Do You Use It? VPNs
Virtual private networks, or VPNs, promise enhanced privacy and security by routing your Internet traffic through an encrypted tunnel to a theoretically trusted remote server, ensuring that no one on your local network or between you and the destination can see inside that tunnel. VPNs are also commonly used to circumvent location-based restrictions, such as watching the BBC from outside the UK, and IP-based limits, such as those schools employ to block games and adult sites.
But what about that remote server? You have to trust that the VPN provider has your best interests at heart because it can see all your unencrypted traffic. Even with encrypted HTTPS connections, the VPN provider can still track which sites you visit, when you visit them, and how much data you transfer. You’re essentially transferring the visibility of your online activity from your Internet provider to your VPN provider.
All that is a long way of explaining why it’s a big deal that a recent report from the Tech Transparency Project identified 20 of the top 100 free VPN apps in the App Store as being owned—often surreptitiously—by Chinese companies. One of these companies, Qihoo 360, has been sanctioned by the US Department of Defense as a “Chinese military company.” It’s behind at least five free VPN apps: Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN.
If you’re using one of those apps, or one of the many others listed in the Tech Transparency Project report, now would be a good time to pick another. Or perhaps you’re unhappy with the VPN you use, or have been thinking that you should start using a VPN. This week’s Do You Use It? poll aims to determine which VPNs are most popular among the TidBITS audience.
This seemingly simple question quickly grew in complexity. Many people don’t use VPNs at all, and others use them only occasionally or to achieve a specific outcome. So our first question is: When do you use a VPN? Respond to these polls on the TidBITS Talk site.
For those who answered something other than “Never,” the questions continue, with this next one aimed at helping those who aren’t sure what the point of a VPN is: Why do you use a VPN?
A system-level VPN protects all the traffic from your device, but there are also browser-based VPNs that are limited to traffic in Web browsers unless you install additional software to bring them up to full VPN status. Additionally, there are browser extensions that are proxies that route traffic through a different remote server without strong encryption—again, they protect only data within the browser. Depending on the desired outcome, that may be a distinction without a difference for most people. Our next question—What type of VPN do you use?—at least tries to tease out some of that distinction.
At long last, we can return to the original question, focusing on the system-level VPN services to keep things somewhat manageable. Since Discourse polls are restricted to 20 answers, I’ve chosen what seem to be the most popular VPNs with help from TidBITS Talkers. If your VPN isn’t listed, please add it in the comments, with a link. We’re also interested in hearing what you like or don’t like about the VPN service you use. So, which VPN do you use?
Now we get to make comments…
First, a note that a disadvantage of using a VPN is that it bypasses the firewall-ish protection provided by NAT in a router. For example, without a VPN my Macs do not see Windows Networking connection requests (netbiosd port 138 and smbd port 445) because I haven’t made any outgoing connections on those ports, so they’re not in my router’s NAT table. When I have a VPN up I do get these requests. Thus, it is important to be running a firewall when you use a VPN, such as the MacOS built-in firewall.
In the news this week is that VPNSecure was taken over by a new company, who then decided to cancel lifetime subscriptions. Shame!
The reason I use VPN Unlimited is because I have a lifetime subscription, but not because I chose them. I actually bought a lifetime subscription to PureVPN back in 2017 from Stack Commerce.
There was a catch, though. PureVPN didn’t sell lifetime subscriptions. So the Stack Commerce deal terms were disclosed in two places:
When my five years were up I contacted Stack Commerce. The conversation went like this:
Me: I want to renew my PureVPN subscription per the terms of the deal.
Them: Sorry, PureVPN is only available in up to 5-year subscription increments. But you can get VPN Unlimited lifetime subscription for free!
Me: I’d rather renew PureVPN for another 5 years.
Them: Sorry, we were unaware of PureVPN’s business decision. How about VPN Unlimited and a $20 credit?
Me: What’s the problem? The deal was for 5-year subscription increments. You said “PureVPN is currently available up to incremental 5-year subscriptions”. So why is a 5-year incremental subscription not an option?
Them: I’ve been approved to offer you a one-time 2 year extension of PureVPN.
…at that point they had worn me down so I just accepted the lifetime subscription to VPN Unlimited.
Anyway, it does work but not as well as PureVPN.
VPN kill switches are desirable
But don’t always work on Macs…
My employer uses Fortinet’s VPN offerings (FortiClient installed on the client side). The setup is opaque enough that I’m uncertain if my employer is the VPN provider using Fortinet hardware and software, but that would be my best guess.
My VPN use is strictly for accessing my employer’s network when I’m not at a corporate site (which is almost all the time), so the software isn’t one of the poll choices. But for the curious:
Our main corporate VPN is via Cisco AnyConnect.
Some remote sites (not on the corporate network) have their own VPNs, based on the community edition of OpenVPN, and managed by the site’s IT team.
Years ago, when I was working at such a remote site, I frequently used it to access the site’s local servers when out of the office.
We also use ZScaler products to identify and block traffic that violates corporate policy. This isn’t a VPN, but it does intercept and redirect all non-local network traffic, so it’s VPN-adjacent.
But my personal systems never use VPNs. So far, I have not read a convincing reason why it would help me.
I use Tailscale to access far flung devices as if they were a single network. I can use it to have my traffic come from any of the exits in my Tailnet which optionally includes Mullvad nodes.
My previous employer deployed a Fortinet VPN via its own Fortinet routers, solely for accessing a limited number of internal systems from outside the company. It worked well, but it was important to have professional staff actively monitoring and maintaining it.
I use Private Internet Access, both on a Mac mini and my iPhone and iPad, but only 100% of the time on the mini. I also use Tailsafe for other machines on my network, which I guess is a bit like hosting my own vpn, so that I can access them easily when away from my LAN.
I have been using NetShade (Rayner Software) for many years. It is a standalone application that works primarily through browsers. I like how it works through any browser and requires no special plugins or extensions. It can work as a proxy or VPN. The number of countries where Rayner has servers is somewhat limited (mostly Europe and the USA but others exist) but its service has been exemplary.
I use Tailscale for remote access to my home network and to provide tech support to family members. I also use their Mullvad integration, which isn’t terribly good, and mostly rely on NordVPN for web browsing.
There are always weird hiccups with some web sites, like how Home Depot blocks access to their web site from IP addresses outside the US. So many online stores try to geo-locate visitors based on IP address that it can be maddening when I get redirected to the wrong site. (Amazon does this a lot, especially with affiliate links.)
I’ve wondered if Apple’s “private relay” is actually useful at all, but enabling it just seems to result in odd popup messages that tell me it was unable to connect. It’s surprising to me that they don’t offer a system-level VPN service for iCloud subscribers.
I use Cisco Secure Client for work constantly, and ProtonVPN to circumvent geoblocking when necessary. The latter mostly on my NVIDIA Shield.
LetsVPN is missing from the list
First, I am typing this on my phone as I cannot get past the Cloudflare human test using either Brave or Safari on my Mac (without a VPN). If this is just me I will investigate my settings but if others also have difficulty please fix it.
I use Proton VPN on my iPhone and MacBook when on public WiFi but it is very frustrating as I have to switch it on and off several times before I can get an Internet connection. I also use 1.1.1.1 which is not listed here. These are both free, perhaps a paid service is better.
I use Tailscale as well, mainly for having encrypted access to servers and other suystems when I’m away from home. It is easy to set up and very reliable. They offer free access for personal use.
My employer uses GlobalProtect (PaloAltoNetworks) which is what I use for my work, access, and encryption.
I use Tailscale a lot now thanks to an article on this very site. I use my own exit nodes. I have a lifetime cheap subscription to Torguard which I barely use. Tailscale pretty much solves every need for a VPN for me. I don’t really care about my exit IP address because I’m not doing anything shady, I just want to control my traffic and access my resources. Helps on restricted networks like libraries and hotels as well for general privacy and restriction bypassing. I don’t want to bother anyone’s network, I just want to get to the internet through it sometimes without them messing with my traffic.
I downloaded a VPN once, installed it, and then wondered what on earth good it was. How to use it. What was even going on. I’ve been a Tidbits subscriber since it was a Hypercard stack, yet I can’t remember ever reading one article that clearly explained the answer to these obvious questions. I can’t recall ever reading a software review of any VPN that explained the most basic principles. How did I miss it? I read it every week.
I’ve seen a disturbing trend with Apple Support over the last couple of years; in-store or remote.
When providing support for apps (Apple Music search function stopped working for a month and was fixed without a software update) or for iOS system-level issues (CarPlay random disconnects), one of the first questions I am asked is “do you have a VPN installed?”.
This has been regardless of what the actual issue has been. After answering yes, they have required the VPN to be completely uninstalled from the Mac or device before providing any support.
While this article is about VPN apps and services, I also support clients by connecting to their networks via the Apple VPN client and third-party clients and they have also required those to be removed on the Mac.
I have argued that I need them configured for work purposes and they will not proceed until all VPNs are removed or uninstalled.
I understand that many support issues may be caused by VPNs preventing connections to web sites and services. This goes against Apple’s stance on privacy and security and has caused me hours of time reconfiguring them afterwards over multiple support tickets and shouldn’t be the first thing they require on support calls and Genius Bar appointments. Especially when required for work.
I will “me too” David Shamino’s response: I use my employe’rs VPN via Cisco AnyConnect.
However, I have an advantage: I’m the sysadmin where I work. I’m the one who set up the VPN configuration. By using it constantly, I verify that it works and it’s usable. On the minus side, if something is not working, the source of the problem can be found by looking into the mirror.
I work from home. Because I require VPN to access the systems at work most of the time, I basically use it 24/7 even for personal tasks. It would just be too much of a hassle to turn it on and off; for example, if I’m editing a file at work in an extended session that lasts for days, toggling VPN would break off the editing session.
A consequence of this setup is it provides zero anonymity. If someone examined the IP address from which our VPN connections come, it points back to my workplace.
I explain all this to my users, whom I’m sure don’t remember.
I had that happen a few weeks ago, and Support would not move forward until I had Uninstalled the app, not just turned it off. What does it do when it is installed and off?
I have used PIA for some time, but having read about Kape’s business practices in the comments on Adam’s original article on VPNs I have switched to ProtonVPN. Looks like it’s a bit cheaper too!
Zscaler is kind of interesting. Let’s say you’re a company that needs to provide a VPN for employees to use when they’re at home or otherwise not in the office. This VPN will connect into the company’s network.
There’s two ways to do this:
Full tunnel: all of the traffic from the user’s computer is routed through the VPN, including traffic that isn’t for the company at all.
For example, let’s say the user starts the company VPN, then goes to TidBITS. TidBITS isn’t on the company’s network, so the traffic needs to route user > VPN > company network > firewall (probably) > public Internet > TidBITS
Split tunnel: the VPN sets up the routing on the user’s computer so that company IP subnets are routed through the VPN, but non-company are not tunneled into the VPN and instead go our the user’s normal network interface.
The problem with a full tunnel is that now the VPN and the company network has to handle all of the traffic. This even includes company traffic that is actually hosted in The Cloud, where it would be more efficient to just route it to the Internet.
So a split-tunnel is better. But, it has security concerns. What if the user tries to go to TidBITS but mistypes it and actually goes to a malware serving site? The user’s machine is compromised. Companies don’t like it when you connect compromised machines to their network. And due to the VPN, in effect the user’s machine is connected to the company network. So, users working away from the office can serve as a means of infiltration of malware.
Enter Zscaler. What it does is leave the split-tunnel VPN alone, but it redirects the out of tunnel traffic to Zscaler servers, where it can block access to malware sites. And do other content blocking.
Vivaldi now sports Proton VPN (free) right in the browser now so there you go.
It’s possible that I mentioned this in the the thread asking which VPNs people use, but I think I decided to wait until this thread; so, these are how and why I use VPNs (note the plural):
For years, I’ve used SSH to provide remote support to friends/family/clients. While some might not consider SSH to be a VPN, it does provide a point-to-point secure tunnel to remote sites. I use PKI (public/private key pairs) to connect securely to the sshd process running in the remote router. Then the SSH port forwarding feature lets me access various servers and other hosts on the remote LAN. Old school technology perhaps, but still effective.
For some remote sites, I’ve used OpenVPN, connecting to an OpenVPN server running in the remote routers (mostly ASUS). On macOS: I use the TunnelBlick client. On iPhone/iPad, the OpenVPN Connect app. I’ve found that configuring OpenVPN can be a bit of a pain - too many options, settings, and certificates to manage. Incompatibilities between the OpenVPN client and the vintage of OpenVPN that is found on the routers. Not to mention various inscrutable error messages.
For ongoing remote support duties for friends and family, I’m now migrating to Tailscale. I’ve found AppleTV to be a useful adjunct for that. The tvOS Tailscale client provides both subnet routing capability (remotely access all the local subnets) as well as serving as an exit node. I’ve also deployed Raspberry Pi’s with Tailscale software at a couple of sites. Tailscale is so much easier to manage than a bunch of OpenVPN endpoints.
Finally, I occasionally use PureVPN when I want to appear to be somewhere I’m not. No complaints, but from reading some of the other comments here, it seems my “Lifetime Subscription” may be coming to an end. I was able to renew it after the 1st five years, but perhaps I’ve reached the end of that road.
So, I use TunnelBear. Sometimes I do writing research, and I’m not always crazy about having my identity noticed and logged by web sites. I got a locked-in rate on it years ago, and because the company is made up of Plucky Canadians®, they’ve honored it ever since.
What feels like an excellent fit for an average user like me is that it uses client-side apps to configure the VPN settings, and so there are apps for MacOS and iOS. I’ll run into occasional issues when the OS upgrades, but that’s been happening less often lately.
It doesn’t hurt that they have one of the more captivating Web login screens. Who could resist an animation of a cartoon bear covering its eyes with its paws while a password is being typed in?
I use ProtonVPN and Mullvad, mostly Mullvad lately. I don’t use these at home or at work, but do when out and about. I have to assume the security aspect as I have no way to test it, but I find the claims of geolocating misleading. I rarely can use either to watch things in different countries, whether to watch US programs when overseas or to watch Premier League when home. I also find many sites block VPNs. I have to turn off the VPN to use Ticketmaster for example.
I use a Firewalla router at home (Gold Plus). I have the built-in wireguard VPN configured and applied to my devices. If I’m on any network other than my SSIDs, the VPN automatically connects and all of my traffic is routed through my home network and back out through my ISP. I also have Proton VPN (part of my Proton package), and I use that on the Firewalla to provide Unbound over VPN to prevent DNS modification and encrypt the outbound DNS queries (while the content still uses the ISP connection). I will occasionally use the Proton VPN directly if I need to access something in a specific country (I work for a global organization and occasionally I need to do so).
If I didn’t already have a working solution that does what I need, or if I needed peer-to-peer connections between my devices, then I would be using tailscale. It’s a really interesting project, but it doesn’t fit my current use case(s).
I use VPN all the time because it is the only way you can implement DNSCrypt on iOS and iPadOS (encrypted DNS protocol). Plus specific DNS servers block ads and trackers while browsing and within apps. This is good for privacy, it reduces data traffic over networks and time in displaying content.
The survey does not take into account this use case. It is different from hiding the IP address.
I have no choice: my employer – a major university health system, which is required to protect patient information – allows remote network access from Macs using F5 Access from F5 Networks.
Before F5 Access we used F5’s standalone BIG-IP Edge Client, and before that Juniper Network’s Pulse Secure before it moved to Ivanti.
The F5 BIG-IP Edge Client used to be a pre-packaged download from the employer’s IT page. But when the university switched to F5 Access we then could only get the app from the Mac App Store. That meant it was no longer pre-configured for our VPN server, which meant the user had to follow instructions to configure it themselves.
The employer also requires that users first get added to a “VPN Client Exception List” in Active Directory, which always complicates the first connection for a new user since a support ticket will be needed.
I only use F5 Access for the short periods I connect remotely to the hospital network; then I disconnect and quit F5 Access. I don’t otherwise use any VPN for anything, as I’m not convinced that they make the Internet safer.
I use TunnelBear, too. I agree with everything you said.
I only use VPN for accessing my university’s network from home or when traveling. They use Palo Alto Global Connect.
Question for ProtonVPN current & prospective users:
With their current “Anniversary” offer, new users will pay about $72 for a two year subscription. It seems the price will then go up over 3x to $240 for two years at renewal. Will it be worth it to pay the higher rate? Do you expect the price to be lower? If not, will you switch VPNs?
I failed to see one nice feature of NordVPN mentioned: You can identify secure networks where automatically VPN will be switched off.
NordVPN indicates this by: “You are on trusted Wi-Fi.” There is also a button to switch off this feature for the respective network.
My router at home (TP-Link Deco) has a VPN built into it. I use it when I need to appear to be at home rather than traveling internationally.
Be wary of ‘lifetime’ offers, they are a marketing tactic. They work well to obtain a large number of new customers but eventually it is not sustainable. If they have too many users not paying the going rates they are losing money as the companies operating costs will always go up.
See the same story over and over you sign-up for a lifetime offer only for it to eventually be cancelled.
Hotspot Shield
For me, it has been generally better-behaved than Nord, which I likely will not renew.
Just adding a link to my other post regarding VPN ownership and security issues, such as Crossrider / Kape Technologies buying up a number of VPN companies (and review sites) or malicious VPN extensions found spying on Chrome users in recent months.
I’m using Proton for the secure email and end-to-end encrypted cloud storage - the additional parts are mostly “extra”. I have the visionary plan, so it’s $480 every 2 years (roughly $20/month). However, for that I also have the ability to use a custom email domain, and have my family members on the plan, so it seems like a reasonable value for the price. I rarely use the VPN directly from my mobile devices, but I am using DNS over VPN with Unbound (from the Firewalla router), so it is actively in use.
This is both helpful and concerning. I’ve also seen instances where products changed hands, and it wasn’t immediately clear - so that end users could continue using a product without realizing that the privacy policies and corporate governance may have changed. I’m thinking specifically of Bartender, but I know that’s not the only example. I think it was around six months (possibly more) before the change in ownership became widely known. I’m happy that I’m not using Intego. I find it interesting that there’s nothing obvious on their website that references Kape. When I did a search, there is a blog post - but unless you’re specifically looking for it, I doubt you would see it. Really makes you wonder who you can trust, and for how long can you continue to do so?
It is good to stay away from domestic Red China companies as they are all either owned or controlled by the PLA and/or MSS. I haven’t yet found a reason to use a VPN continually so I have delved that deep into them. However, I do use Tor Browser at times, does anyone else and do you use a VPN too? If so which one?
AdBlocking. My iPad has a VPN always on, but it’s not an external VPN, it’s a local one as part of an adblocking app. Works well for me. This option is missing from the polls.
On the mac, adblockers plugins in the browser are enough for me. But on the iPad, this ‘adblocker via VPN’ is the best I could find at the time (I’ve been using it for years and haven’t looked at other adblocking solutions since). Hope this helps!
I bet a lot of Texans use a VPN now so they can watch porn!
I used to use PIA, it seemed to work well, but it no longer supports all the operating systems I have to use.
Getflix (www.getflix.com), both “smart DNS” to circumvent geoblocking of some streaming efficiently and their regular VPN product.
PersonalVPN
I do not use any VPN specifically because I do not know where it terminates or who is collecting all of that information. I do not have the resources to trace down who really owns the VPN software or servers, so I just take my chances in the open VPN-less world. I also do not really have anything to protect past what normal people would want to protect (bank, medical, purchases, etc.) and those should be reasonably protected with HTTPS (SSL or better.)
I use Aura for security. I turn VPN on the phone when it involves anything financial. It’s always on on my browser.
Hotspot Shield. It’s on all the time on my phone and on my laptop if I’m connected to anything other than my home network or my phone acting as a personal hotspot. Got a lifetime subscription back in 2016, and I’ve been very happy with it. As a bonus, I get free updates of 1Password now.
I used VPN Unlimited for many years (decades?) and have a life-time subscription that really seems to be life-time (so far) but switched to Tailscale last year. I have it on all my devices (iMac G4, iPhone 15 ProMax and iPad) all the time. So far, it seems to work flawlessly.
I especially like VPN’s because they allow me to tunnel back to the U.S. when I’m in a foreign country so I can continue to access everything, including TV, that I could access if I was physically in the U.S.
I have TailScale installed, although I haven’t yet used its remote capabilities. Otherwise, I have PureVPN also installed that I use very occasionally.
Do you never find yourself at a coffee shop with an unprotected wifi network? Do you just refuse to use open networks like that? That’s about the only time I use a VPN…
I read that one company — Kape Technologies — owns multiple VPN brands, and they sell your data.
But really I don’t use my VPN enough for that to bother me. I mean, I pay so little for it I just assume they are monetising me in some way.
I used NordVPN in NE China. Not too successful. Kept losing it or bumped off. Pretty sure that I was checked out by two agents on two different occasions—friendly and non-confrontational, but by the nature of their comments and questions I felt that they were checking me out. I was in a part of China where I never saw westerners, so possibly they could realize that I was using a VPN. On the other hand, I spoke with a gent from Singapore who said that he was using a VPN and had no problems. Still again, now that I think about it, possibly he was another agent. Ha-ha. In any case, whatever it was, it was pretty benign.
I use OpenVPN Connect through my employer, mostly to access the work servers remotely, but I don’t bother to switch off the connexion, so I very likely also use the VPN during non-work access to the internet.
I also use tailscale - to access geofenced services i have paid for from my home computer when travelling.
I use FastestVPN, apparently run out of Turkey, as an occasional alternative to ProtonVPN. I paid for the FastestVPN “Lifetime” membership. It works well when I need it, with good speed and accessibility. It rarely bombs or suffers from server clogs. But ProtonVPN is my standard. I pay for Proton Unlimited. Proton servers will sometimes clog. When bandwidth is at its worst, I’ll switch to manual choice mode and dig for the least busy server, which is a great option. I always have FastestVPN handy as needed.
I have been using NordVPN for about 4 or 5 years. While it gives me peace of mind on my MacBook and iPad, it doesn’t work on my iPhone. Their support team suggested that one of my apps is interfering with it. They want me to delete all apps on my iPhone and begin again. That’s way too much hassle and they want me to do their work for them. The subscription ends shortly and I’m tempted to get DuckDuckGo Privacy Pro VPN instead.
I use WireGuard (Fritz!Box and iOS) to establish a permanent secure channel between my two homes and to connect with my mobile devices to my home network.
I use a VPN offered through Bahnhof, my ISP in Sweden. https://bahnhof.se/ The VPN is known as “Integrity VPN” https://integrity.st/ and is part of the “5th of July Foundation”. https://5july.org/ It uses the WireGuard protocol. https://www.wireguard.com/ While many companies talk about how important your privacy is to them, Bahnhof actually has a long history of demonstrating this commitment. Here is an article from Torrentfreak published in 2018. The ISP That Fights For Privacy and a Free Internet Bahnhof: The ISP That Fights For Privacy and a Free Internet * TorrentFreak
I’ve been using Freedome VPN on my devices for several years. I mostly use it when I’m traveling. I do also use Cisco AnyConnect VPN to connect to my employer, but only every 90 days when I have to change my password.
I’ve tried several VPNs, mostly to reach “home” for streaming services I couldn’t watch while I was abroad. In my opinion, ExpressVPN offers the best service for this purpose. Both MLB and Netflix are adept at identifying VPN connections and denying access to their services. ExpressVPN appears to have the best success in bypassing these restrictions, at least in my experience.
At home, I have AT&T Gig service, and I also appreciate that ExpressVPN is very fast. When I’m visiting sites I don’t necessarily trust, it doesn’t affect my online experience by slowing everything down to a crawl.
How would you rate Cloudflare’s 1.1.1.1?
Our office uses GlobalProtect from paloalto networks and Fortinet from Cisco systems.
Other than hooking up to your employer’s network (instead of your own or the local one, say, in a café or hotel) or accessing material restricted from the country you’re in or from the IP you’re at (say, a news article (note: streaming services may know the IPs of VPNs and bar them)), people use VPNs for privacy and piracy, so your own IP address doesn’t show up in your ISP’s logs or the logs of a web site you’re visiting.
I use hide.me VPN when I use one (which is only while traveling); and since I don’t travel that often, I want one I can subscribe to through Apple on a monthly basis only when needed. Most of those available through Apple require a yearly commitment. The rest of the time I just rely on Private Relay on all my devices.
Tunnelblick https://tunnelblick.net
For the first question, I answered “All the Time” but that is not technically true. There are many times when a website won’t work with my VPN enabled. I can’t give any examples off the bat, but it happens sometimes, and it is annoying that I have to disable it just to complete a form or even access the website or something else on a website. But aside from that it is on all the time.
I guess I am dense but I don’t understand the difference in question 2 between “Privacy” and “Anonymity”. In my mind, they seem pretty similar. I guess as noted, one is to hide the IP address one is to hide identity, but it seems that doing one will do the other, no? But what do I know?
I forgot about Tunnelblick. A startup I worked with a couple of years ago used it. It had the advantage of being free, but it was not the easiest to set up. Overall, though, it seemed to work well.
Nope. When I’m out and about, I just use my phone’s cellular connection. And I can’t remember the last time I visited a coffee shop for any reason.
When I’m traveling and I’m on a hotel network, there may be someone snooping, but as I wrote before, just about every web site (and especially anything with potentially sensitive data) is already HTTPS encrypted.
I really don’t care if some random spy sees that I’m visiting my bank’s web site, or streaming video from YouTube. As long as they don’t see the content of my session, I’m fine with it.
For work, I use Tunnelblick, provided by my employer. At home, I have Intego Privacy Protection. The latter, incidentally, often uses servers that Google balks at, requiring a captcha to proceed.
Thank you for helping. Everything you said is common knowledge that I have gleaned from mentions of VPNs over the years.
What is never said is how you actually set up and use any given VPN. Having tried to use one in the past, I found that downloading and installing one does nothing. Apparently they need to be configured somehow. Or they do nothing I can see or monitor. I understand what you can do but I’m astonished that nobody has ever explained how.
Can anyone help me find any articles explaining what to use a VPN for, how to configure it after installing it, and how to verify it works? Will it create a connection to a home machine with sharing turned on over the internet? I’ve often wanted to do that.
Yeah, a bit complicated but instructions are pretty good and make it fairly painless. Also, I guess I should have named the VPN as actually FrootVPN (https://frootvpn.com) using Tunnelblick. It’s not actually free but pretty nominal - $2.99/mo. Usually use the server in Sweden, good reliability and get really good speeds.
I had Nordvpn for 3 years until about 3 years ago. Being polite, their tech support was useless (the comment above about ‘erase your phone, let’s see if that works’ resonates), and it would drop constantly. I don’t think it ever stayed up for a full day on phone or mac. And it wouldn’t tell me it’d dropped, I had to notice. Useless. I’m surprised it topped the poll.
It depends greatly on the specific VPN.
My experience (with remote access VPNs like Cisco AnyConnect and OpenVPN on Windows) is that you install the software. Then you configure it with things like:
Some of these may be automatically populated by the installation script (e.g. the one my IT department gave me to do the installation).
Then when you want to connect, click on its icon (in the Windows system tray. Presumably there’s a menu-bar icon on Mac versions) and tell it you want to connect. Provide login credentials if requested and it should connect soon afterward. Once connected, your network traffic will be shunted through the VPN’s connection (via specially-crafted entries in your computer’s routing table).
If it is doing its job properly, you shouldn’t notice it is running. All your network traffic will flow from your computer to the VPN server and from there to its destination (possibly making a few hops through the VPN provider’s network on the way). Without network diagnostic tools (to see that the routes have changed), you shouldn’t notice any change.
When you’re done with the session, click its icon and tell it to disconnect. The app should remove the routing table entries and close the network connection to the VPN server.
I would like to assume that private-browsing VPNs behave similarly. Hopefully with a more user-friendly configuration interface (e.g. select the server from a list of options instead of making you type it in manually). But I haven’t used those products, so I can’t be sure.
I used PrivadoVPN (https://privadovpn.com) when a website wouldn’t let me buy because it is US based and I’m not. I can understand not offering shipping outside the US but I was buying a gift for delivery to my parents who do live in the US!
I use two different VPNs (one at any one time) on all my devices, since there are certain sites that work with one but not the other. I’ve been using personalVPN (formerly known as WiTopia) (https://www.personalvpn.com/) for many years and continue using it because it generally seems to not slow my system, and it’s been around so long that I have faith in it just due to its longevity. Unfortunately, there are a few sites that seem to have problems with it, but work OK with the other VPN I use sometimes, that being 1.1.1.1 (https://1111-w-warp.en.softonic.com/), which I chose because of its advertising that it was secure and fast, and like personalVPN, it does seem to not slow the system down (though admittedly I haven’t noticed the actual speed boost it claims to provide). Since they both appear in the VPN option in Settings and connect when I set them to connect (again, only one at a time), I’m just assuming they work as advertised - I’m not enough of a techie to delve into the inner workings to investigate further. There are of course some sites that work with neither VPN, and likely simply don’t work with devices connected via any VPN, Ticketmaster being the most annoying.
I used to use Tunnel Bear until I realized I couldn’t shop online with it operating. I tried turning it on/off but that was just too much so, I dropped it. No VPN now.
I used TunnelBear a number of years ago when I first went to Europe on a trip. Even though it supposedly had “local” servers I could route through (versus their home base in Canada), I found its performance to be hit-or-miss.
In some cases it was so slow as to be unusable, taking several minutes just to load one web page. I could never tell if it was the VPN or my wifi/cellular connection that was slowing me down. When I would turn off TunnelBear things would speed up, and after a while, I got so I was using it off most of the time and eventually I just stopped using it. Later, when my subscription came up for renewal, I didn’t bother.
That experience turned me off VPNs enough that I haven’t really used them since. If you’re in a situation where you really need one, then the slowdown might worth the trouble.
I have to use my employers VPN when I work from home or to access ultra-secure resources. The software is PaloAlto GlobalProtect.
That’s more than I knew before. Thanks for your patient explanation!
I have used a personal commercial VPN service since circa 2005. For the first 10 years or so I used Witopia but at some point I ran into a usability issue (I cannot recall the details and I didn’t retain any notes) which the company acknowledged but refused to address. The problem may not have been a deal-killer but their indifference regarding something that wasn’t prevalent at other VPNs at the time was. . .
While looking at my options I found an early Wirecutter.com review of VPNs. This was my introduction to the New York Times review website. (Years later I may use it as a starting point but I wouldn’t rely on it as my primary resource.) One of the 2 or 3 recommended services was IVPN.net. IVPN was easily the most expensive option, which was then $100 annually for the “Pro” plan. But there was a $70 “lifetime” limited-time price offer so I went for it. Since then I’ve only seen a 2-day Wirecutter $40 offer but I assume that it was for the Standard plan. Since then I haven’t seen any such IVPN offers apart from the 1-3 year discounts on its website.
My wife and I have IVPN apps installed on our Macs and iPhones. We usually use IVPN all the time and only disconnect on the rare occasion that a VPN is rejected and we must access something when there is no alternative.
I do not understand why IVPN is not more popular but I assume that it is mainly due to the cost. When I compare its policies and procedures to other commercial services it has few if any comparable competitors. I appreciate its commitment to customer privacy, transparent ownership/management, annual independent audits, its no-marketing policy (including no affiliate relationships), its use of open-source apps, and more.
Everything is carefully detailed in the Ethics, Privacy and Blog sections on its website. After reading all of the pertinent information I decided that I would rely on it and my personal experience rather than questionable online reviews. Some people will ask “how can you trust what they are saying?” My reply is that we all make decisions about which companies we should trust and most companies (particularly privately-held ones) are not as forthcoming as IVPN. I also refuse to become cynical despite having 71 years of experience living in this crazy world.
Is IVPN perfect? Of course not. . . But I haven’t come across anything that is remotely a deal-killing problem. When there are technical or other issues I have found IVPN to be quick to acknowledge and address them via its blog, etc. When I have required assistance their customer support has been fast to reply 24/7. There is also an active IVPN subReddit which is another way to ascertain the satisfaction of its customers.
I may be willing to accept certain technical aspects while others place a greater emphasis on them than I do. The company’s adherence to its stated policies and ethics along with its reputation are most important to me. Contrary to what seems to be popular opinion, I think that personal VPNs remain a viable component when putting together a multi-layer system protecting user privacy and against the growing variety of malware and other cyber-threats.
I’m glad to hear that I’m not the only one who had that experience. Fortunately, VPN Unlimited has turned out to be fine.
Doesn’t Apple’s iCloud+ Private Relay provide most (if not all) the security features of a VPN? And doesn’t it do that in a manner that doesn’t involve having to trust a stranger?
I’ve tried VPNs in the past. They invariably slowed my connections considerably. And then I asked myself if the security was worth it. How could I possibly know that the VPN server was itself secure? I couldn’t. And if it wasn’t secure, I was just paying someone to look over my shoulder.
If I was sitting in an airport just reading the news in a browser, and not logging into my bank account, did I even care if someone was snooping on me? In general, the answer was “No.” So why would I pay to have a New York Times article sent to me securely?
For the past few years, I’ve used PIA, but quite often Apple’s E-mail reports that the IP address I was using was “blacklisted” by (for example) Comcast’s IMAP or SMTP servers. And reconnection was a real problem when traveling overseas using my travel router, so a little over a month ago I tried NordVPN and found it to be much more reliable.
I also use the OpenVPN client to VPN into to my home network (many Netgear routers provide built-in support) so I can dip in there for occasional management/maintanence. Performance isn’t great, so I don’t use it for general, all-purpose networking.
If I had to guess, I’d estimate that 90% of VPN users do so to support remote work into a corporate workplace. But I feel like the survey questions are geared heavily towards personal VPN use.
Eg, my answer to the first question is “often” AND “only as necessary”, because I have to use it for work and I work often. And the answer to why is because my employer requires it, which isn’t even an option. Yes, my employer requires it for a number of security reasons, but most staff aren’t qualified to know the specific security reasons.
But I like the info about the Chinese. Not surprised. And yes I’ve often warned people that you’re heavily trusting whomever is at the other end.
Only for Web traffic in Safari.
From the current responses, only about 15% of people use an employer-provided VPN, which I would assume is what anyone doing remote work with a corporate network would use. It’s lower than I would have thought too.
I’m suspicious of selection bias based on your audience demographic :-)
For one, I get a feeling that you have a lot of older (retired?) readers.
Secondly, I think you have a more security-minded and technically-astute listener base, one that doesn’t match the populace at large.
But it’s pure hunch. I haven’t done any homework :-)
I’m based in the UK but am quite often in France, and to some extent other countries. I use Le VPN (https://www.le-vpn.com), not only on my Macs but also on an Amazon Fire TV stick and an Android tablet. It’s very stable on all these platforms. Support is good, with quick responses. I primarily use it for circumventing geographical restrictions. I note that some sources such as Netflix appear to know you’re using a VPN, but I don’t know how. (In fact a single Netflix account works in more than one country, so that one’s a bit theoretical.) I regularly link to UK sites when I’m in France, and to US ones when I’m in the UK or Europe.
I also wonder if responders are restricting themselves to use of a personal computer or to their Apple systems, since TidBITS focuses mostly on Apple’s products.
If people are omitting their Windows/Linux systems and/or their employer-provided systems, that would also skew the numbers.
I didn’t do this, but I suspect others might because when I take a commercial survey on computer usage, they usually make a point of asking that you only talk about computers you own and manage, not those provided by third-parties.
Right. I don’t usually use one on my Macs, but I do use the Windows-supplied VPN client on my work PC to work remotely. My wife is in the same situation. My daughter uses a Mac professionally, but that may have a VPN for her work (and she doesn’t use a VPN for personal use).
I’m not sure what to make of Google AI, but it has this to say about work vs. personal VPN use:
There’s definitely some hallucination going on here, because the numbers don’t add up.
It says 40% use VPNs for work or personal reasons. Then it says 30% use it for business-only and 23.1% for both - which adds up to 53.1%, not 40.
An actual web search found a Forbes article dated February 2024 (but talks about 2025 statistics, so there’s a mistake somewhere). Some possibly interesting data points:
I didn’t answer Yes to the employer-provided VPN question, because it would distort the survey. The reasons for using an employer-provided VPN are different than a personal VPN. The VPN provider is different. And since the VPN provider is not in the employee’s control, there’s nothing the employee can do about it, even if the VPN company is Chinese.
Yes, It’s hard to believe that individuals are paying $139 and $120 per year for their own VPN service (the undiscounted prices of the current top two services in the survey, NordVPN and ProtonVPN, respectively). I’d think these almost have to be third-party supplied. Both having a 70% off deal for starting a subscription sounds strangely suspicious.
Wish that the normal yearly costs were included with the service names, for better comparison.
I don’t think so. I you think you have a legitimate need, $10-12 per month seems quite reasonable.
I would be very wary of any services that are dirt-cheap. They are probably making money from ad-insertion or by selling the data that you thought you were hiding from third parties.
Low introductory prices that go up to normal levels after the first renewal is standard industry practice.
ISP’s, streaming services and just about every other service does this. So why not a VPN provider?
Okay, that makes sense. Where I live, cell service is often not good enough to be relied upon in circumstances like you describe…
I use BitDefender VPN Service, but I might go back to Private Relay.
I use FortiClientVPN, the one provided by my work company. I only use it to access a private company folders/information. So, it’s a way to use information within our company. I don’t seem to notice any barriers or when navigating. At the same time, I wonder if I’m being watched as I work. Now that would be interesting to know…
Well, this is a little embarrassing. Chinese ownership of VPNs is nothing new, and in fact, we did an ExtraBIT about it back in 2019.
And in this article from the pre-poll thread, @randy2 shared a YouTube video, which strongly implies (without actually stating) that most commercial encryption products, including VPNs have been compromised or may actually be run by various global intelligence agencies, both from “friendly” and “hostile” nations.
I haven’t bothered trying to fact-check that video, because it’s all just amusement to me (since I still don’t see a need to use VPNs except as a means of accessing an otherwise private network). But for someone who thinks that a VPN is necessary in order to avoid being spied on by (insert your favorite corporate/government entity here), that information, if true, is critically important.
Have a look at:
I mention an example of this in my earlier comment. One company owns several VPN an uses/sells info about you.
For me, it depends on the use case. I use the employer provided VPN only on my work MacBook Pro. I’m generally using it at least once during the day, but there are days I don’t need to (if I’m only working in Entra ID and Outlook/Teams/etc.). For my personal devices, when I’m out of the house, I have always-on wireguard VPN that connects back to my home router (Firewalla). I do use Proton VPN on the Firewalla to provide DNS over VPN via Unbound, and there are rare cases I’ll use it on my devices to get around a geo restriction (I work for a global company and there are times I need to appear to be coming from a European IP).
As a mid-Atlantic person with one foot in the US and the other in the UK I first used a free VPN in 2003 or 2004 to follow the reboot of Battlestar Galactica. Sometime later I migrated to the adorable TunnelBear which was fine until it wouldn’t support keeping up with the BBC from the States. Since then I’ve used ExpressVPN mainly for streaming and for internet use from public WiFi in airports, hotels and eateries. I was an early adopter of its Apple TV client. I’ve been thinking to make a switch since its acquisition, and will probably go for NordVPN despite some reservations. Installing Tailscale has been on my to-do list for too long,
I just ran into something of a related nature. Since the demise of Skype, I’ve been trying to get a replacement setup. One of those is Talkatone, as recommended by Doug Lerner @doug2. I couldn’t get past the first step in setting up the app, it gave me a weird “Account Registration Error” repeatedly. I contacted the company, and they gave me a few recommendations, including making sure I turned off any VPNs. I did so, but the problem repeated, even after I restarted and did a reinstall of Talkatone. I gave up on it, but when I read about your experience in this thread, it made me think that I was running into a related problem, so I just deleted my VPN, and lo and behold, Talkatone is now working. I’m eventually going to reinstall the VPN on my iPhone, but first I want to see Talkatone’s functionality.
I also use Bitdefender VPN, along with some of its other services. Living in Japan, sometimes I want to do things as though I’m in the states, and sometimes websites don’t function if you’re outside the USA.
I use AdGuard Pro’s VPN in my iPhone since I hate ads. I wished we could block ads better in iOS apps.
MullvadVPN is five EU a month. No offers, no annual fee. Five devices. Can do anonymous payment. Excellent service.
Yes it basically bypasses my PiHole that I use to block stuff that the kids are addicted to. Shhhh don’t tell them :) but then they just jump on the Apple TV or grab one of our phones. They’ll always find a way around it little bastards :-)