Another thing I like is Mullvad’s system for accepting cash payments. If you prefer to remain totally anonymous, you can generate a random account number, write that number down on a slip of paper, and mail it, along with cash, to Sweden. In theory, no one will be able to connect you to that account. (The truly paranoid will don a tinfoil hat, wear gloves, print from a public printer, and mail from a remote mailbox.)
These edge-case features aside, Mullvad offers a down-to-earth VPN service that doesn’t overhype with its marketing and helps users take additional steps to protect their privacy. For example, the company has an entire page showing you how to disable WebRTC in your web browser. As long as WebRTC is enabled (and it is by default in most browsers), websites can view your actual IP address even when you use a VPN.
Mullvad offers apps for every major platform (the Android app is in beta), as well as routers. The applications are all open source, and you can check the code yourself on GitHub. The service has been independently audited as well. Advanced users can download configuration files and use them directly with OpenVPN.
In my testing, speeds were good though sometimes less consistently so than with ExpressVPN. I never encountered a situation where I couldn’t get a fast connection, but sometimes I had to try different servers to get speeds I was happy with.
How We Picked
VPN providers like to claim they keep no logs, which means they know nothing about what you do using their services. There are a variety of reasons to be skeptical about this claim, namely because they have to have a user ID of some kind tied to a payment method, which means the potential exists to link your credit card number (and thus your identity) to your browsing activity.
For that reason, I mainly limited my testing to providers that have either been subpoenaed for user data in the US or Europe and failed to produce the logs, or have undergone a third-party security audit. While these criteria can’t guarantee these providers aren’t saving log data, this method of selection gives us a starting point for filtering through the hundreds of VPN providers.
Using these criteria I narrowed the field to the most popular, reputable VPN providers and began testing them over a variety of networks (4G, cable, FiOS, and plenty of painfully slow coffee shop networks) over the past nine months. I tested network speed, ease of use (how you connect), and also considered available payment methods, how often connections dropped, and any slowdowns I encountered.
Why You Might Not Need a VPN
It’s important to understand not just what a VPN can do, but also what it can’t do. As noted above, VPNs act like a protective tunnel. A VPN shields you from people trying to snoop on your traffic while it’s in transit between your computer to the website your browsing or the service you’re using.
Public networks that anyone can join—even if they have to use a password to connect—are easy hunting grounds for attackers who want to see your network data. If your data is being sent unencrypted—like if the website you’re connecting to doesn’t use the secure HTTPS method—the amount of information an attacker can gather from you can be disastrous. Web browsers make it easy to tell when your connection is secure. Just look for a green lock icon at the top of your screen next to the web address. These days, most websites connect using HTTPS, so you’re probably fine. But if that green lock icon isn’t there, as it sometimes isn’t on school, library, and small business websites, anyone can view whatever data you’re sending. Unless you’re using a VPN, which hides all of your activity, even on unencrypted websites.