To find the best VPN service for your personal or business needs, you’ll need to compare brands, prices, features, and more. But first, you need to understand how a VPN accomplishes its primary mission: Keeping you safe and protecting your privacy online.
Fundamentally, most VPNs (virtual private networks) provide two services: They encrypt your data between two points and they hide the IP address (from which a general location can be derived) where you’re located. For those traveling or out and about, the first function is critical because most Wi-Fi available publicly is unencrypted — so anyone on the network can see what you were sending. But VPNs also serve to hide your IP address, replacing the address logged on servers with one in a completely different location — even a different country. For those worrying about stalking or other threats, this feature could save lives. Most consumers, though, find streaming VPN features compelling because — in some cases, and with dubious legality — it allows them to spoof their region of origin to get access to streaming media and sports blacked out from their home locale. There is no doubt that you should use a VPN service provider when you’re using public Wi-Fi when away from home. But what about when you’re at home? Should you use a VPN then? My general advice is that using a VPN is not critical for most people at home, since your ISP rarely wants to look at your traffic. But if you live in an apartment with a bunch of curious roommates all sharing one router, a VPN might prove valuable. If you’re connecting to work and want to make sure you’re taking all the precautions you can (and if your employer hasn’t given you a corporate VPN to use) a VPN service would be useful. If you’re connecting to websites that log connection information and you don’t want to leave tracks where you are (especially where your home is), you might want to use a VPN. You get the idea: If you want extra protection and safety at home, then a VPN isn’t a bad idea. In this article, we look at a bunch of our top VPN solutions. We’ll cover many of the best VPN service providers, how to access the native VPNs built into your desktop machine, and even how to use your NAS as a VPN client and host. If you’re curious about VPNs, you can learn a lot more in our massive VPN FAQ.
Four tips to help you evaluate
1. Pay attention to trial period times and use them: Every VPN performs differently, and every user experience is going to be different still. Your ISP will offer different speeds than mine. Your favorite coffee shop has a different network connection than mine. You’re even likely to be connecting to different countries and definitely different sites. Before committing to a VPN provider, test candidates thoroughly in your real-world environment. That’s what the trial times and money-back guarantees are for.2. Avoid free VPN providers: Running a VPN is expensive and if the VPN provider doesn’t make money from your service fees, they’re going to make money from your data — sometimes even stealing your personal information and selling it. Stick with the proven commercial vendors we’ve tested.3. Don’t worry about country of jurisdiction, unless: There are generally two classes of VPN users, those who need to protect their coffee shop surfing and those counting on a VPN to protect their lives. VPN often provides a level of security theatre where folks get bent out of shape if a country has any form of data jurisdiction. But as I showed in this article, many countries outside of the so-called Five Eyes are Mutual Legal Assistance Treaties signatories and will share data with the US and other countries anyway. If you’re using a VPN to protect your life, research this a lot more than reading a review article.4. Finally, don’t sweat warrant canaries and no log policies: Most of you are going to use a VPN to protect your data stream from being hijacked by someone sharing your network. All of these big legal and jurisdictional issues get in the way of the simple fact that you want fast transfers and an encrypted tunnel from your spot in the airport to the website you’re trying to access.And with that, let’s dig into what makes the best VPNs tick and answer some more of your questions at the end of this article, so read on. But first, our picks for the best VPNs of 2022.
Which are the best VPN providers?
If you’re curious about how VPNs work or what a VPN provider can do for you, here’s a great VPN overview article. Now that you understand how a VPN service can help keep you safe, let’s kick it off with our list of recommended service providers.
A top-rated VPN provider
(Image: ExpressVPN)
Simultaneous Connections: 5 or unlimited with the router appKill Switch: YesPlatforms: A whole lot (see the full list here)Logging: No browsing logs, some connection logsCountries: 94Locations: 160Trial/MBG: 30 daysExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. Platforms include Windows, Mac, Linux, routers, iOS, Android, Chromebook, Kindle Fire, and even the Nook device. There are also browser extensions for Chrome and Firefox. Plus, ExpressVPN works with PlayStation, Apple TV, Xbox, Amazon Fire TV, and the Nintendo Switch. There’s even a manual setup option for Chromecast, Roku, and Nvidia Switch.Must read:With 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.While the company does not log browsing history or traffic destinations, it does log dates connected to the VPN service, amount transferred, and VPN server location. We do want to give ExpressVPN kudos for making this information very clear and easily accessible.Exclusive offer: Get 3 extra months free.
Leak-free and unlimited connections
Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, Linux, iOS, Android, Fire TV, Firefox, ChromeLogging: None, except billing dataTrial/MBG: 30 dayAt two bucks a month for a two-year plan (billed in one chunk), Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.Must read:Surfshark’s performance was higher than NordVPN and Norton Secure VPN, but lower than ExpressVPN and IPVanish. That said, Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.
Interesting options to enhance VPN safety and protection
Simultaneous Connections: 6Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Android TV, Chrome, FirefoxLogging: None, except billing dataCountries: 59Servers: 5517Trial/MBG: 30 dayAlso: How does NordVPN work? Plus how to set it up and use itNordVPN is one of the most popular consumer VPNs out there. Last year, Nord announced that it had been breached. Unfortunately, the breach had been active for more than 18 months. While there were failures at every level, NordVPN has taken substantial efforts to remedy the breach.Also: My in-depth review of NordVPNIn our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. The company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce.Also: My interview with NordVPN management on how they run their servicePerformance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. Overall, a solid choice, and with a 30-day money-back guarantee, worth a try.
Deep capabilities hidden in an easy-to-use app
Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, plus routers, Fire Stick, and KodiLogging: None, except billing dataServers: 1,500 Locations: 75Trial/MBG: 30 dayIPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.Also: My in-depth review of IPVanishIts UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so no matter what you’re connecting to, you can know what to expect. The company also provides an excellent server list with good current status information. There’s also a raft of configuration options for the app itself.In terms of performance, connection speed was crazy fast. Overall transfer performance was good. However, from a security perspective, it wasn’t able to hide that I was connecting via a VPN — although the data transferred was secure. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN.The company also has a partnership with SugarSync and provides 250GB of encrypted cloud storage with each plan.
Open source with a dedicated focus on security
Simultaneous Connections: Depends on planKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, routersLogging: None, except billing dataCountries: 54Servers: 1,077Trial/MBG: 30 dayWe really like the ProtonVPN story. The company was created by engineers and scientists who met at CERN (the European Center for Nuclear Research — where the Web was invented) with a focus on creating encrypted email and VPN communications with the idea of protecting the communication of activists and journalists. The company is also headquartered in Switzerland, which has very strong privacy laws.In terms of product, ProtonVPN has a belt-and-suspenders approach to security, layering strong protocols on top of perfect forward secrecy, on top of strong encryption. Not only does ProtonVPN have a kill switch, but it also has an always-on VPN, which attempts to restore VPN service if it’s dropped mid-communication. Finally, we like that all apps are open source and the company reports that they are independently audited. Finally, the company offers a very generous free VPN service, allowing one machine to connect at medium speed, but there doesn’t appear to be any limit to the amount of data used in the free plan.
Are there other VPNs worth considering?
Yes. Below is a selection of other well-known VPN services.
VPN service hosted on its own infrastructure
Simultaneous Connections: 5Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, QNAP, Synology, router, TVLogging: None, except billing dataServers: 700+ on their own infrastructure Locations: 70Trial/MBG: 30 dayGolden Frog, the company behind VyprVPN, claims to be “A company as old as the Internet itself,” yet its own about page says the company was founded in 2009. Apparently, the founders of Golden Frog were founding companies back in the 90s, and they conflated the two facts. I’m always a bit uncomfortable when a security company conflates facts.On the plus side, we like that Golden Frog owns and manages its own infrastructure and does not rely on hosting companies. VPN infrastructure is often a murky thing, with the VPN service providers renting time from available data centers in host countries.The company offers a huge array of client software, including apps for routers and even BlackBerry devices. Apps support key features like a kill switch, a zero-knowledge DNS service, and their own Chameleon VPN protocol for added security. The company’s no-log service was last audited in 2018, so they’re a bit overdue.Golden Frog, also registered in Switzerland, is a standout in their effort to provide privacy and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog’s VyprVPN service added scrambled OpenVPN packets to keep the traffic flowing.
It’s Norton, a known and trusted brand. What else is there to say?
Simultaneous Connections: Based on planKill Switch: YesPlatforms: Windows, Mac, iOS, AndroidLogging: None, except billing dataCountries: UnspecifiedLocations: UnspecifiedTrial/MBG: 60 dayWe found performance is middle-of-the-road and platforms are limited to Mac, iOS, Windows, and Android. Don’t even think of using it on routers, Linux, or gaming platforms. Pricing is weirdly and unnecessarily tiered. The service raises its price by ten bucks when you jump from 1 device to 5, and another ten bucks when you jump to ten devices. Given the full ten simultaneous device package is a good deal at $59, it’s odd that it’s nickel-and-diming the lower tiers.Also: Norton Secure VPN review: More work is needed for this privacy product to shineWe’re recommending Norton not as much because it’s a great VPN (it’s really kinda meh), but because it’s from a brand we’ve long come to know and trust. The company also offers live 24/7 phone support and has an excellent 60-day money-back guarantee. The company also offers a generous 60-day money-back guarantee, but oddly doesn’t promote it. The only place it’s mentioned is deep inside their refund policy document.
A bundle of safety and security features beyond VPN
Simultaneous Connections: 7Kill Switch: YesPlatforms: All you’d expect and a lot moreLogging: None, except billing dataCountries: 89Servers: 6,381Trial/MBG: 45 daysThe CyberGhost client is more than a VPN connection driver. The company’s offering is a decently complete full security system, including ad-blocking, malicious website blocking, online footprint blocking (blocking cookies from dropping), and forced https redirect.Also: My in-depth review of CyberGhostWith more than 6,000 servers deployed in 89 countries and 112 locations, CyberGhost has a larger number of servers than many of the other VPN providers we surveyed. Performance was adequate. It provided enough bandwidth to stream video and get your job done, but it certainly wasn’t a rocket. Also, if you’re trying to hide the fact that you’re using a VPN, you’ll want to look elsewhere. That said, for a solid overall security package, CyberGhost is a good option.
31-day guarantee because sometimes that extra day matters
Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, and a lot moreLogging: None, except billing dataCountries: 140Servers: 2,000Trial/MBG: 31 dayMost VPN providers license their international server presence from local providers all over the globe. PureVPN doesn’t. They own their own self-managed network of more than 2,000 servers in 140 countries. This allows the company to support its full range of protocols (OpenVPN, L2TP/IPSec, SSTP, and IKEv2). It also offers PPTP, but it’s so porous, you probably shouldn’t use it.Given the tough times due to the novel coronavirus, PureVPN has sent its support folks home, but they’re up and running providing 24/7 support from the safety of sheltering in place. So even though business isn’t as usual, PureVPN has, like many companies, routed around the problem using internet technology to keep connected. We also like the 31-day money-back guarantee, support for a wide range of devices, including Kodi, Roku, and Boxee boxes.
A tremendous number of VPN servers
Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, Firefox, OperaLogging: None, except billing dataCountries: 76Servers: 17,605Trial/MBG: 30 dayOne of the more interesting aspects of Private Internet Access is the wealth of payment options the company offers. Sure, you can pay by credit card. But you can also pay with cryptocurrencies including BitcoinCash, Bitcoin, Zcash, Ethereum, and Litecoin. If you’re not all up on the crypto-craze but still don’t want to leave a record of your payment, you can use over 100 brands of gift cards, including those from Best Buy, GameStop, Home Depot, Lowes, Target, and Walmart.The company supports a good range of protocols and you can use it on your customized DD-WRT router. We do like the quick setup, included ad, malware, and tracker blocker, and unlimited bandwidth is always appreciated.
Native VPN support on your desktop
If you’re connecting to a corporate VPN, you may not need to purchase a VPN service. All the major desktop operating systems include VPN capabilities. Here’s how to get started using those.
Native VPN support on Mac
Connect to a corporate VPN with Apple
If you’re connecting to an existing corporate virtual private network, you may not need an additional service. MacOS comes with native VPN support built right in.Apple provides VPN support for High Sierra, Mojave, Catalina, and now Big Sur. Just pop open System Preferences, head over to the Network tab, and either import the configuration file you were provided or hit the plus button and add a VPN interface. Here’s a handy tip sheet from Apple that will walk you through the process.
Native VPN support on Windows 10
Connect to a corporate VPN with Microsoft
If you’re connecting to an established corporate VPN, all you need to do is add a new Windows 10 VPN connection. Point your mouse at the Start menu, hit Settings, then Network & Internet, and then VPN. Make sure you have the connection details provided by work and then click on Add a New VPN Connection. Fill in the form and you’re good to go. Here’s a handy tip sheet from Microsoft.Windows 10 also allows you to host a VPN server by creating a new incoming network connection, choosing the users who can connect, and telling Windows that the incoming connection is across the internet. You’ll also have to configure your router to allow traffic to your computer. PureInfoTech has a helpful guide for setting it all up.
Native VPN support on Chromebook
Connect your laptop with Google
Sadly, this simple solution isn’t built into the standard Chrome browser. If you’re just using the browser on a Mac or Windows machine, you’ll need a different solution. That said, if you’re rocking a Chromebook, all you need to do is open Settings and then Network. Click Add Connection. Then all you need to do is choose between OpenVPN and L2TP over IPSec. Google has a handy cheat sheet right here to guide you through the process.
Linux with WireGuard
Another reason to love open source
WireGuard is Linux’s new baked-in VPN capability. Its code is relatively simple and small, making it far easier to maintain, test, and debug. Linus Torvalds, Mr. Linux himself, calls WireGuard “a work of art.”Also: Linux’s WireGuard VPN is here and ready to protect youSo what do you need to set up WireGuard? More and more of the VPNs we spotlighted support WireGuard right out of the box. You can download it for Linux. But you can also download a package for Windows, Mac, iOS, Android, and FreeBSD. It’s like most open source products, in that you’ll need to do some reading and thinking to make it work. But it’s free, solid, safe, and, as Linus says, “Can I just once again state my love for it.”
VPN for your whole home network
Many of the commercial VPN services discussed above offer router-based VPN solutions. Even though I have a pretty powerful router, I prefer to run my VPN on my NAS. Here are two NAS-based VPN solutions that will get you connected securely.
Synology NAS VPN support
Built-in VPN app on the NAS
If you have a NAS like the top-reviewed Synology, you may already have a NAS app you can set up and protect your whole home network. The Synology server has a very capable little VPN built-in, and it’s available free to anyone with the NAS.If you want to go a step further and use some Synology-exclusive VPN services like Synology SSL VPN, clientless WebVPN, and remote desktop, as well as a site-to-site VPN service, you can do so using the Synology router I reviewed last year. That service is called VPN Plus and it normally costs $9.99 per concurrent user. But because of COVID-19, Synology’s offering free VPN Plus between now and September.
A mini-FAQ about VPNs
I answered a bunch of common questions above our big list of the best VPNs for 2022. But here’s a quick lightning round of questions and answers about VPNs, just to round out your knowledge.
Do VPN providers limit usage?
Some do. Check when you sign up. For non-free plans, none of the providers we recommended limit the amount of data you can use. But almost all limit how many devices you can use at once.
What does logging really mean?
Logging is the recording of data about your usage and it occurs everywhere. Every website, at minimum, records an IP address, time, and data accessed so they can track traffic. All VPN providers have to check credentials against recorded personal data to make sure you paid, but a few let you sign up with Bitcoin, allowing you to completely hide your identity. When we say a VPN doesn’t log data, we mean they don’t track what sites you visit and for how long, but they may track how much of their own infrastructure you use.
Is it legal to use a VPN?
Yes, in most countries. Some countries (and you should read my guide for more in-depth info) have made VPN use illegal. And even in countries where it’s legal, it’s likely to be illegal to use a VPN to spoof a streaming service into giving you content that otherwise wouldn’t be accessible. Plus…
Can I use a VPN to get free Netflix or watch a blacked-out sports event?
Sometimes, but it’s likely illegal and probably fattening. There’s an ongoing arms race where the media vendors are getting better at identifying and blocking VPN connections, so each case is different. And that’s all we can say about it, because… illegal.
If I have a VPN to my office, do I need a VPN service?
The VPN to your office will secure your link to your office. If you want to secure your link to anywhere else, you’ll need a VPN service.
Should I use a VPN on my phone or tablet?
If it’s your data and you want it to be secure, yes. The same choices are valid regardless of what kind of device you use to transmit and receive data over the Internet.
What’s this kill switch thing?
So let’s say you’re surfing along and all of a sudden your VPN connection fails. Your phone or computer is likely to immediately try to reconnect and do so directly, without going through a VPN. All of a sudden your data is unprotected. A kill switch is a feature in your device’s VPN app that detects that connection fails and immediately shuts down network access. Like with everything, it’s not a 100% perfect solution, but these days, I wouldn’t recommend using a VPN that doesn’t offer a kill switch.
What do simultaneous connections mean and why should I care?
I’ll give you a personal example. When I travel, I often take my laptop and my tablet. I use the laptop to write and I use the tablet as a second screen to look stuff up. I have two connections I’m using at once and I want my VPN to protect both. If my wife is also doing the same thing, that’s four connections. Add our phones and you have six connections. If we’re using all those devices at once that’s simultaneous connections. The more the better.
Does a VPN slow down your connection?
Let’s be clear: Using a VPN does add a bit of a load on your computer and can often slow down your connection. That’s because your data is encrypted, decrypted, and sent through intermediate servers. Game responsiveness might suffer. If you’re a first-person shooter player, you might have enough lag to lose the shot. That said, both computers and VPNs have gotten much faster. When I first used a VPN, every… thing…slowed… down… to… an… unbearable… c-r-a-w-l. But now, the negative impact is almost unnoticeable, and at least one service we spotlight below (Hotspot Shield) actually increased performance, making it one of the fastest VPNs we’ve seen.Also, most (but not all!) of the VPN providers we spotlight limit the number of devices you can connect simultaneously, so you may have to pick and choose which home devices connect.
What about all those weird protocol words?
If you’ve been shopping for a VPN service, you’ve undoubtedly come across a bunch of names like SSL, OpenVPN, SSTP, L2TP/IPSec, PPP, PPTP, IKEv2/IPSec, SOCKS5, and more. These are all communication protocols. They are, essentially, the name of the method by which your communication is encrypted and packaged for tunneling to the VPN provider. To be honest, while VPN geeks can argue over protocols for hours, you’re probably good enough if you just use the default setup by your provider.
What’s the best free VPN service?
We’re spotlighting paid services in this article, although some of them offer a free tier. I generally don’t recommend free VPN services because I don’t consider them secure. Think about this: Running a good VPN service requires hundreds of servers across the world and a ton of networking resources. It’s boo-coo expensive. If you’re not paying to support that infrastructure, who is? Probably advertisers or data miners. If you use a free service, your data or your eyeballs will probably be sold, and that’s never a good thing. After all, you’re using a VPN so your data remains secure. You wouldn’t want to then have all that data go to some company to sift through — it completely defeats the purpose.Now, before you choose a VPN service, free or paid, I want to make it clear that no one tool can guarantee your privacy. First, anything can be hacked. But more to the point, a VPN protects your data from your computer to the VPN service. It doesn’t protect what you put on servers. It doesn’t protect your data from the VPN provider’s VPN servers to whatever site or cloud-based application you’re using. It doesn’t give you good passwords or multifactor authentication. Privacy and security require you to be diligent throughout your digital journey, and VPNs, while quite helpful, are not a miracle cure.
How did we choose these VPN services?
This list did not involve as much original research and testing as some of my other recommendation lists. That’s because I’ve been writing VPN articles every month or so since early 2017. I have looked at a lot of VPN providers.Also: Fastest VPN: How we rated the top servicesMany of the providers recommended in this list have been subject to in-depth testing and reviews, written either by me or by CNET’s product evaluation team. For those, we have tangible testing numbers. Other VPNs have been ones we’ve been talking about for years, spoken with their management and their users, and have developed a generally positive impression.A few of the VPNs (Hotspot Shield, in particular) had a more rocky road. They had some tough PR at the beginning and made some seemingly ludicrous claims about speed. It wasn’t until I brought them in house and pounded on them for a few weeks that I realized that their claims were justified. Sometimes, products just surprise you.But here’s the thing: All these vendors have solid money-back guarantees and we would not have recommended them otherwise. We do test VPN services from multiple locations, but we can’t test from all locations. Every home, every community, every local ISP, and every nation has a different infrastructure. It’s essential that once you choose, you test for all your likely usage profiles, and only then make the decision to keep the service or request a refund.One thing to consider is whether you’re looking for a solution for working at home vs. traveling. For example, if you travel rarely (even before COVID-19), have strong bandwidth at home, and have a NAS or a server box, you might want to VPN to your home server from your machine’s native client, and then out to the world. If you’re newly home for the duration and your company has a dedicated VPN, you’ll want to use whatever process they’ve set out for you.Must read: But, generally speaking, it doesn’t hurt to have a VPN provider already set up and in your kit bag. Most home-based traffic won’t require VPN usage, but if you’re on any sort of shared connection, having a VPN provider is a good idea. Also, if you ever think you’ll need to access the Internet from out and about — like a hospital or doctor’s office, then having a VPN provider can be a win. Likewise, if you want to obscure where you’re connecting from (this might be more important now that we’re always in the same place all day), a VPN provider might help.Finally, don’t expect miracles. Your home-based pandemic broadband pipes are likely to be more clogged than ever before. Everyone is at home, many people are streaming movies to stay sane, and there are only so many bits that can fit at any given time. If you experience traffic slowdowns, be sure to check not only your VPN, but your Wi-Fi connection between your device and your router, your connection to your broadband provider, and even their connection to upstream providers.That said, we’re all in this together. Hang in there and stay safe. How are you managing your home-based networking? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.
ZDNet Recommends More
