Networking

To find the best VPN service for your personal or business needs, you’ll need to compare brands, prices, features, and more. But first, you need to understand how a VPN accomplishes its primary mission: Keeping you safe and protecting your privacy online.

Fundamentally, most VPNs (virtual private networks) provide two services: They encrypt your data between two points and they hide the IP address (from which a general location can be derived) where you’re located. For those traveling or out and about, the first function is critical because most Wi-Fi available publicly is unencrypted — so anyone on the network can see what you were sending.  But VPNs also serve to hide your IP address, replacing the address logged on servers with one in a completely different location — even a different country. For those worrying about stalking or other threats, this feature could save lives. Most consumers, though, find streaming VPN features compelling because — in some cases, and with dubious legality — it allows them to spoof their region of origin to get access to streaming media and sports blacked out from their home locale. There is no doubt that you should use a VPN service provider when you’re using public Wi-Fi when away from home. But what about when you’re at home? Should you use a VPN then? My general advice is that using a VPN is not critical for most people at home, since your ISP rarely wants to look at your traffic. But if you live in an apartment with a bunch of curious roommates all sharing one router, a VPN might prove valuable. If you’re connecting to work and want to make sure you’re taking all the precautions you can (and if your employer hasn’t given you a corporate VPN to use) a VPN service would be useful. If you’re connecting to websites that log connection information and you don’t want to leave tracks where you are (especially where your home is), you might want to use a VPN. You get the idea: If you want extra protection and safety at home, then a VPN isn’t a bad idea. In this article, we look at a bunch of our top VPN solutions. We’ll cover many of the best VPN service providers, how to access the native VPNs built into your desktop machine, and even how to use your NAS as a VPN client and host. If you’re curious about VPNs, you can learn a lot more in our massive VPN FAQ.

Four tips to help you evaluate

1. Pay attention to trial period times and use them: Every VPN performs differently, and every user experience is going to be different still. Your ISP will offer different speeds than mine. Your favorite coffee shop has a different network connection than mine. You’re even likely to be connecting to different countries and definitely different sites. Before committing to a VPN provider, test candidates thoroughly in your real-world environment. That’s what the trial times and money-back guarantees are for.2. Avoid free VPN providers: Running a VPN is expensive and if the VPN provider doesn’t make money from your service fees, they’re going to make money from your data — sometimes even stealing your personal information and selling it. Stick with the proven commercial vendors we’ve tested.3. Don’t worry about country of jurisdiction, unless: There are generally two classes of VPN users, those who need to protect their coffee shop surfing and those counting on a VPN to protect their lives. VPN often provides a level of security theatre where folks get bent out of shape if a country has any form of data jurisdiction. But as I showed in this article, many countries outside of the so-called Five Eyes are Mutual Legal Assistance Treaties signatories and will share data with the US and other countries anyway. If you’re using a VPN to protect your life, research this a lot more than reading a review article.4. Finally, don’t sweat warrant canaries and no log policies: Most of you are going to use a VPN to protect your data stream from being hijacked by someone sharing your network. All of these big legal and jurisdictional issues get in the way of the simple fact that you want fast transfers and an encrypted tunnel from your spot in the airport to the website you’re trying to access.And with that, let’s dig into what makes the best VPNs tick and answer some more of your questions at the end of this article, so read on. But first, our picks for the best VPNs of 2022.

Which are the best VPN providers?

If you’re curious about how VPNs work or what a VPN provider can do for you, here’s a great VPN overview article. Now that you understand how a VPN service can help keep you safe, let’s kick it off with our list of recommended service providers.

A top-rated VPN provider

(Image: ExpressVPN)

Simultaneous Connections: 5 or unlimited with the router appKill Switch: YesPlatforms: A whole lot (see the full list here)Logging: No browsing logs, some connection logsCountries: 94Locations: 160Trial/MBG: 30 daysExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. Platforms include Windows, Mac, Linux, routers, iOS, Android, Chromebook, Kindle Fire, and even the Nook device. There are also browser extensions for Chrome and Firefox. Plus, ExpressVPN works with PlayStation, Apple TV, Xbox, Amazon Fire TV, and the Nintendo Switch. There’s even a manual setup option for Chromecast, Roku, and Nvidia Switch.Must read:With 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.While the company does not log browsing history or traffic destinations, it does log dates connected to the VPN service, amount transferred, and VPN server location. We do want to give ExpressVPN kudos for making this information very clear and easily accessible.Exclusive offer: Get 3 extra months free.

Leak-free and unlimited connections

Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, Linux, iOS, Android, Fire TV, Firefox, ChromeLogging: None, except billing dataTrial/MBG: 30 dayAt two bucks a month for a two-year plan (billed in one chunk), Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.Must read:Surfshark’s performance was higher than NordVPN and Norton Secure VPN, but lower than ExpressVPN and IPVanish. That said, Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.

Interesting options to enhance VPN safety and protection

Simultaneous Connections: 6Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Android TV, Chrome, FirefoxLogging: None, except billing dataCountries: 59Servers: 5517Trial/MBG: 30 dayAlso: How does NordVPN work? Plus how to set it up and use itNordVPN is one of the most popular consumer VPNs out there. Last year, Nord announced that it had been breached. Unfortunately, the breach had been active for more than 18 months. While there were failures at every level, NordVPN has taken substantial efforts to remedy the breach.Also: My in-depth review of NordVPNIn our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. The company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce.Also: My interview with NordVPN management on how they run their servicePerformance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. Overall, a solid choice, and with a 30-day money-back guarantee, worth a try.

Deep capabilities hidden in an easy-to-use app

Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, plus routers, Fire Stick, and KodiLogging: None, except billing dataServers: 1,500 Locations: 75Trial/MBG: 30 dayIPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.Also: My in-depth review of IPVanishIts UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so no matter what you’re connecting to, you can know what to expect. The company also provides an excellent server list with good current status information. There’s also a raft of configuration options for the app itself.In terms of performance, connection speed was crazy fast. Overall transfer performance was good. However, from a security perspective, it wasn’t able to hide that I was connecting via a VPN — although the data transferred was secure. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN.The company also has a partnership with SugarSync and provides 250GB of encrypted cloud storage with each plan.

Open source with a dedicated focus on security

Simultaneous Connections: Depends on planKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, routersLogging: None, except billing dataCountries: 54Servers: 1,077Trial/MBG: 30 dayWe really like the ProtonVPN story. The company was created by engineers and scientists who met at CERN (the European Center for Nuclear Research — where the Web was invented) with a focus on creating encrypted email and VPN communications with the idea of protecting the communication of activists and journalists. The company is also headquartered in Switzerland, which has very strong privacy laws.In terms of product, ProtonVPN has a belt-and-suspenders approach to security, layering strong protocols on top of perfect forward secrecy, on top of strong encryption. Not only does ProtonVPN have a kill switch, but it also has an always-on VPN, which attempts to restore VPN service if it’s dropped mid-communication. Finally, we like that all apps are open source and the company reports that they are independently audited. Finally, the company offers a very generous free VPN service, allowing one machine to connect at medium speed, but there doesn’t appear to be any limit to the amount of data used in the free plan.

Are there other VPNs worth considering?

Yes. Below is a selection of other well-known VPN services. 

VPN service hosted on its own infrastructure

Simultaneous Connections: 5Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, QNAP, Synology, router, TVLogging: None, except billing dataServers: 700+ on their own infrastructure Locations: 70Trial/MBG: 30 dayGolden Frog, the company behind VyprVPN, claims to be “A company as old as the Internet itself,” yet its own about page says the company was founded in 2009. Apparently, the founders of Golden Frog were founding companies back in the 90s, and they conflated the two facts. I’m always a bit uncomfortable when a security company conflates facts.On the plus side, we like that Golden Frog owns and manages its own infrastructure and does not rely on hosting companies. VPN infrastructure is often a murky thing, with the VPN service providers renting time from available data centers in host countries.The company offers a huge array of client software, including apps for routers and even BlackBerry devices. Apps support key features like a kill switch, a zero-knowledge DNS service, and their own Chameleon VPN protocol for added security. The company’s no-log service was last audited in 2018, so they’re a bit overdue.Golden Frog, also registered in Switzerland, is a standout in their effort to provide privacy and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog’s VyprVPN service added scrambled OpenVPN packets to keep the traffic flowing.

It’s Norton, a known and trusted brand. What else is there to say?

Simultaneous Connections: Based on planKill Switch: YesPlatforms: Windows, Mac, iOS, AndroidLogging: None, except billing dataCountries: UnspecifiedLocations: UnspecifiedTrial/MBG: 60 dayWe found performance is middle-of-the-road and platforms are limited to Mac, iOS, Windows, and Android. Don’t even think of using it on routers, Linux, or gaming platforms. Pricing is weirdly and unnecessarily tiered. The service raises its price by ten bucks when you jump from 1 device to 5, and another ten bucks when you jump to ten devices. Given the full ten simultaneous device package is a good deal at $59, it’s odd that it’s nickel-and-diming the lower tiers.Also: Norton Secure VPN review: More work is needed for this privacy product to shineWe’re recommending Norton not as much because it’s a great VPN (it’s really kinda meh), but because it’s from a brand we’ve long come to know and trust. The company also offers live 24/7 phone support and has an excellent 60-day money-back guarantee. The company also offers a generous 60-day money-back guarantee, but oddly doesn’t promote it. The only place it’s mentioned is deep inside their refund policy document.

A bundle of safety and security features beyond VPN

Simultaneous Connections: 7Kill Switch: YesPlatforms: All you’d expect and a lot moreLogging: None, except billing dataCountries: 89Servers: 6,381Trial/MBG: 45 daysThe CyberGhost client is more than a VPN connection driver. The company’s offering is a decently complete full security system, including ad-blocking, malicious website blocking, online footprint blocking (blocking cookies from dropping), and forced https redirect.Also: My in-depth review of CyberGhostWith more than 6,000 servers deployed in 89 countries and 112 locations, CyberGhost has a larger number of servers than many of the other VPN providers we surveyed. Performance was adequate. It provided enough bandwidth to stream video and get your job done, but it certainly wasn’t a rocket. Also, if you’re trying to hide the fact that you’re using a VPN, you’ll want to look elsewhere. That said, for a solid overall security package, CyberGhost is a good option.

31-day guarantee because sometimes that extra day matters

Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, and a lot moreLogging: None, except billing dataCountries: 140Servers: 2,000Trial/MBG: 31 dayMost VPN providers license their international server presence from local providers all over the globe. PureVPN doesn’t. They own their own self-managed network of more than 2,000 servers in 140 countries. This allows the company to support its full range of protocols (OpenVPN, L2TP/IPSec, SSTP, and IKEv2). It also offers PPTP, but it’s so porous, you probably shouldn’t use it.Given the tough times due to the novel coronavirus, PureVPN has sent its support folks home, but they’re up and running providing 24/7 support from the safety of sheltering in place. So even though business isn’t as usual, PureVPN has, like many companies, routed around the problem using internet technology to keep connected. We also like the 31-day money-back guarantee, support for a wide range of devices, including Kodi, Roku, and Boxee boxes. 

A tremendous number of VPN servers

Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, Firefox, OperaLogging: None, except billing dataCountries: 76Servers: 17,605Trial/MBG: 30 dayOne of the more interesting aspects of Private Internet Access is the wealth of payment options the company offers. Sure, you can pay by credit card. But you can also pay with cryptocurrencies including BitcoinCash, Bitcoin, Zcash, Ethereum, and Litecoin. If you’re not all up on the crypto-craze but still don’t want to leave a record of your payment, you can use over 100 brands of gift cards, including those from Best Buy, GameStop, Home Depot, Lowes, Target, and Walmart.The company supports a good range of protocols and you can use it on your customized DD-WRT router. We do like the quick setup, included ad, malware, and tracker blocker, and unlimited bandwidth is always appreciated.

Native VPN support on your desktop

If you’re connecting to a corporate VPN, you may not need to purchase a VPN service. All the major desktop operating systems include VPN capabilities. Here’s how to get started using those.

Native VPN support on Mac

Connect to a corporate VPN with Apple

If you’re connecting to an existing corporate virtual private network, you may not need an additional service. MacOS comes with native VPN support built right in.Apple provides VPN support for High Sierra, Mojave, Catalina, and now Big Sur. Just pop open System Preferences, head over to the Network tab, and either import the configuration file you were provided or hit the plus button and add a VPN interface. Here’s a handy tip sheet from Apple that will walk you through the process.

Native VPN support on Windows 10

Connect to a corporate VPN with Microsoft

If you’re connecting to an established corporate VPN, all you need to do is add a new Windows 10 VPN connection. Point your mouse at the Start menu, hit Settings, then Network & Internet, and then VPN. Make sure you have the connection details provided by work and then click on Add a New VPN Connection. Fill in the form and you’re good to go. Here’s a handy tip sheet from Microsoft.Windows 10 also allows you to host a VPN server by creating a new incoming network connection, choosing the users who can connect, and telling Windows that the incoming connection is across the internet. You’ll also have to configure your router to allow traffic to your computer. PureInfoTech has a helpful guide for setting it all up.

Native VPN support on Chromebook

Connect your laptop with Google

Sadly, this simple solution isn’t built into the standard Chrome browser. If you’re just using the browser on a Mac or Windows machine, you’ll need a different solution. That said, if you’re rocking a Chromebook, all you need to do is open Settings and then Network. Click Add Connection. Then all you need to do is choose between OpenVPN and L2TP over IPSec. Google has a handy cheat sheet right here to guide you through the process. 

Linux with WireGuard

Another reason to love open source

WireGuard is Linux’s new baked-in VPN capability. Its code is relatively simple and small, making it far easier to maintain, test, and debug. Linus Torvalds, Mr. Linux himself, calls WireGuard “a work of art.”Also: Linux’s WireGuard VPN is here and ready to protect youSo what do you need to set up WireGuard? More and more of the VPNs we spotlighted support WireGuard right out of the box. You can download it for Linux. But you can also download a package for Windows, Mac, iOS, Android, and FreeBSD. It’s like most open source products, in that you’ll need to do some reading and thinking to make it work. But it’s free, solid, safe, and, as Linus says, “Can I just once again state my love for it.” 

VPN for your whole home network

Many of the commercial VPN services discussed above offer router-based VPN solutions. Even though I have a pretty powerful router, I prefer to run my VPN on my NAS. Here are two NAS-based VPN solutions that will get you connected securely.

Synology NAS VPN support

Built-in VPN app on the NAS

If you have a NAS like the top-reviewed Synology, you may already have a NAS app you can set up and protect your whole home network. The Synology server has a very capable little VPN built-in, and it’s available free to anyone with the NAS.If you want to go a step further and use some Synology-exclusive VPN services like Synology SSL VPN, clientless WebVPN, and remote desktop, as well as a site-to-site VPN service, you can do so using the Synology router I reviewed last year. That service is called VPN Plus and it normally costs $9.99 per concurrent user. But because of COVID-19, Synology’s offering free VPN Plus between now and September.

A mini-FAQ about VPNs

I answered a bunch of common questions above our big list of the best VPNs for 2022. But here’s a quick lightning round of questions and answers about VPNs, just to round out your knowledge.

Do VPN providers limit usage?

Some do. Check when you sign up. For non-free plans, none of the providers we recommended limit the amount of data you can use. But almost all limit how many devices you can use at once.

What does logging really mean?

Logging is the recording of data about your usage and it occurs everywhere. Every website, at minimum, records an IP address, time, and data accessed so they can track traffic. All VPN providers have to check credentials against recorded personal data to make sure you paid, but a few let you sign up with Bitcoin, allowing you to completely hide your identity. When we say a VPN doesn’t log data, we mean they don’t track what sites you visit and for how long, but they may track how much of their own infrastructure you use.

Is it legal to use a VPN?

Yes, in most countries. Some countries (and you should read my guide for more in-depth info) have made VPN use illegal. And even in countries where it’s legal, it’s likely to be illegal to use a VPN to spoof a streaming service into giving you content that otherwise wouldn’t be accessible. Plus…

Can I use a VPN to get free Netflix or watch a blacked-out sports event?

Sometimes, but it’s likely illegal and probably fattening. There’s an ongoing arms race where the media vendors are getting better at identifying and blocking VPN connections, so each case is different. And that’s all we can say about it, because… illegal.

If I have a VPN to my office, do I need a VPN service?

The VPN to your office will secure your link to your office. If you want to secure your link to anywhere else, you’ll need a VPN service.

Should I use a VPN on my phone or tablet?

If it’s your data and you want it to be secure, yes. The same choices are valid regardless of what kind of device you use to transmit and receive data over the Internet.

What’s this kill switch thing?

So let’s say you’re surfing along and all of a sudden your VPN connection fails. Your phone or computer is likely to immediately try to reconnect and do so directly, without going through a VPN. All of a sudden your data is unprotected. A kill switch is a feature in your device’s VPN app that detects that connection fails and immediately shuts down network access. Like with everything, it’s not a 100% perfect solution, but these days, I wouldn’t recommend using a VPN that doesn’t offer a kill switch.

What do simultaneous connections mean and why should I care?

I’ll give you a personal example. When I travel, I often take my laptop and my tablet. I use the laptop to write and I use the tablet as a second screen to look stuff up. I have two connections I’m using at once and I want my VPN to protect both. If my wife is also doing the same thing, that’s four connections. Add our phones and you have six connections. If we’re using all those devices at once that’s simultaneous connections. The more the better.

Does a VPN slow down your connection?

Let’s be clear: Using a VPN does add a bit of a load on your computer and can often slow down your connection. That’s because your data is encrypted, decrypted, and sent through intermediate servers. Game responsiveness might suffer. If you’re a first-person shooter player, you might have enough lag to lose the shot. That said, both computers and VPNs have gotten much faster. When I first used a VPN, every… thing…slowed… down… to… an… unbearable… c-r-a-w-l. But now, the negative impact is almost unnoticeable, and at least one service we spotlight below (Hotspot Shield) actually increased performance, making it one of the fastest VPNs we’ve seen.Also, most (but not all!) of the VPN providers we spotlight limit the number of devices you can connect simultaneously, so you may have to pick and choose which home devices connect.

What about all those weird protocol words?

If you’ve been shopping for a VPN service, you’ve undoubtedly come across a bunch of names like SSL, OpenVPN, SSTP, L2TP/IPSec, PPP, PPTP, IKEv2/IPSec, SOCKS5, and more. These are all communication protocols. They are, essentially, the name of the method by which your communication is encrypted and packaged for tunneling to the VPN provider. To be honest, while VPN geeks can argue over protocols for hours, you’re probably good enough if you just use the default setup by your provider.

What’s the best free VPN service?

We’re spotlighting paid services in this article, although some of them offer a free tier. I generally don’t recommend free VPN services because I don’t consider them secure. Think about this: Running a good VPN service requires hundreds of servers across the world and a ton of networking resources. It’s boo-coo expensive. If you’re not paying to support that infrastructure, who is? Probably advertisers or data miners. If you use a free service, your data or your eyeballs will probably be sold, and that’s never a good thing. After all, you’re using a VPN so your data remains secure. You wouldn’t want to then have all that data go to some company to sift through — it completely defeats the purpose.Now, before you choose a VPN service, free or paid, I want to make it clear that no one tool can guarantee your privacy. First, anything can be hacked. But more to the point, a VPN protects your data from your computer to the VPN service. It doesn’t protect what you put on servers. It doesn’t protect your data from the VPN provider’s VPN servers to whatever site or cloud-based application you’re using. It doesn’t give you good passwords or multifactor authentication. Privacy and security require you to be diligent throughout your digital journey, and VPNs, while quite helpful, are not a miracle cure.

How did we choose these VPN services?

This list did not involve as much original research and testing as some of my other recommendation lists. That’s because I’ve been writing VPN articles every month or so since early 2017. I have looked at a lot of VPN providers.Also: Fastest VPN: How we rated the top servicesMany of the providers recommended in this list have been subject to in-depth testing and reviews, written either by me or by CNET’s product evaluation team. For those, we have tangible testing numbers. Other VPNs have been ones we’ve been talking about for years, spoken with their management and their users, and have developed a generally positive impression.A few of the VPNs (Hotspot Shield, in particular) had a more rocky road. They had some tough PR at the beginning and made some seemingly ludicrous claims about speed. It wasn’t until I brought them in house and pounded on them for a few weeks that I realized that their claims were justified. Sometimes, products just surprise you.But here’s the thing: All these vendors have solid money-back guarantees and we would not have recommended them otherwise. We do test VPN services from multiple locations, but we can’t test from all locations. Every home, every community, every local ISP, and every nation has a different infrastructure. It’s essential that once you choose, you test for all your likely usage profiles, and only then make the decision to keep the service or request a refund.One thing to consider is whether you’re looking for a solution for working at home vs. traveling. For example, if you travel rarely (even before COVID-19), have strong bandwidth at home, and have a NAS or a server box, you might want to VPN to your home server from your machine’s native client, and then out to the world. If you’re newly home for the duration and your company has a dedicated VPN, you’ll want to use whatever process they’ve set out for you.Must read: But, generally speaking, it doesn’t hurt to have a VPN provider already set up and in your kit bag. Most home-based traffic won’t require VPN usage, but if you’re on any sort of shared connection, having a VPN provider is a good idea. Also, if you ever think you’ll need to access the Internet from out and about — like a hospital or doctor’s office, then having a VPN provider can be a win. Likewise, if you want to obscure where you’re connecting from (this might be more important now that we’re always in the same place all day), a VPN provider might help.Finally, don’t expect miracles. Your home-based pandemic broadband pipes are likely to be more clogged than ever before. Everyone is at home, many people are streaming movies to stay sane, and there are only so many bits that can fit at any given time. If you experience traffic slowdowns, be sure to check not only your VPN, but your Wi-Fi connection between your device and your router, your connection to your broadband provider, and even their connection to upstream providers.That said, we’re all in this together. Hang in there and stay safe. How are you managing your home-based networking? Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

The National University of Singapore (NUS) plans to run a two-year trial to tap the use of Internet of Things (IoT) applications, with the aim to better manage its campus. Drones and patrol robots, for instance, may be part of live tests to enhance safety and facilitate quicker response to situations.Local telco StarHub has been roped in to provide its 5G and IoT service offerings, the partners said in a joint statement. StarHub’s 5G standalone services and fully solar-powered outdoor Wi-Fi system already have been deployed within the NUS campus. During the two-year collaboration, they would look to tap the network to improve operational efficiencies in managing outdoor campus facilities management. Both would work to identify gaps and co-develop applications in smart campus facilities management, with live data to be pulled from sensors and consolidated for analysis. 

Potential use cases here could include inspection of building facade, housekeeping and landscape operations, waste management, and security management. Augmented and virtual reality applications also could be used to provide an immersive classroom, tapping the university campus, for sustainability education.Asked to elaborate on trials that had been planned, a spokesperson told ZDNet initial efforts would focus on the use of IoT sensors to more effectively maintain facilities in a large campus environment. Housekeeping, for instance, was labour-intensive and could prove a challenge where resources are limited. To address such challenges, smart sanitary sensors have been installed at NUS U-Town, which will alert facility managers when taps or flushing systems are faulty. This not only reduces the need for regular maintenance and cuts wastage, but also speeds up response and rectification. Ammonia and occupancy sensors also have been deployed to track usage and provide notification when toilets require cleaning.

StarHub’s integrated 5G IoT network enables the university’s facility managers to access the data via a user-friendly dashboard, in real-time, so action can be taken in a timely manner, according to the spokesperson. He noted that some trials already were underway and further use cases to be developed. These included predictive maintenance, cleaning, and security management.Drones and patrol robots, for example, could be tapped to facilitate a safer campus environment with better situational awareness and quicker response time, he said. “Enabled by 5G, mobile cameras installed in these drones and patrol robots could transmit live feed seamlessly to the security command centre, to quickly detect any suspicious objects and activities on campus,” he noted. Through the two-year pilot, NUS hoped to testbed use cases to demonstrate the various benefits as well as feasibility of a wider deployment across its campus. The spokesperson noted that research suggested the time needed to inspect building facade could be slashed by 70% with the use of drone technology, powered by artificial intelligence.NUS’ vice president of campus infrastructure Koh Yan Leng said: “The high-speed connectivity and real-time communications that 5G provides will allow us to redesign our facilities management workflow, enhancing productivity, efficiency and safety, as well as provide targeted responses tailored to different situations.”NUS’ chief IT officer Tan Shui-Min added that NUS aimed to be “a borderless university, where learning and working can take place anywhere, anytime, and through any device”.StarHub’s chief of enterprise business group Charlie Chan said: “Partnering NUS, we are capitalising on 5G to build a smart sensor network and generate new insights, for more agile decision-making and greater workforce productivity.”RELATED COVERAGE More

When choosing a VPN, you’ve got a lot of choices. In our best of guide and speed test guide, we’ve narrowed down the list from the 50+ branded commercial options out there to about 10. But once you narrow the list down even more, how do you choose? In this article, we’ve taken two of our top choices — NordVPN and Surfshark — and compared them. About the Nord/Surfshark mergerIn early February 2022, Nord Security and Surfshark announced they were merging. According to their merger blog post, the companies say they will continue to operate as separate companies, with separate VPN infrastructures. We have no doubt this is true… for now. Merging large infrastructures takes time, and neither player wants to cede performance or position to their competitors due to a botched operational merger.That said, we don’t expect this to be the case in the long term. They’d be foolish not to consolidate infrastructures, teams, and technologies — and these are not foolish players.But for now, you’re still choosing between the various players, and our overview content below remains relevant.And with that, let’s dive in.

Less expensive option

Servers: 3200 Countries: 65Simultaneous connections: unlimitedKill switch: yesLogging: noBest Price: $59.76 for 24 months ($2.49 per month)Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, FireTV

Consistently fast performance

Servers: 5242Countries: 60Simultaneous connections: 6Kill switch: yesLogging: Email address and billing information onlyPrice: $11.95 per monthBest Price: $89 for two years ($3.30/mo)Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, game consoles, smart TVs, mor

Pricing

Surfshark wins

VPN providers are always tinkering with their pricing, so these numbers are bound to change. That said, Surfshark is less expensive. Surfshark’s best deal is what it touts as a $2.49 a month plan (you’ll really be paying $59.76 now for two years of service). Nord is asking for $3.71 (or a wallet hit of $89 on signup for two years of service).Surfshark definitively wins this round by allowing you to run an unlimited number of devices with its Surfshark VPN service, while Nord permits a relatively generous six simultaneous connections which is far less than the unlimited device amount.Both offer a 30-day money-back guarantee.

Speed

NordVPN wins

Image: ZDNet/David Gewirtz

In our fastest VPN guide, we took a look at both our own in-house tests and how the Internet overall rated open VPNs. We compared VPN rankings in speed tests from 10 sites besides ZDNet. Of potentially more interest, we compared the standard deviation of those rankings, which helps us determine whether a given VPN has a consistent ranking all across the internet, or different reviewers got wildly different numbers.As the above slide shows, NordVPN not only had a better aggregate average ranking but a considerably lower standard deviation. This means that pretty much wherever you are, your NordVPN performance should be pretty good. By contrast, how Surfshark will perform is likely to be considerably less predictable.

Platform clients

Tie between NordVPN and Surfshark

Both NordVPN and Surfshark support the big four: iOS, Android, Mac, and Windows. Surfshark also supports Linux, FireTV, Apple TV/iphone, and what it calls “other TVs.” It supports Xbox and Playstation as well as browsers Chrome and Firefox.NordVPN lists Android TV, Linux, and Chrome and Firefox extensions on its download page, but has a support page for installing NordVPN on other platforms, including routers, Raspberry Pi, and NAS boxes including Synology, Western Digital My Cloud, and QNAP.The fact is, both products support a reasonably wide range of devices. If you’re a NAS user, you probably want NordVPN. If you’re a console gamer, you probably want Surfshark. As we always recommend, do your research before buying.

Security profile

Tie between NordVPN and Surfshark

Let’s get this out of the way upfront: If you’re counting on a VPN for your physical freedom or to protect your life, you must do a lot more research than just reading an article like this. With that said, let’s look at the overall profile for these two vendors and their Wi-Fi.NordVPN has gotten a lot of mileage out of its Panamanian corporate registration, claiming that Panama puts its records out of the legal reach of governments and lawyers. I discussed in great depth in my analysis of NordSec that it’s possible that countries with Mutual Legal Assistance Treaties (MLAT) may well be able to pierce the corporate veil.Although I didn’t do as deep an in-depth Surfshark VPN review for security, the company has the same claims and limits as Nord. Surfshark lists its registry in the British Virgin Islands but is a company with developers based in many MLAT countries as well. It boasts a private DNS service among its advanced features so you can be protected even while using public Wi-Fi whether you’re in Australia, Hong Kong, the Netherlands, the USA, or anywhere in between. Surfshark also says it passed the German company Cure53’s security audit and offers uncrackable AES-256 bit encryption alongside its strict no-logs policy, but the German audit was limited to Surfshark’s browser extensions.Both vendors tout a no-logs policy. Both vendors say they don’t capture VPN connection time stamps, used bandwidth, traffic logs, IP addresses, or browsing data. Both offer warrant canaries. Both capture email addresses and billing information. NordVPN does capture your billing address and country. Both NordVPN and Surfshark accept cryptocurrencies. This makes it safer to use apps such as Paypal and use your credit card without having fear of security breaches.

Special features

Tie between NordVPN and Surfshark

Both vendors offer a kill switch, which we consider table stakes in terms of VPN special features. Surfshark offers a multi-hop connection, which is similar to NordVPN’s feature causing your IP address to change twice before reaching the destination vpn server. Both support P2P, allowing you to torrent your favorite Linux distros (and possibly other digital sharing activities of dubious legality, which we categorically do not recommend).NordVPN has a few interesting features not provided by Surfshark. NordVPN also provides Onion Over VPN, which allows you to use both the Onion anonymizer and Nord’s VPN together. NordVPN also allows you to buy a dedicated IP address, which can help if you’re dealing with anonymous servers or gaming connections. NordVPN also offers business plans.Both providers offer malware and adware filtering, although Surfshark’s AdBlock VPN feature appears to be somewhat more comprehensive. Surfshark also offers what it calls Camouflage Mode, which the company says can prevent your local ISP from knowing you’re surfing using a VPN. While NordVPN has a blog post on whitelisting, they don’t appear to have whitelisting as an actual client feature. By contrast, Suftshark uses its split-tunneling feature as a whitelister.Both vendors come to the game with most of the features you’d expect. Nord has a few more business-focused features while Surfshark has some features that may afford a limited degree of additional personal privacy — but this would need in-depth testing to truly validate. As such, we’re calling a tie for special features.

Decision treeSo how do you decide? Here are a few options that may make that decision easier. The fastest VPN: NordVPN, Hotspot Shield, and ExpressVPN compared: We don’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the web, and let you know which provider is the best overall.If price is your top concern, Surfshark will save you about $30 over two years. If predictably fast download performance is key, then NordVPN is more consistently fast in overall performance. If you need a VPN for a NAS appliance, then NordVPN is your choice. If you want a VPN for your Xbox or PlayStation instead of a mobile device or mobile apps, choose Surfshark. If you want a dedicated IP address or more business-oriented features, choose NordVPN. There you go. Surfshark vs. NordVPN. It’s not a super cut-and-dry answer. One isn’t wildly better than the other. But the decision tree above should help you pick the winner given your own needs. How do these choices fit your needs? 

For more about Surfshark VPN, see our video overview:

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Telstra enterprise group executive David Burns
Image: Telstra
Telstra and Intellihub have signed a 10-year AU$100 million agreement that will see the latter have its smart meters on the former’s mobile network. The telco said the deal was its largest involving the internet of things. “Using the Cisco Jasper platform, the IoT SIMs will be incorporated into Intellihub’s smart meters to deliver real-time monitoring and insights to help Intellihub and its customers better manage things like energy demand, solar feed-ins, and peaks and troughs,” Telstra Enterprise group executive David Burns said. “Intellihub was founded four years ago and has grown significantly with more than 1 million meters installed and around 1,000 new meters going in every day. Our IoT SIM will be soldered into each device at the point of manufacture.” Telstra added it already has approximately 500,000 Intellihub smart meters on its network, and in total had over five million IoT devices connected, with 1.2 million on its LPWAN network. The telco said it currently has around four million square kilometres of NB-IoT coverage, and three million square kilometres of LTE-M coverage. For its part, Intellihub said the deal would allow for around four million connected devices, and would help it support its 40 electricity retail customers. The meter provider also said it has been selected as a “key metering supplier” for Telstra Energy, and it would be providing its Intelli-M smart meter and Intelli-ConX communications bridge.

“We have more than 1.2 million smart meters under management across Australia and New Zealand, and a significant pipeline over the next decade,” Intellihub CEO Wes Ballantine said. Speaking in November, Telstra Energy chief Ben Burge said the telco would be taking a measured approach to entering energy market this year. Having gained authorisation to operate in New South Wales, Queensland, and South Australia, Telstra will begin signing up some of its employees as customers on a test basis, before the public can sign up by the end of this fiscal year. Burge said the telco had previously used its standby power assets in its telecommunication infrastructure to stabilise the grid and address market shortages. Elsewhere on Monday, TPG Telecom has signed an agreement with Nokia to deploy private 4G and 5G mobile networks for the mining sector. “As our industries adopt transformative technologies like automation and virtualisation, it’s essential to have smart, fast, sustainable and resilient private network solutions supporting their operations,” Nokia Oceania head Anna Perrin said. Related Coverage More

This week Juniper Networks announced its new Secure Edge product, which is a cloud-based firewall-as-a-service (FWaaS) solution. The new product will be part of its secure-access service edge (SASE) portfolio, which currently includes application control, anti-malware, identity and access control, intrusion prevention, threat intelligence, zero trust, and secure web access. All the features available in Juniper’s on-premises SRX next-generation firewall (NGFW) are now available from the cloud. Historically, SASE deployments had been tied to SD-WAN because customers required a different security model to protect a wide-area network that utilizes internet transport instead of private IP services, such as MPLS. SD-WAN deployments stalled when people were sent to work from home as companies started to rethink branch-office connectivity. Also: How Juniper is using AI in SD-WAN to differentiate itselfSASE enables businesses to give home workers business-grade security 

ZDNet Recommends

This is when SASE purchasing shifted from secondary to primary. Securing home workers is a non-trivial, expensive task with traditional security devices. Businesses would need to connect workers to a corporate location via a VPN, aggregate the connection and secure them through a next-generation firewall, and then workers would connect to the internet through a single connection. Most home workers use cloud apps, obviating the need to connect to a company location. Ideally, users would directly connect to the cloud services, but this creates a security nightmare. One solution would be to give every worker a business-grade security device, but this is prohibitively expensive and creates a management nightmare because keeping hardware, software, firmware, and configurations up to date are difficult — if not impossible — on a user-by-user basis. Juniper’s unique differentiator here is its unified policy management via its Security Director Cloud portal. There are many SASE vendors today, most of whom are cloud-only. While that model is ideally suited for remote work, it’s not in line with hybrid work. The world has been in an almost 100% work-from-home model for the better part of two years, but people will eventually come back to the office — not 100%, but part of the time. My research shows that 51% of employees plan to work at home 2 to 3 days a week in perpetuity, which means 2 to 3 days a week in the office.Hybrid is the way forward for security This means traditional, on-premises firewalls, intrusion prevention systems, and similar tools will still be in place. Managing the remote workers using SASE and company locations via a different model is problematic because policies need to be kept in sync. Some of the SASE pure plays, such as Cato Networks, pitch a vision where all locations everywhere will be secured via SASE, but that’s just not true.

Almost every technology transition shifts to a hybrid model. Think virtualization — there are still many physical servers being used. The world isn’t 100% VoIP, nor is it all wireless. Hybrid always winds up being the way for all technology. With security, once a location has more than a few hundred users, it makes no sense to secure it via the cloud because the amount of data generated to inspect the traffic cloud is more than user-generated traffic. For these large locations, on-premises systems will still be used. Also: How Intermedia became a viable contender in cloud communicationsUnified management is a key differentiator Juniper’s Security Director Cloud is a single pane of glass for unified policy management across the SRX firewalls and SASE cloud. This isn’t just for firewalls because the policies extend to all the SRX capabilities. Current Juniper customers would benefit most because they could apply the existing policies to SASE-delivered services upon deployment of the service, possibly saving months of time. The hybrid nature of the service also lets customers migrate at a pace with which they are comfortable. The Juniper Security Director platform offers customers dynamic zero trust to adopt policies based on user behavior. For example, a worker could be accessing a new service that is exhibiting suspicious behavior. Juniper’s system would automatically update the policies to protect the company. This can be particularly useful in a hybrid work environment where users may be purchasing their own services to store documents remotely, collaborate with others, or do another task. Shadow IT is one of the most challenging trends facing security professionals because it’s a big blind spot as users connect to cloud services directly. Connecting workers to a SASE node shines a light on that blind spot, and then dynamic segmentation automatically sets the policies without IT intervention. 

Enterprise Software More

There are many words used to describe Web3, the latest iteration of the World Wide Web: decentralized, verifiable, trustless, permissionless. Now, you can add “human” to the list…specifically “.hmn”.

ZDNet Recommends

On Tuesday, Butterfly Protocol, a decentralized autonomous organization, or DAO, and Cortex Application announced that they’re launching new .hmn top-level domains (TLDs) on the Polygon protocol — free to the public — making Web3 available to everyone. Butterfly Protocol will be giving away the .hmn domains indefinitely and can be claimed on its website.According to Cortex App’s press release, the .hmn domains are full NFT domains that cross-chain with lifetime ownership, intended to be given away to any person who wants one. The .hmn domains resolve across Ethereum, Polygon, and the current web (or legacy DNS) using name.hmn.link. The .hmn domain also bridges to other crypto projects such as the Ethereum Name Service (ENS), with name.hmn.eth. ENS is an open, public, decentralized identity protocol that runs on the Ethereum blockchain. In the spirit of Web3 as a decentralized form of the internet, not controlled by a centralized cabal of corporate players, the .hmn domains never expire and don’t require renewal fees, enabling the user to truly own their domain, unlike other TLD offerings. What’s more, the .hmn domains allow for a single identity that works with next-generation projects such as the newly-launched Cortex App, alongside existing browsers and crypto wallets, Cortex said.Also: What is Web3? Everything you need to know about the decentralized future of the internetAs metaverses start popping up and coalescing in the digital universe, domain NFTs are needed because they represent a user’s Web3 identity and online “home.” To improve user experience, the .hmn domains are free of charge and last forever, according to Cortex. “All of your activity, from published content to collaborative documents, will be tied to it, and that opens the door to making efficient use of decentralized, person-centric data,” said Leonard Kish, CEO and co-founder of the Cortex app. “A domain is an identity, but also an address for your digital home on Web3. We can now provide all that at near-zero cost,” he said in the announcement.Cortex said that its app is being constructed with domains as a core component and gateway to a crypto-enabled, human-centric data infrastructure and will allow users to build on a complete Web3 stack where wallet addresses and URLs are synonymous. So, each page will have a human-readable crypto address, just like current URLs, but can also store tokens belonging to the person who owns it. “While regular DNS points to a server, a .hmn domain points to a human. So we need these to reach across protocols, just like humans do,” said Cortex chief technology officer and co-founder Josh Robinson. More

China’s telecommunications sector climbed 8% last year to hit 1.47 trillion yuan ($232.41 billion) in revenue. Its internet services industry also saw growth, expanding 21.2% to reach 1.55 trillion yuan ($245.06 billion) in revenue. Enterprise demand for new digital services, such as cloud computing, big data, and data centres were the biggest drivers that fuelled the Chinese telecom market, according to the country’s Ministry of Industry and Information Technology (MIIT). Revenue from these digital services grew 27.8% and accounted for 44.5% of the industry’s overall revenue growth, the ministry said. 

It added that the 8% year-on-year growth was higher than the 4.1% growth rate clocked in 2020. Revenue from fixed line, data, and internet services contributed 61.5% of the total industry.  Pointing to China’s push for new infrastructures, specifically 5G networks, the MIIT said the country had rolled out some 1.43 million 5G base stations by end-2021. These accounted for more than 60% of the global figure, it said.  It also noted that more than 300 Chinese cities had begun building gigabit optic fibre networks, adding that investments in internet broadband access climbed 40% year-on-year in 2021. China’s internet and related services market also saw robust growth, expanding 21.2% to reach 1.55 trillion yuan ($245.06 billion) in revenue, according to MIIT.

Businesses in the local sector registered 132 billion yuan ($20.87 billion) in profits, clocking a 13.3% year-on-year growth, reported state-owned news agency Xinhua, citing stats from the ministry. These organisations also spent 5% more on research and development (R&D) last year, forking out 75.42 billion yuan ($11.92 billion). MIIT’s figures include Chinese businesses that register at least 5 million yuan ($790,500) in revenue from internet services. Organisations that drew the same amount in revenue from China’s software and IT industry also saw growth last year, the ministry said, noting that there were more than 40,000 such companies in the sector.In particular, the IT services market expanded by 20% year-on-year to register 6 trillion yuan ($948.6 billion) in revenue. Software vendors saw their combined profits climb 7.6% to almost 1.19 trillion yuan ($188.14 billion) in 2021, MIIT said. It revealed that China’s software exports tipped $52.1 billion last year, up 8.8% year-on-year.RELATED COVERAGE More

Image: Al Drago/Bloomberg via Getty Images
Telstra and Viasat have signed a 16.5-year deal that will see the Australian telco build and manage the ground infrastructure needed for when the Viasat-3 geosynchronous satellite constellation eventually comes online.Under the deal, Telstra will collocate satellite access nodes at hundreds of its sites around Australia, as well as build and manage the links between those sites and multiple data centres that will house core networking equipment. When it announced Viasat-3, the company expected the first satellite to be launched in late 2019 or early 2020, but fate and the coronavirus intervened to push back those plans. “Later this year, we will begin the launch cycle of our Viasat-3 constellation, which is a trio of the highest capacity commercial geo-satellites ever built. Each one, delivering more than a terabit per second … total network throughput, which is about a thousand times more efficient than when you compare it to our first-generation satellites,” Viasat president of space and commercial networks Dave Ryan said on Wednesday. “This terabit class of satellites is truly unique, and offers the best industry bandwidth economics especially when you compare it to other geos to medium, earth orbit, or lower satellite systems.” The first satellite is set to be launched will service the Americas, followed by two more launched at six-month intervals to service EMEA and Asia-Pacific. It is expected that the trio will support download speeds of “well over” 150Mbps. Even though the Telstra network is limited to Australia, it will still support service outside the nation.

“The vast majority of the equipment to be able to operate the Asia Pacific region is what we’re talking about deploying in Australia,” Ryan told ZDNet. “There may, and probably will be, cases where some countries want their own hub, and so there may be relatively small amounts of equipment that might go into other countries as we expand out and meet those particular requirements. “Some countries do want to have a regional control, for example, of what goes in and out of their countries. All countries do to some degree and sometimes that requires additional hubs put into their countries. But it’s a relatively small amount of equipment compared to what we are talking about working with Telstra on.” Telstra added it was in discussions on how it may use Viasat services in the future. At the same time, Telstra announced it would add 20,000kms of new fibre to its optical network that would support transmission rates of up to 650Gbps, and express connectivity between Sydney and Melbourne, Brisbane, and Perth of up to 55Tbps. The telco said trials were already underway, with the proper build to commence before the end of this fiscal year, with the hit to capital expenditure to be around AU$350 million over the 2023 to 2025 fiscal years. All up, both projects are set to cost between AU$1.4 billion to AU$1.6 billion, and are expected to continue approximately AU$200 million to earnings by FY26 and be paid off in nine years. “They are also consistent with our strategy to create value from InfraCo, including considering monetisation opportunities over time,” Telstra CEO Andy Penn said. “Our strong cash flows and T25 growth ambitions provide us the flexibility to make these strategic infrastructure investments, whilst maintaining flexibility to return excess cash to shareholders. Together, these investments are expected to deliver incremental long-term accretive growth.” In November, Viasat announced it would acquire UK-based Inmarsat in a $7.3 billion transaction that is set to close later this year. The combined entity would have a fleet of 19 satellites in service with another 10 under construction, a global Ka-band footprint and L-band assets and licences for all-weather narrowband and IoT connectivity. Viasat added it would introduce its beamforming, end-user terminal, and payload technologies to “unlock greater value” in Inmarsat’s L-band space assets.  Related Coverage More