Hi privacy fans :) I’ve been a lurker in this lemmy-community for a while now and a “fan” of privacy for about 4 years now. Since 4 years, I’ve been on and of with VPNs. Sometimes I think I dont need one, sometimes I change my mind and start searching for one. The only one I tested (and used) so far, was Mullvad. But now reading about Surfshark, I was wondering, if there might be a better solution or if Mullvad is already the best solution for VPN. What I dont like about Surfshark is, that it is part of North Security and that it is not open-source (or at least I can find any info about that).
I hope you guy and gals have some suggestions or recommendation :)
Edit: wow… thanks for all of your fast replies. Coming from Reddit, I am used to only shitposting. Thanks for all your input. I will look into all the mentioned VPN hosters, thx 👍
Mullvad, IVPN, and Proton are the top tier for privacy respecting VPNs.
Windscribe and AirVPN are also decent options but do not have the audit history to be in the same tier as the other 3.
Most other VPNs people mention either have a dubious history or no real proof of their claims to be privacy respecting.
+1 for proton. Been using them for years now.
Plus one to Proton. They recently moved to a not-for-profit model because they believe it will help them better protect their customers interests
They also lowered prices when their costs went down a year or so ago
And they’re continuing to put out more and more apps and features without increasing prices or any of that bullshit. They grandfathered my Proton Prime plan or whatever it was called without any interruption of service when they got rid of the plan. Basically, they just do a lot of great things
Windsribe also has a big advantage for price with their “Build a plan” in that you can pick a few locations and only spend $3 a month without needing to deal with any coupons/sales or long term purchases.
Tor.
And the correct term is anonymizing proxy. Having the term VPN overloaded to mean two completely distinct things is rather annoying and/or confusing.
Mullvad is great, I’ve been using it for some time and I’m happy with them
Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.
I’m actually working on a VPN product as well. It is a multi-hop system so that we can’t track you. But it isn’t publicly available yet, so in the meantime I happily recommend Mullvad.
I’d only recommend Proton if a) you’re already paying for their suite or b) you’re not using Linux. Otherwise, Mullvad is the way to go IMO.
A VPN is not for privacy. It simply put your front door to another location. There needs to be more done for being “private”. But Mullvad would be a good start.
Would you elaborate on this? Encrypting your traffic and not accessing sites from your actual IP address sounds pretty vital to privacy for me.
Yes, your traffic is encrypted through the VPN tunnel, to the other location, but than you need to get access to the internet again. SSL traffic is already private, so there you don’t need an VPN for. Yeah, you get another IP, but you browse on the internet (same fingerprint) your pc has access to the internet (same hardware ID) and so on. So you can be tracked still. There are multiple videos on YouTube telling you a VPN on its own is a private method to access the Internet. Look for it.
Ok, I think I misinterpreted yout comment to mean VPNs are not necessary. Thanks for the clarification.
AirVPN
Only if you need (cheap) port-forwarding.
What do you mean? Are they not good for privacy or security? They seem definitely more zealous about that on their FAQs and forum pages than, say, ProtonVPN, for sure.
As far as I know they don’t have audits done, so who knows about the logging. Both IVPN and Mullvad pass those. Could still be fine though, but I’d rather trust Mullvad or IVPN.
So, I just looked it up and apparently their official stance is that auditing is questionably effective and thus unnecessary:
Our software is free and open source, while we repute at the moment [it’s] not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.
In other words, their reasoning seems to be:
- Their software is free and open source, so if it does logs anything, the community would find out, so in this sense the community is the independent auditors;
- There’s no stopping an audited party from ceasing to log right before the audit and start up again after the audit ends, so an audit is kind of toothless anyway;
- Regarding penetration tests, they already have independent testing done as well as a bounty program.
Personally, I don’t entirely agree with points #2 and #3 (though I can see their points), but point #1 is fair I suppose. In my opinion, though, it should not be up to the users to hold the company accountable; and there is a difference between penetration tests and log auditing, as the former I believe are merely to check the resilience against outside hacking.
My end impression is that judging from their other documentation and forum posts, the fact that their software is fully open-source, and their past behavior in accordance with their stated values, I think I’m inclined to believe them. However, it is somewhat worrying nevertheless that there isn’t log auditing involved regardless of their actions.
Edit: Clarification
Another recommendation for Mullvad. Solid privacy options and no marketing snake oil