A virtual private network (VPN) is like a tunnel you can use to pass through a public network, protecting your data from outside eyes. Whether you’re worried about internet service providers selling your data or want to stay safe on public Wi-Fi, a VPN can help protect you.
However, while a VPN will keep you safe at your local coffee shop, it comes with a cost. Using a VPN means your VPN provider will know everything about your browsing habits. This makes VPN providers a tempting target for hackers.
This means picking the right VPN service is serious business. Most VPN providers claim they keep no logs, but this is rarely verified. You’re stuck taking companies at their word. For this reason, we’ve limited our testing to VPN providers that have been independently audited and published the results.
To help you sort out when and why you might want a VPN, as well as why you may not, be sure to read through our complete guide below. If you’re already sure you want to use a VPN, here are our top picks among commercial VPN providers.
Best for Most People
ExpressVPN is based out of the British Virgin Islands and is the only VPN that’s been verified to not keep customer logs. ExpressVPN has been independently audited, has failed to produce logs in court, and even had the Turkish government seize its servers only to find … nothing. When it comes to no logs, this is your best VPN bet.
Even better for those of us not particularly worried about logs, ExpressVPN offers a great set of tools to simplify connecting to the company’s VPN servers. There are apps for nearly every device, including home routers—and once you set up your router, you don’t have to worry about setting up apps on every device. On the go, there are apps for Android and iOS.
In my testing, ExpressVPN consistently offered the fastest connections and had the most reliable Netflix experience. Not only was I able to circumvent Netflix’s country restrictions, but ExpressVPN’s network was also plenty fast enough for HD streaming.
Best for VPN Newcomers
Choosing a VPN can be overwhelming. If you’re tired of lock icons and security mumbo jumbo, TunnelBear might be the VPN for you. Its cute bear animations help demystify what VPNs do, how they work, and what they can do for you. Sometimes the easiest way to make technology more approachable is by putting a friendly face on it.
We’re fans of TunnelBear’s password manager sibling, RememBear for the same reason. It’s amazing how bears can put you at ease.
In my testing, speeds with TunnelBear were competitive with ExpressVPN. One of my favorite parts of TunnelBear is the free trial option, which makes it easy to test drive and see what your speeds are like without committing. TunnelBear has fewer geographic locations than our other options, but unless you’re traveling abroad or need to get around a specific geo-restriction, it shouldn’t matter for most users.
Best for Advanced Users
Another thing I like is Mullvad’s cash payments. Yes, for total anonymity you can generate a random account number, write that number down, mail it, along with cash, to Sweden and, in theory, no one will be able to connect you to that account. (The truly paranoid will don a tinfoil hat, wear gloves, print from a public printer, and mail from a remote mailbox.)
These edge-case features aside, Mullvad offers a down-to-earth VPN service that doesn’t overhype with its marketing and helps users take additional steps to protect their privacy. For example, the company has an entire page showing you how to disable WebRTC in your web browser. As long as WebRTC is enabled (and it is by default in most browsers), websites can view your actual IP address even when you use a VPN.
Mullvad offers apps for every major platform (the Android app is in beta), as well as routers. The applications are all open source, and you can check them out on GitHub. They’ve been independently audited as well. Advanced users can download configuration files and use them directly with OpenVPN.
In my testing, speeds were good though sometimes less consistently so than with ExpressVPN. I never encountered a situation where I couldn’t get a fast connection, but sometimes I had to try different servers to get speeds I was happy with.
How We Picked
VPN providers like to claim they keep no logs, which means they know nothing about what you do using their services. There are a variety of reasons to be skeptical about this claim, namely because they have to have a user ID of some kind tied to a payment method, which means the potential exists to link you to your data.
For that reason, I mainly limited my testing to providers that have either been subpoenaed for data in the US or Europe and failed to produce logs or have undergone a third-party security audit. While this is still no guarantee these providers aren’t saving log data, it provides a baseline to start filtering through the hundreds of VPN providers.
Using these criteria I narrowed the field to the most popular, reputable VPN providers and began testing them over a variety of networks (4G, cable, FiOS, and plenty of painfully slow coffee shop networks) over the past nine months. I tested network speed, ease of use (how you connect), and also considered available payment methods, how often connections dropped, and any slowdowns encountered.
Why You Might Not Need a VPN
It’s important to understand not just what a VPN can do but also what it can’t do. As detailed above, VPNs are like a tunnel. VPNs protect you from people trying to snoop on your traffic in transit.
Public networks make it easy for attackers to get a copy of your network data. If your data is being sent unencrypted—the website you’re connecting to doesn’t use HTTPS—the results can be disastrous. Web browsers make it easy to tell when your connection is secure: Look for a green lock icon at the top of your screen. These days most websites connect over HTTPS, so you’re probably fine. But if that green lock icon isn’t there, anyone can view whatever data you’re sending. Unless you’re using a VPN.
Adding a VPN protects even your unencrypted data from prying eyes. Be sure to check out our guide to using a VPN to make sure you have everything set up correctly.
A VPN also changes your IP address, which protects your privacy to a degree. Unfortunately, this is not airtight. A web-based API known as WebRTC can leak your IP address even from behind a VPN. If this is a concern, disable WebRTC in your browser. Mullvad has instructions on how to disable WebRTC in most browsers.
It’s debatable how much masking your IP address really helps protect your privacy in the first place. Your IP address is only one of many, many bits of data that websites collect about you. If privacy is your concern, you’re better off using web browsers (and extensions) that offer tools to protect your privacy, like Mozilla Firefox or, if you want to get serious about privacy, the Tor browser.
To add to the confusion around VPNs, providers—even one of the providers I’ve recommended here, unfortunately—often engage in misleading marketing. Nearly every VPN service website I visited had some kind of red banner claiming I was “not protected,” even when I was using a VPN at the time. The problem is that I wasn’t using their VPN. More honest VPN providers, like Mullvad, tell you what’s actually happening: “You’re not protected by Mullvad. Kudos to Mullvad for not using fear to sell.
Either way, the important thing to remember is that using a VPN does not make you anonymous. While VPNs may not be able to do much to protect your privacy, they are an essential tool to protect your unencrypted data over insecure networks.
If you want to circumvent some kind of geographic restriction on content, browse securely over open networks, or get around an ISP-level content filter, then a VPN is a useful tool.