the average nested pair. Note that many VPN services offer native apps for both Android and iOS, but that such devices count toward your total number of connections.

Of course, there are more than just phones and computers in a home. Game systems, tablets, and smart home devices such as light bulbs and fridges all need to connect to the internet. Many of these things can't run VPN software on their own, nor can they be configured to connect to a VPN through their individual settings. In these cases, you may be better off configuring your router to connect with the VPN of your choice.

By adding VPN protection to your router, you secure the traffic of every gadget connected to that router. And the router—and everything protected by it—uses just one of your licenses.

Nearly all of the companies we have reviewed offer software for most consumer routers and even routers with preinstalled VPN software, making it even easier to add this level of protection. When it comes to servers, more is always better. More servers mean that you're less likely to be shunted into a VPN server that is already filled to the brim with other users. But the competition is beginning to heat up. Last year, only a handful of companies offered more than servers, now it's becoming unusual to find a company offering fewer than 1, servers.

The number and distribution of those servers is also important. The more places a VPN has to offer, the more options you have to spoof your location! More importantly, having numerous servers in diverse locales means that no matter where you go on Earth you'll be able to find a nearby VPN server.

The closer the VPN server, the better the speed and reliability of the connection it can offer you. Remember, you don't need to connect to a far-flung VPN server in order to gain security benefits. For most purposes, a server down the street is as safe as one across the globe. In the most recent round of testing, we've also looked at how many virtual servers a given VPN company uses. A virtual server is just what it sounds like—a software-defined server running on server hardware that might have several virtual servers onboard.

The thing about virtual servers is that they can be configured to appear as if they are in one country when they are actually being hosted somewhere else. That's an issue if you're especially concerned about where you web traffic is traveling. It's a bit worrisome to choose one location and discover you're actually connected somewhere else entirely.

We have often said that having to choose between security and convenience is a false dichotomy, but it is at least somewhat true in the case of VPN services. When a VPN is active, your web traffic is taking a more circuitous route than usual, often resulting in sluggish download and upload speeds as well as increased latency.

The good news is that using a VPN probably isn't going to remind you of the dial-up days of yore. Most services provide perfectly adequate internet speed when in use, and can even handle streaming HD video. However, 4K video and other data-intensive tasks like gaming over a VPN are another story. And nearly every service we have tested includes a tool to connect you with the fastest available network.

Of course, you can always limit your VPN use to when you're not on a trusted network. When we test VPNs, we use the Ookla speed test tool. This test provides metrics for latency, download speeds, and upload speeds. Any one of these can be an important measurement depending on your needs, but we tend to view the download speed as the most important.

After all, we live in an age of digital consumption. Our speed tests stress comparison and reproducibility. That means we stand by our work, but your individual results may vary. After all, perhaps you live on top of a VPN server, or just happen to have a super-high bandwidth connection. It doesn't take the top spot in all of our tests, but has remarkably low latency and had the best performance in the all-important download tests.

Fittingly, it offers many add-ons such as dedicated IP addresses that, along with its speed, will appeal to the BitTorrent users it is designed to protect.

Borders still exist on the web, in the form of geographic restrictions for streaming content. The rest of the world, not so much. But if you were to select a VPN server in the UK, your computer's IP address would appear to be the same as the server, allowing you to view the content.

The trouble is that Netflix and similar video streaming services are getting wise to the scam. In our testing, we found that Netflix blocks streaming more often than not when we were using a VPN.

There are a few exceptions, but Netflix is actively working to protect its content deals. VPNs that work with Netflix today may not work tomorrow. Netflix blocking paying customers might seem odd, but it's all about regions and not people. Just because you paid for Netflix in one place does not mean you're entitled to the content available on the same service but in a different location.

Media distribution and rights are messy and complicated. You may or may not agree with the laws and terms of service surrounding media streaming, but you should definitely be aware that they exist and understand when you're taking the risk of breaking them.

Netflix, for its part, lays out how that it will attempt to verify a user's location in order to provide content in section 6c of its Terms of Use document. If you don't know what Kodi is, you're not alone. However, an analysis of searches leading to our site reveals that a surprising number of you are, in fact looking for VPN that works with the mysterious Kodi.

With Kodi, you can access your media over a local connection LAN or from a remote media server, if that's your thing. This is, presumably, where concerns about VPN enter the picture. A device using a VPN, for example, will have its connection encrypted on the local network. You might have trouble connecting to it. Using Chromecast on a VPN device just doesn't work, for example. Kodi users might have the same issue. For local VPN issues, you have a couple of options.

Alternatively, many VPN services offer browser plug-ins that only encrypt your browser traffic. That's not ideal from a security perspective, but it's useful when all you need to secure is your browser information. Some, but not all, VPN services will let you designate specific applications to be routed outside the encrypted tunnel.

This means the traffic will be unencrypted, but also accessible locally. If you're trying to connect to a remote media source with Kodi, a VPN would likely play a different role. It might, for example, prevent your ISP from determining what you're up to. It might also be useful if you're connecting to a third-party service for Kodi that allows streaming of copyright-infringing material.

Keep in mind, however, that some VPN services specifically forbid the use of their services for copyright infringement. When we test VPNs, we generally start with the Windows client. This is often the most complete review, covering several different platforms as well as the service's features and pricing in depth. That's purely out of necessity, since most of our readers use Windows although this writer is currently using a MacBook Air.

We periodically upgrade to a newer machine, in order to simulate what most users experience. But as you can see from the chart at the top, however, Windows is not the only platform for VPNs. The Android mobile operating system, for example, is the most widely used OS on the planet. Early data networks allowed VPN-style remote connections through dial-up modem or through leased line connections utilizing Frame Relay and Asynchronous Transfer Mode ATM virtual circuits, provided through networks owned and operated by telecommunication carriers.

These networks are not considered true VPNs because they passively secure the data being transmitted by the creation of logical data streams. VPNs can be either remote-access connecting a computer to a network or site-to-site connecting two networks. In a corporate setting, remote-access VPNs allow employees to access their company's intranet from home or while travelling outside the office, and site-to-site VPNs allow employees in geographically disparate offices to share one cohesive virtual network.

A VPN can also be used to interconnect two similar networks over a dissimilar middle network; for example, two IPv6 networks over an IPv4 network. VPNs cannot make online connections completely anonymous, but they can usually increase privacy and security. To prevent disclosure of private information, VPNs typically allow only authenticated remote access using tunneling protocols and encryption techniques.

Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords , biometrics , two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.

Tunneling protocols can operate in a point-to-point network topology that would theoretically not be considered as a VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes.

But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols.

Depending on whether a provider-provisioned VPN PPVPN [ clarification needed ] operates in layer 2 or layer 3, the building blocks described below may be L2 only, L3 only, or combine them both. A device that is within a customer's network and not directly connected to the service provider's network. C devices are not aware of the VPN.

Sometimes it is just a demarcation point between provider and customer responsibility. Other providers allow customers to configure it. A PE is a device, or set of devices, at the edge of the provider network which connects to customer networks through CE devices and presents the provider's view of the customer site. A P device operates inside the provider's core network and does not directly interface to any customer endpoint.

It might, for example, provide routing for many provider-operated tunnels that belong to different customers' PPVPNs. Its principal role is allowing the service provider to scale its PPVPN offerings, for example, by acting as an aggregation point for multiple PEs. P-to-P connections, in such a role, often are high-capacity optical links between major locations of providers.

VLANs frequently comprise only customer-owned facilities. Whereas VPLS as described in the above section OSI Layer 1 services supports emulation of both point-to-point and point-to-multipoint topologies, the method discussed here extends Layer 2 technologies such as EtherIP has only packet encapsulation mechanism.

It has no confidentiality nor message integrity protection. It may support IPv4 or IPv6. This section discusses the main architectures for PPVPNs, one where the PE disambiguates duplicate addresses in a single routing instance, and the other, virtual router, in which the PE contains a virtual router instance per VPN.

The former approach, and its variants, have gained the most attention. RDs disambiguate otherwise duplicate addresses in the same PE. By the provisioning of logically independent routing domains, the customer operating a VPN is completely responsible for the address space. Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization.

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. From the security standpoint, VPNs either trust the underlying delivery network, or must enforce security with mechanisms in the VPN itself. Unless the trusted delivery network runs among physically secure sites only, both trusted and secure models need an authentication mechanism for users to gain access to the VPN.

Users utilize mobile virtual private networks in settings where an endpoint of the VPN is not fixed to a single IP address , but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points. Increasingly, mobile professionals who need reliable connections are adopting mobile VPNs. A conventional VPN can not withstand such events because the network tunnel is disrupted, causing applications to disconnect, time out, [30] or fail, or even cause the computing device itself to crash.

Instead of logically tying the endpoint of the network tunnel to the physical IP address, each tunnel is bound to a permanently associated IP address at the device. The mobile VPN software handles the necessary network-authentication and maintains the network sessions in a manner transparent to the application and to the user. With HIP a mobile host maintains its logical connections established via the host identity identifier while associating with different IP addresses when roaming between access networks.

With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques. Supported devices are not restricted to those capable of running a VPN client.

Many router manufacturers supply routers with built-in VPN clients. Setting up VPN services on a router requires a deep knowledge of network security and careful installation.

Privacy, Security and Encryption