Product Use case Rating
Private Internet Access VPN Best Overall 4.5
Windscribe VPN Best Free Option 4.5
CyberGhost Best Features 3.5
TunnelBear VPN Best for Newbies 3.5
Hotspot Shield VPN Fast, But Use at Your Own Risk 3.5
Mullvad VPN Best for Privacy Fanatics 3
IPVanish A Jack-of-All-Trades 4
Avast SecureLine Best Built-In Feature Set 3.5
VPN Unlimited Not the Swiftest 3
Opera VPN Free, But Constrained 3
Avira Phantom VPN Generous But Erratic 3
ExpressVPN Powerful But Pricey 3
NordVPN Easy, But Slow 3
PureVPN Looks Good, Acts Bad 3

Introduction

Cybercriminals, spies, overeager retailers and even internet service providers can watch what you do online — but only if you let them.

Based on our performance tests and a comparison of features and pricing, Private Internet Access is the best overall virtual private network (VPN) service. Of the services we tested, it's the best overall performer and the cheapest full-fledged service we've reviewed, at $39.95 per year.

If you're looking for free VPN service, look into Windscribe, which has a very generous plan that gives you 10GB of VPN data per month, more than most people would need outside their homes or offices. At $49 per year, its unlimited paid service costs a bit more than Private Internet Access, but is just as fast and flexible.

Hotspot Shield gives you even more free data at 500MB per day, although it runs ads, but its paid service is also fast. We can't recommend any totally free full-fledged VPN services, but we can recommend several free limited options.


VPN News and Updates

— TunnelBear now supports Siri Shortcuts on iOS 12.

— Windscribe has added support for custom OpenVPN configurations in its Windows and Mac client software.

— Mullvad recommends all users update to client software version 2018.3, following changes made as the result of a security audit.

Why You Need a VPN

A VPN creates a secure tunnel through the internet for your data. Nothing you do will be readable by others until it reaches the VPN servers at the other end of the tunnel.

With hundreds of VPN services and clients available, it can be difficult to decide which one to use. We've extensively tested several popular VPN services that met three requirements: They had both desktop and mobile client software (with one exception), they had VPN servers in many countries, and they offered unlimited data use, at least in their paid versions.

Our Top Picks

For two years running, Private Internet Access has performed the best in our network tests and remained the cheapest full-fledged VPN service we've tried. It has more than 3,000 servers worldwide, supports platforms ranging from Windows and Mac to open-source routers, and lets you customize your tunneling and encryption protocols. You can pay in bitcoin, and you don't have to provide your real name.

Private Internet Access' client interfaces aren't as flashy or cutesy as some other services' software, but they're clear and simple enough for newbies to start right away. A toggle switch reveals all the settings a VPN expert would ever want to play with. You can also skip Private Internet Access' software and connect directly to the servers, or use a third-party OpenVPN client.

The only downsides to Private Internet Access are that you can't select your own username — you've got to stick with an assigned random ID — and that you've occasionally got to reinstall a balky driver in Windows. (There's a button to do this.) Selecting Private Internet Access as our VPN service of choice was almost a no-brainer, but because it's based in the U.S., anyone wary of the FBI may want to consider another service.

Windscribe's standout features are a very generous free service that gives you up to 10GB per month and a moderately priced paid service that lets you connect as many devices at once as you like. (Most other VPN services permit only five at a time.)

Windscribe's network performance was once about average in our tests, but a recent switch in VPN protocols put it on par with Private Internet Access in head-to-head tests. Windscribe is compatible with many platforms (including routers and Amazon Fire and Kodi TV set-top boxes), offers a wide variety of connection options, has a wide geographic reach with hundreds of servers, and presents an appealing, if minimal, user interface.

You can pay for a Windscribe subscription with bitcoin, and you don't even have to provide an email address. The service is based in Canada, which may appeal to users wary of U.S. authorities. The only feature lacking is a kill switch to stop all internet activity if the VPN connection is lost while in use, but Windscribe argues that its built-in firewall prevents data leakage.

We've knocked CyberGhost down a peg from last year's standings because the service's network performance wasn't as great this time around in our tests. Yet it has a feature-loaded, user-friendly interface, with convenient buttons in the Windows client software for streaming media, torrenting files, protecting your Wi-Fi transmissions and evading censorship. (The Mac desktop software has fewer features.)

There are about 3,000 CyberGhost connection points in about 60 countries worldwide. You don't need to provide your real name, just a working email address, and you can pay in Bitcoin to remain nearly anonymous. As with most full-fledged VPN services, you can connect directly from your operating system's network settings or use third-party OpenVPN software to do so. You can also select from among VPN protocols and set up a home Wi-Fi router to use CyberGhost all the time.

CyberGhost is transparent about its company structure, posting photos and bios on its website of everyone from the CEO to the cleaning lady, and privacy fanatics will like that the company is based in Romania rather than the U.S. But CyberGhost's full-service subscription price is among the most expensive month by month — it's far better to just pay for a year at a time.

Goldilocks would love TunnelBear, as it's just right for VPN newcomers. It has a friendly, easy-to-use interface; offers a limited free plan that's ideal for casual use in airports and cafes; is uncomplicated yet offers a fair number of options; has about 1,500 servers in 20 countries; and doles out a large helping of security and privacy.

Even TunnelBear's network performance and pricing are just about average compared to other services we've reviewed, except that you can pay anonymously with cash. The company takes security and privacy seriously, explaining its policies and protocols in plain English, and you can read the results of a third-party security audit on the company website.

However, you've got no choice but to run TunnelBear's client software (unless you use Linux), which may concern some privacy-minded users, and there's no option to set up TunnelBear connections on routers or other devices. Last but not least, this tiny Canadian firm is now owned by U.S. antivirus giant McAfee, which may mean TunnelBear is subject to U.S. search warrants.

Hotspot Shield downloaded files rapidly in our performance tests and has 2,000 servers around the world (including in China and Russia, rare for a VPN service). It offers an easy-to-use, attractive interface, and the Android client app scans your device for malware.

Hotspot Shield also offers an entirely free, ad-supported VPN service, as well as an affordable lifetime subscription. The monthly and yearly costs are rather pricey — confusingly, there's no longer an option to pay for a single year at a time — but you can pay with store gift cards to remain relatively anonymous.

But whether you pay or not, you have to use Hotspot Shield's client software, which is limited to Windows, Mac, Android and iOS. Many VPN services let you connect to their servers in other ways, and privacy advocates say that's the better way to do it.

Hotspot Shield depends on a custom VPN protocol that's not been publicly analyzed by independent experts. We don't know how private or secure it really is. The company has been accused of spying on users (it denies the allegations), and complaints abound online about Hotspot Shield software installing on PCs without users' permission. All this, and the company's U.S. location, may scare away customers who want to protect their privacy.

Mullvad is not that easy to use, with a bare-bones desktop interface and, unlike every other VPN service we've reviewed, no mobile client apps. (You do get instructions on how to manually set up OpenVPN apps.) This service's network speeds were far from great in our tests, and it's fairly expensive, with no discount for paying yearly instead of monthly.

Yet Mullvad is worth a look because it's extremely private and secure. It asks nothing about you when you sign up. Instead, it assigns you a random number that will be your combined username and password. You don't have to provide an email address, and you can pay by mailing cash to the company's headquarters in Sweden. (Mullvad also takes credit cards, PayPal, bitcoin and wire transfers.)

Like many other services, Mullvad permits manual setup of PCs, smartphones and routers, and Linux users can test out a new open-source VPN protocol called WireGuard. Mullvad isn't for everyone, but it's the perfect choice for privacy fanatics.

Features Compared


Avast SecureLineAvira Phantom VPN (Pro)CyberGhost
Express
VPN
Hotspot Shield
IPVanishMullvad
NordVPNOpera VPNPrivate Internet AccessPureVPNTunnelBear
VPN Unlimited
Windscribe
Client softwareWindows, Mac, Android, iOSWindows, Mac, Android, iOS; Chrome  extension
Windows, Mac, Android, iOS; Chrome, Opera  extensions
Windows, Mac, Android, iOS, Linux, Kindle Fire, Nook, some routers; Chrome, Firefox, Opera extensions
Windows, Mac, Android, iOS; Chrome, Firefox  extensionsWindows, Mac, Android, iOS, Ubuntu Linux, Amazon Fire TV
Windows, Mac, Linux
Windows, Mac, Android, iOS; Chrome, Firefox extensions
Windows, Mac, Linux, Android, iOSWindows, Mac, Android, iOS, Linux; Chrome, Firefox, Opera extensionsWindows, Mac, Android, iOS, Android TV, Amazon FireStick, Kodi; Chrome, Firefox extensionsWindows, Mac, Android, iOS; Chrome, Firefox, Opera extensionsWindows, Mac, iOS, Android, Linux, Windows Phone; Chrome, Firefox extensions
Windows, Mac, Linux, iOS, Android, Amazon Fire TV, Nvidia Shield; Chrome, Firefox, Opera extensions
Manual/3rd-party connection
None None Above, plus Linux, ChromeOS, Windows Phone, open-source routers
Above, plus ChromeOS, Windows Phone, NAS drives, other routers
None
Above, plus routers, ChromeOS, Windows Phone
Above, plus Android, iOS, routers
Above, plus Linux, ChromeOS, Windows Phone, BlackBerry, routers,
None
Above, plus routers
Above, plus routers, Linux, ChromeOS, Kindle Fire, NAS drives
Linux only
Above, plus Roku, Amazon Fire TV, Android TV, routers
Above, plus Windows Phone, Kodi, routers
Max. devices connected at once5Unlimited735
55
6Unlimited555
5
Unlimited
Number of servers54823,000+2,000+2,000+
1,000+170
4,000+500 max desktop; 586 mobile3,100+7501,700
400
500
Countries with servers3425609424
6029
62328140+20
52
52
Ad blockerNoNoYesNoOnly on Chrome extension
NoNo
YesYesYesDesktop onlyChrome extension only
No
Browser extensions only
Payment optionsCredit card, PayPalCredit card, PayPalCredit card, PayPal, Bitcoin. more
Credit card, PayPal, BitcoinCredit card, PayPal, gift cards
Credit card, PayPal, Visa-branded gift cardsCredit card, PayPal, cash, Bitcoin, more
Credit card, PayPal, Bitcoin, moren/aCredit card, PayPal, Bitcoin, gift cards, moreCredit card, PayPal, Bitcoin, gift cards, moreCredit card, PayPal, Bitcoin, cash, more
Credit card, PayPal, Bitcoin, gift cards
Credit card, PayPal, Bitcoin
ID requiredReal name, street addressReal name, street addressValid email addressValid email addressValid email address Valid email addressNone
Valid email addressNoneValid email addressReal name, email addressValid email addressValid email address None
Country of registrationCzech RepublicGermanyRomaniaBritish Virgin IslandsUnited StatesUnited StatesSweden
PanamaNorwayUnited StatesHong KongCanada/United States
United States/Ukraine
Canada
Kill switchNoYesYesYesYes
Mac & WindowsYes
Windows, Mac, iOSNoYesWindows, Mac, Android
Yes
Yes
No
Supported protocolsIKEv2/IPsec, OpenVPN, L2TP/IPsecOpenVPN, L2TP/IPsecIKEv2, OpenVPN, L2TP/IPsec, PPTPOpenVPN, L2TP/IPsec, SSTP, PPTPCatapult Hydra VPN
OpenVPN, L2TP/IPsec, IKEv2,
PPTP
OpenVPN, WireGuard
IKEv2, OpenVPN, L2TP/IPsec,
PPTP
OpenVPN, L2TP/IPsec, SSL proxyOpenVPN, L2TP/IPsec, PPTPIKEv2, OpenVPN, L2TP/IPsec, SSTP, PPTPIKEv2, OpenVPN
IKEv2, OpenVPN, IKEv1, LT2P/IPSec, PPTP, KeepSolid Wise
IKEv2/IPsec, OpenVPN

How We Test VPNs

One basic test for a VPN service is to check how long a VPN client takes to connect to a VPN server and get online. For our 2018 reviews, we installed each vendor's VPN client software on an HP EliteBook x360 1020 G2 laptop running Windows 10, an iPad mini and a Samsung Galaxy S8 Android phone. (In 2017, we used a Lenovo ThinkPad X1 Yoga notebook, an Apple MacBook Air, a Samsung Galaxy S6 phone and the iPad mini.) We used each device with each VPN service we tested.

Using Wi-Fi on the Windows laptops, we timed how long it took to connect to websites, measured latency times (how long it took a server to respond), and recorded upload and download speeds with Ookla's Speedtest meter, both with and without the VPN activated. We also timed how long it took to download a large video file, both with and without VPN activation.

We measured how quickly a VPN service connected after we clicked the activation button. These readings, and those of the data speed and latency — how long it took to get a response from a destination server — were repeated three times and averaged.

During each test run, we noted how many times (if any) we needed to re-establish the VPN link.

We also used each VPN for a variety of more mundane things, such as receiving and sending email; retrieving, updating and saving Google Docs files; and playing a few online games.

Other VPN Services Reviewed

IPVanish wasn't the top performer in our 2017 round of testing, falling in about the middle of the pack. But it was one of the most reliable VPN services, connecting smoothly and staying connected every time we used it. IPVanish has excellent client software, although you can connect to the company's servers manually, and a decent array of about 850 connection points in 50 countries. However, its subscription price is kind of high, and its U.S. base may be a negative for some potential customers.

Avast SecureLine VPN offers good overall performance and steady connections, and it was the best of the limited-feature services we tested in 2017. But at $80 per year for software installation on five devices, it's more expensive than any full-fledged VPN service that doesn't limit installations. A single Mac or PC license is $60, while iOS or Android licenses are $20 each.

VPN Unlimited has great software that works with many platforms and devices, and the company has servers around the world. But its network performance was among the worst we've seen, and it has a U.S. address despite basing most of its operations in Ukraine.

Opera VPN works only through the Opera web browser, and it shouldn't be used for sensitive communications. Once very fast, Opera's VPN connections were painfully slow in our most recent tests. The Opera VPN mobile apps, which were full-fledged VPN services that performed decently in our 2017 tests, unfortunately closed up shop at the end of April 2018. There's one good feature, though: Opera VPN streamed Netflix successfully from all of its server locations (there are only three of them), which is more than many paid VPN services can do.

Like Avast, Avira got into the VPN business to complement its antivirus offerings. Phantom VPN is easy to use and gives you up to 1GB of data per month for free, making this service ideal for vacation travelers who just need to check email. Its unlimited paid plans are reasonably priced, but it had slow downloads and dropped connections in our 2017 tests.

ExpressVPN has a wide range of client software, a dedicated proxy service for streaming media and its own DNS service. But in our 2017 tests, it dropped many connections and its overall performance was in the middle of the pack. It also allows only three devices to be connected simultaneously per account, and it's one of the most expensive services we evaluated.

NordVPN is easy to set up and use, has more than 1,000 servers across the world, encrypts your data twice, has an easy-to-use Chrome extension to provide a quick proxy service, and is reasonably priced. But its performance in our 2017 tests was only so-so.

PureVPN has servers in more than 140 countries and can be very inexpensive if you pay for two years up front. It also lets you "split-tunnel" your service so that some data is encrypted and other data isn't. But PureVPN was at or near the back of the pack in almost all of our 2017 performance tests. In October 2017, the U.S. Department of Justice disclosed in a criminal complaint that PureVPN had given the FBI customer logs in reference to a cyberstalking case, which kind of negates the entire point of using a VPN.

What VPNs Do and Don't Do

Using a VPN can make it look like you're someplace else. It's a well-worn practice to evade online censorship, as is done in some countries, or to tap into U.S. streaming services while in Europe or Asia. We've used VPNs to read the New York morning paper in Beijing and watch U.S. TV in England.

But there are some caveats. A VPN will give you more privacy but not more security. If you end up on a website harboring malware, the VPN can't prevent you from being infected. (Some of the full-fledged VPN services block known malicious websites.)

Credit: Opera VPNCredit: Opera VPNAlso, although your data is encrypted as it travels between you and the far-off VPN server, it won't necessarily be encrypted once it leaves the VPN server to get to its final destination. If the data isn't encrypted — and that depends on the website you're connecting to — then the traffic might be intercepted and read. (One well-known VPN provider was recently accused of inserting ads in users' web browsers, which would violate users' security and privacy.)

If you just want to evade geographical restrictions on streaming content, such as BBC iPlayer or Hulu, you don't need a VPN to do so. You just need a proxy service that will make it look like you're in the right country. There are many free proxy services available, but do your homework before choosing one — some are a bit dodgy.

Finally, Netflix and the BBC are cracking down on VPNs and proxy services. There's no guarantee that a particular service will evade geographical restrictions on a particular day.

Know Your VPN Types

All of the VPN services we've reviewed use the AES-256 encryption standard, which would take a well-equipped hacker with a powerful computer many years to crack. Anyone eavesdropping on your Wi-Fi traffic in a café would see gibberish without the encryption key.

Nine of the VPN services we've tested — CyberGhost, ExpressVPN, IPVanish, Mullvad, NordVPN, Private Internet Access, PureVPN, VPN Unlimited and Windscribe — are what we call "full-featured." If you plan on running all your home internet traffic through a VPN, or you travel frequently, these are the services you should consider.

These services offer many ways to connect, including without the service's client software; support operating systems and devices, such as routers or set-top boxes, beyond just the "big four" operating systems (Windows, Mac, Android and iOS); have hundreds, or even thousands, of servers in dozens of countries; and generally let the user sign up and pay anonymously.

Credit: IPVanish VPNCredit: IPVanish VPNThe flip side is that a few of these full-featured services are pretty anonymous themselves, operating behind shell companies in offshore tax havens. If you're trying to avoid government scrutiny, that's great, but you might have a hard time getting your money (or bitcoin) back in a dispute with the VPN provider.

Two more services, Hotspot Shield and TunnelBear, make you use their client software, which is limited to the big four OSes. You can't connect your home router or other nonstandard devices directly to these service's VPNs. (TunnelBear makes an exception for Linux boxes.)

Avast SecureLine and Avira Phantom VPN are run by antivirus companies as complements to their primary businesses. These services are also limited to Windows, Mac, iOS and Android and don't work without client software. But they offer few features, have a couple of dozen servers at most and don't let you pay anonymously. However, the companies are known quantities, and the services are handy for occasional travelers.

Finally, there's Opera VPN, which is completely free. The desktop version works only within the Opera web browser. But the mobile apps, which are made by a different company, encrypt all the internet traffic to and from an iOS or Android device. However, both the desktop and mobile versions of Opera VPN have servers in only five countries.

VPN Protocols

There are several different VPN protocols, not all of which are used by all of the VPN services we reviewed. Most operating systems have built-in support for at least one of these protocols, which means you can use that protocol — and a willing VPN service — without client software. The full-fledged VPN services have online instructions for how to do this, as well as how to set up routers to connect directly to the services.

OpenVPN: OpenVPN is very secure, open-source and widely used. Most VPN services support it, but except for Chrome OS and Linux, few operating systems do. This protocol can be used in either TCP (web) or UDP (streaming) mode; the latter is sloppier but faster. You'll need either the VPN service's client software or one of the many free alternatives. Either way, you'll still need to pay for the VPN service.

L2TP/IPsec (Layer 2 Tunneling Protocol with Internet Protocol Security): L2TP is not secure itself, so it's generally paired with the IPsec secure-networking standard. The combination of the two was once thought to be very secure when properly implemented, but some VPN services suggest that you use OpenVPN instead. L2TP/IPsec has native support in Windows, OS X/macOS, Android, Chrome OS and iOS. Most VPN services support it.

IKEv2 (Internet Key Exchange version 2, generally with IPsec): This is a newish standard that is very secure when properly implemented. It has native support in Windows, iOS, and recent versions of OS X/macOS.

SSTP (Secure Socket Tunneling Protocol): SSTP is a Microsoft protocol with native support on Windows Vista and later versions. It's thought to be quite secure, but only Microsoft knows for sure.

PPTP (Point-to-Point Tunneling Protocol): This standard is largely obsolete, with many known security flaws, but it's fast. It has native support built into Windows, Android, and older versions of Mac OS X and iOS; Apple dropped support with macOS Sierra and iOS 10. Use PPTP only for streaming content, as it won't protect your data.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
22 comments
Comment from the forums
    Your comment
  • toshibitsu
    If you're just going to be "browsing the web", you could also just use Tails OS: https://tails.boum.org / https://distrowatch.com/table.php?distribution=tails
    Load it onto a USB drive & boot from the USB(from any PC). As it states... providing complete Internet anonymity for the user.
  • maxxgem
    Great article though why would any VPN need to implement a kill switch on Android if it already has built-in system wide kill switch?
  • renecoder
    Cannot share a lot about others only that the speed of nord in this post is underrated: the speed when torrenting isnt dropping more than regular (since you are connecting to foreign server) but other than that - totally satisfying service.
  • krystianpotts
    Agree with RENECODER never had any speed issues with Nordvpn. Can't be more satisfied with a service
  • jandawson
    I'm a nordvpn user and was suprised that nord did not that well in this review. I never had any problems with connection speeds or buffers with them. Maybe it should be tested agai in this year as it has improved a lot.
  • safahpower
    Really curious how they conduct this review? Nordvpn is the top rated VPN in many reviews like Pcmag etc.!
  • blakeford223
    this article should be updated as the information in it is not completely true. for example opera vpn is discontinued already. after that i purchased nordvpn and now trying out their features, even from first look i can say that it's very user friendly and so far works with netflix streaming
  • ksh436
    Where is Nordvpn, top rated vpn not listed in your review.
  • person1000
    Unfortunately Private Internet Access PREVENTS you from sending email while connected unless your email provider is AOL, Google, mail.com, outlook or yahoo. MAJOR FLAW and makes the product useless to me now. I had been a happy customer. Just cancelled my subscription and moving to a better provider. AVOID PIA IF YOU SEND EMAIL
  • dsilverburgh
    Its a good read for sure. I want to know what is split tunneling and why it is significant for any VPN? I've googled it but can't get a good direction on it. Thanks
  • garrettrios
    I'm confused why NordVPN is not even on this list? I can't be the only one who finds this suspicious as they shine in other reviews in sites like pcmag, vpnspecial etc. Ratings can't vary that much. I'm using Nord myself so I know for a fact that they have a good product, 100% worth mentioning.
  • tanjan
    I completely agree that NordVPN is easy to use (even my wife know how to use it) and I didn't feel any speed drops.
  • fayeday183ef
    I think this article needs an update! I have no idea how you conduct your reviews, but reading your list chose a VPN provider and had nothing but problems. After all of the struggles switched to Nordvpn which is rated as slow VPN according to you guys, but my experience is completely opposite. Please don't mislead your audience
  • justin.m.beauvais
    I've been using VPN Unlimited and I can see what you mean about it being a bit slow, however, several fairly quick serves do exist... it is just trial and error to find them. Otherwise I'm pretty satisfied with my service.
  • mitchellyoung
    it would be interesting to see how did you test the speeds of these vpn's as it's strange that nord is rated not that well here. i'm using nordvpn for a few years and it's easy to see that they improved a lot lately. anyway, if you'd compare their speeds now, i think it would go right from six to ten.
  • jscuras
    Sadly, I engaged PIA, the number one rated and paid a "great price" for a 3 year service only to findout that dur to a recent SMTP abuses they no longer can be used when using Microsoft servers. So, all of my outbound email is rejected from Microsoft Servers due to this policy. In itself, fine, but as I enrolled in this service and while setting up the servie at no time was this mentioned nor, prior to a May 15 issue, was this a problem.

    And, after days of issues and trying to get support, I never once had a tech personally engage to try and resolve the issue. They continued sending crutic emails which were often difficult to interpret and therefore extended the agony.

    Then I find this new policy issued on 5/30 explaing that the email service I use, microsoft, is not supported. You think this would be made abundantly clear up front but it is hidden in a policy and never mentioned by setup support which is likely part of an unwritten policy of greed.

    So, I now findout this wonderful service will not support my client and request a refund and they tell me after 7 days no refunds are possible.

    I find this a disgrace and ask Tom's Hardware to reconsider vendors for their fairness and transparency and not their services alone when including a company like this into their list of "Best Services". And, any help you can provide in exposing this new policy would be appreciated also!

    Regards,

    John
  • quintdailynews
    Excellent.. :) Thanks for sharing a detailed guide.
  • sandyrivers
    In the past few years, I had terrible luck with VPNs... one provider didn't work with Netflix at all, and the other one very cluttered app interface which drove me crazy, so every time I used it, I felt frustrated. Now I'm testing Nordvpn. I'm not very trustful with big names, and its price seems too high for my pocket, but I thought I should give it a shot. In a few months of using Nord I didn't see any bugs or issues, so I feel that it's better to pay a few extra bucks but have a stable service like this, so in the long shot, it's totally worth the price I paid. Don't be afraid to invest, people.