A VPN is a Internet Connection that creates an encrypted tunnel through your ISP and masks your real IP address. VPNs are your overall best choice for anonymizing yourself on the internet. It's fairly easy to setup, there are wide variety and selection of providers from countries across the world. Basically, VPNs are private networks utilized for plenty of privatizing purposes but for our purposes, you will connect to the internet through your chosen VPN's server(s) and to the rest of the world your IP address and internet identity will be from the server's location. Some adjustments to your settings may be required as some websites use GeoIP to determine languages, currency units, time zones, etc.
VPN providers usually offer a choice of connection types, sometimes as part of different price plans, and sometimes all included in a single-price package. This guide is intended to provide an overview of the options available and to help you understand the basics of the underlying technologies used.

About Encryption Key Length

In crude terms, the length of a key used when making a cypher determines how long it will take to crack using a brute force attack, with longer keys requiring exponentially more time than shorter ones (a brute force attack is also known an exhaustive key search and involves trying every possible combination until the correct one is found).

It is almost impossible to find VPN of less than 128-bit key length, and it is increasingly common to find 256-bit encryption on offer, sometimes going up to 2048-bit. SSTP uses 2048-bit encryption as standard for example. But what do these numbers mean in practice, and is 256-bit encryption really more secure than 128-bit encryption?

The short answer is that to all practical intents and purposes, no. While it is true that a 256-bit key would require 2128 times more computational power to break than a 128-bit key, that still means 3.4 x1038 operations would be required (the number of combinations in a 128-bit key) – a feat beyond conventional computing techniques for the foreseeable future. It would currently take the fastest supercomputer (figures from 2011, capable of 10.51 pentaflops peak speed) 1.02 x 1018 (around 1 billion) years to crack a 128-bit AES key by force.

As a 128-bit cypher cannot in any practical terms be cracked (through brute strength), it is fair to say that this more than strong enough for most purposes. Only those truly paranoid about security (such as governments when handling ultra-sensitive classified data that needs to remain secret for the next 100 years or so) may have a practical use for 256-bit encryption (the United States government for example uses NIST certified 256-bit AES encryption).

So why is it increasingly common to see VPN providers offering 256-bit encryption (let alone 2048-bit encryption)? Particularly when you consider that it takes computers considerably longer to encrypt information with 256-bit or greater keys? The simple answer is marketing. It sounds more impressive when trying to sell a product.

Large corporations and governments may feel the need for the added security margin afforded by longer key lengths, but for the average home VPN user 128-bits is more than sufficient.

Different cyphers do have vulnerabilities which may allow for faster key deduction, and sideways attacks using software such as key loggers can be used to get around encryption. However the point stands that when it comes to key length, sizes over 128-bits really are unlikely to matter for most users.


Point-to-Point Tunnelling Protocol is a Microsoft invention for creating VPN over dialup networks, and as such has long been the standard protocol for internal business VPN for many years. It is a VPN protocol only, and relies on various authentication methods to provide security (with MS-CHAP v2 being the most common). Available as standard on just about every VPN capable platform and device, and thus being easy to set up without the need to install additional software, it remains a popular choice both for businesses and VPN providers. It also has the advantage of requiring a low computational overhead to implement (i.e. it’s quick).

However, although now usually only found using 128-bit encryption keys, in the years since it was first bundled with Windows95 OSR2 in 1999 a number of security vulnerabilities have come to light, the most serious of which is the possibility of unencapsulated MS-CHAP v2 Authentication. Using this exploit, PPTP has been cracked within 2 days, and although Microsoft has patched the flaw (through the use of PEAP rather than MS-CHAP v2 authentication), it has itself issued a recommendation that VPN users should use L2TP, IPsec or SSTP instead.


  • Client built-in to just about all platforms
  • Very easy to set up
  • Fast


  • Not very secure (the vulnerable MS CHAPv2 authentication is still the most common in use)

L2TP and L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that on its own does not provide any encryption or confidentiality to traffic that passes through it. For this reason it is usually implemented with the IPsec encryption protocol to provide security and privacy.

L2TP/IPsec is built-in to all modern operating systems and VPN capable devices, and is just as easy and quick to set up as PPTP (in fact it usually uses the same client). Problems can arise however because the L2TP protocol uses UDP port 500, which is more easily blocked by NAT firewalls, and may therefore require advanced configuration (port forwarding) when used behind a firewall (this unlike SSL which can use TCP port 443 to make it indistinguishable from normal SHTTP traffic).

IPsec encryption has no major vulnerabilities and is considered extremely secure when using a secure algorithm such as AES. However, because it encapsulates data twice, it is not as efficient as SSL based solutions (such as OpenVPN and SSTP) and is therefore slightly slower.


  • Very secure
  • Easy to set up
  • Available on all modern platforms


  • Slower than OpenVPN
  • Can struggle with restrictive firewalls


OpenVPN is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with an amalgam of other technologies, to provide a strong and reliable VPN solution. One of its major strengths is that it is highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes it traffic on it impossible to tell apart from traffic using standard HHTP over SSL (as used by for example Gmail), and it is therefore extremely difficult to block.

Another advantage of OpenVPN is that the OpenSSL library used to provide encryption supports a number of cryptographic algorithms (e.g. AES, Blowfish, 3DES, CAST-128, Camellia and more), with most common algorithms seen in use by VPN providers being AES and Blowfish. AES is the newer technology, and although both are considered secure, the fact that it has a 128-bit block size rather than Blowfish’s 64-bit block size means that it can handle larger (over 1 GB) files better. The differences are however pretty minor. How fast OpenVPN performs depends on the level of encryption employed, but it is generally faster than IPsec.

OpenVPN has become the default VPN connection type, and while natively supported by no platform, is widely supported on most through third party software. Until very recently it was impossible to run OpenVPN on non jailbroken/ rooted iOS and Android portable devices, although third party apps have now appeared to at least partially address this problem*.

This relates to another problem with OpenVPN; that its flexibility can make it a bit fiddly to set up. When using generic OpenVPN software in particular (such as the standard open source OpenVPN client for Windows), it is necessary to not only download and install the client, but also to download and setup additional configuration files. Many VPN providers get around this configuration problem by supplying customized VPN clients.


  • Highly configurable
  • Very secure (technically depends on encryption algorithm but all are very strong)
  • Can bypass firewalls
  • Can use a wide range of encryption algorithms


  • Needs third party software
  • Can be difficult to set up
  • Limited support on portable devices

*OpenVPN for Android and Open Connect for iOS and Android provide third party OpenVPN support on iOs and Android (4.0 or higher only) devices. These solutions still require a similar downloading and setting up process to the open source desktop OpenVPN clients. Several of the large VPN providers now offer native Android and iOS client software.


Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows only platform (and there is not a snowball’s chance in hell of it ever appearing on an Apple device!). SSTP uses SSL v3, and therefore offers similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall issues), and because it is integrated into Windows may be easier to use and more stable.


  • Very secure (depends on algorithm usually very strong AES)
  • Completely integrated into Windows (Windows Vista SP1, Windows 7, Windows )
  • Microsoft support
  • Can bypass most firewalls


  • Only really works in a Windows only environment


PPTP is too insecure (even its creator Microsoft has abandoned it) and should therefore be avoided. While its ease of setup and cross platform compatibility are attractive, L2PT/IPsec has the same advantages and is much more secure.
L2TP/IPsec is a good VPN solution, but is not quite as good as OpenVPN. However, for a quick VPN setup without the need to install extra software it remains useful, particularly for mobile devices where OpenVPN support is still very patchy.
OpenVPN is the best all round VPN solution despite needing third party software on all platforms. It is reliable, fast and secure, although it usually needs a bit more setting up than the other protocols.
SSTP offers most of the advantages of OpenVPN but only in a Windows environment. This does mean that it is better integrated into the OS, but it is poorly supported by VPN providers thanks to this limitation.

Most users should therefore go with using OpenVPN on their desktop computers, perhaps supplementing it with L2TP/IPsec on their mobile devices (if there is no OpenVPN solution for your device).

Using VPNs

If you don't have to pay for a product, you are the product being sold.
Free VPNs are available online, but we strongly recommend you do not go this route. They could be logging your IP address or browser information and selling it to advertising companies and are inherently more likely to bend easily and immediately under any kind of legal pressure. Before you use a free VPN you might as well look in the Security Handbook for other options you could take to anonymize yourself.

To learn more about how VPNs protect your privacy, please see this frequently updated survey about how customer data is handled by various providers.

Please be aware that TorrentFreak is a commercial entity and is therefore not to be considered a completely objective source.

How to choose your provider?

Before you go further, here is what you have to do when you look for a VPN provider :

  • Read the terms of service and the privacy policy.
  • Read it, really.
  • They should not log. If they take paragraphs to explain how they don't log, be suspicious.
  • Some providers keep short term "session logs." You will have to decide if you are comfortable with that.
  • Check if the provider's website use trackers, ads, counters, then avoid it if yes.
  • We will not recommend specific providers so please don't ask.

Finally here's a link to help make your VPN more effective:

VPN Providers

Following is a list of paid VPN providers. Payment methods vary widely with some requiring a PayPal account, verifiable personal information whereas others allow the use of bitcoin and prepaid credit cards to ensure higher levels of anonymity.

It is advised that you carefully read the Terms of Service and Privacy Policies for any provider you are considering. Laws vary from country to country and what may be legal in one, is not in another so you need to make your decision based on your own situation. Contact the provider and ask them if you are in doubt.

The following list was gathered from simple web searches and is not an endorsement for their use. Any recommendations are based on actual/anecdotal experience. Please read the Terms of Service and the Privacy policy of any you are considering using.

About paysafecard: ever since skrill/moneybookers bought them they turned into the complete opposite of what they used to be. One example: they do not allow for using their service while using a vpn/proxy/tor (they sack the cash and only give it back if you provide your dox to them in form of a copy of your id which is actually highly illegal for them to do because in the EU only banks are allowed to do that to prevent money laundering. funny ikr?) Another: for some payments they require you to create an account with their "my paysafecard" service which again requires valid id to create.

Note: VPN services, even paid services can be and are abused. They are often blacklisted not only here but by services such as Cloudflare. We cannot promise every provider can access this or any other network. | Switzerland/Panama | claims to not log | features multi-hop vpn | cash by mail, bitcoins, paypal, egopay, webmoney, neteller, perfect money, paysafecard | USA | claims to not log | credit cards, paypal, worldpay, bitcoins | Italy | claims to not log | paypal, bitcoins, credit cards | Seychelles | claims to not log | paypal, credit cards, bitcoins, cashu, perfect money, bank transfer | USA | claims to not log | credit cards, paypal, Authorize.Net | USA | claims to not log | bitcoins, credit cards, paypal, webmoney, alipay, unionpay, cashu, yandex money, ukash, fanapay, onecard, interac online, paysafecard | Germany | claims to not log | sepa, paypal, credit cards, hipay, giropay, pay by phone | Northern Cyprus | claims to not log | paypal, bitcoins, alipay, unionpay, webmoney | India | claims to not log | bitcoins, paypal, credit cards, perfect money, paysafecard, skrill, webmoney, alipay | Malaysia | claims to not log | bitcoins, paypal, credit cards, ukash, paysafecard, bank transfer | USA | claims to not log | bitcoins, paypal, credit cards, okpay | Canada | claims to not log | paypal, credit cards, cash by mail | Malta | claims to not log | paypal, bitcoins | Australia | claims to not log | paypal, credit cards, bitcoin, perfect money, payza, cashu | Romania | claims to not log | paypal, bitcoins, credit cards | USA | claims to not log | paypal, bitcoins, credit cards, paypro | Phillipines | claims to not log | paypal, bitcoins | Singapore | claims to not log | paypal, credit cards | British Virgin Islands | claims to not log | credit cards, paysafecard, bank transfer | Malaysia | claims to not log | bitcoins, paypal, darkcoins, molpay | Germany | claims to not log | bitcoins, paypal, cash by mail, bank transfer | Germany | claims to not log | paypal, google checkout, itunes | Canada | claims to not log | paypal, bitcoins | Sweden | claims to not log | paypal, bitcoins, credit cards, cash by mail | USA | claims to not log | paypal, bitcoins, credit cards

The following providers keep some logs, mostly short term session logs, but still logs. | USA | logs | USA | logs | Switzerland | logs | USA | logs | USA | logs | GB | logs | GB | logs | Latvia | logs | USA | logs | Romania | logs | USA | logs | USA | logs | Hungary | logs | Hongkong | logs | Moldavia | logs | USA | logs | USA | logs | Canada | logs | Switzerland | logs | USA | logs | USA | logs | USA | logs | bananaland | logs | cactusland | logs | Hongkong | logs | Germany | logs | Hongkong | logs | Netherlands | logs