The Best VPN Service

I am a writer for Wirecutter, and I’ve been covering privacy and security since 2012, spending much of that time focused on testing and evaluating VPNs.

For this guide:

• I looked over VPN reviews from PCMag, Tom’s Guide, and other outlets. I also read criticism of the VPN industry from Consumer Reports and Ars Technica, as well as the Electronic Frontier Foundation’s guide to VPNs.
• I spent several weeks researching 85 VPNs before settling on 11 for testing.
• I compiled data from 62 VPN companies about their pricing and features to determine industry trends.
• I interviewed privacy experts from the Electronic Frontier Foundation and the Freedom of the Press Foundation.
• During testing, I read through all the companies’ available policy documents and third-party audits.
• Like all Wirecutter journalists, I review and test products with complete editorial independence. I am never made aware of any business implications of my editorial recommendations. Read more about our editorial standards.

Previous versions of this guide were written by Yael Grauer and David Huerta.

When you use a VPN, all of your web traffic is protected by an encrypted connection between your computer and a server operated by the VPN company. Such companies have long claimed that this encryption keeps your internet service provider from peeking at your activities and stops snoops on public Wi-Fi networks from intercepting your private information or rerouting you to phishing sites. VPN companies also play up how their services hide your IP address, making it harder for advertisers to track you across the web.

A VPN does do all of that — but whether a VPN is actually necessary for most people to use every day is no longer clear. The widespread adoption of secure HTTPS browsing in the United States limits what ISPs and anyone running a Wi-Fi network can see, even without a VPN. “Since it’s encrypted, they can’t see your credit card information or things like that,” Rory Mir, the Electronic Frontier Foundation’s associate director of community organizing, told us. ISPs and Wi-Fi operators may still see what sites you visit but not the specific pages. “They can just see you going to Reddit or Wirecutter,” Mir added.

On top of that, some of the Wi-Fi attacks that VPNs were designed to protect against aren’t even feasible today. David Huerta, senior digital security trainer at Freedom of the Press Foundation, told us that if a Wi-Fi operator were to attempt to redirect you to a malicious page, it would set off numerous alerts in your browser.

Other threats that people encounter can’t be addressed with a VPN alone. VPNs can hide your IP address, but advertisers have numerous sophisticated options for tracking and identifying you online. A VPN also can’t protect against attackers who use information from data breaches to hijack your accounts, and it can’t shield you from scammers who trick you into entering your password on a phishing site.

CyberGhost, Cryptostorm, ExpressVPN, and other VPN companies also advertise that their products can hide users’ online activity from government surveillance. While a VPN can make it harder for other parties to trace online activities back to their source, the reality is more complicated. Thorin Klosowski, security and privacy activist at EFF and former Wirecutter writer, told us that law enforcement can access data directly from personal devices by requesting the information from online sites and services, or by purchasing it from data brokers. “VPNs don’t help with any of that,” said Klosowski.

The experts we spoke with told us that most people probably don’t need a VPN all the time. “It’s a largely redundant and unnecessary thing for most people,” Huerta said. But VPNs are still useful if you have specific goals in mind. A VPN prevents your ISP from seeing anything you do online, more so than HTTPS alone. And there’s good reason to distrust ISPs and their handling of your data, so if that’s a concern for you, a VPN can help. You may also want to use a VPN while traveling, because HTTPS is less widely used outside the US.

VPNs can be especially useful for marginalized people in dangerous environments, Mir told us. Activists or anyone living under a government that censors the internet can use a VPN to try to circumvent those restrictions. And journalists can use a VPN’s IP-address-hiding abilities to avoid tipping off subjects to an investigation.

When evaluating VPNs, we consider the following elements to be the most important.

Trustworthiness: An unscrupulous VPN company could monitor all your traffic, sell your information, or worse. We look for several signals that a VPN takes its customers’ privacy seriously.

• Recent third-party audits: We prefer services that perform audits annually, which should ideally cover backend infrastructure and privacy-policy compliance. Audits represent only a snapshot in time, but we consider them extremely valuable.
• Strong privacy policy: The policy should outline what information the company does and does not gather, as well as the efforts the company makes to protect its customers.
• Listing of public leadership: A VPN company should be clear about who owns it and what humans are responsible for the service.
• Bug bounty or disclosure program: Trustworthy VPNs have a system in place for researchers to report potential vulnerabilities so the company can address them.
• Transparency report: Ideally, a VPN company should outline the requests for information it receives from law enforcement and how it responded to those requests.
• Fair, reasonable marketing copy: The best VPNs don’t resort to misleading scare tactics to drive sign-ups.

Affordability: Looking across 62 VPN services, we found an average monthly price of a little over $10 and an average annual price of $67. VPNs that cost more than the average aren’t necessarily overpriced, but they should offer compelling features to justify their cost.

Most VPNs cost less if you buy a subscription for a year or longer. We recommend that you hold off on committing at first and instead buy the shortest subscription so that you can test the VPN yourself.

Excellent underlying technology: We decided to limit our testing to services that support the open-source OpenVPN protocol, but we gave preference to VPNs that also support the WireGuard protocol, which is a new, lightweight, open-source VPN protocol. We prefer open-source options since researchers can examine them for potential vulnerabilities.

Support for basic controls and security features: A VPN ideally should allow you to use at least five different devices with its service at the same time. The VPN should include a kill switch, which ensures that your machine doesn’t transmit unencrypted data if the VPN is disconnected. Ideally, the app should also let you select a VPN server location manually.

The best VPNs also include additional privacy features. Obfuscation makes VPN traffic appear as if it’s HTTPS traffic and thus makes it less likely to be blocked. Multi-hop connections route your traffic through at least two VPN servers, ensuring that your connection is secure even if one VPN server is compromised. Split tunneling lets you designate which apps send their data through the VPN connection, routing low-risk but high-bandwidth tasks such as video streaming outside the VPN. Some VPNs route all your web traffic through a VPN and the Tor network; this provides greater privacy but also slows your connection enormously.

Many VPN companies have expanded their portfolios to include password managers, secure file storage, data-removal services, and even antivirus. We didn’t evaluate these features closely, but purchasing a bundle of services can result in a cost savings if you’re also in need of other privacy tools.

Ease of use: A good VPN should be available on all the major mobile and desktop platforms, with similar features across all its apps. The best services offer polished interfaces that connect quickly and make it obvious when the VPN is in use and when it is not.

To assemble a list of VPN services for consideration, we checked other reviews from Consumer Reports, PCMag, and other outlets. We also looked at the most popular search results and noted which services’ ads we saw the most. Out of the 62 that we evaluated, we tested 11 VPN services that met our criteria: Bitdefender Premium VPN, Brave VPN, Hide.me VPN, IVPN, Mullvad VPN, NordVPN, Norton Secure VPN, NymVPN, Proton VPN, TunnelBear VPN, and Windscribe.

We read the privacy policies and available audits for all of these services, and we examined their apps and documentation for information about their underlying technology. After purchasing accounts from all of these companies, we evaluated the user experience on an Android phone, an iPhone, an Apple MacBook Pro laptop, and a Windows laptop. We used online DNS leak test tools (such as DNSLeakTest) to confirm that the VPN was not leaking DNS requests and that our visible IP address changed on every device. All of the VPNs we tested passed both tests on every platform.

We contacted customer support for all 11 of the VPNs we tested, asking a simple question about the service.

Speed testing

When you use a VPN, your internet connection slows down because the VPN adds physical distance and additional stops along your internet traffic’s path. Even the best, fastest VPN slows things down a bit.

Price and privacy features are better criteria for judging a VPN, especially because there’s only so much that a company can do to improve its service’s speed. How a VPN performs for you depends on where you are, when you connect, what VPN server you select, and so on.

We performed speed tests on the seven VPNs we evaluated using the Ookla Speedtest browser tool. Ookla provides three results:

• Latency: This refers to the time it takes for your computer to communicate with Ookla’s test server. The result is measured in milliseconds. For these tests, we used “idle latency,” which is measured when the test tool isn’t testing upload or download speed.
• Download: This is the rate at which data can be downloaded from the internet to your computer, measured in megabits per second (Mbps).
• Upload: This is the rate at which data can be uploaded from your computer to the internet, also measured in megabits per second.

We used a Windows 11 Lenovo laptop connected by Ethernet to a residential FiOS internet connection in Manhattan. We ran several tests with and without the VPN, took the median of each set, and then found the percentage change between the two.

Note: You may occasionally see better performance with a VPN turned on than without, but that is usually not the case. In general, we do not think you should rely on a VPN to provide a better, faster internet experience.

VPN service performance penalty

Our testing showed that IVPN impacted our connection the least in all three categories. Although our picks didn’t perform the best in our speed testing, their ease of use, value, and dedication to privacy outweigh any impact on performance.

Keep in mind that your results are likely to vary greatly from ours. To demonstrate how variable VPN performance can be, we asked four Wirecutter staff members to test our top VPN picks in their own homes. Testers used a mixture of macOS and Windows computers, Wi-Fi and Ethernet connections, and the ISP they had at home. We chose the testers based on their geographic locations across the continental US, including urban and rural environments.

Comparing top VPN picks across nation

TunnelBear consistently had better latency in our nationwide testing. Despite that, Mullvad had better download and upload results overall. However, as the results show, VPN performance is not guaranteed. That’s why we don’t consider it to be a major criteria for selecting a VPN. If you’re concerned about the impact on speed, try out a VPN service in your own home and see if it performs well and doesn’t interfere with your day-to-day tasks.

Mullvad puts customer privacy front and center, with features designed to protect VPN users that few other services offer. It also costs significantly less than other VPNs. Some features — such as the lack of usernames, passwords, and recurring billing — might take some getting used to, but the benefits outweigh the quirks. Mullvad has been our top VPN pick for five years running.

It’s affordable. At a cost of €5 per month or €60 per year (about $6 and $70, respectively, at this writing), Mullvad is one of the very few VPNs we’ve seen that don’t incentivize long-term subscriptions with lower prices. Despite that, it’s still one of the most affordable VPNs available, costing about half the average price per month and just a few dollars more than the average for annual plans. Mullvad accepts credit cards, PayPal, and numerous other options. Paying for subscriptions with cryptocurrency gets you a 10% discount. The company does not offer a free trial of its VPN, but it does have a 14-day money-back guarantee.

We compared VPN pricing for plans that offered a comparable set of features. Prices are rounded to the dollar and are accurate as of August 22, 2025.

It’s designed for privacy. You don’t need to provide any personal information to Mullvad in order to use its VPN. When you create an account, Mullvad generates a random account number that serves as your sole identifier. You also use this account number to log in, no password or username required. The idea is that by retaining as little information about customers as possible, Mullvad cannot be compelled to hand over information about them to law enforcement. Even a successful attack on its infrastructure would yield little about its customers.

That dedication to privacy extends to payments as well. The company also accepts cash sent directly to its offices, allowing customers to avoid leaving a digital paper trail. While Mullvad allows payment via wire transaction, that makes some personal information visible to Mullvad in bank records. We advise against using wire transfers if you’re concerned about anonymity.

Mullvad does not offer automatic subscription renewal, because doing so would require the company to track subscription information about its customers. Renewing manually can be a little inconvenient, but it also means you’re less likely to pay for time when you’re not using the VPN.

Mullvad is known for its transparency and trustworthiness. The company’s website lists its leadership and ownership structure, as well as a system for researchers to report potential vulnerabilities. Mullvad has also released third-party audits steadily for the past few years, including evaluations of its infrastructure. The company’s privacy policy is clear and fairly easy to read, and Mullvad provides numerous other documents that go in-depth on important issues, such as what laws apply to the Gothenburg, Sweden–based company.

To its credit, Mullvad has also been open about security issues, like when Swedish authorities unsuccessfully attempted to search its offices. Unlike other companies that simply list countries where they offer servers, Mullvad has an interactive site showing all of its servers, their features, and even who owns them. It’s a rarely seen degree of transparency.

Its apps are easy to use and built on good technology. Mullvad’s apps are consistent across platforms and straightforward to use, if a bit utilitarian. Getting online is easy, as is switching servers. One quirk: All of Mullvad’s apps connect to servers in Sweden by default. If you don’t live in Sweden, you’ll probably want to manually select something closer to home.

All of Mullvad’s apps support the WireGuard VPN protocol, and its desktop apps also support OpenVPN. The company has announced that it will move away from OpenVPN and support only WireGuard in 2026. Its apps also support multi-hop connections, which route your traffic through a second VPN server. And it provides split tunneling, which lets you route some traffic outside the VPN connection, on every platform other than its iOS app.

Obfuscation, which disguises VPN traffic to avoid being blocked, is available in all of its apps, but it’s tucked into the settings like other tools. A new option called DAITA does even more, masking your internet traffic patterns with dummy data. The company says that its kill switch, which blocks your device from sending data when the VPN is disconnected, is always on and cannot be disabled unless you quit the Mullvad app. Mullvad’s optional lockdown mode continues blocking internet access even if you quit the app, however.

It has some features that go beyond what a traditional VPN offers. Mullvad’s app includes the option to block certain kinds of content, such as adult websites, ads, trackers, and more. We prefer to use browser extensions for tracker blocking, but we appreciate Mullvad’s filters regardless. We also like that Mullvad makes clear that its malware-blocking feature is not the same as full-fledged antivirus protection.

Mullvad doesn’t offer access to the Tor network via VPN, but it did collaborate with the Tor Project to design the separate Mullvad Browser. This browser includes several anti-tracking and privacy features but does not connect to the Tor network.

Flaws but not dealbreakers

Some of the privacy-preserving features are confusing. Because Mullvad doesn’t offer automatic renewal for subscriptions, you have to keep a close eye on your account to make sure it stays active. We like Mullvad’s use of account numbers instead of usernames and passwords, but that practice might confuse some people. Fortunately, Mullvad’s prompt customer service can help; we sent a request midday, and an emailed response took just nine minutes to arrive.

The privacy and transparency information isn’t centralized. Mullvad has a solid track record of safeguarding its customers’ privacy, but we’d like to see it make that information easier to find. The company should have a readily accessible transparency report that’s updated frequently, and it should commit to annual third-party audits — the company currently undergoes audits every two years.

Mullvad allows only five simultaneous connections. This restriction is especially frustrating, as an increasing number of VPNs have raised or removed limitations on the number of simultaneous connections. If you try to log in to a sixth device, you’re prompted to remotely log out from another. That’s easily done, but it’s still annoying.

It offers servers in only 49 countries. That’s below the average we’ve seen of 61 countries, and it’s far less than the selection you get from services such as NordVPN or Proton VPN — both of which offer servers in over 100 countries. Mullvad’s smaller selection of servers includes a good mix of regions, but you might have trouble finding a server if you’re traveling or looking to spoof your location.

Other VPN companies lean on technobabble and flashy graphics to assure and entice customers, but TunnelBear uses deadpan cartoon bears and a silly sense of humor. It’s a refreshingly friendly experience, and the service backs that up with a demonstrated track record of privacy and transparency. It’s a VPN you might actually want to use, and you can use it for free (kind of).

It has a long-running commitment to privacy. TunnelBear was one of the first VPN companies to commit to annual third-party audits, and it has stuck to that policy since 2016. It also releases transparency reports, though at a less regular cadence than its audits. Its privacy policy is thorough and includes plain-language breakout sections that explain some portions in greater detail. The Canadian company is owned by McAfee, and McAfee Secure VPN uses TunnelBear’s technology and server network.

It covers the basics well. TunnelBear supports the WireGuard and OpenVPN protocols across all its apps, and it supports IKEv2 on all its apps except the Android version. Its service includes a kill switch (called VigilantBear) and obfuscation (GhostBear), the latter of which is intended to get around attempts to block VPN traffic. Split tunneling (the two-headed SplitBear) is available in all its apps, but the iOS and macOS version can route only websites, not app traffic, and the Android version can only route app traffic. One standout feature: TunnelBear places no limits on the number of devices you can use at the same time, so it’s a great choice if you want to have a VPN on all your smart devices.

What you won’t find with TunnelBear are additional privacy features. It lacks multi-hop connections, something that Mullvad offers, and it does not provide access to Tor via VPN, as Proton VPN does. Most people are unlikely to miss those tools. You also won’t find a server in every location: TunnelBear has servers across a diverse cross-section of the globe, but only 47 countries total.

It’s a pleasure to use. Although nearly all the VPNs we tested are easy to use, few could be described as enjoyable — and none have the personality of TunnelBear. When you connect, a bear digs a hole before emerging out of a green pipe à la Mario. The TunnelBear app looks particularly lively on iPhones, and we especially like that it comes with 12 custom app icons. Most importantly, these flourishes don’t get in the way of using TunnelBear. If anything, they might encourage customers to explore what it can do. How else will people discover that enabling split tunneling causes an on-screen bear to grow a second head? That friendliness is backed by good customer service; we sent an email request at midday, and the company responded within an hour.

When we’ve given friends and loved ones a choice between what we consider to be the best VPN options, nearly all of them have picked TunnelBear.

It offers a limited free subscription. Most VPNs that offer free subscriptions are too shady to recommend, but TunnelBear is a trustworthy company. Free subscribers are limited to only 2 GB of data per month but can access any of TunnelBear’s servers and use as many devices as they wish.

Flaws but not dealbreakers

TunnelBear frequently demonstrates middling speed-test results. Although speed isn’t our primary concern when evaluating VPNs, it gives us pause when we see TunnelBear frequently posting results well below those of the competition. We’d like to see the company address this issue in the future, but in practice we didn’t notice a big impact on performance with TunnelBear running on our daily-driver phone.

Free subscribers can’t use it all the time. With just 2 GB of data per month, the free version of TunnelBear isn’t a set-and-forget option. Most online activities don’t take much bandwidth, but hefty email attachments or an OS update will burn through your data in minutes.

That said, we were surprised to find that we were able to stream all of Star Trek VI: The Undiscovered Country while testing Windscribe’s 2 GB free subscription and still had data left for 20 minutes of Star Trek II: The Wrath of Khan. You might be able to get similar results with TunnelBear’s free account.

Security experts caution most people to be wary of free software and services, and that warning especially holds true for VPNs. At best, most free VPNs are painfully limited previews of better products. At worst, they’re outright malicious or at least lacking a serious commitment to customer privacy. Proton VPN is the exception: It offers one of the very few free subscription options that place no restrictions on data usage, and it’s backed by a reliable company.

Proton has a track record for trustworthiness. The company lists its leadership publicly, issues transparency reports, and offers a bug-bounty program. Its most recent third-party audits are from 2025 and confirm that the company complies with its policies to not log customer data.

The company came under scrutiny in 2021 when it was revealed that Swiss authorities had compelled the company to record and provide the IP address of a suspect who used its encrypted email service, Proton Mail. The company clarified that its VPN customers could not be subject to a similar order.

You can use its free version all day, forever. Many other VPNs with free subscription options — including Bitdefender, TunnelBear, and Windscribe — limit how much data you can use. Proton VPN places no such restriction on its free users; you can stream, browse, and download as much as you like without paying anything. Proton’s free subscription is the only trustworthy free VPN that we could see working well in regular use. But there are significant drawbacks, which we talk about below.

It’s an all-around good VPN. Proton VPN supports the WireGuard VPN protocol across all its apps, along with multi-hop connections (called SecureCore) and access to Tor via VPN. It also supports split tunneling in every app except the iOS version. Proton VPN’s collection of server locations is also quite large, covering 122 countries.

An annual subscription costs $80 a year, which is only a bit more than what you pay for our favorites. Paying for Proton VPN allows access to all of its servers, raises the device limit to 10, and grants access to advanced features such as multi-hop connections and split tunneling.

Flaws but not dealbreakers

Its apps are a bit crowded. We like the breadth of tools that Proton VPN provides, but they’re not always presented well in the company’s apps. We also noticed that Proton’s apps don’t have a consistent design across platforms, which Mullvad and TunnelBear do.

Free subscribers face new limitations. Proton VPN no longer allows free subscribers to select server locations. Instead, the app chooses for you, and it may not be the best choice. In our testing, we were connected to the Netherlands as often as to the US.

If you want to change servers, you have to wait until a countdown clock finishes. It’s usually less than a minute, but we’ve seen wait times over 20 minutes. And that’s in addition to free accounts’ being barred from connecting more than one device at a time and from using advanced features such as multi-hop connections. Free subscribers also are limited to customer support by email; it took us about 24 hours to receive a response to our question.

If you need a free VPN to connect to a specific location, and you can keep your data usage down, consider TunnelBear. But even with its new annoyances, Proton’s free subscription is the only trustworthy free VPN that you can use every day.

Performance with a free subscription is fine — mostly. By limiting the servers that free subscribers can access, Proton corrals many people into a small number of servers. This practice divides each server’s bandwidth among more people, potentially impacting performance.

In our speed testing, we saw download speeds plummet from a brisk 360-some megabits per second to just 2.4 Mbps. So although poor performance isn’t guaranteed, we think it’s fair to say that the experience is unpredictable.

If you need a VPN just for traveling: Like Mullvad, IVPN uses a password-free account-number system that protects customer privacy. IVPN also accepts cash payments sent by mail. The company has established a good track record with third-party audits and transparency reports. Customer service is prompt, too: We received an emailed reply within 12 minutes.

Where Mullvad and IVPN differ is in their pricing, as IVPN is significantly more expensive at $10 a month or $100 per year for IVPN Pro. But it’s also much more flexible in that regard: If you can live with a two-device limit and fewer features, the price drops to $6 per month or $60 per year for its IVPN Standard plan. If you can’t afford that, or if you need a VPN for just a little while, weekly subscriptions cost $2 for the Standard tier or $4 for Pro. That flexibility and the company’s commitment to privacy make IVPN a great choice for travelers who want a VPN only for the duration of their trip.

You can do a few things to protect yourself online that we think can have a bigger impact than using a VPN alone.

Use a password manager. Using a weak password is an invitation for an attacker to take control of your account, and reusing passwords across multiple accounts is an invitation to do the same to more accounts. A password manager can generate unique and complex passwords for every site and service you use and then automatically fill in those passwords for you. We recommend 1Password or Bitwarden. Most web browsers also have serviceable password managers built in.

Enable two-factor authentication wherever it’s available. When you log in with 2FA, you take an additional action along with entering your password, such as entering a code generated in a 2FA mobile app or plugging in a security key. With 2FA enabled, even if someone has your password, they can’t take control of your protected accounts.

Use an ad- or tracker-blocker in your browser. Using an ad- or tracker-blocker such as the EFF’s Privacy Badger, or even the tools built into some web browsers, makes it harder for trackers to follow you online, and you may see fewer ads too. Ads can be a way for malware to spread (via a practice called malvertising), so limiting your exposure can improve your security as well. Many VPNs offer ad and tracker blocking, but using a browser plugin allows you to choose what to block.

Check URLs and pay attention to your browser’s warnings. Most browsers have built-in tools for identifying dangerous phishing sites. When your browser alerts you, pay attention to it. Phishing sites can be hard to spot, and some don’t last long enough to be blocked, so be sure to examine the URL in the address bar; if it seems unusual, don’t proceed.

Ensure that your software and operating systems are up-to-date. Keeping your software current ensures that you’re not exposed to any recently patched vulnerabilities.

Consider antivirus protection. Antivirus software can serve as a useful safety net if you fail to spot a malicious link, or if a new security threat emerges that OS makers have yet to patch. Windows Defender, which is free and included with all modern Windows computers, does a good job of protecting against threats.

To understand whether you need a VPN or in what circumstances you may use one, it’s important to understand what a VPN can’t do.

Using a VPN can expose you to other risks. Every expert we spoke with stressed that when you use a VPN, you move the risk of having your data surveilled from your ISP to the VPN company itself. For this guide, we looked only at VPNs that made some effort to prove that they would not surveil or sell customer data.

A VPN can’t protect you from hackers. Online thieves use the most direct route they can: phishing sites, phone scams, and email spam. VPNs can mitigate some of those risks, but they cannot guard against all of them entirely.

A work-issued VPN doesn’t hide your activities from your boss. Many companies provide VPNs so that employees can access corporate resources remotely. When you’re connected to a work-issued VPN, your employer can see all of your internet activity.

A VPN cannot make you invisible or completely anonymous online. A VPN can prevent your ISP and others from closely monitoring your web traffic, and it can change your visible IP address, but there are other ways to track you online, such as digital fingerprinting.

A VPN encrypts your information only as the data moves around the web. Separately, encryption in other programs can protect the files on your computer and the messages you send from your phone.

VPNs aren’t invulnerable. Like any technology, VPNs may contain vulnerabilities. The TunnelVision attack outlined by researchers in 2024 is one example. That’s why we prefer VPNs that have a bug-bounty or disclosure program to help developers identify and fix potential problems.

Every device you own that connects to the internet and every site you visit has an IP address to send and receive information. When you’re using a VPN, your computer’s true IP address is hidden behind the VPN server’s address. That’s handy for obscuring your identity, but because IP addresses are distributed geographically, changing your IP address makes it appear as if you are browsing the web from somewhere else.

Some people take advantage of a VPN’s location-spoofing abilities to try to access content — such as streaming video — accessible only in certain countries. If that’s your goal, be aware that doing so can be against the streaming company’s terms of service. There’s also no guarantee that a VPN that lets you access, say, UK Netflix from Chicago will keep working into the future. We view VPNs as a privacy tool first, so we don’t test to see how they perform in unlocking region-restricted content.

Also, there are limitations to how well a VPN can spoof your location. For example, a mobile app may find your location by using your phone’s GPS function or comparing nearby Wi-Fi networks against a list of known networks. A VPN is usually good enough for location spoofing, but don’t be surprised if it doesn’t always work as you may intend.

HTTPS uses encryption to secure some of your web browsing. You can tell when you’re connected to a site with HTTPS because you’ll see those letters in the URL of the website, and a padlock icon will appear in most browsers.

Because HTTPS connections are encrypted, the content of your activities isn’t visible to outside observers. The information you send — emails, credit card numbers, and so on — remains secure from prying eyes.

HTTPS also limits what your ISP can discern about your online activities. Your ISP will know, for instance, that you’re browsing the New York Times website, but not the specific pages that you view.

What a snooper sees when you’re browsing

HTTPS is far more common today than it was a few years ago. Let’s Encrypt, an organization that has helped spread the technology, reports that 96% of websites visited by Firefox users in the US use HTTPS. In fact, Firefox doesn’t load sites without HTTPS by default. That said, HTTPS is still comparatively lower in different parts of the world, making VPNs potentially more valuable to travelers.

Using a VPN does hide more than using HTTPS. Online observers and your ISP can’t even see the sites that you’re visiting, since your connection is encrypted by the VPN.

Instead of routing your connection through a single server, as a VPN does, or even two servers, as a VPN with multi-hop does, Tor routes your connection through several intermediary nodes, making it much harder for online snoops to track you online.

Tor is designed to limit what each node can see. For example, Node A knows that your data came from your machine and is heading to Node B but doesn’t know where your data will exit or where it goes after that.

Using Tor can also grant you access to special sites that are normally inaccessible. Whenever you hear about the dark web, it’s usually referring to one of these Tor-only sites. Some hidden sites have a deservedly bad reputation, serving as online black markets for weapons and child sexual abuse material. But others are simply designed to be accessed securely and anonymously. For example, from 2017 to 2025, The New York Times maintained a Tor-accessible site.

Using Tor has major drawbacks. Because your online traffic takes such a circuitous trip, you browse the web far more slowly than on most VPNs. Also, Tor is far from perfect; exotic attacks can correlate online activities to Tor users, and people have long brought up concerns about Tor nodes being secretly taken over by nefarious entities for surveillance purposes. You still need to be mindful when using Tor and to take precautions such as sticking to HTTPS websites.

For most day-to-day activities, using Tor does not make sense. But if you’re greatly concerned about any kind of internet surveillance, it’s a useful and free tool to have at your disposal.

Better known for its antivirus products, Bitdefender Premium VPN costs a compelling $7 per month or $70 per year. If you let the free trial expire, you can continue using a limited version of Bitdefender’s VPN with a data limit of 200 MB per day. That’s probably not enough data for most people, however.

The Brave browser can also double as a VPN, similar to the VPN option offered by the Opera browser that we evaluated previously. Unlike Opera, Brave doesn’t offer a free version of its VPN. Although Brave’s monthly plan is only $10, its annual plan tops $100. Our picks offer more for less, and we don’t love the idea of needing to use a particular browser to control your VPN.

Alternate search engine DuckDuckGo Privacy Pro offers a VPN alongside a data-removal service and other privacy tools for $10 a month or $100 a year. That pricing makes sense for a bundle of services you want, but it’s a lot to ask if you want only a VPN. Like Brave and Opera, it also requires you to use its browser to access VPN features. We also looked at DuckDuckGo Privacy Pro’s data-removal service in our guide to those products.

Hide.me VPN costs $10 per month but only $55 per year. It also is one of the very few VPNs that don’t place a data limit on its free subscribers, which puts it in tight competition with Proton VPN. However, we weren’t impressed with the design of its apps, which we found confusing.

Mozilla VPN is from the nonprofit behind the Firefox browser but uses Mullvad’s infrastructure. Those are both points in its favor, but it’s hard to recommend because it costs $10 per month—nearly double Mullvad’s price. However, it’s a good app, and it offers an opportunity to support a company with a deep history of promoting a free internet.

NordVPN is perhaps the most well-known VPN service, and it has grown enormously to now include a password manager, secure file storage, and numerous other services. It has a large network of VPN servers, and it includes advanced features such as multi-hop connections and access to Tor via VPN. Its unique Meshnet tool lets you route your traffic between your own devices (or a trusted friend’s devices) and send files securely. But NordVPN is expensive at $13 per month, and the average person probably doesn’t need NordVPN’s slew of advanced features. The company belatedly acknowledged a 2018 security incident and has made public commitments toward better security and transparency.

Norton Secure VPN was a refreshing surprise. The company has clearly invested in its apps, which worked smoothly in our tests and have been redesigned with a bold and cohesive style. Norton Secure VPN also performed well in our speed testing. Without a monthly-subscription option it’s a steep up-front cost that renews at $80 per year.

NymVPN is by far the most unusual service we’ve tested. It offers two modes: multi-hop connections that use two VPN servers or a Tor-like mixnet option that’s intended to defeat exotic attacks that try to match you to online activities. Although its annual plan is very affordable, its mixnet option was extremely slow, and we have concerns about its first round of audit results. We’ll check back on this one after it has had some time to mature.

Surfshark is owned by the same company as NordVPN but operates independently. It offers servers in about 100 countries, allows unlimited simultaneous connections, and has a highly polished family of apps. It’s also one of the most expensive VPNs, at over $15 per month, and it’s increasingly leaning on upselling a collection of other privacy features — such as the Incogni data-removal service — that go beyond what most people need from a VPN.

ExpressVPN releases frequent audits and has colorful, retro-styled apps. It also ranks among the most expensive VPNs we looked at, costing $13 per month for its Basic plan, with an annual fee of $100. ExpressVPN — along with Private Internet Access and CyberGhost — is owned by Kape, which used to be called Crossrider and previously supplied technology that was used in adware. In 2024, a representative for ExpressVPN told us, “Crossrider was a cross-platform development platform for browser extensions, that was unfortunately abused by third-party developers and misattributed to Crossrider (even though there’s no direct involvement on Crossrider’s part in the creation of adware/malware).”

Windscribe has a devoted following, and it's easy to see why. It’s affordable at $9 per month, $69 per year, or as little as $3 per month if you use the service’s custom plan option. Its free subscription provides 2 GB of data per day or 10 GB if you verify your email address. We found it a little too quirky, however, and would like to see the company commit to annual third-party audits.

We also eliminated many other VPNs for not meeting our criteria or not meeting the standard of quality and value represented in our picks. This group included: 1.1.1.1 +WARP, Apple Private Relay, Astrill, Aura, Avast SecureLine VPN, AVG Secure VPN, Avira Phantom VPN, ClearVPN, Cryptostorm, CyberGhost, F-Secure VPN, Fastest VPN, FrootVPN, Goose VPN, HideIPVPN, HMA! VPN, Hola VPN, Hotspot Shield VPN, IPVanish, iTop VPN, McAfee Secure VPN, Njala, nVpn, OVPN, Perfect Privacy, personalVPN, Planet VPN, PrivadoVPN, Private Internet Access, PrivateVPN, PureVPN, Steganos Online Shield VPN, StrongVPN, TorGuard, TotalVPN, Trust.zone, Turbo VPN, Urban VPN, VPN Unlimited, VPN.AC, VPN.ht, VPNArea, VyprVPN, and Webroot Secure VPN.

This article was edited by Caitlin McGarry and Arthur Gies.

1. David Huerta, senior digital security trainer, Freedom of the Press Foundation, email and video interviews, August 13, 2025

2. Thorin Klosowski, security and privacy activist, Electronic Frontier Foundation, email interview, August 18, 2025

3. Rory Mir, associate director of community organizing, Electronic Frontier Foundation, video interview, April 22, 2024

4. Davi Ottenheimer, VP of trust and digital ethics, Inrupt, video interview, May 1, 2024