Tech
There Are Hundreds of VPNs, But I Only Recommend These 6
VPNs, Compared
Other VPNs We’ve Tested
EventVPN is the new hotness in the VPN world. It’s a free, ad-supported VPN that comes from ExpressVPN. Ads and VPNs don’t really mix, but EventVPN says it’s able to offer a free service via Apple’s App Tracking Transparency (ATT) and Identifier for Advertisers (IDFA), basically allowing it to serve ads without harvesting your personal data. The problem is the pervasiveness of ads. A banner lives at the top of the app at all times, and you’ll need to sit through a 30-second ad each time you connect or disconnect; a big problem when some servers posted unreasonably slow speeds. I’ll admit that EventVPN is a unique concept, but I see nothing about it that’s better than ProtonVPN or Windscribe for a free VPN service. And when it comes to the inconvenience of sitting through ads, it’s straight-up worse.
Private Internet Access (PIA) has a long history in the VPN space, and it’s maintained a track record of defending user privacy—even in the face of actual criminal activity. In 2016, a criminal complaint was filed in Florida against Preston Alexander McWaters for threats made online. McWaters was eventually convicted and sentenced to 42 months in prison. Investigators traced the online threats back to PIA’s servers and subpoenaed the company. As the complaint reads, “A subpoena was sent to [Private Internet Access] and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States.” McWaters engaged in several other identifying activities, according to the complaint, but PIA wasn’t among them. Despite such a clear view of a VPN provider upholding its no-logging policy, PIA didn’t impress me during my tests. It’s slightly more expensive than a lot of our top picks, and it delivered the worst speeds out of any VPN I tested, with more than a 50 percent drop on the closest US server. (Windscribe, for context, only dropped 15.6 percent of my speed.)
MysteriumVPN is the go-to dVPN, or decentralized VPN, as far as I can tell. The concept of a decentralized VPN has existed for a while, but it’s really gained traction over the last couple of years. The idea is to have a network of residential IP addresses that make up the network, routing your traffic through normal IP addresses to get around the increasingly common block lists for VPN servers. Mysterium accomplishes this network with MystNodes. It’s a crypto node. People buy the node to earn crypto, and they’re put into the Mysterium network. It’s not inherently bad, but routing your traffic through a single residential IP is a little worrisome. Even without the decentralized kick, Mysterium was slow, and it doesn’t maintain any sort of privacy materials, be it a third-party audit, warranty canary, or transparency report.
PrivadoVPN is one of the popular options to recommend as a free VPN. It offers a decent free service, with a handful of full-speed servers and 10 GB of data per month. You’ll have to suffer through four—yes, four—redirects begging you to pay for a subscription before signing up, but the free plan works. The problem is how new PrivadoVPN is. There’s no transparency report or audit available, and although the speeds are decent, they aren’t as good as Proton, Windscribe, or Surfshark. PrivadoVPN isn’t bad, but it’s hard to recommend when Proton and Windscribe exist with free plans that are equally as good.
VPNs to Avoid
You’ll find dozens of free VPNs all claiming to protect your privacy. Most of them don’t. There are plenty of VPNs I don’t recommend, but these are a few I’ve tested worth mentioning.
Hola is an infamous name in the VPN industry, but it’s been close to a decade since its very public debacle. Hola is free, and it’s able to stay free because it uses a peer-to-peer network. Hola also owns Bright Data (formerly Luminati), which is a data collection company. In 2015, Hola sold access to the network of its free users (via Luminati), which was used in a distributed denial-of-service attack on 8chan. It’s been a decade since that incident, but Hola still operates in a similar way. If you don’t pay, you could be used as an exit node in Bright Data’s network, and the privacy policy makes it clear that Hola logs data about your usage, including your IP address, the pages you visit, and timestamps.
X-VPN is available on desktop, but it primarily shows up in results on the Apple App Store and Google Play, targeting mobile users with a free offering. X-VPN hasn’t done anything explicitly wrong like Hola, but it has way too many inconsistencies to recommend. For starters, it uses a proprietary VPN protocol, which it obfuscates within the app. Proprietary protocols like NordVPN’s NordLynx and ExpressVPN’s Lightway are based on existing, open source protocols. Further, X-VPN was highlighted in a Tech Transparency Project report about free VPNs with links to the Chinese government; X-VPN is based in Hong Kong. There’s no smoking gun with X-VPN, but there doesn’t need to be. The speeds aren’t the best, the app lacks basic features like split tunneling, and the pricing for a paid plan is in line with top providers.
How We Test VPNs
Functionally, a VPN should do two things: keep your internet speed reasonably fast, and actually protect your browsing data. That’s where I focused my testing. Extra features, a comfy UI, and customization settings are great, but they don’t matter if the core service is broken.
Speed testing requires spot-checking, as the time of day, the network you’re connected to, and the specific VPN server you’re using can all influence speeds. Because of that, I always set a baseline speed on my unprotected connection directly before recording results, and I ran the test three times across both US and UK servers. With those baseline drops, I spot-checked at different times of the day over the course of a week to see if the speed decrease was similar.
Security is a bit more involved. For starters, I checked for DNS, WebRTC, and IP leaks every time I connected to a server using Browser Leaks. I also ran brief tests sniffing my connection with Wireshark to ensure all of the packets being sent were secured with the VPN protocol in use.
On the privacy front, the top-recommended services included on this list have been independently audited, and they all maintain some sort of transparency report. In most cases, there’s a proper report, but in others, such as Windscribe, that transparency is exposed through legal proceedings.
Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.