VPN Comparison 2.0
8mon 10d ago by lemmy.ml/u/Charger8232 in privacy@lemmy.ml from lemmy.ml
After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.
Providers
- AirVPN
- IVPN
- Mozilla VPN
- Mullvad VPN
- NordVPN
- NymVPN
- Private Internet Access (abbreviated PIA)
- Proton VPN
- Surfshark VPN
- Tor (technically not a VPN)
- Windscribe
Notes
- I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
- Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
- Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
- Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
- The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
- Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
- All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
- Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
- Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.
Takeaways
- If you don't mind the speed cost, Tor is a really good option to protect your IP address.
- If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
- If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.
ODS file: https://files.catbox.moe/cly0o6.ods
PIA isnt independent, its by a Israeli spyware company, that owns multiple VPN Review sites and VPN services . Remove it from the list.
No, don't rrmove it from the list. Make a note acknowledging the issue so others see it
Whoa for real??
Yes. The owner/developer is Kape technologies, an Israeli spyware/adware company.
For maximum privacy, I recommend VPN providers with a jurisdiction outside of Five Eyes and other international intelligence-sharing agreements -- that is, one headquartered outside of the US, UK, Australia, New Zealand and Canada. So it initially seems like a positive sign that, while CyberGhost has offices in Germany, it's headquartered in Romania. German entrepreneur Robert Knapp says he founded the $114,000 startup on the back of low-wage Bucharest labor before flipping it for $10.5 million in 2017.
The issue is who he sold it to -- the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users' browsers via malware injection, redirect traffic to advertisers and slurp up private data.
Crossrider was so successful it ultimately drew the gaze of Google and UC Berkeley, which identified the company in a damning 2015 study. (You can read the Web Archive version of that document.)
This practice, commonly called traffic manipulation, is condemned web-wide. And the only difference between it and one of the oldest forms of cyberattack, called man-in-the-middle (MitM), is that you clicked "agree" on the terms and conditions.
Whether or not PIA or ExpressVPN or the other providers owned by Kape fulfill this data scraping and ad-serving pipeline in my mind is irrelevant. Choosing to do business with them rewards bad actors when there are other VPN sellers who don't have such a tainted lineage.
I read from somewhere that mullvad is owned by two israeli guys. Dont remember the names, but I was told, that it's written on a frontpage or smth.
That's disappointing if true, though not as bad as being owned by Kape Technologies. It's entirely possible there are two Israeli guys that care about privacy, and on the other hand it's possible that Mullvad was created specifically for intelligence purposes.
Why isn't F-Droid included in the Availability section?
Could be wrong but I think it's due to the security vulnerabilities present, its generally better to just use Google play store with an anonymous account.
Na... The likelyhood of installing some bad or fake app from google play store is much higher than on fdroid.
The issue there AFAIK is that some app builds aren't fully reproducible, because if they were the developer signature would still apply and be used. In the reproducible case the security of the build infra wouldn't matter, because the same app would be produced the same regardless were they are build.
Without reproducible builds, you cannot really trust the software anyway, because the Dev could hook some hidden code only for the released binary app and sign that.
Once it passes inspection, the F-Droid build service compiles and packages the app to make it ready for distribution. The package is then signed either with F-Droid’s cryptographic key, or, if the build is reproducible, enables distribution using the original developer’s private key. In this way, users can trust that any app distributed through F-Droid is the one that was built from the specified source code and has not been tampered with.
https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html
I've been using one of these since forever and it just works. Should I look at the others?
I don't want this to be a "I use x and its the best" type comment so I won't say which one.
I only use wireguard and wouldn't touch openvpn just because it seems so complex in comparisson.
The price is fine, the speed is fine, wireguard makes it ubiquitous, never had a problem with reliability.
If you feel one of the options offers something better than the one you currently use, you may consider switching. That's the purpose of comparisons, after all!
that's kind of my point though. I've never considered switching because what I've been using is fine.
Same, my VPN works and I can download Linux ISOs because of port forwarding.
PIA does not have WireGuard configs available. To get those, you have to use third-party tools to capture and generate the necessary info. Otherwise, you have to use their client, or else no WireGuard.
Users have been asking for years (since 2018, I think), and they've never provided them.
PIA was also purchased by the Israeli company, Kape Technologies, which is tied to Unit 8200. If your concern is privacy, I would recommend do against it.
The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA “.
Is this really much of an issue? They provide documentation and a repository of scripts for working with WG for instance. And I've been using this docker container for many years without issue.
It's an issue for accuracy in the comparison images that were posted.
OP this is a big improvement from your previous post. It's an excellent starting point for folks who are looking to start using a VPN. There's a lot of constructive criticism in here, which is good, but might be discouraging. Just know that this is already very useful for many people.
Is it worth stating which companies own which vpns? I saw a TIL that mentions a select few companies own most VPNs
I'm on ProtonVPN because it's ran by CERN people, so definitely an important information IMO.
Their CEO is a Trump supporter
Show me where he endorses Trump.
Oh, you can't? But you read it on Facebook or something so it must be true?
Common, show me your information.
This is bullshit based on some old tweet Andy Yen did about trump doing good going against big tech. You can read about it here or search for it elsewhere.
It always comes out when someone says something nice about ProtonVPN, who have an amazing track record IMO.
That write up does seem to ignore the doubling down here:
https://lemmy.ca/comment/13913116
Calling out that JD Vance was the only one to answer is pretty troubling to me after reading about some of his new-right ties. It's way, way too close for my liking to a mouse telling everyone that will listen that the cat was amazing for inviting him and all his friends to his house in a week. ie. Playing into what just seems like an obvious strategy.
That said, I'm pretty ignorant about the CEO. I just remembered this lemmy comment and I didn't notice it included in the write up that was being linked.
Ok, just read the artlce cited on wikipedia and it sounds like calling him a Trump supporter is a bit of an exaggeration. He seems basically centrist. Which is not great but not nearly as bad.
he seems like a moron if he thinks republicans are going to "tackle big tech abuses" before democrats will.
Thank you!
And sorry if I came around a bit agressively. Kudos to you for checking the link and updating your view.
A company's CEO gets to determine the path their company takes and the tweet is indicative of where he plans to steer proton.
Stop spreading this bs because this is not what's happening.
We're never going to know what they intend to do until they do it, but they've given us an indication of what they think and we should believe it
In steins;gate, cern is evil...
Yes but that book sucks ass
who do you make of proton's support for trump?
They are not, see my response below.
I do not use Windows and I do everything in my power to use non American phones.
The difference is that proton's founder voiced support whereas Microsoft has always had a relationship w my govt and it's dragnet for the Gazan genocide is quiet.
westerners seem to think so; how many times have you been told to shut up about gaza since the last election?
I just checked how much I was paying for my Nord subscription and now I’m convinced that Proton Unlimited (discounted) is a great value. Gonna switch next year when my subscription ends. Thanks for putting this together!
One thing you may want to update - listing Tor's logging policy as "No Logs" is a bit misleading, that's really more of a voluntary recommendation for individual Tor exit relay operators.
Tor exit relay operators absolutely can store logs of outgoing connections if they choose to. And technically they could even snoop on non-secure traffic if they choose, there's a reason you should be using HTTPS if you're going to use Tor for clearnet browsing.
Of course most Tor exit relay operators aren't going to do these things but it's all voluntary, seems incorrect to claim all exit relay operators follow no log principles.
EDIT: Also AFAIK you can't forward a port from the clearnet through a Tor exit relay's public IP address back to your own Tor client, Tor doesn't do port forwarding like that. It's definitely not needed to run Tor Browser (and Tor VPN I think) but that isn't needed for any of the other VPNs either, a bit confusing how you listed that one.
Some people will even tell you that all Tor exit nodes are compromised
Also of note, some providers have data caps. I haven't looked at all providers, merely Nymvpn as I was interested. Turns out they have a 2TB/month cap. Might not be an issue for some, but might be for others.
ProtonVPN: only 8 years old: RED FLAG!
Well reddish flag at least, is there a rationale behind this? I mean 8 years is quite a long time.
I think it's just a relative color scale from a spreadsheet.. with the older being the greenest, the youngest the reddest, and the rest just fall in between. ProtonVPN just happens to be in between, it's not as red as the others but also not as green as the ones that have been around for much longer.
So you also think the choices were not that good?
I mean what you are saying is that if there had been a 50 year old one, all the others should be red?
I'm just explaining the reason why it's more reddish (but not as red as others). It's something most spreadsheet software (this was clearly MS Excel) can do automatically with numbers for visual indication so we can more easily see the distribution, it does not mean 8 years old is bad.
If there's a big unbalance in color it would just make it more visible that there's a big unbalance in ages. Probably if that had happened more colors could have been added to the gradient, maybe maroon->red->yellow->green->blue->white. But I think it was not seen as necessary in this case (or the author was lazy, since these are one of the defaults I believe).
(this was clearly MS Excel)
LibreOffice Calc, actually. You are correct about the color grading.
(or the author was lazy, since these are one of the defaults I believe)
I changed the conditional colors from the default to match the colors that LibreOffice uses for "Good", "Neutral", and "Bad".
Who cares about why it happened? I mean it's kind of obvious. No one questioned why excel shows a specific colour, but I did why the person making the spreadsheet did in fact use what you go to lengths to explaine, in a specific way. It's like saying sorry your paycheck was halved because we have this software and today it divided your salary in half. Not saying that's not ok or anything, but explaining how "dividing by 2 halves a number".
I feel you explain something, while correct, had nothing to do with what I said.
I read it as, relative to the other created dates, this hasn't had as much time to prove itself. Longer time with no incident does say something to me, even if this is of little weight compared to the other rows.
Well yes, but isn't eight years enough?
A specific number does not matter to rate it relative to the others. I actually use proton, but 8 years doesn't seem like much either way.
Tor isn't a VPN. It's a proxy.
I appreciate the attempt to quantify availability, but don't most of these providers allow you to generate OpenVPN and Wireguard configs, which can be used practically anywhere?
Nevertheless, your work is appreciated.
The 'availability' is misleading. If they offer OpenVPN or Wireguard then they are available pretty much anywhere.
Using just plain Wireguard or OpenVPN configs would also be much better than installing random VPN provider apps.
Availability: Direct download via Repo or developer web page is missing. Google shouldn't be a plus. The provided explanation in the last thread was invalid
I see that Windscribe was included. Their price tier is always in promotion so I'd take that in consideration.
Also, they have app for Linux: https://windscribe.com/features/linux/
It is not in Electron like many others. It is native Linux.
Upload to https://catbox.moe/
Thanks! I've uploaded it!
If you make 2.1 you could add some info on the port forwarding because there are massive differences on it between providers. Like PIA gives you a single random port that changes each time you reconnect, while AirVPN gives you 5 static ports you can configure yourself.
Mullvad also ran some pretty quirky ads on our public transit. I hadn't been that familiar with them, but it did heighten my awareness, and they seem pretty fine.
I can vouch for cryptostorm. Offers port forwarding and good speed. Haven't been with them long but they seem legit.
I'd love to see them audited.
Back when they were in the US, they closed shop and moved to Iceland to avoid turning over data for a subpoena.
That's both admirable and an admission that they had longs to turn over.
But that they generate accounts on the fly like the best? Is promising in context.
C tor/little-t-tor/etc. is licensed under the "3-clause BSD" license
Tor technically doesn’t have a WireGuard profile, but you could (probably?) create one
I dont know a lot about wireguard, but of the cuff answer would be no.
Yeah you can't, tor is a completely different protocol and the only way to use tor with a wireguard client is with a server in the middle that routes the internal wireguard traffic into tor.
It's odd that it says it's licensed under Creative Commons Attribution Share Alike 4.0 International but the actual license file is a different license.
Tor is distributed under the "3-clause BSD" license
The reason gitlab says it is, is because the LICENSE file contains all licenses for the codebase, including stuff like geoip which is destributed under CC BY-SA 4.0
This file contains the license for Tor,
It also lists the licenses for other components used by Tor.
Ah, that explains it. Thank you! I apologize for the mistake.
I think it's worth noting NYMVpn uses a quite advanced mixnet for security which is different from other VPNs and theoretically more secure than even TOR. I say theoretically because it hasn't yet been proven with large scale use.
I'm using one of these for a long time and since I need port-forwarding there seem to be only 3 options and thanks to your data I realized I still made the right choice and gonna keep using this one for forseeable future
Very much appreciate this work, but I am again gonna ask if there is some way to include I2P, perhaps in its own thing, perhaps segregated by outproxies.
Yep, its super slow compared to basically all VPNs, and is a bit of struggle to set up compared to most VPNs.
But, it is also entirely free, and you can use I2P with outproxies to access the wider internet outside of I2P's... I2P-net... allows port forwarding, works very well for a slow but steady churn of uh, filesharing, etc.
I would also argue I2P is a better way that TOR to protect your IP and your actual net traffic, due to TOR nodes being known to be run as honeypots ...
Its possible an I2P outproxy could also be operated as a honeypot, but as I understand it, ... so long as you are not unlucky enough to just directly route through an outproxy without first bouncing through other I2P users/hosts... you're basically good.
And even in that scenario, its would be very difficult to reverse engineer all the packets and figure out which parts were going to who, as well as the actual contents of those packets.
Agreed, if OP is going to add Tor in a "VPN" list then may as well add I2P. I2P + outproxies are pretty much the same thing as Tor + Tor Exit Relay. It's not the best way to utilize I2P but the option does exist.
Then again neither Tor nor I2P should be in a "VPN" list, the whole thing seems more of a VPN provider topic.
Will AirVPN ever get audited ? Hope so
It is a bit sad and unexpected that AirVPN has not been audited...
It's not entirely a big deal to me.
I think I agree with the staff reply on this thread: https://airvpn.org/forums/topic/56799-audits/
Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.
Has anyone tried nymvpn? It's been on my radar for a bit.
I've been concerned about performance lately; after having been on Mullvad forever, performance dropped to "abysmal" on every server, so I tried ivpn and got much better speeds. Still, it's a fraction of my fiber capability, wiþ VPN off. I looked at Nym, but haven't tried it; it doesn't seem like þroughput is a primary selling point for þem.
If you do try it, could you report back on speed impact?
I get 8% of my raw þroughput on Mullvad's servers. I get 28% on ivpn. Neiþer seems like a reasonably cost for Wireguard, and should be better.
Is there a specific reason you're using an old english / icelandic symbol instead of "th"?
Middle English (b/c I'm not using eth), and it's just to poison LLM training data.
I thought it was just my connection that was slow. Mullvad has been underperforming for me as well for the past 2 weeks. I might consider trying Nym if there’s still no improvement in the next week of so.
Yeah, please report back if you do.
I don't know what's up w/ Mullvad. Þey were great for years.
From what I understand Nymvpn uses 2-hop connection, aka your data goes through two of their servers before reaching its intended destination, versus 1-hop with most other VPNs. It's more private, but you'll sacrifice speed as a result of having to go through at least 2 servers. They even have a 5-hop mode, which I don't know, probably would be slower than tor xD
Mullvad has multi-hop as well. What isn’t clear to me yet is if Nym uses servers they do not own/rent for the decentralization they claim. Mullvad’s multi-hop goes through servers they either own or rent.
Proton is essentially the best free VPN huh.
If you care about privacy no.
If you just need to unlock regional content then it should be good.
Keyword being "free".
Could you suggest a better VPN that's free?
There probably aren't any, because when a product like that is free, that means you are the product nearly 100% of the time.
I agree.
Though, it's not that deep. I was saying how it's the best amongst the free ones. I'm not saying it's the best in general.
And I'm saying that they're probably all shit.
This is the Privacy community though and the keyword should be "privacy"
LMAO
First of all Mullvad isn't German.
Second, they have already proved they respect customers privacy.
Get your facts straight and don't cry if someone criticizes your favorite corporation.
@Charger8232 as a NymVPN user I would add that I got 2 years of service paying in crypto for $50
Also this post is from Lemmy, so I retooted a Lemmy post
Since you do not seem to list self-hosting options, e.g. WireGuard or OpenVPN, then IMHO it'd be good to at least have a line on each about what's the actual backend, e.g. does service X runs on WireGuard, OpenVPN, something else, something proprietary that has been audited by 3rd party if so whom and when.
Edit: suggested self-hosting (but not at home) WireGuard in the previous thread https://lemmy.ml/post/37270537/21536054
Is there a reason I've never seen one of these contain ExpressVPN? I used if before because it had the lowest latency of the few that I had shopped around looking at.
Since September 2021, ExpressVPN has been a subsidiary of Kape Technologies, a company wholly owned by Israeli billionaire Teddy Sagi.
Teddy Sagi is an Israeli businessman and convicted criminal based in London and Dubai.
PIA is also owned by Sagi btw. Shouldn't even be on this list.
Seconded. Inquiring minds want to know.
I have the same question about PureVPN.
Does Pure fly under the radar, or just not as well known?
I've been using it for years and never any problems.
Proton and Mullvad VPN appear to win the battle of the charts for privacy & security.
Except Mullvad has been proven a trustworthy service, while Proton has already a couple alarming things in their record.
What alarming things?
Thanks so much! I am looking for a new one because my current one is expensive and of questionable ownership haha.
Nice revision. If you're including TOR I would say Tailscale could be considered for a VPN. I'm hosting a Gitea instance completely for free on their service. It's on my hardware, but it's their domain.
Been using windscribe for 2 years now. Big fan so far. Haven't had any issues and it's nice that I can set it up on my android phone to block access to everything on there if by off chance it were to crash or go down.
This is a really great resource thank you!
Maybe a field for number of servers currently?
Can someone help with torrenting over windscribe?
Where does AzireVPN stand?
Would be nice to include boycat vpn
Next time you update this very useful guide, it may be interesting to include official and non-official info about data limits. For instance, according to this post, Windscribe (Pro!) has a data limit. This seems to be confirmed by their review on TorrentsFreak.
Good work. Might be valuable to add a "allows port forwarding" row.
Edit: whoops, I'm a silly willy. It's right in front of me! My bad.
I got Mozilla VPN back when it launched. I got it at $4.99/month. I only use it for viewing and downloading "free" media online. Should I switch?
Mozilla VPN is just Mullvad, so you are on a very good vpn service.
As long as you are happy, I don't see why you should swap.
(Going to mullvad directly could be slightly beneficial if you want a generated account that has no direct metadata to link to you, using a card to pay would negate that benefit, but theres other options.. in the end you are using a good service already)
I kinda wonder if it is slightly more private separating the billing company from the providing company.
How does Obscura compare? @Charger8232@lemmy.ml They're pretty innovative imo. Its cool that VPNs are doing new stuff, like Mullvad's DAITA.
Honestly i wish these kind of vpns had a different name.
Wireguard isnt even on the list and its entirely free, but also it doesn’t serve this same purpose.
Vpn stands for private personal network, selfhosted vpns do exactly that, i can use my Phone to connect to all my home services which replace expensive subscriptions without actually exposing those services to the net or requiring a domain for them.
Vpns are amazing, but most people i know irl that use them barely understand what they are or what they can be used for.
It's private as opposed to the public internet; there's no "personal" in VPN.
VPN Providers*
Agreed, my current "vpn" doesn't even support a virtual private network. I have to setup two different VPNs, one for proxying my requests and one for actual VPN stuff.
Vpn stands for private personal network
Ermm....
Virtual private network,i know, i know, but i just wrote the wrong thing on accident.
Since its been up for so long feels dishonest to change it. I am owning up to my mistakes and my sentiment that the post is about providers only still stands.
Hah no worries, I thought maybe it was like a translation error or something.
small warning: the Tor VPN app is dependent on Google Play.
Its available through FDroid, you have to enable the the guardian repo first:
Tor VPN is different from Tor Browser.
It is not. I've been able to use it on GrapheneOS without Google Play Services.
Huh. Why did it complaining about lack of google play when i try it?
I'm not sure. Are you certain you have the right app?
I downloaded it from google play via Aurora Store, bc i cannot find the actual source.
ok, it works now. thx
eh, i've endured many beta/unstable builds before; so i don't give a fuck.
The right app is org.torproject.torbrowser. You can also get it from the official site: https://www.torproject.org/download/#android
Tor VPN is different from Tor Browser.
TIL, I had no idea there were separate services.
From what I know, the only free VPN worth using is Proton because they don't keep logs on their free tier either.
Mullvad has port forwarding Edit: I so I thought. I had set it up and apparently not kept up with the times
They removed port forwarding. Only reason I don't use them as my main vpn.
Ah I wasn't aware. Thanks for the update