VPNs With the Best Bet of Protecting Your Privacy
About This Article
As a VPN user myself, I did quite a bit of shopping around to find the one that's best for me. Now, I do not mean look for the one that offers the fastest speeds or the one that has the most nodes. I'm talking about the ones that are considerably more secure than the others.
I follow TorrentFreak quite a bit so when they launched a quick series of quick interviews asking popular VPN providers questions regarding their policies, I was all up in that. TorrentFreak mainly focused on asking questions regarding logging practices. However, the EarthVPN fiasco led me to look beyond the responses of these VPN providers. What exactly was the EarthVPN fiasco?
EarthVPN claims to keep no logs whatsoever. This means no user logs, no log-on logs, no connection logs, and so on. Yet, a Holland student was arrested in June, 2013 for issuing a bomb threat against his University. Even though this student secured his connection through EarthVPN, guess how the authorities found him? Logs! Which EarthVPN claims to not have any. Of course, EarthVPN responded with excuses. You can find the whole story just Googling "EarthVPN logging".
This article takes into account of a few more factors such as the country of operations, privacy policies, terms and conditions, and such. Why are these factors important? I have found that some VPN providers will have their sales department say one thing while the exceptions are all hidden away in their terms and conditions. Of course, you won't truly know company's operations unless you work for one of these VPN providers.
I simply hope to provide a guide and method of analysis when shopping for VPN providers. This is to help you gain an edge in protecting your anonymity as, after all, no solution is perfect unless you simply go offline.
Note: This article is not intended to encourage the conduct of illegal activity or abuse towards individuals and organizations. The intention of this article is to promote personal privacy.
What It Is and How Does It Work?
There are many complex explanations as to how VPNs really work. I hope my explanation will be better. Please feel free to contact me either through the comments section or by private messaging and request me to update my definition.
Your computer has an internet connection because it is connected to your internet service provider (ISP) and your ISP will redirect you to websites hosted on various servers around the world. A VPN is a direct connection from your computer to a remote server. This server is provided by your VPN provider. The connection from you computer to the remote server is encrypted so all your ISP can see is that there is an encrypted connection from one point to another. Your ISP will have no way of knowing what you are doing if your VPN is setup properly. The remote server then handles your requests and connects to various sites on the internet. The sites you visit will not know your true location. All they will see is a visitor visiting their site from the location of the remote server you are connected to. You are probably wondering then, can't they trace it back to you because you have a connection to the remote server? This is a multi-step answer. It is very hard, virtually impossible, for them to trace it back to you because many others are connected to the same remote server as you. This means that there is no way of determining who's connection belongs to who. Of course, the server could be logging activity so your activities could still be detailed on the logs. This is one of the characteristics we will be looking at when selecting VPN providers.
There are various types of logging. Generally, we do not want a VPN that logs.
Country Of Operations
Every country has their own surveillance agencies. Definitely want to keep this in mind.
Political and Judicial Relations With USA
How does a country respond to a subpoena, DMCA notice, court order, and such. We do not want one that complies.
Willingness To Shut Down
Some VPN providers state they would rather shut down than comply with authorities. Definitely a noble act.
If an VPN provider informs registrants beforehand that they will comply with court orders, then that is something to consider when signing up.
I have selected a series of VPN providers, which I find will cause the least problems with users. These VPN providers rank much higher overall in terms of security, privacy, transparency, and undisturbed geographically and politically. Once again, feel free to message me either in the comment section or through private messaging if you have another VPN provider you would like me to look at.
Probably by far one of the bigger and more popular VPN providers out there, Proxy.Sh is based out of the Republic of Seychelles. Although a much smaller country in size, it does stand its ground. As Proxy.Sh claims, they will only release information if they receive a court subpoena from their own government. So far, this has not happened and does not seem likely. In response to foreign requests, they do receive DMCA requests. Unlike many other VPN providers, Proxy.Sh promotes transparency through their Transparency Report. All DMCA and other notices as well as responses are posted in the Transparency Report. So far, they have handled these notices incredibly well.
With Proxy.Sh, new users can also be rest assured that it is possible to remain anonymous even with payment processing. While some VPN providers do not log connections, they do log payment processing. The same goes for Proxy.Sh. Only network connections are logged. While Proxy.Sh maintains that the only record that they keep on file is an e-mail address linked to the payment account, it is still best to completely anonymize yourself. Proxy.Sh accepts over 90 payment processors including many prepaid options. Simply buy a package using a prepaid credit card and an e-mail address dedicated solely for this subscription and you can be on your way.
I recommend Proxy.Sh because they are devoted or at least go to great lengths to make it seem like they are devoted to the protection of privacy. Their transparency report was completely voluntary and it is done to keep clients up to date of what is going on with each of their servers. Not only that, the payment processors that they provide allow users to purchase subscription packages without having their information logged and stored. Finally, Proxy.sh also does experimental development in the background. They have other encryption methods that they are constantly testing and improving, which they offer along with the standard AES256.
Proxy.sh: Price Table
Proxy.sh: Some Issues
Proxy.sh's policies are a bit concerning. They are kept very open, not going into specific details as to under what circumstances the course of action will be taken. This means that clients must accept the fact that Proxy.sh is able to do as it pleases.
This "legal precedings" should be read. Although they have taken this to a very extreme level, it is not wise to ignore this legal matter. This was found in their Terms of Service section. I found that these two were probably the most important reads, but there are definitely others potential clients should comb through before preceding with this VPN provider if they choose to.
Mullvad is a rather unique VPN provider. In an interview, they stated that their service was launched for political reasons. They would much rather discontinue their service than hand over information if issued a court order. Although we may never know if they will uphold their claims, it is a good start that they dare make such a statement. What do you think of when you think of Mullvad? Chances are it is Lavabit, an e-Mail service that decided to shutdown rather than hand over their clients' information.
Mullvad looks very good upfront. I am only saying upfront because there is no way to see the back-end of their service unless you actually work for them. They have a very simple mission and that is to make internet censorship and surveillance ineffective. Located in Sweden, their team consists of Fredrik Strömberg, Daniel Berntsson, Robin Lövgren and Simon Andersson. They manage everything from sales to penetration testing. They state that all their servers are dedicated, none of that virtual "stuff", but they only have direct access to their Swedish servers. While Sweden is not known for its surveillance program, it does cooperate with the United States. It is one of the free possession and distribution of intellectual properties capital. Therefore, it is highly unlikely that the Swedish courts will request to seize Mullvad's servers. Nevertheless, the Sweden FRA surveillance agency does monitor internal traffic. This is why there is an "Exclude Swedish Traffic" option on the Mullvad's OpenVPN application.
Mullvad operates on a much smaller scale than Proxy.sh. This has its advantages, but also drawbacks as well. Both countries rank relatively high in terms of freedom from censorship control and low in government intervention. Mullvad will probably best server European and Asian customers due to the geographic location. When comparing the Netherlands server from Proxy.sh and Mullvad, Mullvad ping-ed at 217 ms while only 201 ms for Proxy.sh. Although slightly higher, the its speeds are still pretty good. I tested with Netherlands because it is a good server destination for torrenting. In case a server seizure request is in place or if logging does exist, getting to the servers stationed in Netherlands is slightly more difficult compared to everywhere else.
Mullvad: Price Table
Mullvad: Account Structure
Mullvad's account structure is quite unique. They generate an account for you. This way, your e-Mail address, password, or anything else that might identify you are not stored on their system. Like I said, they generate an account number. You can then allocate ports after the generation is complete, which just takes a minute.
Keep in mind that your payment information will be stored on file if you decide to pay with Paypal, cash, or bank wire. If you pay with cash, you will have to mail an envelope. This would expose your own address. Assuming that they do not keep your address on file, then chances are this account won't be linked back to you. If you pay with bank wire, it will definitely be linked to you. Your bank's branch number, routing number, and your own account number must be given out for this to work. Paypal can be anonymous or not depending on how you use it. If you have an existing Paypal balance or using a linked account, then your information including your address and Paypal e-Mail address will be given out. On the other hand, you can remain anonymous by using a prepaid credit card with Paypal. You can do so without signing up for a Paypal account. Keep in mind that Paypal charges a $1 fee or the equivalent €1.60 fee for using a credit card. The final option is Bitcoin. While Bitcoin is not truly anonymous, there are ways of making it so. This discussion is for some of the more technical users and out of the scope of this article. I strongly against mailing money to Mullvad as it would be difficult to receive a receipt for the proof of purchase. Not only that, but any losses will be accepted by the sender.
In a case the image is not viewable, you can visit the actual terms and conditions page following the source link. It is definitely worth reading, especially because it is quite interesting. Unlike Proxy.sh, Mullvad is very straightforward. They don't care what you do and they will make sure to purposely not have anything so as to not give out any information. I mentioned earlier that Bitcoin isn't truly anonymous. Mullvad actually provided a wiki reference on how to anonymize Bitcoin transactions for those that are truly interested.
Mullvad does have its perks and I strongly favor this VPN provider. However, it falls short slightly behind Proxy.sh due to the lack of servers and payment processors. Mullvad best serves European and Asian clients due to the geographic proximity. With that being said, North American customers need not to worry. For those that aren't speed conscious, definitely consider giving Mullvad a try.
What do you think of when you think of Slovakia? Okay, I admit that was probably a bit confusing to hear or read in this case. At the end of this paragraph, you should be thinking of TigerVPN when you think of Slovakia. What makes Slovakia so special? Well, you can think of Slovakia as the guy on the fence when it comes to protecting the privacy and freedom of individuals. Let's add a little historical context to this. The Anti-Counterfeiting Trade Agreement (ACTA) was signed by 22 European Union countries, the United Kingdom, United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore and South Korea . This agreement was aimed at improving the enforcement of protecting intellectual property rights in the participating countries. Slovakia, along with Germany, the Netherlands, Estonia, and Cyprus did not sign up. In February, 2012, Economy Minister Juraj Miskov stated that he will not support a treaty that could limit human rights and freedoms. By not participating in ACTA, TigerVPN's operations in Slovakia are relatively safer and stable when it comes to dealing with foreign claims of intellectual property offences. Whether this is true or not is a different case, but the selection of VPN providers in this article considers only the sustainability of their operations.
While your IP address is not linked to your credit card, it is still on file. If their servers are seized or breached, you can be identified as a client of theirs. My advice is to use a public computer or go to an internet cafe to purchase this subscription. Public networks are not ideal for secure payment transferring so be as fast as you can when ordering. Since they also record your usage time, it is not a good idea to use a server with a 0% load. Why? A 0% load would indicate either no connections to that server or a significantly low number of connections. In either case, it only makes it easier to identify you as the user. Of course, we are operating under the assumption that these servers do keep more logs than they claim. If you are an accounting firm, would you not keep a ledger of transactions? Would you tell your clients that no ledger is kept so no transactions can linked back to you? You would not do such a thing and, chances are, neither will a VPN provider.
Their terms and conditions page does not contain anything of great importance. I only encourage reading it because it offers pricing information not found in the pricing page. For example, the terms and conditions page actually outlines four different price packages. You cannot find them when you go under the pricing page.
TigerVPN: Price Tablet
Make sure to read their terms and conditions especially if you are interested in learning more about their "Test Drive" and "Golden Ticket" VPN packages. Their "Test Drive" package grants a one day access, which expires automatically 24 hours after your purchase. The "Golden Ticket" package grants you access to an individual timeframe and may include extras. This product is sold separately and is not available for purchase on tigerVPN.com. I have yet to determine how the "Golden Ticket" package works or how to purchase it for those that are interested.
Update: It appears that the "Golden Ticket" package works more as an extension to an existing purchase. Think of it as an "add-on" solution only available in your own TigerVPN dashboard.
I have searched around online and TigerVPN is generally met by positive reviews. Most complaints seem to come from Korea and Hong Kong stating connection issues either no connection or slow connection. Keep in mind that we need to factor in the internet speeds in these Asian countries. I have experienced it first hand and can confirm that it remains slower than our North American counterpart. Even though VPNs are faster than proxies, they do, nevertheless, slow down your internet speeds somewhat. Their support seems pretty good, always responding to comments left by their Android app users. They have several servers around the world, most situated across Europe. Don't worry, this isn't the end of the world for North American users. They do have a Canadian server based in Montreal, Canada. In the United States, there are servers based in New York, Washington, Denver, and Los Angeles. They are located in a very nice geographic region and the political environment is quite favorable. I strongly recommend connecting to their European servers over the U.S. ones despite lower speeds. I do not give it full marks because of its partial logging practices. However, do not be mistaken to think that I believe the other VPNs I mentioned do not log. Even before the EarthVPN incident, I had my doubts regarding these no-logging practice claims.
Keeping It At Three And Only Three
You may have been expecting more than three VPN providers, but I ended up taking many out. Basically any U.S., Hong Kong, or Canadian based VPN providers are a no-go for me. I have decided not to include them in the list. If you are wondering why, it mainly has to do with the political and geographic factors associated with these countries. I will get into a bit more details later on because it does require some clarification. The first thing I looked at was the logging policy. Any VPN provider that logged a connection was out of the question. They have been discarded immediately. Next up, I did not want any VPN provider in the countries mentioned earlier. The political and geographic environment poses some kind of inconvenience in the near future and so it is best to avoid purchasing an annual subscription. You might ask why an annual subscription? Annual subscriptions are generally cheaper. If you find a VPN provider that can provide the servers in the countries you prefer, then there is no need to switch to another VPN provider. I am not going to take into consideration of the VPN providers that only meet some of the characteristics outlined in the very beginning of this article. And so, for existing or new VPN customers, these three VPN providers are your best bet. Feel free to do your own research as well as my information may become outdated as time goes by.
I keep stressing the need to look for VPN providers that fall or do not fall under certain geographic boundaries. The truth is that each country has its own surveillance agency just as intrusive as United States' NSA. However, I believe because of the population and corporate density, the politics in the United States is most likely to compromise our freedom and privacy. This article is not meant to be political and in no way will be. The basis for avoiding U.S. based VPN providers is the fear of seizure. Operations and servers situated in the United States will most likely receive a court order first or seizure whether warranted or unwarranted. Some may not follow CryptoSeal Privacy's footsteps and comply with the government. This is much less likely with a foreign VPN provider. I have also excluded Canada based VPN providers because of their willingness to cooperate with the United States. This focus is on internet service providers, mostly Teksavvy Solutions Inc., rather than VPN providers. In either case, it is not in our best interest to consider this geographic location as well. I hope this article can generate some incentive to do further research from various available sources to pick the best possible VPN provider.