cross-posted from: https://lemmy.ml/post/37366040
After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.
Providers
- AirVPN
- IVPN
- Mozilla VPN
- Mullvad VPN
- NordVPN
- NymVPN
- Private Internet Access (abbreviated PIA)
- Proton VPN
- Surfshark VPN
- Tor (technically not a VPN)
- Windscribe
Notes
- I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
- Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
- Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
- Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
- The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
- Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
- All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
- Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
- Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.
Takeaways
- If you don't mind the speed cost, Tor is a really good option to protect your IP address.
- If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
- If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.
ODS file: https://files.catbox.moe/cly0o6.ods

If you're going to be giving out advice, you should at least know that Mozilla VPN is rebranded Mullvad VPN. So most of the information on your chart should be exactly the same for both.
https://www.mozilla.org/en-US/products/vpn/features/
Scroll down to "Convenient," then "More than 500 servers in 30+ countries," and click on the link "See our list of servers," which takes you to the Mullvad website server list here:
https://mullvad.net/en/servers
Unless something has changed, the VPN that Malwarebytes sells is also rebranded Mullvad.
In my opinion, if you're going to include a VPN like PIA, you should also include who owns them (Kape Technologies - owner of multiple VPNs), and instruct people to do an internet search for "Kape Technologies malware." I'm not saying don't get PIA, but people should be able to at least make an informed decision:
"Kape Technologies, originally known as Crossrider, has a history of distributing malware through its ad injection platform before rebranding and focusing on VPN services. While it has since shifted its business model, concerns about its past and corporate practices remain prevalent in discussions about its VPN offerings."
https://www.malwarebytes.com/blog/detections/adware-crossrider
Additional reading: https://en.wikipedia.org/wiki/Teddy_Sagi#Kape_Technologies
Likewise, inform people to search for "Nord data breach," so people can again make an informed decision. It wasn't the fact that there was a data breach, but how it was handled that some had a problem with:
"Evidence indicates the attack most likely happened some time between January 31st, 2018, when the server came online, and March 5th, 2018. The attack was made via a compromised data center account, not an account managed by NordVPN. The data center deleted this account on March 20th, 2018, blocking any further access to the server. NordVPN claims not to have been notified about the breach until April 13th, 2019, more than a year after it happened. It took down the server the same day, and began an immediate audit of its 5,000 servers. The company wouldn't go public until evidence of the hack emerged some six months later. Why? The blog post stated: 'thoroughly reviewing the providers and configurations for over 5,000 servers around the world takes time. As a result, we decided we should not notify the public until we could be sure that such an attack could not be replicated anywhere else on our infrastructure.'"
Again, not saying there is a problem with PIA and Nord, just that people should know about these things before making a decision.