VPN Comparison

After making a post about comparing VPN providers, I received a lot of requested feedback. I’ve implemented most of the ideas I received.

Providers

Notes

  • I’m human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I’ve tried my best.
  • Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled “annually”. AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
  • Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They’ve released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It’s not unreasonable to add this to the list.
  • Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
  • The age of a VPN isn’t a good indicator of how secure it is. There could be a trustworthy VPN that’s been around for 10 years but uses insecure, outdated code, and a new VPN that’s been around for 10 days but uses up-to-date, modern code.
  • Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
  • All of the VPNs claim a “no log” policy, but there’s some I trust more than others to actually uphold that.
  • Tor is special in the port forwarding category, because it depends on what you’re using port forwarding for. In some cases, Tor doesn’t need port forwarding.
  • Tor technically doesn’t have a WireGuard profile, but you could (probably?) create one.

Takeaways

  • If you don’t mind the speed cost, Tor is a really good option to protect your IP address.
  • If you’re on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you’re paying month-by-month, Mullvad VPN still can’t be beat.
  • If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don’t require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

  • rirus@feddit.org
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    8
    ·
    13 days ago

    PIA isnt independent, its by a Israeli spyware company, that owns multiple VPN Review sites and VPN services . Remove it from the list.

      • GnuLinuxDude@lemmy.ml
        link
        fedilink
        arrow-up
        34
        ·
        edit-2
        13 days ago

        Yes. The owner/developer is Kape technologies, an Israeli spyware/adware company.

        To quote from cnet

        For maximum privacy, I recommend VPN providers with a jurisdiction outside of Five Eyes and other international intelligence-sharing agreements – that is, one headquartered outside of the US, UK, Australia, New Zealand and Canada. So it initially seems like a positive sign that, while CyberGhost has offices in Germany, it’s headquartered in Romania. German entrepreneur Robert Knapp says he founded the $114,000 startup on the back of low-wage Bucharest labor before flipping it for $10.5 million in 2017.

        The issue is who he sold it to – the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users’ browsers via malware injection, redirect traffic to advertisers and slurp up private data.

        Crossrider was so successful it ultimately drew the gaze of Google and UC Berkeley, which identified the company in a damning 2015 study. (You can read the Web Archive version of that document.)

        This practice, commonly called traffic manipulation, is condemned web-wide. And the only difference between it and one of the oldest forms of cyberattack, called man-in-the-middle (MitM), is that you clicked “agree” on the terms and conditions.

        Whether or not PIA or ExpressVPN or the other providers owned by Kape fulfill this data scraping and ad-serving pipeline in my mind is irrelevant. Choosing to do business with them rewards bad actors when there are other VPN sellers who don’t have such a tainted lineage.

    • loxdogs@lemmy.wtf
      link
      fedilink
      arrow-up
      1
      ·
      11 days ago

      I read from somewhere that mullvad is owned by two israeli guys. Dont remember the names, but I was told, that it’s written on a frontpage or smth.

    • pineapple@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      30
      ·
      13 days ago

      Could be wrong but I think it’s due to the security vulnerabilities present, its generally better to just use Google play store with an anonymous account.

      • cmhe@lemmy.world
        link
        fedilink
        arrow-up
        29
        ·
        13 days ago

        Na… The likelyhood of installing some bad or fake app from google play store is much higher than on fdroid.

        • Corridor8031@lemmy.ml
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          13 days ago

          i think the security issues are not about fake apps, but about fdroid signing the builds themself, while their build infrastrcuture is described as insecure

          • cmhe@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            13 days ago

            The issue there AFAIK is that some app builds aren’t fully reproducible, because if they were the developer signature would still apply and be used. In the reproducible case the security of the build infra wouldn’t matter, because the same app would be produced the same regardless were they are build.

            Without reproducible builds, you cannot really trust the software anyway, because the Dev could hook some hidden code only for the released binary app and sign that.

            • Corridor8031@lemmy.ml
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              edit-2
              13 days ago

              uhm no not really? I mean reproducible builds are used to cross verfiy that it is the same binary in this case, but like android has no mechanism to do that, this is not how it works.

              that a build should be reproducible is more about your second point and doesnt really have anything to do with fdroid, as far as i know

              Edit: these links should explain it all: https://discuss.grapheneos.org/d/21675-fdroid-security/2

              • cmhe@lemmy.world
                link
                fedilink
                arrow-up
                5
                ·
                13 days ago

                Once it passes inspection, the F-Droid build service compiles and packages the app to make it ready for distribution. The package is then signed either with F-Droid’s cryptographic key, or, if the build is reproducible, enables distribution using the original developer’s private key. In this way, users can trust that any app distributed through F-Droid is the one that was built from the specified source code and has not been tampered with.

                https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html

  • null_dot@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    30
    ·
    13 days ago

    I’ve been using one of these since forever and it just works. Should I look at the others?

    I don’t want this to be a “I use x and its the best” type comment so I won’t say which one.

    I only use wireguard and wouldn’t touch openvpn just because it seems so complex in comparisson.

    The price is fine, the speed is fine, wireguard makes it ubiquitous, never had a problem with reliability.

    • The 8232 Project@lemmy.mlOP
      link
      fedilink
      arrow-up
      10
      ·
      13 days ago

      If you feel one of the options offers something better than the one you currently use, you may consider switching. That’s the purpose of comparisons, after all!

  • Telorand@reddthat.com
    link
    fedilink
    arrow-up
    29
    arrow-down
    1
    ·
    13 days ago

    PIA does not have WireGuard configs available. To get those, you have to use third-party tools to capture and generate the necessary info. Otherwise, you have to use their client, or else no WireGuard.

    Users have been asking for years (since 2018, I think), and they’ve never provided them.

    • Chulk@lemmy.ml
      link
      fedilink
      English
      arrow-up
      48
      arrow-down
      1
      ·
      13 days ago

      PIA was also purchased by the Israeli company, Kape Technologies, which is tied to Unit 8200. If your concern is privacy, I would recommend do against it.

      The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA “.

    • Droolio@feddit.uk
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      4
      ·
      13 days ago

      Is this really much of an issue? They provide documentation and a repository of scripts for working with WG for instance. And I’ve been using this docker container for many years without issue.

      • Luke@lemmy.ml
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        13 days ago

        It’s an issue for accuracy in the comparison images that were posted.

  • dirtySourdough@lemmy.world
    link
    fedilink
    arrow-up
    24
    ·
    13 days ago

    OP this is a big improvement from your previous post. It’s an excellent starting point for folks who are looking to start using a VPN. There’s a lot of constructive criticism in here, which is good, but might be discouraging. Just know that this is already very useful for many people.

  • veee@lemmy.ca
    link
    fedilink
    English
    arrow-up
    24
    ·
    13 days ago

    I just checked how much I was paying for my Nord subscription and now I’m convinced that Proton Unlimited (discounted) is a great value. Gonna switch next year when my subscription ends. Thanks for putting this together!

    • Valmond@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      13 days ago

      I’m on ProtonVPN because it’s ran by CERN people, so definitely an important information IMO.

        • Valmond@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          8
          ·
          13 days ago

          Show me where he endorses Trump.

          Oh, you can’t? But you read it on Facebook or something so it must be true?

          Common, show me your information.

          This is bullshit based on some old tweet Andy Yen did about trump doing good going against big tech. You can read about it here or search for it elsewhere.

          It always comes out when someone says something nice about ProtonVPN, who have an amazing track record IMO.

          • porcoesphino@mander.xyz
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            12 days ago

            That write up does seem to ignore the doubling down here:

            https://lemmy.ca/comment/13913116

            Calling out that JD Vance was the only one to answer is pretty troubling to me after reading about some of his new-right ties. It’s way, way too close for my liking to a mouse telling everyone that will listen that the cat was amazing for inviting him and all his friends to his house in a week. ie. Playing into what just seems like an obvious strategy.

            That said, I’m pretty ignorant about the CEO. I just remembered this lemmy comment and I didn’t notice it included in the write up that was being linked.

          • AdrianTheFrog@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            2
            ·
            13 days ago

            Ok, just read the artlce cited on wikipedia and it sounds like calling him a Trump supporter is a bit of an exaggeration. He seems basically centrist. Which is not great but not nearly as bad.

            • Valmond@lemmy.world
              link
              fedilink
              arrow-up
              5
              arrow-down
              2
              ·
              edit-2
              12 days ago

              Thank you!

              And sorry if I came around a bit agressively. Kudos to you for checking the link and updating your view.

          • eldavi@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            12 days ago

            A company’s CEO gets to determine the path their company takes and the tweet is indicative of where he plans to steer proton.

              • eldavi@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                11 days ago

                We’re never going to know what they intend to do until they do it, but they’ve given us an indication of what they think and we should believe it

          • eldavi@lemmy.ml
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            3
            ·
            12 days ago

            I do not use Windows and I do everything in my power to use non American phones.

            The difference is that proton’s founder voiced support whereas Microsoft has always had a relationship w my govt and it’s dragnet for the Gazan genocide is quiet.

  • Corridor8031@lemmy.ml
    link
    fedilink
    arrow-up
    21
    ·
    13 days ago

    For anyone who considers getting the tor vpn android app “Tor VPN is beta software. Do not rely on it for anything other than testing. It may leak information and should not be relied on for anything sensitive” (it is a disclaimer from their website)

    Thank you for adding the created date column and making sweden green

  • Brickfrog@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    18
    ·
    edit-2
    13 days ago

    One thing you may want to update - listing Tor’s logging policy as “No Logs” is a bit misleading, that’s really more of a voluntary recommendation for individual Tor exit relay operators.

    Tor exit relay operators absolutely can store logs of outgoing connections if they choose to. And technically they could even snoop on non-secure traffic if they choose, there’s a reason you should be using HTTPS if you’re going to use Tor for clearnet browsing.

    Of course most Tor exit relay operators aren’t going to do these things but it’s all voluntary, seems incorrect to claim all exit relay operators follow no log principles.

    EDIT: Also AFAIK you can’t forward a port from the clearnet through a Tor exit relay’s public IP address back to your own Tor client, Tor doesn’t do port forwarding like that. It’s definitely not needed to run Tor Browser (and Tor VPN I think) but that isn’t needed for any of the other VPNs either, a bit confusing how you listed that one.

  • TankieTanuki [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    13 days ago

    All VPNs are blocked on my university’s network meow-cactus

    I live off campus, thankfully, but it sucks that I can’t have any privacy on my laptop while on campus.

    • chaoticnumber@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      18
      ·
      13 days ago

      You can set up a wireguard tunnel for yourself relatively easily, there are a ton of guides out there. Its basically a way for you to pop out elsewhere, same principle as a vpn. Most vpn providers use wireguard as a protocol.

    • dirakon@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      13 days ago

      If the VPNs are blockable and detectable just like that, they don’t really serve as good VPNs, no? Buy some cheap VPS and setup some state of the art thing like x-ray/vless - surely that would solve the problem.

    • _cryptagion [he/him]@anarchist.nexus
      link
      fedilink
      English
      arrow-up
      3
      ·
      13 days ago

      it sucks that I can’t have any privacy on my laptop while on campus.

      tunnel to your home connection then. unless you live an hour or two away from your campus, it’s not gonna add a delay that’s noticeable to you.

    • ATS1312@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      12 days ago

      Mullvad on desktop has QUIC protocol encapsulation so that wireguard just looks like normal https traffic.

      There’s also shadowsocks protocol encapsulation to look like ssh traffic. And that’s even available on mobile too.

  • online@programming.dev
    link
    fedilink
    arrow-up
    16
    ·
    13 days ago

    Also of note, some providers have data caps. I haven’t looked at all providers, merely Nymvpn as I was interested. Turns out they have a 2TB/month cap. Might not be an issue for some, but might be for others.

  • Dr. Wesker@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    14 days ago

    I appreciate the attempt to quantify availability, but don’t most of these providers allow you to generate OpenVPN and Wireguard configs, which can be used practically anywhere?

    Nevertheless, your work is appreciated.

  • Valmond@lemmy.world
    link
    fedilink
    arrow-up
    15
    arrow-down
    1
    ·
    13 days ago

    ProtonVPN: only 8 years old: RED FLAG!

    Well reddish flag at least, is there a rationale behind this? I mean 8 years is quite a long time.

    • Ferk@lemmy.ml
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      13 days ago

      I think it’s just a relative color scale from a spreadsheet… with the older being the greenest, the youngest the reddest, and the rest just fall in between. ProtonVPN just happens to be in between, it’s not as red as the others but also not as green as the ones that have been around for much longer.

      • Valmond@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        6
        ·
        13 days ago

        So you also think the choices were not that good?

        I mean what you are saying is that if there had been a 50 year old one, all the others should be red?

        • Ferk@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          13 days ago

          I’m just explaining the reason why it’s more reddish (but not as red as others). It’s something most spreadsheet software (this was clearly MS Excel) can do automatically with numbers for visual indication so we can more easily see the distribution, it does not mean 8 years old is bad.

          If there’s a big unbalance in color it would just make it more visible that there’s a big unbalance in ages. Probably if that had happened more colors could have been added to the gradient, maybe maroon->red->yellow->green->blue->white. But I think it was not seen as necessary in this case (or the author was lazy, since these are one of the defaults I believe).

          • The 8232 Project@lemmy.mlOP
            link
            fedilink
            arrow-up
            2
            ·
            5 days ago

            (this was clearly MS Excel)

            LibreOffice Calc, actually. You are correct about the color grading.

            (or the author was lazy, since these are one of the defaults I believe)

            I changed the conditional colors from the default to match the colors that LibreOffice uses for “Good”, “Neutral”, and “Bad”.

          • Valmond@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            12
            ·
            12 days ago

            Who cares about why it happened? I mean it’s kind of obvious. No one questioned why excel shows a specific colour, but I did why the person making the spreadsheet did in fact use what you go to lengths to explaine, in a specific way. It’s like saying sorry your paycheck was halved because we have this software and today it divided your salary in half. Not saying that’s not ok or anything, but explaining how “dividing by 2 halves a number”.

            I feel you explain something, while correct, had nothing to do with what I said.

  • cmhe@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    13 days ago

    The ‘availability’ is misleading. If they offer OpenVPN or Wireguard then they are available pretty much anywhere.

    Using just plain Wireguard or OpenVPN configs would also be much better than installing random VPN provider apps.