Choosing a VPN Provider

VPN Provider and Configuration

Primary considerations when choosing a Virtual Private Network (VPN) provider should include: selecting a VPN that has a stated no-logs policy, threat model analysis, VPN reputation, security and privacy policies, number and type of devices you plan to connect, geographic location of the VPN provider, and protocols used (Open VPN vs. Lightway). The basic goal with a VPN is to encrypt your network traffic by routing your connection through one or more servers, keeping your internet traffic private from the snooping of your ISP, advertisers, and government spying. While a VPN will not provide total anonymity, it goes a long way towards that goal. In combination with a properly configured firewall, browser choice and configuration, and awareness of threat vectors, a reputable VPN provider is an essential service for a robust, privacy-preserving interface.

I believe it is vital to note that when searching for informed and unbiased VPN reviews and recommendations online, a vast majority of the results you will find are websites that link to the recommendations they provide, with the goal to generate traffic to providers and generating revenue for providing the click-bait. While this is how much of the internet operates, it is worth considering that many of the best-reviewed VPN providers on these websites can often be marketing gimmicks by the VPN providers themselves, so be wary, read multiple reviews from trusted sources, and know that some reviews (this one, for example) are based entirely on subjective experience and technical expertise with the underlying technology. I am not receiving compensation for providing recommendations, nor providing links to these providers. The next time you're wondering if you are reading an actual review or whether it's an advertisement masquerading as a neutral 'review' -- click on one of the links that the reviewer has embedded – and check the address bar to view the URL it links to; instead of simply linking to Vpnrovider.com -- it will most often appear as a variation on Vpnprovider.com/referrer=moneygrab-review-site. That portion of the URL after the primary site address (referrer=) is a tell-tale sign that you have been sent to the VPN provider website for a referral fee. Be wary.

I have nearly a decade of experience with VPN configurations and have tried multiple providers across numerous operating systems, including MacOS, Linux, Android, Windows, and iOS . For most users, you will want to find a paid VPN provider for a number of security and privacy considerations. Paid providers have more servers with more VPN locations in countries throughout the world, clearly-stated logs policies, layers of encryption including multi-hop obfuscation (chaining more than one VPN location to another, a similar approach used by TOR Browser), and customer support for setting up and running your VPN and troubleshooting connection issues.

Generally, selecting a VPN provider that does not collect and log user information is a must-have feature. Read the provider's policies -- there should be a clearly stated no-logs policy. Most reputable VPN companies provide these essentials: an app interface for all major operating systems, kill-switch features to block all internet traffic if the VPN connection drops, ability to pay for a subscription with cryptocurrencies, and the option to connect at the router level rather than at the device level.

I will be focusing on the two best VPN providers I have found over multiple years of trying many different providers; they are ExpressVPN and Private Internet Access (PIA). Both offer comparable services with some nuanced differences. Cost-wise, at the time of writing, ExpressVPN is around $100 yearly, and Private Internet Access has cheaper subscription options and multi-year subscriptions (3-year, for example) that cost close to ExpressVPN's 1-year price. However, when considering all options, cost should be a factor, but not the decisive factor. ExpressVPN is located outside of the USA (and thus does not fall under the jurisdiction of US government oversight) meaning they are not required to respond to law enforcement requests for user information. They have a zero-logs policy, and a sleek UI, responsive customer service, apps for all major operating systems, a dual OpenVPN/Lightway protocol selection, simple options for configuring or buying a VPN router (so that all your connections are routed through the VPN without the need to use a secondary application) and the ability to use cryptocurrencies like Bitcoin to pay for a subscription. One unique feature is the ability to use their router-based VPN to set up different locations for each device you use, which can come in handy for your privacy. For example, you may want your SmartTV to connect to a nearby domestic location, another location only for sensitive work or personal financial use on your laptop, and another location for guests who you want to share your encrypted connection with. This allows each device to appear to be connecting from a separate location. Their native app can be downloaded from their website, or if using Homebrew, via the Mac terminal. The app features a kill-switch, speed tests to determine the fastest available locations worldwide, and a Smart Location feature which automatically routes your traffic to the nearest and fastest available location. Additionally, you can select from the OpenVPN protocol, Lightway (their proprietary Wireguard protocol) or Automatic, which will determine the best protocol for your device. Setup is extremely simple; after purchasing a subscription (which comes with a 30-day money back guarantee) you are given a login code which will allow you to connect via the app from multiple devices simultaneously. Purchasing a subscription does require registering with an email address. If your threat model includes the need for heightened anonymity, you can consider setting up an email account solely for your VPN subscription (I recommend privacy-friendly email providers like ProtonMail or Tutanota). And if you know you will be purchasing a subscription, it may be to your benefit to use a free VPN service like ProtonVPN's (downloadable from their website) to sign up for your ExpressVPN subscription. Using an encrypted VPN connection to sign up and a newly-generated email address goes a long way towards hiding the fact that you are purchasing a VPN subscription (by hiding your IP address, and by using an email address that is not already attached to your identity). ExpressVPN's download and upload speeds are very good, they keep no logs or subscriber identity information on their servers, and the options to use a router set up for VPN connection make ExpressVPN my overall #1 choice for a VPN provider.

My second choice for a VPN provider is Private Internet Access. They also have an excellent app interface, private DNS, and unlike ExpressVPN, you can route your VPN connection through multi-hop (two locations) obfuscation, which can hide the fact that you are using a VPN from many websites. It is also more affordable than ExpressVPN, and often the speeds are faster. So why isn't it my #1 choice? They are a US-based provider (their offices are based in Denver, Colorado) which could compel them under US law to be forced via law enforcement requests to divulge information. While this is unlikely, as they are a zero-logs provider and report to not store user information, it is worth considering if you are a US resident and your threat model necessitates a higher level of anonymity. In addition to multi-hop obfuscation, PIA also allows connection through a SOCKS5 proxy, and has a built-in threat blocker that can block many malicious tracking technologies. They also have a VPN configuration toggle that allows connecting via OpenVPN or WireGuard, a kill switch, and the option for router-level VPN configuration (though not as straightforward as ExpressVPN's). With its lower price tag and multi-hop obfuscation feature, PIA is your best choice if you are more concerned with security and privacy, but anonymity is less of priority.

Both providers reviewed here offer monthly subscription options and it is worthwhile to try them both for a trial period, familiarize yourself with their unique features, and then proceed with purchasing a longer annual or multi-year plan based on your preference, VPN speed, and the particulars of your threat model.