How FREE VPNs Sell Your Data

John Mason

John Mason

We did an extensive research on multiple free VPNs and their privacy policy pages to find out if they have the right to sell/share your data. The results were shocking…

Selling data
Many free VPNs can sell or share your data to 3rd parties…

At TheBestVPN, we generally advise against the use of free VPNs.

The reason is simple – many of them simply sell your data to 3rd party advertisers.

And this defeats the whole purpose of having a VPN in the first place.

But there’s more:

1. Many free VPN services are not transparent about how they make money from you using their services; in most cases, when you’re not being sold a product you are most likely the product.

2. Most free VPNs simply sell your data to affiliated/partnered companies or to the third party who is willing to pay the most.

3. Some free VPNs have gotten caught using shady practices like injecting ads, referring affiliate traffic and more (more info can be found on the CSIRO research and FTC complaint against a free VPN).

9 Popular Free VPN Services That Can Sell Your Data

The following free VPNs can sell your data to 3rd parties (according to their privacy policy)

There are probably more as many free VPNs aren’t really upfront about how they make money. Below are the ones that admit selling or sharing your data (or aggregated data sets) to third parties:

1. Hola (Free VPN, 10+ Million Users)

“We may share “Anonymous” information with third parties…”
“We may share your email with our marketing partners…”
“You may be a peer for Luminati network…”

Hola VPN shares your data with 3rd parties
Image from: https://hola.org/legal/privacy

Unlike other free VPNs, Hola gives you unlimited data without displaying ads — no wonder 152 million people use their service. Unfortunately, like mom told you, if it sounds too good to be true, it most probably is.

A group of security researchers discovered multiple flaws in Hola and found that they aren’t as noble as they claim.

Besides the fact that Hola turns your computer into an exit node, they also sell access to your computer and network to third-parties through their commercial brand, Luminati. How do you opt out of this? There’s only one way: by subscribing to their premium subscription (proving once again that nothing good comes free).

It even gets worse: it was proven that Hola can be exploited to allow anybody to execute programs on the computers of its users.

In Hola’s defense, they were at least upfront in their privacy policy. They even made it clear that they may share your email with their marketing partners.

HOLA VPN sharing your info
Image from: https://hola.org/legal/privacy

They also make it clear in their TOS that by using Hola you become a peer on their paid Luminati network — in other words, access to your computer could be sold to people paying to use their services:

Hola VPN uses you as a peer
Image from: https://hola.org/legal/privacy

Here’s exactly how Hola makes money on you:

  • They share your email with their marketing partners.
  • They sell your traffic to users of their business arm, Luminati.
  • They can share your “anonymous” information with third parties.
  • They sell access to your computer and network – making it serve as an exit node through which other users (including people paying them) can access the Internet – although they didn’t indicate this on their website, it has been widely reported (since 2015) by reputable media publications.

2. Betternet (Free VPN, 38 Million Users)

Advertisers may also place cookies in your browser that may allow them to collect certain information about your browsing history…

Betternet adds advertisers cookies
Image from: https://www.betternet.co/privacy-policy

If you’ve done more than a few minutes of research about free VPNs, you’ve probably come across Betternet. This VPN service recently came out of nowhere to become one of the leading free VPN service providers. They now boast over 38 million users. They make it clear that they make money by offering free sponsored apps and by displaying video and other ads. They also allow advertisers to track and log information of users of their free VPN:

Worse, the CSIRO research paper on free VPN apps found that Betternet has the highest number of tracking libraries of all free VPN services (14 in total).

Here’s exactly how Betternet makes money on you:

  • By allowing advertisers to track and log your data – basically giving them carte blanche access to as much of your information as they need.
  • By allowing advertisers to include cookies in your browser.
  • By displaying ads, including sponsored apps, videos, and other types of ads.

3. Opera VPN (Free VPN)

“Our services include third-party technology or code that may use the collected data. We may share anonymized data and/or aggregated sets of data with our partners…”

OperaVPN shares your data with 3rd parties
Image from: https://www.opera.com/privacy

Opera’s free VPN is a free VPN service that comes embedded in the Opera browser: you install the browser and have access to the free VPN service.

On the surface, the “catch” of the free VPN seems to be simple: to drive adoption of Opera’s browser. We wish it were that simple!

Research shows that Opera’s free VPN actually engages in other practices to make money off their free VPN user. Their privacy policy makes it clear that they share your data with third-parties and allow third-party services to monitor your data.

Here’s exactly how Opera VPN makes money on you:

  • By sharing your data with third-parties and marketing partners.
  • By allowing advertisers and marketing partners to track your data.

4. HotSpot Shield (Free VPN, 500+ Million Users)

Can share your information with their “ad partners”

Hotspot shield data selling policy
Image from: https://www.hotspotshield.com/privacy/

With over 500 million users, Hotspot Shield is undoubtedly the most popular free VPN service.

When you have that many users, you have data that is a potential goldmine for advertisers… and Hotspot Shield is certainly not just being charitable by providing free VPN to hundreds of millions of people.

They make money off users in a lot of ways:

While Hotspot Shield makes it clear in its terms of service that it displays ads to users of its free VPN service, it is not very upfront about the fact that it makes money off users through other unscrupulous means.

Less than a year ago, The Center for Democracy and Technology issued a complaint to the FTC claiming that Hotspot Shield not only shares data of its free VPN users, but it also redirects their traffic to third-party affiliate sites.

Here’s how Hotspot Shield makes money on you:

  • May share your data with 3rd parties.
  • By redirecting your traffic to affiliate partners (FTC Complaint in 2017).
  • By displaying advertisements in front of apps and websites you use.
  • By setting you a data cap of 500Mb/day.

5. Psiphon (Free VPN, 1+ Million Users)

“We may use technology such as cookies and web beacons. Our advertising partners’ use of cookies enable them and their partners to serve ads based on your usage data…”

Psiphon data sharing policy
Image from: https://www.psiphon3.com/en/privacy.html

When it comes to the free VPN game, Psiphon is no newbie. They’ve been offering their free VPN service since 2008, which is a long time in the Internet age. However, they support their ability to offer this free VPN by sharing your data with advertisers and letting advertisers track your data usage.

While they generally defer to their advertising partners’ privacy policies, the policies of these partners show that they do use and share your data. With annual revenue estimated to be over $2.2 million, Psiphon sure seems to be making some money!

Here’s exactly how Psiphon makes money on you:

  • By sharing your data with their advertising partners.
  • By allowing their advertising partners to track your Internet usage.
  • By displaying ads to you.

6. Onavo Protect (Free VPN)

“We may share (or receive) information, including personally identifying information, with our Affiliates…”

Onavo Protect policy
Image from: https://www.onavo.com/privacy_policy/

Onavo Protect is a VPN service owned by Facebook. Facebook has been in the middle of several scandals relating to how they collect and use user data, so it won’t be surprising to find that Onavo has the same issue — they were recently in the news due to their data usage practices. Onavo makes it clear from the get-go that they do log user data and share this information with third-parties:

Here’s exactly how Onavo Protect makes money on you:

  • They share your information with affiliates and third-parties.
  • They use your information for several purposes including advertising and marketing purposes.
  • They display ads to you.

7. ZPN (Free VPN, 8+ Million Users)

 “May share, sell and rent your personal information with affiliated companies/people..”

How ZPN sells/shares your data
Image from: https://zpn.im/privacy-policy

With more than 8.2 million users, ZPN is certainly not a free VPN service you can ignore. The 10GB monthly data they offer is generous compared to what is offered by other VPN services.

According to them, they won’t share your data with “non-affiliated” companies unless under conditions including…

Read that again.

What about “affiliated” companies?

According to their Privacy Policy, they seem to do that…

Here’s exactly how ZPN makes money on you:

  • There’s a high possibility of sharing your data with their partners.
  • By limiting your monthly data to 10GB per month in order to get you to upgrade to a paid plan.
  • By limiting your bandwidth in order to get you to upgrade to a paid plan.
  • By disabling P2P (and torrenting) and limiting your access to five locations in order to get you to upgrade to a paid plan.

8. FinchVPN (Free VPN)

“We may share with third parties certain pieces of aggregated information…”

FinchVPN data sharing policy
Image from: https://www.finchvpn.com/privacy

FinchVPN seems more secure than most free VPN services. They have a generous 3GB monthly data and seem to take user privacy more seriously than most free VPN services. However, they limit the number of servers you can access in order to get you to upgrade.

They may also share data of user activity with third parties.

Here’s exactly how FinchVPN makes money on you:

  • They may share aggregate data of users with third-parties.
  • They limit your monthly data to 3GB and restrict the number of servers you can access in order to get you to upgrade to a paid plan.

9. TouchVPN (Free VPN)

“We may share your “anonymous” information with third parties, for additional purposes, including marketing…”

TouchVPN data sharing policy
Image from: https://www.northghost.com/privacy
touchvpn marketing

TouchVPN is another shady, free VPN that adds Cookies, Pixel Tags, and Web Beacons to your browser while you use their service.

Though they are some-what upfront about sharing your “anonymous” data with third parties for marketing purposes.

Sadly, they don’t elaborate much on “anonymous data”.

10. Private Pipe VPN (Free VPN)

“We may share “personal data” and “anonymized information” with affiliated and non-affiliated third parties…”

Private Pipe VPN promises “a simple, no nonsense, VPN” that offers completely free service, unlimited data, and malware protection without requiring its users to have any technical knowledge. However, in their privacy policy, they do not hide the fact that they make money by sharing/selling user data:

privatepipevpn privacy policy 1
Image from: https://www.privatepipevpn.com/privacy-policy-us.html

Now, while they claim that personal identifiers are removed in data they share/sell, another part of their privacy policy indicates that they may share “personal data” with affiliates — whatever that means!:

Privatepipevpn priacy policy 2
Image from: https://www.privatepipevpn.com/privacy-policy-us.html

Here’s exactly how Private Pipe VPN makes money on you:

  • By selling/sharing your data with advertisers.
  • By displaying targeted ads when you browse websites using their app.

11. #VPN by Apalon (Free VPN)

“We may share “aggregated information”… with third parties, including advisors, advertisers, and investors…”

With over 5,000 ratings on the Apple store, #VPN is one of the more popular free VPN services available to Apple device users. It promises multiple virtual locations and unlimited data to enable you access websites and apps privately. However, besides the fact that ads and in-app purchases are offered to users of #VPN, they also make it clear that they may share your information with third-parties:

#VPN by Apalon privacy policy
Image from: https://www.apalon.com/vpn/privacy_policy.html

Now, while they claim they only share aggregate information, they collect so much more information that it’s worrisome. #VPN collects the following information:

  • your timestamp
  • device information
  • location data
  • service provider information
  • hardware device information
  • they may also collect your movement data.

That’s more than is necessary for a free VPN app!

Here’s exactly how #VPN makes money on you:

  • By sharing your information with advertisers and third-parties
  • By displaying ads to you
  • By offering in-app purchases to you

12. Tuxler (Free VPN)

“We also share “technical data” that we collect about your browsing habits and your device…”

“Here at Tuxler, your privacy is our business – not someone else’s,” Tuxler boldly states on its homepage. But really?

While Tuxler touts the fact that users of its free VPN service can choose from “millions of locations,” we had to dig deeper to see what the catch is. We didn’t have to dig too long. It’s right there on their privacy policy page: they share data about your browsing habits and your device with advertising companies in order to allow them target ads to you.

Tuxler privacy policy
Image from: https://tuxler.com/privacy-policy/

Here’s exactly how Tuxler makes money on you:

  • By sharing your data with advertisers and third-parties.
  • By displaying advertisements to you.

13. GO VPN (Free VPN)

“We also cooperate with a third party in various ways to utilize data collected, processed and handled…”

If you’ve tried looking for a free VPN app on the Google Play Store before, you’ve most likely come across the GO VPN app offered by the VPN Master team. Like almost every other free VPN, this app promises unlimited data with no registration or settings. All you need to do is “install and push the ON” button.

Unfortunately, our investigation revealed that there is something sinister going on: The high number of permissions required should be the first red flag. This app requires the following permissions:

  • Access to your device and app history
  • Access to read your phone status and identity
  • Access to read, modify and delete your phone media
  • Access to read your phone status and identity
  • Access to check your Google play license
  • Access to prevent your device from sleeping

We believe that’s too much access for a VPN app, but some extra digging makes clear why: The GO VPN app is offered by Talking Data, a Chinese big data company that sells data and information to willing buyers, and their privacy policy makes it clear that when you use their apps you are giving them permission to share/sell your data to their partners, and that they will use your information to build their data database:

Talking Data privacy policy
Image from: https://www.talkingdata.com/privacy.jsp

Here’s exactly how GO VPN makes money on you:

  • By selling/sharing your data with third parties for marketing purposes.
  • By displaying advertisements to you when you use their free VPN.

14. Hexatech (Free VPN)

Hexatech promises 100 percent free unlimited VPN access to users — and with over 1 million installs there must be a catch!

Hexatech was created by Betternet, one of the major data abusers on our list. Don’t let the fancy name deceive you, though! Hexatech is governed by the same principles and privacy policies as Betternet, and the same rules apply: they allow advertisers to track and log your data and do with it whatever they please.

Here’s exactly how Hexatech makes money on you:

  • By allowing their advertisers to track and log your data — and to use your information however they deem fit.
  • By displaying ads — including sponsored apps, videos, and other types of ads.

We Don’t Recommend Using FREE VPNs

Besides the obvious, using you as a product, free VPNs often go an extra mile to get more money from you.

Despite advertising themselves as “free VPNs”, they often set a very low data cap (bandwidth) so you can only use their service a few hours a month. Common data caps are 250mb/day, 500mb/mo, 2GB/mo and 10GB/mo.

Many free VPNs like TurboVPN and Betternet also include additional ads in your browsing activity.

Last, but not least, the vast majority of free VPN servers are overwhelmed with other folks who make your browsing (or streaming) activity extremely slow.

Free VPNs also tend to leak your DNS and keep your log files.

In a nutshell, if you want to stay secure and safe, free VPNs aren’t the best option. You’d be better off relying on your ISP instead of a sketchy, money-hungry VPN provider.

15 Best Torrent Sites

John Mason

John Mason

Torrent sites come and go. But some of them stick around for a longer period of time. In this article, I’ve included 15 most popular torrenting sites and compared their size, formats and download speed towards each other.

Finding a site for torrenting can be very tricky.

First, the cat-and-mouse game between political authorities and some of the popular torrent sites often results in torrent sites shutting down really quickly.

Second, there are a lot of torrent sites riddled with ads and malware that provide low-quality torrent files or even fake torrents all together. To address this, we decided to compile a list of the best torrent sites for 2018 while providing the following information to give you a true assessment of the state of a torrent site:

  • Year established: This is a sort of “reliability gauge.” The older a site the more reliable it is. A popular torrent site that’s been able to survive five, 10, or more years without being shut down must be very reliable.
  • Popular content formats: We include some of the popular content formats available on the torrent sites we feature.
  • Banned in the following countries: If we have information that a torrent site has been banned in a particular country, we include this information.
  • Supports instant downloads: We indicate whether a torrent site supports instant download or not.
  • Mirrors/Alternate URLs/IPs: We include mirror sites and/or IP addresses to allow you other means of accessing a torrent site in case it has been blocked by your ISP.
  • Number of torrents: We include the total number of torrents available on a site at the time of compiling this list.
  • Speed test: We downloaded the same file from all of these websites using ExpressVPN and listed the results under each torrenting website (100MB/s connection out of Estonia).

1. Torrentz2

TorrentZ2 torrent site

Torrentz2 is a popular torrent search engine that sprang up in 2016 when Torrentz shut down. Torrentz2 combines results from other search engines to provide one of the biggest databases of torrents. The torrent search engine boasts of having over 61 million torrents and our research shows that it has more movie torrents than other types of torrents.

  • Year established: 2016
  • Popular content formats: Movies, TV Series, Music, Applications, Games.
  • Banned in the following countries: None.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: Torrentz2.me, Torrentz2.is, Torrentzwealmisr.onion
  • Number of torrents: 61 million+

Download Speed

The average DL speed was 1.9MB/s

Torrentz2 download test

 

2. iDope

iDope torrent site

iDope is a torrent search engine that provides direct magnet links to torrents. Besides having a massive database of over 18 million torrents, it features a clean UI and has a mobile version that makes torrenting on smartphones easy.

  • Year established: 2016
  • Popular content formats: Movies, TV Shows, Music, Games.
  • Banned in the following countries: None.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: idope.bypassed.bz
  • Number of torrents: 18,450,000+

Download Speed

The average DL speed was 3.7MB/s

iDope download test

 

3. Torrent Downloads

TorrentDownloads torrent site

Torrent Downloads is a torrent index with one of the biggest databases out there. At the time of compiling this list, it features over 16 million torrents.

  • Year established: 2007
  • Popular content formats: TV Shows, Movies, Music, Books, Games, Software.
  • Banned in the following countries: United Kingdom.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: torrentdownloads.unblockall.org, torrentdownloads.unblocker.cc
  • Number of torrents: 16,121,000+

Download Speed

The average DL speed was 1.8MB/s

Torrent Downloads download test

 

4. LimeTorrents

Limetorrents torrent site

With over 9.8 million torrents, LimeTorrents is one of the torrent sites with the biggest databases out there. It offers torrents for several content types such as movies, TV shows, games, and applications. It is currently banned in Australia and France.

  • Year established: 2009
  • Popular content formats: Movies, TV Series, Music, Games, Applications, Anime.
  • Banned in the following countries: Australia, France, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: limetorrents.asia, limetor.club, limetorrents.info
  • Number of torrents: 9,833,000+

Download Speed

The average DL speed was 2.8MB/s

Lime torrents download test

 

5. Bit Torrent Scene

Bit Torrent Scene torrent site

Bit Torrent Scene is one of the leading sources of torrents online. It allows users to torrent movies, TV series, music, games, software and ebooks.

  • Year established: 2017
  • Popular content formats: Movies, TV series, Music, Games, Software, Ebooks.
  • Banned in the following countries: None.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: btsproxy.com, btscene.unblocker.cc, bittorrentstart.com
  • Number of torrents: 5,118,000+

Download Speed

The average DL speed was 3.6MB/s

BitTorrentScene download test

 

6. Torlock

Torlock torrent site

Torlock is a torrent index and search engine mainly focused on TV series and movies. Torlock is particular about ensuring that users have access to only genuine torrents, and it takes this so seriously that it once introduced a program that pays users $1 for every fake torrent they are able to find on its site.

  • Year established: 2010
  • Popular content formats: Movies, TV Series, Games, Music, Applications, eBook, Anime.
  • Banned in the following countries: Australia, India, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: torlock.unblocked.mx
  • Number of torrents: 4,440,000+

Download Speed

The average DL speed was 3.1MB/s

TorLock download test

 

7. The Pirate Bay

The Pirate Bay torrent site

The Pirate Bay is certainly the biggest torrent site in the world and one of the most controversial to ever exist. It has been blocked in at least 28 countries and has survived battles with some of the world’s most powerful governments. This site is over 15 years old, however, and as a result ranks high in terms of reliability. It allows users to torrent movies, TV series, books, applications, games and music. Our research shows that the majority of torrents on TPB are movies and TV shows.

  • Year established: 2003
  • Popular content formats: TV Shows, Movies, Music, Games, and Applications.
  • Banned in the following countries: Argentina, Australia, Austria, Belgium, China, Denmark, Finland, France, Germany, Iceland, India, Indonesia, Iran, Ireland, Italy, Kuwait, Malaysia, Netherlands, Norway, Russia, Saudi Arabia, Singapore, Spain, Sri Lanka, Sweden, Turkey, United Arab Emirates, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: ThePirateBay.red, Tbp.tw, TPBMirror.org
  • Number of torrents: 3,286,000+

Download Speed

The average DL speed was 3.1MB/s

ThePirateBay download test

 

8. Zooqle

Zooqle torrent site

Zooqle is relatively younger compared to most of the other torrent sites featured on this list. It’s a torrent index specializing in verified torrents, and with a database of over 3 million torrents it certainly shouldn’t be taken for granted. While it features content in a variety of categories, movies and TV series are especially popular on the site.

  • Year established: 2013
  • Popular content formats: TV Shows, Movies, Music, Games, Applications, Books.
  • Banned in the following countries: None.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: zooqle.unblocked.mx, zoqle.bypassed.org
  • Number of torrents: 3,200,000+

Download Speed

The average DL speed was 3.5MB/s

Zooqle download test

 

9. 1337x

1337x torrent site

At the time of compiling this list, 1337x has been online for 11 years. That ranks it high in terms of reliability. It provides a directory of torrent files and magnet links, and is often touted as the best alternative to The Pirate Bay. Our analysis shows that over 90 percent of the top 100 torrents on 1337x are movies.

  • Year established: 2007
  • Popular content formats: Movies, TV Series, Games, Music, and Applications.
  • Banned in the following countries: Austria, Australia, Ireland, United Kingdom.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: 1337x.st, x1337x.ws, x1337x.eu
  • Number of torrents: 2,375,000+

Download Speed

The average DL speed was 686.3KB/s

1337x download test

 

10. YourBittorrent

YourBittorrent torrent site

YourBittorrent has a somewhat controversial history. While founded in 2009, it really began operation in its original form in 2003 as a collaboration between two partners — the product of which was myBittorrent; one of the partners wanted the website eventually shut down while the other partner wanted it to become bigger. This led to a split, the product of which is YourBittorrent.

  • Year established: 2009
  • Popular content formats: Movies, TV Series, Software, Games, Music, Anime, Ebooks.
  • Banned in the following countries: Portugal, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: 104.31.17.3
  • Number of torrents: 1,190,000+

Download Speed

The average DL speed was 1MB/s

YourBitTorrent download test

 

11. Demonoid

Demonoid torrent site

When it comes to reliability, you can count on Demonoid. The popular BitTorrent tracker was launched in 2003, the same year as The Pirate Bay, and it’s had its own fair share of downtime due to political pressure. The site with over 10 million users has over 800,000 torrent files and provides torrents for movies, TV series, music, books, applications, and games. Our research shows that Demonoid has more movies and TV series than other files, followed by music.

  • Year established: 2003
  • Popular content formats: Movies, TV series, Music, Books, Applications, Games.
  • Banned in the following countries: Ukraine, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: Dnoid.me, Demonoid.unblocked.bet
  • Number of torrents: 893,000+

Download Speed

The average download speed was 1.8MB/s

Demonoid download test

 

12. RARBG

RARBG torrent site

RARBG is a popular torrent site that was established in 2008. Our research shows that the popular torrent site that provides torrent files and magnet links has more movies than other types of files.

  • Year established: 2008
  • Popular content formats: Movies, TV Shows, Games, Music, Software.
  • Banned in the following countries: Bulgaria, Denmark, Indonesia, Ireland, Morocco, Pakistan, Portugal, Saudi Arabia, United Kingdom.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: 185.37.100.122
  • Number of torrents: 811,000+

Download Speed

The average DL speed was 1.3MB/s

RarBG download test

 

13. TorrentsGroup

torrentsgroup torrent site

This torrent site was established in 2016 and has since grown to host over 225,000 torrents. It allows users to torrent movies, TV series, apps, and documentaries amongst other types of files.

  • Year established: 2016
  • Popular content formats: Movies, TV Series, Anime, Apps, Documentaries, Games.
  • Banned in the following countries: None.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: 104.18.52.165
  • Number of torrents: 225,000+

Download Speed

The average DL speed was 5.5MB/s

TorrentsGroup download test

 

14. EZTV

EZTV torrent site

Many avid torrenters will know EZTV, a popular TV torrent distribution site that was founded in 2005. After experiencing a hostile takeover, EZTV was claimed by a new group operating at EZTV.AG. While many popular torrent sites ban releases from EZTV due to its history, many have found its torrents to be of great quality.

  • Year established: 2015
  • Popular content formats: TV Series/Movies.
  • Banned in the following countries: Australia, Ireland, United Kingdom.
  • Supports instant downloads: Yes.
  • Mirrors/Alternate URLs/IPs: eztv.red, eztv.unblocked.mx, eztv.unblocked.bet
  • Number of torrents: 153,000+

Download Speed

The average DL speed was 3.7MB/s

EZTV Download test

 

15. YTS.AM

YTS.AM torrent site

YIFY movies are known to have excellent video quality at the smallest file sizes. YTS.AM is the leading source of YIFY torrents online.

  • Year established: 2011
  • Popular content formats: Movies.
  • Banned in the following countries: Ireland.
  • Supports instant downloads: No.
  • Mirrors/Alternate URLs/IPs: yts.unblocked.mx, yts.unblocked.mx
  • Number of torrents: 7,200+

Download Speed

The average download was 1.8MB/s

YTS.AM download test

What torrent sites you have you used or use? Leave a comment below :).

VPN Usage, Data Privacy & Internet Penetration Statistics

John Mason

John Mason

In this in-depth research, we’re covering all the important statistics and figures for VPN usage, Internet penetration and data privacy. Here’s a full list of resources used in this article.

VPN Usage Statistics – Table of Contents

VPN Access by Device

The use of Virtual Private Networks (VPNs) has grown considerably in recent years, as public awareness and applications continue to rise. In fact, one quarter of all Internet users have accessed a VPN in the last month, with mobile access growing in popularity:

  • Desktop – 17%
  • Mobile – 15%
  • Tablet – 7%
VPN access by device

VPN Usage Frequency

For many users, VPNs have become an integral part of daily life. Of those who accessed a VPN in the last month:

Every day 4-5 times a week 2-3 times a week Once a week 2-3 times a month Once a month
Desktop: 35% Desktop: 15% Desktop: 14% Desktop: 10% Desktop: 7% Desktop: 6%
Mobile: 42% Mobile: 13% Mobile: 11% Mobile: 9% Mobile: 6% Mobile: 5%
VPN usage frequency

VPN Usage by Age & Gender

Across all users, VPNs remain most popular amongst younger generations, particularly males. The number of females accessing VPNs has increased on previous years, however:

VPN Users by Age: VPN Users by Gender:
16-24: 35% Male: 62%
25-34: 33% Female: 38%
35-44: 19%
45-54: 9%
55-64: 4%
VPN usage by age and gender

Regional VPN Usage (of all internet users)

The Asia-Pacific region continues to be heaviest users of VPNs, although they are continuing to grow in popularity among Latin American and Middle Eastern users:

  • Asia Pacific: 30%
  • Europe: 17%
  • Latin America: 23%
  • Middle East & Africa: 19%
  • North America: 17%
Regional VPN usage

Emerging Markets Lead for VPN Usage

Given their applications in bypassing Internet censorship and hiding browsing activity, it’s no surprise that emerging markets lead for VPN usage:

Top Ten Markets

  • Indonesia: 38%
  • India: 38%
  • Turkey: 32%
  • China: 31%*
  • Malaysia: 29%
  • Saudi Arabia: 29%
  • Brazil: 26%
  • Vietnam: 25%
  • UAE: 25%
  • Philippines: 25%
Top ten markets for VPNs

*China’s percentage is likely to drop in 2018, as the Government attempts to crack down access to VPN providers in the country.

Reasons Why People Use VPN

So, why are people using VPNs? Although motivations differ depending on the region, the top motivations across all users are:

Access better entertainment content: 50%
Access social networks, or news services: 34%
Keep anonymity while browsing: 31%
Access sites / files / services at work: 30%
Access restricted download / torrent sites: 27%
Communicate with friends / family abroad: 25%
Hide my web browsing from the government: 18%
Access a Tor browser: 17%
VPN usage motivator

But a stronger pattern begins to emerge when we look at the regional differences:

VPN usage motivator by region

Accessing entertainment remains the strongest motivator even when regional differences are factored in, although retaining anonymity while browsing the Internet is a major application in certain countries:

Argentina Ireland Singapore
Australia Italy South Africa
Belgium Japan South Korea
Brazil Malaysia Spain
Canada Mexico Sweden
China Netherlands Taiwan
Egypt New Zealand Thailand
France Philippines Turkey
Germany Poland UAE
Hong Kong Portugal UK
India Russia USA
Indonesia Saudi Arabia Vietnam

Access better entertainment content
Keep my anonymity while browsing
Access restricted download / torrent site

VPN usage motivators by country

VPN Users Paying for Content

Despite the primary motivation being entertainment content for most users worldwide, those who access VPNs are not pirates. 77% of VPN users are buying digital content each month, across a wide range of formats:

Percentage of VPN users who paid for the following in the last month:

  • Music download: 33%
  • Music streaming service: 27%
  • Movie or TV streaming service: 27%
  • Mobile app: 27%
  • Movie or TV download: 26%
VPN users paying for content

Online Users & Digital Statistics

It’s worth considering the growth of VPN usage alongside the global increase in overall Internet access, alongside the dramatic and continued growth of social media and mobile phone usage:

In 2018, there are:

  • 4.021bn Internet users (7% increase on last year)
  • 3.196bn social media users (13% increase on last year)
  • 5.135bn mobile phone users (4% increase on last year)
Online users in 2018

Social media use has continued its impressive climb since 2017, with one in every three minutes spent online now devoted to social media. Globally, digital consumers are now spending an average of 2 hours and 15 minutes per day on social media networks and messaging. According to a recent survey, the top motivations for accessing social media in 2018 are:

  • To stay in touch with what friends are doing: 42%
  • To stay up-to-date with news and current events: 41%
  • To fill up spare time: 39%
  • To find funny or entertaining content: 37%
  • General networking with other people: 34%
Reasons for social media usage

The average internet user now spends around 6 hours each day using internet-powered devices and services – approximately one-third of their waking lives. If we add this together for all 4 billion of the world’s internet users, we’ll spend a staggering 1billion years online in 2018.

Global Internet Penetration

Although internet use is growing, access is not distributed evenly around the world. Internet penetration rates are still low across Central Africa and Southern Asia, but these regions are seeing fast growth in internet adoption.

The global average for Internet penetration is 53%. By region however:

North America: 88% Southern Europe: 77% Western Asia: 65%
Central America: 61% Northern Africa: 49% Southern Asia: 36%
The Caribbean: 48% Western Africa: 39% Eastern Asia: 57%
South America: 68% Middle Africa: 12% Southeast Asia: 58%
Northern Europe: 94% Southern Africa: 51% Oceana: 69%
Western Europe: 90% Eastern Africa: 27%
Eastern Europe: 74% Central Asia: 50%
Global internet penetration by region

 

The highest penetration percentages in the world belong to Qatar and the United Arab Emirates, both of whom boast an incredible 99%. Perhaps unsurprisingly, the lowest is North Korea, with a shockingly low 0.6% penetration rate.

Internet Access by Device

As you might expect, more people are now accessing the Internet via smartphones, accounting for a greater share of web traffic than all other devices combined:

  • Laptops and Desktops – 43%
  • Smartphones – 52%
  • Tablet devices – 4%
  • Other devices – 0.14%
Internet access by device type

In addition to a greater number of devices, mobile connections are also getting faster worldwide. GSMA Intelligence reports than more than 60% of mobile connections can now be classified as ‘broadband’:

The percentage of broadband connections compared to population
Northern America: 95% Western Europe: 98% Middle Africa: 12%
Central America: 62% Eastern Europe: 92% Southern Africa: 83%
The Caribbean: 30% Southern Europe: 97% Eastern Africa: 22%
South America: 82% Northern Africa: 59% Central Asia: 40%
Northern Europe: 109% Western Africa: 33% Western Asia: 63%
Broadband connections

The fastest mobile Internet connection speeds are found in Norway, where the average speed is 61.2 MBPS. The slowest is in Iraq, with an average speed of 4.2 MBPS. Thanks in part to the continued global increase in download speeds, the average global smartphone user now uses 2.9GB of data every month – a rise of more than 50% on last year.

This continued growth of mobile-first Internet use is, unsurprisingly, being driven by Millennials. Of 34 tracked online activities:

Millenials Gen X Baby Boomers
Mobile first – 31 Mobile first – 17 Mobile first – 7
Laptop first – 3 Laptop first – 17 Laptop first – 27
Millenials Lead Mobile - First

As you might expect, much of the growth in social media and mobile-first Internet is down to the US and, to a lesser extent, the UK:

United Kingdom snapshot: United States snapshot:
Population: 66.38 million Population: 325.6 million
Internet Users: 63.06 million Internet Users: 286.9 million
Active Social Media Users: 44 million Active Social Media Users: 230 million
Mobile Subscriptions: 73.23 million Mobile Subscriptions: 340.5 million
Active Mobile Social Media Users: 38 million Active Mobile Social Media Users: 200 million
UK Internet penetration US Internet penetration

Data Privacy

With an increase in cyber attacks and ever-growing internet access, concerns around data privacy have become far more prominent. As the general-public becomes more informed about the information businesses and governments collect on them, their worries about the use or mismanagement of this data have increased:

  • 95% of Americans are concerned about how companies use their data.
  • More than 80% are more concerned today than they were a year ago.
  • More than 50% of Americans are looking for new ways to safeguard their personal data.
Privacy Concerns

It would seem their concerns are warranted too, with 31% of Americans saying their online life is worth $100,000 or more. Despite this, only one in four Americans believe they’re ultimately responsible for ensuring safe and secure Internet access, and 51% of consumers have had online and mobile accounts compromised in the previous year.

Most people place the responsibility for safe Internet access and the safeguarding of their data with corporations, but many IT professionals are concerned about businesses ability to effectively protect this data:

  • 95% of businesses have sensitive data in the cloud.
  • 93% of IT professionals report challenges with ensuring data privacy.
  • 82% of businesses have employees who do not follow data privacy policies.
Why businesses remain vulnerable

These concerns have led to a significant lack of trust from the public, with consumers expressing growing anxiety over the security of their records with corporations:

few express confidence that records will be kept secure
Sources:

Five Eyes, Nine Eyes & 14-Eyes Countries and VPN Jurisdiction

John Mason

John Mason

In this article, I’ll share the differences between different alliances (4 Eyes, 9 Eyes and 14 Eyes) as well as how it affects your anonymity when using a VPN.

Here’s all you need to know about VPN jurisdiction, five eyes, nine eyes and fourteen-eyes alliances and countries. It’s highly recommended that you choose a VPN outside these jurisdiction for full anonymity and data protection.

Important Factors of a VPN Company Jurisdiction

VPN Jurisdiction – This refers to the laws and regulations surrounding virtual private networks in a given country. Most countries allow citizens and residents to use VPNs under their legal system, but it is important to consider the level of control a given national government retains over your VPN use.

VPN Provider Location – This refers to where the VPN provider is located as a business, which may not be the same as where the company maintains its VPN servers. Again, depending on the extent to which the relevant authorities oversee VPN use, you may want to choose a VPN provider located outside of your country of residence.

VPN Server Location – This refers to where the VPN provider has decided to set up servers, which may not be the same as where they operate on a day-to-day basis. One VPN provider may have servers in multiple locations, and often, you the user will be able to choose from a number of VPN server locations from a single VPN provider.
 

Country-by-Country Guide to VPN Jurisdictions

At TheBestVPN, we always try to be as thorough as possible. Below you will find 31 countries listed with the legality of VPNs in that country, whether or not they are a member of a 5, 9 or 14-Eyes member, some commentary and one or more VPN providers you can start your search with.

For your convenience, here is a list with jump-to links for easy reference:

 

VPN Jurisdiction: Australia

  • Are VPNs legal in Australia? Yes
  • Five Eyes Alliance member
  • VPN use is completely legal in the land down under. However, since Australia is a member of the Five Eyes alliance, any data passing through and stored on VPN systems domiciled in the country is still subject to the surveillance protocols implemented by the intelligence-sharing alliance.

Sources:
Regional Overview: Australia & New Zealand. Open Net Initiative.

Freedom on the Net 2017 Country Profile: Australia. Freedom House.

Popular Australia-based VPN providers:

 

VPN Jurisdiction: British Virgin Islands

  • Are VPNs legal in the British Virgin Islands? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • While an overseas territory of the UK, the British Virgin Islands (BVI) is an autonomous nation with its own legislature and code of laws. Lacking its own foreign intelligence apparatus, the BVI is not a member of any international signals intelligence-sharing alliance. That means VPN systems based in the territory are not subject to surveillance laws enabling intelligence agencies to legally access or intercept customer data. Moreover, there are no data retention laws in the territory.
  • BVI-based ExpressVPN consistently ranks among the top-rated VPN providers around the world.

Sources:
Regional Overview: Australia & New Zealand. Open Net Initiative.

Freedom on the Net 2017 Country Profile: Australia. Freedom House.

Popular BVI-based VPN provider:

 

VPN Jurisdiction: Bulgaria

  • Are VPNs legal in Bulgaria? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • A member nation of both the EU and NATO, Bulgaria embraces freedom of speech and a free press but reportedly monitors citizen’s internet usage. The country’s constitution prohibits arbitrary incursions into citizens’ privacy and there are no reported government restrictions on internet access. However, Bulgaria’s intelligence services can legally access digital data related to cyber crimes and serious national security threats, having the ability to request such data from VPN providers even without court authorization.

Sources:
Internet Censorship and Surveillance per Country: Bulgaria. Wikipedia

Popular Bulgarian-based VPN provider:

 

VPN Jurisdiction: Canada

  • Are VPNs legal in Canada? Yes
  • Five Eyes Alliance member
  • Canada consistently ranks in the top ten happiest countries in the world and is among the freest territories on the planet. However, it adopts comparatively stricter policies on issues such as net neutrality, data retention, and surveillance. Some government- sanctioned ISPs are authorized to block access to certain sites such as those related to child pornography. As a Five Eyes alliance member, Canada also implements a legal framework that empowers its intelligence agencies to access and share electronic data with other member nations in certain situations.

Sources:
Freedom on the Net 2017 Country Profile: Canada. Freedom House.

Popular Canadian-based VPN providers:

 

VPN Jurisdiction: Cayman Islands

  • Are VPNs legal in the Cayman Islands? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Like the British Virgin Islands, the Cayman Islands is an autonomous territory in the Caribbean Sea associated with the British constitutional monarchy. The Cayman Islands also has its own legislation and policies governing privacy and electronic data. The territory passed a comprehensive Data Protection Law in 2017 that reflects many of the principles underlying EU’s General Data Protection Regulation (GDPR), a legal framework strongly safeguarding privacy and consumer data.

Sources:
Cayman Islands Seek to Supplement Its Data Protection Law. Lexology.

Popular Cayman-based VPN provider:

 

VPN Jurisdiction: China

  • Are VPNs legal in China? Not all. Only government-approved VPNs are allowed to operate.
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • While running the planet’s second-biggest economy and pioneering many innovations in IT, China remains a repressive regime when it comes to what its citizens can access and use online. This long-standing policy led to the spread of the internet meme “The Great Firewall of China.” For purposes of personal safety and to mitigate liability, consider VPNs illegal. The only legal cross-border private networks are those that can be leased from or duly approved by government agencies. Any person in the country who gets caught using any other type of VPN will be apprehended and fined up to a few thousand dollars.
  • Many popular VPNs have been blocked by the government. Turbo VPN is among the few based in the country that still operates but glitches, warning notices, and other usage issues have been reported. If you can take the risk, consider using offshore VPN providers instead.

Sources:
Freedom on the Net 2017 Country Profile: China. Freedom House.

Country Profile: China. Open Net Initiative.
Internet Censorship and Surveillance per Country: China. Wikipedia.

 

VPN Jurisdiction: Czech Republic

  • Are VPNs legal in the Czech Republic? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • The Czech Republic is a high-income market economy, considered among the freest, safest, and most egalitarian countries in the world. Its citizens are also among the least restricted internet users on the planet. Freedom of speech and of the press are safeguarded, with the law prohibiting arbitrary interference on privacy, family, or home. However, exceptions apply against hate speech, Holocaust denial, and websites promoting child pornography and racist content. Based on reports, the government has been initiating moves to gain more control over Internet activity using a proposed but currently unpopular ID system.

Sources:
Internet Censorship and Surveillance per Country: Czech Republic. Wikipedia.

Popular Czech Republic-based VPN provider:

 

VPN Jurisdiction: Denmark

  • Are VPNs legal in Denmark? Yes
  • Nine Eyes Alliance member
  • As part of EU, Denmark implements the sweeping privacy standards of GDPR and remains one of the freest jurisdictions when it comes to online access. However, the country is known for drafting and promulgating laws that make it easier for the state to control access to or filter certain websites. To date, the country has already censored more than 3,000 websites including those that promote child pornography, facilitate digital piracy, and sell regulated drugs. Its membership to the Nine Eyes alliance also binds Denmark to share electronic data with other member countries in certain situations.
  • While Denmark has the legal authority to restrict online access, VPN use remains legal.

Sources:
Regional Overview: Nordic Countries. Open Net Initiative.

Internet Censorship and Surveillance per Country: Denmark. Wikipedia.

 

VPN Jurisdiction: Finland

  • Are VPNs legal in Finland? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Finland is among the most prosperous countries in the world and its citizens – who consistently rank among the happiest – can access considerable social safety nets. Democracy, republicanism, human rights, and equality encapsulate the socio-political history of Finland which was the first country in the world to grant all its adult citizens the right to run for public office. While its citizens enjoy considerable freedom, however, Finland is known for filtering or attempting to restrict access to unwanted websites (child pornography, piracy, gambling, etc.). The government has been reported to have wrongfully censored non-malicious sites in the process.

Sources:
Internet Censorship and Surveillance per Country: Finland. Wikipedia.

Regional Overview: Nordic Countries. Open Net Initiative.

Popular Finland-based VPN provider:

 

VPN Jurisdiction: Germany

  • Are VPNs legal in Germany? Yes
  • 14 Eyes Alliance member
  • Germany strongly supports people’s right to privacy and is a driving force in the enactment and implementation of GDPR. While having long established a comparatively free online environment for its citizens, Germany has not escaped criticism for some of its actions viewed by many as attempts to censor the Internet to protect minors, eradicate hate speech, suppress fake news, and curb terror-related extremism. Proposals have been filed to enable the state to monitor social media sites.
  • Even amid these issues, it is perfectly legal to use VPN in Germany.

Sources:
Freedom on the Net 2017 Country Profile: Germany. Freedom House.

Country Profile: Germany. Open Net Initiative.
Are VPNs Legal In Your Country? TheBestVPN.
Internet Censorship and Surveillance per Country: Germany. Wikipedia.

Popular Germany-based VPN providers:

 

VPN Jurisdiction: Gibraltar

  • Are VPNs legal in Gibraltar? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Gibraltar is an autonomous British overseas territory that governs its internal affairs via an elected parliament. In matters of defence, foreign policy, and security, however, the UK – represented by a governor – assumes decision-making and executive powers. This means that in certain circumstances, British intelligence agencies may have the authority to monitor the Gibraltarians’ online activities. As part of Europe, the island territory is also subject to GDPR which provides strong protections for privacy and personal data.
  • You can use VPNs legally in Gibraltar.

Sources:
Jurisdiction snapshot: Data Security & Cybercrime | Gibraltar. Lexology.

Popular Gibraltar-based VPN providers:

 

VPN Jurisdiction: Hong Kong

  • Are VPNs legal in Hong Kong? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • As a Special Administrative Region (SAR) of China, Hong Kong enjoys a high degree of autonomy, with the territory’s Basic Law outlining residents’ rights to privacy, association, and freedom of expression. Compared to their compatriots in the mainland, Hong Kong residents are not hindered by the notorious Great Firewall of China and they can access virtually any site on the Web, even those that advocate positions that differ from the official party line of the ruling Chinese Communist Party. There is minimal censorship beyond legislation that penalizes digital piracy, pornography, and other crimes. However, government agencies do monitor Internet use, with some activists claiming their emails and other online activities are being surveilled.
  • In recent years, the territory has been under increasing threat of greater interference and control from Beijing. The advocacy group Freedom House downgraded the territory’s internet freedom status from “free” to just “partly free.” Nonetheless, VPN use is still considered legal in Hong Kong.

Sources:
Country Profile: China including Hong Kong. Open Net Initiative.

Internet censorship in Hong Kong. Wikipedia.
Freedom in the World 2017. Freedom House.

Popular Hong Kong-based VPN providers:

 

VPN Jurisdiction: Israel

  • Are VPNs legal in Israel? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Israel is a representative democracy in the Middle East with an advanced economy and one of the highest living standards in the region. The government generally seeks to maintain a free online environment and rarely attempts to interfere with or censor internet activity. However, legislation enabling the government to fight crime more effectively by blocking certain websites has been recently introduced. Previously, a few sites and hateful posts on social media have been blocked.
  • VPN use in Israel is legal.

Sources:
Internet Censorship and Surveillance per Country: Israel. Wikipedia.

Are VPNs Legal In Your Country? TheBestVPN.
Country Profile: Israel. Open Net Initiative.

Popular Israel-based VPN provider:

 

VPN Jurisdiction: Italy

  • Are VPNs legal in Italy? Yes
  • 14 Eyes Alliance member
  • The Italian constitution guarantees press freedom. The country, however, has censored many mass media materials over the years for largely socio-cultural reasons. Italy has also restricted access to around 7,000 websites including those that promote child pornography, gambling, hate, and intellectual copyright infringement. Following terror attacks in other European countries, measures that limit wi-fi access have been initiated to counter the threat. Currently, the state legislature is drafting laws that further strengthen the government’s ability to censor and monitor online access and content. Despite these restrictions, general internet usage in Italy can still be considered free.
  • Using VPN is legal.

Sources:
Internet Censorship and Surveillance per Country: Italy. Wikipedia.

Are VPNs Legal In Your Country? TheBestVPN.
Country Profile: Italy. Open Net Initiative.

Popular Italy-based VPN provider:

 

VPN Jurisdiction: Japan

  • Are VPNs legal in Japan? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Freedom of speech and of the press are protected under Japanese law, with government adhering to its principles in practice. There are no notable restrictions on internet access (penetration rate is at 90%) nor overt censure of online content. Instead, ISPs adopt self-censorship in filtering pornographic and “immoral” materials.
  • Virtual private networks such as University of Tsukuba’s VPN Gate are completely legal to use.

Sources:
Freedom on the Net 2017 Country Profile: Japan. Freedom House.

Are VPNs Legal In Your Country? TheBestVPN.
Internet Censorship and Surveillance per Country: Japan. Wikipedia.

Popular Japan-based VPN provider:

  • VPN Gate

VPN Jurisdiction: Malaysia

  • Are VPNs legal in Malaysia? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Malaysia’s internet climate has been promising until corruption scandals associated with key political figures triggered a wave of censorship, clampdowns on websites, and arrests of bloggers and internet users critical of the government or espousing controversial views. Freedom House rates the country’s internet status as “partly free” while it is listed by Reporters Without Borders (RWB) as “under surveillance.” With a recent election toppling politicians associated with the corruption scandal, a return to a freer internet might be on the horizon.
  • Normally, the government refrains from censoring online content, upholds internet users’ civil liberties, and enforces no mandatory data retention laws.

Sources:
Internet Censorship and Surveillance per Country: Malaysia. Wikipedia.

Freedom on the Net 2017 Country Profile: Malaysia. Freedom House.
Country Profile: Malaysia. Open Net Initiative.
World Press Freedom Index: Malaysia. Reporters Without Borders.

Popular Malaysia-based VPN provider:

 

VPN Jurisdiction: Moldova

  • Are VPNs legal in Moldova? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Moldovans generally enjoy unrestricted internet access but notable legislation and government action prompted the OpenNet Initiative (ONI) to classify the country’s web openness as “selective” when it comes to online political content. Industry stakeholders believe a new bill introduced by the government grants it more power to censor the internet. Authorized to monitor the internet and collect information related to unlawful activities, state agencies have directly interfered with internet access to stem dissent.
  • Even amid government’s selective surveillance, access to the internet can still be considered unfettered.

Sources:
Are VPNs Legal In Your Country?
TheBestVPN.
Country Profile: Moldova. Open Net Initiative.
Internet Censorship and Surveillance per Country: Moldova. Wikipedia.

Popular Moldova-based VPN provider:

 

VPN Jurisdiction: Netherlands

  • Are VPNs legal in the Netherlands? Yes
  • Nine Eyes Alliance member
  • Residents of the Netherlands enjoy one of freest internet systems in the world, with virtually no government censorship of online content nor restrictions on internet access (with the notable exception of Pirate Bay, access to which has been blocked as ordered by the Dutch Court in 2017). The Netherlands is also a member of the Nine Eyes Alliance which establishes an intelligence-sharing framework where members can cooperate to circumvent local laws related to gathering and sharing of electronic data.
  • VPN use is completely legal in the country.

Sources:
Internet Censorship and Surveillance per Country: Netherlands. Wikipedia.

Popular Nethelands-based VPN provider:

VPN Jurisdiction: Norway

  • Are VPNs legal in Norway? Yes
  • Nine Eyes Alliance member
  • Norway has one of the world’s most open environments when it comes to media and freedom of expression. The right of the public to access government information is guaranteed by the constitution. Internet penetration is also among the highest at around 97% in 2017. There are no government restrictions and censorship, with major ISPs volunteering to use DNS filters that block child pornography sites.
  • VPN use is completely legal in Norway.

Sources:
Regional Overview: Nordic Countries. Open Net Initiative.

Internet Censorship and Surveillance per Country: Norway. Wikipedia.

Popular Norway-based VPN provider:

 

VPN Jurisdiction: Panama

  • Are VPNs legal in Panama? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Panama’s constitution safeguards the freedoms of expression, association, and the press. Arbitrary interference with privacy, correspondence, family, or home is prohibited. However, corruption remains a challenge that often leads to government attempts to repress criticism of public officials and to cut off mobile and internet access in some volatile areas. Wiretaps related to criminal prosecution requires judicial oversight and incidence of email monitoring have been reported. Amid these exceptions, Panamanians still generally enjoy unhindered access to the internet.
  • Panama residents can legally use VPNs.

Sources:
Internet Censorship and Surveillance per Country: Panama. Wikipedia.

Popular Panama-based VPN provider:

 

VPN Jurisdiction: Romania

  • Are VPNs legal in Romania? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Romanians enjoy relatively unrestricted access to the internet with the exception of sites related to gambling, pornography, and paedophilia that have been blocked or filtered by the government. Many observers claim that laws aimed at curbing gambling websites may be abused to censor citizen’s online activities.
  • The use of VPNs is legal in Romania.

Sources:
Are VPNs Legal In Your Country?
TheBestVPN.
Internet Censorship and Surveillance per Country: Romania. Wikipedia.

Popular Romania-based VPN providers:

 

VPN Jurisdiction: Russia

  • Are VPNs legal in Russia? Not all. Only government-sanctioned VPNs allowed.
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Given its recent track record of filtering mass media materials, surveilling citizens, and leaning further towards authoritarian tendencies, Russia understandably receives less-than-ideal scores from rating organizations. Freedom House gives the country a “not free” rating on internet freedom in 2017 while Reporters Without Borders (RWB) lists Russia as an “internet enemy” in 2014. The Russian government also actively participates in shaping public opinion in cyberspace using mass information campaigns. Moreover, a blacklist of internet sites including those on child pornography, prohibited drugs, and extremist content was implemented in 2012 amid widespread criticism. The professional networking site LinkedIn has been blocked in Russia since late 2016.
  • As of November 2017, residents in Russia can only use government-sanctioned VPNs allegedly to prevent the spread of extremist materials and unlawful content. The penalty for non-compliance was set at around US$5,100 for the user and US$12,000 for the service provider.

Sources:
Freedom on the Net 2017 Country Profile: Russia. Freedom House.

Country Profile: Russia. Open Net Initiative.

Popular Russia-based VPN provider:

 

VPN Jurisdiction: San Marino

  • Are VPNs legal in San Marino? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • San Marino is a republic that safeguards its citizens’ full internet rights and does not impose censorship on online content. All independent observers rate the country’s media and internet systems as “free.”
  • Not surprisingly, VPN use is completely legal in San Marino.

Sources:
Are VPNs Legal In Your Country?
TheBestVPN.

Popular San Marion-based VPN provider:

 

VPN Jurisdiction: Seychelles

  • Are VPNs legal in Seychelles? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Seychelles is a sovereign state in the Indian Ocean composed of dozens of islands and characterized by an unusually high Human Development Index (HDI) for an African country. However, it also faces long-standing problems of unequal wealth distribution, corruption, drug trafficking, and money laundering. Internet usage in the country is generally unfettered but occasional access restrictions occur due to an extreme case of partisan politics. There are strict defamation laws in place.
  • VPN use is legal.

Sources:
2016 Country Reports on Human Rights Practices: Seychelles. The US State Department.

The 2018 World Press Freedom Index: Seychelles. Reporters Without Borders.

Popular Seychelles-based VPN providers:

 

VPN Jurisdiction: Singapore

  • Are VPNs legal in Singapore? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • While a prosperous and technologically advanced nation in South East Asia, Singapore implements a less open internet environment compared to those of similarly affluent countries. To suppress political dissent, the government actively censors internet content and even shuts down websites that are highly critical of public policies. Due to its well-documented stance and actions on press freedom and the freedom of expression, Singapore earns only a “partly free” rating from Freedom House. The government uses licensing controls and legal tactics to regulate internet access and to curb unwanted online content and activities. State authorities maintain a list of blocked websites that are inaccessible within the territory.
  • Despite aforementioned restrictions, VPN use is legal in Singapore.

Sources:
Freedom on the Net 2017 Country Profile: Singapore. Freedom House.

Internet Censorship and Surveillance per Country: Singapore. Wikipedia.
Country Profile: Singapore. Open Net Initiative.

Popular Singapore-based VPN provider:

 

VPN Jurisdiction: Slovakia

  • Are VPNs legal in Slovakia? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Slovakia’s constitution safeguards the freedoms of speech and the press. However, media outlets occasionally experience political pressure. Even if the government’s relations with journalists is, Slovakia still earns a “free” rating from the Freedom House primarily due to the state’s minimal to zero interference in citizens’ internet access. With the exception of sites spreading hate speech, state authorities do not monitor emails, online chat rooms, and other activities without judicial oversight.
  • Using virtual private networks is legal.

Sources:
Freedom in the World 2017: Slovakia. Freedom House.

Internet Censorship and Surveillance per Country: Slovakia. Wikipedia.

Popular Slovakia-based VPN provider:

VPN Jurisdiction: South Korea

  • Are VPNs legal in South Korea? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • South Korea is among the most technologically and economically advanced countries in the world. The country’s internet landscape is innovative and thriving even amid restrictions on content that undermines the country’s “traditional values,” offends public morality, or threatens national security. The government is known for censoring, monitoring, and blocking such online content and activity. Reports of systematic manipulation of online discussions have also been documented. Service providers that break internet policies face fines of up to US$18,000.
  • VPN use is completely legal.

Sources:
Freedom on the Net 2017 Country Profile: South Korea. Freedom House.

Internet Censorship and Surveillance per Country: South Korea. Wikipedia.
Country Profile: South Korea. Open Net Initiative.

 

VPN Jurisdiction: Sweden

  • Are VPNs legal in Sweden? Yes
  • Nine Eyes Alliance member
  • Sweden is an affluent European monarchy with a parliamentary form of government. The country’s constitution guarantees civil liberties and prohibits arbitrary interference on privacy, correspondence, home and family. The government strongly respects these rights, establishing one of the freest socio-political environments in the world. The law requires intelligence agencies to obtain court permission before monitoring cross-border online traffic to combat national security threats. With the exception of blocking Pirate Bay, the state does not interfere with citizen’s access to the internet.
  • VPN use is completely legal.

Sources:
Regional Overview: Nordic Countries. Open Net Initiative.

Internet Censorship and Surveillance per Country: Sweden. Wikipedia.
Freedom in the World 2018: Sweden. Freedom House.

Popular Sweden-based VPN providers:

 

VPN Jurisdiction: Switzerland

  • Are VPNs legal in Switzerland? Yes
  • Non-member to Five-, Nine-, 14 Eyes alliances
  • Founded in 1300, Switzerland is a federal republic whose constitution guarantees freedoms of speech and of the press while penalizing discrimination, hate speech, and breach of privacy. The government does not restrict its citizens’ access to the internet nor does it monitor email or chat rooms without judicial oversight. However, nearly 70% of its citizens voted in a referendum in support of a bill enabling the state to legally surveil its citizens’ online activities. Even then, no incidence of abuse of authority has been reported.
  • VPN use is completely legal in Switzerland.

Sources:
Internet Censorship and Surveillance per Country: Switzerland. Wikipedia.

Freedom in the World 2017: Switzerland. Freedom House.

Popular Switzerland-based VPN providers:

 

VPN Jurisdiction: United Kingdom

  • Are VPNs legal in the United Kingdom? Yes
  • Founding member of the Five, Nine, and 14 Eyes Alliances
  • The United Kingdom (UK) is a constitutional monarchy that has adopted democratic values through a parliamentary form of government. The UK implements strong safeguards for civil liberties, freedom of expression, privacy, and political rights. However, it also sanctions surveillance activities on residents, an example of which is the Investigatory Powers Act that authorizes state agencies to monitor any online activity. It has taken surveillance and police measures to combat child abuse and terrorism. The Freedom House rates the UK as “free” when it comes to internet freedoms while Reporters Without Borders list it as an “Internet Enemy.”
  • While using VPN is legal, VPN companies based in the UK may be subject to the same data retention laws applicable to internet service providers. The UK has also reportedly blocked some VPNs.

Sources:
Country Profile: United Kingdom. Open Net Initiative.

Internet Censorship and Surveillance per Country: United Kingdom. Wikipedia.
Freedom on the Net 2017 Country Profile: United Kingdom. Freedom House.

Popular UK-based VPN providers:

 

VPN Jurisdiction: United States of America

  • Are VPNs legal in the United States of America? Yes
  • Founding member of the Five, Nine, and 14 Eyes Alliances
  • The United States of America is known for its staunch support for human rights, civil liberties, privacy, and freedoms of speech and of the press. However, the country – which functions as a federal republic – has been involved in controversies concerning internet use and regulation. While the state does not actively censor online content, there have been reports that its intelligence agencies have been monitoring ISPs. Furthermore, recently introduced laws grant more legal space for ISP monitoring. Freedom House rates the country’s internet policies and actions as “free” while Reporters Without Borders listed the US in 2014 as an “Internet Enemy.”
  • VPN use is completely legal. The US arguably hosts the world’s largest number of VPN service providers.

Sources:
Freedom on the Net 2017 Country Profile: United States. Freedom House.

Regional Overview: United States & Canada. Open Net Initiative.
Internet Censorship and Surveillance per Country: United States. Wikipedia.
2018 World Press Freedom Index: United States. Reporters Without Borders.

Popular USA-based VPN providers:

 

Cyber Security Statistics

John Mason

John Mason

I’ve updated these statistics to reflect 2017 and 2018. If you want to point out any corrections, let me know.

cyber security stats and factsCyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind and that they are bigger than threats from nuclear weapons.

We have compiled a list of relevant cyber-security statistics for you as we head into 2018:

1. In 2016, the U.S government spent a whopping $28 billion on cyber-security – and this is expected to increase in 2017 – 2018.

TwitterClick to tweet

For perspective, just nine years ago, in 2007, the U.S government spent $7.5 billion to combat malicious cyber attacks. While that’s measly compared to the 2016 cyber security spend of $28 billion (a whopping 373 percent increase from that of 2007), $7.5 billion is no small change — that amount, even though it was spent by the U.S on cyber security in 2007, is bigger than the total budgets of many countries even in 2017 [1].

2. According to Microsoft, the potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.

fact number 2

Now, that’s a lot of money. But this can easily be fixed once we get a few facts right: 1) about 63 percent of all network intrusions and data breaches are due to compromised user credentials, so taking measures to protect your credentials (using a good VPN) should give you an added layer of protection. 2) An attacker spends about 146 days within a network before being detected — that’s quite a lot of time. Knowing this, regular measures could be taken to audit a network and ensure its security [2].

3. According to data from Juniper Research, the average cost of a data breach will exceed $150 million by 2020 — and by 2019, cybercrime will cost businesses over $2 trillion — a four-fold increase from 2015.

We were still gasping at the cost of $3.8 million Microsoft said a data breach costs the average company. However, data from Juniper Research shows this amount will increase by a massive 3,947 percent to over $150 million by 2020 [3]. As your company grows, and as the Internet continues to develop at a massive pace, it might be a good idea to increase the percentage of your budget that goes towards security.

4. Ransomware attacks increased by 36 percent in 2017.

TwitterClick to tweet

Research from Symantec shows that Ransomware attacks worldwide increased by 36 percent in 2017 — with more than 100 new malware families introduced by hackers. More interestingly, though, is that people, especially Americans, are willing to pay. 64 percent of Americans are willing to pay a ransom after becoming victims of ransomware attacks, compared to 34 percent of people globally [4].

5. The average amount demanded after a ransomware attack is $1,077.

TwitterClick to tweet

This is an increase of about 266 percent. Naturally, seeing that more people are willing to pay a ransom considering how reliant on the Internet their activities are, hackers are upping their stakes and demanding significantly more. We can only expect this to increase as ransomware attacks increase in 2018 [4].

6. 1 in 131 emails contains a malware.

fact number 6

TwitterClick to tweet

Emails are now being increasingly used by hackers, and an estimated one in every 131 emails contain a malware. This is the highest rate in about five years, and it is further expected to increase as hackers attempt to use malware like ransomware to generate money from unsuspecting people [4].

7. In 2017, 6.5 percent of people are victims of identity fraud — resulting in fraudsters defrauding people of about $16 billion.

This data is based on a comprehensive study by Javelin Strategy & Research, involving 69,000 respondents who have been surveyed since 2003. The research revealed that the victims of identity fraud in the U.S increased to 15.4 million in 2016, an increase of 2 million people from the previous year [5].

8. 43 percent of cyber attacks are aimed at small businesses.

TwitterClick to tweet

While we’ve been reading a lot in the media about major companies like Target, eBay, Yahoo and Sony being hacked, small companies are not immune. As it is today, at least 43 percent of cyber attacks against businesses are targeted at small companies, and this number will only keep increasing. [6]

9. Unfilled cyber security jobs are expected to reach 3.5 million by 2021 — compared to about 1 million in 2016.

TwitterClick to tweet

While this might not seem like much, it is worth paying attention to: the projected increase in the number of cyber security-related jobs is proportional to a projected increase in cybercrime, and a more than 200 percent increase [7] means we can expect cybercrime to increase by at least that much by 2021.

10. According to billionaire investor Warren Buffett, cyber attacks is the BIGGEST threat to mankind — even more of a bigger threat than nuclear weapons.

TwitterClick to tweet

Now, this isn’t exactly a “statistic.” However, Buffett has an astute mind, and his statement [8] isn’t exactly without logic. From influencing elections in powerful nations to crippling entire corporations, cyber warfare is seeming to be much of a bigger threat than many have anticipated — and if the threat it poses will only increase as experts have predicted, then it’s worth taking note of this wise man’s saying.

11. 230,000 new malware samples are produced every day — and this is predicted to only keep growing.

fact number 11

This is according to research from Panda Security, estimating Trojans to be the main source of malware — being responsible for about 51.45 percent of all malware [9].

12. China is the country with the highest number of malware-infected computers in the world.

TwitterClick to tweet

According to research from Panda Security, an estimated 57.24 percent of all computers in China are infected by malware. The runner-up is Taiwan, with 49.15 percent of all computers infected… and followed by Turkey with 42.52 percent of all computers infected [9].

13. More than 4,000 ransomware attacks occur every day.

TwitterClick to tweet

This is according to data from the FBI [10]. That’s a 300 percent increase in ransomware attacks compared to 2015, and it is projected to only keep increasing as hackers continue to choose ransomware as their preferred method of attack.

14. 78 percent of people claim to know the risks that come with clicking unknown links in emails and yet still click these links.

Fact number 14

According to data from a researcher from the Erlangen-Nuremberg University, while many people claim to be aware of the risks of unknown links in emails, a good portion of them still click unknown links in emails [11].

15. 90 percent of hackers cover their tracks by using encryption.

Hackers are also wisening up to the use of encryption techniques like VPNs, and they are now more effectively covering their tracks — making it much easier to arrest them. The most effective method to combat cyber attacks as hackers get more sophisticated is by using the right preventative methods. It’s getting more and more difficult to catch them [12].

16. It takes most business about 197 days to detect a breach on their network.

TwitterClick to tweet

That’s more than six months! Many businesses have been breached and still have no idea, and as hackers get more sophisticated it will only take businesses even longer to realize that they have been compromised [13].

17. Android is the second most targeted platform by hackers after Windows.

TwitterClick to tweet

The number of malware targeting Android devices is increasing rapidly — and an estimated 98 percent of mobile malware target Android [14]. Hackers aren’t just limiting themselves to desktop computers, they are also targeting mobile devices — as we continue to use mobile devices for even more important activities and financial transactions, the cyber attacks will only increase.

18. 81 percent of data breach victims do not have a system in place to self-detect data breaches.

fact number 18

Instead, many of them rely on notification from third parties to let them know about a data breach on their network — this significantly increases the time it takes to fix a breach from 14.5 days if they had self-detected it to about 154 days if it were detected by an external party [15].

19. 95 percent of Americans are concerned about how companies use their data.

TwitterClick to tweet

A lot of Americans are concerned about how companies use their data [16]. This is understandable considering the number of high-profile cases of data abuse that have made the news in recent times. However, why worry unnecessarily when you could simply cover your tracks and completely encrypt your data by using a reliable VPN service?

20. The two most important reason people use VPNs is to browse anonymously and to unlock better entertainment content: 31 percent of people use VPNs mainly to browse anonymously, while 30 percent of people use VPNs to unlock content.

The number one reason why people use VPNs is to access the internet anonymously, with 31 percent of people citing this as their reason for using VPNs. The second major reason is to unlock sites that they wouldn’t have otherwise been able to unlock — like Netflix and the Apple Store — with 30 percent of people citing this as the main reason they use VPNs [17].

21. 42 percent of VPN users use a VPN at least 4 to 5 times a week — with most of them using it every day.

Indonesia is the country with the highest VPN usage — 41 percent of all Internet users in Indonesia use a VPN. This is followed by Thailand where 39 percent of all Internet users use a VPN, and the UAE, Turkey, Brazil and Saudi Arabia where 36 percent of Internet users use a VPN [18].

Cyber Security

With a substantial increase in Internet access, concerns around Cyber Security are particularly prominent. This growth in concern is, of course, fuelled by the dramatic increase in online fraud and hacking. Emails have become a particularly popular delivery method for online criminals, with an incredible 1 in 131 emails containing malware.

Ransomware – the malicious software that locks personal and business computers until a ransom is paid – has seen a substantial increase over the last 12 months, rising 36% globally in the last year:

  • The average amount demanded by a ransomware attack is $1,077, an increase of 266% on the previous year.
  • Research from Symantec suggests that 34% of people globally are willing to pay a ransom to get their data back – increasing to 64% for Americans.
  • The FBI suggests there are more than 4,000 ransomware attacks globally every day.
growth of ransomware

Identity fraud has also seen a significant rise, particularly in developed countries like the United States and the UK. In 2016, 6.15% of consumers became victims of identity fraud, with the costs associated with also increasing. In 2017, the total amount of losses due to identity fraud in the US reached $16 billion.

Data Breach Cost

Fears around security are notably prevalent among businesses, many of whom are responsible for huge swathes of customer data. Looking at the associated costs, it’s easy to see why businesses are so concerned:

  • A single data breach will cost the average company $3.8 million.
  • Juniper Research suggests that this will exceed $150 million by 2020.

data breach cost

The impact on affected businesses is also cause for significant concern, with 60% of small companies going out of business within six months of an attack. Given the potential sums available to cyber criminals, they remain an appealing target.

As with attacks against private citizens, email remains a popular delivery method for malware and phishing:

  • Business Email Compromise (BEC) scams targeted over 400 businesses per day last year, draining $3 million over the last 3 years.
  • 43% of cyber-attacks target small businesses.
business a major target

While cyber crime is a global problem, some regions are seeing significantly higher levels of infection:

Most infected countries Least infected countries
China: 57.2% of computers infected Finland – 20.32% of computers infected
Taiwan: 49.15% of computers infected Norway – 20.51% of computers infected
Turkey: 42.52% of computers infected Sweden – 20.8% of computers infected
regional levels of infection
Sources

  1. http://www.taxpayer.net/library/article/cyberspending-database
  2. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics
  3. https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion
  4. https://www.symantec.com/security-center/threat-report
  5. https://www.javelinstrategy.com/press-release/identity-fraud-hits-record-high-154-million-us-victims-2016-16-percent-according-new
  6. https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html
  7. https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html
  8. http://www.businessinsider.com/warren-buffett-cybersecurity-berkshire-hathaway-meeting-2017-5
  9. https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/
  10. https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view
  11. http://www.businessinsider.com/expert-phishing-emails-2016-8?IR=T
  12. https://www.venafi.com/assets/pdf/wp/Venafi_2016CIO_SurveyReport.pdf
  13. http://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/
  14. https://www.computerworld.com/article/2475964/mobile-security/98–of-mobile-malware-targets-android-platform.html
  15. https://swimlane.com/10-hard-hitting-cyber-security-statistics/
  16. https://www.esecurityplanet.com/network-security/over-80-percent-of-americans-are-more-worried-about-privacy-security-than-a-year-ago.html
  17. https://www.comparitech.com/vpn/vpn-statistics/
  18. https://www.techinasia.com/indonesia-world-leader-vpn-usage

The Best Alternatives to DNSCrypt

Dann Albright

Dann Albright

Taking steps to hide your internet traffic from prying eyes is something that we’re passionate about here. Which is why we feel like we should warn you: there’s a potential vulnerability hiding in plain sight. Your DNS queries might be unencrypted.

If you have no idea what this means, don’t worry; we’ll explain it for you. And if you do know what this means, you probably know about DNSCrypt. But DNSCrypt.org is no longer working, and it might be time to find an alternative.

Let’s start with the basics, and then we’ll get to our recommendations.

Why Your DNS Queries Should Be Encrypted

DNS stands for “domain name system,” and it servers a bit like the internet’s phone book. When you type a URL into your browser, like www.thebestvpn.com, your computer gets in touch with a DNS server, and the server sends an IP address back. The IP address is the actual location of the site.

Once your computer has the IP address, it can connect to the server where the site is hosted. All of this happens in the background, and you might not even knows it’s happening.

There’s a problem, though: your query to the domain name server might be unencrypted. And if it is, someone snooping on your web traffic might be able to see the sites you’re going to, even if you’re using HTTPS or a VPN.

They won’t be able to see what you type into the site, or what you do there, but just knowing which site you’re going to could be enough to make you a bit less secure. Remember the big controversy over the NSA collecting cell phone metadata? This is sort of like that. No one can see what you’re doing on those websites, but they can still see which sites you’re going to. And that’s enough to make a lot of people (including us) uncomfortable.

If you’re worried about government surveillance, you definitely don’t want your DNS queries unencrypted.

In addition to security problems, it can also be cause for concern about privacy. If you’re using your ISP’s DNS server, they’ll know which sites you’re going to. And if they’re under national jurisdiction — or you’re in the US, where that information could be sold to advertisers — that’s a violation of your privacy.

Many people use Google’s DNS servers because they’re very fast. But that’s another potential privacy concern, as Google is always collecting as much information as possible about every user they can. And while they state that they don’t keep permanent records of DNS queries or match your DNS queries to personally identifiable information, the fact remains that they’re out to make money. And if they can use your DNS traffic to do it, they will.

These are all reason why unencrypted DNS queries are bad. It’s time to start encrypting your DNS traffic.

Do VPNs Protect DNS Queries? What About HTTPS?

You’d think that using a VPN would protect all of your DNS queries. In many cases, you’re right. But that’s not always the case. Some VPNs, when confronted with certain situations, will send your DNS queries along normal lines of communication — which means they’re probably going to your ISP. And you won’t even know it’s happening.

So the answer is “yes . . . most of the time.” The best VPNs out there have DNS leak protection, and it works well. But if you’re using another VPN or you have this particular feature turned off, you could be exposed to data collection or snooping.

We always recommend VPNs with DNS leak protection, which stops this behavior before it can become a problem.

And if you’re not using a VPN, your DNS queries are definitely unencrypted, even if you use HTTPS. The secure version of HTTP encrypts all of the information that you send to sites. So no one can see what you’re doing on the site, the password you used to access it, or which pages you go to. But an unencrypted DNS query allows snoopers to see which sites you’re making requests to.

HTTPS is a great security feature — and we strongly recommend using it at all times to protect your online privacy. But it still leaves you open to DNS query surveillance, and that’s something a lot of people don’t realize.

The Best Alternatives to DNSCrypt

DNSCrypt is a protocol that encrypts your DNS requests, and it’s long been one of the most popular options. It encrypts your queries to the OpenDNS servers, which are maintained by Cisco. But DNSCrypt.org was taken offline at the end of 2017, as its creator stated that he no longer uses it.

A group called Dyne.org has taken over maintenance of DNSCrypt-Proxy, an interface for using the protocol, but has committed only to patching bugs, and not further developing the technology. The proxy will be available for the foreseeable future, but there’s no telling what the future holds for the app.

You can also still get DNSCrypt directly from Cisco, but it’s not going to do you any good if you’re not using their DNS servers.

While DNSCrypt is certainly one of the more robust options, there are others. Here are four choices you have when you want to encrypt your DNS traffic.

1. Use a VPN with DNS Leak Protection

This is the simplest alternative to DNSCrypt. You should be using a VPN anyway, and all you need to do is make sure that the one you’re using has DNS leak protection.

These VPNs — including two of our favorites, ExpressVPN and NordVPN — prevent your computer from routing DNS requests outside of the VPN.

Both of these services run their own DNS servers, so all of your DNS queries are routed through secure channels, both to and from the servers. This is the ideal situation; if your VPN has its own DNS servers, you won’t need to use those provided by your ISP (or another traffic spy, Google) and potentially reveal your browsing habits.

And that provides all the security you could need.

If you’re not sure whether your VPN is protecting your DNS traffic, we recommend using ExpressVPN’s leak test. It will tell you whether your DNS queries are visible to people who are trying to see them. If you’re not protected, it’s time to get a new VPN (and make sure to use it all the time).

ExpressVPN's DNS leak test showing an open DNS requestIn fact, you should use a leak test like this one whenever you’re working to secure your DNS traffic. They’ll let you know if your chosen solution, no matter what it is, is working.

2. Use DNS-over-TLS

Transport layer security (TLS) is a cryptographic protocol that’s used around the internet for secure data transfer. And some DNS services are now compatible with DNS queries sent over TLS. That means your requests are encrypted and safe from your ISP’s snooping.

Interestingly, the original creator of DNSCrypt-Proxy now recommends using DNS-over-TLS. This protocol is becoming more popular, but there aren’t too many options yet. Your best bet is probably Tenta, an open-source DNS project.

Tenta sends DNS requests over secure TLS

Their servers support DNS-over-TLS, and they have setup guides for using those servers on numerous systems. If you’re not using a VPN, it’s a good way to add security to your DNS requests. Of course, we always recommend that you use a VPN, as it protects more information than just your DNS queries. But if you can’t use a VPN, Tenta is a good security system to have in place.

You can also use their Android browser, which has a built-in VPN and automatically uses their secure DNS servers. The browser is only offered on the Google Play Store at the moment, but you can sign up for updates so they can let you know when they release the browser for other platforms.

At the moment, Tenta is the best choice for DNS-over-TLS. As more people realize the importance of securing their DNS traffic, and as more development goes into this protocol, we’ll have more options. Active work is taking place in this area, and it’s a good bet that we’ll see useful innovations that bring DNS-over-TLS to the masses in the near future.

3. Use DNSCurve

While not as widely supported as DNSCrypt, DNSCurve is another option for cryptographically protecting your DNS queries. Any request sent between a user and a DNS server is protected using elliptical curve cryptography, which is extremely secure; even more secure than the RSA encryption used by other security measures.

DNSCurve is an older project, and OpenDNS replaced it with DNSCrypt a while back. So it’s very difficult to tell whether or how many servers support it. There’s documentation online, but it’s not especially user-friendly.

Your best bet is to install DNSCurve, make sure you’re using the OpenDNS servers, and run a leak test. You can try it with other servers, too.

It’s not clear whether this is an effective option, but it’s one of the few alternatives to DNSCrypt that uses similar tactics. You’ll require more technical skill and understanding than you’d need for the previous options, but if you’re willing to put in the time and you want to support a system that uses very strong cryptography, DNSCurve is worth looking into.

4. Stick with DNSCrypt-Proxy 2

This isn’t really an alternative, but it’s an important option to mention. The future of DNSCrypt is unclear, but you can still download clients that use the specification. DNSCrypt-Proxy is one of the best options available, and the second version is actively maintained.

DNSCrypt can still protect your DNS traffic, but after DNSCrypt.org went down, it cast a bit of doubt on the future of the project.

Still, if you use DNSCrypt-Proxy 2 and you pass a DNS leak test, you know that your DNS queries are protected. But we’d recommend that you test regularly, in case anything changes.

The Simplest Way to Encrypt Your DNS Queries

As you can see above, using a VPN with its own DNS servers and DNS leak protection is definitely the best way to protect your DNS traffic from spying. There certainly are other solutions, but many of them are quite technical. If you have the technical literacy to implement these or other cryptographic methods, we encourage you to do so!

If you’d like to find out more about DNS privacy and what people are doing to improve it, DNSprivacy.org is a great resource. There’s lots of technical information there about the problems, potential solutions, and ongoing work in DNS privacy. You can even get involved with development and testing if you’re so inclined.

But for most people, the best way to further increase your privacy is to use a solid VPN. When we review VPNs, we look for proper DNS leak protection. If a particular VPN doesn’t have it, we’ll let you know. Our top recommendations, however, will always encrypt your DNS traffic.

And remember that you should always run a leak test with your VPN. There are lots of useful DNS leak test tools (we like ExpressVPN’s tool because it’s very easy to use), and they’ll all let you know if your DNS queries are protected. If they’re not, it’s time to tweak your settings or get a new VPN.

No matter what you decide to do, if you’re concerned about your security and privacy, you need to make sure your DNS queries are safe! It’s an easy thing to forget, but it’s also an insidious backdoor into your browsing habits.

VPN Troubleshooting

Dann Albright

Dann Albright

In this article, I’ll list out some of the common issues with VPNs and ways to fix them. Fortunately, identifying and fixing a VPN connection is quite simple. 

21 ways to speed up vpnVirtual private networks (VPNs) have a vast array of benefits, but they can also suffer from some very annoying problems. A non-functional VPN is infuriating, and a semi-functional one isn’t much better.

When your VPN is slow, won’t connect, keeps disconnecting, or crashes, there are some things you can do to fix the problem. Let’s take a look.

Jump links / Table of contents:

 

Fixing a VPN That Slows Your Internet Speed

VPNs will always make your connection slower, but they shouldn’t cause a huge drop in speed. If your connection is so slow that it’s making it difficult to browse, it’s time to take action.

1. Use a Fast, Premium VPN

If you’re on a free VPN, you’re almost certain to get pretty slow speeds on your connection. Understandably, VPN providers prioritize their paying customers. Even if they say their free VPN is as fast as their paid option, you might find that you disagree.

There are plenty of affordable VPNs with respectively high speeds, and if you haven’t upgraded to one, we highly recommend it. You may see your speeds increase immediately.

One of the most reliable VPN providers, we’ve found (out of 74 we tested) is ExpressVPN. You can read our full review of them here.

2. Change Servers

Consider changing serversThe server you use for your VPN connection can make a big difference to the connection speeds you get. The closer you are to the server you’re connecting to, the better speeds you’ll get (in almost every case). You may also get improved speeds from servers that aren’t being used as much.

Most VPN clients make it easy to change servers. Just open the client, select a new server, and confirm your selection. You can then run a speed test or continue browsing to see if the new server is running faster.

If you run a VPN through your router, the process may be more complicated, and it may differ depending on your specific VPN provider. If you remember the process you went through to set up your router VPN, you can likely access your router settings to change the server you access. If you don’t remember the process, or anything has changed, consult the user manuals for your router firmware and your VPN.

3. Change Ports

The connection between your computer and the VPN server uses a networking port on your computer. You can think of this port like you would a physical port; your computer routes traffic from the VPN server to a specific port, and traffic from other places to other ports. It helps keep traffic from various sources separated.

While you might think that every port is as fast as every other, you might be surprised to find out that occasionally changing the port your VPN is connected to will help. Some ISPs slow traffic on specific ports, and sometimes you’ll find that some ports are faster than others for no apparent reason. Try switching your VPN connection through different ports to see if any are faster.

4. Change IP Protocols

Most VPNs allow you to connect via Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). TCP is more commonly used across the internet, as it includes error correction, so if there’s a connection problem or some of the data is corrupted, the transmission is still successful, and the sending computer knows to resend anything that didn’t arrive correctly.

UDP, while not as common, is notably faster than TCP. It doesn’t provide error correction, so if something is lost in transit, it won’t resend the information. This cuts down on the time it takes to transfer information, but may also create a less-reliable connection.

Changing between these two protocols might help you achieve higher speeds, especially if you’re going from TCP to UDP. Keep an eye out for poor connection quality, though.

5. Change VPN Tunneling Protocols

change VPN protocolsWhile OpenVPN is generally considered to be the best protocol for VPN traffic, there are sometimes when you may want to use L2TP/IPSec. While it doesn’t provide as much security and doesn’t have as many features, it’s also possible that it will slip by filters that slow down OpenVPN traffic.

If you’re using the VPN for security or privacy, we don’t recommend using L2TP/IPSec if you can help it. If you’re just trying to get past region restrictions, it will work. But it won’t be as secure.

6. Disable Local Security Software

Again, this isn’t something we recommend lightly, and if you can avoid it, you should. But if your antivirus program is scanning all of the outbound packets you send, it could be slowing down your connection. Disable it temporarily to see if it speeds up your connection.

 

Fixing a VPN That Won’t Connect

When all you want to do is get on the internet without being vulnerable to surveillance, censorship, or region blocking, a VPN that won’t connect is a big pain. Here’s what you can do to fix the problem.

1. Make Sure You (and the Server) Are Online

The simplest things are the easiest to overlook. If your VPN client isn’t connecting, try opening a website without connecting through a VPN to see if your internet connection is working. If it’s not, restart your router by unplugging it for 30 seconds and plugging it back in. If your internet is still down, it may be a problem at your ISP’s end.

Check your VPN provider’s website, too, to make sure that the server you’re trying to connect to isn’t down. Every once in a while a VPN server will go offline for maintenance—or just because servers aren’t 100% reliable—and you’ll need to connect to another one or wait a while.

2. Make Sure Your Username and Password Are Correct

In many cases, your inability to connect comes from a very simple problem: you typed your password wrong. Or you entered your email address instead of your username. If you’re getting an authentication error, it’s likely related to one of these two issues.

Retype your username and password, and if that doesn’t work, try resetting your password and attempting to connect again.

3. Change Ports

Again, try connecting to the VPN through a different port. Some ISPs and networks block traffic on specific ports, and that can deny your VPN connection request.

Check your VPN’s documentation to see if it suggests or requires connections on specific ports.

4. Try Connecting on a Different Network

Sometimes the problem isn’t with you, it’s with the VPN. One of the best ways to check this is to join a different network. You can try a nearby public wifi spot, like a coffee shop or a grocery store, a friend’s wireless network, or a public hotspot.

If you find that you can connect on the other network, you’ll know that it’s something about your own that’s causing the problem. Check your wifi and internet settings to see if you can find what’s keeping you from signing in.

 

Fixing a VPN That Keeps Disconnecting

Possibly even more irritating than not being able to connect to your VPN is successfully connecting and then dropping out. Especially if it happens over and over. Here’s what to do.

1. Temporarily Disable Your Firewall

How to Turn Firewall on in Windows 10While firewalls are important security measures, they can also cause some problem with VPNs. They’ll likely slow down your connection, and if it gets slow enough, the VPN connection may simply shut down.

Firewalls, in short, scan the data going in and out of your private network where it connects to the wider internet. And if it sees something that shouldn’t be there, it’ll prevent the transmission. Some firewalls have difficulty keeping up with VPN traffic.

2. Connect to a Nearby Server

Sometimes the problem that causes you to disconnect isn’t with you, but with your VPN provider. If a server isn’t behaving normally, you might be disconnected. Try connecting to another server, preferably one close by, to see if you get a better connection.

3. Change Protocols

Sometimes certain VPN protocols will have difficulty keeping a strong connection. If you’re using OpenVPN (which we generally recommend), try connecting over L2TP/IPSec; if you’re already on L2TP, try OpenVPN. You could also try PPTP, though that’s less ideal.

Again, we recommend sticking with OpenVPN whenever you can, because it’s the most secure of these three common connection protocols. If you can only use your VPN on L2TP, that’s not a big issue, but when at all possible, use OpenVPN.

Changing from UDP to TCP (or vice versa), as discussed above, can also help.

4. Connect via Ethernet

While it’s not common, it’s possible that something at the router level of your network could be causing connection difficulties that will kick you off of the VPN. Plugging directly into the cable jack with an ethernet cable may solve the problem.

The issues often lies in a situation called “double NAT,” which can happen when you have one router behind another. This can happen if you have different routers for different devices or another router connected to your ISP-provided one.

In short, you’ll need to enable bridge mode to make two routers work together. How you make this happen will depend on your router, so you’ll need to dig into the documentation. For a quick explanation of wifi bridging, check out this introduction from Lifewire.

5. Change DNS Servers

Change DNSOccasionally, using a DNS server other than the default supplied by your VPN can help you stay connected. Many VPNs provide their own DNS services for additional privacy, but that can sometimes mess with your connection.

Each VPN will have different steps required for changing DNS servers. Many of them include options that say something like “Only use VPN DNS servers while connected.” You’ll need to turn this option off.

Using other DNS servers might make you slightly more vulnerable to DNS leaks, but if you can’t stay connected long enough to get anything done, that’s probably a tradeoff you’re willing to make.

 

Fixing VPN Software Crashes

Like any other software, your VPN client might crash. If this happens every once in a great while, it’s probably nothing to worry about. But if you’re getting crashes often, and it’s disrupting your browsing experience, you’ll want to take action.

1. Make Sure You Have the Latest Software Version

VPN providers work with developers to make sure that their software is as stable and effective as possible. If you’re not running the most current version, you might have some stability issues.

If at all possible, allow automatic updates to your VPN software. Dig into your VPN client’s settings to see if this is possible. If it’s not, be sure to check for updates regularly.

2. Close Other Apps

If you have a lot of other apps open, they can cause problems with your VPN client, especially if you’re using an older computer. Close anything that you don’t need.

3. Restart Your Computer

Sometimes turning it off and back on again actually does solve the problem. Restart your computer to make sure all updates have been applied and that erroneous processes have been killed off.

4. Reinstall the VPN Client

If worse comes to worst, delete and reinstall your VPN client.

 

Solve Problems with Your VPN Fast

If your VPN isn’t working, it’s in your best interest to solve the problem fast. It’s easy to get out of the habit of starting up your VPN every time you want to get on the internet.

But that exposes you to more surveillance and security issues. If your VPN isn’t working, troubleshoot it immediately—you’ll be glad you did.

If you’re still unable to fix your VPN connection, don’t hesitate to leave a comment and we’ll try to help!

Proxy vs VPN

Kevin Townsend

Kevin Townsend

Kevin Townsend is a writer specializing in cyber security news, views, and issues. He has worked with Wisegate and currently writes for SecurityWeek and TheBestVPN.com.

VPNs and proxy services offer some similar features, but with major differences in versatility and security. VPNs vs Proxy will explain these differences and help you make the right choice for your needs.

What is a VPN?

using vpn

A Virtual Private Network (VPN) is a simulation (hence “virtual”) of a private, local area network that extends across a public network (the internet). Local VPN client software connects you to a VPN server on the internet which then relays you, anonymously, to your required destination. Traffic going from your computer to the network is encrypted, and all of your browsing data appears to be coming from the virtual private network, rather than your personal machine.

VPNs are a boon to user privacy and security, drastically reducing the risk of your activity being traced, as well as protecting you from a variety of security threats.

VPNs come in consumer and corporate varieties. While corporate VPNs were the original form of VPN and still have an important purpose today, most discussion concerns the widely available consumer variety. Corporate VPNs are usually handled as a different subject, and are used by workers in a company to connect to the proprietary network, allowing them to see and transmit data and work remotely, for example while on a long-distance business trip. When comparing VPNs and proxies in general terms, we’re specifically talking about consumer VPNs.

Read more here: VPN Beginner’s Guide: What is a VPN

What is a Proxy?

what is a proxy

A proxy is generally much simpler and usually easier to use, though less versatile than a VPN. Using functionality included in an internet browser, a user can set their internet requests to go to an independent server first (the proxy server), which will then make all further data requests on the user’s behalf. This allows for IP addresses to be masked, adding a basic level of anonymity to internet browsing. It also obscures the user’s geolocation, since the destination server can only see the location of the proxy server.

The most common use for a consumer proxy service is to by-pass filters. Students sometimes use proxies to by-pass school blocks on particular online services. If a school firewall blocks access to social media services, it is often possible to access a proxy service and get to the desired destination.

Similarly, proxies can be used to beat certain region-locked services – so that, for example, the BBC’s iPlayer and the U.S. Hulu services can be accessed outside of their respective regions (all that would be required is a proxy server located within the relevant region). Local censorship rules can also be by-passed by using a proxy server located in a region without censorship.

Use of a proxy server is usually established within the user’s browser settings, although some come with their own client software, and some are accessed in-browser as websites. This latter form of proxy website is often very insecure or even dangerous, and is not recommended.

This article is concerned mainly with standard proxy servers, although most of the information applies to proxy services and client software as well.

Why use a proxy?

Proxies offer simple, basic privacy protection; all web traffic is first sent to the selected proxy server, which then retrieves the requested website or data and relays it back to the user. This means that any website you request only sees the IP address of the proxy server, not your own. This offers some protection against surveillance. Unless you’re specifically targeted or investigated, your traffic will remain anonymous. However, the owner of the proxy server will still have access to your data, and is likely to keep logs which can compromise your privacy in the long term.

By obscuring your IP address, proxies also help to reduce targeted advertising, as ad servers will not be able to log your personal IP address. It’s important to choose the right proxy if this is a concern, however, since some will inject their own advertisements into the pages you visit, blocking targeted advertising from one source but using their own logs of your browsing history to push targeted ads in another way.

Proxy server connections are set up from within an internet browser – Chrome, Firefox, Microsoft Edge/Internet Explorer etc – and consequently don’t require any client software like VPNs do. This makes connecting to a proxy considerably less resource-intensive than using a VPN. Without client software to download and install, there will be no impact on hard drive space either. You will still see a reduction in internet speeds as every request is relayed between you, the proxy server and the destination; but the impact to hardware performance on your own computer should be minimal.

Depending on the location of the proxy server, it will also let you access region-restricted websites and content – if a YouTube video is blocked in the US, connecting to a UK proxy server may allow you to view the video. A user in Canada, likewise, can gain access to US streaming services like Hulu by connecting to a US-based server. This may not be the ideal solution for users who need to access content from many different regions, as for each different geo-block you need to bypass, you’d need to reconfigure your settings every time to direct your traffic to an appropriately located server.

Proxies are a basic, lightweight option. They may be useful for users with severely restricted system resources, or who only need a temporary solution for certain issues and don’t need to be too stringent about security.

When using any proxy, however, the importance of finding a trustworthy server cannot be over-stressed. Remember, although you might be gaining a level of anonymity when using a proxy, the owner of the proxy server is anonymous to you as well. Any individual with access to their own server and the internet can set up as a free proxy, and this could easily be used to gather personal data from the users.

Since proxies are often free services, there will be minimum security on the server. In particular, they will almost certainly maintain logs that can be retrieved by law enforcement. Your anonymity cannot be guaranteed.

Why use a VPN?

With proxies relatively easy and cheap to set up and use compared to a VPN, they might be a tempting choice for users who are new to the issues of online privacy and anonymity. However, proxy servers only offer bare-bones functionality and can introduce as many new security issues as they solve.

In 2015, an Austria-based security researcher analyzed 443 free proxy services and servers, and found that almost 80% were unsafe or not secure, either through blocking HTTPS traffic – which leaves you more vulnerable to surveillance or attempts to steal passwords and identity – or actively modifying the HTML and JavaScript of websites visited. The latter is most likely just to inject more advertisements into the client browser, but it’s still alarming to know that many proxy servers can, and do, modify the data you receive.

While a proxy does mask your IP address, it does not provide any deep level of anonymity. Your identity is obscured only to the websites you visit; most proxy servers will still keep logs of which requests you send, making it easy to trace your traffic at a later date even if your IP is hidden at the time you visit a website. There are many VPNs available which have a no-logging policy, not only keeping your IP address anonymous when you access web-pages, but also meaning that it can’t be traced back to you after the fact.

VPN services usually offer a variety of servers for the user to connect to; this makes them the superior solution for bypassing region locks. When using a proxy, you will have to reconfigure your browser to point to whichever server you want to connect to depending on which region’s content you want to access. You cannot go seamlessly from viewing US-only content to UK-only content – and finding a trustworthy server even for one region can be difficult enough. With a VPN, your provider will often have an array of different servers available to connect to as required, allowing you to switch your virtual region safely and easily.

A good VPN can be used from any connection, including public hotspots; the encryption and extra security measures offered by VPNs will protect your browsing data over public connections. Even if an attacker manages to intercept your data, the encryption will make it unusable. Proxies are often less secure than a regular connection, so using one in public – especially one which will not use HTTPS traffic – is potentially dangerous.

Many ISPs throttle bandwidth for torrenting applications, such as BitTorrent, in an effort to combat piracy and limit impact on bandwidth – despite the effects this has on those using torrents for legitimate reasons. In order to throttle this specific kind of connection, they need to employ a process called Deep Packet Inspection. By analyzing the data packets sent over your connection, the ISP can determine whether the data is for regular web browsing or the use of torrent services – and throttle your connection speed in the latter case. Since a VPN encrypts data as it is transmitted, the ISP cannot inspect the packets properly, and therefore cannot detect when you’re using a torrent service.

Which to choose?

A VPN.

When you’re considering whether to use a proxy instead of a VPN, a good general rule of thumb is “don’t”. There are some very specific situations in which a proxy is the better option, but a VPN will offer you every benefit of a proxy server with less risk, more functionality and better protection. As long as you can choose a good VPN (there are many VPN reviews and articles here on thebestvpn.com to help), the only disadvantages are the learning curve and the additional expense.

The majority of proxies are freely available, but there is also a wide variety of paid proxies on offer. These paid services are more stable and reliable, and tend to perform a lot better than free proxies, but they can’t eliminate any of the other disadvantages of using a proxy and not a VPN; your browsing data is still traceable in the event of an investigation, and all the same issues with changing servers and data encryption are still present.

Both VPNs and proxies are likely to slow your connection speed somewhat (except in the case of bandwidth throttling, in which case a VPN is more likely to boost your speed), but a proxy server will usually be much slower, as it is a single unit dealing with a multitude of unique connections, and is limited by not only your own connection speed, but also the owner’s.

The only time we would recommend using a proxy rather than a VPN is when you need a “quick and dirty” solution, perhaps for a one-time use of getting around a specific firewall to access important information, or accessing data that’s restricted to a particular region. If you must use a proxy, bear the risks in mind: try to find as trustworthy a server as possible; make sure that HTTPS is not restricted by the proxy; and never send any important, personal data (identifiable information, passwords, payment information etc.) over a proxy – it could easily be logged, read and even abused if the owner of the server is malicious.

A VPN will fulfill all the functionality of a proxy, with greater security and reliability. For anyone with long-term concerns about privacy, security and data protection, a good VPN is unquestionably the best choice.

IPv4 vs. IPv6

Dann Albright

Dann Albright

IPv6 or IPv4The internet is undergoing a profound change.

Well, it’s been undergoing this change for quite a while now. And you probably didn’t even know about it. You might know that the Internet Protocol (IP) is what makes the internet work . . . but did you know that we’re in the midst of a huge update to that protocol?

The specification for IPv6 was finalized in 1998, and the internet is still in the process of switching from the previous version, IPv4. It’s been a long process, and we still have a long way to go.

But why should you be concerned about IPv4 vs. IPv6? Does it have any effect on you at all? It certainly does—and we’re going to take a look at those effects shortly. But first, let’s take a closer look at both protocols and see some of the differences between IPv4 and IPv6.

IPv4: Where We Started

You might be surprised to find out that the fourth version of the Internet Protocol has been around since 1983. Possibly even more surprising is the fact that it’s still used for the vast majority of the internet.

And it’s worked really well. The internet doesn’t seem outdated, and our data transmission has worked fine for the past 25 years. But there’s one big problem with IPv4:

We’ve run out of IP addresses.

An IP address is, simply, the location of a device on the internet. Your phone has one. Your computer has one. So does your gaming console (though they might not have unique addresses; we’ll get to that in a moment). Every data packet sent over the internet contains two IP addresses: the one belonging to the sender and the one belonging to the receiver.

It’s how data moves around the internet. As you can imagine, IP addresses are really important.

The problem with IPv4 is that IP addresses are 32-bit numbers (they look like “191.148.205.315”). There are just under 4.3 billion 32-bit numbers. That’s a huge number, so how can we be running out?

First, we have a staggering number of devices that are connected to the internet. More mobile phones are internet-capable, and they need their own IP addresses. There are over a hundred million broadband subscriptions in the US alone. Each of those needs an IP address, too.

But still, 4.3 billion? That seems like a stretch.

One of the factors contributing to the exhaustion of IPv4 addresses is inefficient use. Some large companies in the 1980s were given millions of IP addresses, far more than they could expect to use. There are a lot of owned-but-unused IP addresses out there, and that waste contributes to our running out of 32-bit IP addresses.

There’s been a push for people who own those unused IP addresses to give them back so they can be used by others, and that has helped slow the rate of exhaustion. But we’re just adding too many devices too quickly.

Which is where IPv6 comes in.

IPv6: The Present and the Future

As I mentioned, IPv6 was finalized in 1998, and it solves a number of issues with IPv4. The biggest improvement it brings to the table is 128-bit IP addresses (something like “2001:0db8:85a3:0000:0000:8a2e:0370:7334”). Instead of being limited to 4.3 billion, the new protocol supports somewhere in the neighborhood of 3.4×1038 addresses.

That’s 340 undecillion IP addresses.

To be fair, Chris Welsh showed that only 42 undecillion will actually be available to assign. Fortunately, that’s still an almost unimaginably large number. We won’t be running out of IP addresses anytime soon on the IPv6 network.

This larger number of IP addresses also means that every device can have its own address. Right now, routers have unique addresses, and individual devices connected to those routers are given non-unique addresses. So data is sent to the router, and it’s forwarded on to its final destination from there.

This process is made possible through Network Address Translation (NAT). And while NAT is a useful and reliable technology, it has some downfalls. It makes certain protocols unable to protect your devices, for example. It also requires resources to effectively do its job (though the amount of resources is extremely small).

IPv6 does away with NAT. Because there are enough addresses for every device, using non-unique IP addresses for devices behind routers is unnecessary. And NAT won’t be standing in the way of improved security.

The new protocol is also more efficient than IPv4; simplification in data packet headers, better routing functionality, and support for better peer-to-peer networking are all improvements. Even with those improvements, though, users aren’t likely to see huge jumps in performance. Sucuri found that little to no performance boost over IPv4, and others have found minimal improvements in the range of 5–10%.

But we’re still in the very early stages of IPv6, and more efficient data transfer is always good.

The Current State of IPv6

Despite being finalized in 1998, very few places on the internet have converted to IPv6. In May 2017, 37 countries had more than 5% of their internet traffic going via IPv6. Only seven countries had more than 15%. If IPv6 is so much better, why haven’t more people converted?

In short, because it’s expensive. It requires new server software and equipment. And it’s also not backward-compatible with IPv4. So any site that wants to work for users coming in via both protocols needs essentially two versions of their site (or a translator service).

But IPv6 is steadily becoming more popular. Most modern routers and operating systems provide support for the protocol. ISPs are rolling out IPv6 capabilities to more users all the time. Most major ISPs offer at least some IPv6 functionality, though they’re deploying at different rates around the developed world.

Should You Use IPv6?

Now that you’ve seen some of the benefits of IPv6 and how widespread it’s available, you might be wondering if you should use it. In short, yes, you should. The more widespread the adoption of the new technology, the better. If your ISP offers it, and you have a router capable of supporting it, it’s a good idea to turn it on.

Before you set out to turn it on, though, you should test to see if you’re already using it. Head to www.test-ipv6.com to see if you’re using IPv6. Here’s what you’ll see if you’re only using IPv4:

testing IPv6 connectivity

Turning on IPv6 will depend on your router and your ISP. Your best bet is to search for “[router manufacturer] ipv6 [your ISP].” You may also want to upgrade your router’s firmware to DD-WRT to make the change easier.

It’s important to understand that there are two ways of accessing IPv6 sites: with a transition mechanism and natively. There are numerous transition mechanisms, but one called 6to4 is likely the most commonly used. It encapsulates IPv6 data in IPv4 transmissions, effectively letting you see newer-format sites with an older transmission protocol.

A native IPv6 connection lets you connect directly to the site in question, skipping the transition process. This is what you need for a full switch over to IPv6. If your router gives you the choice, you’ll want to choose native IPv6.

To see if a site will accept IPv6 connections, use the IPv6 validation tool. If the site has a 128-bit IP address, you know that the site is IPv6-compatible.

How to Turn IPv6 Off

If you’d rather not use IPv6 (and we recommend not using it if your VPN can’t protect your traffic), you can simply tell your computer not to use it. On Windows, go to Settings > Network & Internet > Network & Sharing Center (it’s at the bottom of the window).

Network and sharing center

Click Change adapter settings and then right-click your main internet connection (in my case, it’s my wifi connection) and select Properties:

WiFi Properties

Scroll through the list until you see Internet Protocol Version 6 (TCP/IPv6) and uncheck the box:

Interent Protocol Version 6

To turn off IPv6 on a Mac, head to System Preferences > Network. Click Advanced and then go to the TCP/IP tab.

Configuring IPv4 on Mac

From here, just change the Configure IPv6 drop-down menu to Off.

If you don’t see the Off option, you need to run a Terminal command. Open Terminal and run one of the following commands, based on how you’re connected to the internet:

networksetup -setv6off "Wi-Fi"
networksetup -setv6off "Ethernet"

That should enable the Off option in the TCP/IP tab of the Network settings. To turn it back on, just select Automatically in the menu or run one of these commands:

networksetup -setv6automatic "Wi-Fi"
networksetup -setv6automatic "Ethernet"

IPv6 and VPNs

We’re all about VPNs here, so of course we’re going to talk about IPv6 and VPNs. If you’ve done much research on VPNs, you might have noticed that many providers disable IPv6 traffic over their VPN. This is because many VPN providers haven’t yet updated their servers and software to accommodate the new standard.

Unfortunately, this means that IPv6 traffic is sometimes routed through your ISP instead of your VPN. And that defeats the purpose of having a VPN in the first place. This is known as an IPv6 leak.

A 2015 study found that the majority of VPN providers suffered from IP address leaks, and that many of them were also vulnerable to IPv6 DNS hijacking. In 2016, another group of researchers found that 84% of Android VPNs weren’t routing IPv6 traffic through the VPN.

Fortunately, studies like these have encouraged providers to better protect their customers’ privacy by including IPv6-friendly features. Some VPNs are able to handle IPv6 traffic. Others simply tell their users to disable that traffic to prevent IP address leaks.

If you’re not sure what your current VPN is doing about IPv6 traffic, it’s a good idea to test your connection for IP leaks. IPleak.net is a good tool for testing whether you’re leaking IP information, and it covers both IPv4 and IPv6 traffic. If you see your personal or ISP’s IP address displayed on the page, your VPN isn’t fully protecting your privacy.

Some VPN providers have instituted support for IPv6 traffic, but not as many as we’d like. We’ll give you a few recommendations below for IPv6 protection.

Keep in mind that IPv6 support and IPv6 leak protection are different features. Leak protection usually involves just turning IPv6 off. This does protect your privacy, as there’s nothing to leak. But it doesn’t take advantage of the features that IPv6 provides. IPv6 support, however, lets VPNs route newer-protocol traffic to IPv6-enabled sites.

This is an important distinction. IPv6 leak protection is good—it definitely improves your safety. But IPv6 support takes it to another level.

VPNs That Support IPv6

As I mentioned previously, most VPNs don’t support IPv6 connections. There are a few, however, that will let you connect via IPv6. Mullvad (review) and FrootVPN (review), two VPNs that we like, offer full support. So does Perfect Privacy, but we haven’t had a chance to review their VPN at the time of this writing.

Beyond those three, your best bet is to find a VPN with IPv6 leak protection to prevent your traffic being routed through your ISP. Most of the top-rated VPNs provide some kind of leak protection. A few, like NordVPN (read review), have been very vocal about instituting their leak protection programs, and you can trust that they’ll be effective.

To find out whether your chosen VPN offers IPv6 leak protection, your best bet is to consult their documentation. Some have an option that you need to turn on. Other block IPv6 traffic automatically. Still, others recommend that you turn off IPv6 traffic on your computer.

Of course, we recommend always routing your traffic through a VPN. But if your VPN leaks your IPv6 IP address, it’s probably a better idea to simply turn IPv6 off using the instructions above.

Be Safe with IPv6

Because it’s a new and better technology, you may want to jump right into IPv6. If it’s better than IPv4, why wouldn’t you use it by default? But as we’ve seen, there are a few issues with it—primarily, that most VPNs don’t support it. And that if they lack leak protection, you could be leaking your IP address when you think it’s protected.

Check to make sure that your VPN either supports IPv6 or offers protection from IP address leaking. If it doesn’t, switch VPNs (most of the big names provide some sort of protection) or turn IPv6 off from your computer’s settings.

If you’ve taken those steps, you can be confident that you’ll be safer on the new, IPv6-enabled internet.

Have you made the switch to IPv6 yet? Does your VPN provider support it? Share your experiences in the comments below!

DNS Leaks (Causes & Fixes)

Kevin Townsend

Kevin Townsend

I write about cyber security: news, views and issues. This currently includes: SecurityWeek (objective); ITsecurity.co.uk (subjective); and formerly Wisegate.

What is a DNS LeakBrowsers use the Domain Name System (DNS) to bridge the gap between internet IP addresses (numbers) and website domain names (words).

When a web name is entered, it is sent first to a DNS server where the domain name is matched to the associated IP address so that the request can be forwarded to the correct computer.

This is a huge problem for privacy since all standard internet traffic must pass through a DNS server where both the sender and destination are logged.

That DNS server usually belongs to the user’s ISP, and is under the jurisdiction of national laws. For example, in the UK, information held by ISPs must be handed to law enforcement on demand. Similar happens in the USA, but with the added option for the ISP to sell the data to marketing companies.

While the content of communications between the user’s local computer and the remote website can be encrypted with SSL/TLS (it shows up as ‘https’ in the URL), the sender and recipient addresses cannot be encrypted. As a result, every destination visited will be known to whoever has legal (or criminal) access to the DNS logs – that is, under normal circumstances, a user has no privacy over where he goes on the internet.

VPNs are designed to solve this problem by creating a gap between the user’s computer and the destination website. But they don’t always work perfectly. A series of issues means that in certain circumstances the DNS data can leak back to the ISP and therefore into the purview of government and marketing companies.

The problems are known as DNS leaks. For the purpose of this discussion on DNS leaks, we will largely assume that your VPN uses the most common VPN protocol, OpenVPN.

 

What is a DNS leak?

A VPN establishes an encrypted connection (usually called a ‘tunnel’) between your computer and the VPN server; and the VPN server sends your request on to the required website. Provided the VPN is working correctly, all your ISP will see is that you are connecting to a VPN – it cannot see where the VPN connects you. Internet snoopers (government or criminal) cannot see any content because it is encrypted.

A DNS leak occurs when something unintended happens, and the VPN server is bypassed or ignored. In this case, the DNS server operator (often your ISP) will see where you are going on the internet while you believe he cannot.

This is bad news, since it defeats the purpose of using a VPN. The content of your web traffic is still hidden (by the VPN’s encryption), but the most important parts for anonymity – your location and browsing data – are left unprotected and most likely logged by your ISP.

 

How to tell if my VPN has a DNS leak?

There’s good news and bad news for detecting a DNS leak. The good news is that checking whether your VPN is leaking your DNS requests is quick, easy and simple; the bad news is that without checking, you’re unlikely to ever know about the leak until it’s too late.

There are many in-browser tools to test whether your VPN has a DNS or other form of data leak, including some made by VPN providers such as AirVPN (review) or VPN.ac. If you’re not sure what to do, you could simply go to ipleak.net while you believe your VPN to be operational. This site will automatically check for a DNS leak (and, incidentally, provides a lot more information as well).

  1. Enter ipleak.net into your browser’s address bar.
  2. Once the web page loads, the test begins automatically and you will be shown an IP address.
  3. If the address you see is your IP address and shows your location, and you are using a VPN, this means you have a DNS leak. If your VPN’s IP address is shown, then it’s working normally.

If possible, it’s a good idea to test with multiple online checkers.

Figure 1 shows ipleak.net used with a badly configured VPN. It returns the correct IP address. This is a DNS leak.

Your IP address #2

Figure 1

Figure 2 shows ipleak used with ExpressVPN configured to use a Belgian server (ExpressVPN lets you select from a range of different countries). There is no DNS leak apparent.

Your IP address

Figure 2

For most users, performing this check before continuing to browse other sites will be sufficient. For some users, this won’t be a perfect solution, as it requires you to connect to the internet and send DNS requests to access the checker tools.

It is possible to test for DNS and other leaks without using one of these websites, although it requires you to know your own IP address and how to use the Windows command prompt, It also requires a trusted test server for you to ‘ping’ directly; this could be a private server you know and trust, or one of the following public test servers:

  • whoami.akamai.net
  • resolver.dnscrypt.org
  • whoami.fluffcomputing.com
  • whoami.ultradns.net

To do this, open the command prompt (go to the start menu, type “cmd” and press Enter), and then enter the following text:

  • ping [server name] -n 1

Replace [server name] with the address of your chosen test server (for example “ping whoami.akamai.net -n 1”), and press Enter. If any of the IP addresses found in the resulting text match your personal or local IP, it’s an indicator that a DNS leak is present; only your VPN’s IP address should be shown.

Figure 3 shows the result with ExpressVPN running. Notice that the only IP address returned is the Belgian IP as shown in Figure 2. There is no DNS leak apparent.

FREEDOME

Figure 3

If you find that that your VPN has a DNS leak, it’s time to stop browsing until you can find the cause and fix the problem. Some of the most likely causes of a DNS leak and their solutions are listed below.

 

DNS Leaks Problems and Solutions

The Problem #1: Improperly configured network

DNS Leak problems and fixes

This is one of the most common causes of DNS leakage for users who connect to the internet through different networks; for example, someone who often switches between their home router, a coffee shop’s WiFi and public hotspots. Before you connect to your VPN’s encrypted tunnel, your device must first connect to the local network.

Without the proper settings in place you can be leaving yourself open to data leaks. When connecting to any new network, the DHCP settings (the protocol that determines your machine’s IP address within the network) can automatically assign a DNS server to handle your lookup requests – one which may belong to the ISP, or one that may not be properly secured. Even if you connect to your VPN on this network, your DNS requests will bypass the encrypted tunnel, causing a DNS leak.

The Fix:

In most cases, configuring your VPN on your computer to use the DNS server provided or preferred by your VPN will force DNS requests to go through the VPN rather than directly from the local network. Not all VPN providers have their own DNS servers though, in which case using an independent DNS server such as OpenDNS or Google Public DNS should allow DNS requests to go through the VPN rather than directly from your client machine. Unfortunately, changing the configuration in this way depends a great deal on your specific VPN provider and which protocol you’re using – you may be able to set them to automatically connect to the correct DNS server no matter which local network you connect to; or you may have to manually connect to your preferred server each time. Check the support for your VPN client for specific instructions.

If you have to manually configure your computer to use a chosen independent DNS server, you can find step-by-step instructions in the section ‘Change your settings to a trusted, independent DNS server’ below.

The Problem #2: IPv6

Usually, when you think of an IP address, you think of a 32-bit code consisting of 4 sets of up to 3 digits, such as 123.123.123.123 (as described above). This is IP version 4 (IPv4), currently the most common form of IP address. However, the pool of available unused IPv4 addresses is getting very small, and IPv4 is being replaced (very slowly) by IPv6.

IPv6 addresses consist of 8 sets of 4 characters, which can be letters or numbers, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

The internet is still in the transition phase between IPv4 and IPv6. This is creating a lot of problems, especially for VPNs. Unless a VPN explicitly has IPv6 support, any request to or from your machine sent over IPv6 – or sent using a dual-stack tunnel to convert IPv4 to IPv6 (see Teredo below) – will completely bypass the VPN tunnel, leaving your personal data unprotected. In short, IPv6 can disrupt up your VPN without you being aware of it.

Most websites have both IPv6 addresses and IPv4 addresses, though a significant number are still IPv4-only. There are also a few websites which are IPv6 only. Whether your DNS requests are for IPv4 or IPv6 addresses will usually depend on your ISP, your network equipment (such as wireless router) and the specific website you’re trying to access (with implementation of IPv6 still incomplete, not all users will be able to access IPv6-only websites). The majority of DNS lookups will still be IPv4, but most users will be unaware of whether they are making IPv4 or IPv6 requests if they are able to do both.

A study by researchers from Sapienza University of Rome and Queen Mary University of London in 2015 examined 14 commercial VPN providers, and found that 10 of them – a disturbingly high proportion – were subject to IPv6 leaks.

  • HideMyAss
  • IPVanish
  • Astrill
  • ExpressVPN
  • StrongVPN
  • PureVPN
  • AirVPN
  • Tunnelbear
  • ProXPN
  • Hotspot Shield Elite

While IPv6 leakage is not strictly the same as a standard DNS leak, it has much the same effect on privacy. It is an issue that any VPN user should be aware of.

The Fix:

If your VPN provider already has full support for IPv6 traffic, then this kind of leak shouldn’t be a problem for you. Some VPNs without IPv6 support will instead have the option to block IPv6 traffic. It’s recommended to go for an IPv6-capable VPN in any case, as dual-stack tunnels could conceivably still bypass an IPv6 block. (See Teredo below.) The majority of VPNs, unfortunately, will have no provision made for IPv6 and therefore will always leak IPv6 traffic. Make sure you know before using a commercial VPN whether they have made provisions for IPv6, and only choose one which has full support for the protocol.

The Problem #3: Transparent DNS Proxies

Some ISPs have adopted a policy of forcing their own DNS server into the picture if a user changes their settings to use a third-party server. If changes to the DNS settings are detected, the ISP will use a transparent proxy – a separate server that intercepts and redirects web traffic – to make sure your DNS request is sent to their own DNS server. This is effectively the ISP ‘forcing’ a DNS leak and trying to disguise it from the user. Most DNS-leak detection tools will be able to detect a transparent DNS proxy in the same way as a standard leak.

The Fix:

Fortunately, recent versions of the OpenVPN protocol have an easy method to combat transparent DNS proxies. First, locate the .conf or .ovpn file for the server you wish to connect to (these are stored locally and will usually be in C:\Program Files\OpenVPN\config; see the OpenVPN manual for more details), open in a text editor like notepad and add the line:

  • block-outside-dns

Users of older versions of OpenVPN should update to the newest OpenVPN version. If your VPN provider does not support this, it may be time to look for a newer VPN. As well as the OpenVPN fix, many of the better-made VPN clients will have their own provisions built-in for combating transparent DNS proxies. Refer to your specific VPN’s support for further details.

The Problem #4: Windows 8, 8.1 or 10’s insecure “features”

Windows operating systems from 8 onward have introduced the “Smart Multi-Homed Name Resolution” feature, intended to improve web browsing speeds. This sends out all DNS requests to all available DNS servers. Originally, this would only accept responses from non-standard DNS servers if the favorites (usually the ISP’s own servers or those set by the user) failed to respond. This is bad enough for VPN users as it greatly increases the incidence of DNS leaks, but as of Windows 10 this feature, by default, will accept the response from whichever DNS server is fastest to respond. This not only has the same issue of DNS leakage, but also leaves users vulnerable to DNS spoofing attacks.

The Fix:

This is perhaps the most difficult kind of DNS leak to fix, especially in Windows 10, because it’s a built-in part of Windows and can be almost impossible to change. For VPN users using the OpenVPN protocol, a freely-available open-source plugin (available here) is possibly the best and most reliable solution.

Smart Multi-Homed Name Resolution can be switched off manually in Windows’ Local Group Policy Editor, unless you’re using a Home Edition of Windows. In this case Microsoft simply doesn’t allow you the option of switching off this feature. Even if you are able to switch it off this way, Windows will still send the request to all available servers in the event that the first server fails to respond. It’s highly recommended to use the OpenVPN plugin to fully address this issue.

It may also be helpful to check US-CERT’s guidelines here as well. Smart Multi-Homed Name Resolution has such significant security issues associated with it that the government agency issued its own alert on the subject.

The Problem #5: Teredo

Teredo is Microsoft’s technology to improve compatibility between IPv4 and IPv6, and is an in-built feature of Windows operating systems. For some, it’s an essential transitional technology that allows IPv4 and IPv6 to coexist without issues, enabling v6 addresses to be sent, received and understood on v4 connections. For VPN users, it’s more importantly a glaring security hole. Since Teredo is a tunneling protocol, it can often take precedence over your VPN’s own encrypted tunnel, bypassing it and thus causing DNS leaks.

The Fix:

Fortunately, Teredo is a feature that is easily disabled from within Windows. Open the command prompt and type:

netsh interface teredo set state disabled

While you may experience some issues when connecting to certain websites or servers or using torrent applications, disabling Teredo is a much more secure choice for VPN users. It’s also recommended to switch off Teredo and other IPv6 options in your router or network adapter’s settings, to ensure that no traffic can bypass your VPN’s tunnel.

 

Preventing future leaks

preventing dns vpn leaksNow that you’ve tested for a DNS leak and either come out clean, or discovered and remedied a leak, it’s time to look into minimizing the chances of your VPN springing a leak in future.

First of all, make sure that all the above fixes have been performed in advance; disable Teredo and Smart Multi-Homed Name Resolution, make sure your VPN either supports or blocks IPv6 traffic, etc.

1. Change settings to a trusted, independent DNS server

Your router or network adapter should have a way to change TCP/IP settings, where you can specify particular trusted DNS servers by their IP addresses. Many VPN providers will have their own DNS servers, and using the VPN will often automatically connect you to these; check your VPN’s support for more information.

If your VPN doesn’t have proprietary servers, a popular alternative is to use an open, third-party DNS server such as Google Open DNS. To change your DNS settings in Windows 10:

  1. Go to your control panel
  2. Click “Network and Internet”
  3. Click “Network and Sharing Center”
  4. Click “Change Adapter Settings” on the left-hand panel.
  5. Right-click on the icon for your network and select “Properties”
  6. Locate “Internet Protocol Version 4” in the window that opens; click it and then click on “Properties”
  7. Click “Use the following DNS server addresses”

You can now enter a preferred and alternative address for DNS servers. This can be any server you wish, but for Google Open DNS, the preferred DNS server should be 8.8.8.8, while the alternative DNS server should be 8.8.4.4. See Figure 4.

IPV 4

Figure 4

You may also wish to change the DNS settings on your router – refer to your manual or support for your specific device for further information.

2. Use a firewall or your VPN to block non-VPN traffic

Some VPN clients will include a feature to automatically block any traffic not going through the VPN – look for an ‘IP Binding’ option. If you don’t have a VPN yet, consider getting one from here.

Alternatively, you can configure your firewall to only allow traffic in and out via your VPN. You can also change your Windows Firewall settings:

  1. Make sure you’re already connected to your VPN.
  2. Open the Network and Sharing Center and make sure you can see both your ISP connection (which should show up as “Network”) and your VPN (which should show up as the name of the VPN). “Network” should be a Home Network, while your VPN should be a Public Network. If either of them are set to something different, you’ll need to click on them and set them to the appropriate network type in the window that opens.
  3. Make sure you’re logged in as Administrator on your machine and open the Windows Firewall settings (exact steps for this vary depending on which version of Windows you’re running).
  4. Click on “Advanced Settings” (see Figure 5).
  5. Locate “Inbound Rules” on the left panel and click it.
  6. On the right-hand panel, under Actions, you should see an option for “New Rule…”. Click this.
  7. In the new window, choose “Program” and click Next.
  8. Choose “All Programs” (or select an individual program you want to block non-VPN traffic for) and click Next.
  9. Choose “Block the Connection” and click Next.
  10. Tick “Domain” and “Private” but make sure that “Public” is not ticked. Click Next.
  11. You should be back in the Advanced Settings menu for Windows Firewall; locate “Outbound Rules” and repeat steps 6 through 10.
Windows "Advanced Settings"

Figure 5

3. Regularly perform a DNS leak test

Refer to the section “How do I Tell if my VPN has a DNS Leak?” above for instructions. Prevention is not ironclad, and it’s important to check frequently that all your precautions are still holding fast.

4. Consider VPN “monitoring” software

This can add an extra expense on top of your existing VPN subscription, but the ability to monitor your VPN’s traffic in real time will allow you to see at a glance if a DNS check goes to the wrong server. Some VPN monitoring products also offer additional, automated tools for fixing DNS leaks.

5. Change your VPN if necessary

You need the maximum possible privacy. The ideal VPN will have built-in DNS leak protection, full IPv6 compatibility, support for the latest versions of OpenVPN or the protocol of your choice and have functionality in place to counteract transparent DNS proxies. Try thebestvpn.com’s in-depth comparisons and reviews to find the VPN that offers everything you need to keep your browsing data private.