Mullvad.net is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and does not have a free trial.
Mullvad has servers in 35 countries at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
We also think it's better for the security of the VPN provider's private keys if they use dedicated servers, instead of cheaper shared solutions (with other customers) such as virtual private servers.
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report published at cure53.de. The security researchers concluded:
Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
In 2020 a second audit was announced and the final audit report was made available on Cure53's website:
The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
In 2021 an infrastructure audit was announced and the final audit report was made available on Cure53's website.
Mullvad provides the source code for their desktop and mobile clients in their GitHub organization.
Mullvad in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, and cash/local currency as anonymous forms of payment. They also accept Swish and bank wire transfers.
In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.
Mullvad supports the future of networking IPv6. Their network allows users to access services hosted on IPv6 as opposed to other providers who block IPv6 connections.
Remote port forwarding is allowed for users who make one-time payments, and not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify port users based on stored subscription information. See Port forwarding with Mullvad VPN for more information.
Mullvad has published App Store and Google Play clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in F-Droid, which ensures that it is compiled with reproducible builds.
Mullvad is very transparent about which nodes they own or rent. They use ShadowSocks in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with Deep Packet Inspection trying to block VPNs. Supposedly, China has to use a different method to block ShadowSocks servers. Mullvad's website is also accessible via Tor at o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion.
ProtonVPN.com is a strong contender in the VPN space, and they have been in operation since 2016. ProtonVPN is based in Switzerland and offers a limited free pricing tier, as well as premium options. They offer a further 14% discount for buying a 2 year subscription.
ProtonVPN has servers in 44 countries at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
We also think it's better for the security of the VPN provider's private keys if they use dedicated servers, instead of cheaper shared solutions (with other customers) such as virtual private servers.
As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to a user's device or traffic. You can view individual reports for each platform at protonvpn.com.
ProtonVPN provides the source code for their desktop and mobile clients in their GitHub organization.
ProtonVPN does technically accept Bitcoin payments; however, you either need to have an existing account, or contact their support team in advance to register with Bitcoin.
In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for App Store and Google Play allowing for easy connections to their servers. The mobile client on Android is also available in F-Droid, which ensures that it is compiled with reproducible builds.
ProtonVPN does not currently support remote port forwarding, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.
ProtonVPN have their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using the official Tor Browser for this purpose.
IVPN.net is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
IVPN has servers in 32 countries at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.
We also think it's better for the security of the VPN provider's private keys if they use dedicated servers, instead of cheaper shared solutions (with other customers) such as virtual private servers.
IVPN has undergone a no-logging audit from Cure53 which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a comprehensive pentest report Cure53 in January 2020. IVPN has also said they plan to have annual reports in the future.
As of Feburary 2020 IVPN applications are now open source. Source code can be obtained from their GitHub organization.
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, Monero and cash/local currency (on annual plans) as anonymous forms of payment.
In addition to standard OpenVPN connections, IVPN supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.
Remote port forwarding is possible with a Pro plan. Port forwarding can be activated via the client area. Port forwarding is only available on IVPN when using OpenVPN and is disabled on US servers.
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for App Store and Google Play allowing for easy connections to their servers. The mobile client on Android is also available in F-Droid, which ensures that it is compiled with reproducible builds.
IVPN clients support two factor authentication (Mullvad and ProtonVPN clients do not). IVPN also provides "AntiTracker" functionality, which blocks advertising networks and trackers from the network level.