70% of VPN Chrome Extensions Leak Your DNS

Update: Please note that this not a WebRTC leak. This involves DNS prefetching which is activated by default on all Chrome browsers. We’ve already informed some of the VPN providers about this issue and they’re in the middle of fixing this.

If your VPN provider is on the list or it leaks your DNS through browser extensions (take test here), please be sure to inform us or them so they could patch this.

Affected VPNs: Last tested on 4th of April:

  1. Opera VPN
  2. Hola VPN – Vulnerable users: 8.7 million
  3. Betternet – Vulnerable users: ~1.4 million
  4. VPN Unlimited – Vulnerable users: ~54,000
  5. ZenMate VPN – Vulnerable users: ~3.6 million
  6. DotVPN – Vulnerable users: ~900,000
  7. Ivacy VPN

Patched VPNs:

PureVPN leak
Example of PureVPN leak

VPNs That Don’t Leak

  1. NordVPN
  2. WindScribe
  3. CyberGhost
  4. Private Internet Access
  5. Avira Phantom VPN
NordVPN no leak
Example: NordVPN doesn’t leak

Intro

Google Chrome has a feature called DNS Prefetching (https://www.chromium.org/developers/design-documents/dns-prefetching) which is an attempt to resolve domain names before a user tries to follow a link.

It’s a solution to reduce latency delays of DNS resolution time by predicting what websites a user will most likely visit next by pre-resolving the domains of those websites.

The Problem

When using a VPN browser extensions, Chrome provides two modes to configure the proxy connections, fixed_servers and pac_script.

In fixed_servers mode, an extension specifies the host of a HTTPS/SOCKS proxy server and later all connections will then go through the proxy server.

In pac_script mode on the other hand, an extension provides a PAC script which allows dynamically changing the HTTPS/SOCKS proxy server’s host by various conditions. For example, a VPN extension can use a PAC script that determines if a user is visiting Netflix by having a rule that compares the URL and assigns a proxy server that is optimized for streaming. The highly dynamic nature of PAC scripts means the majority of VPN extensions use the mode pac_script over fixed_servers.

Now, the issue is that DNS Prefetching continues to function when pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.

There are 3 scenarios that trigger DNS Prefetching:

  • Manual Prefetch
  • DNS Prefetch Control
  • Omnibox

The first two allow a malicious adversary to use a specifically crafted web page to force visitors to leak DNS requests. The last one means when a user is typing something in the URL address bar (i.e. the Omnibox), the suggested URLs made by Chrome will be DNS prefetched. This allows ISPs to use a technology called “Transparent DNS proxy” to collect websites the user frequently visits even when using browser VPN extension.

Test Your VPN For DNS Leaks

To test if your VPN is vulnerable, do the following test:

  1. Activate the Chrome plugin of your VPN
  2. Go to chrome://net-internals/#dns
  3. Click on “clear host cache”
  4. Go to any website to confirm this vulnerability


If you find a VPN that is not listed, but leaks – please send us a screenshot (john@thebestvpn.com) and we’ll update the list.

Solution/Fix

Users who want to protect themselves should follow the remediation:

  • 1. Navigate to chrome://settings/ in the address bar
  • 2. Type “predict” in “Search settings”
  • 3. Disable the option “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly”

DNS leak fix in Google chrome

This research was put together with the help of File Descriptor – ethical hacker from Cure53.

P.S. Note that online DNS leak test services like dnsleaktest.com are unable to detect this kind of DNS leak because the DNS requests are only issued under specific circumstances.

VPN Usage, Data Privacy & Internet Penetration Statistics

VPN Usage Statistics – Table of Contents

VPN Access by Device

The use of Virtual Private Networks (VPNs) has grown considerably in recent years, as public awareness and applications continue to rise. In fact, one quarter of all Internet users have accessed a VPN in the last month, with mobile access growing in popularity:

  • Desktop – 17%
  • Mobile – 15%
  • Tablet – 7%

VPN access by device

VPN Usage Frequency

For many users, VPNs have become an integral part of daily life. Of those who accessed a VPN in the last month:

Every day4-5 times a week2-3 times a weekOnce a week2-3 times a monthOnce a month
Desktop: 35%Desktop: 15%Desktop: 14%Desktop: 10%Desktop: 7%Desktop: 6%
Mobile: 42%Mobile: 13%Mobile: 11%Mobile: 9%Mobile: 6%Mobile: 5%

VPN usage frequency

VPN Usage by Age & Gender

Across all users, VPNs remain most popular amongst younger generations, particularly males. The number of females accessing VPNs has increased on previous years, however:

VPN Users by Age:VPN Users by Gender:
16-24: 35%Male: 62%
25-34: 33%Female: 38%
35-44: 19%
45-54: 9%
55-64: 4%

VPN usage by age and gender

Regional VPN Usage (of all internet users)

The Asia-Pacific region continues to be heaviest users of VPNs, although they are continuing to grow in popularity among Latin American and Middle Eastern users:

  • Asia Pacific: 30%
  • Europe: 17%
  • Latin America: 23%
  • Middle East & Africa: 19%
  • North America: 17%

Regional VPN usage

Emerging Markets Lead for VPN Usage

Given their applications in bypassing Internet censorship and hiding browsing activity, it’s no surprise that emerging markets lead for VPN usage:

Top Ten Markets

  • Indonesia: 38%
  • India: 38%
  • Turkey: 32%
  • China: 31%*
  • Malaysia: 29%
  • Saudi Arabia: 29%
  • Brazil: 26%
  • Vietnam: 25%
  • UAE: 25%
  • Philippines: 25%

Top ten markets for VPNs

*China’s percentage is likely to drop in 2018, as the Government attempts to crack down access to VPN providers in the country.

Reasons Why People Use VPN

So, why are people using VPNs? Although motivations differ depending on the region, the top motivations across all users are:

Access better entertainment content:50%
Access social networks, or news services:34%
Keep anonymity while browsing:31%
Access sites / files / services at work:30%
Access restricted download / torrent sites:27%
Communicate with friends / family abroad:25%
Hide my web browsing from the government:18%
Access a Tor browser:17%

VPN usage motivator

But a stronger pattern begins to emerge when we look at the regional differences:

VPN usage motivator by region

Accessing entertainment remains the strongest motivator even when regional differences are factored in, although retaining anonymity while browsing the Internet is a major application in certain countries:

ArgentinaIrelandSingapore
AustraliaItalySouth Africa
BelgiumJapanSouth Korea
BrazilMalaysiaSpain
CanadaMexicoSweden
ChinaNetherlandsTaiwan
EgyptNew ZealandThailand
FrancePhilippinesTurkey
GermanyPolandUAE
Hong KongPortugalUK
IndiaRussiaUSA
IndonesiaSaudi ArabiaVietnam

Access better entertainment content
Keep my anonymity while browsing
Access restricted download / torrent site

VPN usage motivators by country

VPN Users Paying for Content

Despite the primary motivation being entertainment content for most users worldwide, those who access VPNs are not pirates. 77% of VPN users are buying digital content each month, across a wide range of formats:

Percentage of VPN users who paid for the following in the last month:

  • Music download: 33%
  • Music streaming service: 27%
  • Movie or TV streaming service: 27%
  • Mobile app: 27%
  • Movie or TV download: 26%

VPN users paying for content

Online Users & Digital Statistics

It’s worth considering the growth of VPN usage alongside the global increase in overall Internet access, alongside the dramatic and continued growth of social media and mobile phone usage:

In 2018, there are:

  • 4.021bn Internet users (7% increase on last year)
  • 3.196bn social media users (13% increase on last year)
  • 5.135bn mobile phone users (4% increase on last year)

Online users in 2018

Social media use has continued its impressive climb since 2017, with one in every three minutes spent online now devoted to social media. Globally, digital consumers are now spending an average of 2 hours and 15 minutes per day on social media networks and messaging. According to a recent survey, the top motivations for accessing social media in 2018 are:

  • To stay in touch with what friends are doing: 42%
  • To stay up-to-date with news and current events: 41%
  • To fill up spare time: 39%
  • To find funny or entertaining content: 37%
  • General networking with other people: 34%

Reasons for social media usage

The average internet user now spends around 6 hours each day using internet-powered devices and services – approximately one-third of their waking lives. If we add this together for all 4 billion of the world’s internet users, we’ll spend a staggering 1billion years online in 2018.

Global Internet Penetration

Although internet use is growing, access is not distributed evenly around the world. Internet penetration rates are still low across Central Africa and Southern Asia, but these regions are seeing fast growth in internet adoption.

The global average for Internet penetration is 53%. By region however:

North America: 88%Southern Europe: 77%Western Asia: 65%
Central America: 61%Northern Africa: 49%Southern Asia: 36%
The Caribbean: 48%Western Africa: 39%Eastern Asia: 57%
South America: 68%Middle Africa: 12%Southeast Asia: 58%
Northern Europe: 94%Southern Africa: 51%Oceana: 69%
Western Europe: 90%Eastern Africa: 27%
Eastern Europe: 74%Central Asia: 50%

Global internet penetration by region

 

The highest penetration percentages in the world belong to Qatar and the United Arab Emirates, both of whom boast an incredible 99%. Perhaps unsurprisingly, the lowest is North Korea, with a shockingly low 0.6% penetration rate.

Internet Access by Device

As you might expect, more people are now accessing the Internet via smartphones, accounting for a greater share of web traffic than all other devices combined:

  • Laptops and Desktops – 43%
  • Smartphones – 52%
  • Tablet devices – 4%
  • Other devices – 0.14%

Internet access by device type

In addition to a greater number of devices, mobile connections are also getting faster worldwide. GSMA Intelligence reports than more than 60% of mobile connections can now be classified as ‘broadband’:

The percentage of broadband connections compared to population
Northern America: 95%Western Europe: 98%Middle Africa: 12%
Central America: 62%Eastern Europe: 92%Southern Africa: 83%
The Caribbean: 30%Southern Europe: 97%Eastern Africa: 22%
South America: 82%Northern Africa: 59%Central Asia: 40%
Northern Europe: 109%Western Africa: 33%Western Asia: 63%

Broadband connections

The fastest mobile Internet connection speeds are found in Norway, where the average speed is 61.2 MBPS. The slowest is in Iraq, with an average speed of 4.2 MBPS. Thanks in part to the continued global increase in download speeds, the average global smartphone user now uses 2.9GB of data every month – a rise of more than 50% on last year.

This continued growth of mobile-first Internet use is, unsurprisingly, being driven by Millennials. Of 34 tracked online activities:

MillenialsGen XBaby Boomers
Mobile first – 31Mobile first – 17Mobile first – 7
Laptop first – 3Laptop first – 17Laptop first – 27

Millenials Lead Mobile - First

As you might expect, much of the growth in social media and mobile-first Internet is down to the US and, to a lesser extent, the UK:

United Kingdom snapshot:United States snapshot:
Population: 66.38 millionPopulation: 325.6 million
Internet Users: 63.06 millionInternet Users: 286.9 million
Active Social Media Users: 44 millionActive Social Media Users: 230 million
Mobile Subscriptions: 73.23 millionMobile Subscriptions: 340.5 million
Active Mobile Social Media Users: 38 millionActive Mobile Social Media Users: 200 million

UK Internet penetration US Internet penetration

Data Privacy

With an increase in cyber attacks and ever-growing internet access, concerns around data privacy have become far more prominent. As the general-public becomes more informed about the information businesses and governments collect on them, their worries about the use or mismanagement of this data have increased:

  • 95% of Americans are concerned about how companies use their data.
  • More than 80% are more concerned today than they were a year ago.
  • More than 50% of Americans are looking for new ways to safeguard their personal data.

Privacy Concerns

It would seem their concerns are warranted too, with 31% of Americans saying their online life is worth $100,000 or more. Despite this, only one in four Americans believe they’re ultimately responsible for ensuring safe and secure Internet access, and 51% of consumers have had online and mobile accounts compromised in the previous year.

Most people place the responsibility for safe Internet access and the safeguarding of their data with corporations, but many IT professionals are concerned about businesses ability to effectively protect this data:

  • 95% of businesses have sensitive data in the cloud.
  • 93% of IT professionals report challenges with ensuring data privacy.
  • 82% of businesses have employees who do not follow data privacy policies.

Why businesses remain vulnerable

These concerns have led to a significant lack of trust from the public, with consumers expressing growing anxiety over the security of their records with corporations:

Five Eyes, Nine Eyes & 14-Eyes Countries and VPN Jurisdiction

This article will discuss available VPNs in relation to the 5 Eyes, the 9 Eyes and the 14 Eyes government surveillance alliances.

Why does 5 / 9 / 14 Eyes matter to VPN users?

For anyone considering the use of a VPN, the privacy of their actions online is clearly a concern. While a VPN can certainly help to preserve browsing privacy and protect your data from advertisers and malicious agents, they are not the be-all and end-all of online anonymity. While a VPN offers a good deal of privacy and protection from external agents, VPN providers can still access and store your data and browsing details internally. Any VPN provider in a 5, 9 or 14 Eyes jurisdiction can be legally compelled to provide whatever stored data they have to their country’s intelligence agencies, and often have frameworks in place to bypass the need to ask – frameworks which can also be exploited by malicious third parties.

This is perhaps especially important for users in 5 Eyes countries; the UK’s Investigatory Powers Act 2016 gives sweeping powers to government agencies, granting the rights to access to users’ personal data without warrant; and ISPs in the United States have recently been given the right to record and sell user activity to any third party. Awareness of which jurisdiction a VPN provider falls under is vital for any VPN user with concerns about protecting their data.

5 Eyes Jurisdiction


5 Eyes Alliance Flags

  1. United States
  2. United Kingdom
  3. Canada
  4. Australia
  5. New Zealand

The Five Eyes or FVEY Alliance is an extension of the UKUSA Agreement, the official name given in 1946 to what had begun as an informal agreement between the UK and USA in 1941. While it was originally a treaty to share critical signals intelligence, after the second world war, over the cold war and the war on terror, the agreement grew to include Canada, Australia and New Zealand; and also grew in scope as technology advanced. Snowden’s revelations brought to light how these agreements are being used to collect and share data on countries’ own citizens, and how laws protecting people from being spied on by their own government can be circumvented by allowing a cooperative foreign power to do it and then share the data.

When choosing a VPN – especially for a citizen of a 5 Eyes country – the best option for privacy is to be found outside of the Eyes alliances. Many VPN providers store data, and as with all things online no security measures are impregnable. VPN users must be aware that if their VPN service is registered in a 5 Eyes country, it falls under the jurisdiction of that country’s surveillance agency – complete with all the legal rights and tools to access any data held by or stored on that network.

It’s also important to remember the significance of allies and cooperative countries; nations which are not explicitly part of the 5, 9 or 14 Eyes groups can still be cooperative with requests for data. America’s Pacific allies, like Singapore, South Korea and Japan have a close relationship with the 5 Eyes, and Israel is known to work closely with the NSA. The British Overseas Territories, as well, have legal obligations to the UK and may be required to share intelligence or surveillance information even if they operate independently.

VPNs that belong to 5 Eyes jurisdiction: Australia, Canada, UK, USA and New Zealand

  1. Celo (Australia)
  2. VPNAUS (Australia)
  3. VPNSecure (Australia)
  4. Blockless (Canada)
  5. GetFlix (Canada)
  6. SurfEasy (Canada)
  7. TunnelBear (Canada)
  8. UnoTelly (Canada)
  9. RogueVPN (Canada)
  10. VPN Land (Canada)
  11. WindScribe (Canada)
  12. Betternet (Canada)
  13. VPNUK (UK)
  14. Flow VPN (UK)
  15. HideMyAss (UK)
  16. LibertyShield (UK)
  17. My Expat Network (UK)
  18. OverPlay (UK)
  19. TorVPN (UK)
  20. TotalVPN (UK)
  21. TVWhenAway (UK)
  22. VPN.sh (UK)
  23. WorldVPN (UK)
  24. ZoogVPN (UK)
  25. TGVPN (UK)
  26. AceVPN (USA)
  27. Anonymizer (USA)
  28. BTGuard (USA)
  29. Cloak (USA)
  30. CryptoHippie (USA)
  31. FlyVPN (USA)
  32. FrostVPN (USA)
  33. GoTrusted (USA)
  34. HideIPVPN (USA)
  35. Hotspot Shield (USA)
  36. IPinator (USA)
  37. IPVanish (USA)
  38. LibertyVPN (USA)
  39. LiquidVPN (USA)
  40. MyIP.io (USA)
  41. MyVPN.Pro (USA)
  42. Newshosting (USA)
  43. OctaneVPN (USA)
  44. Private Internet Access (USA)
  45. PrivateTunnel (USA)
  46. Spotflux (USA)
  47. Norton WiFi Privacy (USA)
  48. RA4W VPN (USA)
  49. SlickVPN (USA)
  50. StrongVPN (USA)
  51. SunVPN (USA)
  52. SuperVPN (USA)
  53. TorGuard (USA)
  54. Tunnelr (USA)
  55. UnSpyable (USA)
  56. VikingVPN (USA)
  57. VPN Master (USA)
  58. VPN Unlimited (USA)
  59. VPNJack (USA)
  60. VPNMe (USA)
  61. WiTopia (USA)
  62. CrypticVPN (USA)
  63. Hide My IP (USA)
  64. Unseen Online (USA)
  65. AnonVPN (USA)
  66. FoxyProxy (USA)
  67. NetShade (USA)
  68. IntroVPN (USA)
  69. GhostPath (USA)
  70. disconnect.me (USA)
  71. Speedify (USA)

9 Eyes Jurisdiction


9 Eyes Alliance

5 eyes, plus:

  1. Denmark
  2. France
  3. Netherlands
  4. Norway

The 9 Eyes alliance is an extension of 5 Eyes, including the original 5 – USA, UK, Canada, Australia and New Zealand – as well as Denmark, France, The Netherlands and Norway. While 9 Eyes countries don’t have such an intimate level of cooperation and mutual information sharing as the core 5 Eyes countries, there is still extensive data sharing, especially to the US.

Whereas FVEY allows a mutual access to citizens’ data across the participating countries, the 9 Eyes countries have a less equal role. Programs like RAMPART-A, reported in Denmark’s Dagbladet Information and The Intercept, provide the NSA access to key communication networks and allow it to intercept almost all forms of digital communication – telephone, fax, e-mail, internet chats and VoIP services, including data from VPNs originating in the participating country.

In exchange, the foreign partner is granted access to resources, equipment and assistance from the NSA to surveil the data entering and leaving the country. This is granted on condition that the 9 Eyes agencies will not collect any data on US citizens, leaving the NSA with the ‘better deal’, but more importantly meaning that citizens of the participating countries can expect to have their data accessible to both their own government and those of the 5 Eyes alliance.

While 9 Eyes countries have a somewhat more restrictive relationship than the 5 Eyes countries do, there is still extensive cooperation and data sharing, and it’s a safe bet that any information that Denmark, France, Norway or The Netherlands have access to is also accessible to the NSA. It’s especially important for VPN users to be aware that RAMPART-A and similar schemes allow for the collection of VPN data, greatly compromising the privacy and security of VPNs based in these countries.

VPNs that belong to 9 Eyes jurisdiction: Denmark, France, Netherlands and Norway

  1. BeeVPN (Denmark)
  2. CitizenVPN (Denmark)
  3. Unlocator (Denmark)
  4. ActiVPN (France)
  5. ProXPN (NL)
  6. ShadeYou (NL)
  7. VPN4All (NL)
  8. WASEL Pro (NL)
  9. WifiMask (NL)
  10. RootVPN (NL)
  11. GooseVPN (NL)
  12. Opera’s integrated browser VPN (Norway)

14 Eyes Jurisdiction


14 Eyes Alliance

9 eyes, plus:

  • Germany
  • Belgium
  • Italy
  • Spain
  • Sweden

The 14 Eyes alliance is another layer of the Eyes groups, including all previous countries of the 5 and 9 Eyes as well as Germany, Belgium, Italy, Spain and Sweden. 14 Eyes is one more step removed from the close cooperation of the 5 and 9 Eyes alliances, to the point that a Belgian telecommunications company has been targeted in a cyber attack by GCHQ.

Although the 14 Eyes countries have a more distant working relationship, the alliance is more officially recognized than the 9 Eyes group, and Snowden’s documents identify the alliance as SIGINT Seniors Europe, or SSEUR. The exact nature of the agreement between the participating countries is less clear than the 9 Eyes alliance, but it is known that at least Sweden and Germany have access to the NSA’s XKEYSCORE, an internet data analysis and surveillance tool.

Sweden has even informally been called ‘the Sixth Eye’. Its importance to the NSA derives from the amount of eastern European and Russian traffic that passes through the country.

Even if the 14 Eyes countries do not, in general, have as close ties to the NSA as the 9 Eyes countries do, users in the participating countries should still regard their data as vulnerable and, if not directly shared with the US, at least likely to be easily obtained by 5 Eyes countries. 14 Eyes governments are very likely to be compliant with requests made by the NSA and other surveillance agencies, so a VPN from a 14 Eyes country will not offer full protection, especially if the VPN provider stores browsing data.

VPNs that belong to 14 Eyes jurisdiction: Germany, Italy, Sweden, Belgium and Spain

  1. ChillGlobal (Germany)
  2. GoVPN (Germany)
  3. internetz.me (Germany)
  4. Steganos (Germany)
  5. Zenmate (Germany)
  6. Avira Phantom VPN (Germany)
  7. traceless.me (Germany)
  8. AirVPN (Italy)
  9. AzireVPN (Sweden)
  10. FrootVPN (Sweden)
  11. Integrity.st (Sweden)
  12. IPredator (Sweden)
  13. Mullvad (Sweden)
  14. OVPN.com (Sweden)
  15. PrivateVPN (Sweden)
  16. PRQ (Sweden)

VPN providers that are located in non-14 Eyes countries (Highly recommended)

With so many VPN services on the market, it can be time-consuming and frustrating to sift through feature-lists and review scores only to find that what seems like the ideal VPN is based in a 14 Eyes country. We have informative reviews on some of the best VPN providers which are registered outside of the 14 Eyes and EU compliant partners:

  1. ExpressVPN (British Virgin Islands): Read review
  2. NordVPN (Panama): Read review
  3. CyberGhost (Romania): Read Review
  4. PureVPN (Hong-Kong): Read review
  5. Ivacy (Singapore): Read review
  6. Hide.me (Malaysia): Read review
  7. Astrill VPN (Seychelles): Read review
  8. VPNArea (Bulgaria): Read review
  9. Trust.Zone (Seychelles): Read review
  10. iVPN (Gibraltar): Read review
  11. VyprVPN (Switzerland): Read review
  12. ProtonVPN (Switzerland): Read review

Conclusion – Should you be worried?

Anyone considering their VPN options hardly needs to be told to “be careful”; anyone seriously considering a VPN must already be motivated by care and caution over their online privacy.

No VPN is going to be perfect; many fast performance VPN services (like HotSpot Shield) are likely to be based within the Eyes security alliances, and even many of the countries outside of those jurisdictions are compliant and cooperative with the intelligence agencies’ demands. This doesn’t mean it’s a lost cause or there’s no point trying to protect yourself, however. As with all things related to online security, while you cannot eliminate all threats, the more threats you can mitigate the better.

For the best possible protection, it is recommended to choose not only a VPN outside of the Eyes alliances, but to choose one that does not keep activity logs on its users – and even then, to only connect to servers which themselves are outside of the 5, 9 and 14 Eyes’ jurisdictions. For many users, following these guidelines at all times will be impractical, but as long as users stay aware of these best practices, as well as where and whether their browsing data is being stored and who can gain access to it, the right VPN can go a long way to restoring online privacy.

Back to best VPN list.

Cyber Security Statistics

cyber security stats and factsCyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind and that they are bigger than threats from nuclear weapons.

We have compiled a list of relevant cyber-security statistics for you as we head into 2018:

1. In 2016, the U.S government spent a whopping $28 billion on cyber-security – and this is expected to increase in 2017 – 2018.

TwitterClick to tweet

For perspective, just nine years ago, in 2007, the U.S government spent $7.5 billion to combat malicious cyber attacks. While that’s measly compared to the 2016 cyber security spend of $28 billion (a whopping 373 percent increase from that of 2007), $7.5 billion is no small change — that amount, even though it was spent by the U.S on cyber security in 2007, is bigger than the total budgets of many countries even in 2017 [1].

2. According to Microsoft, the potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.

fact number 2

Now, that’s a lot of money. But this can easily be fixed once we get a few facts right: 1) about 63 percent of all network intrusions and data breaches are due to compromised user credentials, so taking measures to protect your credentials (using a good VPN) should give you an added layer of protection. 2) An attacker spends about 146 days within a network before being detected — that’s quite a lot of time. Knowing this, regular measures could be taken to audit a network and ensure its security [2].

3. According to data from Juniper Research, the average cost of a data breach will exceed $150 million by 2020 — and by 2019, cybercrime will cost businesses over $2 trillion — a four-fold increase from 2015.

We were still gasping at the cost of $3.8 million Microsoft said a data breach costs the average company. However, data from Juniper Research shows this amount will increase by a massive 3,947 percent to over $150 million by 2020 [3]. As your company grows, and as the Internet continues to develop at a massive pace, it might be a good idea to increase the percentage of your budget that goes towards security.

4. Ransomware attacks increased by 36 percent in 2017.

TwitterClick to tweet

Research from Symantec shows that Ransomware attacks worldwide increased by 36 percent in 2017 — with more than 100 new malware families introduced by hackers. More interestingly, though, is that people, especially Americans, are willing to pay. 64 percent of Americans are willing to pay a ransom after becoming victims of ransomware attacks, compared to 34 percent of people globally [4].

5. The average amount demanded after a ransomware attack is $1,077.

TwitterClick to tweet

This is an increase of about 266 percent. Naturally, seeing that more people are willing to pay a ransom considering how reliant on the Internet their activities are, hackers are upping their stakes and demanding significantly more. We can only expect this to increase as ransomware attacks increase in 2018 [4].

6. 1 in 131 emails contains a malware.

fact number 6

TwitterClick to tweet

Emails are now being increasingly used by hackers, and an estimated one in every 131 emails contain a malware. This is the highest rate in about five years, and it is further expected to increase as hackers attempt to use malware like ransomware to generate money from unsuspecting people [4].

7. In 2017, 6.5 percent of people are victims of identity fraud — resulting in fraudsters defrauding people of about $16 billion.

This data is based on a comprehensive study by Javelin Strategy & Research, involving 69,000 respondents who have been surveyed since 2003. The research revealed that the victims of identity fraud in the U.S increased to 15.4 million in 2016, an increase of 2 million people from the previous year [5].

8. 43 percent of cyber attacks are aimed at small businesses.

TwitterClick to tweet

While we’ve been reading a lot in the media about major companies like Target, eBay, Yahoo and Sony being hacked, small companies are not immune. As it is today, at least 43 percent of cyber attacks against businesses are targeted at small companies, and this number will only keep increasing. [6]

9. Unfilled cyber security jobs are expected to reach 3.5 million by 2021 — compared to about 1 million in 2016.

TwitterClick to tweet

While this might not seem like much, it is worth paying attention to: the projected increase in the number of cyber security-related jobs is proportional to a projected increase in cybercrime, and a more than 200 percent increase [7] means we can expect cybercrime to increase by at least that much by 2021.

10. According to billionaire investor Warren Buffett, cyber attacks is the BIGGEST threat to mankind — even more of a bigger threat than nuclear weapons.

TwitterClick to tweet

Now, this isn’t exactly a “statistic.” However, Buffett has an astute mind, and his statement [8] isn’t exactly without logic. From influencing elections in powerful nations to crippling entire corporations, cyber warfare is seeming to be much of a bigger threat than many have anticipated — and if the threat it poses will only increase as experts have predicted, then it’s worth taking note of this wise man’s saying.

11. 230,000 new malware samples are produced every day — and this is predicted to only keep growing.

fact number 11

This is according to research from Panda Security, estimating Trojans to be the main source of malware — being responsible for about 51.45 percent of all malware [9].

12. China is the country with the highest number of malware-infected computers in the world.

TwitterClick to tweet

According to research from Panda Security, an estimated 57.24 percent of all computers in China are infected by malware. The runner-up is Taiwan, with 49.15 percent of all computers infected… and followed by Turkey with 42.52 percent of all computers infected [9].

13. More than 4,000 ransomware attacks occur every day.

TwitterClick to tweet

This is according to data from the FBI [10]. That’s a 300 percent increase in ransomware attacks compared to 2015, and it is projected to only keep increasing as hackers continue to choose ransomware as their preferred method of attack.

14. 78 percent of people claim to know the risks that come with clicking unknown links in emails and yet still click these links.

Fact number 14

According to data from a researcher from the Erlangen-Nuremberg University, while many people claim to be aware of the risks of unknown links in emails, a good portion of them still click unknown links in emails [11].

15. 90 percent of hackers cover their tracks by using encryption.

Hackers are also wisening up to the use of encryption techniques like VPNs, and they are now more effectively covering their tracks — making it much easier to arrest them. The most effective method to combat cyber attacks as hackers get more sophisticated is by using the right preventative methods. It’s getting more and more difficult to catch them [12].

16. It takes most business about 197 days to detect a breach on their network.

TwitterClick to tweet

That’s more than six months! Many businesses have been breached and still have no idea, and as hackers get more sophisticated it will only take businesses even longer to realize that they have been compromised [13].

17. Android is the second most targeted platform by hackers after Windows.

TwitterClick to tweet

The number of malware targeting Android devices is increasing rapidly — and an estimated 98 percent of mobile malware target Android [14]. Hackers aren’t just limiting themselves to desktop computers, they are also targeting mobile devices — as we continue to use mobile devices for even more important activities and financial transactions, the cyber attacks will only increase.

18. 81 percent of data breach victims do not have a system in place to self-detect data breaches.

fact number 18

Instead, many of them rely on notification from third parties to let them know about a data breach on their network — this significantly increases the time it takes to fix a breach from 14.5 days if they had self-detected it to about 154 days if it were detected by an external party [15].

19. 95 percent of Americans are concerned about how companies use their data.

TwitterClick to tweet

A lot of Americans are concerned about how companies use their data [16]. This is understandable considering the number of high-profile cases of data abuse that have made the news in recent times. However, why worry unnecessarily when you could simply cover your tracks and completely encrypt your data by using a reliable VPN service?

20. The two most important reason people use VPNs is to browse anonymously and to unlock better entertainment content: 31 percent of people use VPNs mainly to browse anonymously, while 30 percent of people use VPNs to unlock content.

The number one reason why people use VPNs is to access the internet anonymously, with 31 percent of people citing this as their reason for using VPNs. The second major reason is to unlock sites that they wouldn’t have otherwise been able to unlock — like Netflix and the Apple Store — with 30 percent of people citing this as the main reason they use VPNs [17].

21. 42 percent of VPN users use a VPN at least 4 to 5 times a week — with most of them using it every day.

Indonesia is the country with the highest VPN usage — 41 percent of all Internet users in Indonesia use a VPN. This is followed by Thailand where 39 percent of all Internet users use a VPN, and the UAE, Turkey, Brazil and Saudi Arabia where 36 percent of Internet users use a VPN [18].

Cyber Security

With a substantial increase in Internet access, concerns around Cyber Security are particularly prominent. This growth in concern is, of course, fuelled by the dramatic increase in online fraud and hacking. Emails have become a particularly popular delivery method for online criminals, with an incredible 1 in 131 emails containing malware.

Ransomware – the malicious software that locks personal and business computers until a ransom is paid – has seen a substantial increase over the last 12 months, rising 36% globally in the last year:

  • The average amount demanded by a ransomware attack is $1,077, an increase of 266% on the previous year.
  • Research from Symantec suggests that 34% of people globally are willing to pay a ransom to get their data back – increasing to 64% for Americans.
  • The FBI suggests there are more than 4,000 ransomware attacks globally every day.

Identity fraud has also seen a significant rise, particularly in developed countries like the United States and the UK. In 2016, 6.15% of consumers became victims of identity fraud, with the costs associated with also increasing. In 2017, the total amount of losses due to identity fraud in the US reached $16 billion.

Data Breach Cost

Fears around security are notably prevalent among businesses, many of whom are responsible for huge swathes of customer data. Looking at the associated costs, it’s easy to see why businesses are so concerned:

  • A single data breach will cost the average company $3.8 million.
  • Juniper Research suggests that this will exceed $150 million by 2020.

The impact on affected businesses is also cause for significant concern, with 60% of small companies going out of business within six months of an attack. Given the potential sums available to cyber criminals, they remain an appealing target.

As with attacks against private citizens, email remains a popular delivery method for malware and phishing:

  • Business Email Compromise (BEC) scams targeted over 400 businesses per day last year, draining $3 million over the last 3 years.
  • 43% of cyber-attacks target small businesses.

While cyber crime is a global problem, some regions are seeing significantly higher levels of infection:

Most infected countriesLeast infected countries
China: 57.2% of computers infectedFinland – 20.32% of computers infected
Taiwan: 49.15% of computers infectedNorway – 20.51% of computers infected
Turkey: 42.52% of computers infectedSweden – 20.8% of computers infected

Sources

  1. http://www.taxpayer.net/library/article/cyberspending-database
  2. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics
  3. https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion
  4. https://www.symantec.com/security-center/threat-report
  5. https://www.javelinstrategy.com/press-release/identity-fraud-hits-record-high-154-million-us-victims-2016-16-percent-according-new
  6. https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html
  7. https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html
  8. http://www.businessinsider.com/warren-buffett-cybersecurity-berkshire-hathaway-meeting-2017-5
  9. https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/
  10. https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view
  11. http://www.businessinsider.com/expert-phishing-emails-2016-8?IR=T
  12. https://www.venafi.com/assets/pdf/wp/Venafi_2016CIO_SurveyReport.pdf
  13. http://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/
  14. https://www.computerworld.com/article/2475964/mobile-security/98–of-mobile-malware-targets-android-platform.html
  15. https://swimlane.com/10-hard-hitting-cyber-security-statistics/
  16. https://www.esecurityplanet.com/network-security/over-80-percent-of-americans-are-more-worried-about-privacy-security-than-a-year-ago.html
  17. https://www.comparitech.com/vpn/vpn-statistics/
  18. https://www.techinasia.com/indonesia-world-leader-vpn-usage

Best VPNs for Netflix

best Netflix VPN servicesI know, Netflix’s region restrictions are, at best, annoying.

They keep you from watching the shows you want to watch because you don’t live in the right country—and that hardly seems fair. Which is why unblocking Netflix is one of the most common requests people have of VPNs.

Today we’re taking a look at the top VPNs for Netflix.

 

The 7 Best VPNs for Unblocking Netflix

Last test: February 2018

1. ExpressVPN – Fast, Reliable & Works 100% with Netflix

ExpressVPN access netflix

ExpressVPN is on a lot of “best VPNs for streaming Netflix” lists. They manage to consistently stay ahead of Netflix’s attempts to block them, and they offer a huge number of server locations so you can watch Netflix in almost any country you want.

You can watch across many of your devices—including your AppleTV—and expect consistent service, fast speeds, and truly private streaming.

ExpressVPN isn’t just the best VPN for streaming Netflix, it’s also one of the best VPNs overall; its affordable prices, consistently very high speeds, and no-logging policy make it great for streaming and protecting your privacy. They’ve developed a reputation for faster customer service, a large number of servers, and strong encryption.

In our speed tests on a 100 Mbps connection, ExpressVPN was able to hit 83 Mbps download speed. That’s way more than you need for even ultra HD quality on Netflix.

If you’re looking for a VPN that works with Netflix, ExpressVPN is the way to go.

1-year pricing: $6.67/mo

Download ExpressVPN Here

Read full ExpressVPN review

2. NordVPN – Works with Netflix, But a Bit Slower

NordVPN for Netflix

At #2 in our overall rankings, NordVPN is a great all-around VPN that falls short of ExpressVPN only in speed—and even then, not by much. Although Nord might be slightly less consistent in unblocking Netflix around the world, it’s still one of the best performers.

We’re also big fans of this provider because it’s based in Panama, which isn’t one of the Five Eyes countries, and their no-logging policy that protects your privacy. Their 56 countries’ worth of servers falls behind ExpressVPN, but should still be plenty for watching any show or movie you want.

And with obfuscated servers, you should be able to get access to Netflix in the US and across Europe without getting blocked, even as Netflix gets better at blocking VPN traffic. Though you may see some drop in speed when doing this.

Our tests showed NordVPN at 74 Mbps, which isn’t as high as ExpressVPN, but it’s still much higher than you’ll need for almost anything—and definitely high enough for streaming Netflix.

1-year pricing: $5.75/mo

Get NordVPN Here

Read full NordVPN review

3. CyberGhost – Cheap Alternative for Netflix Streamers

CyberGhost VPN for Netflix

If you buy a seven-year (7!) subscription to CyberGhost, you’ll only pay $1.99 per month. That’s an astonishingly low price for a great VPN. The biggest sacrifice you’ll make at this price is speed. On our 100 Mbps connection, we clocked about 50 Mbps download speed while on CyberGhost. That isn’t slow by any means . . . it’s just slower than more expensive options.

Still, though, it’s plenty fast for streaming Netflix. And CyberGhost does still work with Netflix. With servers in the US, Canada, and most of Europe, you’ll be able to watch pretty much whatever you want, too.

There aren’t as many servers around the rest of the world, but if your primary goal is streaming Netflix through a VPN, you probably don’t need to worry about that.

And, like our other highly rated options, CyberGhost has a strict no-logging policy. So you can be confident in your security. Based in Romania, they’re also not subject to the surveillance measures that some other VPNs are because of their jurisdictions.

Unfortunately, CyberGhost doesn’t have a stellar reputation for the speed of their support. It’s a ticket-based system, so you won’t get immediate feedback if you’re having problems streaming and want some help.

1-year pricing: $5.49/mo

Get CyberGhost VPN Here

Read full CyberGhost review

4. Trust.Zone – Slightly Limited, But Claims to Work with Netflix

Trust.Zone claims to work with Netflix

Unless you’re big into VPNs, you probably haven’t heard of Trust.Zone; but don’t discount the service just because it doesn’t have the big presence of the heavy hitters! It actually has a lot of great factors that make it one of the best VPNs for streaming Netflix.

First of all, it works . . . possibly because it’s not as big as the other VPNs people use. Netflix is likely to focus on blocking the VPNs sending the most traffic its way, and Trust.Zone probably isn’t going to break into that group anytime soon.

Trust.Zone also offers fantastic prices; with a two-year subscription, you’ll pay only $2.33 per month, which is almost as low as CyberGhost’s seven-year plan, and quite a bit lower than many other options.

One of the reasons you’ve probably never heard of Trust.Zone is that it’s relatively new; it was founded in 2014 in Seychelles, a small island off the east coast of Africa. That means they’re not subject to severe surveillance laws, which is always nice. They also have a no-logging policy that we like a lot.

But what about speed? Trust.Zone delivers there, too, knocking out a respectable 63 Mbps download on our 100 Mbps connection.

The biggest drawback to this provider is that they don’t have 24/7 chat-based support; you’ll have to fill out a ticket. That’s not much of a drawback, though, so we fully recommend this option for streaming Netflix without geo-restrictions.

1-year pricing: $3.33/mo

Get Trust.Zone Here

Read full Trust.Zone review

5. Ivacy VPN – A Commitment to Streaming

Ivacy VPN for Netflix straming

When you go to Ivacy’s homepage, it’s clear that they know what their users want: to torrent and stream from anywhere in the world. And they’re dedicated to providing that. They’re notably slower than some of the fastest VPNs out there (achieving 53 Mbps download in our tests), but it’s still plenty fast for streaming Netflix.

Their 24/7 live chat, no-logging policy, and home base in Singapore all combine to make them one of our recommended VPNs for streaming Netflix from anywhere in the world. And with servers in over 50 countries, you’ll be able to access the shows and movies you want without much trouble.

We also really like that Ivacy is compatible with just about every device out there, including Roku, Kodi, Xbox, PlayStation, and even Raspberry Pi. So no matter what you use for streaming, there’s a way to set it up with Ivacy.

1-year pricing: $3.33/mo

Get Ivacy VPN Here

Read full Ivacy review

6. VyprVPN – Promise to Access Netflix & Make it Fast

VyprVPN allows netflix

Switzerland’s VyprVPN is a popular option among VPN aficionados, largely because of its fast speeds: on our 100 Mbps connection, it clocked a 74 Mbps download, making it one of the fastest we’ve tested.

We love the 24/7 chat support, as well as the surveillance practices in Switzerland, which isn’t part of the Five Eyes agreement. 70 servers across the world are distributed mostly in Europe, but there’s a decent number in the US as well (which is likely where you’ll be streaming anyway). And if you want servers elsewhere, there’s a smattering around the world, too.

The only reservation we have about VyprVPN is its logging policy. Golden Frog, the parent company of Vypr, collects a surprising amount of data. They log your IP address, server IP address, start and stop time, and the total number of bytes transferred for every connection you make. And they keep that information for 30 days.

If you’re comfortable with that logging policy, VyprVPN is a solid choice for streaming Netflix.

1-year pricing: $5.00/mo

Get VyprVPN Here

Read full VyprVPN review

7. IPVanish – Very Fast, Semi-Reliable

IPVanish allows Netflix streaming

We’ve had mixed results with IPVanish and Netflix. It can go either way. Recent tests show that it does, in fact, work for streaming, but we’ve had problems in the past. But one of the great things about IPVanish is their seven-day money-back guarantee, so you can test to see if it’s working before you commit to a longer plan.

One thing that we do like about IPVanish is that it’s one of the fastest VPNs we’ve tested. It’s one of only three VPNs on our list that broke 80 Mbps (if you don’t count HotSpot Shield (here’s review), but that’s an entirely different discussion). It’s really fast.

We like the no-logging policy, but the fact that IPVanish is under US jurisdiction isn’t exactly reassuring. Their support system is based on tickets, too, which means you might have to wait a while if the VPN isn’t working how you wanted it to. Not necessarily a deal-breaker, but not an advantage, either.

Compared to the other VPNs on the list, the $6.49 per month price isn’t stellar, but it’s certainly not expensive.

1-year pricing: $6.49/mo

Get IPVanish Here

Read full IPVanish review

 

BONUS: StrongVPN – Very SLOW, Works With Netflix

StrongVPN Netflix VPN

Our speed tests for StrongVPN were pretty abysmal. We only got a download speed of 11 Mbps on our 100 Mbps connection. But it’s important to remember that different ISPs, locations, and devices will see different speeds on VPNs. And because others have had such good luck with using StrongVPN for streaming Netflix, we thought it deserved a place on our list.

There are a couple other counts against StrongVPN for streaming, too: they’re based in the US, so they’re subject to intense surveillance and they have a ticket-based customer-support system. We do like their no-logging policy, though; that’s definitely a big plus.

And many people have had very good luck connecting to Netflix through StrongVPN. So, based on their experience, you should be able to get consistent connections (though you may have to occasionally play around with some settings).

1-year pricing: $5.83/mo

Get StrongVPN Here

Read full StrongVPN review

 

How Does Netflix Block You From Streaming?

When you connect to Netflix, you send it your IP address, which is a unique identifier for your computer on the internet. There’s information connected to that address, like your internet service provider (ISP) and location. And the location of your IP address is what Netflix is interested in.

If your IP address is based in the UK, you can watch anything on British Netflix. If you’re based in Spain, you’ll get Spanish Netflix. In the US, American Netflix. And so on. But if your IP address looks like it’s coming from a VPN, you’ll get this all-too-familiar error:

Geo-blocked netflix

Netflix is available in almost 200 countries, including just about every country you’ve ever heard of. Some of the notable exceptions are China, North Korea, and Syria. If you have an IP address based in one of those countries, you won’t be able to watch.

The movies and TV shows available in those countries can vary a lot, too. And that’s where we come to VPNs.

Benefits of Using a VPN to Watch Netflix

A VPN lets you temporarily change the IP address you use to stream Netflix. That means you can appear to be watching from South Africa, Australia, Germany, Russia, Mexico, Japan, or any other country where Netflix is available.

And that gets you access to whatever programs are available in that country. In most cases, users will likely try to get access to US Netflix, as it has the most TV shows and movies available. Back in November of 2017, Finder did some research and found that the US, American Samoa, Puerto Rico, Martinique, and Guadeloupe had the most content available. (In case you’re wondering, Morocco had the least.)

Netflix US Movie Library in different countries

But because of differing distribution right with different companies, there might be something you want to stream on Netflix that you can’t in the US. So American users may also be interested in streaming Netflix over a VPN (I’ve used a VPN to access British Netflix from the States before).

While getting access to the things you want to watch is the main benefit, you also get the added security and privacy that you always get when you’re using a VPN. No one can snoop on your watching habits, which is reassuring, especially in countries that tend toward heavy government and ISP surveillance.

Some ISPs might throttle your connection speed if you’re using Netflix, too—especially now that net neutrality laws are dying off in the US. Using a VPN prevents that, as well.

How Does Netflix Ban VPNs?

Unfortunately, just firing up your VPN isn’t always enough to stream Netflix from another country. Netflix is engaged in a long war against VPN providers—though, interestingly, it’s content providers, and not Netflix, that are the most invested in this battle.

Regardless of the impetus, Netflix is trying to keep users from using VPNs to stream other countries’ content. VPNs find new ways to prevent Netflix from blocking them. Netflix figures out how to identify the traffic and block it. VPNs find a new way. Netflix stops that one, too.

It’s a constant back-and-forth that will likely go on for a very long time. Netflix uses a variety of methods to block VPNs, including stopping connections that share IP addresses and blacklisting popular VPN IP address blocks.

Although it’s not always clear how they manage to do it, VPN providers do their best to stay one step ahead of Netflix and keep their IP addresses unblocked. Some providers are more consistently successful than others, and that’s what makes those VPNs the best for streaming Netflix.

Unfortunately, if Netflix scores a win, it’s possible that a VPN might never work again with the streaming service, and if you’re using it to stream, you’ll need to change providers.

Before you choose a VPN for Netflix, know this:

Before we get started discussing which VPNs are the best for Netflix, we should discuss one important point. There are no good free VPNs for streaming Netflix. If you want to stream, you need a premium VPN (here’s a lit of best VPNs we’ve tested so far). Especially if you plan on doing it regularly.

We’ve included a number of very affordable VPNs in the list below, and you can always check out our list of the cheapest VPNs around. Using a cheap VPN is fine; but stay away from free options. Not only do they not work as well, but they almost certainly don’t protect your privacy as well, either.

Conclusion: Choose on that actually works with Netflix

In the end, our advice for finding the VPN for unblocking Netflix is similar to advice for finding a VPN for anything else: try a few and see which you like best.

See which connect to Netflix consistently. Test them for speeds in your area. You may find that you get very different results from other users.

Most of them have 30 days money back guarantee, so if you can’t access Netflix, you can always get a refund. That’s the beauty of the VPN services.

And if you have a good recommendation for Netflix VPNs in your area, be sure to share it with us.

The Best Alternatives to DNSCrypt

Taking steps to hide your internet traffic from prying eyes is something that we’re passionate about here. Which is why we feel like we should warn you: there’s a potential vulnerability hiding in plain sight. Your DNS queries might be unencrypted.

If you have no idea what this means, don’t worry; we’ll explain it for you. And if you do know what this means, you probably know about DNSCrypt. But DNSCrypt.org is no longer working, and it might be time to find an alternative.

Let’s start with the basics, and then we’ll get to our recommendations.

Why Your DNS Queries Should Be Encrypted

DNS stands for “domain name system,” and it servers a bit like the internet’s phone book. When you type a URL into your browser, like www.thebestvpn.com, your computer gets in touch with a DNS server, and the server sends an IP address back. The IP address is the actual location of the site.

Once your computer has the IP address, it can connect to the server where the site is hosted. All of this happens in the background, and you might not even knows it’s happening.

There’s a problem, though: your query to the domain name server might be unencrypted. And if it is, someone snooping on your web traffic might be able to see the sites you’re going to, even if you’re using HTTPS or a VPN.

They won’t be able to see what you type into the site, or what you do there, but just knowing which site you’re going to could be enough to make you a bit less secure. Remember the big controversy over the NSA collecting cell phone metadata? This is sort of like that. No one can see what you’re doing on those websites, but they can still see which sites you’re going to. And that’s enough to make a lot of people (including us) uncomfortable.

If you’re worried about government surveillance, you definitely don’t want your DNS queries unencrypted.

In addition to security problems, it can also be cause for concern about privacy. If you’re using your ISP’s DNS server, they’ll know which sites you’re going to. And if they’re under national jurisdiction — or you’re in the US, where that information could be sold to advertisers — that’s a violation of your privacy.

Many people use Google’s DNS servers because they’re very fast. But that’s another potential privacy concern, as Google is always collecting as much information as possible about every user they can. And while they state that they don’t keep permanent records of DNS queries or match your DNS queries to personally identifiable information, the fact remains that they’re out to make money. And if they can use your DNS traffic to do it, they will.

These are all reason why unencrypted DNS queries are bad. It’s time to start encrypting your DNS traffic.

Do VPNs Protect DNS Queries? What About HTTPS?

You’d think that using a VPN would protect all of your DNS queries. In many cases, you’re right. But that’s not always the case. Some VPNs, when confronted with certain situations, will send your DNS queries along normal lines of communication — which means they’re probably going to your ISP. And you won’t even know it’s happening.

So the answer is “yes . . . most of the time.” The best VPNs out there have DNS leak protection, and it works well. But if you’re using another VPN or you have this particular feature turned off, you could be exposed to data collection or snooping.

We always recommend VPNs with DNS leak protection, which stops this behavior before it can become a problem.

And if you’re not using a VPN, your DNS queries are definitely unencrypted, even if you use HTTPS. The secure version of HTTP encrypts all of the information that you send to sites. So no one can see what you’re doing on the site, the password you used to access it, or which pages you go to. But an unencrypted DNS query allows snoopers to see which sites you’re making requests to.

HTTPS is a great security feature — and we strongly recommend using it at all times to protect your online privacy. But it still leaves you open to DNS query surveillance, and that’s something a lot of people don’t realize.

The Best Alternatives to DNSCrypt

DNSCrypt is a protocol that encrypts your DNS requests, and it’s long been one of the most popular options. It encrypts your queries to the OpenDNS servers, which are maintained by Cisco. But DNSCrypt.org was taken offline at the end of 2017, as its creator stated that he no longer uses it.

A group called Dyne.org has taken over maintenance of DNSCrypt-Proxy, an interface for using the protocol, but has committed only to patching bugs, and not further developing the technology. The proxy will be available for the foreseeable future, but there’s no telling what the future holds for the app.

You can also still get DNSCrypt directly from Cisco, but it’s not going to do you any good if you’re not using their DNS servers.

While DNSCrypt is certainly one of the more robust options, there are others. Here are four choices you have when you want to encrypt your DNS traffic.

1. Use a VPN with DNS Leak Protection

This is the simplest alternative to DNSCrypt. You should be using a VPN anyway, and all you need to do is make sure that the one you’re using has DNS leak protection.

These VPNs — including two of our favorites, ExpressVPN and NordVPN — prevent your computer from routing DNS requests outside of the VPN.

Both of these services run their own DNS servers, so all of your DNS queries are routed through secure channels, both to and from the servers. This is the ideal situation; if your VPN has its own DNS servers, you won’t need to use those provided by your ISP (or another traffic spy, Google) and potentially reveal your browsing habits.

And that provides all the security you could need.

If you’re not sure whether your VPN is protecting your DNS traffic, we recommend using ExpressVPN’s leak test. It will tell you whether your DNS queries are visible to people who are trying to see them. If you’re not protected, it’s time to get a new VPN (and make sure to use it all the time).

ExpressVPN's DNS leak test showing an open DNS requestIn fact, you should use a leak test like this one whenever you’re working to secure your DNS traffic. They’ll let you know if your chosen solution, no matter what it is, is working.

2. Use DNS-over-TLS

Transport layer security (TLS) is a cryptographic protocol that’s used around the internet for secure data transfer. And some DNS services are now compatible with DNS queries sent over TLS. That means your requests are encrypted and safe from your ISP’s snooping.

Interestingly, the original creator of DNSCrypt-Proxy now recommends using DNS-over-TLS. This protocol is becoming more popular, but there aren’t too many options yet. Your best bet is probably Tenta, an open-source DNS project.

Tenta sends DNS requests over secure TLS

Their servers support DNS-over-TLS, and they have setup guides for using those servers on numerous systems. If you’re not using a VPN, it’s a good way to add security to your DNS requests. Of course, we always recommend that you use a VPN, as it protects more information than just your DNS queries. But if you can’t use a VPN, Tenta is a good security system to have in place.

You can also use their Android browser, which has a built-in VPN and automatically uses their secure DNS servers. The browser is only offered on the Google Play Store at the moment, but you can sign up for updates so they can let you know when they release the browser for other platforms.

At the moment, Tenta is the best choice for DNS-over-TLS. As more people realize the importance of securing their DNS traffic, and as more development goes into this protocol, we’ll have more options. Active work is taking place in this area, and it’s a good bet that we’ll see useful innovations that bring DNS-over-TLS to the masses in the near future.

3. Use DNSCurve

While not as widely supported as DNSCrypt, DNSCurve is another option for cryptographically protecting your DNS queries. Any request sent between a user and a DNS server is protected using elliptical curve cryptography, which is extremely secure; even more secure than the RSA encryption used by other security measures.

DNSCurve is an older project, and OpenDNS replaced it with DNSCrypt a while back. So it’s very difficult to tell whether or how many servers support it. There’s documentation online, but it’s not especially user-friendly.

Your best bet is to install DNSCurve, make sure you’re using the OpenDNS servers, and run a leak test. You can try it with other servers, too.

It’s not clear whether this is an effective option, but it’s one of the few alternatives to DNSCrypt that uses similar tactics. You’ll require more technical skill and understanding than you’d need for the previous options, but if you’re willing to put in the time and you want to support a system that uses very strong cryptography, DNSCurve is worth looking into.

4. Stick with DNSCrypt-Proxy 2

This isn’t really an alternative, but it’s an important option to mention. The future of DNSCrypt is unclear, but you can still download clients that use the specification. DNSCrypt-Proxy is one of the best options available, and the second version is actively maintained.

DNSCrypt can still protect your DNS traffic, but after DNSCrypt.org went down, it cast a bit of doubt on the future of the project.

Still, if you use DNSCrypt-Proxy 2 and you pass a DNS leak test, you know that your DNS queries are protected. But we’d recommend that you test regularly, in case anything changes.

The Simplest Way to Encrypt Your DNS Queries

As you can see above, using a VPN with its own DNS servers and DNS leak protection is definitely the best way to protect your DNS traffic from spying. There certainly are other solutions, but many of them are quite technical. If you have the technical literacy to implement these or other cryptographic methods, we encourage you to do so!

If you’d like to find out more about DNS privacy and what people are doing to improve it, DNSprivacy.org is a great resource. There’s lots of technical information there about the problems, potential solutions, and ongoing work in DNS privacy. You can even get involved with development and testing if you’re so inclined.

But for most people, the best way to further increase your privacy is to use a solid VPN. When we review VPNs, we look for proper DNS leak protection. If a particular VPN doesn’t have it, we’ll let you know. Our top recommendations, however, will always encrypt your DNS traffic.

And remember that you should always run a leak test with your VPN. There are lots of useful DNS leak test tools (we like ExpressVPN’s tool because it’s very easy to use), and they’ll all let you know if your DNS queries are protected. If they’re not, it’s time to tweak your settings or get a new VPN.

No matter what you decide to do, if you’re concerned about your security and privacy, you need to make sure your DNS queries are safe! It’s an easy thing to forget, but it’s also an insidious backdoor into your browsing habits.

The Best Android VPN Apps

Protecting your internet connection while you’re at home or on your laptop on the go is important. But why protect just one part of your internet use?

If you’re using an Android phone, you should be using a VPN whenever you connect to the internet.

Let’s talk about why that’s a good idea, then discuss the best VPNs for Android phones. We’ll go over our selection criteria, then provide our recommendations.

Why Use an Android VPN?

Just like the internet traffic that you send from your home or work computer, the traffic you send from your phone should be protected. A VPN provides that protection.

For a detailed explanation, check out our full beginner’s guide to VPNs.

In short, though, using a VPN on your Android

  1. Keeps people from spying on your internet connection
  2. Bypasses geo-restrictions (especially useful for streaming Netflix)
  3. Lets you torrent files without reprisal
  4. Helps keep your personal data secure
  5. Protects your anonymity online

You might not think that you have any reason to hide the internet traffic coming from your phone, but remember that you send texts, photos, and emails from it. Would you want someone spying on those? Even if you’re not sending anything particularly private, you still don’t want anyone snooping.

The Electronic Frontier Foundation recommends using VPNs to avoid surveillance by your ISP. The same is absolutely true of your mobile data provider, and for all the same reasons.

There are certainly other reasons you might use a VPN, but these are the most popular. Protected browsing is crucial for streaming and torrenting from your phone, but the security benefits alone are worth setting up a VPN.

 

5 Best VPN Apps for Android Devices

1. NordVPN – Smooth, Easy and Affordable

NordVPN homepageSpeed: 74.15 Mbps out of 100 Mbps
Users Rating (Google Store): 4.4/5.0
Jurisdiction: Panama
Cost: $3.29/mo

NordVPN is a top contender in every category, but it stands out among Android VPNs for the remarkably high reviews it gets from its users: Nord’s app earned a 4.4 ranking, one of the highest we’ve seen:

NordVPN's 4.4 average review on Google Play
Rating on Google Store

In addition to one-tap access to over 2,000 servers in 60 countries, the app also has a built-in adblocker so you can browse the internet more freely and use less data. All you need to do is tell NordVPN where you want to connect, and you’ll be instantly connected to their network.

We also love that they offer a free seven-day trial, so you can check out the Android app to see if you like it. If you don’t, all you have to do is cancel the service.

NordVPN's Android app
Android application as it is after buying

We think you’ll like it, though; with solid speed scores (74 Mbps download on our 100 Mbps connection), industry-standard encryption, and a mind-boggling number of servers, there’s not a whole lot more you could ask for. It’s not the fastest out there, but it should be plenty fast for anything you’re doing from your phone.

Another great feature is NordVPN’s extra-secure Double VPN.

It routes your traffic through two VPN servers instead of a single one to give you doubly encrypted data. This feature might slow down your connection, but if you need to be absolutely sure that no one knows what you’re doing online, you can be confident in Double VPN.

NordVPN's Double VPN provides extra security

When you top all of that off with a very affordable pricing structure, you get a winner. If you sign up for a two-year plan with NordVPN, you’ll only pay $3.29 per month. Not many VPNs charge less than that.

Visit NordVPN.com

Read NordVPN review here

 

2. ExpressVPN – Fast, Premium VPN

Speed: 83.15 Mbps out of 100 Mbps
Users Rating (Google Store): 4.1/5.0
Jurisdiction: British Virgin Islands
Cost: $6.67/mo

ExpressVPN is one of the fastest providers that we’ve tested, clocking over 83 Mbps download speed on our 100 Mbps connection. While the speed you get on your Android phone will vary largely based on your phone and your connection, you can be confident that you’ll get about as fast a speed as possible with ExpressVPN.

ExpressVPN's Android app
Here’s how ExpressVPN app will look on Android

The Android app works with a variety of Android installations, from the latest version, Oreo, all the way back to Jelly Bean. Even if you’re running an old version of Android, your VPN will work and be secure.

One of the great features included in ExpressVPN’s Android app is the recommended location; as soon as you fire up the app, it will recommend servers to you based on where you’ll get the best connections. With a tap, you can connect to their fast servers all over the world. It doesn’t get much easier than that. You can also save your favorite servers for faster access.

We also like that the app defaults to OpenVPN, the most secure VPN protocol. And the 4.1 rating is confidence-inspiring, as well.

ExpressVPN's 4.1-star rating on Google Play

The only place ExpressVPN falls notably behind its competitors is in price. If you pay for a full year up front, it works out to $8.32 per month. If you pay 15 months upfront, it’s $6.67/mo.

That’s on the more expensive side of top-tier VPNs. That being said, if you’re going to use your Android VPN a lot—which we recommend—it’s worth it.

Visit ExpressVPN.com

Read ExpressVPN review here

 

3. VyprVPN – Good Option for Geo-Restrictions

Speed: 74.48 Mbps out of 100 Mbps
Users Rating (Google Store): 4.3/5.0
Jurisdiction: Switzerland
Cost: $5.00/mo

Despite their questionable logging policy (which you can read more about in our full review), VyprVPN makes a great VPN for your Android device. If you’re not worried about your VPN provider keeping some of your information, it’s definitely worth downloading.

One of the big advantages of VyprVPN is its Chameleon encryption. This takes standard OpenVPN technology and scrambles the metadata to make it more difficult for your ISP, wifi provider, or anyone else to figure out that you’re using a VPN. This is great if someone is blocking VPN traffic.

VyprVPN's Chameleon encryption gets past VPN blockers

Beyond that, the app has everything you’d expect from a top-tier Android VPN app. Simple server choice, easy kill-switch on and off, the ability to mark certain servers as your favorites, and recommendations for the fastest server from your current location.

When we tested it on our 100 Mbps connection, we got 74 Mbps downloads, which is one of the fastest we’ve tested. Again, remember that you won’t get these same speeds on your phone. But you can bet that you’ll get better speed with VyprVPN than you will with many other mobile VPN providers.

VyprVPN's Android app
VyprVPN app on Android phone

The 4.3 rating on the Play Store is also reassuring; that’s one of the highest among Android VPNs that we’ve checked out.

VyprVPN's 4.3-star rating on Google Play

An annual plan will see you paying $5.00 per month, which falls around the middle of VPN prices. It’s certainly not expensive.

But it doesn’t compete with NordVPN’s super-low prices, either. You can also try the mobile VPN with 1GB of data to see how it works in your area.

Visit VyprVPN.com

Read VyprVPN review here

 

4. PrivateInternetAccess – Solid Budget Option

Speed: 81.46 Mbps out of 100 Mbps
Users Rating (Google Store): 4.0/5.0
Jurisdiction: United States
Cost: $2.91/mo

PIA is known for its high speeds. It maintained 81% of our 100 Mbps connection speed when we tested it on a PC, logging one of the fastest speeds we’ve ever seen. So if you’re looking for the fastest Android VPN, you should give Private Internet Access a shot.

The app also has a 4.0 rating in the Play Store—people really like it. It’s not hard to see why, with easy connections, automatic server recommendations, per-app VPN rules, and ad blocking.

PIA's 4.0 rating on Google Play

Although we recommend using a VPN for any internet connection on your Android, we understand that you might want more speed when you’re using certain apps. Letting some of them connect outside of the VPN will do that.

Private Internet Access's Android app
PIA VPN Application

PIA has over 3,000 servers, which is a staggeringly high. You’ll always be able to find one in the country you want that’s not getting slammed with traffic. And because you can get a two-year subscription that brings your monthly cost under $3, it’s also one of the most affordable VPNs.

Visit PrivateInternetAccess.com

Read PIA review here

 

5. TunnelBear – Favouring User Reviews, but a Little Slow

Speed: 52.26 Mbps out of 100 Mbps
Users Rating (Google Store): 4.4/5.0
Jurisdiction: Canada
Cost: $4.16/mo

As we mentioned previously, the app itself has to be good for us to recommend an Android VPN. And TunnelBear has a fantastic app—which is one of the reasons why it’s currently rated 4.4 on the Play Store, one of the highest we’ve ever seen for a paid VPN.

TunnelBear's 4.4 rating on Google Play

That’s not much of a surprise, considering how fun the app is to use. Like everything else made by TunnelBear, it’s full of fun graphics and cute bears. Which might not sound like it’s worth anything, but if the app is easy and pleasant to use, you’re more likely to use it.

And the VPN itself is great, too. Android, unlike iOS, gets 256-bit OpenVPN encryption, which means your traffic is secure. It’s not the fastest VPN out there (we got 52 Mbps download speed on our 100 Mbps connection), but it is stable and they have a no-logging policy that we really like.

TunnelBear's Android app on phone and tablet
TunnelBear’s Android app

Their paid plans, which start at $4.16 per month, paid annually, are some of the cheapest we’ve seen. And there’s a free plan so you can try the app out to see how it works for you. You’ll be limited to 500MB, but you shouldn’t need much more than that to see if it’s worth paying for.

Visit TunnelBear.com

Read TunnelBear review here

 

Why We Don’t Recommend Free VPNs for Android

Lots of people know that they should be using a VPN. But fewer are willing to pay for it. That’s why there are thousands of people out there looking for the best free Android VPN. As you’ll see in a moment, we don’t recommend any free VPNs.

Why not? Because free VPNs come with compromises. First, they’re often not very reliable. Providers of paid VPNs aren’t likely to prioritize the traffic of their free users, and if you aren’t willing to pay, you’re going to get second-rate service.

The same applies to speed. Free Android VPNs just aren’t going to be able to compete with paid options on speed. You’ll get faster, more stable connections from a paid provider, and that’s worth a lot.

Second, providers of free VPNs still have to make money. And if they’re not getting it from you, they’re getting it from advertisers. Free VPN providers are more likely to log your information, sell your data to third parties, and display ads while you’re connected. While ads are annoying, having your data collected and sold is a violation of your privacy.

And because privacy is one of the most important underlying principles of any VPN, that’s bad news.

For all of these reasons, we recommend that you always use a paid VPN for Android. You’ll get faster, more stable service, and your privacy will be better protected. And with the low costs of many of the VPNs below, you can get those things affordably.

What We Look for in Android VPNs

So what makes a great Android VPN? In most cases, it’s the same factors that make any VPN a good one. High speeds. No logging of any kind (or, at the very least, minimal logging). Solid encryption for security and privacy.

We also prefer that VPNs not be headquartered in countries that have strict surveillance and data retention laws, like the US, Canada, the UK, and much of western Europe. Some VPNs in these places are very trustworthy, but we prefer that they be housed in more lenient jurisdictions. Though any worthy VPN will have servers all over the world.

Simple, straightforward apps are also a big plus. If you have to spend a long time figuring out how to get online with your VPN, you’re much less likely to use it regularly. And that could expose you to security and privacy risks. The easier it is to get online, the better.

We also look at app reviews in the Google Play Store to see how users feel about the app. If a VPN app has more one- and two-star reviews than other apps, it’s cause for a closer look.

And, of course, we look at price. We know that an expensive VPN doesn’t fit into everyone’s budget, so we try to highlight the options with the best value.

The Best Android VPNs Are at Your Disposal

The five VPNs we listed above are fantastic options for Android users. They’ll keep your traffic private, help you get around georestrictions, and keep your ISP from throttling your traffic. And because they’re at least relatively affordable, they’ll do it all without breaking the bank.

  1. NordVPN – $3.29/mo
  2. ExpressVPN – $6.67/mo
  3. VyprVPN – $5.00/mo
  4. Private Internet Access – $2.91/mo
  5. TunnelBear – $4.16/mo

If you’re not using an Android VPN, you should start doing it now. You can’t go wrong with any of these choices, so pick one and start browsing more safely today!

VPN Troubleshooting

21 ways to speed up vpnVirtual private networks (VPNs) have a vast array of benefits, but they can also suffer from some very annoying problems. A non-functional VPN is infuriating, and a semi-functional one isn’t much better.

When your VPN is slow, won’t connect, keeps disconnecting, or crashes, there are some things you can do to fix the problem. Let’s take a look.

Jump links / Table of contents:

 

Fixing a VPN That Slows Your Internet Speed

VPNs will always make your connection slower, but they shouldn’t cause a huge drop in speed. If your connection is so slow that it’s making it difficult to browse, it’s time to take action.

1. Use a Premium VPN

If you’re on a free VPN, you’re almost certain to get pretty slow speeds on your connection. Understandably, VPN providers prioritize their paying customers. Even if they say their free VPN is as fast as their paid option, you might find that you disagree.

There are plenty of affordable VPNs with respectively high speeds, and if you haven’t upgraded to one, we highly recommend it. You may see your speeds increase immediately.

Two of the fastest and most reliable VPN providers are NordVPN and ExpressVPN. You can read their reviews here and here.

2. Change Servers

Consider changing serversThe server you use for your VPN connection can make a big difference to the connection speeds you get. The closer you are to the server you’re connecting to, the better speeds you’ll get (in almost every case). You may also get improved speeds from servers that aren’t being used as much.

Most VPN clients make it easy to change servers. Just open the client, select a new server, and confirm your selection. You can then run a speed test or continue browsing to see if the new server is running faster.

If you run a VPN through your router, the process may be more complicated, and it may differ depending on your specific VPN provider. If you remember the process you went through to set up your router VPN, you can likely access your router settings to change the server you access. If you don’t remember the process, or anything has changed, consult the user manuals for your router firmware and your VPN.

3. Change Ports

The connection between your computer and the VPN server uses a networking port on your computer. You can think of this port like you would a physical port; your computer routes traffic from the VPN server to a specific port, and traffic from other places to other ports. It helps keep traffic from various sources separated.

While you might think that every port is as fast as every other, you might be surprised to find out that occasionally changing the port your VPN is connected to will help. Some ISPs slow traffic on specific ports, and sometimes you’ll find that some ports are faster than others for no apparent reason. Try switching your VPN connection through different ports to see if any are faster.

4. Change IP Protocols

Most VPNs allow you to connect via Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). TCP is more commonly used across the internet, as it includes error correction, so if there’s a connection problem or some of the data is corrupted, the transmission is still successful, and the sending computer knows to resend anything that didn’t arrive correctly.

UDP, while not as common, is notably faster than TCP. It doesn’t provide error correction, so if something is lost in transit, it won’t resend the information. This cuts down on the time it takes to transfer information, but may also create a less-reliable connection.

Changing between these two protocols might help you achieve higher speeds, especially if you’re going from TCP to UDP. Keep an eye out for poor connection quality, though.

5. Change VPN Protocols

change VPN protocolsWhile OpenVPN is generally considered to be the best protocol for VPN traffic, there are some times when you may want to use L2TP/IPSec. While it doesn’t provide as much security and doesn’t have as many features, it’s also possible that it will slip by filters that slow down OpenVPN traffic.

If you’re using the VPN for security or privacy, we don’t recommend using L2TP/IPSec if you can help it. If you’re just trying to get past region restrictions, it will work. But it won’t be as secure.

6. Disable Local Security Software

Again, this isn’t something we recommend lightly, and if you can avoid it, you should. But if your antivirus program is scanning all of the outbound packets you send, it could be slowing down your connection. Disable it temporarily to see if it speeds up your connection.

7. Change VPN providers

If all else fails, you can always try using another VPN provider. Some are known to have faster speeds than others. And even if your current provider has a reputation for being one of the faster ones, it’s possible that your area, ISP, or other factors are slowing down the connection. Another provider might be faster.

Many VPNs have free trials (such as VyprVPN), so download one and see if another provider can speed up your connection.

 

Fixing a VPN That Won’t Connect

When all you want to do is get on the internet without being vulnerable to surveillance, censorship, or region blocking, a VPN that won’t connect is a big pain. Here’s what you can do to fix the problem.

1. Make Sure You (and the Server) Are Online

The simplest things are the easiest to overlook. If your VPN client isn’t connecting, try opening a website without connecting through a VPN to see if your internet connection is working. If it’s not, restart your router by unplugging it for 30 seconds and plugging it back in. If your internet is still down, it may be a problem at your ISP’s end.

Check your VPN provider’s website, too, to make sure that the server you’re trying to connect to isn’t down. Every once in a while a VPN server will go offline for maintenance—or just because servers aren’t 100% reliable—and you’ll need to connect to another one or wait a while.

2. Make Sure Your Username and Password Are Correct

In many cases, your inability to connect comes from a very simple problem: you typed your password wrong. Or you entered your email address instead of your username. If you’re getting an authentication error, it’s likely related to one of these two issues.

Retype your username and password, and if that doesn’t work, try resetting your password and attempting to connect again.

3. Change Ports

Again, try connecting to the VPN through a different port. Some ISPs and networks block traffic on specific ports, and that can deny your VPN connection request.

Check your VPN’s documentation to see if it suggests or requires connections on specific ports.

4. Try Connecting on a Different Network

Sometimes the problem isn’t with you, it’s with the VPN. One of the best ways to check this is to join a different network. You can try a nearby public wifi spot, like a coffee shop or a grocery store, a friend’s wireless network, or a public hotspot.

If you find that you can connect on the other network, you’ll know that it’s something about your own that’s causing the problem. Check your wifi and internet settings to see if you can find what’s keeping you from signing in.

 

Fixing a VPN That Keeps Disconnecting

Possibly even more irritating than not being able to connect to your VPN is successfully connecting and then dropping out. Especially if it happens over and over. Here’s what to do.

1. Temporarily Disable Your Firewall

How to Turn Firewall on in Windows 10While firewalls are important security measures, they can also cause some problem with VPNs. They’ll likely slow down your connection, and if it gets slow enough, the VPN connection may simply shut down.

Firewalls, in short, scan the data going in and out of your private network where it connects to the wider internet. And if it sees something that shouldn’t be there, it’ll prevent the transmission. Some firewalls have difficulty keeping up with VPN traffic.

2. Connect to a Nearby Server

Sometimes the problem that causes you to disconnect isn’t with you, but with your VPN provider. If a server isn’t behaving normally, you might be disconnected. Try connecting to another server, preferably one close by, to see if you get a better connection.

3. Change Protocols

Sometimes certain VPN protocols will have difficulty keeping a strong connection. If you’re using OpenVPN (which we generally recommend), try connecting over L2TP/IPSec; if you’re already on L2TP, try OpenVPN. You could also try PPTP, though that’s less ideal.

Again, we recommend sticking with OpenVPN whenever you can, because it’s the most secure of these three common connection protocols. If you can only use your VPN on L2TP, that’s not a big issue, but when at all possible, use OpenVPN.

Changing from UDP to TCP (or vice versa), as discussed above, can also help.

4. Connect via Ethernet

While it’s not common, it’s possible that something at the router level of your network could be causing connection difficulties that will kick you off of the VPN. Plugging directly into the cable jack with an ethernet cable may solve the problem.

The issues often lies in a situation called “double NAT,” which can happen when you have one router behind another. This can happen if you have different routers for different devices or another router connected to your ISP-provided one.

In short, you’ll need to enable bridge mode to make two routers work together. How you make this happen will depend on your router, so you’ll need to dig into the documentation. For a quick explanation of wifi bridging, check out this introduction from Lifewire.

5. Change DNS Servers

Change DNSOccasionally, using a DNS server other than the default supplied by your VPN can help you stay connected. Many VPNs provide their own DNS services for additional privacy, but that can sometimes mess with your connection.

Each VPN will have different steps required for changing DNS servers. Many of them include options that say something like “Only use VPN DNS servers while connected.” You’ll need to turn this option off.

Using other DNS servers might make you slightly more vulnerable to DNS leaks, but if you can’t stay connected long enough to get anything done, that’s probably a tradeoff you’re willing to make.

 

Fixing VPN Software Crashes

Like any other software, your VPN client might crash. If this happens every once in a great while, it’s probably nothing to worry about. But if you’re getting crashes often, and it’s disrupting your browsing experience, you’ll want to take action.

1. Make Sure You Have the Latest Software Version

VPN providers work with developers to make sure that their software is as stable and effective as possible. If you’re not running the most current version, you might have some stability issues.

If at all possible, allow automatic updates to your VPN software. Dig into your VPN client’s settings to see if this is possible. If it’s not, be sure to check for updates regularly.

2. Close Other Apps

If you have a lot of other apps open, they can cause problems with your VPN client, especially if you’re using an older computer. Close anything that you don’t need.

3. Restart Your Computer

Sometimes turning it off and back on again actually does solve the problem. Restart your computer to make sure all updates have been applied and that erroneous processes have been killed off.

4. Reinstall the VPN Client

If worse comes to worst, delete and reinstall your VPN client.

 

Solve Problems with Your VPN Fast

If your VPN isn’t working, it’s in your best interest to solve the problem fast. It’s easy to get out of the habit of starting up your VPN every time you want to get on the internet.

But that exposes you to more surveillance and security issues. If your VPN isn’t working, troubleshoot it immediately—you’ll be glad you did.

If you’re still unable to fix your VPN connection, don’t hesitate to leave a comment and we’ll try to help!

Proxy vs VPN

VPNs and proxy services offer some similar features, but with major differences in versatility and security. VPNs vs Proxy will explain these differences and help you make the right choice for your needs.

What is a VPN?

using vpn

A Virtual Private Network (VPN) is a simulation (hence “virtual”) of a private, local area network that extends across a public network (the internet). Local VPN client software connects you to a VPN server on the internet which then relays you, anonymously, to your required destination. Traffic going from your computer to the network is encrypted, and all of your browsing data appears to be coming from the virtual private network, rather than your personal machine.

VPNs are a boon to user privacy and security, drastically reducing the risk of your activity being traced, as well as protecting you from a variety of security threats.

VPNs come in consumer and corporate varieties. While corporate VPNs were the original form of VPN and still have an important purpose today, most discussion concerns the widely available consumer variety. Corporate VPNs are usually handled as a different subject, and are used by workers in a company to connect to the proprietary network, allowing them to see and transmit data and work remotely, for example while on a long-distance business trip. When comparing VPNs and proxies in general terms, we’re specifically talking about consumer VPNs.

Read more here: VPN Beginner’s Guide: What is a VPN

What is a Proxy?

what is a proxy

A proxy is generally much simpler and usually easier to use, though less versatile than a VPN. Using functionality included in an internet browser, a user can set their internet requests to go to an independent server first (the proxy server), which will then make all further data requests on the user’s behalf. This allows for IP addresses to be masked, adding a basic level of anonymity to internet browsing. It also obscures the user’s geolocation, since the destination server can only see the location of the proxy server.

The most common use for a consumer proxy service is to by-pass filters. Students sometimes use proxies to by-pass school blocks on particular online services. If a school firewall blocks access to social media services, it is often possible to access a proxy service and get to the desired destination.

Similarly, proxies can be used to beat certain region-locked services – so that, for example, the BBC’s iPlayer and the U.S. Hulu services can be accessed outside of their respective regions (all that would be required is a proxy server located within the relevant region). Local censorship rules can also be by-passed by using a proxy server located in a region without censorship.

Use of a proxy server is usually established within the user’s browser settings, although some come with their own client software, and some are accessed in-browser as websites. This latter form of proxy website is often very insecure or even dangerous, and is not recommended.

This article is concerned mainly with standard proxy servers, although most of the information applies to proxy services and client software as well.

Why use a proxy?

Proxies offer simple, basic privacy protection; all web traffic is first sent to the selected proxy server, which then retrieves the requested website or data and relays it back to the user. This means that any website you request only sees the IP address of the proxy server, not your own. This offers some protection against surveillance. Unless you’re specifically targeted or investigated, your traffic will remain anonymous. However, the owner of the proxy server will still have access to your data, and is likely to keep logs which can compromise your privacy in the long term.

By obscuring your IP address, proxies also help to reduce targeted advertising, as ad servers will not be able to log your personal IP address. It’s important to choose the right proxy if this is a concern, however, since some will inject their own advertisements into the pages you visit, blocking targeted advertising from one source but using their own logs of your browsing history to push targeted ads in another way.

Proxy server connections are set up from within an internet browser – Chrome, Firefox, Microsoft Edge/Internet Explorer etc – and consequently don’t require any client software like VPNs do. This makes connecting to a proxy considerably less resource-intensive than using a VPN. Without client software to download and install, there will be no impact on hard drive space either. You will still see a reduction in internet speeds as every request is relayed between you, the proxy server and the destination; but the impact to hardware performance on your own computer should be minimal.

Depending on the location of the proxy server, it will also let you access region-restricted websites and content – if a YouTube video is blocked in the US, connecting to a UK proxy server may allow you to view the video. A user in Canada, likewise, can gain access to US streaming services like Hulu by connecting to a US-based server. This may not be the ideal solution for users who need to access content from many different regions, as for each different geo-block you need to bypass, you’d need to reconfigure your settings every time to direct your traffic to an appropriately located server.

Proxies are a basic, lightweight option. They may be useful for users with severely restricted system resources, or who only need a temporary solution for certain issues and don’t need to be too stringent about security.

When using any proxy, however, the importance of finding a trustworthy server cannot be over-stressed. Remember, although you might be gaining a level of anonymity when using a proxy, the owner of the proxy server is anonymous to you as well. Any individual with access to their own server and the internet can set up as a free proxy, and this could easily be used to gather personal data from the users.

Since proxies are often free services, there will be minimum security on the server. In particular, they will almost certainly maintain logs that can be retrieved by law enforcement. Your anonymity cannot be guaranteed.

Why use a VPN?

With proxies relatively easy and cheap to set up and use compared to a VPN, they might be a tempting choice for users who are new to the issues of online privacy and anonymity. However, proxy servers only offer bare-bones functionality and can introduce as many new security issues as they solve.

In 2015, an Austria-based security researcher analyzed 443 free proxy services and servers, and found that almost 80% were unsafe or not secure, either through blocking HTTPS traffic – which leaves you more vulnerable to surveillance or attempts to steal passwords and identity – or actively modifying the HTML and JavaScript of websites visited. The latter is most likely just to inject more advertisements into the client browser, but it’s still alarming to know that many proxy servers can, and do, modify the data you receive.

While a proxy does mask your IP address, it does not provide any deep level of anonymity. Your identity is obscured only to the websites you visit; most proxy servers will still keep logs of which requests you send, making it easy to trace your traffic at a later date even if your IP is hidden at the time you visit a website. There are many VPNs available which have a no-logging policy, not only keeping your IP address anonymous when you access web-pages, but also meaning that it can’t be traced back to you after the fact.

VPN services usually offer a variety of servers for the user to connect to; this makes them the superior solution for bypassing region locks. When using a proxy, you will have to reconfigure your browser to point to whichever server you want to connect to depending on which region’s content you want to access. You cannot go seamlessly from viewing US-only content to UK-only content – and finding a trustworthy server even for one region can be difficult enough. With a VPN, your provider will often have an array of different servers available to connect to as required, allowing you to switch your virtual region safely and easily.

A good VPN can be used from any connection, including public hotspots; the encryption and extra security measures offered by VPNs will protect your browsing data over public connections. Even if an attacker manages to intercept your data, the encryption will make it unusable. Proxies are often less secure than a regular connection, so using one in public – especially one which will not use HTTPS traffic – is potentially dangerous.

Many ISPs throttle bandwidth for torrenting applications, such as BitTorrent, in an effort to combat piracy and limit impact on bandwidth – despite the effects this has on those using torrents for legitimate reasons. In order to throttle this specific kind of connection, they need to employ a process called Deep Packet Inspection. By analyzing the data packets sent over your connection, the ISP can determine whether the data is for regular web browsing or the use of torrent services – and throttle your connection speed in the latter case. Since a VPN encrypts data as it is transmitted, the ISP cannot inspect the packets properly, and therefore cannot detect when you’re using a torrent service.

Which to choose?

A VPN.

When you’re considering whether to use a proxy instead of a VPN, a good general rule of thumb is “don’t”. There are some very specific situations in which a proxy is the better option, but a VPN will offer you every benefit of a proxy server with less risk, more functionality and better protection. As long as you can choose a good VPN (there are many VPN reviews and articles here on thebestvpn.com to help), the only disadvantages are the learning curve and the additional expense.

The majority of proxies are freely available, but there is also a wide variety of paid proxies on offer. These paid services are more stable and reliable, and tend to perform a lot better than free proxies, but they can’t eliminate any of the other disadvantages of using a proxy and not a VPN; your browsing data is still traceable in the event of an investigation, and all the same issues with changing servers and data encryption are still present.

Both VPNs and proxies are likely to slow your connection speed somewhat (except in the case of bandwidth throttling, in which case a VPN is more likely to boost your speed), but a proxy server will usually be much slower, as it is a single unit dealing with a multitude of unique connections, and is limited by not only your own connection speed, but also the owner’s.

The only time we would recommend using a proxy rather than a VPN is when you need a “quick and dirty” solution, perhaps for a one-time use of getting around a specific firewall to access important information, or accessing data that’s restricted to a particular region. If you must use a proxy, bear the risks in mind: try to find as trustworthy a server as possible; make sure that HTTPS is not restricted by the proxy; and never send any important, personal data (identifiable information, passwords, payment information etc.) over a proxy – it could easily be logged, read and even abused if the owner of the server is malicious.

A VPN will fulfill all the functionality of a proxy, with greater security and reliability. For anyone with long-term concerns about privacy, security and data protection, a good VPN is unquestionably the best choice.

IPv4 vs. IPv6

IPv6 or IPv4The internet is undergoing a profound change.

Well, it’s been undergoing this change for quite a while now. And you probably didn’t even know about it. You might know that the Internet Protocol (IP) is what makes the internet work . . . but did you know that we’re in the midst of a huge update to that protocol?

The specification for IPv6 was finalized in 1998, and the internet is still in the process of switching from the previous version, IPv4. It’s been a long process, and we still have a long way to go.

But why should you be concerned about IPv4 vs. IPv6? Does it have any effect on you at all? It certainly does—and we’re going to take a look at those effects shortly. But first, let’s take a closer look at both protocols and see some of the differences between IPv4 and IPv6.

IPv4: Where We Started

You might be surprised to find out that the fourth version of the Internet Protocol has been around since 1983. Possibly even more surprising is the fact that it’s still used for the vast majority of the internet.

And it’s worked really well. The internet doesn’t seem outdated, and our data transmission has worked fine for the past 25 years. But there’s one big problem with IPv4:

We’ve run out of IP addresses.

An IP address is, simply, the location of a device on the internet. Your phone has one. Your computer has one. So does your gaming console (though they might not have unique addresses; we’ll get to that in a moment). Every data packet sent over the internet contains two IP addresses: the one belonging to the sender and the one belonging to the receiver.

It’s how data moves around the internet. As you can imagine, IP addresses are really important.

The problem with IPv4 is that IP addresses are 32-bit numbers (they look like “191.148.205.315”). There are just under 4.3 billion 32-bit numbers. That’s a huge number, so how can we be running out?

First, we have a staggering number of devices that are connected to the internet. More mobile phones are internet-capable, and they need their own IP addresses. There are over a hundred million broadband subscriptions in the US alone. Each of those needs an IP address, too.

But still, 4.3 billion? That seems like a stretch.

One of the factors contributing to the exhaustion of IPv4 addresses is inefficient use. Some large companies in the 1980s were given millions of IP addresses, far more than they could expect to use. There are a lot of owned-but-unused IP addresses out there, and that waste contributes to our running out of 32-bit IP addresses.

There’s been a push for people who own those unused IP addresses to give them back so they can be used by others, and that has helped slow the rate of exhaustion. But we’re just adding too many devices too quickly.

Which is where IPv6 comes in.

IPv6: The Present and the Future

As I mentioned, IPv6 was finalized in 1998, and it solves a number of issues with IPv4. The biggest improvement it brings to the table is 128-bit IP addresses (something like “2001:0db8:85a3:0000:0000:8a2e:0370:7334”). Instead of being limited to 4.3 billion, the new protocol supports somewhere in the neighborhood of 3.4×1038 addresses.

That’s 340 undecillion IP addresses.

To be fair, Chris Welsh showed that only 42 undecillion will actually be available to assign. Fortunately, that’s still an almost unimaginably large number. We won’t be running out of IP addresses anytime soon on the IPv6 network.

This larger number of IP addresses also means that every device can have its own address. Right now, routers have unique addresses, and individual devices connected to those routers are given non-unique addresses. So data is sent to the router, and it’s forwarded on to its final destination from there.

This process is made possible through Network Address Translation (NAT). And while NAT is a useful and reliable technology, it has some downfalls. It makes certain protocols unable to protect your devices, for example. It also requires resources to effectively do its job (though the amount of resources is extremely small).

IPv6 does away with NAT. Because there are enough addresses for every device, using non-unique IP addresses for devices behind routers is unnecessary. And NAT won’t be standing in the way of improved security.

The new protocol is also more efficient than IPv4; simplification in data packet headers, better routing functionality, and support for better peer-to-peer networking are all improvements. Even with those improvements, though, users aren’t likely to see huge jumps in performance. Sucuri found that little to no performance boost over IPv4, and others have found minimal improvements in the range of 5–10%.

But we’re still in the very early stages of IPv6, and more efficient data transfer is always good.

The Current State of IPv6

Despite being finalized in 1998, very few places on the internet have converted to IPv6. In May 2017, 37 countries had more than 5% of their internet traffic going via IPv6. Only seven countries had more than 15%. If IPv6 is so much better, why haven’t more people converted?

In short, because it’s expensive. It requires new server software and equipment. And it’s also not backward-compatible with IPv4. So any site that wants to work for users coming in via both protocols needs essentially two versions of their site (or a translator service).

But IPv6 is steadily becoming more popular. Most modern routers and operating systems provide support for the protocol. ISPs are rolling out IPv6 capabilities to more users all the time. Most major ISPs offer at least some IPv6 functionality, though they’re deploying at different rates around the developed world.

Should You Use IPv6?

Now that you’ve seen some of the benefits of IPv6 and how widespread it’s available, you might be wondering if you should use it. In short, yes, you should. The more widespread the adoption of the new technology, the better. If your ISP offers it, and you have a router capable of supporting it, it’s a good idea to turn it on.

Before you set out to turn it on, though, you should test to see if you’re already using it. Head to www.test-ipv6.com to see if you’re using IPv6. Here’s what you’ll see if you’re only using IPv4:

testing IPv6 connectivity

Turning on IPv6 will depend on your router and your ISP. Your best bet is to search for “[router manufacturer] ipv6 [your ISP].” You may also want to upgrade your router’s firmware to DD-WRT to make the change easier.

It’s important to understand that there are two ways of accessing IPv6 sites: with a transition mechanism and natively. There are numerous transition mechanisms, but one called 6to4 is likely the most commonly used. It encapsulates IPv6 data in IPv4 transmissions, effectively letting you see newer-format sites with an older transmission protocol.

A native IPv6 connection lets you connect directly to the site in question, skipping the transition process. This is what you need for a full switch over to IPv6. If your router gives you the choice, you’ll want to choose native IPv6.

To see if a site will accept IPv6 connections, use the IPv6 validation tool. If the site has a 128-bit IP address, you know that the site is IPv6-compatible.

How to Turn IPv6 Off

If you’d rather not use IPv6 (and we recommend not using it if your VPN can’t protect your traffic), you can simply tell your computer not to use it. On Windows, go to Settings > Network & Internet > Network & Sharing Center (it’s at the bottom of the window).

Network and sharing center

Click Change adapter settings and then right-click your main internet connection (in my case, it’s my wifi connection) and select Properties:

Wi-Fi Properties

Scroll through the list until you see Internet Protocol Version 6 (TCP/IPv6) and uncheck the box:

Interent Protocol Version 6

To turn off IPv6 on a Mac, head to System Preferences > Network. Click Advanced and then go to the TCP/IP tab.

Configuring IPv4 on Mac

From here, just change the Configure IPv6 drop-down menu to Off.

If you don’t see the Off option, you need to run a Terminal command. Open Terminal and run one of the following commands, based on how you’re connected to the internet:

networksetup -setv6off "Wi-Fi"
networksetup -setv6off "Ethernet"

That should enable the Off option in the TCP/IP tab of the Network settings. To turn it back on, just select Automatically in the menu or run one of these commands:

networksetup -setv6automatic "Wi-Fi"
networksetup -setv6automatic "Ethernet"

IPv6 and VPNs

We’re all about VPNs here, so of course we’re going to talk about IPv6 and VPNs. If you’ve done much research on VPNs, you might have noticed that many providers disable IPv6 traffic over their VPN. This is because many VPN providers haven’t yet updated their servers and software to accommodate the new standard.

Unfortunately, this means that IPv6 traffic is sometimes routed through your ISP instead of your VPN. And that defeats the purpose of having a VPN in the first place. This is known as an IPv6 leak.

A 2015 study found that the majority of VPN providers suffered from IP address leaks, and that many of them were also vulnerable to IPv6 DNS hijacking. In 2016, another group of researchers found that 84% of Android VPNs weren’t routing IPv6 traffic through the VPN.

Fortunately, studies like these have encouraged providers to better protect their customers’ privacy by including IPv6-friendly features. Some VPNs are able to handle IPv6 traffic. Others simply tell their users to disable that traffic to prevent IP address leaks.

If you’re not sure what your current VPN is doing about IPv6 traffic, it’s a good idea to test your connection for IP leaks. IPleak.net is a good tool for testing whether you’re leaking IP information, and it covers both IPv4 and IPv6 traffic. If you see your personal or ISP’s IP address displayed on the page, your VPN isn’t fully protecting your privacy.

Some VPN providers have instituted support for IPv6 traffic, but not as many as we’d like. We’ll give you a few recommendations below for IPv6 protection.

Keep in mind that IPv6 support and IPv6 leak protection are different features. Leak protection usually involves just turning IPv6 off. This does protect your privacy, as there’s nothing to leak. But it doesn’t take advantage of the features that IPv6 provides. IPv6 support, however, lets VPNs route newer-protocol traffic to IPv6-enabled sites.

This is an important distinction. IPv6 leak protection is good—it definitely improves your safety. But IPv6 support takes it to another level.

VPNs That Support IPv6

As I mentioned previously, most VPNs don’t support IPv6 connections. There are a few, however, that will let you connect via IPv6. Mullvad (review) and FrootVPN (review), two VPNs that we like, offer full support. So does Perfect Privacy, but we haven’t had a chance to review their VPN at the time of this writing.

Beyond those three, your best bet is to find a VPN with IPv6 leak protection to prevent your traffic being routed through your ISP. Most of the top-rated VPNs provide some kind of leak protection. A few, like NordVPN (read review), have been very vocal about instituting their leak protection programs, and you can trust that they’ll be effective.

To find out whether your chosen VPN offers IPv6 leak protection, your best bet is to consult their documentation. Some have an option that you need to turn on. Other block IPv6 traffic automatically. Still, others recommend that you turn off IPv6 traffic on your computer.

Of course, we recommend always routing your traffic through a VPN. But if your VPN leaks your IPv6 IP address, it’s probably a better idea to simply turn IPv6 off using the instructions above.

Be Safe with IPv6

Because it’s a new and better technology, you may want to jump right into IPv6. If it’s better than IPv4, why wouldn’t you use it by default? But as we’ve seen, there are a few issues with it—primarily, that most VPNs don’t support it. And that if they lack leak protection, you could be leaking your IP address when you think it’s protected.

Check to make sure that your VPN either supports IPv6 or offers protection from IP address leaking. If it doesn’t, switch VPNs (most of the big names provide some sort of protection) or turn IPv6 off from your computer’s settings.

If you’ve taken those steps, you can be confident that you’ll be safer on the new, IPv6-enabled internet.

Have you made the switch to IPv6 yet? Does your VPN provider support it? Share your experiences in the comments below!