How We Picked
VPN providers like to claim they keep no logs, which means they know nothing about what you do using their services. There are a variety of reasons to be skeptical about this claim, namely because they have to have a user ID of some kind tied to a payment method, which means the potential exists to link your credit card number (and thus your identity) to your browsing activity.
For that reason, I mainly limited my testing to providers that have been subpoenaed for user data in the US or Europe and failed to produce the logs or have undergone a third-party security audit. While these criteria can’t guarantee the providers aren’t saving log data, this method of selection gives us a starting point for filtering through the hundreds of VPN providers.
Using these criteria, I narrowed the field to the most popular, reputable VPN providers and began testing them over a variety of networks (4G, cable, FiOS, and plenty of painfully slow coffee shop networks) over the past nine months. I tested network speed and ease of use (how you connect), and I also considered available payment methods, how often connections dropped, and any slowdowns I encountered.
What Happened to ExpressVPN?
ExpressVPN, formerly one of our top picks, was purchased by Kape Technologies earlier this year. The sale of any VPN service is cause for some concern, but in this case it’s more worrying than usual. Kape Technologies, once known as Crossrider, has been accused of malware distribution and fraud. It also owns the once-reliable Private Internet Access (better known as PIA), which we also don’t recommend, and a number of VPN review sites.
Given the background of Kape and its board, which includes ties to both British and Israeli government agencies, we no longer recommend using ExpressVPN or PIA. If you’d like more details on the company’s background, see this article at Restore Privacy.
Why You Might Not Need a VPN
It’s important to understand not just what a VPN can do, but also what it can’t do. As noted above, VPNs act like a protective tunnel. A VPN shields you from people trying to snoop on your traffic while it’s in transit between your computer and the website you’re browsing or the service you’re using.
Public networks that anyone can join—even if they have to use a password to connect—are easy hunting grounds for attackers who want to see your network data. If your data is being sent unencrypted—like if the website you’re connecting to doesn’t use the secure HTTPS method—the amount of information an attacker can gather from you can be disastrous. Web browsers make it easy to tell when your connection is secure. Just look for a green lock icon at the top of your screen next to the web address. These days, most websites connect using HTTPS, so you’re probably fine. But if that green lock icon isn’t there, as it sometimes isn’t on school, library, and small business websites, anyone can view whatever data you’re sending. Unless you’re using a VPN, which hides all of your activity, even on unencrypted websites.