Another thing I like is Mullvad’s system for accepting cash payments. If you prefer to remain completely anonymous, you can generate a random account number, write it down on a piece of paper and mail it, along with cash, to Sweden. In theory, no one will be able to log you into this account. (True paranoid people will don a foil hat, wear gloves, print from a public printer, and send mail from a remote mailbox.)
Aside from these cutting-edge features, Mullvad offers a down-to-earth VPN service that doesn’t mess with its marketing and helps users take extra steps to protect their privacy. For example, the company has a full page showing you how disable WebRTC in your web browser. As long as WebRTC is enabled (and this is the default in most browsers), websites can display your real IP address even when using a VPN.
Mullvad offers apps for all major platforms (the Android app is in beta), as well as routers. The apps are all open source and you can check the code yourself on GitHub. The service was independently audited as well as. Advanced users can download the configuration files and use them directly with OpenVPN.
In my testing, the speeds were good, although sometimes less consistent than with ExpressVPN. I never encountered a situation where I couldn’t get a fast connection, but sometimes I had to try different servers to get speeds that I was happy with.
How we chose
VPN providers like to pretend they don’t keep any logs, which means they don’t know anything about what you are doing using their services. There are a variety of reasons to be skeptical about this claim, namely because they must have a User ID linked to a payment method, which means there is the potential to link your card number. credit (and therefore your identity) to your browsing activity.
For this reason, I have mainly limited my testing to vendors who have been subpoenaed for user data in the United States or Europe and who have failed to produce the logs, or who have undergone an audit of third-party security. While these criteria cannot guarantee that these providers do not record log data, this selection method gives us a starting point for filtering out the hundreds of VPN providers.
Using these criteria, I narrowed the field to the most popular and reputable VPN providers and started testing them on a variety of networks (4G, cable, FiOS, and many extremely slow coffee shop networks) in the past nine months. I tested the network speed, ease of use (how you connect) and also took into account the payment methods available, how often connections were dropped and the slowdowns I have met.
Why you might not need a VPN
It’s important to understand not only what a VPN can do, but also what it can’t. As stated above, VPNs act as a tunnel of protection. A VPN protects you from people who try to spy on your traffic while it is in transit between your computer and the website you are browsing or the service you are using.
Public networks that anyone can join, even if they have to use a password to log in, are easy hunting grounds for attackers who want to see your network data. If your data is sent unencrypted, such as if the website you are connecting to does not use the secure HTTPS method, the amount of information an attacker can collect from you can be disastrous. Web browsers make it easy to find out when your connection is secure. Just look for a green lock icon at the top of your screen next to the web address. Most websites these days connect over HTTPS, so you’re probably fine. But if that green lock icon isn’t there because sometimes it’s not on schools, libraries, and small business websites, anyone can view the data you send. Unless you’re using a VPN, which hides all your activity, even on unencrypted websites.