Recommended VPNs

Find a no-logging VPN operator who isn’t out to sell or read your web traffic.

Proton VPN is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.

IVPN is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.

Mullvad is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and does not have a free trial.

Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations. We have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.


We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. If a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.

Minimum to Qualify:

  • Support for strong protocols such as WireGuard & OpenVPN.
  • Killswitch built in to clients.
  • Multihop support. Multihopping is important to keep data private in case of a single node compromise.
  • If VPN clients are provided, they should be open-source, like the VPN software they generally have built into them. We believe that source code availability provides greater transparency about what your device is actually doing.

Best Case:

  • WireGuard and OpenVPN support.
  • Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
  • Easy-to-use VPN clients
  • Supports IPv6. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
  • Capability of remote port forwarding assists in creating connections when using P2P (Peer-to-Peer) file sharing software or hosting a server (e.g., Mumble).


We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required.

Minimum to Qualify:

  • Monero or cash payment option.
  • No personal information required to register: Only username, password, and email at most.

Best Case:

  • Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.)
  • No personal information accepted (autogenerated username, no email required, etc.)


A VPN is pointless if it can’t even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider’s security, ideally in a very comprehensive manner and on a repeated (yearly) basis.

Minimum to Qualify:

  • Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
  • Perfect Forward Secrecy (PFS).
  • Published security audits from a reputable third-party firm.

Best Case:

  • Strongest Encryption: RSA-4096.
  • Perfect Forward Secrecy (PFS).
  • Comprehensive published security audits from a reputable third-party firm.
  • Bug-bounty programs and/or a coordinated vulnerability-disclosure process.


You wouldn’t trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.

Minimum to Qualify:

  • Public-facing leadership or ownership.

Best Case:

  • Public-facing leadership.
  • Frequent transparency reports.


With the VPN providers we recommend we like to see responsible marketing.

Minimum to Qualify:

  • Must self-host analytics (i.e., no Google Analytics). The provider’s site must also comply with DNT (Do Not Track) for people who want to opt-out.

Must not have any marketing which is irresponsible:

  • Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
    • Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.)
    • Browser fingerprinting
  • Claim that a single circuit VPN is “more anonymous” than Tor, which is a circuit of three or more hops that regularly changes.
  • Use responsible language: i.e., it is okay to say that a VPN is “disconnected” or “not connected”, however claiming that someone is “exposed”, “vulnerable” or “compromised” is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider’s service or using Tor.

Best Case:

Responsible marketing that is both educational and useful to the consumer could include:

  • An accurate comparison to when Tor should be used instead.
  • Availability of the VPN provider’s website over a .onion Onion Service

Additional Functionality

While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.