We all understand VPNs, right? Virtual Personal Networks that allow us to access internet services from countries other than the one where we are.
So during this lockdown people may want to watch Netflix from another nation, perhaps also the BBC iPlayer or any other country specific app on their TV or mobile device. Understandably then, Mashable did what is right under the circumstances and listed off the fastest VPN providers on the market.
However, do you use a VPN for greed or privacy?
Mashable usually provides good information and news on matters tech. But their latest article about VPNs needs to be reviewed in the context of my findings as published in the Privacy Cookbook! What has, instead, been provided is a guide to who pays the highest referral commissions! Because? Well, why would we actually care about our readers?
This initially got my attention on Twitter (or nitter.net for the more privacy minded among us) so I duly checked through the article. Sure enough...Mashable want to make money and so recommend the 4 VPNs with the highest referral commissions as the deals of the week!
Around 4 months ago, I covered exact this topic here in decentralize.today
But let's disregard the "Deals of the Week" and look at the actual ratings followed by my Top 3 and why they are the better solutions for you!
PIA - Private internet access
Let's forget about the referral commission for now and focus instead on trackers! There are luckily no analytics on this 'best solution' android app, but there are 10 permission requests including for access to camera and location. PIA is located in the USA and so is, therefore, under a 'Five Eye Country' jurisdictional framework meaning it is obliged to spy on you!
The website has Google Analytics and its servers are 'protected by Cloudflare'. Funny that because the last time we checked they did not have any analytics on the site. Seems technology moves forward! And in case you're wondering what the big fuss about Cloudflare is then feel free to check it all out here:
This alone is all I need to know about PIA
At first sight, what we have here is a VPN that has no trackers and only seems to need the absolutely necessary information to connect via Android, so this looks ok-ish...at first. Then you go to the website and discover that they don't just have Google Analytics but also Google Tag Manager, Google, Bing and DoubleClick on the site! Spiced up with 5 cookies.. because, well, cookies are always fun, right? Likewise, it's based in Canada so again under the watch of the 'Five Eyes'...
North Wifi (operated by Norton!?!)
I am not so sure where to start on this one, but 25 cookies and connecting to external sites for multiple analytics will do for starters. Then on to the app itself, well, 7 tracker - AppsFlyer, Google Analytics, Crashlytics, Google Tag Manager, Google Firebase Analytics, MixPanel and Taplytics, that is quite a main course. And the icing on the cake comes with an app that records phone status and identity and that is just one of eleven unnecessary permissions. Located in the USA and so also under the 'Five Eyes'...
I simply say not to my tastes...
This is another highly rated VPN provider, located in the USA and therefore under the watchful gaze of one of the 'Five Eyes'. IPVanish only has two built-in trackers on the app in Crashlytics and Google Firebase Analytics. However, they made it to top spot when it comes to trackers on their website...including lots from Google and Cloudflare.
Great name but not the TOR! we know and love. Located in the USA and therefore under the watchful gaze of the 'Five Eyes'. Google Analytics and Tag Manager will also be powering the website and your account.
A Hong Kong based company (good start) which secures its server with Cloudflare, sends analytics to Google Analytics, Crashlytics, Apptentive, Firebase, New Relic, MixPanel and Facebook Pixel! Congrats, now that is PURE!
NorthVPN (the kingpin of referrals)
The good news here is that you can download an APK from the website which means that custom ROMs like Lineage which don't have Google Playstore can download the app.
There is more.....since NorthVPN has a strict 'no logging' policy the APK comes with 5 trackers pre-installed! - AppsFlyer, Google Analytics, Crashlytics, Google Firebase Analytics and Google Tag Manager
It also requests 13 permissions and the website is full of Google and Analytic trackers! And what do you know? You get 6 free cookies!
There is more 'great' news, NorthVPN was compromised in March 2018, but did not share this information with its clients until October 2019!
Well, at least they get great reviews (referral commissions can get you so much good coverage, can't it?) However, there is an upside: they are located in Panama and so under the purview of the 'Fourteen Eyes' (an expanded version of Five Eyes).
This is great! It not just connects to pretty much everything Google offers including reCaptcha, which has even been dumped by Cloudflare (!!!), but also to Twitter Analytics, Facebook Pixel and everything Facebook can collect on you! It sure lives up to its name and "Keeps a Solid" profile on you!
I did not bother linking to any of these companies as Mashable did such a great job and it's all there for you already! I'm just wondering how ethical it is to rank and promote based largely VPN providers referral commission rates.
Now let's take a look at my personal Top 3 recommendations. And to be clear, I've actually used all of them for years (and I don't accept commissions!).
Four months ago this was our second most recommended VPN provider, but has since taken the top spot. iVPN Is located in Gibraltar which, although not a 'Fourteen Eye Country', is however still under the jurisdiction of the UK which of course is!
The company now has a login with only a generated username. That is still linked to your profile and somewhere in your profile is an email address, but it is still a step in the right direction.
Multi-hop is supported and I'm pleased to say that WireGuard is an option and allows for the resetting of the key every 7 days, therefore giving you a different encryption and a little more protection than the usual 'out of the box' providers.
They offer an Anti-Tracker blocklist and a firewall within the app. And you can even go real hard core and block Google and Facebook! Great effort, superb speed and if we were to recommend an 'out of the box' provider iVPN would be one of three we can be pretty optimistic about. You can also add your own DNS and block more than just Google and Facebook and the known trackers if you setup your own blocklists with AdGuard or Pi-hole.
The speed is the fastest in our tests and we tested this on a DD-WRT router setup with WireGuard. Tests on iOS and Android also shows that the apps stay online and block as promised the analytics and Google as well as Facebook analytics, services and apps.
Overall the best performing VPN provider of 2020 so far.
iVPN also offer direct APK download (and it pushes update to the app) and a native f-droid download option! And of course you can use Bitcoin as a payment option!
Mullvad has been around since 2009, located in Sweden which is unforgivably a 'Fourteen Eyes Country'. Mullvad was for a long time in our top spot and when it comes to pure privacy it still is.
Mullvad also offers IPv6 support which is blocked by most other providers and the Mullvad website can be reached via TOR
Another great privacy feature is that Mullvad is the only provider who does not ask for any usernames or passwords. During payment via Bitcoin you get a generated long number which acts as your account username.
When it comes to WireGuard you can use the official WireGuard app that works with Multi-hob and stays online on iOS and Android. Mullvad does not offer a native iOS app, and the Android app is not great! Stay with the native WireGuard app and use multi-hop when you use Mullvad.
Mullvad has also been audited by Cure53 and Assured AB with the report published at cure53.de
The security researchers concluded the following:
Located in Switzerland which must be considered 'cooperative' when it comes to data requests. The app has zero trackers which is a good start plus only 6 permissions are requested.
ProtonVPN is owned by the same company as ProtonMail, a privacy orientated email provider.
The app is also available on GitHub and can be downloaded via APK. So no Google services are needed nor the Playstore.
One great feature in ProtonVPN is that on iOS, for example, you can run it as a private VPN and bundle it with DNSCloak to filter your traffic. Only NorthVPN could achieve the same in our tests.
They also offer TOR servers and secure Multi-hops. The TOR option is nice as you can access .onion websites. However, we still strongly recommend using the official TOR browser to do so. No trackers on the website!
As usual this writeup is my own opinion and I actually use the applications I am testing.
There are no referral links or magic money making opportunities as with the Mashable website and articles.
Decentralize.today is dedicated to keeping you safe and secure during this lockdown and beyond. You stay at home and we'll guide you to the best products to use at this tough time.
Stay safe, with love (from my home office!),
The Privacy Advocate