VPN Comparison
I made a spreadsheet comparing different open source VPN providers.
Part 2 here
Providers
Notes
- Please do not start a flame war about Proton.
- Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
- The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
- IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
- For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
- Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
- All prices are in United States Dollars. Tax is not included.
- Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
- The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
- The Proton VPN Flatpak is unofficial, but based on the official code.
- Availability on secureblue is based on the
ujust install-vpncommand. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages. - I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.
Takeaways
- NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
- If you want a free VPN, Proton VPN is the only one here that meets that requirement.
- If you want to pay week-by-week, IVPN is the only one that allows that.
- If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
- NymVPN is the cheapest plan for anything past 1 month.
- If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
- If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
- Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.
VPN Comparison 2.0
After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.
Providers
- AirVPN
- IVPN
- Mozilla VPN
- Mullvad VPN
- NordVPN
- NymVPN
- Private Internet Access (abbreviated PIA)
- Proton VPN
- Surfshark VPN
- Tor (technically not a VPN)
- Windscribe
Notes
- I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
- Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
- Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
- Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
- The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
- Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
- All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
- Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
- Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.
Takeaways
- If you don't mind the speed cost, Tor is a really good option to protect your IP address.
- If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
- If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.
ODS file: files.catbox.moe/cly0o6.ods
VPN for Privacy & Security | IVPN | Resist Online Surveillance
Audited, open-source VPN service with WireGuard, killswitch and tracker blocker. No logs, no false promises. Anonymous signup with 30 day money back guarantee.IVPN
Questa voce è stata modificata (1 settimana fa)
like this
Lemmchen
in reply to The 8232 Project • • •The 8232 Project
in reply to Lemmchen • • •A guide is in the works.
It supports WireGuard.
NymVPN Fast Mode now powered by WireGuard
Marc Debizet (Nym)eclipse
in reply to The 8232 Project • • •Nym looks interesting and I hadn't heard of it before, but based on my reading I wouldn't say it supports wireguard.
It implements wireguard but it still looks like you need to use their client instead of a vanilla wireguard one.
Eager Eagle
in reply to The 8232 Project • • •The 8232 Project
in reply to Eager Eagle • • •I've included it both as a post image and as an embedded image for maximum compatibility (e.g. for RSS readers), so there shouldn't be any problems. I've tested it on multiple browsers on multiple devices just fine.
Edit: It seems lemmy.world is breaking all lemmy.ml images
Jumuta
in reply to The 8232 Project • • •maccentric
in reply to Jumuta • • •crunchy
in reply to The 8232 Project • • •The 8232 Project
in reply to crunchy • • •Port forwarding | Proton VPN
Proton VPNnewcool1230
in reply to The 8232 Project • • •typhoon
in reply to The 8232 Project • • •NymVPN doesn't supports it. I asked their support. They have plans for the future.
If you are looking for reliable port forwarding consider Windscribe VPN.
BakedCatboy
in reply to crunchy • • •brb
in reply to BakedCatboy • • •Chronographs
in reply to crunchy • • •pineapple
in reply to Chronographs • • •Chronographs
in reply to pineapple • • •skoberlink
in reply to crunchy • • •crunchy
in reply to skoberlink • • •Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Sudais Asif (Hack Read)SevenSkalls [he/him]
in reply to crunchy • • •pineapple
in reply to SevenSkalls [he/him] • • •Pure vpn seams like a pretty generic scammy vpn like surfshark or nordvpn they have there own blog dedicated to why they are the best stating reasons like securing yourself in public wifi, protecting you from scams or getting hacked, protecting you against ddos atacks??? and just advertising vpn's as a jack of all trades privacy toolkit, which they really aren't.
VPN companies that are willing to lie to consumers about what vpn's actually do means they could be lying about other things, like there no logs policy.
Proton does a better job at explaining what a vpn actually does and doesn't do.
Why these common VPN myths are misleading
Douglas Crawford (Proton VPN)SevenSkalls [he/him]
in reply to pineapple • • •pineapple
in reply to SevenSkalls [he/him] • • •sixty
in reply to crunchy • • •crunchy
in reply to sixty • • •sixty
in reply to crunchy • • •scytale
in reply to The 8232 Project • • •Clark
in reply to scytale • • •Lemmchen
in reply to scytale • • •ABetterTomorrow
in reply to The 8232 Project • • •dastanktal [comrade/them]
in reply to The 8232 Project • • •Where is AirVPN? Arguably much better then these VPN providers offering static port forwarding among their features.
Provides configurations built for Wireguard and OpenVPN with each server having unlisted IPs to completely get around VPN blocks.
Owned by a "hacktivst" lawyer in Italy.
Multiple audit along with police attempting to sieze running servers. These are configured to dump there configuration on shutdown and run entirely in ram.
This is a battle tested VPN that has existed since 2010. They allow for completely anonymity using Creptocurrencies payments.
like this
geneva_convenience likes this.
upstroke4448
in reply to dastanktal [comrade/them] • • •How is it arguably "much better"? You just value port forwarding above all else? Has airvpn even been audited yet?
Anytime VPN discussions comes up in privacy forums it ends up being a bunch of torrent users whose only criteria is port forwarding
sudoer777
in reply to dastanktal [comrade/them] • • •dastanktal [comrade/them]
in reply to sudoer777 • • •Nelots
in reply to The 8232 Project • • •The 8232 Project
in reply to Nelots • • •That seems to be a bug. That's my bad. Thanks for catching that! I'll fix it soon and edit the post.
Edit: Fixed! Sorry about that.
like this
geneva_convenience likes this.
fruitycoder
in reply to The 8232 Project • • •Like 90% are just wanting an encrypted tunnel to a proxiy right?
Eager Eagle
in reply to fruitycoder • • •Black616Angel
in reply to fruitycoder • • •sudoer777
in reply to fruitycoder • • •dogs0n
in reply to fruitycoder • • •VPNs and Tor are used for different purposes (sort of).
And common tasks like downloading big-ish files or streaming video should not be done on Tor (it's possible, but I believe it is discouraged), but can be done easily over a VPN.
spacemanspiffy
in reply to The 8232 Project • • •katy ✨
in reply to The 8232 Project • • •PotatoesFall
in reply to katy ✨ • • •katy ✨
in reply to PotatoesFall • • •evergreen
stupid_asshole69 [none/use name]
in reply to The 8232 Project • • •pound_heap
in reply to The 8232 Project • • •superglue
in reply to The 8232 Project • • •dogs0n
in reply to superglue • • •As long as you can generate a wireguard config that works, for example, on your desktop/main pc with wireguard directly, then Gluetun should have no issue (as far as im aware).
Gluetun specific provider support is usually just there to get setup faster (I think so it can automatically get configs for certain countries, etc).
muzzle
in reply to The 8232 Project • • •florge
in reply to muzzle • • •MonkderVierte
in reply to The 8232 Project • • •like this
geneva_convenience likes this.
The 8232 Project
in reply to MonkderVierte • • •Soon 😀
I plan to make a version 2.0 with some requested changes.
pineapple
in reply to The 8232 Project • • •floquant
in reply to The 8232 Project • • •beSyl
in reply to floquant • • •Joseph_Boom
in reply to floquant • • •mholiv
in reply to floquant • • •Linux - AirVPN
AirVPNThe 8232 Project
in reply to floquant • • •secureblue is Linux.
RubberElectrons
in reply to floquant • • •https://forum.guncadindex.com/u/unexpected
in reply to floquant • • •OccasionallyFeralya
in reply to floquant • • •lemmyknow
in reply to The 8232 Project • • •Lemmchen
in reply to lemmyknow • • •lemmyknow
in reply to Lemmchen • • •lumen
in reply to lemmyknow • • •Assuming every connection you make is encrypted with TLS (HTTPS) or otherwise encrypted:
If you use encrypted custom DNS, your ISP sees only the IP addresses you connect to. If you use unencrypted DNS or ISP-provided DNS, they see the hostnames plus the IP addresses.
lemmyknow
in reply to lumen • • •How does one know if their DNS is encrypted?
And what would the benefits of a VPN be, if any, in this scenario?
stupid_asshole69 [none/use name]
in reply to lemmyknow • • •It can prevent man in the middle observation or attack and allow you to avoid a particular type of location tracking.
Another user on an instance I don’t see posts from talked about tls in response to your question about https. It’s important to recognize that the certificate based system for establishing identity when making a tls connection is cooked and has been for twenty years at least. It may have been designed flawed from the start.
Because of that, the combination of dns over https or dns over tls and a vpn you trust allows you to bypass certificate attacks.
Rose
in reply to The 8232 Project • • •like this
geneva_convenience likes this.
wizardbeard
in reply to Rose • • •Rose
in reply to wizardbeard • • •The 8232 Project
in reply to Rose • • •Rose
in reply to The 8232 Project • • •The 8232 Project
in reply to Rose • • •My bad, I understand now.
Because it's security focused, it includes app stores that are good for their security (regardless of privacy). Other app stores, such as F-Droid, have security issues that Accrescent and the Google Play Store don't share. This topic has been argued to death countless times before, and I don't want to start a flame war, but do try researching it and see what comes up.
F-Droid Security Issues
PrivSec.dev Contributors (PrivSec - A practical approach to Privacy and Security)sudoer777
in reply to The 8232 Project • • •hexagonwin
in reply to The 8232 Project • • •Christov
in reply to The 8232 Project • • •The 8232 Project
in reply to Christov • • •shut
in reply to The 8232 Project • • •libtelio/LICENSE at main · NordSecurity/libtelio
GitHubEvil_Shrubbery
in reply to shut • • •Those are clients/for clients tho.
Server is proprietary closed-sauce.
shut
in reply to Evil_Shrubbery • • •I wonder which VPNs of the ones listed open sourced their backend/server side?
edit: Neither Mullvad or Proton have...
rustyredox
in reply to The 8232 Project • • •- github.com/NordSecurity/nordvp…
GitHub - NordSecurity/nordvpn-linux: NordVPN Linux client
GitHubutopiah
in reply to The 8232 Project • • •FWIW took me less than 1h yesterday to setup WireGuard on 4 different devices :
wg-easyand thus easy to use Web UI (before 2-step auth)nmcli... and it was the first time I used WireGuard.
So I'm trying to imply that one shouldn't use commercial VPNs or benefit from their services, solely that setting up your own depending on your abilities and needs might not be as complex as you initially imagine.
PS: I did have experience with OpenVPN before and a running server already with Docker and nginx as reverse proxy.
Utopiah (Fabien Benetou) (@utopiah@mastodon.pirateparty.be)
Mastodon - PiratesBErothaine
in reply to utopiah • • •utopiah
in reply to rothaine • • •rothaine
in reply to utopiah • • •xthexder
in reply to rothaine • • •3abas
in reply to xthexder • • •utopiah
in reply to rothaine • • •transmissionin a container.Analog
in reply to utopiah • • •utopiah
in reply to Analog • • •HereIAm
in reply to utopiah • • •utopiah
in reply to HereIAm • • •Corridor8031
in reply to The 8232 Project • • •I do not agree with placing switzerland over sweden in that location category
and i think a category should included, that tracks age of vpn or something like that, considering this is nymvpns biggest flaw.. still hard to say how trustworthy it is + their software is less battle tested
(~~and just for someone curiouse, it should be mentioned that nymvpn does use mullvad servers/ has a deal with mullvad~~ sry i mixed that up obscura and mullvad had partnership, not nymvpn)
The 8232 Project
in reply to Corridor8031 • • •I'd be happy to hear your elaboration on this. From what I know, Switzerland is seen as the gold standard in terms of privacy.
The issue is that age doesn't correlate with security. There could be an outdated, insecure VPN that's been around for 10 years, or a modern, secure VPN that's been around for 10 days. If I included it, there would be no "good" or "bad" values. Nevertheless, I will include this in version 2.0.
I knew NymVPN used a small bit of Mullvad VPN's code, but I didn't know they used their servers. Could you link to this?
Corridor8031
in reply to The 8232 Project • • •this is awkward i am sorry it seems like my memory failed me,
for one it is was mullvad and obscura that have a deal, not nymvpn..
and then i also thought somehow that vpns are in sweden protected by the constitution, but it appears its more like normal laws. Which appear to be effective tho.
But mainly i thought about that recently switzerland was proposing laws like this tuta.com/blog/switzerland-surv… (possible that laws like these get proposed in sweden aswell ofc)
which makes it sound like the privacy stands of the goverment is not that strong anymore, but there are probably no effects really at the moment.
I think i would rank sweden and switzerland equally i guess, i mean the famouse mullvad example kind of proofs that they are safe i think...
But like my research into the countries is not that deep, so if you really looked into this deeply and switzerland is really better for some reason, than i guess it is like this.
But i still think the age is important, like sure its completly possible that an old vpn suddenly gets infiltrated or idk what really,
but since for vpns are mostly trust based,
i think that the track record is the best option for this.. and new vpns just dont have that long of a record (personally i would not use like a 1 month old vpn for example, whoever good it sounds)
or can nymvpn offer garantuees similar to tor?
Switzerland plans surveillance worse than US | Tuta
Tutaharfang
in reply to Corridor8031 • • •apotheotic (she/her)
in reply to The 8232 Project • • •The 8232 Project
in reply to apotheotic (she/her) • • •potpotato
in reply to The 8232 Project • • •VPN Comparison by That One Privacy Guy
thatoneprivacysite.xyzThe 8232 Project
in reply to potpotato • • •Yes. That's included in the comparison.
They don't include NymVPN.
VPN Comparison by That One Privacy Guy
thatoneprivacysite.xyzgeneva_convenience
in reply to The 8232 Project • • •FutileRecipe
in reply to geneva_convenience • • •RaoulDook
in reply to The 8232 Project • • •Starkon
in reply to RaoulDook • • •PolarKraken
in reply to Starkon • • •RaoulDook
in reply to Starkon • • •maximumbird
in reply to The 8232 Project • • •I was grumped by not seeing PIA on this break down. I’ve been using it for years and have always had a good experience with it. But I’m not so sure I know their privacy side now that I see this great break down
Edit: just re read the post again and I think PIA isn’t on here cause it’s not open source?
ohshit604
in reply to maximumbird • • •PIA is an American owned company obligated to comply with the Five Eyes Alliance, they’re legally obligated to retain your personal information unless noted otherwise.
Source their privacy policy, which FYi compare their Privacy Policy to another company like Mullvad and notice how theirs reads like a novel compared to Mullvads, that’s an immediate red flag.
Privacy Policy | Private Internet Access
www.privateinternetaccess.commaximumbird
in reply to ohshit604 • • •Thank you for this
Still learning here
I’m finding out that I’ve been mislead. Probably by their marketing.
I remember an ad I saw for PIA saying something along the lines of “the only VPN that can prove in a court of law that they don’t retain your data”
Either it’s a lie or it doesn’t actually carry the weight I thought it did.
Imhotep
in reply to The 8232 Project • • •ProtonVPN has started to become blocked on tons of websites. I have to switch servers all the time, to the point I won't be able to keep a VPN connection up like I used to.
I've read Mullvad has worsened as well. There seems to be a general ban on VPN use (there was always some of course)
My last hope: non profits who offer VPN. They keep logs, don't allow torrenting, and require a real name to subscribe. Very few server choices, if any.
I'm... fine with that. I just want privacy. No surveillance. And I trust the non profit. Plus I torrent on a VPS anyway
What I would like to see are local VPNs, with a small enough pool of users on each server to not get flagged. A rotation between servers from time to time. Compliant with the law of course (as long as the law doesn't require total surveillance, evidently).
The goal is to hide everyone's activity from the providers and websites (yes, I know, fingerprinting)
But maybe there's some other existing tool/service I'm not aware of?
Ratte
in reply to Imhotep • • •Imhotep
in reply to Ratte • • •VPN on VPS (easy to do with gluetun)
Basically you use a container that's a VPN connection and connect other containers to it.
Fiery
in reply to Imhotep • • •Imhotep
in reply to Fiery • • •Both comments are me. Configuring Tailscale (or Headscale?) is on my to-do.
To be clear, connecting to the VPS is not what I use for the anonymizing part, it's the gluetun container that connects to ProtonVPN servers. This way I can still access my VPS with its real IP.
Not sure if there was a confusion there.
Simply using my VPS as relay would still attach my browsing to a single IP I'm the sole user of... or not? I do not know how that works.
Ratte
in reply to Imhotep • • •Imhotep
in reply to Ratte • • •No advantages privacy-wise, but it's like a seedbox! I keep the torrent client running.
Also I'm on a limited mobile data plan on my router at home, so this helps.
When I found out you could get a free 200GB VPS (look up free tier vps) - and because I had another paid VPS already anyway - I decided to make a seedbox. It's not a ton of storage but it works really well, very happy with it.
Ratte
in reply to Imhotep • • •sp3ctr4l
in reply to The 8232 Project • • •What would happen if you tried to put I2P on there?
... I guess you'd have to go by the different outproxies... ?
1984
in reply to The 8232 Project • • •FutileRecipe
in reply to 1984 • • •Using one only because it's super well known? Sure. It can be well known and scummy. But it can also be well known, trusted, vetted, etc.
And you also probably don't want to use one that is barely known as there's the lack of trust, getting, who runs it's, etc.
dogs0n
in reply to 1984 • • •I'm not sure about your statement, but using a very unknown vpn could lead to possibly tracking you because theres less of a crowd to blend in with.
Assuming your statement is correct (idk if it is), then there's a middleground i guess.
1984
in reply to dogs0n • • •dogs0n
in reply to 1984 • • •You are right.
It is easier to blend in though if the vpn doesn't log (and before logging is added by feds if possible) or if the person tracking you is not a government and doesnt have that control or is just the service you use, etc.
tomsh
in reply to The 8232 Project • • •shut
in reply to The 8232 Project • • •Great work!
+1 to add NordVPN
Nord Security
GitHublumen
in reply to shut • • •notarobot
in reply to lumen • • •lumen
in reply to notarobot • • •shut
in reply to lumen • • •nothrone
in reply to The 8232 Project • • •Never heard of NymVPN. Does anyone use them?
I use Mullvad, and I really trust their devs. Not really looking to change, but having more options is always good.
filcuk
in reply to nothrone • • •girsaysdoom
in reply to filcuk • • •nothrone
in reply to girsaysdoom • • •I don't really pay attention to these "discounts". It is, generally, just a marketing tactic. Plenty of services/websites/shops have the same discount 24/7.
girsaysdoom
in reply to nothrone • • •Brunette6256
in reply to nothrone • • •Alcoholicorn
in reply to The 8232 Project • • •dogs0n
in reply to The 8232 Project • • •