22

There's a lot of VPN providers out there. Some are free, some are for a fee, some report logs to the government, some inject ads into your HTTP, some are in other countries, you might not have any real promise of security when using these services.

How do you go about shopping for a VPN provider that won't just sell or give away your data? What criteria should I use? Is setting up my own VPN through a web host somewhere a more secure option?

Henry WH Hack v3.0
  • 2,137
  • 2
  • 24
  • 37
Incognito
  • 5,214
  • 5
  • 28
  • 31
  • Other have provide OpenVPN as a solution, if you looking for a more simplified solution, you could consider a small Firewall Appliance such as Sonicwall, Cisco, etc. You can usually get them for $200-$500 w/o subscriptions and come with VPN access ready. – Shane Andrie Aug 25 '15 at 15:02
  • Not an answer but this site is helpful for comparing VPN providers https://thatoneprivacysite.net – n00b Mar 14 '17 at 14:27

9 Answers9

7

First you should ask your self: What advantage does a VPN provider have over providing your own with something like OpenVPN? If you are paranoid you could get a Virtual private Server(VPS) host. Other than that I would make sure that the service was fast, cheap and wasn't in the news for a security breach.

rook
  • 47,004
  • 10
  • 94
  • 182
  • 7
    "not in the news", they could change their name so age of the company is probably a factor as well. – Stephen Paulger May 20 '11 at 10:47
  • 2
    Setting up openvpn on a VPS won't really help in terms of anonymity, unless the VPS in itself is anonymous. – ashwoods Jan 06 '13 at 06:04
  • 1
    @rook, Uhhmm, anonymity is like the reason >95% of people wanting a VPN provider use it. OpenVPN is typically employed by companies, not the common user who wants to [hidemyass](https://www.hidemyass.com/). – Pacerier May 21 '15 at 21:05
  • 1
    @Pacerier It's not a great idea to link to a scam like HMA. I'm not a fan of VPNs (when used for anonymity) in general, but HMA is a whole different issue. – forest Dec 19 '17 at 03:52
7

If you are concerned about government eavesdropping, then you might take national privacy laws and the political situation into consideration, i.e. choose VPN providers unlikely to cooperate with local authorities. Cablegate revealed that some countries cooperated with the U.S. more than others, for example. Sweden played lapdog. Austria annoyed the U.S. etc.

As an aside, you should consider using HTTPS Everywhere whether using a VPN or not. HTTPS Everywhere has become the default in the Tor Browser Bundle.

Jeff Burdges
  • 837
  • 5
  • 9
  • 1
    Any sources would help please. Sweden is really that shameless? – Pacerier May 21 '15 at 21:07
  • Yes, Sweden really is that bad. I have no idea why they've gotten such an ill-founded reputation as being a privacy haven. Perhaps because it's where The Pirate Bay originated, and it took their government a long time to go after it? Regardless, they are an extremely surveillance-heavy country which monitors everything entering and leaving their national infrastructure. – forest Dec 30 '17 at 11:31
4

I'd definitely pick foreign VPN and make sure that they have a clear zero log policy.

Her's an interesting read:

http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

buntul
  • 321
  • 2
  • 6
  • 1
    They could be scamming you for all you know. Indeed, **how would you verify** whether logs are kept? – Pacerier May 21 '15 at 21:08
  • You don't. Even if you do (e.g. you personally know the administrator and he releases public pentesting reports), the ISP [can still correlate your activity](https://security.stackexchange.com/questions/175179/could-logless-vpns-be-traced/175186#175186). – forest Dec 19 '17 at 03:50
2

Go to this TorrentFreak page, choose two providers, and run one VPN through the other using two separate machines, or create a virtual machine on one PC so you can run one VPN through the other. Will cost as little as ten dollars a month. This setup will give most people privacy. But if you're someone the government is looking at, then nothing will really work. If you're in Iran, or China, or somewhere else where they will kill ya, it will be best for you to just stay quiet.

TildalWave
  • 10,801
  • 11
  • 46
  • 85
  • Does running two VPNs one over then other really work? How many layers is the limit, Would three work? – Pacerier May 21 '15 at 21:10
1

Deciding on a VPN is really a matter of trust, hence setting up your own is probably the safest, but also the most involved. Even a home-grown VPN has problems, for example it won't allow you to get around region restrictions (watching Hulu from outside the US if you don't live in the US or have access to a server in the US), or there is a problem reaching the machine you used to setup your own VPN.

Based on my experience the best strategy is to decide first what you need the VPN for and what level of privacy you need (or want). Generally speaking a no-log VPN is more private than one that logs information, so read the T&C and Privacy Policy. You can find a good primer at http://vpnverge.com/why-no-log-vpn/ for more details about how to choose a no-log VPN.

Reviews are often tricky, unless you already trust the site or reviewer. I found that many review sites simply rehash reviews other's did, add a picture and done. Many VPN provider's websites are misleading and dazzle you with things that make little difference. One thing I like to do is to contact their support and see how fast I get a response and how good the response is.

I have tested a bunch of logging and non-logging VPNs, so feel free to get in touch!

user29436
  • 11
  • 2
  • Please answer ["how to verify logging"](http://security.stackexchange.com/questions/3973/how-do-i-pick-a-vpn-provider#comment150184_19490). Also, which VPN do you use? Do you [layer](http://security.stackexchange.com/questions/3973/how-do-i-pick-a-vpn-provider#comment150186_38862) them? – Pacerier May 21 '15 at 21:14
1

I would set up my own OpenVPN box.

If you want to be secure on the road (vpn for open hotspots for example) you could just set up openvpn on a openwrt router at home and relay your traffic through that.

If you want to use a VPN to disguise your home internet connection you should really think hard about why you want to do that and from whom you want to hide. Every VPN Provider/Server hoster can be infiltrated, hacked or forced by legal intervention to give away your identity...

  • 1
    OpenVPN doesn't hide your ass http://security.stackexchange.com/questions/3973/how-do-i-pick-a-vpn-provider#comment150181_3974 . – Pacerier May 21 '15 at 21:09
1

The 2013 update from TorrentFreak is probably the best starting point. Most of the "best VPN" sites are misleading at best. I just finished an article about this question, but it's not online yet, and anyway I'd probably get negged for posting the link.

mirimir
  • 726
  • 4
  • 11
0

Here are some things to look for:

  • Paid
  • TOS/privacy policy does not log (not like this means much)
  • Good reputation
  • No breaches nor bad publicity
  • Find some reviews (like torrentfreak did reviews on VPN providers)

Now importantly ensure the servers are offshore, so not EU, America, Canada, Australia etc... Ensure it's a privacy friendly country, with good laws.

Ensure nobody that works at the company is located in any of the above countries either.

k1308517
  • 1,272
  • 14
  • 27
0

depending on situation and your goals answer may range from "all providers that you do not control can sell you out" to "any provider that 'fast, cheap and wasn't in the news for a security breach' will do" :)

In extreme case when you want to be 100% sure you are safe and no one watching/changing your traffic, own VPN server is not more secure. you need end to end encryption. HTTPS, SSH, etc.

Vitaly Nikolaev
  • 291
  • 1
  • 2