Be aware.....using a VPN is not without risks and you need to appreciate what it will and what it won't do for you.
It will not keep your browser history secret, it will not provide security for non-secure (HTTP) traffic, it will not provide anonymity.
However, if what you are after is to mask your activities from your internet service provider a VPN could be the answer..
It is also worth stating that to be on the safe side, you should only be connecting to websites with encrypted DNS-over-HTTPS or DNS-over-TLS
Also remember that most websites, web services and apps etc have embedded trackers, this is how you get tagged and profiled, it's not just the IP address that gives you away!
You should consider DoH or DoT to start with, install a Pi-hole or AdGuard Home to block trackers or use the Tor browser as is (do not use DoT or DoH) and you will have a safer setup than with an VPN! A VPN remains a single point of failure, on top of you having to trust a 3rd party with your data.
A VPN is a one-hop, single point of failure. Your VPN provider can see all of your activity. So can NSA. Tor mixes traffic in a better way across a wider network. Even if the first or last hop is bad, they don't know what you're doing (entrance node) or where you are (exit node).
- Edward Snowden
Before we start talking about how to setup your very own VPN, let's dig into the solutions that are already out there. Interestingly, if you search the internet for the best and the fastest and non-logging VPN solutions, you will find two names that pop up more often any others so we'll look at those first......
NorthVPN and ExpressVPN
The two 'holy grails'......when it comes to referral commission!
So let’s start with NorthVPN
The good news here is that you can download an APK from the website which means that custom ROMs like Lineage won't have the Google Playstore can download the application. There is more.....since NorthVPN has a strict no logging policy the APK comes with 5 Trackers pre-installed!
AppsFlyer, Google Analytics, Google CrashLytics, Google Firebase Analytics and Google Tag Manager
It also requests 13 permissions! and the official website is full of Google and Analytic trackers!
There is more 'great' news, NorthVPN was compromised in March 2018, but did not share this information with it's clients until October 2019!
Well, at least they get great reviews, referral commissions are always fantastic, aren't they? On the plus side they are located in Panama and so outwith the purview of the “Fourteen Eyes Countries”
Next on the list is ExpressVPN
Based in the British Virgin Islands, again outwith the "Fourteen Eyes Countries", but they are a territory of the UK, which is one!
In our test we tried to pay with bitcoin which failed as the wallet was not supported (they use bitpay), so we emailed them and got some curious responses which looked scripted, possibly because of our location, and telling us we could always use PayPal.
ExpressVPN, like NorthVPN, offers an APK and has a strict no logging policy. Because of that they 'only' slammed us with Google CrashLytics and Google Firebase Analytics plus they only need 10 permissions on our phones.
The ExpressVPN website has even more Google and trackers on its website than NorthVPN! Congrats on winning that 'privacy' contest!
IPVanish is another highly rated VPN provider, located in the USA and therefore under the watchful gaze of one of the "Five Eye Countries". IPVanish has two built-in trackers and is happy with Google CrashLytics and Google Firebase Analytics. However they made top spot when it comes to trackers on their website.....including lots of Google and Cloudflare.
PIA or Private internet access, located in the USA and therefore under a "Five Eye Country....at least PIA has no built-in trackers and none on it's official website!
Coming to the the better ones in the list.......
ProtonVPN, located in Switzerland which must be considered 'cooperative' when it comes to data requests. The app has zero trackers which is a good start plus only 6 permissions are requested.
ProtonVPN is owned by the same company as ProtonMail a privacy orientated email provider. ProtonVPN has not undergone any security audit to date, however they are undergoing one at the moment, the results will be published soon in due course and we will update this chapter once received.
One great feature in ProtonVPN is that on iOS, for example, you can run it as a private VPN and bundle it with DNSCloak to filter your traffic. Only NorthVPN could achieve the same in our tests.
They also offer TOR servers and secure Multi-hops. The TOR option is nice as you can access .onion websites. However we still strongly recommend using the official TOR browser to do so. No Trackers on the website!
iVPN Is located in Gibraltar which although not a "Fourteen Eye Country", however it is under the jurisdiction of the UK which of course is! IVPN is under going an extensive security audit at the moment. A previous audit confirmed the no-logging claim plus there are no trackers on their app.
Multi-hop is supported and we are glad to say that Wireguard is an option and allows for the resetting of the key every 7 days, therefore giving you a different encryption and a little more protection than the usual 'out of the box' providers. They offer an Anti-Tracker blocklist and a firewall within the app. And you can even go real hard core and block Google and Facebook! Great effort, superb speed and if we were to recommend an 'out of the box' provider iVPN would be one of two we can be pretty optimistic about.
The other one and the final entry before we go into the how to host your own VPN setup is Mullvad.
Mullvad has been around since 2009, located in Sweden which is unforgivably a "Fourteen Eyes Country".
Mullvad offers Wireguard and the setup can easily be done within the app or with the official Wireguard software. Multi-hop is supported and not only via OpenVPN with a Shadowsocks exit node, but also within a two hop Wireguard connection, within the official Wireguard app! Mullvad has also been audited by Cure53 and Assured AB with the report published at cure53.de
The security researchers concluded:
https://cure53.de/pentest-report_mullvad_v2.pdf
...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. - Cure53 and Assured AB
Mullvad also offers IPv6 support which is blocked by most other providers. and the Mullvad website can also be reached via TOR
Another great privacy feature is that Mullvad is the only provider who does not ask for any username or password. During payment via Bitcoin you get an generated long number which acts as your account username.
Once again it is better to trust nobody but yourself, so if you can make your own VPN this is the better option and we will guide you through this later in this chapter.
However if you want an easy and effective 'out of the box' solution then Mullvad and iVPN are the two best options out there, Additionally keep in mind that most cloud solutions to host your own VPN only accept credit cards, so your name is exposed. If you want privacy TOR is the best option! If you want to watch Netflix in the US or a football game which is only reachable within a specific country whilst you are in another then Mullvad or iVPN are great option.
Note: it is always good to use the official Wireguard client as it stays online even you switch from mobile to WiFi. IVPN has a kill switch and an auto boot in their setup so this is also a great solution, combined with the blockers, a really great one. The kill switch and auto boot are also provided by a few others as well, but bear in mind if you use a VPN we believe Wireguard to be the best solution. This is based on speed and encryption, however, it is an early protocol and OpenVPN is audited and proven over time. For more on protocols you can check here:
Privacy Advocate
