Which VPN Should You Choose? (It Depends!)

A special thanks to Echo at https://scary.rocks/, who helped with a lot of the research for this post.

In the past, you may have heard that not everyone needs a VPN. This is often used as a criticism of VPNs who advertise via YouTube sponsorships, as their scripts massively overstate the security risks of common use cases.

Unfortunately, this is no longer true. In this age of censhorship and mass surveillance, everyone should be using a VPN. This post will walk you through why you need a VPN, the best option for your use case, and other steps you can take to promote online privacy and safety.

What is a VPN, in simple terms?

VPN stands for "virtual private network". It's a service you can use to gain extra assurance that when you're connected to the internet, only you and the site you're visiting are aware of what you're doing. It's not foolproof, but it's an important tool nonetheless.

If you're not using a VPN, chances are there aren't any nosy criminals spying on what you're doing, because there are other measures in place to protect you from that, but it's not unlikely that your internet or cellular data providers are limiting your internet speed based on the content you're accessing.

The Most Common Use Case

VPNs have many use cases beyond being just a security measure on public networks. One of the most popular use cases is circumventing location-based restrictions. VPNs let you appear as if you're connecting to the internet from somewhere else, and for many years now, average consumers have been using them to access geo-locked content on streaming services such as Netflix and Prime Video.

I don't do that, so why do I need a VPN?

Today, many governments, the UK fast moving among them, are attempting to build surveillance states. They want to regulate what you're allowed to see online, watch what you do on the internet, and access your private files and communications.

You may be thinking to yourself, "why should I care?". The answer is because you have something to hide. You may not be a criminal, in fact, you may have no qualms with sharing all your photos and messages with the whole world - but there's much more sensitive data than that at risk. Imagine if someone got hold if your ID or bank information, which you've almost certainly used online at least once. The measures governments are implementing to control and monitor their citizens can be exploited by non-government entities too, putting you at higher risk of being stalked, blackmailed, extorted, defrauded, becoming a victim of identity theft, or being falsely accused of and even prosecuted for a cyber-crime.

Beyond that, it's important to know that you're able to expose yourself to a diverse range of opinions. You might not even notice if a regime begins to prohibit content that expresses dissenting opinions, as is the case in countries such as Russia and China. If you wish to express a dissenting opinion yourself, even in a "private" online space, you should want to be secure in the fact that doing so does not put you at risk of retaliation from your government. Even if you trust and agree with your current government, would you be comfortable giving the same power to the next one?

It's clear that maintaining access to what you can, and keeping your data out of government hands, is more important than ever. You, dear reader, and everyone you know, has something to hide, something to fear, and something to lose. Here's how to hide what you need to.

When should I use a VPN?

To avoid surveillance, you should be using a VPN all the time. If you encounter a service that absolutely requires you to disable your VPN (or at least change it to a country that won't respect your privacy), consider using "split tunnelling" to allow just one app through, since you can't be sure what other apps are transmitting in the background. Remember that different browser windows usually don't count as different apps.

There's no need to worry about data caps - VPNs have an extremely small overhead, and any reputable VPN provider won't impose data caps in using their service, except in the most extreme of cases (with multiple devices constantly using full bandwidth).

You paid for the whole connection, so you may as well use it.

Where do VPNs fall short?

VPNs aren't a foolproof solution. Anyone with access to your traffic can use deep packet inspection, a strategy commonly used for security that can be perverted into a method of guessing the contents of encrypted traffic.

A provider or government who doesn't want you to use a VPN can prevent you from connecting to IP addresses known to belong to VPN providers, block traffic bound for ports commonly used by VPNs, or block traffic with known VPNs' security certificates. Alternatively, providers can ascertain use of a VPN by observing patterns indicative of VPN protocols.

Best VPN for anti-geolock: NordVPN

Unless you've been using SponsorBlock for a very long time, you've probably heard about Nord. They have servers in 164 locations (with varying feature sets), meaning you can access content from just about anywhere in the world. Nord is probably the best option for the average consumer, who wants to be sure they have access to a variety of content, and somewhat conscious of separating in-person and online identities.

We advise opting for the baseic plan. The additional ad-blocking and anti-malware functionality are better serviced by the free browser extension uBlock origin, and their online password manager service is a priority target for hackers.

Their monthly pricing is £11.36, but can become as low as £3.84 if you opt for a longer contract. They also have a 30 day moneyback guarantee.

Note: Potential customers should be advised that Nord has faced criticism and lawsuits for deceptive auto-renewal practices, which I (Posh) have personally been affected by. To their credit, Nord resolved my issue very promptly. but make sure to be aware of your plan. They have also faced criticism for high price hikes and massively overstating the risks of using public networks in their advertising.

Best VPN for privacy: Mullvad

Mullvad is a Sweden-based provider known for their focus on privacy. They accept payments of mail-in cash and Monero (an anonymous online currency) as well as regular cards and payment providers, so users have the option to be completely anonymous.

Mullvad are incredibly transparent. All of their code is available to read online, so you know exactly what your device is doing. They're audited by impartial third parties who verify their strict no-logs policies, meaning that Mullvad aren't recording what you do online. They offer such advanced features as quantum-resistant tunnels and Defense Against AI-guided Traffic Analysis (DAITA) for the most privacy-conscious of users.

Their monthly pricing (the only and therefore most cost-effective option) is just £4.37/month for 5 devices.

Best VPN for torrenting: AirVPN

AirVPN describes itself as "An OpenVPN and WireGuard based VPN operated by activists in defense of net neutrality, privacy and against censorship". Not only do they make an explicit point of allowing all protocols, you can reserve a port such that you don't have to update your bittorrent client every time your connection changes.

While it's important to note that torrenting itself is not inherently illegal (P2P is not a crime!), those using the protocol to facilitate the transfer of sensitive data may like to know that AirVPN also boasts some strong privacy features for those worried about surveillance.

AirVPN is Echo's VPN of choice. If you choose to buy a plan, please consider using our affiliate link. We'll earn a commission of 20%, at no extra cost to you. Monthly pricing is £6.12, and can go as low as £2.40.

Shopping around? Here's what to avoid.

While this list contains some recommendations, it's always important to do your own research to get a holistic and up-to-date view of your options. No matter where or when you look, this timeless advice should help guide you to making a good choice.

There's an adage that says, "if the product is free, you are the product". In other words, if you're not paying for a service, the provider is making money by selling your personal data, often to shady companies who'll forward it to anyone who can pay and get breached by those who don't want to. Free VPNs are no different, and using one is arguably worse for your privacy than not using one at all.

Privacy-conscious readers should also consider privacy policies. Promises such as "no logs" are empty unless there's proof, so always look for providers who are audited and have their claims verified by impartial third parties. If you don't have time to read the whole policy, consider TOS;DR and Reject Convenience's Privacy Visualizer to get a quick overview.

Finally, consider who owns the service you're about to pay for. Do you trust them with your data? Are you OK giving them your money, considering their spending history? Vote with your wallet, and prefer supporting businesses who act in your best interests.

Additionally, privacy-conscious readers should avoid VPNs owned by Kape (formerly Crossrider). Kape owns a variety of VPN services including but not limited to PIA, CyberGhost, and ExpressVPN. This represents an increased security risk for all services they own and incentivises Kape to start selling data on top of the profits they get from subscriptions. You should also make sure you're not falling victim to the illusion of choice in other VPNs you consider. Kape has also been criticised for developing browser extension monetization tools which have been widely abused for malware distribution, anti-competitive behaviour in the VPN market, lack of transparency in ownership structure, and their ownership of VPN review site Webselense, which should not be regarded as a trustworthy source due to their conflict of interest.

What Else Can I Do?

A VPN isn't a fix-all solution. Anyone concerned for their privacy and/or access to information should look further into privacy-preserving tools while they can. Privacy-focused browsers and smart password management are a good place to start.

Those in the UK should write to their MPs to demand the repeal of the Online Safety Act, which enables the government to censor the internet and spy on every aspect of its citizens' digital lives. If you can't spare the time to write something yourself, consider copy-pasting this into an e-mail.

Readers in the European Union should visit fightchatcontrol.eu to learn how to contact their MEPs to express oppisition to a proposal that would put all your private communications in government hands.

Readers in other countries should keep up to date with the protections and proposals in their areas and contact their local representatives to express the importance of online privacy in a tone appropriate for their current situation.

Most of all, you should tell everyone who'll listen about the increasing risks of developing surveillance states. Help and encourage them to become educated about the importance preserving digital privacy and freedom, and the tools they can use to accomplish this in a world that tries to keep them uninformed and vulnerable.