VPN Recommendation: Difference between revisions
No edit summary Tag: 2017 source edit |
Tag: 2017 source edit |
||
| (15 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
A VPN (Virtual Private Network) is a tool that creates a private network connection across a public network, such as the Internet. It provides privacy (obfuscation) and security (encryption) while on the public network but does not guarantee anonymity. To achieve anonymity, The Onion Routing (TOR) is required. | A VPN (Virtual Private Network) is a tool that creates a private network connection across a public network, such as the Internet. It provides privacy (obfuscation) and security (encryption) while on the public network but does not guarantee anonymity. To achieve anonymity, The Onion Routing (TOR) is required. | ||
Beyond traditional VPNs, there are alternative tools like '''Cloudflare Tunnels''', '''ZeroTier''', '''Tailscale''', and proprietary solutions like '''Apple Private Relay''' and '''Cloudflare WARP'''. These tools offer unique features and integrations that can complement or replace VPNs depending on the use case. | Beyond traditional VPNs, there are alternative tools like [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ '''Cloudflare Tunnels'''], [https://en.wikipedia.org/wiki/ZeroTier '''ZeroTier'''], [https://en.wikipedia.org/wiki/Tailscale '''Tailscale'''], and proprietary solutions like [https://en.wikipedia.org/wiki/ICloud#Private_Relay '''Apple Private Relay'''] and [https://en.wikipedia.org/wiki/1.1.1.1#WARP '''Cloudflare WARP''']. These tools offer unique features and integrations that can complement or replace VPNs depending on the use case. | ||
<span id="vpn-and-alternatives"></span> | <blockquote>.. consider VPNs for what they are, a middleman. They have benefits. They also absolutely have associated risks. They are a tool in the box but not an end-all-be-all-be-all solution. They are far from it. We need to understand their use case when compared to various threat models.</blockquote><span id="vpn-and-alternatives"></span> | ||
== VPNs and Alternatives == | == VPNs and Alternatives == | ||
| Line 15: | Line 15: | ||
! Notable Integrations | ! Notable Integrations | ||
|- | |- | ||
| | | [https://mullvad.net/en/ Mullvad VPN] | ||
| Privacy-focused, no email association, cash payment support. | | Privacy-focused, no email association, cash payment support. | ||
| Obfuscation, secure browsing. | | Obfuscation, secure browsing. | ||
| Integrates with Tailscale for private routing.<ref name="tailscale-mullvad">[https://tailscale.com/mullvad Mullvad VPN and Tailscale Integration]</ref> | | Integrates with Tailscale for private routing.<ref name="tailscale-mullvad">[https://tailscale.com/mullvad Mullvad VPN and Tailscale Integration]</ref> | ||
|- | |- | ||
| | | [https://ivpn.net IVPN] | ||
| Privacy-first, anonymous signups, supports cash payments. | |||
| Secure browsing, privacy-focused users. | |||
| Supports multi-hop and WireGuard configurations. | |||
|- | |||
| [https://protonvpn.com ProtonVPN] | |||
| Swiss-based, strong privacy laws, free tier available. | |||
| Secure browsing, privacy-conscious users. | |||
| Integrates with ProtonMail for encrypted email. | |||
|- | |||
| [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare Tunnels] | |||
| Exposes local services securely via Cloudflare's network. | | Exposes local services securely via Cloudflare's network. | ||
| Hosting services without public IP, bypassing firewalls. | | Hosting services without public IP, bypassing firewalls. | ||
| Works with Cloudflare Access for zero-trust security. | | Works with Cloudflare Access for zero-trust security. | ||
|- | |- | ||
| | | [https://www.zerotier.com/ ZeroTier] | ||
| Peer-to-peer virtual network with mesh routing. | | Peer-to-peer virtual network with mesh routing. | ||
| IoT devices, gaming, remote access. | | IoT devices, gaming, remote access. | ||
| Supports IPv4/IPv6 networks and integrates with network controllers. | | Supports IPv4/IPv6 networks and integrates with network controllers. | ||
|- | |- | ||
| | | [https://tailscale.com/ Tailscale] | ||
| Simplifies VPN configuration using WireGuard. | | Simplifies VPN configuration using WireGuard. | ||
| Secure remote access to private resources. | | Secure remote access to private resources. | ||
| Mullvad VPN integration provides enhanced privacy by routing via Mullvad servers.<ref name="tailscale-mullvad" /> | | Mullvad VPN integration provides enhanced privacy by routing via Mullvad servers.<ref name="tailscale-mullvad" /> | ||
|- | |- | ||
| | | [https://torproject.org/ TOR] | ||
| Provides anonymity using layered encryption. | | Provides anonymity using layered encryption. | ||
| Accessing the dark web, bypassing censorship. | | Accessing the dark web, bypassing censorship. | ||
| Integrates with browsers like Tor Browser. | | Integrates with browsers like Tor Browser. | ||
|- | |- | ||
| | | [https://1.1.1.1/warp Cloudflare WARP] | ||
| Encrypts all DNS queries and some traffic, improving security. | | Encrypts all DNS queries and some traffic, improving security. | ||
| Lightweight, better for speed and low-latency connections. | | Lightweight, better for speed and low-latency connections. | ||
| Cannot route all traffic like traditional VPNs. | | Cannot route all traffic like traditional VPNs. | ||
|- | |- | ||
| | | [https://support.apple.com/en-us/HT212529 Apple Private Relay] | ||
| Masks user IP and DNS requests when using Safari. | | Masks user IP and DNS requests when using Safari. | ||
| Privacy-focused for general browsing. | | Privacy-focused for general browsing. | ||
| Line 103: | Line 113: | ||
== Privacy Policy Comparison == | == Privacy Policy Comparison == | ||
{| class="wikitable" | See a much more robust and updated [https://www.techlore.tech/vpn vpn comparison chart here (Techlore)] | ||
{| class="wikitable sortable" | |||
|- | |- | ||
! | ! Provider | ||
! | ! Personal Data | ||
! | ! Data Retention | ||
! | ! Third-Parties | ||
! | ! Payment Options | ||
! Country of Data Storage | |||
! Individual Rights | |||
! Policy Updates | |||
! $/Device/Month | |||
|- | |- | ||
| | | [https://mullvad.net/en/help/privacy-policy/ Mullvad VPN] | ||
| Payment info, support/problem report info. | | Payment info, support/problem report info. | ||
| 40 days - statutory period, six months for support. | |||
| E-mail service providers, payment suppliers. | |||
| Cash, Cryptocurrency, Credit/Debit Card | |||
| EU/EEA | |||
| Correction, deletion, limitation, complaint. | |||
| Published on the website. | |||
| $1 | |||
|- | |||
| [https://www.ivpn.net/privacy/ IVPN] | |||
| Account, payment, usage, crash logs, device permissions. | | Account, payment, usage, crash logs, device permissions. | ||
| 90 days (mostly); accounting unlinked; logs as needed. | |||
| Braintree, PayPal. | |||
| Cash, Cryptocurrency, Credit/Debit Card | |||
| EU (GDPR Compliant) | |||
| Access, rectification, erasure, revoke permissions. | |||
| Posted on the website, emailed to customers. | |||
| $1.42 | |||
|- | |||
| [https://protonvpn.com/privacy-policy Proton VPN] | |||
| Account creation, support/bug reports. | | Account creation, support/bug reports. | ||
| Retained for active accounts; deleted when closed. | |||
| Referrer platforms, routing technology. | |||
| Cash, Cryptocurrency, Credit/Debit Card | |||
| Switzerland | |||
| Access, edit, delete, export, complaint. | |||
| Notification of changes for enabled users. | |||
| $1 | |||
|- | |||
| [https://my.nordaccount.com/legal/privacy-policy/ Nord Security] | |||
| User-provided data, automatic data, third-party data. | | User-provided data, automatic data, third-party data. | ||
| Varies by data type. | | Varies by data type. | ||
| Payment processors, support, analytics, marketing. | | Payment processors, support, analytics, marketing. | ||
| | | Credit/Debit Card, PayPal, Cryptocurrency | ||
| Panama | |||
| | | Access, rectification, erasure, etc. | ||
| | | Updates communicated on the website. | ||
| | |||
| $2.4 | | $2.4 | ||
|} | |} | ||
== VPN Troubles == | == VPN Troubles == | ||
=== Signs of a Bad VPN Provider === | === Signs of a Bad VPN Provider === | ||
| Line 144: | Line 174: | ||
* They are a Free VPN. | * They are a Free VPN. | ||
* History of selling user data. | * History of selling user data. | ||
* | * Search terms like "no logs" or "zero logs" in terms of service or privacy policies. [https://google.com/] | ||
* | * Research the VPN provider's reputation [e.g., "provider name scam" ( fraud OR ripoff)] [https://search.irregularchat.com/search?q=%22KAPE%22%20%28%20fraud%20OR%20ripoff%29&language=en&time_range=&safesearch=1&categories=general Search URL]. | ||
=== VPN Provider Risks === | === VPN Provider Risks === | ||
| Line 161: | Line 190: | ||
* ExpressVPN was acquired for $936 million in 2021.<ref name="expressvpn-acquisition">[https://www.bloomberg.com/news/articles/2021-09-13/kape-technologies-agrees-to-buy-expressvpn-for-936-million KAPE Technologies Agrees to Buy ExpressVPN for $936 Million]</ref> | * ExpressVPN was acquired for $936 million in 2021.<ref name="expressvpn-acquisition">[https://www.bloomberg.com/news/articles/2021-09-13/kape-technologies-agrees-to-buy-expressvpn-for-936-million KAPE Technologies Agrees to Buy ExpressVPN for $936 Million]</ref> | ||
[https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/kape-vpns Kape VPN relationships] | |||
Users should carefully evaluate VPN providers' transparency and privacy policies before choosing a service. | Users should carefully evaluate VPN providers' transparency and privacy policies before choosing a service. | ||
<span id="references"></span> | <span id="references"></span> | ||
== References == | == References == | ||
<references /> | <references /> | ||
[[Category:DFP]] | |||
[[Category:Network]] | |||
Latest revision as of 22:07, 4 December 2024
What is a VPN
A VPN (Virtual Private Network) is a tool that creates a private network connection across a public network, such as the Internet. It provides privacy (obfuscation) and security (encryption) while on the public network but does not guarantee anonymity. To achieve anonymity, The Onion Routing (TOR) is required.
Beyond traditional VPNs, there are alternative tools like Cloudflare Tunnels, ZeroTier, Tailscale, and proprietary solutions like Apple Private Relay and Cloudflare WARP. These tools offer unique features and integrations that can complement or replace VPNs depending on the use case.
.. consider VPNs for what they are, a middleman. They have benefits. They also absolutely have associated risks. They are a tool in the box but not an end-all-be-all-be-all solution. They are far from it. We need to understand their use case when compared to various threat models.
VPNs and Alternatives
| Tool | Features | Use Cases | Notable Integrations |
|---|---|---|---|
| Mullvad VPN | Privacy-focused, no email association, cash payment support. | Obfuscation, secure browsing. | Integrates with Tailscale for private routing.[1] |
| IVPN | Privacy-first, anonymous signups, supports cash payments. | Secure browsing, privacy-focused users. | Supports multi-hop and WireGuard configurations. |
| ProtonVPN | Swiss-based, strong privacy laws, free tier available. | Secure browsing, privacy-conscious users. | Integrates with ProtonMail for encrypted email. |
| Cloudflare Tunnels | Exposes local services securely via Cloudflare's network. | Hosting services without public IP, bypassing firewalls. | Works with Cloudflare Access for zero-trust security. |
| ZeroTier | Peer-to-peer virtual network with mesh routing. | IoT devices, gaming, remote access. | Supports IPv4/IPv6 networks and integrates with network controllers. |
| Tailscale | Simplifies VPN configuration using WireGuard. | Secure remote access to private resources. | Mullvad VPN integration provides enhanced privacy by routing via Mullvad servers.[1] |
| TOR | Provides anonymity using layered encryption. | Accessing the dark web, bypassing censorship. | Integrates with browsers like Tor Browser. |
| Cloudflare WARP | Encrypts all DNS queries and some traffic, improving security. | Lightweight, better for speed and low-latency connections. | Cannot route all traffic like traditional VPNs. |
| Apple Private Relay | Masks user IP and DNS requests when using Safari. | Privacy-focused for general browsing. | Limited to Apple ecosystem and Safari browser. |
Benefits of Alternatives
- Cloudflare Tunnels: Removes the need for exposing your IP by using a reverse proxy over HTTPS.
- ZeroTier: Provides mesh networking, ideal for personal and small business use cases.
- Tailscale: Combines WireGuard's security with ease of use, and with Mullvad integration, ensures privacy by routing traffic through Mullvad's VPN servers.[1]
- Cloudflare WARP: Lightweight and designed for DNS and basic traffic encryption; better for speed than traditional VPNs.
- Apple Private Relay: Protects Safari users' IP addresses and DNS queries but does not act as a complete VPN.
VPN vs WireGuard, Tailscale, and ZeroTier
| Feature | Traditional VPN | WireGuard | Tailscale | ZeroTier |
|---|---|---|---|---|
| Setup Complexity | Moderate to high; may require manual configuration. | Easy to moderate; simple setup for many clients. | Easy; uses your identity provider for access control. | Moderate; requires understanding of network rules. |
| Performance | Lower due to older protocols. | High; lightweight and efficient. | High; uses WireGuard under the hood. | High; optimized for P2P routing. |
| Privacy | Good; depends on provider policies. | Depends on implementation (e.g., Mullvad uses WireGuard). | Good; Mullvad integration enhances privacy.[1] | Decentralized, privacy depends on configuration. |
| Flexibility | Routes all internet traffic. | Routes specific traffic as configured. | Simplifies remote access to private resources. | Allows custom virtual networks. |
| Use Case | General-purpose secure browsing. | Optimized for speed and secure connections. | Simplifies secure remote access and sharing. | Custom networks for IoT, gaming, or remote access. |
Privacy Policy Comparison
See a much more robust and updated vpn comparison chart here (Techlore)
| Provider | Personal Data | Data Retention | Third-Parties | Payment Options | Country of Data Storage | Individual Rights | Policy Updates | $/Device/Month |
|---|---|---|---|---|---|---|---|---|
| Mullvad VPN | Payment info, support/problem report info. | 40 days - statutory period, six months for support. | E-mail service providers, payment suppliers. | Cash, Cryptocurrency, Credit/Debit Card | EU/EEA | Correction, deletion, limitation, complaint. | Published on the website. | $1 |
| IVPN | Account, payment, usage, crash logs, device permissions. | 90 days (mostly); accounting unlinked; logs as needed. | Braintree, PayPal. | Cash, Cryptocurrency, Credit/Debit Card | EU (GDPR Compliant) | Access, rectification, erasure, revoke permissions. | Posted on the website, emailed to customers. | $1.42 |
| Proton VPN | Account creation, support/bug reports. | Retained for active accounts; deleted when closed. | Referrer platforms, routing technology. | Cash, Cryptocurrency, Credit/Debit Card | Switzerland | Access, edit, delete, export, complaint. | Notification of changes for enabled users. | $1 |
| Nord Security | User-provided data, automatic data, third-party data. | Varies by data type. | Payment processors, support, analytics, marketing. | Credit/Debit Card, PayPal, Cryptocurrency | Panama | Access, rectification, erasure, etc. | Updates communicated on the website. | $2.4 |
VPN Troubles
Signs of a Bad VPN Provider
- They offer a free trial but require payment information.
- They are a Free VPN.
- History of selling user data.
- Search terms like "no logs" or "zero logs" in terms of service or privacy policies. [1]
- Research the VPN provider's reputation [e.g., "provider name scam" ( fraud OR ripoff)] Search URL.
VPN Provider Risks
Some VPN providers, particularly those owned by KAPE Technologies, may pose risks to user privacy. KAPE Technologies owns:
- CyberGhost VPN
- Zenmate VPN
- Private Internet Access (PIA)
- ExpressVPN
- SurfShark
KAPE's history and acquisitions raise privacy concerns. For instance:
- CyberGhost VPN was purchased by KAPE for $10 million in 2017.[2]
- Private Internet Access was bought for $127 million in 2019.[3]
- ExpressVPN was acquired for $936 million in 2021.[4]
Kape VPN relationships Users should carefully evaluate VPN providers' transparency and privacy policies before choosing a service.