A Beginner’s Guide to Setting Up a Router VPN

VPNs provide you with a lot of great benefits. You might use one to get around region restrictions on their streaming service. Or protect your privacy if you feel like your ISP or your government might be snooping. You could be taking advantage of VPNs to bypass censorship in your home country.

But you might be one of the many people who face a problem: you forget to log into your VPN. Or just don’t want to. Or you can’t log into your VPN with all of your devices, like your gaming console or your smart TV. Most of the time, people log into their VPNs through a web interface or by downloading an app from their provider.

This is an easy way to access a VPN, but there’s another way: setting up the VPN directly on your router. It’s more convenient, more secure, and protects more devices than using a browser-based or downloadable VPN.

When you first start looking into it, setting up a VPN on your router can be a bit intimidating. But we’ll walk you through the whole process here. We’ll start with how router VPNs work, so you get an idea of what we’re talking about. We’ll go over why you should install one. And finally, we’ll walk you through the process of setting up a VPN on your router.

There’s a lot to cover, so let’s get started!

 

Why You Should Add a VPN to Your Router

Logging into a VPN through your browser or an app is simple and it works well, so why should you install a VPN on your router? There are a few distinct advantages that this approach provides:

1. It’s always up and running

When your router connects directly to a VPN, you never have to worry about signing into the service. When you’re just trying to get online for a few minutes, entering your username and password and waiting for the service to load up can be a pain.

Having a VPN connection on your router means you’re always connected. And that’s crucial when you’re using one to protect your privacy. No more forgetting to log in.

2. You only have to sign in once

If you have several devices connected to your VPN, you have to set it up manually on each device. If you changes phones often, or let friends use your wi-fi and want to protect their privacy, this can be a hassle.

When the VPN is installed on your router, you only have to sign in once. After the VPN is successfully setup on your router, it’ll protect everything on your network without having to sign in on any of those devices.

3. It protects all of your devices

With a standard VPN, you have to log each of your devices into your VPN provider separately. That can be difficult when you’re connecting TVs, game consoles, or other devices that don’t let you download and run any apps you want.

If you have guests over, they’ll automatically be connected to the VPN if they connect to your router. Which is a nice bonus if you want to protect your friends’ and family members’ privacy as well.

All of the devices on your network, no matter what they are, will automatically be routed through your VPN. This approach is more convenient than using an app-based VPN (especially if it doesn’t support every device in your house).

Unfortunately, these benefits come with a cost: running all of your traffic through a VPN could slow down your connection. How much depends on your VPN provider, connection speed, and other factors. But it’s worth noting that your internet access won’t be quite as snappy as it was before.

It’s also possible that you might have trouble accessing local geo-restricted content. If you’re trying to get to something that’s only accessible by people in your country, and your traffic is routed through another one, you’ll be blocked. It’s easy to deal with, but it can be annoying.

Even with those tradeoffs, installing a VPN on your router is still a good idea. Let’s take a look at how to do that.

 

Making Sure You Have the Right Router

Unfortunately, not every router can have a VPN set up on it. In fact, there are only a few routers that you can buy from manufacturers that are ready for VPNs right out of the box. And they tend to be pretty expensive.

But you have a few options here. One of them involved a bit of tinkering with your router, but we’ll show you how to do that.

Here are your options:

1. Buy an out-of-the-box VPN-compatible router

Some router manufacturers are now selling routers that support VPNs right out of the box. This is extremely convenient, as you can just buy a stock router and set up your VPN. It’s definitely the easiest option.

VPN-capable wireless routers tend to cost a bit more than regular routers. For example, the TP-Link SafeStream N300 is a good entry-level wireless router that costs $85. That doesn’t seem too bad, until you realize that you can get a faster AC router for around $50.

However, the extra money that you pay for a VPN router will pay off in ease of use. If your router doesn’t currently support adding a VPN, you may find that it’s a pain to flash your own firmware and install one yourself.

Most VPN-compatible routers allow you to connect a wide range of different VPNs. Most VPNs use the OpenVPN protocol, and almost every VPN router you can find will support this protocol, meaning you can use your router with any VPN provider you want.

2. Flash new router firmware

A router’s firmware is, essentially, the program that runs the router. You probably don’t think very much about your router’s firmware. And that’s by design; it comes fully installed and almost completely set up. You rarely need to mess with it.

But one thing that many people don’t realize is that you can replace that firmware to add new capabilities to your router. This is called “flashing,” and there are two pieces of firmware that are commonly flashed on routers.

The first is DD-WRT, an open-source firmware that strives to give users the maximum amount of functionality without being overly complex. DD-WRT lets users adjust the strength of their wifi signal, manage quality-of-service settings to prioritize specific types of traffic, access your home network from afar, and more.

But, most importantly for this discussion, it also lets you install a VPN. We’ll go over exactly how to do that in a bit.

The second option is called Tomato, and it provides similar functionality. There are a few differences; for example, Tomato isn’t available on as many routers. But it offers better bandwidth monitoring, multi-VPN switching, and a few other things. To see a more detailed breakdown of the differences, check out FlashRouters’ comparison of the two.

Of course, Tomato also lets you install a VPN.

So which should you choose? The choice may already be made for you if you’re flashing your own router, as both firmwares are available for different routers. Check out the supported devices for DD-WRT as well as Tomato-compatible routers to find your router. Beyond that, it could come down to very subtle differences.

Fortunately, both are totally free.

If you’re new to the router firmware scene, just pick one and go with it. Both will give you better router performance and the ability to install a VPN.

How to flash new firmware to your router

Ready to flash firmware to your router? Here are the basics of how to do it.

First, confirm that your router is compatible with the firmware you want to install. Check the previously linked pages to make sure that Tomato or DD-WRT will work on your router.

Find your router model

If your router is compatible, download either the DD-WRT installation files or those for Tomato.

download DD-WRT installation files

Next, do a hard reset of your router.

When it’s booted back up, log into your router’s administration page. You’ll need to check your router’s manual to find out how to access it. (As an example, my own router requires me to go to http://192.168.10.1.) Enter your admin username and password to log into the administration panel.

Most routers make it easy to upgrade the firmware, and will show you an “Upgrade Firmware” or similar option in the administration panel. (Trendnet routers have this option in the Advanced section.)

installing firmware

The administration panel will then ask you to choose a file. Choose the file that you downloaded from DD-WRT or Tomato, then confirm that you want to install it.

It’ll take a few minutes to install; don’t do anything to your router, computer, or internet connection while it’s installing. This could have disastrous effects for your router. You’ll eventually see a confirmation message that the installation was successful.

Wait about five minutes before hitting “Continue.”

After that, do another hard reset of your router. Then head back to the IP address of your administration panel, and you’ll have successfully flashed DD-WRT!

The installation process for Tomato is similar. Just to be safe, you should probably read over the installation instructions for DD-WRT or those for Tomato before you get started.

3. Buy a pre-flashed router

Does installing your own firmware sound difficult? It’s not too bad, but you have to be confident enough to mess with your router. If you’d rather not do this, you can still get DD-WRT or Tomato—you’ll just have to buy a router that comes with one or the other pre-installed.

One of the advantages of going this route is that you can buy just about any router you want and still install a VPN.

FlashRouters is the go-to destination for pre-flashed routers. You can buy a wide variety of routers from Linksys, ASUS, and Netgear, and they come flashed with DD-WRT or Tomato.

You can even get routers that have VPNs pre-installed on them, so you all you have to do is sign into your provider account when they arrive. It really doesn’t get much easier than that.

That being said, pre-flashed routers can be expensive. For example, you can grab the Linksys WRT3200AC router on Amazon for $180. If you want it pre-flashed and prepped for IPVanish VPN, you’re looking at $300 or more.

That’s a huge bump in price. But, then again, it’s completely ready for you to use. And depending on how comfortable you are with tinkering with your router, it could be worth the expense.

Choosing a VPN for Your Router

Now that you have a router ready to connect you to a VPN, you need to choose the VPN provider that you’re going to use. If you’re already paying for a premium VPN, great! If not, it’s time to do some research.

Once you’ve found one that you look, double-check to make sure that it can be installed on a router. Most VPNs can be installed on a DD-WRT or Tomato router with no problem, but there are some that don’t offer this capability. (Hotspot Shield, for example, makes it difficult—if not impossible—to install its VPN on your router.)

You may want to prioritize speed when you’re choosing a VPN for your router, as it will have to deal with a lot of traffic. You’ll be streaming, gaming, downloading, browsing, and uploading over the VPN now, and any slow-down will be noticeable.

It’s also a bonus if the VPN you’ve chosen has an online guide to setting up the VPN with your router firmware. You might be able to figure out how to do it without a guide (or find the information posted elsewhere), but it’s much easier when you have the best practice straight from the provider.

Beyond these factors, the decision-making process will be the same as any other time you choose a VPN provider. Look for providers that respect your privacy by not keeping logs. Check out speed reports. See where their servers are located. If you want to skip doing all that research, just check out our guide to the best VPNs in 2017, and choose from there.

Understanding VPN Protocols: PPTP vs. L2TP/IPSec vs. OpenVPN

When you’re setting up your VPN router, you might have the choice of a few different VPN protocols. If you aren’t experienced with VPNs, you might not have any idea what the differences are, but choosing the right option will give you better security and speed.

Point-to-Point Tunneling Protocol (PPTP)

PPTP is integrated directly into Windows, making it a popular choice among people who are setting up VPNs. You don’t need a third-party application to get it running, which is nice.

But PPTP is very insecure.

At least compared to the other technologies you could be using. It’ll still disguise your traffic from people who aren’t looking too hard. But the NSA has almost certainly cracked PPTP, which means the US government could monitor your traffic. And that others probably aren’t too far behind.

PPTP does have the advantage of being fast, but it’s not worth trading your privacy for.

Layer 2 Tunneling Protocol / Internet Protocol Security (L2TP/IPsec)

L2TP is a VPN technology that doesn’t actually use any encryption. That’s why it’s usually paired with IPsec, which provides encryption services over the connection.

The biggest advantage of this particular protocol is that it’s fast. Possibly the fastest VPN protocol out there. And it’s often built into modern operating systems, so it’s easy to set up.

But it might not be super secure. It’s tough to say. There’s some evidence that the NSA may have weakened or cracked the IPsec protocol, making this another suspect protocol. The encryption is burlier than that used in PPTP, but it still might not protect you from all prying eyes.

For this reason, it’s probably not a good idea to use L2TP/IPsec if you’re using your VPN to avoid government surveillance. If you want to use it for regionless browsing, that should be fine. But if your safety is in question, stick with OpenVPN.

OpenVPN

The final protocol that you’re likely to come across is OpenVPN, an open-source protocol that uses modern technologies like OpenSSL. It can also run on any port, which means your traffic can be disguised as regular HTTPS traffic, adding an extra layer of security.

Improved authentication, plug-ins, 256-bit encryption, and other security features make OpenVPN the most secure choice for your VPN. Most modern VPNs are capable of using this protocol, and both DD-WRT and Tomato support it.

The drawback to the strength of encryption in OpenVPN is that it can be a bit slower than L2TP. In most cases, you probably won’t notice the difference. But it could add up with torrenting or other big downloads.

In general, though, OpenVPN is by far and away the best choice for your VPN.

TCP vs. UDP

Many VPNs allow you to connect to their servers using two different communication protocols. And while might not make as much of a difference to your security, it’s still good to know which one to choose.

Transmission Control Protocol (TCP) is a “stateful protocol,” which means, in simple terms, that the receiving computer confirms its receipt of the data packet being sent. If the sending computer doesn’t receive a confirmation, it sends the packet again.

This ensures that your data is transmitted reliably, and that packets don’t get dropped.

User Datagram Protocol (UDP) is a “stateless protocol,” so it doesn’t wait for confirmation of receipt from the other computer. This makes communication faster, but also opens it up to the potential of communication errors.

In general, we recommend using UDP unless you have communication errors, in which case you should switch to TCP. Many VPNs do this by default, but if you’re given a choice, it’s a good strategy to stick with.

How to Configure a VPN on Your Router

The method you use to add a VPN to your router depends on whether you’re using a router that is compatible with VPNs out of the box or if you’re using flashed firmware.

A purpose-built VPN router will have its own VPN-ready firmware, and you’ll need to access it to add your VPN. In most cases, it’s best for run a search for “[your VPN] install [your router brand].” That might look like “NordVPN install D-Link.” If you’re using third-party firmware, search for “[your VPN] install [yourfirmware]” instead, like “IPVanish install Tomato.”

If your VPN has posted instructions for working with that particular type of router, you’ll find them and you can simply follow the instructions. This will be much easier than digging through piles of documentation to get it figured out yourself.

In general, you’ll need to follow a sequence of steps that go something like this:

  • Update the DNS and DHCP settings to match those provided by your VPN provider
  • Disable IPv6 (this helps prevent DNS leaks that might compromise your security)
  • Choose a server IP address from your VPN provider
  • Select a tunnel protocol (TCP or UDP)
  • Choose an encryption method (we recommend AES)
  • Enter your VPN username and password

After that, your router will connect you to the internet through your chosen VPN!

There are all sorts of other settings that you might want to tweak if you’re familiar with them, but these are the basics, and the ones you’ll need to fill in before you can get connected.

As I mentioned, the exact settings you’ll need to use depend greatly on the VPN and firmware you’re using. Here are a few links to popular VPNs and the instructions for installing them on your router (I’ve only included instructions for DD-WRT and Tomato; if you’re using a router with built-in VPN capability, consult the owner’s manual):

If you have another VPN provider, you should be able to find information on how to set it up with your firmware without too much trouble. And remember to use OpenVPN if it’s offered as a protocol. There might be situations in which you want to use another protocol, but in general, it’s the best choice.

Upgrade Your VPN Game

If you’re serious about your privacy and security, or you just have a tendency to forget to log into your VPN, installing a VPN on your router is a no-brainer. It takes some work, but if you know what you’re getting into, it’s really not that hard.

The benefits you’ll get from a router VPN definitely outweigh the difficulty of getting one set up. And if you really don’t want to take the time to do it yourself, you can buy a router that’s ready to go.

No matter why you’re using a VPN, installing it on your router will make your life easier and more secure. Now that you know how to do it, you can start the process yourself!

DNS Leaks (Causes & Fixes)

What is a DNS LeakBrowsers use the Domain Name System (DNS) to bridge the gap between internet IP addresses (numbers) and website domain names (words).

When a web name is entered, it is sent first to a DNS server where the domain name is matched to the associated IP address so that the request can be forwarded to the correct computer.

This is a huge problem for privacy since all standard internet traffic must pass through a DNS server where both the sender and destination are logged.

That DNS server usually belongs to the user’s ISP, and is under the jurisdiction of national laws. For example, in the UK, information held by ISPs must be handed to law enforcement on demand. Similar happens in the USA, but with the added option for the ISP to sell the data to marketing companies.

While the content of communications between the user’s local computer and the remote website can be encrypted with SSL/TLS (it shows up as ‘https’ in the URL), the sender and recipient addresses cannot be encrypted. As a result, every destination visited will be known to whoever has legal (or criminal) access to the DNS logs – that is, under normal circumstances, a user has no privacy over where he goes on the internet.

VPNs are designed to solve this problem by creating a gap between the user’s computer and the destination website. But they don’t always work perfectly. A series of issues means that in certain circumstances the DNS data can leak back to the ISP and therefore into the purview of government and marketing companies.

The problems are known as DNS leaks. For the purpose of this discussion on DNS leaks, we will largely assume that your VPN uses the most common VPN protocol, OpenVPN.

 

What is a DNS leak?

A VPN establishes an encrypted connection (usually called a ‘tunnel’) between your computer and the VPN server; and the VPN server sends your request on to the required website. Provided the VPN is working correctly, all your ISP will see is that you are connecting to a VPN – it cannot see where the VPN connects you. Internet snoopers (government or criminal) cannot see any content because it is encrypted.

A DNS leak occurs when something unintended happens, and the VPN server is bypassed or ignored. In this case, the DNS server operator (often your ISP) will see where you are going on the internet while you believe he cannot.

This is bad news, since it defeats the purpose of using a VPN. The content of your web traffic is still hidden (by the VPN’s encryption), but the most important parts for anonymity – your location and browsing data – are left unprotected and most likely logged by your ISP.

 

How to tell if my VPN has a DNS leak?

There’s good news and bad news for detecting a DNS leak. The good news is that checking whether your VPN is leaking your DNS requests is quick, easy and simple; the bad news is that without checking, you’re unlikely to ever know about the leak until it’s too late.

There are many in-browser tools to test whether your VPN has a DNS or other form of data leak, including some made by VPN providers such as AirVPN (review) or VPN.ac. If you’re not sure what to do, you could simply go to ipleak.net while you believe your VPN to be operational. This site will automatically check for a DNS leak (and, incidentally, provides a lot more information as well).

  1. Enter ipleak.net into your browser’s address bar.
  2. Once the web page loads, the test begins automatically and you will be shown an IP address.
  3. If the address you see is your IP address and shows your location, and you are using a VPN, this means you have a DNS leak. If your VPN’s IP address is shown, then it’s working normally.

If possible, it’s a good idea to test with multiple online checkers.

Figure 1 shows ipleak.net used with a badly configured VPN. It returns the correct IP address. This is a DNS leak.

Your IP address #2

Figure 1

Figure 2 shows ipleak used with ExpressVPN configured to use a Belgian server (ExpressVPN lets you select from a range of different countries). There is no DNS leak apparent.

Your IP address

Figure 2

For most users, performing this check before continuing to browse other sites will be sufficient. For some users, this won’t be a perfect solution, as it requires you to connect to the internet and send DNS requests to access the checker tools.

It is possible to test for DNS and other leaks without using one of these websites, although it requires you to know your own IP address and how to use the Windows command prompt, It also requires a trusted test server for you to ‘ping’ directly; this could be a private server you know and trust, or one of the following public test servers:

  • whoami.akamai.net
  • resolver.dnscrypt.org
  • whoami.fluffcomputing.com
  • whoami.ultradns.net

To do this, open the command prompt (go to the start menu, type “cmd” and press Enter), and then enter the following text:

  • ping [server name] -n 1

Replace [server name] with the address of your chosen test server (for example “ping whoami.akamai.net -n 1”), and press Enter. If any of the IP addresses found in the resulting text match your personal or local IP, it’s an indicator that a DNS leak is present; only your VPN’s IP address should be shown.

Figure 3 shows the result with ExpressVPN running. Notice that the only IP address returned is the Belgian IP as shown in Figure 2. There is no DNS leak apparent.

FREEDOME

Figure 3

If you find that that your VPN has a DNS leak, it’s time to stop browsing until you can find the cause and fix the problem. Some of the most likely causes of a DNS leak and their solutions are listed below.

 

DNS Leaks Problems and Solutions

The Problem #1: Improperly configured network

DNS Leak problems and fixes

This is one of the most common causes of DNS leakage for users who connect to the internet through different networks; for example, someone who often switches between their home router, a coffee shop’s WiFi and public hotspots. Before you connect to your VPN’s encrypted tunnel, your device must first connect to the local network.

Without the proper settings in place you can be leaving yourself open to data leaks. When connecting to any new network, the DHCP settings (the protocol that determines your machine’s IP address within the network) can automatically assign a DNS server to handle your lookup requests – one which may belong to the ISP, or one that may not be properly secured. Even if you connect to your VPN on this network, your DNS requests will bypass the encrypted tunnel, causing a DNS leak.

The Fix:

In most cases, configuring your VPN on your computer to use the DNS server provided or preferred by your VPN will force DNS requests to go through the VPN rather than directly from the local network. Not all VPN providers have their own DNS servers though, in which case using an independent DNS server such as OpenDNS or Google Public DNS should allow DNS requests to go through the VPN rather than directly from your client machine. Unfortunately, changing the configuration in this way depends a great deal on your specific VPN provider and which protocol you’re using – you may be able to set them to automatically connect to the correct DNS server no matter which local network you connect to; or you may have to manually connect to your preferred server each time. Check the support for your VPN client for specific instructions.

If you have to manually configure your computer to use a chosen independent DNS server, you can find step-by-step instructions in the section ‘Change your settings to a trusted, independent DNS server’ below.

The Problem #2: IPv6

Usually, when you think of an IP address, you think of a 32-bit code consisting of 4 sets of up to 3 digits, such as 123.123.123.123 (as described above). This is IP version 4 (IPv4), currently the most common form of IP address. However, the pool of available unused IPv4 addresses is getting very small, and IPv4 is being replaced (very slowly) by IPv6.

IPv6 addresses consist of 8 sets of 4 characters, which can be letters or numbers, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

The internet is still in the transition phase between IPv4 and IPv6. This is creating a lot of problems, especially for VPNs. Unless a VPN explicitly has IPv6 support, any request to or from your machine sent over IPv6 – or sent using a dual-stack tunnel to convert IPv4 to IPv6 (see Teredo below) – will completely bypass the VPN tunnel, leaving your personal data unprotected. In short, IPv6 can disrupt up your VPN without you being aware of it.

Most websites have both IPv6 addresses and IPv4 addresses, though a significant number are still IPv4-only. There are also a few websites which are IPv6 only. Whether your DNS requests are for IPv4 or IPv6 addresses will usually depend on your ISP, your network equipment (such as wireless router) and the specific website you’re trying to access (with implementation of IPv6 still incomplete, not all users will be able to access IPv6-only websites). The majority of DNS lookups will still be IPv4, but most users will be unaware of whether they are making IPv4 or IPv6 requests if they are able to do both.

A study by researchers from Sapienza University of Rome and Queen Mary University of London in 2015 examined 14 commercial VPN providers, and found that 10 of them – a disturbingly high proportion – were subject to IPv6 leaks.

  • HideMyAss
  • IPVanish
  • Astrill
  • ExpressVPN
  • StrongVPN
  • PureVPN
  • AirVPN
  • Tunnelbear
  • ProXPN
  • Hotspot Shield Elite

While IPv6 leakage is not strictly the same as a standard DNS leak, it has much the same effect on privacy. It is an issue that any VPN user should be aware of.

The Fix:

If your VPN provider already has full support for IPv6 traffic, then this kind of leak shouldn’t be a problem for you. Some VPNs without IPv6 support will instead have the option to block IPv6 traffic. It’s recommended to go for an IPv6-capable VPN in any case, as dual-stack tunnels could conceivably still bypass an IPv6 block. (See Teredo below.) The majority of VPNs, unfortunately, will have no provision made for IPv6 and therefore will always leak IPv6 traffic. Make sure you know before using a commercial VPN whether they have made provisions for IPv6, and only choose one which has full support for the protocol.

The Problem #3: Transparent DNS Proxies

Some ISPs have adopted a policy of forcing their own DNS server into the picture if a user changes their settings to use a third-party server. If changes to the DNS settings are detected, the ISP will use a transparent proxy – a separate server that intercepts and redirects web traffic – to make sure your DNS request is sent to their own DNS server. This is effectively the ISP ‘forcing’ a DNS leak and trying to disguise it from the user. Most DNS-leak detection tools will be able to detect a transparent DNS proxy in the same way as a standard leak.

The Fix:

Fortunately, recent versions of the OpenVPN protocol have an easy method to combat transparent DNS proxies. First, locate the .conf or .ovpn file for the server you wish to connect to (these are stored locally and will usually be in C:\Program Files\OpenVPN\config; see the OpenVPN manual for more details), open in a text editor like notepad and add the line:

  • block-outside-dns

Users of older versions of OpenVPN should update to the newest OpenVPN version. If your VPN provider does not support this, it may be time to look for a newer VPN. As well as the OpenVPN fix, many of the better-made VPN clients will have their own provisions built-in for combating transparent DNS proxies. Refer to your specific VPN’s support for further details.

The Problem #4: Windows 8, 8.1 or 10’s insecure “features”

Windows operating systems from 8 onward have introduced the “Smart Multi-Homed Name Resolution” feature, intended to improve web browsing speeds. This sends out all DNS requests to all available DNS servers. Originally, this would only accept responses from non-standard DNS servers if the favorites (usually the ISP’s own servers or those set by the user) failed to respond. This is bad enough for VPN users as it greatly increases the incidence of DNS leaks, but as of Windows 10 this feature, by default, will accept the response from whichever DNS server is fastest to respond. This not only has the same issue of DNS leakage, but also leaves users vulnerable to DNS spoofing attacks.

The Fix:

This is perhaps the most difficult kind of DNS leak to fix, especially in Windows 10, because it’s a built-in part of Windows and can be almost impossible to change. For VPN users using the OpenVPN protocol, a freely-available open-source plugin (available here) is possibly the best and most reliable solution.

Smart Multi-Homed Name Resolution can be switched off manually in Windows’ Local Group Policy Editor, unless you’re using a Home Edition of Windows. In this case Microsoft simply doesn’t allow you the option of switching off this feature. Even if you are able to switch it off this way, Windows will still send the request to all available servers in the event that the first server fails to respond. It’s highly recommended to use the OpenVPN plugin to fully address this issue.

It may also be helpful to check US-CERT’s guidelines here as well. Smart Multi-Homed Name Resolution has such significant security issues associated with it that the government agency issued its own alert on the subject.

The Problem #5: Teredo

Teredo is Microsoft’s technology to improve compatibility between IPv4 and IPv6, and is an in-built feature of Windows operating systems. For some, it’s an essential transitional technology that allows IPv4 and IPv6 to coexist without issues, enabling v6 addresses to be sent, received and understood on v4 connections. For VPN users, it’s more importantly a glaring security hole. Since Teredo is a tunneling protocol, it can often take precedence over your VPN’s own encrypted tunnel, bypassing it and thus causing DNS leaks.

The Fix:

Fortunately, Teredo is a feature that is easily disabled from within Windows. Open the command prompt and type:

netsh interface teredo set state disabled

While you may experience some issues when connecting to certain websites or servers or using torrent applications, disabling Teredo is a much more secure choice for VPN users. It’s also recommended to switch off Teredo and other IPv6 options in your router or network adapter’s settings, to ensure that no traffic can bypass your VPN’s tunnel.

 

Preventing future leaks

preventing dns vpn leaksNow that you’ve tested for a DNS leak and either come out clean, or discovered and remedied a leak, it’s time to look into minimizing the chances of your VPN springing a leak in future.

First of all, make sure that all the above fixes have been performed in advance; disable Teredo and Smart Multi-Homed Name Resolution, make sure your VPN either supports or blocks IPv6 traffic, etc.

1. Change settings to a trusted, independent DNS server

Your router or network adapter should have a way to change TCP/IP settings, where you can specify particular trusted DNS servers by their IP addresses. Many VPN providers will have their own DNS servers, and using the VPN will often automatically connect you to these; check your VPN’s support for more information.

If your VPN doesn’t have proprietary servers, a popular alternative is to use an open, third-party DNS server such as Google Open DNS. To change your DNS settings in Windows 10:

  1. Go to your control panel
  2. Click “Network and Internet”
  3. Click “Network and Sharing Center”
  4. Click “Change Adapter Settings” on the left-hand panel.
  5. Right-click on the icon for your network and select “Properties”
  6. Locate “Internet Protocol Version 4” in the window that opens; click it and then click on “Properties”
  7. Click “Use the following DNS server addresses”

You can now enter a preferred and alternative address for DNS servers. This can be any server you wish, but for Google Open DNS, the preferred DNS server should be 8.8.8.8, while the alternative DNS server should be 8.8.4.4. See Figure 4.

IPV 4

Figure 4

You may also wish to change the DNS settings on your router – refer to your manual or support for your specific device for further information.

2. Use a firewall or your VPN to block non-VPN traffic

Some VPN clients will include a feature to automatically block any traffic not going through the VPN – look for an ‘IP Binding’ option. If you don’t have a VPN yet, consider getting one from here.

Alternatively, you can configure your firewall to only allow traffic in and out via your VPN. You can also change your Windows Firewall settings:

  1. Make sure you’re already connected to your VPN.
  2. Open the Network and Sharing Center and make sure you can see both your ISP connection (which should show up as “Network”) and your VPN (which should show up as the name of the VPN). “Network” should be a Home Network, while your VPN should be a Public Network. If either of them are set to something different, you’ll need to click on them and set them to the appropriate network type in the window that opens.
  3. Make sure you’re logged in as Administrator on your machine and open the Windows Firewall settings (exact steps for this vary depending on which version of Windows you’re running).
  4. Click on “Advanced Settings” (see Figure 5).
  5. Locate “Inbound Rules” on the left panel and click it.
  6. On the right-hand panel, under Actions, you should see an option for “New Rule…”. Click this.
  7. In the new window, choose “Program” and click Next.
  8. Choose “All Programs” (or select an individual program you want to block non-VPN traffic for) and click Next.
  9. Choose “Block the Connection” and click Next.
  10. Tick “Domain” and “Private” but make sure that “Public” is not ticked. Click Next.
  11. You should be back in the Advanced Settings menu for Windows Firewall; locate “Outbound Rules” and repeat steps 6 through 10.

Windows "Advanced Settings"

Figure 5

3. Regularly perform a DNS leak test

Refer to the section “How do I Tell if my VPN has a DNS Leak?” above for instructions. Prevention is not ironclad, and it’s important to check frequently that all your precautions are still holding fast.

4. Consider VPN “monitoring” software

This can add an extra expense on top of your existing VPN subscription, but the ability to monitor your VPN’s traffic in real time will allow you to see at a glance if a DNS check goes to the wrong server. Some VPN monitoring products also offer additional, automated tools for fixing DNS leaks.

5. Change your VPN if necessary

You need the maximum possible privacy. The ideal VPN will have built-in DNS leak protection, full IPv6 compatibility, support for the latest versions of OpenVPN or the protocol of your choice and have functionality in place to counteract transparent DNS proxies. Try thebestvpn.com’s in-depth comparisons and reviews to find the VPN that offers everything you need to keep your browsing data private.

VPN Beginner’s Guide

What is a VPNVPN’s are one of those “web things” that seem perhaps a bit intimidating when you first hear about them. However, once you get into it, they turn out to be really easy to use.

Today, we’ll demystify the topic of VPNs, what they can do for you, why use them, and how they all work under the hood.

Plus, we’ll give you some recommendations along the way, to help you pick the optimal VPN for your personal needs.

This is the beginner’s guide to the concept of VPN:

  1. What is a VPN
  2. How Does a VPN Work
  3. How Secure is a VPN
  4. Is a VPN Fully Legal
  5. Does a VPN Make You 100% Anonymous
  6. VPNs and Their Logging Policy
  7. Free vs. Paid VPNs
  8. Is a VPN Safe for Torrenting
  9. Can I Use a VPN to Watch Netflix/Hulu
  10. Does a VPN Work on Android/iOS
  11. Does a VPN Work on SmartTV/Kodi
  12. How to Install a VPN on a Router
  13. VPN & Tor Combination
  14. IP Leaks and Kill Switch
  15. When to Use a VPN
  16. When Not to Use a VPN

What Is a VPN

What is a VPNThere are two ways of explaining this: (a) the 100% technologically correct way, and (b) the easier to grasp way that’s actually useful. I subscribe to the latter – especially since this resource is meant to be a beginner’s guide.

From a user’s point of view, all you must know is that a VPN (short for Virtual Private Network) is a service that lets you access the web safely and privately. This is all done by routing your connection through what’s called a VPN server.

If you have a friend who’s an IT professional then their definition might be a bit different, and involving a lot more technical detail (and jargon). However, at the end of the day, the VPN that’s actually a useful tool from a normal user’s point of view, can still be defined by what we’ve said here.

On the face of it, a VPN is something you subscribe to – a product. All you do in order to use a VPN is sign up, download a small app, fire it up, and you’re good to go. But we’ll get into the specifics further down.

How Does a VPN Work

We might have used the following illustration on the site once or twice already, but it still does a great job of explaining what a VPN actually does.

Here’s how things work when you’re connected to the web without a VPN – please excuse the simplicity and just bear with me for a minute:

No VPN connection

Albeit it’s the standard, this sort of connection has some flaws. Mainly all of your data is out there in the open, and whoever wants to take a peek at what’s being transmitted, can.

What do I mean by taking a peek? Basically, this is all due to the way the web is constructed. More or less, what we know as “the web” is basically a bunch of computers (servers) that are responsible for storing websites and then serving them to whoever wants to look at them. Those servers talk with each other all the time.

For example – let’s say that you want to see a website located on a server that’s really far away. If that’s the case then there’s going to be at least a handful of servers that are going to participate in the transfer of this data and ultimately allow you to see the website. Now, the important part is that each of those servers will be able to check what it is that’s being sent/requested. Not great for privacy.

You can think of it like taking a flight to a place that’s on the other side of the globe. On your way, you will interact with clerks, sales representatives, airports, crew, other passengers, etc. Potentially, there’s going to be hundreds of people who can all help in identifying you as you’re going from A to B. The same thing happens on the web, to an extent.

If it’s just a fun website that you’re looking at then no need to worry. It doesn’t matter if someone takes a peek into that or not. But if it’s online banking we’re talking about, business email, or anything else that’s a bit more sensitive – then it’s a whole other story.

Now, here’s how the same connection looks with a VPN enabled:

With VPN

What’s happening now is that your connection goes to the VPN server first – via an encrypted connection – and only then goes through “to the web.”

In other words, you connect through a third party – the VPN server – and then it’s the VPN server that connects to the web on your behalf.

This solves the privacy and security problem for us in a couple of ways:

  1. from the web’s point of view, it appears as if the VPN server is responsible for the traffic, not you,
  2. no one can (easily) identify you or your computer as the source of the traffic, nor what you’re doing (what websites you’re visiting, what data you’re transferring, and so on),
  3. since your connection is encrypted, even if someone takes a peek at what’s being transmitted, all they’ll see is some cobbled up data that doesn’t make sense.

As you would imagine, such a scenario is much safer than connecting to the web the traditional way. But how secure is it exactly? Let’s find out:

How Secure Is a VPN?

how safe is VPNThe topic of VPN security is one that always causes a huge debate among IT pros and people with a horse in the race on either side. But it basically comes down to a couple of factors:

  • 1. There are the technical limitations of the VPN technology itself,
  • 2. The legal ecosystem and jurisdiction that the company providing the VPN has been set up in, plus the company’s own policies and views on “what a good VPN should be” – this has an impact on how the company is legally able to build their VPN.

What all of the above means is that no two VPNs are created alike, and there can be significant differences from one VPN provider to the other in terms of security.

Overall, the “idea of VPN” in itself is a very secure one, but the devil is in the details, so your mileage may vary depending on the provider that you choose.

Let’s break down the two elements mentioned above:

(a) The technologies that are part of a VPN and how they translate to VPN security

When talking about VPNs and their security we need to cover two topics:

  • VPN protocols
  • VPN encryption

Let’s start with the former. While the topic of protocols can be a rather complex computer science concept, all we need to know now is that a protocol is basically a documented procedure or a set of rules that define how something is carried out. In our case, that something is handling data transmission via a VPN.

As you would imagine, there can be different ways of handling that transmission, and depending on the specific VPN that you decide to use, you’ll likely see one of the popular protocols implemented.

The most common protocols are PPTP, L2TP, SSTP, IKEV2, and OpenVPN. Let’s just discuss them briefly so that you know what you’re getting into and what impact your choice can have on your overall VPN security.

  • PPTP (Point-To-Point Tunneling Protocol). This is one of the oldest protocols in use, originally designed by Microsoft. Pros: works on old machines, can be used out the gate with most Windows PCs (comes with the system), and it’s easy to set up. Cons: by 21st century’s standards, it’s barely secure. If the VPN you’re considering subscribing to lets you connect via only this, avoid.
  • L2TP/IPsec (Layer 2 Tunneling Protocol). This is a combination of the PPTP and Cisco’s own protocol – the L2F. Although the idea behind this protocol is sound – it uses keys to establish a secure connection on each end of your data tunnel (so that nobody can take a peek at what’s being transmitted) – the execution of it isn’t actually very safe at all. The addition of the IPsec protocol to the mix improves security a bit, but there are reports of NSA’s alleged ability to break this protocol and see what’s being transmitted. No matter if those are actually true, the fact that there’s a debate at all is perhaps enough to avoid this as well.
  • SSTP (Secure Socket Tunneling Protocol). This is another Microsoft-built protocol on this list. The connection is established with some SSL/TLS encryption (the de-facto standard for web encryption these days). SSL’s and TLS’s strength is built on symmetric-key cryptography – a setup in which only the two parties involved in the transfer are able to decode the data within. Overall, SSTP is a very secure solution.
  • IKEv2 (Internet Key Exchange, Version 2). This one, as you’d guess, is another creation of Microsoft’s. Microsoft has its pawns on all boards, it seems. It’s an iteration of Microsoft’s previous protocols – and a much more secure one at that. It provides you with some of the best security.
  • OpenVPN. This protocol has been designed to take what’s best in all of the above protocols and also do away with most of the flaws. It’s based on SSL/TLS and it’s an open source project, which means that it’s constantly being improved by hundreds of developers. It secures the connection by using keys that are known only by the two participating parties on either end of the transmission. Overall, it’s the most versatile and secure protocol out there.

Generally speaking, most VPNs will allow you to select the protocol through which you want to establish the connection. Obviously, the more secure protocol you connect through (OpenVPN, IKEv2), the more secure your whole session will be.

However, not all devices will allow you to use all these protocols. Since most of them were built by Microsoft, you’ll naturally be able to use them on all Windows PCs. For Apple devices, you will come across some limitations. For example, L2TP/IPsec is the default protocol for iPhone. And Android … well, Android has some problems of its own, which we’ll get to later on.

Then there’s the topic of encryption itself. In its most basic form, encryption works by:

  1. taking some plain data
  2. applying a key to it (for instance, shifting every letter three letters back, so every “E” becomes a “B” and so on – known as the Caesar cipher – the original encryption algorithm)
  3. getting fully encrypted data as a result
  4. that data is then only readable by someone who has that original key used to cipher it.

Modern encryption algorithms work basically just like that, but on steroids – they’re thousands of times more complex than that original Caesar cipher. At the end of the day, the only thing you need to remember is that if your data is being encrypted with the AES algorithm of at least 128 bits then it’s perfectly safe. So if your VPN provides you with that possibility, you can sleep peacefully.

Many of the top VPNs out there actually go even a step above that and offer AES-256 encryption – e.g ExpressVPN (review), NordVPN (review), and Buffered (review)

If you’re interested, you can learn more about encryption here.

At the end of the day, your VPN can be super secure, but it all comes down to the protocol that you’re connecting with and the encryption mechanism that’s used when handling your information.

(b) The legal ecosystem and company’s vision

(Note. None of this is legal advice. Read for entertainment purposes only.)

Being completely honest with you, all good VPN companies will do everything they can to protect your data, your privacy, and your overall security on the web. However, they’re still subject to the law in the jurisdiction they’re in.

Depending on the local law of the country where the VPN was established in, they may be forced by court order to share whatever records they have regarding your activity.

Now, the key part here is that choosing a VPN that’s in another country won’t necessarily solve this issue for you. There are international agreements between countries to share information in cases like that. Of course, depending on your location, if you do enough research, you can find a VPN established in a country that doesn’t have any such agreements in place with your country.

So in the end, you are only secure with a VPN if it’s not only willing and technically capable of keeping your information safe and private, but also if it’s legally allowed to do it.

Actually, let’s tackle this topic a bit more broadly and focus on answering the general question:

Is VPN Legal?In a word, yes. However, not always.

First off, VPN as a concept is somewhat new in “legal years,” so not all jurisdictions have managed to keep up. This means that the rules are murky and can be interpreted in any way.

However, VPNs seem to be okay to use in most countries. Particularly if you’re located in the US, Canada, the UK, the rest of Western Europe. (Important! What matters here is your physical location when using the VPN.)

When it comes to the countries where VPNs are not okay – based on our research, those are: China, Turkey, Iraq, United Arab Emirates, Belarus, Oman, Russia, Iran, North-Korea, and Turkmenistan.

To learn more about the legality of VPN in your country:

  • consult with your local government (duh!),
  • review this in-depth resource of ours – it’s where we go through more than 190 countries and tell you what’s up.

Does a VPN Make You Fully Anonymous Online?

Does VPN make me fully anonymousIn a word, no. But the extent to which it does is still impressive. But let’s hold off on this thought and start somewhere else:

As you already know, when you’re not using a VPN, your connection is fully in the open and every server that’s helping on with the connection can take a peek into what’s being transmitted. On top of that, there’s your ISP (Internet Service Provider), and even the person who owns the Wi-Fi router that you’re connected to (if it’s a public hotspot). All of those parties can find out what you’re transmitting.

Connecting via a VPN solves many of those problems by encrypting your transmission and also making it appear as if it’s the server itself that’s making the connection and not you.

There are still some anonymity issues that stay potentially unsolved:

  • Are there any logs kept by the VPN? More on this in the next section below.
  • The jurisdiction under which the VPN is established. In some cases, they might be legally forced to keep records. In other words, what happens when the government comes asking questions?
  • If you’re paying for the VPN, do they keep payment records? Are those payment records by name?
  • Is the encryption level sufficient and the connection protocol a quality one? We talked about this above.

Overall, not every VPN will protect your anonymity equally. However, if you make your choice wisely, you can avoid most (if not all) of the problems described above. Here’s our comparison of the top VPNs in the market to help you out.

VPNs and Their Logging Policy

VPN logging policiesLogging is the main issue as it relates to VPNs and the level of anonymity and privacy they can provide you with.

Long story short, there are multiple kinds of logs that a VPN can keep:

  • user activity logs,
  • IP addresses,
  • timestamps of when you connected/disconnected,
  • devices used,
  • payment logs if it’s a paid VPN, etc.

Any such logs make you a tiny bit less anonymous since your IP can be connected to a given browsing session that you had. Of course, tying this to you personally is very difficult but still kind of doable if some agency is deliberate enough.

Overall, the fewer logs your VPN keeps the better. With “none” being ideal.

But here’s the kicker, most VPNs these days will tell you that there’s “no logs” when you visit their websites and start reading through the sales material on the homepage. But where you should actually look is their privacy policies.

For example, if you visit PureVPN, you’ll see big headlines saying things like, “complete internet privacy […] remain invisible and invincible,” but their privacy policy page tells a bit different story, quote (emphasis mine):

When and if a competent court of law orders us or an alleged victim requests us (that we rigorously self-assess) to release some information, with proper evidence, that our services were used for any activity that you agreed not to indulge in when you agreed to our Terms of Service Agreement, then we will only present specific information about that specific activity only, provided we have the record of any such activity.

As you can see, it’s all in the details. Anyways, we did the research for you – here’s our big roundup of 118 VPNs and their logging policy. Check it out when picking your VPN.

FREE VPNs vs. Paid VPNs

FREE vs. paid vpnIn general, free VPNs are something you should be careful with. The first thing to realize is that running a good VPN costs serious money. There’s a lot of servers involved (and those cost money), a lot of data transfers being made over the web (and that costs money too), a lot of other infrastructures (real estate, electricity, etc.), and so on and so forth. So if at the end of it all the product is completely free for you, it probably means that some compromises have been made along the way.

Maybe the VPN is logging your activity for their own reasons. Maybe there’s a filter on your traffic displaying ads to you. Maybe someone is paying for access to your logs or the ability to advertise to you. Either way, the situation is not perfect.

On the other hand, paying for a VPN isn’t actually such huge of an investment anyway. We’ve tested a number of great solutions that go around for as little as $3-5 per month, which doesn’t seem a lot in exchange for peace of mind and improved online privacy.

How Much Does a VPN Cost?

Just as I mentioned above, you can get a quality VPN for as little as $3-5 a month. Actually, the average out of 31 popular VPNs is $5.59 a month, which tells you a lot about what sort of an expense this usually is. VPNs that cost more than $10 are really uncommon, and there’s not a lot of reason to buy them since there are more affordable solutions out there.

Additionally, most VPNs also give out big discounts if you’re willing to subscribe for one or two years up front, instead of renewing your subscription monthly. For example, Private Internet Access – a VPN that we very much enjoy – costs $6.95 if paid monthly, but $39.95 when paid annually (which translates to $3.33 per month – that’s over 50% off).

We have a more in-depth pricing comparison table here (roughly in the middle of the page). And if you’re strapped for cash, you can also check out our roundup of the currently cheapest VPNs and fastest VPNs.

Can You Use a VPN for Torrenting Safely?

vpn for torrentingIn general, yes, but that depends on the specific VPN that you’re using and also the kind of things that you are torrenting.

Let’s start with that second part – what you’re torrenting.

In general, torrenting is just a common name for a specific protocol used to transfer data and files over the web. Although it gets a lot of bad rap overall, torrenting is perfectly okay and legal if you’re transferring files that you have the rights to. Piracy, on the other hand, is completely illegal regardless of the tools that you use to do it.

Then, there’s the VPN’s own policy regarding torrenting and how it’s handled.

Most of the quality VPN solutions in the market will allow torrenting. According to our research, for example, you can torrent with: ExpressVPN, Buffered, VyprVPN, PIA, NordVPN.

When it comes to the security aspect of torrenting, it all comes down to the VPN’s aforementioned policies regarding things like logging or sharing your user data. In general, if a VPN doesn’t keep logs overall then they also don’t keep them for your torrent activity.

Another aspect that’s also worth considering when choosing a VPN for torrenting are the download speeds that the VPN can offer you. Of course, this sort of information is not advertised anywhere so it’s hard to come by, most of the time you only find out after you buy the VPN. However, we did some testing of our own and based on it, we can recommend these VPNs for their good download speeds: ExpressVPN, VyprVPN, PIA, and Buffered.

Can I Use a VPN to Watch Netflix and Hulu?

VPN for netflixYes. But like with most things on this list, it all comes down to the specific VPN that you use.

The problem with Netflix overall is that even though it’s now available in over 130 countries, not all shows are distributed equally. Due to complicated licensing agreements that were established before Netflix’s big international rollout, various TV stations retain the rights to even some Netflix’s own shows, which effectively prevents Netflix from legally making those shows available on their platform. Complicated legal stuff, but VPNs can help here.

The way that Netflix and Hulu block some of their content in parts of the globe is based on location filters. Meaning that if you’re in a country that’s banned, you’re banned.

VPNs make this easy to fix. Since you can select the server that you want to connect with, all you need to do to unlock certain Netflix shows is to simply connect with a server which is in a country where that show is available. That’s all.

We have a comprehensive post on how to watch Netflix via a VPN + the best VPNs that allow you to do that right here.

Does a VPN Work on Android and iOS?

Again, that’s a yes.

Many of the top VPN services out there also let you download mobile apps for either Android or iOS.

Here are our best VPNs for Android: PIA, Tunnelbear VPN, ExpressVPN.

Both platforms let you set up a VPN connection rather easily. For instance, on iPhone, you can do that in Settings → General → VPN.

With all that being said, be careful if you’re tempted by any of the free VPN apps for either Android or iOS. There’s research by a team of specialists (from CSIRO’s Data61, the University of New South Wales, the International Computer Science Institute and the University of California Berkeley), going through more than 280 free Android apps that use Android VPN permissions. The research reveals that 38% of those apps include malware, 84% leak users’ traffic and 75% use tracking libraries. So there’s that.

Does a VPN Work on Kodi/SmartTV?

Your smart TVs and Kodi boxes are yet another things that require a live internet hookup in order to provide you with their goodies. And with that, a VPN can help you keep those streams private so that only you and the service itself know what you’re watching.

There are two ways in which you can enable a VPN connection on your smart TV:

  • configure it on the device itself,
  • configure it right on your router – effectively protect your whole home network and everything that’s connected to it (we will cover this in the next section below).

Let’s focus on the former here. In overall, many of the quality VPNs come with the ability to configure them right on your smart TV. For example, VyprVPN – which is one of our recommended VPNs – comes with an app for Android TV, and also with detailed instructions for Kodi/OpenELEC and Apple TV. Other VPNs in the market provide you with similar options.

Some of the networks that support smart TV devices and boxes: ExpressVPN, VyprVPN, NordVPN.

How Do I Install a VPN on My Router?

How to install vpn on routerInstalling a VPN on your home router is the best way to make sure that everything that’s connected to that router is put through a safe VPN connection. In that scenario, you no longer need to install individual apps on your mobile devices, laptops, smart TVs or anything else with web access.

The first order of business is to make sure that your router is compatible with VPNs. This can be done on the website of the manufacturer that produced the router. Often, most DD-WRT and Tomato-boosted FlashRouters are compatible with VPNs.

The specific steps involved in setting things up differ from VPN to VPN. Your specific VPN provider likely has a dedicated section on their website devoted to explaining how to carry through with the process. For example, here’s how to do this if you’re with ExpressVPN and here’s PIA.

We also have an example demonstration of how it’s done on most DD-WRT routers on this page (near the bottom).

In the end, the installation is quite simple, and it only involves you logging in to your router and then filling out a couple of standard forms – nothing you won’t be able to handle.

VPN & Tor – How to Use the Combination

Even though Tor and VPN are fundamentally different, they can still be used together for maximum security and online privacy.

  • Tor gives you the ability to access the web by routing your connection through a number of random nodes, while also encrypting that connection at every stage.
  • VPN gives you access to just one server at a time. However, the nature of it is a bit different in principle, and therefore we can’t say things like “Tor or VPN is better than the other”.

(We talked about the differences between Tor and VPN in detail on this site already, feel free to visit that post to get the full picture.)

One of the good things about Tor is that you can use it 100% free and there are no built-in limitations to that free version. All you need to do is grab the official Tor web browser. Once you have it, you just need to fire it up like your standard Chrome or Firefox browser, click the connect button, and you’re up and running.

Due to this way in which Tor works, you can combine it with your VPN setup. All you need to do is:

  1. Enable your VPN connection normally – via your VPN’s official app. From this point on, everything that involves communicating with the web goes through your VPN.
  2. Open your Tor browser and connect with Tor.

At this stage, you have VPN running on top of your Tor connection (or the other way around).

The main downside with such a setup, is that it’s going to be much slower than your standard, VPN-only connection. Tor on its own slows down your experience noticeably, and when combined with a VPN on top of it, the results can be even more dramatic. On the plus side, it gives you super privacy, which is a huge plus.

IP Leaks and Kill Switch

ip leaks and kill switchLet’s start with kill-switch since it’s a crucially useful feature offered by quality VPNs.

Kill-switch

In simple terms, a kill switch is a feature that will automatically kill your internet access if the encrypted, safe connection should ever drop. In other words – if there’s any connectivity issue at all, the kill switch will trigger and block all activity until the connection comes back up.

In an alternative scenario, if your VPN doesn’t have a kill switch and any connectivity issue arises then it’s probable that your device might attempt to restore the standard, unprotected connection, thus exposing what you’ve been doing up until that point.

According to our research, the following VPNs have a kill switch: ExpressVPN, PIA, VyprVPN, SaferVPN.

IP leaks

IP leaks are a known vulnerability with some setups that people use to access the web. However, this is not entirely a VPN problem at its core.

IP leaks can happen when your VPN fails to hide your actual IP as you’re browsing the web. For example, you want to access a geo-restricted show on Netflix, so you change the server to an approved country and reload the page. However, you realize that the content is still blocked. This means that your real IP might have just been leaked.

The best VPNs all have some clever scripts programmed into their apps to minimize this risk. However, as I mentioned, your IP leaking is not always the VPN’s fault. Sometimes the configuration of your computer and the many apps within are to blame. Even the browser you use and the add-ons installed in it can cause IP leaks.

When to Use a VPN

There are a number of good reasons to use a VPN, here are some:

  • It encrypts your activity on the web.
  • It hides your activity from anyone who might be interested in taking a look.
  • It hides your location, enabling you to access geo-blocked content (e.g. on Netflix and other sites).
  • Makes you more anonymous on the web.
  • Helps you keep the connection protected when using a public Wi-Fi hotspot.

Overall, use a VPN if your web privacy, security, and anonymity are important to you. Roughly $3-5 a month is little price to pay for all that.

When Not to Use a VPN

As predictable as this may sound, we really see no good reason not to use a VPN if you’re taking your online security and privacy seriously.

VPNs are just incredibly useful as another layer of security on top of SSL protocols on websites, having a good antivirus, not downloading shady email, not sharing too much private information on social media, and so on. In overall, they’re your next step towards using the web more consciously and with sufficient precautions set up.

There are not many downsides to them. Perhaps the only one being that your connection can sometimes slow down – after all, you’re routing your data through an extra server.

What do you think? Are you convinced of the idea of a VPN and think about getting one? Take a look at our plentiful reviews comparing more than 35 popular VPNs.

10 Cheapest VPNs of 2018

Cheapest VPN services
Some VPN services offer huge discounts when you sign up for a longer period of time (2 years).

The marketplace for Virtual Private Networks is filled with countless service providers who claim to have the “Fastest and Most Affordable” VPN on the market.

As most of you probably know, 99% of these claims are absolutely bogus.

Cheap VPNs are notoriously unreliable, un-secure, and painfully slow, but there are a few hidden gems among the rubble that are worth your time and (an admittedly small portion of) your hard earned money.

To help you find the perfect VPN that keeps your wallet full and your browsing activity secure, I’ve compiled a list of the 10 cheapest VPN providers in 2018.

Over the course of this guide, I’ll not only be reviewing the pricing plans available for each provider, but I’ll also be looking at the speeds, servers, customer support, and a whole host of other factors to help you decide which cheap VPN is right for you.

 

The 10 Cheapest VPN Providers in 2018

We’ve reviewed more than 30 VPN on thebestvpn.com and the VPNs contained in the following list were handpicked for their affordability and performance.

While there are cheaper VPN services that you can find, we included only the best providers who delivered a high-quality service in addition to a budget-friendly price.

So without any further ado, let’s dive in.

1. PureVPN: $2.95/mo

PureVPN is the cheapest paid vpn

Headquartered in Hong Kong, PureVPN is (by far) the cheapest provider on the entire list. Although their one month and 6-month plans are far from budget-friendly, costing $11.95 a month and $8.95 a month respectively, they offer an unbeatable 2-year pricing package for only $2.91/month! 

The 24-month pricing does require that you pay for the entire 2-year period up front meaning that a subscription with PureVPN will set you back $69.99 for the next two years.

In exchange for this relatively nominal sum, PureVPN customers receive the following features.

  1. 790+ Servers including P2P optimized servers in 141 countries
  2. Unlimited Data and Bandwidth
  3. 24/7 365 “Live” Customer Support
  4. Compatibility with all major devices and access to all major protocols.
  5. Much more

With no renewal fees and the option to pay with PayPal, Debit Card, Alipay, Paymentwall, Coin Payments, Cashu, and even gift cards, it’s easy to see why PureVPN has become the go-to budget provider.
And they don’t stop things there.

In addition to their incredibly affordable 24-month plan, PureVPN also runs regular promotions and discounts to entice potential customers even further.

A few recently concluded specials from PureVPN include:

  • Summer Sale Offer: Buy 1 year and get 2nd year for FREE
  • Holiday Season & Christmas Offer: Grab 2 years of VPN for the Price of 1.
  • Black Friday & Cyber Monday Deal: Double Up Offer for any PureVPN Subscription Plan for FREE.

Click here to see PureVPN in-depth review and speed test (it’s slow!).

2. Private Internet Access: $2.91/mo

PIA is very cheap - $3.33/mo

Although it might be the second provider on the list, Private Internet Access or PIA is one of my all-time favorite VPNs.

PIA offers some of the most budget-friendly pricing plans that I’ve ever seen regardless of the length of time that you choose to use their services. With their yearly pricing package coming in at a mere $3.33/mo and 2 year plan at $2.91/mo PIA is one of the most affordable VPN providers in the world.

Here’s a complete breakdown of their pricing plan.

  • Monthly: $6.95
  • 2 Years: $2.91/month billed at $69.95 every 24 months
  • Yearly: $3.33/month billed yearly at $39.95

Although PIA does not increase the price for your subscription after the initial billing cycle, it does state in their privacy policy that they reserve the right to alter the fees associated with their services which would be reflected after the initial one, six, or twelve month period.

Unlike PureVPN, PIA doesn’t directly offer coupons and regular discounts on their site and I have yet to see any holiday specials or last minute deals that would significantly affect their price.

However, when you consider what you get in exchange for the money, it becomes abundantly clear why PIA is one of the leading VPN providers regardless of your budget.

For only $2.91/month, PIA gives you access to more than 3,000 servers across 25 countries, unlimited bandwidth, P2P support, an ads blocker, SOCKS5 proxy, and access to all major VPN protocols. 

At this time, PIA allows payments to be made with all major credit card providers, PayPal, Bitcoin, Amazon Pay, Cashu, OKPAY, Mint, and Z-cash.

Click here to see Private Internet Access in-depth review and speed test.

3. Trust.Zone: $3.33/mo

Trust.Zone is another cheap VPN provider

As the third cheapest VPN on this list, Trust.Zone is one of the best budget providers on the market today and they provide users with a premium level VPN service for less than the price of a monthly latte.

At only $3.33/month for their yearly plan, Trust.Zone is almost as cheap as PIA although the monthly and quarterly plans are a bit pricier.

  • 3 Day Free Trial: $0 and 1-Gb of bandwidth
  • Monthly: $6.99
  • 3 Months: $4.95/month billed quarterly at $14.85
  • Yearly: $3.33 billed annually $39.95

Like PIA and PureVPN, Trust.Zone doesn’t change the price of your plan once you are locked in, so what you see is what you get, and you get a quite a bit.

  1. 131 locations
  2. Unlimited data transfer
  3. Unlimited bandwidth
  4. 3 simultaneous connections
  5. Unlimited server switching
  6. 1 click install & run software

Although Trust.Zone rarely runs sitewide specials, if you are willing to search the web, they do offer a plethora of discounts and coupons, many of which allow you to enjoy their services for more than 50% off!

Trust.Zone also gives their customers a wide variety of payment methods to choose from including debit card, PayPal, Qiwi Wallet, Bitcoin, WebMoney, and Alipay.

Click here to see Trust.Zone in-depth review and speed test.

4. SaferVPN: $3.49/mo

SaferVPN review

Israel-based SaferVPN is another great provider that comes armed to the teeth with incredible features and benefits while charging less than $4 a month.

While their monthly and annual pricing packages won’t win them any awards with more frugal consumers, at only $3.49/month, their two-year plan is hard to beat.

  • Monthly: $9.99
  • Annually: $5.13/month billed annually at $71.99
  • Bi-Annually: $3.49/month billed bi-annually at $83.77

At the time of this writing (November of 2017) they are also offering a significant “Buy One Get One” discount meaning that you can purchase 2-years of SaferVPN’s services for only $71.96 or one year for $41.95

Like many of their competitors, SaferVPN does not charge a renewal fee after the initial billing cycle so there’s no need to worry about getting hit with a nasty (and unexpected) upcharge when your service renews.

SaferVPN regularly runs steep discounts and holiday specials (like the one mentioned above) so if you do need to stretch your budget as far as possible and are willing to wait until the next holiday, you can often purchase their services at a 50% discount or higher.

In exchange for your subscription fee, SaferVPN provides all of their customers with unlimited bandwidth, speed, and server switching, compatibility with all major devices, and access to more than 700 servers across 34 countries.

Click here to see SaferVPN in-depth review and speed test.

5. Ivacy VPN: $4.08

Ivacy review

Charging only $4.08/month for their 2-year pricing plan, Ivacy VPN is one of the best budget providers on the market.

Here’s how their pricing plans work out.

  • Monthly: $9.95
  • 6 Months: $7.49 billed every six months at $44.95
  • 12 Months: $4.08 billed every year at $71.99

After reviewing their ToS I can confirm that Ivacy does not charge a larger renewal price after the initial billing cycle so your prices are locked in until the company decides to increase their service prices sitewide.

Although Ivacy’s basic plans might not be the most budget-friendly options on this list, they regularly run insane specials that allow you to secure your VPN service for a significantly reduced rate.

In fact, over the past six weeks, the company has been offering an insane discount, allowing customers to purchase 2-years of VPN service for less than $2.04 a month!

So if you are on a budget or you don’t need a VPN today, wait until Ivacy’s next big sale and you will be able to steal 24 months of VPN service for only $50.

Ivacy does offer a 7-day money back guarantee to comfort any hesitant buyers, however, this refund is only applicable if you stay under 7 Gb of bandwidth usage and 30 sessions so keep a careful eye on your browsing bandwidth.

Like the other providers on this list, Ivacy allows customers to make their purchase using a wide variety of different methods including card, PayPal, BitCoin, Perfect Money, and Payment Wall.

Your VPN subscription includes access to 200 servers (many of which are P2P optimized), unlimited bandwidth, a 0 logging policy, a killswitch, and access to all major VPN protocols.

Click here to see Ivacy in-depth review and speed test.

6. VPN Unlimited: $4.17/mo

VPN Unlimited pricing

Founded in 2013 under the umbrella of Keep Solid Inc. VPN Unlimited has quickly gone from the new kid on the block to one of the leading budget VPN providers on the market, and it’s easy to see why. 

  • 7 Day Free Trial
  • Monthly: $9.99
  • 12 Months: $4.17/month (billed annually at $49.99)
  • Infinity Plan: Unlimited lifetime access for $149.99

Yes, with VPN Unlimited, you can purchase lifetime access to their VPN service for only $149.99. Considering that their annual pricing plan only costs $4.17/month it should be pretty easy to see why VPN Unlimited has become so popular.

As an added bonus, VPN Unlimited allows you to pay with almost any method imaginable. From cards, to PayPal, to Bitcoin, to Subway gift cards (no I’m not kidding), there aren’t many limits to how you can pay for your subscription.

Luckily, there are no sneaky upcharges or pricing modifications after your first year of service. The prices listed above are locked in as long as you keep an active subscription with VPN Unlimited… Or until they decide to increase the rate across their entire company. 

Your subscription includes access to more than 1,000 servers across 70 countries, compatibility with most major devices, access to all major VPN protocols, and a five device simultaneous connection limit.

Click here to see VPN Unlimited in-depth review and speed test.

7. VPNArea: $4.92/mo

VPNArea cheap cost

Charging their customers a relatively small fee of $4.92/month, VPN Area has a feature rich and affordable service that is sure to delight the budget VPN enthusiast.

  • Monthly: $9.90
  • 6 Months: $8.33 billed every six months at $50
  • 12 Months: $4.92 billed every year at $59
  • (Sadly there is no 24-month offer available at this time)

There are no upcharges or changes to the original price after your first billing cycle but, as always, you should be aware that the company’s ToS does allow them to change the market price of their services which could result in an increase to your subscription.

At this time, VPN Area allows their customers to pay with only a handful of options including MasterCard, Visa, PayPal, Bitcoin, and Payza.

I haven’t seen the company run very many public promotions, however, I do know that there are numerous coupons and affiliate discounts available to the savvy bargain hunter.

In exchange for your patronage, VPNArea gives their customers access to hundreds of server across 69 countries, a 6 device simultaneous connection limit, a no logging policy, and unlimited bandwidth.

Click here to see VPNArea in-depth review and speed test.

8. CyberGhost: $5.49/mo / $1.99* (7 year plan)

CyberGhost homepage

At $4.99 a month for their yearly plan CyberGhost wins the award for both “The most expensive cheap VPN” and “The VPN With the Coolest Sounding Name Ever”.

Although they slid onto this list with a price tag that’s only $0.01 under the $5/month mark, CyberGhost brings a lot to the table.

  • Monthly: $10.99
  • 6 Months: $7.99 a month billed twice a year at $47.94
  • Yearly: $4.99

CyberGhost is far from the cheapest provider on this list and, considering that they don’t offer many discounts or specials, they might not be the best option for someone on a particularly tight budget. (unless you opt for their free version)

Although there are no renewal fees, CyberGhost has been known to change their pricing plans on a pretty regular basis so it’s difficult to determine whether they will still be considered a “Cheap VPN” this time next year.

They offer a much more limited selection of payment options for potential customers and you can only purchase CyberGhost using a card, PayPal, or Bitcoin.

The contents of your CyberGhost subscription are pretty standard fare and include, access to over 1,000 servers, unlimited bandwidth, 5 device simultaneous connection, no logging policy, and an ultra-strong double encryption.

Click here to see CyberGhost in-depth review and speed test.

9. ZenMate: $4.99/mo

Zenmate VPN review

At $4.99 a month for their yearly plan, ZenMate isn’t the cheapest provider on this list, but they are a far cry from “premium pricing”.

Here’s how all of their pricing plans break down.

  • Monthly: $8.99
  • 6 Months: $7.49 a month billed twice a year at $44.99
  • Yearly: $4.99 billed annually at $59.99

There are no upcharges on the initial price, but like the other providers on this list, ZenMate’s ToS clearly states that they reserve the right to increase or alter their pricing packages so if you do purchase a ZenMate subscription, be sure to keep a weathered eye on their pricing page.

While compiling my research for this list, I found a number of websites and third-party companies claiming to offer coupon codes for ZenMate, but my success rate with the codes was less than 10%.

Unlike many of their competitors, ZenMate doesn’t seem particularly fond of holiday specials or special discounts so it’s unlikely that you will be able to find their services for any cheaper than the above prices.

As far as payment methods go, ZenMate severely limits your options and only allows payments to be made via card, PayPal, or UnionPay/Qiwi Wallet.

ZenMate is compatible with all major devices and they provide their customers with unlimited bandwidth, servers in 30+ countries, and fully functioning applications for your mobile devices.

Click here to see ZenMate in-depth review and speed test.

10. Hide.Me: $4.99/mo
hide.me review

Although they offer more premium packages that will set you back almost $20/month, Hide.Me’s “plus” VPN tier offers customers an affordable and reliable way to secure their browsing experience.

  • Monthly: $9.95
  • 6-Months: $6.65 billed at $39.95 every six months
  • Annual: $4.99 billed yearly at $49.99

Hide.Me does not increase the rate of your subscription after the first billing cycle and they allow customers to pay with a card, PayPal, Bitcoin, and PayNearMe to ensure that your transaction is completely anonymous.

All purchases are protected by a 14-day money back guarantee and the company regularly runs promotions and giveaways that allow you to purchase their services for about 35% off during select seasons.

Customers receive access to all major protocols, a VPN that is fully compatible with all major devices, a no logging policy, and P2P support.

Click here to see Hide.me in-depth review and speed test (slow download speed).

What About the Renewal Prices?

While all of the VPNs on this list offer a “What you see is what you get” pricing plan, there are plenty of cheap providers who will enroll their customers in an annual subscription at a discounted rate only to change the pricing agreement right before the renewal period.

If you do find another cheap VPN that isn’t included on this list, be wary of hidden renewal fees and read their Terms of Service very carefully (actually read it) to make sure that you don’t get roped into paying double the agreed upon rate.

The Best VPNs for Netflix and Torrenting

For those of you looking to stream Netflix or anonymously torrent files, you don’t have to purchase an expensive premium VPN in order to do so.

In fact, the following cheap VPNs will suit your needs just fine.

Cheap VPNs that Allow Torrenting:

  1. PIA
  2. Trust.Zone
  3. Ivacy
  4. CyberGhost
  5. Hide.Me
  6. VPN Area

Cheap VPNs that Work with Netflix 

  1. Trust.Zone
  2. Zenmate
  3. Ivacy
  4. Hide.Me
  5. VPN Area

*Please note that due to the nature of using a VPN with Netflix, compatibility can change (literally) overnight so please do your due diligence before purchasing a VPN based solely on its Netflix Compatibility.*

Are These Cheap VPNs Safe?

It’s important to note that just because a VPN is affordable does not mean that it’s safe to use.

The safety (or lack thereof) of a given VPN is typically dependent on two things.

  1. Their jurisdiction
  2. The logging policy of the provider

While the logging policy is pretty straightforward (the fewer logs the better) I want to take a moment to discuss VPN jurisdiction.

Ever since Edward Snowden executed his infamous data breach, leaking hundreds of thousands of classified NSA files, the general public realized that our private lives aren’t quite as private as we’d like to believe.

VPN jurisdiction

In fact, there is a partnership known as the “Five Eyes Agreement” between the U.S., UK, Australia, New Zealand, and Canada that effectively allows each country to collect, analyze, and share sensitive data with one another, effectively circumventing the privacy laws of each respective nation.

For example, if there is a law that prevents the United States government from legally surveying and spying on one of their own citizens, they can easily sidestep this law and request that one of their partners do the dirty work for them.

Meaning that the privacy laws of each nation are effectively rendered null.

But things don’t stop there.

The five countries created a “Third Party Partnership” with Denmark, France, Holland, and Norway, thus expanding the initial network to “Nine Eyes”.

But wait! There’s more.

If that wasn’t enough, the original five eyes partners expanded their network once again adding Germany, Belgium, Sweden, Spain, and Italy to their list of partners.

The Snowden leaks also confirmed that Singapore and South Korea are also limited members of the new “14 Eyes” partnership.

So what does this have to do with VPN safety?

Basically, if you are using a VPN that is located anywhere within the 14 eyes partnership, the safety and privacy of your information are brought into question.

Although you should have very little to worry about if your VPN provider upholds their no logging policy, it’s important that you are cognizant of this partnership and its ramifications on your personal security.

Should I Choose an Expensive vs. Cheap VPN Software?

As with most things in this world, the answer to this question is far more complicated than it might first appear.

There are numerous factors to consider when selecting a VPN provider and the impact to your wallet is only one of those factors.

One of the most important things that you can remember is that a VPN is about your personal security and privacy.

Choosing the right VPN could be the difference between having all of your banking and personal information stolen and successfully thwarting a would-be hacker.

Choosing the right VPN can mean the difference between having your personal emails sent all over the internet and keeping your sensitive data safe and sound where it belongs.

If you live in or are visiting a country with draconian censorship laws, choosing the right VPN could literally mean the difference between life and death. 

When you take these realities into consideration, it should quickly become apparent that finding the most budget-friendly VPN should never be your goal.

Finding the most effective VPN to suit your goals should. 

While I personally believe that ExpressVPN is the best all-around VPN for 99.99% of consumers, if you do have real budget constraints, something like Private Internet Access or SaferVPN is probably your next best bet.

Cheap VPN Review Conclusion

At this point, it’s my hope that this guide has provided you with all of the information and insight you need to select the ideal budget VPN for your needs.

While every provider on this list offers a quality service, there can be only one “Lord of the Ring” er… Winner.

With every factor taken into consideration, Private Internet Access is the undisputed champion of the cheap VPNs.

I hope that this guide provided you with everything that you need to find the best and fastest VPN to suit your needs.

These are my results, but what about you? Have you used any of the VPNs on this list? If so, what was your experience like? Let me know in the comments or write your own review using the box below. 

Online Privacy Guide

Online privacy is a topic that grows in importance every single year. With more and more web services, connected apps, and even home assistant devices that are gaining in popularity, it’s now more crucial than ever to understand what the dangers to your online privacy are and how to protect it consciously.

This online privacy guide is all about that.

Here are 19 actionable steps to help you remain anonymous on the web and protect your online privacy. No sophisticated computer knowledge required.

 

1. Consider getting a VPN

Normally, your connection to the web is unprotected by anything. It’s just your computer requesting a website (or a service, or a tweet, etc.) and then the server providing that website to you.

What’s problematic from an online privacy point of view here is that such a connection is public, can be intercepted, and every server helping on with the connection along the way can take a peek into what’s being transmitted. If it’s a sensitive email (or anything to that nature) then you really don’t want that.

This is where a VPN comes into play. VPN (or Virtual Private Network) is a service that allows you to connect to the web safely by routing your connection through a VPN server before it gets to its destination.

Here’s a quick visualization of what your connection looks like without and then with a VPN enabled:

what a VPN does for your online privacy

What a VPN actually does is encrypting the connection so that even if someone intercepts it, the information within will be scrambled and unreadable. In fact, no intercepting party will be able to determine where the connection is coming from or what it is about, thus giving you improved online privacy.

Even though the concept might seem complicated and intimidating at first, modern VPNs are actually very easy to use and don’t require any technical skills like server configuration or routing. All you need to do is literally install your VPN of choice and enable it with a single click.

We have a comparison of the best VPNs on the market right here. Many of the top VPN solutions also offer versions for mobile devices.

Be careful with free VPNs

VPN services are great. That’s more than true. However, not universally across the board.

As someone once said, “if you’re not paying for the product, then you’re the product”. And this is even more concerning considering that we’re dealing with the topic of online privacy. At the end of the day, no one wants to have their data compromised or sold to a third party purely because they failed to read the fine-print when signing up for a seemingly great free VPN service.

2. Use the privacy/incognito mode

All current versions of web browsers like Chrome, Firefox, Opera come with a privacy mode.

For example, in Chrome, if you press CMD+SHIFT+N (Mac) or CTRL+SHIFT+N (Win), you will open a new tab in privacy mode. In that mode, the browser doesn’t store any data at all from the current session. This means no web history, no web cache, no cookies, nothing at all.

incognito mode

Use this mode whenever doing anything that you’d prefer remain private and not able to be retrieved at a later date on the device that you’re using.

However! Let’s make it clear that privacy modes don’t make the connection more secure in any way. They just make it private in relation to your own device – meaning, they make it private on your end only.

(Privacy modes are also available in mobile browsers.)

3. Block web activity trackers

The main online privacy concern with the modern web is that you’re basically being tracked everywhere you go.

And this is not only about ads. Basically, every website that you visit will attempt to track your activity in multiple different manners. Just to name a few:

  • Traffic analytics – used commonly by most websites to get a better understanding of their audience, where they’re from, what devices they’re using, how much time they’re spending on the website, what sub-pages they’re interacting with, and so on.
  • Current location – commonly used by functional widgets like weather widgets, “near events”, and so on. But also used for general tracking and data analysis.
  • Social media – used to show you people’s activity in relation to the page or article that you’re reading. A specific example of this is the Facebook pixel:
  • Facebook pixel – those are meant to connect your activity with your Facebook profile, thus giving Facebook a better understanding of what your behavior is and what to show in your news feed (including which ads you’re most likely to enjoy).
  • Media trackers – for example, if there’s a YouTube video on the page, that video block is connected to your other YouTube activity, thus having an impact on what kind of videos YouTube is likely to recommend you next.

All of those trackers can make websites slower and generally less safe to use.

One of the viable solutions is to use a tool like Ghostery. It’s free and has versions for all major web browsers. The installation is simple, and it basically starts working right out the box.

Ghostery settings

4. Use ad blockers

Various sources (e.g. 1, 2) indicate that Google serves around 29 billion ads every single day.

But that’s only Google. What about Facebook? What about all the in-house ad inventory handled by webmasters themselves, without any ad network in between? It’s not unreasonable to estimate that the total number might grow to even 60 billion.

In simple terms, ads are everywhere. But their sole existence isn’t problematic from an online privacy point of view.

What is problematic is that ads are not “closed black boxes”. It’s quite the opposite – they take in a lot of data, “listening” to what you’re doing and taking note of every click and every action you take. That data can then be used to follow you on the web and serve you even more targeted ads the next time around.

All of the above is common market practice. It’s not illegal to do any of it. In fact, all those tracking algorithms are considered clever for how effective they are.

But then there’s also the other side of the coin. Some ads go even further and try to infect your computer with malware, trick you into installing unsafe software, or try getting accidental clicks by hiding the fact that they are ads in the first place (impersonating the design of the site they’re on).

The best solution to not get affected by any of this is to simply block ads altogether. The easiest way to do that is by installing an ad blocker extension in your browser. Such an extension will block out any ad and prevent it from displaying. Ad blockers usually work right out the box with no configuration needed.

5. Use WhatsApp or Viber for messaging

Not all online communication is equally secured or protects your online privacy enough.

For example, email in itself isn’t the most private form of communication due to all the connection layers and different servers that participate in order to get the email to its destination.

Using solutions like Facebook Messenger or direct messages on Twitter raises whole other privacy concerns related to those corporations’ agendas and ways of handling user data. It wasn’t that long ago when we heard about 32 million Twitter passwords potentially getting hacked and leaked, for instance.

A much better solution is to use other tools for casual communication and even sensitive conversations. Tools like WhatsApp and Viber, even though seeming like something that your younger cousin might use, are, in fact, top-of-the-line when it comes to making sure that whatever’s been said via the tool’s communication lines remains private.

Both WhatsApp and Viber employ end-to-end encryption. They even come with multiple mobile and desktop apps.

More than that, both apps also now enable voice calls, which presents a much safer and more private alternative to classic phone calls.

6. Don’t input sensitive personal data on non-HTTPs websites

In simple terms, HTTPS is the secure version of HTTP – the standard protocol that’s used to send data between your web browser and the website you’re reading.

Checking whether you’re connected to a website via HTTPS is very simple. All you need to do is take a look at your browser’s address bar and notice if the address starts with https:// plus if there’s a green padlock icon next to it. Like so:

paypal (https secure)

The important thing to remember here is to never enter any sensitive information on websites that don’t have HTTPS enabled. This includes things like your credit card information, social security numbers, address information, or anything else that you don’t want to have compromised.

Unfortunately, there isn’t “a fix” that you can do if a given website doesn’t have HTTPS. You simply have to avoid websites like that.

7. Clear your cookies regularly

Cookies are a popular term on the web, but very few people realize what they actually are. Technically speaking, cookies are quite simple. They’re just small text files that are kept on your computer (and your mobile devices as well). They store small packets of information related to your personal activity in connection with a given website.

The most classic use of a cookie is to keep you logged in to a certain website and not force you to re-enter your credentials every time you come back. But cookies can go much further than that.

These days, they’re also commonly used to store your shopping cart items (in case you decide to abandon your cart but then come back to the site later on and continue shopping), or to keep track of the content that you read previously on the site (thus helping with future content suggestions). These are just two of tens of possibilities.

Cookies are perhaps impossible to avoid entirely. If you disable them altogether, you’re effectively making it nearly impossible for yourself to use sites like Facebook, Twitter, most e-commerce stores, or other services where login is required.

What you can do, though, is at least clear your cookies occasionally. This can help keep your browser clean and also not let some websites take advantage of older cookies that they set up maybe even months ago, thus making it more difficult to track your online habits.

8. Only use secure email

As we said above when discussing online messengers (in #6), email is not the most secure form of communication online. On the other hand, it’s hard to imagine our life without email entirely, so, in some situations, we just need to bite the bullet and use email anyway.

However, there are still things that we can do to make it more secure.

First off, you can say goodbye to free email solutions like Gmail or Outlook.com, and instead opt for a premium one. One of the viable alternatives in that realm is the secure email service Tutanota that comes with a fully encrypted mailbox.

Other than that, you can attempt to add another layer of encryption on top of your existing free email inbox. For instance, if you use Gmail, you can get this Chrome extensions, which will enable end-to-end encryption on your messages as well as attachments. This sort of encryption makes sure that your conversation remains private.

9. Review the permissions given to your mobile apps

Each app that you have on your iPhone, iPad, or Android device requires a certain set of permissions to deliver its functionality. Sometimes, though, certain apps become too demanding in this department, requesting access to more than seems necessary to make the app operational.

If you ever caught yourself wondering, “Why does a recipe app need access to my location all the time?” then you know what we’re talking about.

What you should do from time to time is go through your currently installed apps and review the permissions given to them. Most of the time, you can revoke part of those permissions without making the app useless (like the recipe app example).

On iPhone, you can do that by going to Settings, scrolling to the bottom, and then going through each app one by one.

app permissions

 

10. Update to a newer mobile device

It seems that every year companies like Apple, Samsung, Google try to convince us to buy the latest smartphone and toss our old ones away. Naturally, we resist. But we can’t resist forever. At least not if we don’t want our online privacy to take a hit.

What we need to remember is that modern mobile devices are computers. Just like your desktop PC or Mac, but only slightly less powerful. Therefore, they’re also prone to various security threats, and just like any other device, they require constant updates to stay secure.

New devices are being updated constantly, so that’s no problem. Older ones, not so much.

For example, Nexus 7 – a device that’s still relatively popular (you can buy them on eBay right now) – stopped getting security patches after June 2015. This means that whoever’s using it has been left on their own and exposed to new security threats for more than two years now.

Whether we like it or not, at some point, a new device is unavoidable.

11. Shred your files

Although sounds surprising, getting rid of a specific file once and for all isn’t that easy. Simply moving it to the bin and then emptying it won’t do. Any file removed through this standard operation is easily recoverable in full.

This is due to how the process of deleting anything actually works. In its most basic state, your operating system will just make a note that the space where your file used to be “is now free” with no actual deleting taking place. Therefore, if someone knows where to look, they can still access that file easily.

A safer solution is to take advantage of a “file shredding” tool. Those will allow you to remove sensitive, private files from your hard drive by overwriting them several times with random sets of data and in random patterns.

File shredder by Dr. Cleaner

12. Be careful with social media

The ideal case from an online privacy point of view would be to delete your Facebook account entirely, but that’s probably out of the question for most people. So, instead, at least be careful about what sort of data you share with your favorite social platform.

For once, don’t share your location with Facebook all the time and with every update you post. There have been multiple cases of people’s homes robbed after they posted updates about them being on vacation. For instance, three robbers in New Hampshire got away with $200,000 worth of stolen goods after breaking into 50 homes, all made possible by checking Facebook statuses of their victims beforehand.

A good rule of thumb is to not post any information that you’d consider sensitive from an online privacy point of view. Assume that the whole world is going to see your next status update.

13. Access the web via TOR

Tor has been getting a lot of bad reputation over the years, not always for all the right reasons. Tor, as a technology, is a very clever mechanism that allows you to remain completely anonymous while browsing the web.

Tor (short for “The Onion Router”) routes your web connection through a number of nodes before it gets to its destination. Because of that, no one is able to track it or view what’s being transmitted. In some aspects, Tor is similar to VPN. The main difference between the two is that VPN connects you through one additional server, while Tor uses multiple ones.

Getting started with Tor is simple – all you need is the official Tor web browser. There are versions available for all major systems. After getting it installed and fired up, you can establish a connection with the Tor network via a single click. At that stage, your connection is secure and anonymous. Here’s what the browser looks like:

TOR browser

14. Don’t use Windows 10 if you can

Windows 10 is notorious for its “loose” approach towards online privacy. On its default setup, the system is set to share all of your personal information (including your activity) with Microsoft and even third parties. It also synchronizes all your browsing history and other settings back to Microsoft servers.

On top of that, Cortana – the system’s assistant – records all your keystrokes and listens to all your activity.

If that’s not enough, Microsoft is also making it surprisingly difficult to set things the way they should be. Basically, every consecutive update of the system tends to bring back the factory settings, thus forcing you do carry through with your fixes once again.

At the end of the day, if it’s a viable option for you, say goodbye to Windows 10 entirely.

15. Consider not using Google

This goes not only for the main Google search engine but also all of the other tools – Google Analytics, Gmail, Google Apps, Google Drive, etc.

Due to its huge network and portfolio of tools, Google knows basically everything about you there is to know. Whether you’re comfortable with this from an online privacy point of view is up to you.

When it comes to the main search engine, DuckDuckGo is an alternative worth considering, or even Bing (but then we’re back in camp Microsoft).

As for things like Gmail and Google Drive, there are multiple viable solutions on the web. For example, SpiderOak is an interesting alternative to Google Drive and Dropbox that even has Edward Snowden’s approval.

16. Probably delete Facebook from your phone

There have been multiple stories appearing lately describing Facebook’s alleged “in the background listening” practices. Some people are reporting concerns related to the Facebook app listening on to the conversations they’re having over the phone and then suggesting ads based on the things mentioned in those conversations.

In all likelihood, or at least we’d like to believe so, this is not entirely plausible – and Facebook obviously denies. However, getting rid of the Facebook app from your phone surely won’t hurt your overall online privacy.

17. Do you really need that Amazon Echo?

As useful as those new home assistants can be, they also carry some serious online privacy concerns with them. Most of all, they’re in an “always on, always listening” state.

What this means is that Alexa is constantly listening to everything – everything(!) – you say around the house, and transmitting it over the internet to Amazon’s servers.

Ultimately, you have no control over how that data is going to be used and by whom. Though, full disclosure, Amazon says they don’t share your Amazon Echo data with third parties.

Google Home, however, is perhaps even more hostile to your privacy. Apart from microphone access (always listening) it also tracks your location and can share your data for advertising purposes with third parties (including Google’s other companies).

18. Use virtual machines

Virtual machines let you simulate a second computer (a virtual one) within an application. It’s basically a sandbox. The virtual machine can be limited in any way you need it to be, for instance, with the web connection disabled, or any other part of the system removed.

Virtual machines are great if you want to do a sensitive task on your computer that doesn’t necessarily involve a web connection. Or, even more so, when you want to make sure that the web connection is unavailable and that your actions are not logged for any future transmission to a third party.

In other words, if you want to open a file and you need to be sure that no one is watching over your shoulder as you do so, you can do that via a virtual machine. Then, after you’re done, you can delete that virtual machine and thus remove every trace of the operation.

Try out VirtualBox, a popular free solution that runs on Windows, Linux, and Mac.

19. Avoid public Wi-Fi

As much as everyone loves those free Starbucks Wi-Fi hotspots, you should perhaps be careful around them. Or, rather, not perhaps, but definitely.

Public Wi-Fi raises a number of online privacy concerns:

  • You never know who’s running the hotspot, what the software is, what the setup is, what sort of information is being logged, and so on.
  • You don’t have any certainty if the hotspot you’re using isn’t an “evil twin” – a hotspot created to impersonate the genuine Wi-Fi network that you actually intended to use. For example, let’s say that you see an open network called, “Starbucks Free Internet”, so you decide to connect. However, you have no way of telling if that network is actually the official one run by the coffee shop. Essentially, anyone with a mobile router can create a network like that and then steal the information of anyone who connects to it. Listen to the first episode of Hackable – a podcast by McAfee to learn more about this (available on iTunes).
  • You can’t be sure that using a VPN will protect you. In most cases, VPNs solve the problem, but if you’re dealing with a fake network then the person running it might still be able to see what’s going on. Additionally, there’s the issue of DNS leaks. In simple terms, your laptop can still be using its default DNS settings to connect to the web, rather than the VPN’s safe servers. Here’s more on the topic.

What can you do?

  1. Really avoid public Wi-Fi networks if you want to perform any sort of sensitive operation. Don’t access your online banking platforms or anything else where your privacy is of utmost importance.
  2. If you do use public Wi-Fi, also use a VPN. Do the DNS leak test available here to make sure that the connection is secure.
  3. Always ask what’s the exact name of the public network that you want to connect with – to avoid connecting to an evil twin.

 

Conclusion: Protecting Your Online Privacy is Simple

Online privacy is a topic that has been gaining in importance more and more over the last couple of years.

Apart from those basic, common-sense things that every web user should be doing in terms of their online privacy, there are also matters of new regulations and problematic net neutrality issues that have appeared quite recently.

These days, it seems that you can’t easily escape big corporations tracking you online, your ISP (internet service provider) recording your online activity and perhaps even selling the data to third parties (which is legal in the US).

All in all, this can be frightening. However, there still are viable things you can do and tools you can use to keep and protect your online privacy. We hope that the list above gave you a good overview of what’s possible and how easy to carry out most of those actions are. But you do need to be deliberate, and also review your online privacy optimizations every once in a while.

More helpful online privacy tools can be found here: PrivacyTools.io

Online Privacy Infographic

The Best VPNs for Torrenting

VPNs have a lot of great uses; they protect your privacy, let you get around geographical restrictions, make surveillance and tracking more difficult, and let you access sensitive materials when you’re away from your home (or work) computer.

But if you were to ask VPN users why they use a private network connection, you’re likely to hear the same answer from many of them: torrenting.

VPN torrenting

Because of torrenting’s status as a legal grey area and the potential consequences that some users may face for it, it’s always a good idea to torrent through a VPN. (Not to mention the fact that your IP address might be broadcast by your torrent app.)

 

7 VPNs For Anonymous Torrenting & P2P

In addition to no-log policies and torrent support, we also keep speed and stability in mind. You might be downloading very large files, and if your VPN is slowing down your connection, it’s going to take a really long time to complete the download. And if your connection is interrupted, you might have to start over.

So we picked the most private, fastest, most stable VPNs that support torrenting. Here they are.

1. ExpressVPN (Fastest torrenting speed)

Consistently ranked #1 in our own tests, ExpressVPN is a great choice for torrenting. Here’s why:

+ No logging of sensitive data. There’s no collecting of “browsing history, traffic destination, data content, or DNS queries,” and no IP logs.

+ Support for torrenting. While ExpressVPN doesn’t expressly support torrenting, they provide instructions on their site for using uTorrent with their service. That’s definitely a good sign.

+ Fast download speed. On our 100 Mbps connection, ExpressVPN clocked downloads at 83.15 Mbps. That makes it one of the fastest we’ve ever tested.

+ 148 P2P-compatible servers. They’re spread across 94 countries, so you should be able to get a solid connection for torrenting anywhere.

ExpressVPN is best vpn for torrenting

It’s not the cheapest VPN out there (an annual subscription will run you about $100, or $8.32 per month), but you get what you pay for.

Solid privacy, support for torrenting, and great speeds make ExpressVPN our #1 recommendation for torrenting.

Get ExpressVPN

Read ExpressVPN review

 

2. NordVPN (Very anonymous and secure)

Another VPN near the top of many of our lists, NordVPN has developed a reputation for great security with solid speed. We also love their two-year plan’s affordable pricing.

+ No logging of your data. You’re free to do what you want while you’re connected to NordVPN. They don’t keep any logs of what you’re doing.

+ Support for torrenting. They’re not explicit about it, but you can find a tutorial on their site for connecting to a torrent proxy. That’s at least an implicit note of support.

+ Fast speeds. It’s not in the very top echelon, but we got 74 Mbps download speed on our 100 Mbps connection, and that’s very respectable.

+ Double VPN security. When you need extra security, NordVPN’s Double VPN functionality will route your traffic through two VPNs, doubly encrypting it. It’s going to be nearly impossible for your ISP or anyone else to figure out what you’re doing via the VPN.

+ Great prices. If you sign up for a two-year plan, you’ll pay $80, which works out to $3.29 per month. That’s almost impossible to beat, especially for the features you get from NordVPN.

+ Over 2,000 P2P servers. NordVPN’s server selection tool will set you up on the best torrent-compatible server for your desired location. And if you select one that’s not P2P-compatible, you’ll be automatically rerouted to one that works.

NordVPN is best for P2P

There’s a reason that we love NordVPN so much: it ticks all the boxes.

One reason it falls behind ExpressVPN on this list is that its speeds are a little slower, and solid speeds are paramount for successful torrenting.

Visit NordVPN

Read NordVPN review

 

3. IPVanish (P2P optimized servers)

Another one of our regular top contenders, IPVanish is a perfect choice for anyone looking for a torrenting VPN.

+ No logs whatsoever. So you don’t need to worry about who’s watching your torrenting activity.

+ Great speeds. We got over 82 Mbps on our 100 Mbps connection, putting this solidly in the top tier of fast VPNs.

+ Vocal support for torrenting. IPVanish has a page on their site advertising themselves as the fastest VPN for torrenting. That’s a very strong commitment to making sure you can torrent effectively.

+ Low annual subscription price. If you sign up for a year, you’ll pay about $6.50 per month. That’s not stellar, but it’s definitely very affordable.

100% Privacy Torrenting

There really isn’t any drawback to IPVanish; it’s just that you can find fast VPNs that are great for torrenting for a little less money. This VPN’s explicit support for torrenting, however, is something that we very much appreciate, and that keeps it near the top of the list.

While IPVanish doesn’t say that they block P2P traffic on specific servers, they do note that they’ve optimized specific servers for P2P traffic, especially those in the Netherlands. They’ve also added a lot of servers there to keep speeds up. Their obfuscated VPN traffic is also useful for avoiding P2P blocks.

At twice the price, though, it’s difficult to recommend IPVanish over Private Internet Access. Paying less than $3 per month is just too nice.

Visit IPVanish

Read IPVanish review

 

4. Buffered (Good for torrenting, but overpriced)

One of the reasons we rank Buffered so highly is that they’re vocally supportive of p2p file sharing. They state that it’s cost-efficient, convenient and that it saves time. We couldn’t agree more.

+ Strict no-logging policy. Buffered doesn’t keep logs of anything you access, and that’s exactly what we like to see.

+ Support for torrenting. As we mentioned, they explicitly state that torrenting with their service is encouraged.

+ Full support for P2P apps across all servers. You can torrent on any server. Period.

Very Expensive. They start from $8.25 – that’s a little overpriced for us.

BufferedVPN Torrenting

Buffered’s speed is one place where we’re a bit conflicted. They promise fast speeds, and other reviewers have been able to get solid download rates. VPNSpeedTest.org recently found its average download speed to be 54 Mbps, largely driven by great performance on specific servers. In our own test, though, Buffered didn’t perform particularly well. It didn’t even crack 30 Mbps on our 100 Mbps connection.

Fortunately, however, Buffered offers a 30-day money-back guarantee that you can take advantage of. Sign up for the service, see how fast it runs on your setup, and ask for your money back if it’s super slow.

The price is similar to ExpressVPN’s; the annual plan comes in at $8.25 a month, which isn’t the cheapest, but isn’t outrageously expensive, either.

Visit Buffered

Read Buffered review

 

5. CyberGhost (Safe for Torrenting, but slow download speed)

In general, we think CyberGhost is a great VPN. And it certainly deserves a spot among the best torrenting VPNs. It has some great features that we love:

+ Strict no-logging policy. CyberGhost won’t be keeping any information on what you do while you’re connected, and that’s good for everyone. We have some reservations, though, as you’ll see below.

+ Support for torrenting. The desktop client has numerous profiles, and “Anonymous Torrenting” is one of them. That’s not an explicit endorsement, but it’s very close.

+ Great two-year pricing. If you sign up for a two-year plan, you’ll pay $84, which works out to $3.50 per month.

Not very fast. They’re slower (51 Mbps out of 100 Mbps) than the vast majority of their competitors.

Not all servers allow torrenting

Cyberghost User Interface

So what do we have against CyberGhost? First, the speed. It’s fast, but not in the top echelon of blazing-fast VPNs. Our latest test clocked it at 51 Mbps download speed on our 100 Mbps connection.

The second factor is that CyberGhost disables P2P traffic on some of its servers, including those in the US, Russia, Singapore, Australia, and Hong Kong. They’re up-front about it, and they let you know which servers support P2P protocols. But the fact that they’re keeping an eye on your file-sharing and disabling it in some places is annoying.

Even with that, however, CyberGhost is a solid VPN that we wouldn’t hesitate to recommend for torrenting. Just know that you’ll need to access specific servers when you do it.

Visit CyberGhost

Read CyberGhost review

 

6. TorGuard (Allows torrenting, but located in USA)

Despite being based in the USA (which we’ll discuss in a moment), TorGuard provides good service and some solid pricing options. And it does have a number of features we like.

+ No logging policy. As we’ve mentioned, this is especially important with VPNs you’re going to use for torrents.

+ Support for torrenting. TorGuard has a page discussing the advantages of using their VPN and proxy services for torrenting, so they’re definitely on board with your P2P file-sharing plans.

+ “Stealth” VPN service. TorGuard will attempt to disguise your VPN traffic as regular traffic to get around restriction set by your ISP, wifi provider, or anyone else keeping an eye on your connection.

Located in USA (5 eyes jurisdiction)

BitTorrent Traffic Torguard

In our own tests, TorGuard achieved decent speeds, reaching a download speed of just over 53 Mbps on our 100 Mbps connection. That’s not slow by any means, but it doesn’t stand up against many of the other VPNs we’ve tested.

And as we mentioned, the fact that the company is based in the US could be a cause for concern. There’s serious surveillance going on in the US, and the laws on data are tighter than we’d prefer. That being said, TorGuard has proven to be trustworthy.

Although TorGuard doesn’t provide a list online, they state that they’ve optimized some servers for P2P traffic. There doesn’t appear to be a block on other servers, but you’ll have the best luck using optimized servers for torrenting.

Visit TorGuard

Read TorGuard review

 

7. Private Internet Access (Fast, but located in USA)

PIA has long been a popular choice for torrenters. It provides great security, great speeds, and a rock-bottom price.

+ A no-logging policy we love. PIA doesn’t keep logs of your traffic, so it won’t have anything to hand over to authorities. (Though being based in the US is cause for a bit of concern.)

+ Stable download speeds. In our tests, we saw 81.46 Mbps download speeds on a 100 Mbps connection. That’s one of the fastest we’ve tested.

+ Super cheap subscription plans. When you sign up for the two-year subscription, you get a monthly cost of $2.91. That’s crazy low.

+ P2P compatibility on all servers. Every server on the PIA list is compatible with P2P file sharing, so you can choose the servers you want.

Company registered in USA (5 eyes jurisdiction)

Notice that we don’t have “support for torrenting” on this list. It’s not that PIA doesn’t support torrenting, it’s just that they don’t say anything about it on their website. Lots of people still use PIA for torrenting, but the company doesn’t offer any explicit support for the idea.

Even so, the fantastic cost and speeds make it a top contender. If it wasn’t for NordVPN’s ultra-secure Double VPN, PIA might have cracked #2 on this list—and if they decide to vocally support torrenting, it still could.

Visit Private Internet Access

Read Private Internet Access review

 

How a VPN Protects Your Torrenting

Even if you’re torrenting something legally, your ISP might throttle your connection or otherwise cause difficulties for you. Torrent sites have a bad reputation, no matter what you’re using them for. So whether you’re grabbing pirated stuff (which we, again, don’t recommend) or downloading legal files, you could face repercussions.

A VPN prevents that by encrypting your traffic and hiding it from your ISP and anyone else who’s trying to keep tabs on your browsing. All they see is that you’re accessing a VPN server somewhere else in the country or the world. That server reroutes your traffic, and your ISP has no idea where that traffic is going. So you’re protected. It’s as simple as that.

Of course, some ISPs or wifi providers (like schools or cafes) might not look kindly upon VPN traffic either. But there isn’t a whole lot they can do about that; you could see some throttling, but it should be minor.

Avoid VPNs that don’t allow torrenting

Unfortunately, you can’t just pick any VPN and start torrenting to your heart’s content. Few VPNs are created with the intention of allowing users to perpetrate crimes online, and if they find out that you’re torrenting pirated content, they’re not going to be too happy, either.

For example, TunnelBear forbids torrent traffic on their servers. SaferVPN doesn’t tell you not to torrent, but they only have one server that allows it, and that server is in the Netherlands. PureVPN also has a very limited selection of servers that allow torrenting.

This is one of the reason it’s so important to choose a VPN that doesn’t keep any logs whatsoever. And if that VPN says they’re okay with torrenting, that’s even better.

If a VPN keeps logs, there’s always the possibility that they could be handed over to law enforcement, and authorities could look for evidence of illegal downloading. No-log VPNs don’t have to worry about that, because they have nothing to hand over. And VPNs that support (or at least allow) torrenting won’t kick you off if they find out you’re using BitTorrent regularly.

So those are the qualities that we looked for in the best VPNs for torrenting.

 

Choosing the Right VPN for You

Now that you’ve seen our recommendations, you can make a decision on which VPN you’ll use for your own torrenting. We are recommending ExpressVPN (review) and NordVPN (review) for torrenting purposes.

Keep in mind that the speeds we report may differ from the speeds you get on your own connection.

This depends on things like where you live, the server you connect to, your ISP, and various other factors. Which is why we recommend trying a few different VPNs out to see which gives you the best performance.

Many have free trials or money-back guarantees, and if you really want to try one that doesn’t have either of those, you can always sign up for a single month.

Once you’ve discovered which VPNs work best for you, all you need to do is pick the one with the best price.

Write us a review about your favourite VPN for torrenting or leave a comment below.

Internet Safety for Kids (20 Tips for Parents)

If you’re like me, and you use your kids as free tech support whenever you need to configure your wireless router or your TV to play funny cat videos, then it’s tempting to let the kids take care of their own online security as well.

That could be a big mistake.

While your kids might be experts at the technology, they’re not experts at evaluating risk.

You already know that, unless guided, it’s easy to manipulate children into smoking, drinking, speeding, bullying, and, of course, jumping off cliffs because all their friends are doing it.

Mistakes can cause a lot of damage. Everything from expensive ransomware infections, identity theft, loss of friendships to putting your child’s life at risk.

As in the off-line world, you need to provide guidance, set boundaries, and, depending on your child’s age and maturity level, put safeguards in place.

You also need to be aware of where the threats are coming from.

 

10 Things You Can Do Now to Protect Your Children Online


1.  Make YouTube safe for your kids

YouTube is the new children’s TV.

It’s one of the most popular sites out there, but not all of those videos will be appropriate for your children.

But the site does have some safety features, and you should take advantage of them.

On the desktop site, if you scroll down to the bottom of the screen you’ll see a “Restricted Mode” setting. This hides videos flagged as containing inappropriate content.

In the mobile apps, click on the three dots at the top right and click on Settings > General and scroll down until you see the “Restricted Mode” option.

YouTube restricted mode

2.  Help your kids set the privacy controls on their social media accounts

If your children share messages, pictures or videos on Facebook, Instagram and other platforms, they might not be aware of who can see their posts.

Most apps do have privacy settings though that let your children control who they let into their lives.

Here are the links to information about the privacy settings on the most popular apps:

3.  Install anti-virus on your computers and mobile devices

Children are as vulnerable as the rest of us, if not more so, to clicking on bad links and downloading malicious software.

To protect them and their devices install anti-virus software on all of them.

There are some excellent free products available from trustworthy brands.

VPN (another option)

Also, consider using a Virtual Private Network. To find a suitable VPN, take a look at our Best VPN Chart or browse through free VPNs.

4.  Set up separate accounts for your kids on your computers

If you share a device with your children consider setting up a separate account or accounts. Each account will have its own home screen and, depending on the device and platform, a different selection of features, apps, and permissions.

This helps you to protect your own data or video recommendations. It also allows you to set up customized security and privacy settings for each child.

On Windows computers, you can set up a new user account for your children. Go to Settings > Accounts > Add a family member > Add a child.

Windows 10 Kids Account

You can block specific apps, games, or websites, or set screen time limits. Visit https://account.microsoft.com/family for more information.

On Apple computers, you can set up parental controls for some user accounts. That allows you to restrict access to adult websites. Learn more here: https://support.apple.com/en-us/HT201813

5.  Set up separate accounts for your kids on your mobile devices

Android parental controlTablets and smartphones also allow multiple user accounts on the same device.

On Android tablets, you can create a restricted account for your child, with limits on which apps they can use.

On Android phones, you can create a new user account for your child. But the only account restriction currently available is to turn off the ability to make phone calls and send text messages.

That said, you can restrict their Google Play account. Go to Settings > Parental controls and turn them on. You’ll be able to set specific content restrictions on apps and games, movies, TV, books, and music.

On the Apple side, iPhones and iPads have controls for apps and features, content, and private settings. Launch the Settings app and go to General > Restrictions and tap on “Enable Restrictions.”

6.  Secure your gaming systems

Don’t forget that your gaming console is also an Internet device these days. Children can download games and make in-game purchases, and even surf the Web.

Most devices have features that allow you to:

  • Restrict the kind of content your children can get
  • Limit their purchases and …
  • …  restrict or turn off their Web browsing.

7.  Consider using kid-safe browsers and search engines

For added control, you can install a kid-safe web browser for your children to use.

Zoodles, for example, offers a child-safe environment. There’s a free version for Windows PCs and Macs, and for Android and iOS tablets and smartphones. The premium version, which costs $8 a month, includes ad blocking, time limits, and other features.

Another alternative kid-safe browser is Maxthon, while the browsers you use now will have some built-in tools.

If you use the Chrome browser, you can set up a “supervised profile”. This will block explicit search results, show you what websites your children visited, and even restrict what websites they can go to. The restrictions work in two ways:

  1. You can have a list of approved websites and your children can visit those sites only.
  2. OR – you can pre-ban a list of websites and your children can visit any site aside from those on your banned list.

More information here: https://support.google.com/chrome/answer/3463947/?hl=en

Also check out these kid-safe search engines:

8.  Lock in apps for the youngest children

If you want to let your child play with your phone in the back seat of the car without worrying about them messing it up or surfing the web for creepy content do this: open up an app for the child and then set it up so that they can’t exit the app.

On phones running Android 5 and higher, it’s called “screen pinning.”

First, go to Settings > Security > Screen pinning and turn it on and also enable “Ask for PIN before unpinning.”

Then load your app, hit the overview button – the little square on the bottom right – and swipe up until you see a pin icon come up in the lower right corner. Now your child will need your PIN in order to switch apps.

Screen Pinning on Android

On iPhones and iPads, this is called “Guided Access.”

First, go to Settings > General > Accessibility > Guided Access to set up Guided Access. Then, when you’re in the app you want to lock in, triple-click the home button to bring up the Guided Access settings. You can turn off Guided Access either with a PIN or by setting it up to work with your Touch ID through Settings > General > Accessibility > Guided Access > Passcode Settings.

9. Use an app that limits the time your child spends online

According to the Pew Research Institute, 50 percent of parents have used parental control tools to block, monitor, or filter their child’s online activities.

The ScreenTime app is available for Apple, Android and Amazon devices. The app is free for one child, and includes the ability to monitor the device remotely and to see your child’s web and search history. A $4-per-month premium version adds daily time limits, ability to block apps, and block the use of the device during school hours or after bedtime.

Alternative apps:

There are also some James Bond-type apps out there. These will let you track your child’s location, read their emails and text messages, and spy on their Snapchats and other communications.

Be careful with these. Do you want to lose your child’s trust? Ask yourself if you want to engage in a cyberwar with a teenager that could escalate to them using anti-spyware applications and burner phones.

10.  Make sure your kids are only using safe chat rooms

Some kid-friendly platforms offer chat rooms where kids can talk to other kids. Vet the sites first to make sure that someone monitors the chat rooms.

And teach your kids not to share their real identities on such platforms but to use anonymous screen names instead.

Teach, Educate and Talk with Your Children


11.  Teach your children not to respond to messages from strangers

If they get a text message, instant message, email or social media message from someone they don’t know then they must delete it at once.

Make sure they know not to open it, not to respond to it, and, of course, not to click on any links or attachments.

If those girls from Pretty Little Liars followed that advice, the show would have been over after one episode.

12.  Educate your children about the risks of “sexting”

Last year, in a report to the U.S. Congress, the Justice Department revealed that the biggest growing threat to children is something called “sextortion.”

It’s bad enough when minors send nude images of themselves to boyfriends or girlfriends, and those images then get distributed to others.

Besides the psychological damage, children who both send and receive the “sexts” are breaking the law. Something that could result in prosecution and even registration as a sex offender.

And it gets worse.

According to the FBI, the “sextortionists” have gone pro, with individual criminals targeting hundreds of children each. They pretend to be the same age as their victims. They then trick or coerce them into producing child pornography for them. They even get them to recruit friends and siblings.

In a review of forty-three such cases, the FBI found that two victims committed suicide, and ten others attempted to kill themselves. Victims also have their grades decline, drop out of school, get depressed, and engage in cutting and other types of self harm.

The National Centre for Missing and Exploited Children say that reports of sextortion were up 150 percent during the first several months of 2016. This was in comparison to the same time period in 2014. 

In 4 percent of the sextortion reports, the children engaged in self-harm, threatened suicide or attempted suicide as a result of the victimization, the Centre said.

13.  Warn your kids about file sharing

Uploading illegal files is of course  – illegal!

And so is downloading – though fewer media companies seem to be prosecuting kids these days. Though downloading illegal files also carries other risks, such as viruses.

Fortunately, there are now many free and low-cost services out there where kids and teens can get videos and music.

14.  Warn your kids about online polls and surveys

There are lots of fun, harmless polls out there, like the one that tells you what kind of poodle you are. But many ask for too much personal information, and could land your kids on spammers’ email lists, or open them up to identity theft.

Many adults have a separate email account for when they need to provide an email address to register for something. If your child has a legitimate reason to fill in questionnaires needing an email address, consider helping them set up a second email account of their own.

15.  Warn your kids about getting too close to strangers

When you’re meeting someone for the first time after, say, communicating with them via an online dating app, you know to set the meeting in a public location, such as a coffee house, and to let friends know where you are.

This is common sense.

But children and teenagers often lack that basic common sense – or might be tricked into keeping their online relationships secret.

Of course, predators can also communicate with potential targets via traditional mail, or meet them at bus stops. But the Internet allows them to scale up their activities big time.

Attackers can use online relationships to lure children to meet them in person. Or, more often, they will try to trick children into making unnecessary purchases, or into sharing information, photos, or videos.

Know your children’s online friends. And, as with off-line friends, confirm their identities, and talk to those kids’ parents. Be sure that those “kids” are, in fact, kids.

16.  Help your children deal with cyberbullying

Cyberbullying affects up to 15 percent of children, according to a report released last year by the National Academies of Sciences, Engineering, and Medicine.

And the rates are even higher for children who are overweight, disabled, or LGBT, or members of a minority group.

Victims have physical problems such as sleeping, upset stomachs, and headaches along with psychological effects, such as depression, anxiety, and alcohol and drug use.

Let your kids know that they can turn to you for help, and find out what resources are available from your local schools.

You should save messages and other evidence of the cyberbullying. Report the bully to the social media platform concerned in the first instance. Then to the telephone or Internet service provider as well as to the school, or local law enforcement authorities. And block the bully from your child’s social media, telephone, or email accounts.

More information here:

17.  Set a good example

How many baby pictures and vacation photos have you posted online? Before lecturing your kids about staying safe, make sure that you yourself are a good model. Learn about the privacy settings in the social media apps you use most, then check that you aren’t sharing private, personal moments with the whole Internet.

And don’t drive while texting or talking on the phone. Wait until we all have those self-driving cars we’ve been promised and do your texting then.

18.  Set rules about what your kids can share online

As an adult, you know to be careful about what information you post online. You know not to share your financial information or social security numbers with strangers.

Make sure your kids know the rules and understand the reasons behind them. Even seemingly innocuous information, like vacation pictures, can let criminals know when your house is empty.

Some information, like a funny picture of your cat in the snow, is safe to share with everyone. Other stuff, like vacation plans, is fine to share with family and close friends. And some things are best not shared online at all.

The recommended age for children to have their own social media accounts is 13.

The Family Online Safety Institute has a sample family online safety contract here: https://www.fosi.org/good-digital-parenting/family-online-safety-contract/

19.  Add your kids as  a “Friend”

If your children have their own accounts on Twitter, Facebook, Google Plus, Instagram, Snapchat or other social media sites, follow or friend them.

Don’t let your kids tell you that other parents don’t do this. According to the Pew Research Center, 83 percent of parents are friends with their teenage child on Facebook.

You’ll be able to see if they’re posting inappropriate things online and can step in before problems escalate.

It’s not foolproof. There are ways that children can keep their communications hidden from you. And if you’re too heavy-handed in your monitoring, it may cause your children to be more secretive.

20.  Set limits on how much time your children can spend online

According to a recent national survey, tweens spend an average of six hours a day with their devices, and that’s not including the time spent on school or homework. And teens spend an amazing nine hours a day staring at their screens..

Sure, some of that is listening to Spotify while exercising. But the bulk of the time is spent watching videos, playing games, and using social media.

The American Academy of Paediatrics used to recommend that children under two should have no screen time at all, with conservative limits regarding screen time for older children. In late 2016, the organization re-evaluated current research and loosened its recommendations. They now suggest that some screen time, video chats with relatives and educational applications for instance, can be valuable for even the youngest children.

Now, the organization suggests that families create a Family Media Plan.

They also recommend that parents:

  • Limit the use of screens during meals and for an hour before bedtime.
  • Limit the child’s temptation to check devices at all hours of the night by not charging them overnight in their rooms.

21.  Additional resources

Internet Matters: Resources for parents looking to keep children safe online, with age-specific how-to guides, free apps, and device safety checklists. https://www.internetmatters.org/

Family Online Safety Institute: Parenting guides and news and reports about online safety issues. https://www.fosi.org/

Safe, Smart & Social: Social media training guides and safety tips for parents and educators. https://safesmartsocial.com/

17 Safe Internet Browsing Tips

The Internet can be a dangerous place for the careless. Land on the wrong website, and you can infect your computer with malicious software that will steal your data or scramble it and demand a ransom for its return. Fill in a username and password in a bogus form, and your digital life can be turned to toast.

As scary as this sounds, if you’re careful, you can surf the Net with a great degree of safety.

Safe surfing starts with your browser.

Two of the most popular ways miscreants prey on browsers are through socially engineered malware and phishing.

Nearly a third of Internet users have been victims of socially engineered malware, according to NSS Labs, an independent testing organization. By using some form of deception, for instance, linking to a rogue website, or opening an infected document, bad actors can manipulate a person to poison their machines with malicious software. Such software can compromise or damage hardware or steal sensitive or information. Ransomware gets distributed this way too.

This form of malware has had wild growth in the last 12 months. It encrypts data on an infected computer or phone so its owner can’t access it. It then demands the owner pay a ransom to make it accessible again.

Phishing is often a prelude to planting socially engineered malware on a machine, but it’s also used to get hold of sensitive data. For instance, you receive an email from your bank asking for your username and password to access your account. Only the email isn’t from your bank but from a phisher masquerading as your bank. And the next thing you know your checking and savings accounts are running on empty.

NSS notes that 2016 saw the reporting of over 145,000 unique phishing campaigns each month. Just as frequent was the discovery of 125,000 phishing websites.

In fact, the situation became so alarming among businesses, which lost $2.3 billion in the last three years to phishing scams, that the FBI issued a special alert on the subject.

 

1. Use/Install Most Secure Internet Browser

Major browsers offer protection against social engineering malware and phishing, although some offer more protection than others.

For example, in NSS’s latest browser tests, Microsoft’s new Edge browser blocked 99% of the malicious samples thrown at it, compared to 85.9% for Google Chrome and 78.3% for Mozilla Firefox.

NSS Report (Browsers)

(link to NSS report)

3 Best Internet Browsers for Safe Browsing

  1. Microsoft Edge (2017 version)
  2. Google Chrome
  3. Mozilla FireFox

For several years now, Microsoft has incorporated into its browsers a technology called SmartScreen URL and Application Reputation filtering.

The tech checks the reputation of a URL before it allows it to download into the browser. If the website’s reputation is bad, as would be the case with a phishing website, you’ll receive an alert. You can then choose whether to go to your homepage, a website you’ve been to before, or to be a devil and proceed to the website of ill-repute.

The similar screening happens when you try to download a file from a questionable website. The browser will block the download.

NSS also found that Edge was the quickest to block new social engineering malware taking only 10 minutes. Compare this to four hours, 39 minutes for Chrome and four hours, five minutes for Firefox.

It was also the most effective in addressing “zero day” vulnerabilities. These are flaws exploited for the first time in an attack: 98.7%, compared to 92.8% for Chrome and 78.3 percent for Firefox.

2. Customize Your Security Settings

You can also make a browser more secure by customizing it through its preferences or settings menu. Fiddling with settings, though, can create inconveniences.

For example, shutting off features like “autofill“, which automatically fills forms on web pages, and password storage prevents files from storing data ready for anyone hacking your system to mine it.

On the other hand, the manual filling of forms and typing in usernames and passwords can be a burden.

Turning off other features can reduce the “attack surface”, the places available to intruders to attack your system, but they can reduce your surfing pleasure, too. Turning off “cookies,” for instance, can improve your privacy. The problem being that there are plenty of websites that won’t serve up their web pages to you if you don’t have cookies enabled. The same is true for enabling plug-ins, JavaScript and, to a lesser degree, Java.

One option you should definitely turn on, though, is “block pop-up windows” to prevent pesky ads from popping up over web pages you’re visiting. And if your browser supports it, choose the send “Do Not Track” requests with your browsing traffic option to keep marketers from snooping on your Net travels.

Here are step-by-step guides for securing your browsers (i.e. making them less vulnerable).

As with any software, you always want to make sure your browser is up-to-date with the latest upgrades and patches. Many times those patches are created to address new found security flaws in the software. Keeping a browser current is less of a problem than it used to be because now updates are often automated.

3. Use Password Manager (not “AutoFill” options)

Next to your browser, a good password manager has become almost essential for safe surfing. Especially after you turn off the ‘remember passwords and fill forms’ options of your browser.

Features can vary from manager to manager, but they all have one thing in common:

They remember your credentials – username and password – for a website and fill them in when you land on its login page.

password managers

That allows you to create unique and secure credentials for every website wanting them without having to commit those credentials to memory. You need only remember one password: the master password for accessing the password manager.

Thousands, sometimes millions, of passwords become compromised every day so password managers can help you avoid the domino effect that occurs when reuseing passwords. Credential thieves can take a set of stolen credentials and plug them into thousands of websites through automation techniques. That done they can crack every site where you’ve reused your password. Using unique passwords reduces the damage that can be done with a single password.

Here are 3 Most Popular Password Managers in 2017

  1. 1PassWord ($2.99/mo)
  2. KeePass (FREE)
  3. LastPass (FREE)

While inserting something new into your web flow may not sound appealing to you, password managers are relatively unobtrusive after installation. Most install in a browser of your choice as a plug-in. There they’ll watch your cyberspace travels. If you’re new to a website, the program will help you create credentials for it. If you’ve been to the site before, the software will automatically fill in your login info. What’s more, most managers will also create a list of sites for which they’ve stored logins that can be quickly accessed from your browser’s toolbar.

4. Use Creativity When You Create Your Passwords

If remembering a lot of passwords is a big chore, then creating passwords is just as taxing. Password managers can automate that for you, too. You can tell them to create a secure password for you and it’s done in an instant.

In some managers you can even customize the passwords they create.

You can make a password a certain length. The recommended length is 16 characters. But that may be too long for some websites. You want it to be pronounceable when using numbers, capital letters and special characters. Or if you’re excluding similar characters like 1 and l or O and 0.

If you go old school and create passwords in a form by hand, a password manager can help you there too. It’ll tell you if your creation is secure or if you’ve already used that password someplace else.

One of the greatest benefits of a password manager is that most of them work across platforms. Whether you’re working on your phone, tablet, laptop or desktop, you always have access to your credentials. That also means you don’t have to type a secure password like F*t5pWU397%6QvAk7K9W on a smartphone keyboard.

What’s more, with information synchronized across platforms your devices will do an automatic updated when you either change your credentials or add new ones.

 

5. Hide Your IP With a VPN

Having a secure browser and a password manager will offer you a measure of security as you cruise the Web, but if you want to take safety up a notch, consider using a Virtual Private Network service.

VPN services both protect your connection to the Internet by encrypting the data in the connection and hide where you’re connecting to the Net, which protects your privacy.

Encrypting your connection to the Internet is especially important when working on insecure Wi-Fi networks, such as those found in public places like airports, hotels and restaurants. Those networks are insecure because it’s quite easy for a snoop to intercept traffic on them with a software tool called a sniffer. With an encrypted connection though, snoops capturing your data will see only garbage.

When you connect to the VPN service you’re subscribing to, it masks your identity on the Net. That means your Internet Service Provider won’t be able to track your movements online. Your government will also have a more difficult time tailing you. And sites that would ordinarily recognize you, such as your bank, won’t know who you are and will ask you to authenticate yourself to them.

There are some hassles to using a VPN, which is why usually only people with an extra need for privacy use them. For example, they can slow down your Internet experience because your traffic may be making more hops to get from point A to point B than it would have if you weren’t using a VPN.

What’s more, a VPN service’s servers are likely to be located all over the world. That can create problems if you use streaming services that have regional restrictions, like Netflix and YouTube. If you’re connected to a VPN server in Tokyo, then to the streaming service it looks like you’re in Tokyo and not in your home or office.

VPN providers offer their services in both subscription and free offerings. The problem with free services is they have to make their money in some way. More often than not that means selling your data to marketers. So if protecting your privacy is as important as protecting your communication, you may want to avoid free VPNs.

One exception to that rule, though, is the latest version of the Opera browser. It has free VPN services built into it. Although at its core Opera uses the same browser kernel as Google’s Chrome,  some websites may not recognize Opera. In addition, Opera’s VPN proxies may also be blocked at certain websites, such as Netflix.

Otherwise, Opera’s VPN will do what’s expected from a VPN. It will replace your IP address with a virtual IP address to thwart net trackers. It will allow you to access websites blocked by firewalls or an organization like a school or company. And it can protect sessions at public Wi-Fi spots.

Best Picks for VPN

  1. ExpressVPNRead review
  2. NordVPN – Read review
  3. VyprVPN – Read review
  4. PureVPN – Read review

P.S. Here’s a full list of best VPN services (updated for 2018)

6. Confirming Site’s Security (https vs. http)

One way to determine if a site is trustworthy is if it has a green padlock on your browser’s address bar.

Not only does that mean that traffic between you and the site is encrypted, but that the domain’s ownership has been validated. While domain validation is useful, it doesn’t say anything about the legitimacy of the owner.

There’s another level of validation for that called Extended Validation. Organizations need to prove their identity and their legitimacy as a business before they can get EV validation. This appears as a green address bar and lock in your browser.

Chrome HTTP not secure

Even if you’re rigid about following good security hygiene, some personal information you’ve uploaded to the Internet during your digital lifetime may fall into the wrong hands. If it’s an email address that’s part of a data breach, you can get an automatic notification via a free service offered by the breach monitoring website Have I Been Pwned.

It’s also a good idea to activate any alerts offered by your credit card providers and banks. Those alerts will keep you notified of various kinds of activity in those accounts. Then, in the event of a compromise, you can respond to the situation at once.

 

7. Phishing Emails and Tips to Avoid Them

Phishing exampleNo doubt think you know how to spot a phishing email. But do you?

Phishing emails get an average click rate of about 10 percent or higher, according to a report released last month by Wombat Security Technologies.

And there’s a lot of them. If you don’t click on one, you might well click on the next one.

Diligent recently published the results of a survey regarding which phishing emails people were most likely to click on.

More than 68 percent of people would click on an email if it looked like it came from someone they know. And 61 percent would click on an email that referred to social media, such as one saying “Did you see this pic of you? LOL.”

People who got an email that looked like an invitation to access a shared file on a service like Dropbox clicked in to it 38 percent of the time.

Other successful phishing emails were ones that told users that they had to do something. Instructions/information such as:

  • Needing to secure their account
  • Needing a new social media login
  • Have a court appearance – the court notice being in the attachment
  • Were due a tax refund

According to Diligent, 156 million phishing emails get sent every day, and 16 million of them aren’t detected by spam filters.

So what happens if you click on the link, or open the attachment? You get malware that’s what.

More than 90 percent of phishing emails carry ransomware. These are programs that infect your computer and encrypt all your files. The hackers then ask you to send them money to get your files back — but there’s no guarantee that they’ll keep their promise. Well they are criminals after all!

Last year, ransomware hackers took in more than $1 billion from victims.

You can also get infected by malware that spies on everything you do, including the passwords that you type into your online banking site. Other malware takes over your computer and uses it to send out more spam. That slows down your computer with the potential to get you into trouble with your Internet service provider.

Tips for Recognising Phishing
  • Spelling or grammar mistakes. Real companies hire copy editors to check their emails before they go out.
  • It doesn’t use your name.
  • It’s from someone you don’t know, or it refers to a transaction that is unfamiliar to you.
  • It asks for your personal information.
  • It seems too good to be true. Or too bad to be true.
  • The tone is urgent or even threatening.
  • The return address of the email or the URL of the link doesn’t look right. For example, instead of taking you to MyBank.com, it goes to MyBank-this-is-real-we-swear.com.
  • It asks you for money or a donation.
  • It’s as vague as it can be, and it wants you to click on a link or download a file to find out more.

With the constant growing rate of cyber crimes and online scams, people lose billions and many people have lost their identity.

This guide will help you avoid the following:

  • Identity Theft
  • Credit Card Frauds
  • Phishing Emails
  • and more.

We’ve pointed out 14 ways to keep your online activity super-secure. At the end of the article, we’ve reviewed some IT industry experts who give good insight to the future.

8. Download Software From Trusted Sources

 

Untrusted softwareThe Internet is awash with different kinds of software that you can download and install on your computer. Keep in mind that not all downloads are equally trustworthy.

An approved software update for your operating system (usually Windows or macOS) is sure to be safe to install. On the other side of the spectrum, a download from a cheap-looking website that promises to clean up the files on your computer is one to stay away from.

Look to download commercial apps bought from secure sites and free apps from sites with a good reputation (such as Tucows and ZDNet, as well as official resources such as the Mac App Store). If you’re unsure about the origin of any piece of software, don’t download or install it. Look it up on the web and check for reviews and blog posts about the software from reputable sources. It doesn’t take long to tell whether a piece of software is genuine and trusted by the web community.

9. Avoid File-sharing Sites and Torrenting

Sites used to back up and synchronise your files are generally fine to use, and are much safer than many people might think. But places where you’re active in sharing content with others, file-sharing sites for e.g., have the potential to compromise your computer. This is because such sites often deal in the sharing of files that aren’t intended for sharing.

These files might be films, software or other content that has some commercial, copyrighted value. Someone looking to gain control of others’ computers could easily share some rogue software – called malware. This would allow them access to your machine if it were to run on your system.

Be careful, then, whenever using a service like this. It should go without saying that following copyright laws in your country is a sensible thing to do!

10. Turn on Two-Factor Authentication Whenever Possible

2 step verificationMany of the most websites most critical to our lives: online banking websites, Gmail, Facebook etc. offer two-factor authentication.

This means that, if someone looks suspicious in any way they’ll step in.  So should it appear that you’re logging in from a computer in China, and you’ve never used that particular computer before, and also you’ve never even left your home town – well, alarm bells will ring and they’ll intervene. For example, the bank might send a one-time code to your phone, or send a code to you by email.

Unless the hacker also somehow got into your email or your phone, they’ll be locked out of your account.

And if you ever lose your password, or someone tries to hijack your account, you can go through the second authorization method to reset your password and get your account back.

But two-factor authentication isn’t automatic. You have to give your cell phone number to your bank and you have to enable the two-factor with Google and Facebook.

If you haven’t done it yet – now is the time.

According to the Pew survey, of 16 percent of respondents said their email accounts had been taken over. While 13% said this had happened to one of their social media accounts.

Here are the instructions for the most popular services:

11. Change Your Passwords After a Breach

Speaking of changing your passwords after a breach – you should do that.

According to the Pew survey, 64 percent of Americans have personal experience of a major data breach.

If you’re one of them, or suspect that you are, go and change your passwords. Start with your most important sites: banking, credit cards, and shopping sites. Then move on to your favorite social media sites.

Chances are you can’t even remember all the places where you have an account, right?

Go back to the previous step and install a password manager.

12. Consider Using Credit Monitoring

Another thing that the criminals will do if they get access to your personal information is open new accounts in your name. You never see these statements because you don’t know that the accounts even exist. Well not until you start getting hounded by collection agencies and discover that you’ve no longer got a credit rating.

Lucky then that protecting against this is very easy.  And free.

You might have heard that you’re allowed one free report a year from each of the credit monitoring services, so you haven’t bothered with it.

Now, there several free options out there will let you check your credit report any time you want, for free, without any damage to your credit rating. And they’ll also send you an alert if anyone tries to open a new credit account in your name.

Capital One and Discover Card both offer free online credit monitoring.

My personal favorite service is Credit Karma, and another popular option is Credit Sesame.

13. Consider Using Extra Anti-Virus Protection & Lock Your Screen

By now you should have the idea that NOT clicking on phishing emails is your first line of defence.

But what happens if you do, and the malware starts invading your computer or smartphone?

With luck you have anti-virus in place to catch it.

I use Avast, and there are several others from very reputable companies that don’t cost you any money.

You can get the antivirus software for your smartphone, too. Yet, according to Pew, only 32 percent of people have it.

Another way to protect your computer or mobile device is to turn on password or PIN or fingerprint locks.

According to the Pew survey, 28 percent of smartphone owners don’t use a screen lock or other security feature to limit access to their phone.

Most people don’t secure their laptops either. It’s simple enough for a thief to grab your device and walk off with it and all the data in it. If you’ve got it set up with automatic logins to your financial sites, email or social media accounts, you’re even more vulnerable.

Do you have a camera on your computer? I keep a Post-It over mine, and Facebook’s Mark Zuckerberg uses a piece of tape. It’s a quick and easy fix.  I’m happy knowing that some stranger isn’t watching me picking spinach out from between my teeth.

Because of the large number of breaches in the news recently, people are more aware of cybersecurity issues than ever before, said Pew’s Rainie.

“But in their day-to-day life, they don’t act as if it’s a central concern,” he said. “It’s a paradox.”

14. Be Prompt about Updating Your Operating System and Software

Keep your PC updatedWhen a company discovers that there’s a security problem in its software, it sends out an update.

Some programs do automatic updates, without asking permission. But many operating systems and applications ask first.

Most people don’t approve the update right away. Given the choice, only 32 percent of people opt to have their apps update themselves on an automatic basis. Of the rest, 38 percent run the updates when it’s convenient, and 10 percent never install app updates at all.

When it comes to major updates, like the phone operating system, 42 percent wait until it’s convenient, according to the Pew survey, and 14 percent never update it.

That’s a problem. When hackers find out that there’s a security vulnerability, they rush out to take advantage of it before everyone upgrades. The longer you take, the more at risk you are.

So why don’t people update right away?

“It might be strictly a matter of convenience and control,” said Pew’s Rainie. “Some people think, I want to do updates in my own time. Or, I don’t want to burn through to my data cap.”

15. Use Reputable Shopping Sites

Most brand-name e-commerce sites, like Amazon, have good security systems in place and are happy to refund your money if something goes wrong.

Scammers still pop up though promising goods that they don’t deliver. Check the ratings and customer reviews before making a purchase.

As an extra precaution, if you pay with a credit card, you can also have them reverse the charges if it turns out that there’s a problem.

Chrome HTTP not secure
Don’t visit a shopping site that doesn’t have a GREEN certificate on its browser bow. This means they don’t encrypt your credit card data.

16. Don’t Use Unsecured WiFi

Most wireless routers – the devices that share the Internet signal around your home or office – will be set to use a form of encryption that needs a password to let you connect to the WiFi network. Although this is a pain, it’s a safe way to ensure you’re not making it easy for others to join your wireless network. Not doing this would mean they might be able to gain un-authorised access to any of the computers or devices on the network.

When you are out of the home or office, you might connect to a public WiFi hotspot. These often have their own joining criteria (a need to register or enter a password, for example), but some WiFi networks are completely open. Connecting to such networks is usually a bad idea. It’s best to pick a secure network instead or to rely on your device’s own connection to your mobile operator.

An alternative is to use a Virtual Private Network (VPN) app such as ExpressVPN (review). This allows you to create a secure connection even when you have joined an unprotected WiFi network.

Such apps are ideal for Android and iOS. For more comprehensive reviews, take a look at our VPN Reviews.

17. Back Up Your Data

While it’s crucial to keep your computer protected from the outside world, it’s important to remember that you keep data – that’s files, documents, pictures, music, videos – for a reason: to use them. The last thing you want is for the hard disk inside your computer to fail and for you to lose any or all that precious information. So, what to do? The best course of action is to put in place a backup routine. That means finding a way to copy your information to a safe place so that you don’t rely on your computer’s hard disk alone.

You can make your backups to an external hard disk, such as one connected to the computer via a USB cable.

More and more people are now turning to cloud backups. Cloud backups give you a secure way of transferring data over the Internet to a service such as Dropbox.

For the best protection, use a combination of physical and cloud backups. Doing so will mean your data should be safe even if a disaster were to strike. A service such as Acronis may suit you if you wish to go for the hybrid backup route.

Advanced Encryption Standard (AES)

Advanced Encryption Standard
What is AES and how does it work

AES, or Advanced Encryption Standards, is a cryptographic cipher that is responsible for a large amount of the information security that you enjoy on a daily basis.

Applied by everyone from the NSA to Microsoft to Apple, AES is one of the most important cryptographic algorithms being used in 2018.

What exactly is AES? How does it work? And can “non-techie” people like you and me apply it to be more secure in our daily lives?

That’s exactly what we will be discussing in this guide.

What is AES?

AES or Advanced Encryption Standards (also known as Rijndael) is one of the most widely used methods for encrypting and decrypting sensitive information in 2017.

This encryption method uses what is known as a block cipher algorithm (which I will explain later) to ensure that data can be stored securely.

And while I will dive into the technical nuances and plenty of fun cryptography jargon in a moment, in order to fully appreciate AES we must first backtrack for a brief history lesson.

AES Design

AES vs. DES (Background story)

Before diving into AES in all of its encrypted glory, I want to discuss how AES achieved standardization and briefly talk about its predecessor DES or Data Encryption Standards.

Basing their development on a prototype algorithm designed by Horst Feistel, IBM developed the initial DES algorithm in the early 1970’s.

The encryption was then submitted to the National Bureau of Standards who, in a later collaboration with the NSA, modified the original algorithm and later published it as a Federal Information Processing Standard in 1977.

DES became the standard algorithm used by the United States government for over two decades, until, in January of 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in under 24 hours.

They successfully concluded their efforts after only 22 hours and 15 minutes, bringing the algorithms weakness into the spotlight for all to see.

Over 5-years, the National Institute of Standards and Technology stringently evaluated cipher designs from 15 competing parties including, MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndael, among many others.

Their decision was not made lightly, and throughout the 5-year process, the entire cryptographic community banded together to execute detailed tests, discussions, and mock attacks in order to find potential weaknesses and vulnerabilities that could compromise each cipher’s security.

While the strength of the competing cipher’s was obviously of paramount importance, it was not the only factor assessed by the various panels. Speed, versatility, and computational requirements were also reviewed as the government needed an encryption that was easy to implement, reliable, and fast.

And while there were many other algorithms that performed admirably (in fact many of them are still widely used today), the Rijndael cipher ultimately took home the trophy and was declared a federal standard.

Upon its victory, the Rijndael cipher, designed by two Belgian cryptographers (Joan Daemen and Vincent Rijmen) was renamed Advanced Encryption Standard.

But this cipher’s success didn’t end with its standardization.

In fact, after the standardization of AES, the cipher continued to rise through the ranks, and in 2003 it was deemed suitable by the NSA for guarding Top Secret Information.

So why exactly am I telling you all of this?

Well, in recent years, AES has been the subject of much controversy as many cryptographers and hackers questions its suitability for continued use. And while I am not posing as an industry expert, I want you to understand the process required to develop the algorithm and the tremendous amount of confidence that even the most secretive agencies place in the Rijndael cipher.

DES vs AES

 

Common Uses of AES in 2017

Common uses of AESBefore I dive into some of the more technical details about how AES works, let’s first discuss how it’s being used in 2017.

It should be noted that AES is free for any public, private, commercial, or non-commercial use. (Although you should proceed with caution when implementing AES in software since the algorithm was designed on a big-endian system and the majority of personal computers run on little-endian systems.)

  1. Archive and Compression Tools

If any of you have ever downloaded a file off the internet and then gone to open that file only to notice that the file was compressed, (meaning that the original file size was reduced to minimize its affect on your hard drive) then you have likely installed software that relies on an AES encryption.

Common compression tools like WinZip, 7 Zip, and RAR allow you to compress and then decompress files in order to optimize storage space, and nearly all of them use AES to ensure file security.

  1. Disk/Partition Encryption

If you’re already familiar with the concept of cryptography and have taken extra measures to ensure the security of your personal data, the disk/partition encryption software that you use likely uses an AES algorithm.

BitLocker, FileVault, and CipherShed are all encryption software that run on AES to keep your information private.

  1. VPNs

The AES algorithm is also commonly applied to VPNs, or Virtual Private Networks.

For those of you who are unfamiliar with the term, a VPN is a tool that allows you to use a public internet connection in order to connect to a more secure network.

VPNs work by creating a “tunnel” between your public network connection and an encrypted network on a server operated by the VPN provider.

For example, if you regularly do work from your local coffee shop, you are probably aware that the public connection is incredibly insecure and leaves you vulnerable to all types of hacking.

With a VPN, you can easily solve this problem by connecting to a private network that will mask your online activities and keep your data secure.

Or, let’s say that you are traveling to a country with stringent censorship laws and you notice that all of your favorite sites are restricted.

Once again, with a simple VPN setup, you can quickly regain access to these websites by connecting to a private network in your home country.

It should be noted, however, that not all VPNs are created equally.

While the best VPNs (like ExpressVPN and NordVPN) rely on an AES-256 encryption, there are a number of outdated services that still rely on PPTP and Blowfish (a long since obsolete 64-bit encryption), so be sure to do your research before selecting a provider.

  1. Other Mainstream Applications

In addition to the above applications, AES is used in a plethora of different software and applications with which you are undoubtedly familiar.

If you use any sort of master password tools like LastPass or 1Password, then you have been privy to the benefits of 256-bit AES encryption.

Have you ever played Grand Theft Auto? Well, the folks over at Rockstar developed a game engine that uses AES in order to prevent multiplayer hacking.

Oh, and let’s not forget, any of you who like to send messages over WhatsApp or Facebook Messenger… You guessed it! AES in action.

Hopefully, you are now beginning to realize just how integral AES in running the entire framework of modern society.

And now that you understand what it is and how it’s used, it’s time to get into the fun stuff. How this bad boy works.

 

The AES Cipher

The AES cipher is part of a family known as block ciphers, which are algorithms that encrypt data on a per-block basis.

These “blocks” which are measured in bits determine the input of plaintext and output of ciphertext. So for example, since AES is 128 bits long, for every 128 bits of plaintext, 128 bits of ciphertext are produced.

Like nearly all encryption algorithms, AES relies on the use of keys during the encryption and decryption process. Since the AES algorithm is symmetric, the same key is used for both encryption and decryption (I will talk more about what this means in a moment).

AES operates on what is known as a 4 x 4 column major order matrix of bytes. If that seems like too much of a mouthful to you, the cryptography community agrees and termed this process the state.

The key size used for this cipher specifies the number of repetitions or “rounds” required to put the plaintext through the cipher and convert it into ciphertext.

Here’s how the cycles break down.

  • 10 rounds are required for a 128-bit key
  • 12 Rounds are required for a 192-bit key
  • 14 Rounds are required for a 256-bit key

While longer keys provide the users with stronger encryptions, the strength comes at the cost of performance, meaning that they will take longer to encrypt.

Conversely, while the shorter keys aren’t as strong as the longer ones, they provide much faster encryption times for the user.

Aren’t Symmetric Ciphers Easier to Break than Asymmetric?

Now before we move on, I want to briefly touch on a topic that has sparked a significant amount of controversy within the cryptographic community.

As I noted earlier, AES relies on a symmetric algorithm, meaning that the key used to encrypt information is the same one used to decrypt it. When compared to an asymmetric algorithm, which relies on a private key for decryption and a separate public key for file encryption, symmetric algorithms are often said to be less secure.

And while it is true that asymmetric encryptions do have an added layer of security because they do not require the distribution of your private key, this does not necessarily mean that they are better in every scenario.

Symmetric algorithms do not require the same computational power as asymmetric keys, making them significantly faster than their counterparts.

However, where symmetric keys fall short is within the realm of file transferring. Because they rely on the same key for encryption and decryption, symmetric algorithms require you to find a secure method of transferring the key to the desired recipient.

With asymmetric algorithms, you can safely distribute your public key to anyone and everyone without worry, because only your private key can decrypt encrypted files.

So while asymmetric algorithms are certainly better for file transfers, I wanted to point out that AES is not necessarily less secure because it relies on symmetric cryptography, it is simply limited in its application.

asymmetric vs symmetric

Attacks and Security Breaches Related to AES

AES has yet to be broken in the same way that DES was back in 1999, and the largest successful brute-force attack against any block cipher was only against a 64-bit encryption (at least to public knowledge).

The majority of cryptographers agree that, with current hardware, successfully attacking the AES algorithm, even on a 128-bit key would take billions of years and is, therefore, highly improbable.

At the present moment, there isn’t a single known method that would allow someone to attack and decrypt data encrypted by AES so long as the algorithm was properly implemented.

However, many of the documents leaked by Edward Snowden show that the NSA is researching whether or not something known as the tau statistic could be used to break AES.

Side Channel Attacks

Despite all of the evidence pointing to the impracticality of an AES attack with current hardware, this doesn’t mean that AES is completely secure.

Side channel attacks, which are an attack based on information gained from the physical implementation of a cryptosystem, can still be exploited to attack a system encrypted with AES. These attacks are not based on weaknesses in the algorithm, but rather physical indications of a potential weakness that can be exploited to breach the system.

Here are a few common examples.

  • Timing Attack: These attacks are based on attackers measuring how much time various computations need to perform.
  • Power-monitoring Attack: These attacks rely on the variability of power consumption by hardware during computation
  • Electromagnetic Attacks: These attacks, which are based on leaked electromagnetic radiation, can directly provide attackers with plaintext and other information. This information can be used to surmise the cryptographic keys by using methods similar to those used by the NSA with TEMPEST.

The Anthem Hacking: How AES Could Have Saved 80 Million People’s Personal Data

During February of 2015, the database for the Anthem insurance company was hacked, compromising the personal data of over 80 million Americans.

The personal data in question included everything from the names, addresses, and social security numbers of the victims.

And while the CEO of Anthem reassured the public by stating the credit card information of their clients was not compromised, any hacker worth his salt can easily commit financial fraud with the stolen information.

While the company’s spokesperson claimed that the attack was unpreventable and that they had taken every measure to ensure the security of their client’s information, nearly every major data security company in the world disputed this claim, pointing out that the breach was, in fact, completely preventable.

While Anthem encrypted data in transit, they did not encrypt that same data while it was at rest. Meaning that their entire database.

So even though the attack itself might have been unpreventable, by applying a simple AES encryption to the data at rest, Anthem could have prevented the hackers from viewing their customer’s data.

Conclusion

With the increasing prevalence of cyber-attacks and the growing concerns surrounding information security, it is more important now than ever before to have a strong understanding of the systems that keep you and your personal information safe.

And hopefully, this guide has helped you gain a general understanding of one of the most important security algorithms currently in use today.

AES is here to stay and understanding not only how it works, but how you can make it work for you will help you to maximize your digital security and mitigate your vulnerability to online attacks.

If you really want to dig into AES, I consider watching the video below by Christof Paar (it goes in-depth and it’s interesting, too):

If you have any further questions about AES or any insights that you have gained from cryptography-related research, please feel free to comment below and I will do my best to get back to you.

VPN vs. TOR

If you care about your privacy on the web then the “Tor vs VPN” question is something you’ll likely come across relatively quickly. While both Tor and VPN can make it safer for you to interact with the internet, they work quite differently under the hood. And based on your specific needs, one of these solutions is going to be more suitable for you.

This is where this comparison guide comes into play! Today, we’re looking into the differences between Tor vs VPN:

  • we explain the inner workings of each,
  • list the pros and cons,
  • tell you which option to go for as a responsible web user.

Your in-the-nutshell summary

I really do value your time, so if you just need a recommendation without wanting to go into the specifics of what’s sitting under the hood with both Tor and VPN, check out the table below:

Tor vs VPN: The differences compared
TorVPN
Core difference:A distributed network of nodes that routes your internet connection randomly, encrypting it at every node.A server that acts as a middleman between yourself and your destination on the web; it also encrypts your connection when passing it through.
Use it to:Protect what you’re doing inside the custom Tor web browser.Protect your whole activity on the web – including your standard web browser and activity in other apps.
Devices:The main Tor browser is available for Microsoft Windows, MacOS, GNU/Linux and Android.VPN apps by different providers are available for all popular platforms and devices.
Price:FreeThe good ones are paid. Still very affordable.
Makes you anonymous:YesOnly partly (the VPN firm knows who you are)
Provides security on the web:NoYes
Makes it impossible to trace you:YesNearly
Full data encryption:YesYes
Easy to set up and use:YesYes

Tor vs VPN in detail

Let’s discuss Tor and VPN one by one:

What is Tor?

Tor stands for “The Onion Router” and it’s a service that allows people to browse the web anonymously by routing their connection through a number of nodes.

In other words, rather than being just one thing that you need to connect to in order to use the service, Tor is a decentralized system that puts your connection through a whole network of random nodes on your way from point A to B.

For example, if you’re on your standard internet connection (no Tor or VPN), this is what your path looks like from A – your computer, to B – a website on the web that you want to visit:

tor vs vpn

(And please excuse this simplified illustration; there’s actually a lot more complexity involved in the inner workings of the web.)

In the scenario above, the destination place knows your IP address and has logs on when you visited, how long you stayed, what data you sent/requested, what machine you used, plus myriads of other details.

With Tor, it’s more like this:

using tor

Now, where the privacy component comes into play is that each Tor node only knows the IP address that comes immediately before and after that node. This means that the path of the information (or the information itself) is never known in full.

But that’s not all. Apart from those nodes sending your data back and forth, there’s also another layer of encryption added on top. Everything you’re sending/receiving is actually being encrypted multiple times as it’s being transferred between the nodes.

At the end of the day, the anonymity + the encryption is what gives you extreme privacy with basically no way to determine what you’re doing on the web. Not your ISP, nor any government, nor anyone else has the power to check your activity and use that information for whatever purpose.

How easy is it to get started with Tor?

In a word, very, very easy.

All you need in order to access the web via the Tor network is get the official Tor web browser and install it on your computer.

You can get that browser from the official website of the Tor project. There are versions available for Windows, MacOS, GNU/Linux and Android.

The installation is simple and it’s no different than how you’d install any other piece of software. After it completes, you can start the browser and connect with Tor via a single click.

tor browser

At this point, your connection is protected and you can browse whatever website you wish anonymously.

What is VPN?

VPN stands for “Virtual Private Network” and it’s a service that allows you to connect to the web safely by routing your connection through one VPN server.

Going back to our simple illustration; this, again, is what your connection looks like if you’re not using Tor nor VPN:

What is vpn sketch

Now with a VPN (again, this is a very simplified illustration):

using vpn

As you can see, there’s another player in the game – the VPN server. It’s basically a middleman that makes it appear as if you’re attempting to connect from a completely different location than where you actually are.

Though, to be a bit more specific, what a VPN actually does is it enables you to establish a safe, encrypted connection between your machine/computer and the VPN server. Then, the server does all the browsing and web consuming on your behalf. In other words, it appears as if the traffic is all originating from the VPN server itself and not from you.

With a VPN enabled, no one knows what you’re doing on the web nor what websites you’re visiting. All that your ISP or anyone else sees is a stream of encrypted data, not being aware of where it’s going or what it is.

Among other things, this makes it possible for you to use services that require their users to be residents of particular countries. In plain English, if Netflix hasn’t yet come to your country, a VPN will let you use it regardless.

How easy is it to get started with VPN?

Even though VPN sounds like a fairly sophisticated piece of technology – and it is – it’s also remarkably easy to use and get started with.

The most popular VPN solutions these days works as apps that you can install on your computer or smartphone normally, and begin using right away.

Literally, all you have to do is launch your VPN app of choice, click some form of a “connect now” button (you can also pick a VPN server location that you want to use), and, at this point, the app will begin securing your web presence on autopilot.

Just as an example, here’s what the process looks for Private Internet Access – one of our top recommended VPN services:

PIA install

 

Overall, the ease of use department is where Tor vs VPN provide similar experiences.

Pros and cons of Tor

PROS:

  • Free to use.
  • Makes your IP and activity on the web impossible to trace.
  • Makes you completely anonymous.
  • Easy to get started with.
  • It’s a distributed network – meaning that it cannot be destroyed by attacking a single node (Tor would just route around that one broken node).
  • Full data encryption done multiple times as your connection goes through individual nodes.
  • Portable. You can carry a “version of Tor” on a USB stick and use it at an internet cafe even.

CONS:

  • Can be slow due to all the jumps between different nodes as your data is being sent from and to the websites you’re visiting.
  • If the website you’re browsing doesn’t support SSL, that last node can be compromised (although highly unlikely, and not if you’re just using Tor for personal privacy and anonymity on the web).
  • Some governments around the world monitor uses of Tor due to its reputation and the fact that it’s often being utilized for nefarious purposes. The reasoning, “good honest people don’t need Tor.”
  • Tor only works as a custom web browser (at least if you don’t want to get into any complicated technical setups). This means that while it is great for protecting you browsing various websites, it doesn’t do anything to protect your other activity on the web that doesn’t involve a web browser. For instance, your Dropbox connections, your Netflix, your Torrents, other P2Ps, etc.

Pros and cons of VPN

PROS:

  • Much faster than Tor, due to the fact that you can always connect to a server that’s in an optimal location.
  • Encrypts all your internet activity and hides it from whoever might be trying to take a peek (your ISP, government, etc.).
  • Protects your IP and makes it impossible to identify you.
  • Great if you just want to access Netflix, Torrent, or any other P2P.
  • You can unblock most (if not all) geographically restricted websites (all you need to do is pick a VPN server in a country that’s allowed to access) – commonly referred to as “geo-spoofing.”
  • Allows you to keep your connection protected when in a cafe or using any other WiFi hotspot.
  • Easy to set up on nearly all modern devices and all types of internet connections.
  • Protects your whole web activity, not only your website browsing behavior. Meaning that it will take care of all your interactions with web browsers, all Netflix activity, Torrents, Dropbox, all other apps, etc.

CONS:

  • The VPN still knows who you are, so you’re not totally anonymous.
  • While there are free VPNs, you shouldn’t actually use them. Something you always have to remember when signing up for anything on the web is that, “if you’re not paying for the product, you’re the product.” For that reason, quality VPNs are paid services. Not expensive at all, though. You can get a good option for as low as ~$3 a month.
  • Some VPNs store logs, which kind of defeats the whole “web anonymity” purpose. Those logs can end up being handed over to the authorities in certain circumstances.
  • Some VPNs limit your bandwidth, which can stop your Netflix session mid-stream, for example.
  • Connection speed depends highly on the quality of the servers that your VPN offers in your country.
  • You need to pick a VPN that has a good reputation and that you can trust.

About that last point, it’s actually more than crucial!

At the end of the day, your level of privacy protection and security depends on the specific VPN’s standards and ways of conduct. With Tor, things are distributed – there are multiple nodes – so there’s no such problem per se. With a VPN, though, the quality of the VPN itself means the world.

In a nutshell, and I couldn’t stress this enough(!), make sure to choose a VPN that’s reputable, that has a good track record, that has good reviews on the web. Again, this is paramount!

If you want some suggestions, we have an in-depth VPN comparison – it looks into the popular VPN solutions in the market and points out their pros and cons.

In conclusion – Tor or VPN?

We’ve covered a lot of ground in this Tor vs VPN comparison, and I hope you will be able to make your own educated decision at this point based on all the data.

However, if you still don’t see much of a difference between Tor vs VPN from a user’s point of view – which, I agree, might be the case – here’s what I can say:

  • If you’re Edward Snowden, use Tor. (Meaning, use Tor if you’re dealing with uber-important business, scientific, or national information, and you have to do everything in your power to keep it confidential.)
  • If you just care for your everyday web privacy, security, and general anonymity, use a good VPN. It’s going to be more than enough.

Is there anything else you’d like us to cover in relation to the topic of Tor vs VPN? Don’t be shy to let us know!