VPN Comparison
from Charger8232@lemmy.ml to privacy@lemmy.ml on 09 Oct 00:08
https://lemmy.ml/post/37270537
from Charger8232@lemmy.ml to privacy@lemmy.ml on 09 Oct 00:08
https://lemmy.ml/post/37270537
I made a spreadsheet comparing different open source VPN providers.
Part 2 here
Providers
Notes
- Please do not start a flame war about Proton.
- Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
- The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
- IVPN has two differing plans, which is why “Standard” and “Pro” are sometimes differentiated.
- For accounts, “Generated” means a random identifier is created for you to act as your account, “Required” means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
- Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
- All prices are in United States Dollars. Tax is not included.
- Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
- The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
- The Proton VPN Flatpak is unofficial, but based on the official code.
- Availability on secureblue is based on the
ujust install-vpncommand. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages. - I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.
Takeaways
- NymVPN is very very new, but it’s off to a strong start. It wins in almost every category. I actually hadn’t heard of it until I started this project.
- If you want a free VPN, Proton VPN is the only one here that meets that requirement.
- If you want to pay week-by-week, IVPN is the only one that allows that.
- If you’re paying month-by-month on a budget, Mullvad VPN is the cheapest option.
- NymVPN is the cheapest plan for anything past 1 month.
- If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
- If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
- Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn’t even matter.
threaded - newest
Can Nym be used on an OpenWrt router? Does it require a special app or can it be used with a standard wireguard config?
A guide is in the works
It supports WireGuard.
Nym looks interesting and I hadn’t heard of it before, but based on my reading I wouldn’t say it supports wireguard.
It implements wireguard but it still looks like you need to use their client instead of a vanilla wireguard one.
I’m having problems opening the image, is it just me?
I’ve included it both as a post image and as an embedded image for maximum compatibility (e.g. for RSS readers), so there shouldn’t be any problems. I’ve tested it on multiple browsers on multiple devices just fine.
Edit: It seems lemmy.world is breaking all lemmy.ml images
also doesn’t work on sh.it
I can see it there? On Voyager, if that matters.
Are any of these good options for port forwarding? I’m currently using PIA and I’d rather not.
I had the same dilemma after mullvad stopped allowing you to create port forwards. I switched to Proton which works fine but I’m curious what other options are out there. It can be hard to find the details about port forwarding, especially if it only works when using their app and not with openvpn/wireguard which is easier for running containers.
AirVPN lets you open 5 ports and allow p2p. Works with their app and openvpn/wireguard. I’ve been paying for it couple years now and I’m pretty happy with it
Proton VPN supports port forwarding. IVPN and Mullvad VPN do not. Mozilla VPN and NymVPN don’t explicitly state whether or not they do from what I found, so I’m not sure.
Mozilla VPN is just mullvad so they do not
NymVPN doesn’t supports it. I asked their support. They have plans for the future.
If you are looking for reliable port forwarding consider Windscribe VPN.
Yeah the spreadsheet is kind of useless without that information
I wouldn’t call it useless, for people who just use a vpn for privacy, for all I know the only main use case for port forwarding in a vpn is torrenting linux iso’s rather than genuine privacy measures.
That’s why I said kind of
Oh boy, seems I missed something again. What’s wrong with PIA? I’ve been using them forever.
Oh, you know, the usual. Bought out by an Israeli spyware company.
I have Pure VPN. It allows port forwarding but isn’t on the list. I don’t see it talked about much so I don’t know how it compares to others, but I’ve just been using it because I got a great deal for a 5 year plan forever ago.
Pure vpn seams like a pretty generic scammy vpn like surfshark or nordvpn they have there own blog dedicated to why they are the best stating reasons like securing yourself in public wifi, protecting you from scams or getting hacked, protecting you against ddos atacks??? and just advertising vpn’s as a jack of all trades privacy toolkit, which they really aren’t.
VPN companies that are willing to lie to consumers about what vpn’s actually do means they could be lying about other things, like there no logs policy.
Proton does a better job at explaining what a vpn actually does and doesn’t do.
That explains it. It’s been working well enough for me, but I’ll probably change as soon as this plan is up.
I mean I’m using pia, so not much better but I’m broke so I ain’t paying for mullvad or anything. I might switch to nymvpn when I get the chance though, it seams pretty good.
Why not PIA? I was looking into it for port forwarding
It’s owned by an Israeli spyware company.
Of course 😔
Wow, Nym’s payment model past month-to-month looks good. I don’t really need port forwarding, so the advantage I see they have over Mullvad is the decentralized nature of their servers. Mullvad does have multi-hop but it goes through Mullvad owned or rented servers. Does anyone know if Nym really does use servers that aren’t leased/rented by them for decentralization? Otherwise, they are no different from Mullvad and only the payment model is better.
Nym pays users to be a relay as far as I know. There are 5 relays or 2 relays with your preference (depends on the speed and security you want). Maybe they own some servers that I don’t know but their encryption techniques are quite advanced. There are articles on their websites that they cannot log anything.
Mullvad does not offer port-forwarding anymore.
Cool, thanks for sharing.
Where is AirVPN? Arguably much better then these VPN providers offering static port forwarding among their features.
Provides configurations built for Wireguard and OpenVPN with each server having unlisted IPs to completely get around VPN blocks.
Owned by a “hacktivst” lawyer in Italy.
Multiple audit along with police attempting to sieze running servers. These are configured to dump there configuration on shutdown and run entirely in ram.
This is a battle tested VPN that has existed since 2010. They allow for completely anonymity using Creptocurrencies payments.
.
Also would be worth considering RiseUp VPN which is run by an anarchist organization. There’s also a new one BuycatVPN which I think is affiliated with the Tech for Palestine project and from an organization that’s an official partner with BDS, but I don’t know anything else about it.
I will definitely check these out. Thanks for the tip, friend.
Why is proton consistently red in the pricing category despite being cheaper than (or on par with) other options like mozilla which is consistently yellow? Am I misreading this as green = good, red = bad?
That seems to be a bug. That’s my bad. Thanks for catching that! I’ll fix it soon and edit the post.
Edit: Fixed! Sorry about that.
Why is Tor never compared to vpns for most people? Like 90% are just wanting an encrypted tunnel to a proxiy right?
I think Tor is too slow for most people / everyday browsing
Because it is not a good option to route that kind of traffic. It’s okay for most use cases, though.
As someone who regularly uses Tor, it takes like 5 minutes to load a simple webpage half the time
VPNs and Tor are used for different purposes (sort of).
And common tasks like downloading big-ish files or streaming video should not be done on Tor (it’s possible, but I believe it is discouraged), but can be done easily over a VPN.
I suggest adding AirVPN.
no love for windscribe? :(
CEO is a jackass but the product is fantastic and has a great free tier, although P2P/torrenting was removed from the free tier unfortunately I believe
evergreen
Posts you have to squint at to figure out if they glow or are just inexperienced.
This is great, thanks for sharing! You’ve got a few useful feedback points, let me add one more: does a provider have an onion address. This allows decoupling of payment from usage. Not a big thing, but good to know.
Would Nym work with Glueten? It seems bewz so its not listed on their github but it supports wireguard so maybe it does.
As long as you can generate a wireguard config that works, for example, on your desktop/main pc with wireguard directly, then Gluetun should have no issue (as far as im aware).
Gluetun specific provider support is usually just there to get setup faster (I think so it can automatically get configs for certain countries, etc).
Missing category: android TV support
Can just use the wireguard app
No .ods file?
Soon :)
I plan to make a version 2.0 with some requested changes.
Nymvpn seams great! I’ve never heard of it either. I just hope it stays around and gets a name for itself.
Same here… but I don’t know what I think about vpns that say around a long time. You can’t help but wonder that the reason they are still around is because they got co-opted.
Does anyone have experience with the Mullvad, NymVPN, or AirVPN clients (if they exist) on Linux? I’m still mad Proton removed support for their Linux client and replaced it with an intern-level gnome-only taskbar applet. Also, do they support generating plain Wireguard configs?
Yes, I use mullvad VPN on Linux. It works fine. You don’t need their client, of course, but it is good.
I can confirm that Mullvad VPN client works quite well on Linux.
The AirVPN client works well on Linux. They provide really good Linux support. airvpn.org/linux/
secureblue is Linux.
I don’t use the official client, but airvpn with pure wireguard works perfectly.
I have experience with airvpn on linux. They have a couple different client options as well as being able to config files for both openvpn and wireguard. All of which I have used and haven’t had any notable challenges using.
I really like Mullvad. I can’t speak towards their app though I just export the configurations and import them to my distros networking settings so I can activate it more easily.
Okay, what exactly are the benefits of a VPN for the average user (non-corporate), besides pretending to be somewhere else?
Data retention laws of your ISP.
What can they collect, seeing as HTTPS is common nowadays? I mean, they could have DNS wueries, I guess. But then how does custom DNS vs VPN compare?
Assuming every connection you make is encrypted with TLS (HTTPS) or otherwise encrypted:
If you use encrypted custom DNS, your ISP sees only the IP addresses you connect to. If you use unencrypted DNS or ISP-provided DNS, they see the hostnames plus the IP addresses.
How does one know if their DNS is encrypted?
And what would the benefits of a VPN be, if any, in this scenario?
It can prevent man in the middle observation or attack and allow you to avoid a particular type of location tracking.
Another user on an instance I don’t see posts from talked about tls in response to your question about https. It’s important to recognize that the certificate based system for establishing identity when making a tls connection is cooked and has been for twenty years at least. It may have been designed flawed from the start.
Because of that, the combination of dns over https or dns over tls and a vpn you trust allows you to bypass certificate attacks.
Why is being on the Google Play store a feature worth highlighting? To use an F-Droid expression, that would be an anti-feature.
With the upcoming restrictions on third-party apps that Google has announced maybe? It’ll be easier to get from Play, and may not be available otherwise at all.
I don’t think giving into Google seizing more power is the way. People doing that is what enables the corporation to continue and have more control over their lives, including their privacy.
As I mentioned, the availability section is security focused. F-Droid has potential security issues compared to Accrescent or the Google Play Store.
I didn’t suggest F-Droid for inclusion though. I merely used its applicable terminology. Still, with Google Play, you trust Google to ensure that the apk is from the actual source, and with F-Droid, that’s delegated to F-Droid. I don’t see that as being less secure.
My bad, I understand now.
Because it’s security focused, it includes app stores that are good for their security (regardless of privacy). Other app stores, such as F-Droid, have security issues that Accrescent and the Google Play Store don’t share. This topic has been argued to death countless times before, and I don’t want to start a flame war, but do try researching it and see what comes up.
While F-Droid has security issues, the ideological security benefit it provides that Accrescent/Play Store/Obtainium doesn’t is the guarantee that the app is open source, and if the developer goes rogue (I.e. Simple Mobile Tools) it gets removed. A lot could be improved though.
I believe Wireguard/OpenVPN/etc profile availability is more important than Google Play Store.
Nice comparison. Thanks for sharing! Any reason NordVPN was excluded?
It isn’t open source.
However, their client software for Linux at least is:
it is: github.com/NordSecurity/libtelio/blob/…/LICENSE, github.com/NordSecurity/…/LICENSE.md
Those are clients/for clients tho.
Server is proprietary closed-sauce.
I wonder which VPNs of the ones listed open sourced their backend/server side?
edit: Neither Mullvad or Proton have…
FWIW took me less than 1h yesterday to setup WireGuard on 4 different devices :
wg-easyand thus easy to use Web UI (before 2-step auth)nmcli… and it was the first time I used WireGuard.
So I’m trying to imply that one shouldn’t use commercial VPNs or benefit from their services, solely that setting up your own depending on your abilities and needs might not be as complex as you initially imagine.
PS: I did have experience with OpenVPN before and a running server already with Docker and nginx as reverse proxy.
Maybe I misunderstand wireguard, but don’t you still need a VPN provider to connect to? If it’s just your home server, how would you get any anonymity?
You can host WireGuard on your server, you don’t need a VPN provider specifically, you need a server to put WireGuard on though. Depends who you want to be anonymous from, as per usual it’s the threat model that defines the solution.
I was thinking for torrenting.
There’s plenty of seedbox companies out there, you can get 10Gbps+ connections and they run the torrent client for you so there’s no upload happening from your local PC at all… Many offer VPN capabilities at the same time, but for general browsing I use a VPS with my own wireguard.
Yeah… And they are way more expensive than a VPN.
FWIW Im torrenting on my server 24/7 for years. I’m only torrenting Linux ISO though, using
transmissionin a container.Don’t do this if you want to use a VPN to pirate stuff. It’s a fine suggestion for anything else, using a VPS w/self hosted VPN to provide a basic degree of anonymity.
I didn’t suggest it for any usage, solely that it’s easy to setup.
I assume you’re talking about creating a VPN into your own personal network? Unless you have family or friends in a different country I fail see how you’re circumventing geo restrictions or gain anonymity on the internet.
Wrong assumption, you can install it on any other machine you have root access to, e.g. remote ssh. You can rent a server in another country and put your VPN server if that’s your need.
I do not agree with placing switzerland over sweden in that location category
and i think a category should included, that tracks age of vpn or something like that, considering this is nymvpns biggest flaw… still hard to say how trustworthy it is + their software is less battle tested
(
and just for someone curiouse, it should be mentioned that nymvpn does use mullvad servers/ has a deal with mullvadsry i mixed that up obscura and mullvad had partnership, not nymvpn)I’d be happy to hear your elaboration on this. From what I know, Switzerland is seen as the gold standard in terms of privacy.
The issue is that age doesn’t correlate with security. There could be an outdated, insecure VPN that’s been around for 10 years, or a modern, secure VPN that’s been around for 10 days. If I included it, there would be no “good” or “bad” values. Nevertheless, I will include this in version 2.0.
I knew NymVPN used a small bit of Mullvad VPN’s code, but I didn’t know they used their servers. Could you link to this?
this is awkward i am sorry it seems like my memory failed me, for one it is was mullvad and obscura that have a deal, not nymvpn…
and then i also thought somehow that vpns are in sweden protected by the constitution, but it appears its more like normal laws. Which appear to be effective tho. But mainly i thought about that recently switzerland was proposing laws like this tuta.com/blog/switzerland-surveillance-plan (possible that laws like these get proposed in sweden aswell ofc) which makes it sound like the privacy stands of the goverment is not that strong anymore, but there are probably no effects really at the moment. I think i would rank sweden and switzerland equally i guess, i mean the famouse mullvad example kind of proofs that they are safe i think…
But like my research into the countries is not that deep, so if you really looked into this deeply and switzerland is really better for some reason, than i guess it is like this.
But i still think the age is important, like sure its completly possible that an old vpn suddenly gets infiltrated or idk what really, but since for vpns are mostly trust based, i think that the track record is the best option for this… and new vpns just dont have that long of a record (personally i would not use like a 1 month old vpn for example, whoever good it sounds)
or can nymvpn offer garantuees similar to tor?
I agee. Switzerland is close to be the worst country for privacy with the current revisions of the law.
Why is proton VPN excluded from the winners for open source, license, and based on, despite having the exact same values populated as the other 4 winners?
That’s another bug on my part. I’ll fix this in version 2.0 :)
Isn’t Mozilla VPN built on Mullvad? Also, why this instead of thatoneprivacysite.xyz/#detailed-vpn-comparison
Yes. That’s included in the comparison.
They don’t include NymVPN.
I have never heard of NymVPN
Most people haven’t, till they have.
What about logging policies? Seems like that would be an important category to visit - which providers store logs or don’t etc. I’ve heard of some that use RAM-only logging that allegedly never gets stored on disk.
Even so, you never knowif they’re really no log. What guarantees that apart from a verbal promise?
Best way I know is to observe them being unable to comply with legal demands to supply data when they receive them. From what I’ve heard Mullvad has passed that test, but I’ve never tried to follow up and find details.
There is no guarantee unless you could personally audit their facilities and inspect what they did with your account etc. But I would still choose one that states they have a good policy versus one that says nothing on the subject.
I was grumped by not seeing PIA on this break down. I’ve been using it for years and have always had a good experience with it. But I’m not so sure I know their privacy side now that I see this great break down
Edit: just re read the post again and I think PIA isn’t on here cause it’s not open source?
PIA is an American owned company obligated to comply with the Five Eyes Alliance, they’re legally obligated to retain your personal information unless noted otherwise.
Source their privacy policy, which FYi compare their Privacy Policy to another company like Mullvad and notice how theirs reads like a novel compared to Mullvads, that’s an immediate red flag.
Thank you for this Still learning here I’m finding out that I’ve been mislead. Probably by their marketing.
I remember an ad I saw for PIA saying something along the lines of “the only VPN that can prove in a court of law that they don’t retain your data”
Either it’s a lie or it doesn’t actually carry the weight I thought it did.
ProtonVPN has started to become blocked on tons of websites. I have to switch servers all the time, to the point I won’t be able to keep a VPN connection up like I used to.
I’ve read Mullvad has worsened as well. There seems to be a general ban on VPN use (there was always some of course)
My last hope: non profits who offer VPN. They keep logs, don’t allow torrenting, and require a real name to subscribe. Very few server choices, if any.
I’m… fine with that. I just want privacy. No surveillance. And I trust the non profit. Plus I torrent on a VPS anyway
What I would like to see are local VPNs, with a small enough pool of users on each server to not get flagged. A rotation between servers from time to time. Compliant with the law of course (as long as the law doesn’t require total surveillance, evidently). The goal is to hide everyone’s activity from the providers and websites (yes, I know, fingerprinting)
But maybe there’s some other existing tool/service I’m not aware of?
Does using a VPS truly enhance safety while torrenting? Isn’t it still possible for downloads and uploads to be traced back to your identifiable IP address, especially considering that the VPS provider logs your IP and email details?
VPN on VPS (easy to do with gluetun)
Basically you use a container that’s a VPN connection and connect other containers to it.
Exactly this, the commenter above even mentioned they have a VPS already, what’s stopping them from (this is just an option) slapping tailscale on there, enabling it as an exit node and being done with it? Would literally take 5 minutes and suddenly your traffic is coming from a datacenter and not your home IP
Both comments are me. Configuring Tailscale (or Headscale?) is on my to-do.
To be clear, connecting to the VPS is not what I use for the anonymizing part, it’s the gluetun container that connects to ProtonVPN servers. This way I can still access my VPS with its real IP. Not sure if there was a confusion there.
Simply using my VPS as relay would still attach my browsing to a single IP I’m the sole user of… or not? I do not know how that works.
Thank you for clarifying. Does using a VPN on a VPS offer the same level of privacy as connecting a VPN container to a torrent container from a home connection? I’m curious about the advantages of using a VPS in this context.
No advantages privacy-wise, but it’s like a seedbox! I keep the torrent client running. Also I’m on a limited mobile data plan on my router at home, so this helps.
When I found out you could get a free 200GB VPS (look up free tier vps) - and because I had another paid VPS already anyway - I decided to make a seedbox. It’s not a ton of storage but it works really well, very happy with it.
Gotcha, thanks for explaining this! I’m glad you’re happy with your VPS.
What would happen if you tried to put I2P on there?
… I guess you’d have to go by the different outproxies… ?
You probably dont want to use a super well known vpn for many reasons…
Using one only because it’s super well known? Sure. It can be well known and scummy. But it can also be well known, trusted, vetted, etc.
And you also probably don’t want to use one that is barely known as there’s the lack of trust, getting, who runs it’s, etc.
I’m not sure about your statement, but using a very unknown vpn could lead to possibly tracking you because theres less of a crowd to blend in with.
Assuming your statement is correct (idk if it is), then there’s a middleground i guess.
Are you sure you can blend in? Depends on the vpn and the laws I guess… If they are able to identify your connection. As far as I know, they all have credentials connected to your account…
You are right.
It is easier to blend in though if the vpn doesn’t log (and before logging is added by feds if possible) or if the person tracking you is not a government and doesnt have that control or is just the service you use, etc.
Maybe adding number of servers and country diversity
Great work!
+1 to add NordVPN
Why? They (used to) push disgustingly deceptive marketing and had an embarrassing server breach.
Is it even open source?
No, only some of their clients are.
Linux and the newly openwrt clients are, also their main low level lib (libtelio)… windows/macos are not though
Never heard of NymVPN. Does anyone use them?
I use Mullvad, and I really trust their devs. Not really looking to change, but having more options is always good.
Same boat, Nym’s long term costs seem to scale much better, but I’d be reluctant to leave Mullvad
I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.
I don’t really pay attention to these “discounts”. It is, generally, just a marketing tactic. Plenty of services/websites/shops have the same discount 24/7.
You’re right, it is pretty common to do that but there’s always the chance they just cancel the discount around renewal. If you have autopay then you probably already committed to the new price before you realized what happened.
Yeah me neither. This kinda feels like a nymvpn ad
Whats best for mainland China?
AirVPN needs some spotlight.