this post was submitted on 10 Oct 2025
489 points (97.7% liked)

Privacy

42553 readers
478 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
489
VPN Comparison 2.0 (lemmy.ml)
submitted 4 days ago* (last edited 4 days ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml
148 comments fedilink hide all child comments
 

VPN Comparison

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

Notes

  • I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
  • Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
  • Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
  • Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
  • The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
  • Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
  • All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
  • Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
  • Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

  • If you don't mind the speed cost, Tor is a really good option to protect your IP address.
  • If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
  • If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

top 50 comments
sorted by: hot top controversial new old
[–] bowreality@lemmy.ca 1 points 2 hours ago

Thanks so much! I am looking for a new one because my current one is expensive and of questionable ownership haha.

[–] conspiracypentester@lemmy.world 1 points 1 day ago

Where does AzireVPN stand?

[–] rirus@feddit.org 41 points 4 days ago (3 children)

PIA isnt independent, its by a Israeli spyware company, that owns multiple VPN Review sites and VPN services . Remove it from the list.

[–] mnemonicmonkeys@sh.itjust.works 41 points 3 days ago

No, don't rrmove it from the list. Make a note acknowledging the issue so others see it

[–] loxdogs@lemmy.wtf 1 points 2 days ago

I read from somewhere that mullvad is owned by two israeli guys. Dont remember the names, but I was told, that it's written on a frontpage or smth.

[–] BlueRhinos@lemmy.dbzer0.com 9 points 3 days ago (1 children)

Whoa for real??

[–] GnuLinuxDude@lemmy.ml 32 points 3 days ago* (last edited 3 days ago)

Yes. The owner/developer is Kape technologies, an Israeli spyware/adware company.

To quote from cnet

For maximum privacy, I recommend VPN providers with a jurisdiction outside of Five Eyes and other international intelligence-sharing agreements -- that is, one headquartered outside of the US, UK, Australia, New Zealand and Canada. So it initially seems like a positive sign that, while CyberGhost has offices in Germany, it's headquartered in Romania. German entrepreneur Robert Knapp says he founded the $114,000 startup on the back of low-wage Bucharest labor before flipping it for $10.5 million in 2017.

The issue is who he sold it to -- the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users' browsers via malware injection, redirect traffic to advertisers and slurp up private data.

Crossrider was so successful it ultimately drew the gaze of Google and UC Berkeley, which identified the company in a damning 2015 study. (You can read the Web Archive version of that document.)

This practice, commonly called traffic manipulation, is condemned web-wide. And the only difference between it and one of the oldest forms of cyberattack, called man-in-the-middle (MitM), is that you clicked "agree" on the terms and conditions.

Whether or not PIA or ExpressVPN or the other providers owned by Kape fulfill this data scraping and ad-serving pipeline in my mind is irrelevant. Choosing to do business with them rewards bad actors when there are other VPN sellers who don't have such a tainted lineage.

[–] dirtySourdough@lemmy.world 23 points 3 days ago

OP this is a big improvement from your previous post. It's an excellent starting point for folks who are looking to start using a VPN. There's a lot of constructive criticism in here, which is good, but might be discouraging. Just know that this is already very useful for many people.

[–] kami@lemmy.dbzer0.com 31 points 4 days ago (6 children)

Why isn't F-Droid included in the Availability section?

load more comments (6 replies)
[–] thermogel@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

How does Obscura compare? @Charger8232@lemmy.ml They're pretty innovative imo. Its cool that VPNs are doing new stuff, like Mullvad's DAITA.

[–] Corridor8031@lemmy.ml 20 points 4 days ago

For anyone who considers getting the tor vpn android app "Tor VPN is beta software. Do not rely on it for anything other than testing. It may leak information and should not be relied on for anything sensitive" (it is a disclaimer from their website)

Thank you for adding the created date column and making sweden green

[–] DieserTypMatthias@lemmy.ml 12 points 3 days ago

Tor isn't a VPN. It's a proxy.

[–] Echolynx@lemmy.zip 10 points 3 days ago

Mullvad also ran some pretty quirky ads on our public transit. I hadn't been that familiar with them, but it did heighten my awareness, and they seem pretty fine.

[–] abominable_panda@lemmy.world 23 points 4 days ago (17 children)

Is it worth stating which companies own which vpns? I saw a TIL that mentions a select few companies own most VPNs

load more comments (17 replies)
[–] whoopee@hispagatos.space 3 points 2 days ago

@Charger8232 as a NymVPN user I would add that I got 2 years of service paying in crypto for $50
Also this post is from Lemmy, so I retooted a Lemmy post

[–] beSyl@slrpnk.net 4 points 3 days ago* (last edited 3 days ago) (1 children)

It is a bit sad and unexpected that AirVPN has not been audited...

[–] dogs0n@sh.itjust.works 4 points 2 days ago* (last edited 2 days ago)

It's not entirely a big deal to me.

I think I agree with the staff reply on this thread: https://airvpn.org/forums/topic/56799-audits/

Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

[–] Telorand@reddthat.com 28 points 4 days ago (3 children)

PIA does not have WireGuard configs available. To get those, you have to use third-party tools to capture and generate the necessary info. Otherwise, you have to use their client, or else no WireGuard.

Users have been asking for years (since 2018, I think), and they've never provided them.

[–] Chulk@lemmy.ml 46 points 4 days ago

PIA was also purchased by the Israeli company, Kape Technologies, which is tied to Unit 8200. If your concern is privacy, I would recommend do against it.

The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA “.

load more comments (2 replies)
[–] null_dot@lemmy.dbzer0.com 30 points 4 days ago (3 children)

I've been using one of these since forever and it just works. Should I look at the others?

I don't want this to be a "I use x and its the best" type comment so I won't say which one.

I only use wireguard and wouldn't touch openvpn just because it seems so complex in comparisson.

The price is fine, the speed is fine, wireguard makes it ubiquitous, never had a problem with reliability.

load more comments (3 replies)
[–] veeesix@lemmy.ca 24 points 4 days ago

I just checked how much I was paying for my Nord subscription and now I’m convinced that Proton Unlimited (discounted) is a great value. Gonna switch next year when my subscription ends. Thanks for putting this together!

[–] Valmond@lemmy.world 14 points 4 days ago (1 children)

ProtonVPN: only 8 years old: RED FLAG!

Well reddish flag at least, is there a rationale behind this? I mean 8 years is quite a long time.

[–] Ferk@lemmy.ml 8 points 3 days ago* (last edited 3 days ago) (3 children)

I think it's just a relative color scale from a spreadsheet.. with the older being the greenest, the youngest the reddest, and the rest just fall in between. ProtonVPN just happens to be in between, it's not as red as the others but also not as green as the ones that have been around for much longer.

load more comments (3 replies)
[–] online@programming.dev 14 points 4 days ago

Also of note, some providers have data caps. I haven't looked at all providers, merely Nymvpn as I was interested. Turns out they have a 2TB/month cap. Might not be an issue for some, but might be for others.

[–] Amaterasu@lemmy.world 10 points 3 days ago* (last edited 3 days ago)

I see that Windscribe was included. Their price tier is always in promotion so I'd take that in consideration.

Also, they have app for Linux: https://windscribe.com/features/linux/

It is not in Electron like many others. It is native Linux.

[–] brickfrog@lemmy.dbzer0.com 18 points 4 days ago* (last edited 4 days ago) (1 children)

One thing you may want to update - listing Tor's logging policy as "No Logs" is a bit misleading, that's really more of a voluntary recommendation for individual Tor exit relay operators.

Tor exit relay operators absolutely can store logs of outgoing connections if they choose to. And technically they could even snoop on non-secure traffic if they choose, there's a reason you should be using HTTPS if you're going to use Tor for clearnet browsing.

Of course most Tor exit relay operators aren't going to do these things but it's all voluntary, seems incorrect to claim all exit relay operators follow no log principles.

EDIT: Also AFAIK you can't forward a port from the clearnet through a Tor exit relay's public IP address back to your own Tor client, Tor doesn't do port forwarding like that. It's definitely not needed to run Tor Browser (and Tor VPN I think) but that isn't needed for any of the other VPNs either, a bit confusing how you listed that one.

load more comments (1 replies)
[–] utopiah@lemmy.ml 4 points 3 days ago* (last edited 3 days ago)

Since you do not seem to list self-hosting options, e.g. WireGuard or OpenVPN, then IMHO it'd be good to at least have a line on each about what's the actual backend, e.g. does service X runs on WireGuard, OpenVPN, something else, something proprietary that has been audited by 3rd party if so whom and when.

Edit: suggested self-hosting (but not at home) WireGuard in the previous thread https://lemmy.ml/post/37270537/21536054

[–] TankieTanuki@hexbear.net 16 points 4 days ago* (last edited 4 days ago) (4 children)

All VPNs are blocked on my university's network meow-cactus

I live off campus, thankfully, but it sucks that I can't have any privacy on my laptop while on campus.

[–] ATS1312@lemmy.dbzer0.com 3 points 3 days ago* (last edited 3 days ago)

Mullvad on desktop has QUIC protocol encapsulation so that wireguard just looks like normal https traffic.

There's also shadowsocks protocol encapsulation to look like ssh traffic. And that's even available on mobile too.

[–] chaoticnumber@lemmy.dbzer0.com 16 points 4 days ago

You can set up a wireguard tunnel for yourself relatively easily, there are a ton of guides out there. Its basically a way for you to pop out elsewhere, same principle as a vpn. Most vpn providers use wireguard as a protocol.

load more comments (2 replies)
[–] cmhe@lemmy.world 11 points 4 days ago* (last edited 4 days ago)

The 'availability' is misleading. If they offer OpenVPN or Wireguard then they are available pretty much anywhere.

Using just plain Wireguard or OpenVPN configs would also be much better than installing random VPN provider apps.

[–] Edie@lemmy.ml 6 points 3 days ago* (last edited 3 days ago) (1 children)

C tor/little-t-tor/etc. is licensed under the "3-clause BSD" license

Tor technically doesn’t have a WireGuard profile, but you could (probably?) create one

I dont know a lot about wireguard, but of the cuff answer would be no.

load more comments (1 replies)
[–] Undertaker@feddit.org 10 points 4 days ago

Availability: Direct download via Repo or developer web page is missing. Google shouldn't be a plus. The provided explanation in the last thread was invalid

[–] HulkSmashBurgers@reddthat.com 6 points 3 days ago* (last edited 3 days ago)

I think it's worth noting NYMVpn uses a quite advanced mixnet for security which is different from other VPNs and theoretically more secure than even TOR. I say theoretically because it hasn't yet been proven with large scale use.

https://nym.com/blog/what-is-a-mixnet

[–] wesker@lemmy.sdf.org 14 points 4 days ago* (last edited 4 days ago)

I appreciate the attempt to quantify availability, but don't most of these providers allow you to generate OpenVPN and Wireguard configs, which can be used practically anywhere?

Nevertheless, your work is appreciated.

[–] brb@sh.itjust.works 8 points 4 days ago

If you make 2.1 you could add some info on the port forwarding because there are massive differences on it between providers. Like PIA gives you a single random port that changes each time you reconnect, while AirVPN gives you 5 static ports you can configure yourself.

[–] ki9@lemmy.gf4.pw 7 points 4 days ago* (last edited 4 days ago) (1 children)

I can vouch for cryptostorm. Offers port forwarding and good speed. Haven't been with them long but they seem legit.

[–] ATS1312@lemmy.dbzer0.com 2 points 3 days ago

I'd love to see them audited.

Back when they were in the US, they closed shop and moved to Iceland to avoid turning over data for a subpoena.

That's both admirable and an admission that they had longs to turn over.

But that they generate accounts on the fly like the best? Is promising in context.

load more comments
view more: next ›