The 10 most secure VPN services to keep you safe online in 2021

In this guide we list the five most secure VPN services according to our rigorous testing, so you can be sure your chosen VPN provider takes your privacy and security as seriously as you do. We will also give you some helpful tips on staying secure online with a VPN.

What are the most secure VPNs in 2021

We have been testing VPN services since 2013, so we know them inside out. Below we have listed the most secure VPNs. All of these services have secure apps with strong encryption and advanced security features to ensure your online privacy and security. Scroll down for a longer list.

  1. ExpressVPN - The most secure VPN on our list. This service is super secure but doesn’t compromise on speed and performance.
  2. Private Internet Access - A secure zero logs VPN. Not only is it packed with security features, but it has proven its no logs policy in court!
  3. CyberGhost VPN - An easy to use VPN with watertight security. It offers secure apps for Android & iOS with the same great levels of privacy.
  4. Surfshark - A secure VPN that is packed with value. For $2.49 a month you get excellent encryption, privacy features and fast connection speeds.
  5. ProtonVPN - A very secure VPN service from the developers of ProtonMail. With that pedigree it's no surprise that it made it into our top picks.

See full list & in-depth analysis

Every VPN should be able to provide users with a secure connection. That much is fundamental, but some services do a much better job of this than others. Because the VPN market is so overcrowded, however, it can be difficult to find a secure VPN that offers you all the features you need to safeguard your digital privacy properly.

The true mark of a secure VPN lies in its technical security to keep you safe online. To accomplish this, a VPN service must offer the following features:

We recommend that you look out for these features when choosing a VPN for security reasons, and we check these features are included by our recommended VPNs. So, let's take a closer look at our shortlist of the most secure VPN services available today.

The 10 most secure VPN services in 2021

We take a look at the most secure VPNs in 2021 below:

ExpressVPN is the #1 most secure VPN. It's chock full of impressive security features, offers solid encryption & doesn't compromise on speeds.

  • Pricing

    From  $6.67 - $12.95
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

ExpressVPN’s focus on providing a great customer-focused experience has always impressed us here at ProPrivacy. Central to this is the company's excellent 24/7 live chat support, its genuinely no-quibbles 30-day money-back guarantee, and its easy-to-use apps for all major platforms.


Besides this, ExpressVPN packs truly outstanding technical security that stands above the other secure VPNs in our list. It implements AES-256 cipher for OpenVPN, with an RSA-4096 handshake and SHA-512 keyed-hash message authentication code (HMAC). Perfect forward secrecy is provided courtesy of Elliptic Curve Diffie–Hellman (ECDH) key exchanges for data channel encryption.


Unlike most other iOS apps, the ExpressVPN iOS app actually uses OpenVPN - a great detail and a testament to the provider's commitment to security. When you add full Domain Name System (DNS) leak and Web Real-Time Communication (WebRTC) leak protection, along with a firewall-based kill switch, it becomes clear that ExpressVPN offers exceptional VPN security. You can put this and the provider's new Lightway protocol (which offers a faster and more secure VPN experience) to the test yourself, with its 30-day money-back guarantee protecting you if you change your mind.


Additional features: five simultaneous connections, “stealth” servers in Hong Kong, free Smart DNS, .onion web address.

PIA has a well earned reputation for being secure. It has proven that it keeps no logs, it implements encryption to an impressive level & tops it off with some nice features.

  • Pricing

    From  $2.69 - $9.95
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

Private Internet Access (PIA) is based in the US, so is not a provider for the more NSA-phobic out there. However, it keeps no logs, which is a claim that it has actually proven in court! And as well as being customizable, its security protections are extremely good.


At maximum settings, OpenVPN encryption uses an AES-256 cipher with HMAC SHA256 for authorization and an RSA 4096 handshake for the data channel, and an AES-256 cipher with HMAC SHA384 authentication for the control channel. Perfect Forward Secrecy is delivered with a Diffie Hellman exchange (DHE) for RSA handshakes (or ECDHE+ECDSA for ECC handshakes).


PIA’s desktop software supports multiple security options, a VPN kill switch, DNS leak protection, and port forwarding. Up to 10 simultaneous connections are permitted. It's Android app is almost as good, and PIA boasts excellent connection speeds. You can test the service risk-free with a 30-day money-back guarantee.

CyberGhost is a VPN that makes staying secure online easy. If you want peace of mind online, but don't want to spend time tinkering with settings, then CyberGhost is for you.

  • Pricing

    From  $2.25 - $12.99
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

CyberGhost VPN manages to combine a wealth of features with an easy-to-use interface - meaning that it's a great pick for VPN newbies. The provider packs very strong encryption, and the 7 simultaneous connection allowance is quite generous. Being based in Romania and keeping no meaningful logs is also a big draw. Like ExpressVPN, some minimal statistics are kept, but with no timestamp or IPs recorded, these present no threat to users’ privacy.


The OpenVPN encryption used by CyberGhost is as strong as it gets. Data channel used an AES-256-CBC cipher with SHA256 hash authentication and Control channel uses an AES-256 cipher, RSA-4096 key encryption, and SHA384 hash authentication. Perfect forward secrecy is provided by an ECDH-4096 key exchange.


CyberGhost's top-notch logging policy, decent local (burst) speeds, and fully featured software gave it a spot on our list. We'd recommend trying it out for yourself, and you can do so with a generous 45-day no-quibble money-back guarantee on subscription plans longer than one month.

Surfshark is a secure VPN service that is packed with value. With a great arsenal of privacy features and encryption, what really impresses us is the price.

  • Pricing

    From  $2.49 - $12.95
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

Surfshark is a VPN provider that is known to be a superb all-rounder. The VPN has apps for all platforms that come with all the advanced privacy and security features you need. This includes a kill switch, DNS leak protection, obfuscation, and OpenVPN encryption. And its OpenVPN is implemented with a strong AES-256 cipher and reliable Perfect Forward Secrecy.


This ensures that your data is always protected against eavesdroppers and hackers. Plus, its no-logs policy ensures that Surfshark never has any data about what you do online. Due to its advanced privacy features, this VPN can be trusted by journalists, lawyers, and other citizens looking for the highest privacy levels.


And Surfshark is suitable for doing sensitive tasks such as torrenting. A VPN with servers in over 60 countries that can unblock virtually any geo-restricted international or censored websites and services. You can test it on unlimited devices simultaneously, and completely risk-free, thanks to its 30-day money-back guarantee.

ProtonVPN is a very secure VPN service from the developers of ProtonMail - so it has pedigree. What makes this service really stand out is a double-hop feature.

  • Free option

    Yes

    Pricing

    From  $3.29 - $5.00
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

ProtonVPN is, as its name suggests, a VPN service from the people who reinvented secure email with the now-famous ProtonMail service. ProtonVPN is based in privacy-friendly and NSA-free Switzerland, and all its apps are super-secure and open source (with the Android app available on F-droid). 


The Windows client and Linux script use OpenVPN, while the macOS, Android, and iOS VPN apps use IKEv2. The OpenVPN settings used are an AES-256-CBC cipher with HMAC SHA-512 hash authentication on the data channel and AES-256 cipher with RSA-2048 handshake encryption and HMAC SHA-1 hash authentication on the control channel.


Perfect forward secrecy is provided by a Diffie-Hellman key exchange (key length unknown). IKEv2 uses an AES-256 cipher with RSA-2048 handshake encryption.


ProtonVPN uses only bare metal servers and we have never detected an IP leak of any kind when testing the service.


It’s Windows and macOS clients feature kill switches which are firewall-based but do not use the OS system firewalls. ProtonVPN’s SecureCore feature is a double-hop VPN setup designed to foil end-to-end timing attacks. 

AirVPN is an obvious choice for our most secure VPN list. It had to be, considering it lets users connect to VPN servers via the Tor service. Genius.

  • Pricing

    From  $3.23 - $8.05
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

AirVPN is at the top of the game when it comes to fast, secure VPN technology, but its tech-heavy focus and rather brusque support manner may alienate many would-be users or VPN greenhorns.


OpenVPN uses AES-256 with RSA-4096 handshake, HMAC SHA1 data channel authentication, HMAC SHA384 control authentication, and DHE-4096 for perfect forward secrecy. It allows users to connect completely anonymously to its servers via the Tor network and can hide OpenVPN communications inside a Secure Shell (SSH) and Secure Sockets Layer (SSL) tunnel.


The open-source desktop client disables IPv6, and its “network lock” feature acts as a kill switch and prevents DNS leaks. WebRTC leaks are blocked by both the network lock function and at the server level. This protects users from WebRTC leaks, even when using the generic OpenVPN app. Furthermore, AirVPN runs its own bare-metal servers. It also has secure VPN Apps called Eddie which works on Android and Linux. Give it a go with a three-day trial for just €2.


Additional features: real-time user and server statistics, three-day trial, five simultaneous connections.

VyprVPN is a fully audited no logs VPN that takes privacy seriously. Vypr implements robust encryption across all of its apps so you are never left exposed, regardless of your device.

  • Pricing

    From  $2.50 - $12.95
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

VyprVPN is a provider based in Switzerland; a location that is generally accepted as being the best place in the EU for a privacy service to be based. The VPN is a no logs service that ensures nobody ever finds out what you do online. And it owns its own infrastructure which is more secure because it can guarantee that nobody else has ever been near its servers.


VyprVPN has apps for all platforms that provide advanced privacy and security features such as a kill switch, DNS leak protection, and obfuscation. This ensures that the VPN is suitable for doing sensitive tasks such as torrenting, or unblocking government censored content. With VyprVPN, OpenVPN encryption is implemented to a high standard using a strong cipher and Perfect forward Secrecy. This ensures that the VPN is future proof and that your data cannot be intercepted even by government snoops.


We love that VyprVPN has servers in over 70 countries around the world. And the fact that this VPN paid for a full third party security audit means that you can trust the service to protect your data. It's well worth testing using its 30-day money-back guarantee.

Hide.Me is an excellent choice for anyone looking for a truly secure service. For starters, it is based in Malaysia and it even covers IPv6 connections.

  • Pricing

    From  $2.43 - $12.95
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

Hide.me is a VPN provider from Malaysia that is always considered an excellent choice for anybody who cares about privacy and security. The VPN has a lot of advanced features that you won’t find on the majority of VPN services available on the market. This includes a kill switch, DNS leak protection, obfuscation, and full IPv6 compatibility (making it fully featured in terms of advanced security features). It has secure apps for Android, iOS, Windws, Mac, Blackberry, Linux, routers and browser extensions for Firefox and Chrome.


OpenVPN is also available, and it is implemented extremely robustly with an AES-256 cipher and Perfect Forward Secrecy. This makes it one of the most secure VPNs on the market and means you can trust it for privacy purposes. Plus, Hide.me provides port forwarding for anybody who requires it for torrenting. Hide.me also recently bolstered its product by allowing users to unblock sought-after services such as Netflix US. Plus, you can see how it stands up against our other recommendations thanks to its 30-day money-back guarantee.

PrivateVPN is the cheapest secure VPN on our list. This fast, no logs VPN implements solid encryption standards, and it can unblock most streaming services as an added bonus.

  • Pricing

    From  $1.89 - $7.12
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

PrivateVPN is a provider based in Sweden that is true to its namesake. The VPN has excellent apps for all platforms that provide robust military-grade OpenVPN encryption that is implemented securely with a strong AES-256 cipher, a robust handshake, and watertight authentication on the control channel. This makes it completely reliable in terms of data privacy and security.


PrivateVPN is a no-logs provider, which means that it will never hold any records about what you have done online while connected to its network. This means that it can never comply with data requests or warrants. We enjoy this VPN because it has all the important security features we need to use the internet safely. A kill switch ensures that you never leak data to your ISP, and the obfuscation makes this service suitable for bypassing censorship in restrictive countries around the globe.


This VPN is a great all-rounder that can unblock many sought after streaming services such as Netflix and BBC iPlayer, and it has reliable apps for all platforms. You can test it risk-free thanks to its 30-day money-back guarantee.

IPVanish is known for being used as a secure VPN to torrent with. It's packed full of features, in obfuscation technology, so no one knows what you are doing online.

  • Pricing

    From  $2.62 - $9.99
  • Logging policy

    • Anonymized
  • IP Leak detected?

    • No
  • WebRTC Leak detected?

    • No

IPVanish is a VPN provider based in the US, but this is hardly a problem thanks to its staunch zero logs policy. It has fantastic apps for all platforms, each of which comes with advanced VPN features such as a kill switch, DNS leak protection, and obfuscation. This ensures that you can use the VPN for sensitive tasks such as torrenting in private.


IPVanish also provides our preferred encryption protocol - OpenVPN. And that encryption is implemented robustly with an AES-256 cipher and perfect forward secrecy. In addition to being private and secure, IPVanish has fast servers in over 75 countries worldwide. This makes the VPN perfect for unblocking online content from around the globe with complete privacy. We found this VPN to be easy to use across all platforms, and you can connect with as many devices as you want simultaneously. This is very generous and means that you can use it to gain security across all of your devices.


Finally, this VPN can be compared to our other recommendations thanks to its 30-day money-back guarantee.

ExpressVPN Discount Coupon
Get 49% Off Now Comes with an additional 3 months

Are secure VPNs fast?

Yes, all of our recommended secure VPNs are fast enough to handle even the most data-intensive tasks, such as online gaming, VoIP calls, and streaming in full HD. To help you better understand what speeds you can expect from our top secure VPN picks, we run speed tests on them three times a day and display the most recent results in the table below. This way, you know which VPNs are the fastest right now.

Place Provider Average Speed Max Speed Visit Site
1. 64.07 Mbit/s 93.58 Mbit/s Visit Site
2. 62.07 Mbit/s 76.12 Mbit/s Visit Site
3. 60.25 Mbit/s 78.08 Mbit/s Visit Site
4. 50.36 Mbit/s 58.85 Mbit/s Visit Site
5. 49.41 Mbit/s 60.32 Mbit/s Visit Site
6. 47.56 Mbit/s 64.93 Mbit/s Visit Site
7. 43.02 Mbit/s 82.67 Mbit/s Visit Site
8. 42.72 Mbit/s 64.26 Mbit/s Visit Site
9. 36.86 Mbit/s 63.02 Mbit/s Visit Site
10. 35.33 Mbit/s 47.86 Mbit/s Visit Site

How to determine how secure a VPN is?

There are lots of things that a VPN can do for you, but let's acknowledge that it is, first and foremost, a tool to protect your privacy online. If a VPN can't do this, it's putting your privacy at risk and creating a false sense of security - the exact opposite of what you'd want from a VPN.

The most important things that we look at when determining the security of a VPN are:

We cover the different ways that you can determine how secure a VPN is below.

Which is the most secure VPN protocol?

In order to establish a secure connection, the VPN software on your device negotiates an encrypted connection with the VPN server. The mechanism used to do this is called the VPN protocol, which uses a series of authentication and encryption algorithms to ensure the connection is secure.

The main VPN protocols you are likely to encounter are:

PPTP - Not Secure

A widely supported VPN protocol that is no longer considered secure. There is very little to reason to use it these days, and it should, therefore, be avoided.

L2TP - Will Not Secure Your Data From Surveillance

A widely supported protocol. It’s not secure against the NSA but is suitable for general use. That said, why bother when IKEv2 and OpenVPN are available?

IKEv2 - Secure and ideal for Android & iOS

IKEv2 stands for Internet Key Exchange Version 2. The protocol is often referred to as IKEv2/IPsec because IKEv2 is never implemented without the IPsec encryption.

It is generally considered more lightweight and stable than OpenVPN, but it is only available over UDP, which is blocked by some firewalls.

OpenVPN - The most secure VPN protocol & recommended

An open-source protocol that is widely regarded as the most secure and versatile VPN protocol available. We generally always recommend using OpenVPN whenever possible (although IKEv2 is also a good option).

How we assess VPN encryption

As encryption is what makes a VPN secure, we spend a lot of time testing and researching how encryption is implemented by VPN services. We focus on OpenVPN encryption this is because:

OpenVPN is made up of several elements - but the devil is in the detail.

The security of OpenVPN comes from how well it has been implemented. Meaning that if OpenVPN has been implemented poorly by a VPN service, then it's no better than the other (lesser) protocols we mentioned above.

Below is a list of the component parts of the OpenVPN protocol:

  • Cipher AES-256-CGM
  • Control hash auth HMAC SHA-1
  • Handshake RSA-4096 
  • Forward security DHE-4096
  • Connection logs 
  • Traffic logs

We recognize that implementing encryption protocols like OpenVPN to a high standard is a key feature of a secure VPN - so, we made it one of our main considerations when putting together our list of the ten most secure VPN services. Simply put, if we find that a particular VPN service can't implement encryption protocols to a high standard, we don't recommend the service.

 

CyberGhost VPN Discount Coupon
79% Off Today Exclusive Offer - 45-day money-back guarantee
   

Secure VPNs don't keep logs

In our opinion, a VPN cannot be considered secure if it keeps logs of your connection and traffic. This is because a VPN that keeps logs of your activity is liable to hand that data over to authorities at a moment's notice. This is not at all something you'd want your VPN provider doing, especially if you're using your VPN to download torrents.

Because of this, all of the secure VPN providers we recommend in this guide have strict no-logs policies to ensure that none of your online activity while connected to their networks is ever logged. Since a secure, no-logs VPN provider will never have any data related to what you get up to on its network, it will have literally nothing whatsoever to hand over to authorities, even if served with a warrant. This means that you can rest assured that your online privacy will be fully protected by a VPN that doesn't keep logs.

IP leak protection

The second key element to a VPN’s technical security is to have IP leak protection.

An IP leak happens when your VPN leaks your real IP address to a website or service that you visit online. This is very dangerous, of course, particularly if you're using a VPN to keep your identity private while accessing the internet.

When using a VPN, no website you visit should be able to see your real IP address, or one belonging to your ISP that can be traced back to you. We have tested all the services in the list above to ensure that they do not leak your real IP Address. 

How to test for IP Leaks yourself

We recommend testing your VPN service for leaks when you first sign-up for it. You can do this by using ProPrivacy's leak testing tool - and don't worry, we've made the process incredibly easy! All you need to do is follow the on-screen instructions:

  1. Make sure you are disconnected from the VPN and visit our VPN leak testing tool.
  2. Read the instructions and click Continue twice.
  3. Select your country or give the browser permission to access your location. Please note, ProPrivacy does not keep your location or any other information about you on record.
  4. Connect to a VPN server in a different country. This is important because connecting to a server in the same country can cause the results to be less accurate.
  5. Click "I’ve connected to a VPN” and let the automated process begin.

Once completed, your results will be displayed in a digestible format so you will know for certain whether you have a leak or not.

VPN leak test image

All tests were passed in the example image above, as indicated by the checkmarks to the right. You can find out more information by clicking on the drop-down boxes. If you instead see a red cross next to IPv4, IPv6, DNS, or WebRTC, then you have experienced a leak. In this case, you can troubleshoot by turning IPv6 off manually and disabling WebRTC, but it might be easier to just switch providers at that point if you detect a leak of any kind.

Check out our guide on how to fix the WebRTC bug if you are experiencing any WebRTC related issues. 

Private Internet Access Discount Coupon
Get 76% Off With our PIA Discount With 30-day money-back guarantee

Kill switches

VPN connections do sometimes drop - for various reasons - and this is something that can happen to even the best services. A secure VPN provider will ensure that you are kept secure if your internet connection drops, meaning your real IP address will not be exposed for the world to see.

Kill switches shut down your internet connection when your VPN is not connected in order to protect your privacy. They can be either reactive or firewall-based.

Reactive kill switches

Reactive kill switches detect that the connection to the VPN server has dropped, then shut down your internet connection to prevent leaks.

There is a danger, however, that an IP leak could occur during the micro-seconds it takes to detect the VPN dropout and to shut down your internet connection.

Firewall kill switches

Firewall-based kill switches solve the IP leak problem by simply routing all internet connections through the VPN interface. If the VPN is not running, then no traffic can enter or leave your device. Firewall-based kill switches are therefore better than reactive ones, but any kill switch is better than none!

Firewall-based kill switches come in two types. The first kind is implemented in the client, and will therefore not work if the client crashes. The second kind modifies the Windows or macOS firewall rules so that even if the VPN software crashes, traffic cannot enter or exit your device.

The only problem with the second method is that it could, at least in theory, cause conflicts if you use a third-party firewall.

Are there free secure VPNs?

Yes, if you don't feel like spending any money, then you can get a quality, reliable free VPN that is secure and will allow you to sufficiently protect your privacy without having to pay a single cent. It's important to keep in mind, however, that free VPN services are typically restricted in various ways such as in connection speeds, number of server locations, premium features, and data limits.

It's also important to understand that genuine, high-quality free VPN services are exceedingly rare. So if you do opt for a free VPN, then make certain that it does its part to protect your privacy and keep you secure. Why? Because the vast majority of free VPN services are either completely useless and provide little to no online security, or they make their money by selling your data to the highest bidder. Some free options can even be outright dangerous to use since they can be crawling with malware.

If you don't mind dropping a few bucks a month for one of the premium services listed in this guide, then you'd really be better off securing your connection with one of our recommended secure VPNs.

Can you get a secure mobile VPN app?

If protecting your online privacy while you're out and about is your main concern, you'll be happy to know that all our VPN recommendations also apply to the Android and iPhone apps as well. A quality, secure VPN provider will keep you secure on smartphones and tablets since it will offer the same privacy protections it offers on other platforms.

In fact, using a VPN on mobile is the best way to protect your privacy on the go, especially if you're connecting your mobile device to a public wifi hotspot. Check out our iOS VPN or Android VPN pages for more infromation about using one on your mobile. 

Check if your data been compromised

Check if your data has been compromised by using our tool below. It will tell your email has ever been exposed in a data breach. Simply enter your email address above to find out.

Powered by haveibeenpwned.com

FAQs

Conclusion 

A VPN is a versatile tool with a wealth of functions, whether you want to spoof your location, access restricted sites, or stay safe on public WiFi hotspots - but primarily, a VPN is about security. When you connect to a VPN server, you're shoring up your privacy. Nobody will be able to snoop on your identifiable information; not your ISP, government, or any malicious cybercriminals.

Now that you know everything that goes into making sure a VPN is secure, here's a quick reminder of our top picks for the most secure VPNs:

  1. ExpressVPN - The most secure VPN on our list. This service is super secure but doesn’t compromise on speed and performance.
  2. Private Internet Access - A secure zero logs VPN. Not only is it packed with security features, but it has proven its no logs policy in court!
  3. CyberGhost VPN - An easy to use VPN with watertight security. It offers secure apps for Android & iOS with the same great levels of privacy.
  4. Surfshark - A secure VPN that is packed with value. For $2.49 a month you get excellent encryption, privacy features and fast connection speeds.
  5. ProtonVPN - A very secure VPN service from the developers of ProtonMail. With that pedigree it's no surprise that it made it into our top picks.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

16 Comments

Sam
on November 28, 2019
Reply
I wouldn't say expressVpn is the most secure as it lacks security features like multi hop and it has a built in kill switch and a far superior whitelisting of apps and certain websites so you don't need to turn off your vpn, surfshark has something called CleanWeb which blocks Malicious websites and ads and trackers, I can also whitelist certain websites I've tried multiple vpn services and the most secure would be as follows 1. SurfShark 2. ExpressVpn 3. ProtonVpn The speeds of surfshark and express vpn are neck on neck,
hmmmmm
on April 27, 2017
Reply
Hi Douglas & notsosafe, ExpressVPN is more secure(with better enryption?) than AirVPN? Do they offer unique OpenVPN certs/keys as well? Should I cancel/ditch AirVPN for ExpressVPN? notsosafe what VPN do you use? Thanks.
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to hmmmmm
on April 27, 2017
Reply
Hi hmmmmm, ExpressVPN now offers slightly stronger encryption than AirVPN (stronger SHA hash authentication), although both are so strong that it really makes little difference. Be aware that ExpressVPN does keep some very connection minimal logs. With regard to shared OpenVPN certificates, I have changed my mind since I wrote these comments last September. A lengthy discussion with the guys at IVPN has convinced that use of shared certs is not a problem, and is, in fact, better for privacy than unique certs. A summary of IVPNs argument can be found here. Please note, however, that pre-shared keys _are_ a problem when it comes to L2TP/IPec.
notsosafe
on September 30, 2016
Reply
The user id is irrelevant, these companies will give one to anybody on this planet that throws money at them. It merely grants one access to the backbone, it's what happens on that backbone, after they gain access. We came here to make people aware that these networks are not as secure as the public is lead to believe. Their network designs are inferior and they know it. If a key is shared, the tunnels have glass walls to an experienced user/organization. We will point you in the direction of a secure (real) vpn provider and invite you to do your own research. Have a nice day!
David replied to notsosafe
on May 13, 2020
Reply
Can I get surfshark login please
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to David
on May 13, 2020
Reply
Hi David. That's easy. Buy a subscription :).
notsosafe
on September 28, 2016
Reply
People are deluded into a false sense of security with these vpn providers. If the certificates are shared, that means all users have the same key to unlock each others' sessions. They can eavesdrop on each other, they are on the same backbone. IP packets can be disassembled. Traffic can be monitored. There are many levels of intrusion. Their VPN tunnels have glass walls, it's not secure, anybody can see inside. Does one not fathom, that unscrupulous individuals/organizations will setup vpn accounts with these providers knowing this? You wouldn't give a stranger a key to your house, so why would you give them a copy of your certificate. It defeats the entire purpose of encryption. A properly encrypted VPN has encrypted certificates at each end of the tunnel and those certificates are unique to only those two interfaces. Allowing anybody else a copy of that certificate, grants them access to that tunnel. The VPN providers all know this. Ask them, they'll try to avoid your question. The more secure providers will issue your own unique certificate, those are the companies you want to deal with. People need to be aware of this!
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to notsosafe
on September 29, 2016
Reply
Hi notsosafe, So... let's say that you and I are both customers of a VPN service that uses shared OpenVPN certs. I have my own login details for that service, and we are using the same cert to connect to it. How could I use this to compromise your account or internet connection (assuming that you use a strong password that I do not have access to)? I do agree that unique certs are preferable, but do not see how shared certs are the security nightmare that you describe.
Show More Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Large brand with very good value, and a budget price

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit