privacyguides.org/_includes/legacy/sections/vpn.html
Jonah Aragon b4ce9391b5
Update Mullvad Port Forwarding Information
Resolves #92: Mullvad only allows port forwarding on accounts which use one-time payment methods.
2021-12-31 21:26:49 -06:00

118 lines
16 KiB
HTML

<h2 id="vpn" class="anchor"><a href="#vpn"><i class="fas fa-link anchor-icon"></i></a> Recommended VPN Services</h2>
<div class="alert alert-success" role="alert">
<strong>Our recommended providers are outside the US, use encryption, accept Bitcoin, support OpenVPN, and have a no logging policy. <a href="/providers/vpn/#criteria">Read our full list of criteria for more information</a>.</strong>
</div>
<div class="container-fluid">
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/legacy_svg/3rd-party/mullvad.svg"
data-theme-src="/assets/img/legacy_svg/3rd-party/mullvad-dark.svg"
height="70"
width="200"
class="img-fluid d-block me-auto ms-auto align-middle"
alt="Mullvad">
</div>
<div class="col">
<h2 id="mullvad" class="anchor">
<a href="#mullvad"><i class="fas fa-link anchor-icon"></i></a> Mullvad
{% include badge.html color="info" text="EUR €60/y" %}
</h2>
<p><strong><a href="https://mullvad.net/">Mullvad.net</a> </strong> is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since <strong>2009</strong>. Mullvad is based in <span class="flag-icon flag-icon-se"></span> Sweden and does not have a free trial.</p>
<h5>{% include badge.html color="success" text="35 Countries" %}</h5>
<p>Mullvad has <a href="https://mullvad.net/en/servers/">servers in 35 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5>{% include badge.html color="success" text="Independently Audited" %}</h5>
<p>Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report <a href="https://cure53.de/pentest-report_mullvad_v2.pdf">published at cure53.de</a>. The security researchers concluded:</p>
<blockquote class="blockquote">
<p class="mb-0">Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.</p>
</blockquote>
<p>In 2020 a second audit <a href="https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2020_v2.pdf">final audit report</a> was made available on Cure53's website:</p>
<blockquote class="blockquote">
<p class="mb-0">The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.</p>
</blockquote>
<p>In 2021 an infrastructure audit <a href="https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/">was announced</a> and the <a href="https://cure53.de/pentest-report_mullvad_2021_v1.pdf">final audit report</a> was made available on Cure53's website.</p>
<h5>{% include badge.html color="success" text="Open Source Clients" %}</h5>
<p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p>
<h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
<p>Mullvad in addition to accepting credit/debit cards and PayPal, accepts <strong>Bitcoin</strong>, <strong>Bitcoin Cash</strong>, and <strong>cash/local currency</strong> as anonymous forms of payment. They also accept Swish and bank wire transfers.</p>
<h5>{% include badge.html color="success" text="WireGuard Support" %}</h5>
<p>In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
<h5>{% include badge.html color="success" text="IPv6 Support" %}</h5>
<p>Mullvad supports the future of networking <a href="https://en.wikipedia.org/wiki/IPv6">IPv6</a>. Their network allows users to <a href="https://mullvad.net/en/blog/2014/9/15/ipv6-support/">access services hosted on IPv6</a> as opposed to other providers who block IPv6 connections.</p>
<h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed for users who make one-time payments, and not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify port users based on stored subscription information. See <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a> for more information.</p>
<h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
<p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Google Play</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections. The mobile client on Android is also available in <a href="https://f-droid.org/packages/net.mullvad.mullvadvpn">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
<h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
<p>Mullvad is very transparent about which nodes they <a href="https://mullvad.net/en/servers/">own or rent</a>. They use <a href="https://shadowsocks.org/en/index.html">ShadowSocks</a> in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with <a href="https://en.wikipedia.org/wiki/Deep_packet_inspection">Deep Packet Inspection</a> trying to block VPNs. Supposedly, <a href="https://github.com/net4people/bbs/issues/22">China has to use a different method to block ShadowSocks servers</a>. Mullvad's website is also accessible via Tor at <a href="http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion">o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion</a>.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img src="/assets/img/legacy_svg/3rd-party/protonvpn.svg" height="70" width="200" class="img-fluid d-block me-auto ms-auto align-middle" alt="ProtonVPN">
</div>
<div class="col">
<h2 id="protonvpn" class="anchor">
<a href="#protonvpn"><i class="fas fa-link anchor-icon"></i></a> ProtonVPN
{% include badge.html color="info" text="Free" %}
{% include badge.html color="info" text="Basic USD $48/y" %}
{% include badge.html color="secondary" text="Plus USD $96/y" %}
</h2>
<p><strong><a href="https://protonvpn.com/">ProtonVPN.com</a></strong> is a strong contender in the VPN space, and they have been in operation since <strong>2016</strong>. ProtonVPN is based in <span class="flag-icon flag-icon-ch"></span> Switzerland and offers a limited free pricing tier, as well as premium options. They offer a further 14% discount for buying a 2 year subscription.</p>
<h5>{% include badge.html color="success" text="44 Countries" %}</h5>
<p>ProtonVPN has <a href="https://protonvpn.com/vpn-servers">servers in 44 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5>{% include badge.html color="success" text="Independently Audited" %}</h5>
<p>As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to a user's device or traffic. You can view individual reports for each platform at <a href="https://protonvpn.com/blog/open-source/">protonvpn.com</a>.
<h5>{% include badge.html color="success" text="Open Source Clients" %}</h5>
<p>ProtonVPN provides the source code for their desktop and mobile clients in their <a href="https://github.com/ProtonVPN">GitHub organization</a>.</p>
<h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
<p>ProtonVPN does technically accept Bitcoin payments; however, you either need to have an existing account, or contact their support team in advance to register with Bitcoin.</p>
<h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
<p>In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for <a href="https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085">App Store</a> and <a href="https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/ch.protonvpn.android">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
<h5>{% include badge.html color="warning" text="No Port Forwarding" %}</h5>
<p>ProtonVPN does not currently support remote port forwarding, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.</p>
<h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
<p>ProtonVPN have their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using <a href="https://www.torproject.org/">the official Tor Browser</a> for this purpose.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img src="/assets/img/legacy_svg/3rd-party/ivpn.svg" height="70" width="200" class="img-fluid d-block me-auto ms-auto align-middle" alt="IVPN">
</div>
<div class="col">
<h2 id="ivpn" class="anchor">
<a href="#ivpn"><i class="fas fa-link anchor-icon"></i></a> IVPN
{% include badge.html color="info" text="Standard USD $60/y" %}
{% include badge.html color="secondary" text="Pro USD $100/y" %}
</h2>
<p><strong><a href="https://www.ivpn.net">IVPN.net</a></strong> is another premium VPN provider, and they have been in operation since <strong>2009</strong>. IVPN is based in <span class="flag-icon flag-icon-gi"></span> Gibraltar.</p>
<h5>{% include badge.html color="success" text="32 Countries" %}</h5>
<p>IVPN has <a href="https://www.ivpn.net/server-locations">servers in 32 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5>{% include badge.html color="success" text="Independently Audited" %}</h5>
<p>IVPN has undergone a <a href="https://cure53.de/audit-report_ivpn.pdf">no-logging audit from Cure53</a> which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a <a href="https://cure53.de/summary-report_ivpn_2019.pdf">comprehensive pentest report Cure53</a> in January 2020. IVPN has also said they plan to have <a href="https://www.ivpn.net/blog/independent-security-audit-concluded">annual reports</a> in the future.</p>
<h5>{% include badge.html color="success" text="Open Source Clients" %}</h5>
<p>As of Feburary 2020 <a href="https://www.ivpn.net/blog/ivpn-applications-are-now-open-source">IVPN applications are now open source</a>. Source code can be obtained from their <a href="https://github.com/ivpn">GitHub organization</a>.</p>
<h5>{% include badge.html color="success" text="Accepts Bitcoin" %}</h5>
<p>In addition to accepting credit/debit cards and PayPal, IVPN accepts <strong>Bitcoin</strong>, <strong>Monero</strong> and <strong>cash/local currency</strong> (on annual plans) as anonymous forms of payment.</p>
<h5>{% include badge.html color="success" text="WireGuard Support" %}</h5>
<p>In addition to standard OpenVPN connections, IVPN supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
<h5>{% include badge.html color="success" text="Remote Port Forwarding" %}</h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
<h5>{% include badge.html color="success" text="Mobile Clients" %}</h5>
<p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for <a href="https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683">App Store</a> and <a href="https://play.google.com/store/apps/details?id=net.ivpn.client">Google Play</a> allowing for easy connections to their servers. The mobile client on Android is also available in <a href="https://f-droid.org/en/packages/net.ivpn.client">F-Droid</a>, which ensures that it is compiled with <a href="https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html">reproducible builds</a>.</p>
<h5>{% include badge.html color="info" text="Extra Functionality" %}</h5>
<p>IVPN clients support two factor authentication (Mullvad and ProtonVPN clients do not). IVPN also provides "<a href="https://www.ivpn.net/antitracker">AntiTracker</a>" functionality, which blocks advertising networks and trackers from the network level.</p>
</div>
</div>
</div>
<div class="alert alert-warning" role="alert">
<strong>Note: Using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.</strong>
</div>