Ask HN: Best paid VPN?

55 points by o_s_m ↗ HN
How safe and vetted is PrivateInternetAccess? Any other favorites?

63 comments

[ 2.8 ms ] story [ 147 ms ] thread
You've been flagged. please assume the party escort submission position
Why have I been "flagged?"
I think it was an attempt at humour, as in the fascist party ruling the country has now tagged you as a dissenter and will arrest you.

I suggest you get some hosting somewhere (location will depend on where you are, and where you're communicating too, and who you're worried about). Then install OpenVPN (requires custom clients) or configure IPSec (will work out of box on all OSes including Android/iOS).

You've been hell banned. After all YC is about making money, and guess who decides if you're allowed to make money in this country.
This is what I've done. Grab a $5/m VPS from Digital Ocean, which comes with 1TB of traffic, and install OpenVPN on it. Although if you're concerned about using a US company to hose the VPS you could pick any other company and have the same results.

edit: typo

I have a two-tier solution. Cheap VPS provider in the US that then chains to a a dedicated server from OVH which is hosted in Canada.

For sites that are US-only I have a web proxy running on the VPS provider and use Foxproxy to divert those sites through that proxy.

I don't really have any particular reason to do this other than being bored and making it annoying for anyone (hacker, government, etc) trying to peek at my traffic.

been using https://www.privateinternetaccess.com/ for a while. pretty sweet.
I don't know how to evaluate its trustworthiness, but I use PIA too and like it. Quite fast, servers in many countries, and support for L2TP (so you can use it in Android without a client -- though they provide one).
I operate on a basis that the effort required of me is somewhat proportional to the resources of a potential attacker, so I don't worry enormously about whether I'm keeping my traffic secure from the US government - given an adequate budget and a focus, they can conceivably monitor all inbound and outbound traffic from any commercial VPN provider's connection points. I advise non-technical people much the same way - it's easy to keep Susie Snoopy and the Casually Curious out, harder but not much so for someone targeting you for espionage or investigation (corporate or personal) and I just assume and advise that any kind of government investigation is going to get your info even if it's just by brute-forcing passwords.

On that basis of protecting against the casually snoopy and non-targeted monitoring, I use PIA - I can connect 3 devices to it at once (phone, tablet, laptop), I can use multiple exit points though I mostly haven't needed to, it's simple to use, inexpensive, and the technology they support seems to be at least up to standard. It's also been useful in a couple of cases where I wanted to test connections to a network from outside that network - tunneling my traffic out and letting it come back in is handy, and the international endpoints let you test functionality that restricts connections based on country of origin.

If you're using a small hosting provider you may also be able to do tunneling through them, but ask first - when I was using a Linux laptop and my phone was rooted, I was using SSH tunneling through my hosting company instead because my traffic levels were insignificant compared to my monthly traffic allocation. I could certainly do the same things again, but quite frankly I'd rather just pay the $40/year or so for a drop-in solution that I don't have to spend time dinking around with.

Plugging http://vpn.sh here - tons of locations and the price is right.
> 100GB Bandwidth

and no unlimited plan.

VPS on Hetzner + OpenVPN with HMAC firewall.

I think if you are using generic webhosting instead of pure VPN, then your traffic is less likely to be monitored/recorded in association to your credit card number.

I would second this recommendation, if you have the technical chops for it. Whilst it may seem like more work initially - your vpn will perform far better.

Many paid vpn providers limit you to ~1Mbps down, which may be impractical for some forms of browsing. By contrast, as your personal vpn's only client - you can reasonably expect to see speeds comparable to your own connection and (if you are in europe) only a minor drop in ping.

Furthermore, if you need to use the VPN on a network which blocks ports, running the vpn yourself allows you to edit the port upon which it accepts connections.

Lastly - Hetzner is provider without direct ties to the US/UK, which should afford you some security from drag-net surveillance etc... the Germans seem pretty upset about the whole US signals intel overreach debacle. A win from this perspective.

>> Hetzner is provider without direct ties to the US/UK

Which also makes them a bad choice if you're trying to watch US TV channels or something while you're visiting abroad.

True - I was making the assumption that the OP's desire for privacy was in light of all the recent security related press.

However if your suggestion is in line with their intent then the recommendation still stands, just use a provider like digital ocean and choose a datacenter location appropriate to your needs.

I run a vpn server on a $5 digital ocean vps. My isp throttle ftp connection, so it's very useful when I need to transfer files via ftp. I'd rather use sftp, but some of my clients use rackspace cloud sites (only support ftp and sshfs).

Also, I notice that if I use vpn when using 3g connection, I don't experienced many dropped connections anymore. Without vpn, if I open too many tcp connection, some connections would start to drop. Could it be that when using vpn, the mobile network sees my internet traffics as one socket connection to the vps? I probably need to learn how vpn works under the hood and not just take them for granted.

Another benefit is I can install mosh on the vps, and if I need to login via ssh to a remote server (that don't have mosh installed), I would login to my vps with mosh, and then proceed to login to the remote server via ssh. This (mostly) eliminates the annoying typing delay on ssh terminal.

I've tried quite a few and https://mullvad.net/en/ worked best for me. I'm getting 3.3 MB/s torrent downloads, low ping, stable connection. Plus they accept BitCoin and cash.
I like mine (cryptoseal.com) obviously, but I don't think there's a single best VPN for all uses right now. It really depends on how you want to use it:

1) Travel? Travel to China? -- then worry about what VPNs are blocked

2) Need strong anonymity against the US government? You're probably out of luck, but Tor might be a good technology to use for now. Really, you want something which is message-based, not streams, and can have mix-net style latency, not onion routing. Other than email (mixmaster/mixminion, both too small in deployment to be safe, now), you're out of luck. Stay tuned, though. (You also probably need more than just the network -- incognito mode, some kind of filtering proxy, etc.)

3) QoS/etc. evasion on e.g. Comcast for torrenting? I'd probably go with the torrentfreak recommendations. (http://torrentfreak.com/vpn-services-that-take-your-anonymit...) Generally I think a seedbox is a far better solution for torrenting than a VPN, though.

4) Great Mac support? That is GetCloak's focus.

5) Mobile? The PPTP/L2TP stuff built in is the best, although the security is weaker than SSL or IPsec VPNs.

6) Price? AnchorFree is free. The others range from (generally) $3-20/mo/user.

7) Need to tie in with your existing on-premises networks, AWS VPC, or support multiple clients, or do DLP, etc? That's what cryptoseal's business product tries to do, or you could use a conventional on-premises vpn hardware appliance from Juniper, Cisco, etc.

8) etc.

There isn't one best choice.

What about a recommendation for a secure and private vpn for usage on public networks. No illegal (torrenting) services needed.

Bonus that it also works well with mobile (android 4.1+).

i operate a VPN server in switzerland for me and a couple of friends; feel free to contact me via j8BILqZHb4MLSBFF@burnmoney.trillianpro.com (valid for 1 week; spambox.us) to work something out :)

no logging and quasi-unlimited traffic. it works on my iphone so i am assuming there should not be a problem with android...

I like and use Witopia.net. 70 USD p.a. w/ unlimited traffic and gateways in basically every region of the world.
* Create a Digital Ocean Droptlet

* ssh -D 8008 root@<ip>

* add localhost:8008 to your SOCKS Proxy

Now you've VPN equivalent with 1TB bandwidth for just $5/month

That is not necessarily a vpn equivalent - as a third party program would require something like proxifier (http://www.proxifier.com/) in order to forward all traffic over the proxy.
Yes. That is a good tool. That's why I said it is an equivalent. Not a VPN :)
With the degree to which the US government threatens, coerces, or infiltrates tech businesses, I don't have any real trust for any VPN service, whatsoever. I pay for one (proxpn - it was the only one that didn't seem completely shady at the time) and use it, but I certainly don't trust it.

Additionally, finding one is the first part. Being able to pay for it, is another, apparently. (I was paid up for awhile ahead of time with my service before the credit card companies stated they'd no longer process transactions paid to VPN services outside the US).

We've been committed to privacy in the form of a VPN service for quite sometime. The founders of PIA (including myself) were actively involved in the beginnings of Bitcoin and many related services surrounding it, and have since devoted all of our time to the proliferation of privacy.

We have the most servers of all paid VPN service providers and are committed to privacy. We also support many non-profit organizations, including EFF, Gnome, FFTF amongst others. We are also the hosts of BitcoinTalk.org, BlockExplorer.com, and proud sponsors of MoDaCo.com and MIUI.us.

Please do take advantage of an offer we have right now going on until the end of the weekend:

http://slickdeals.net/permadeal/101860/private-internet-acce...

Additionally, please feel free to read this interview: www.bestvpn.com/blog/7319/an-interview-with-private-internet-access-founder-andrew-lee/

Lastly, please feel free to checkout our blog for more: https://www.privateinternetaccess.com/blog

edit: And we don't log. Period. No sessions. No IPs. Nothing. Zilch, zero, nada.

I've been using PIA for a year now and it's been fast and easy to use. It works without a third party client on MacOS X and iOS which is awesome.
I used to be a PIA customer and I liked the idea that they do not log anything. However, the lack of a good third-party audits that support their claims, is something that I found weird. Is there a way you can prove that you do not log anything beyond just blog posts?
Great question - this is indeed an issue as it's difficult to prove to others that you are/aren't doing something which they cannot verify without gaining full access to all of your servers in their entirety.

However, our trust comes from the many years that we have operated this business in this fashion and the good faith of our users.

With that said, we have been in discussions with some well known privacy organizations regarding the setup of an auditing body that could verify these sort of things.

Thanks for your reply. When can we hear about those bodies or organizations? I am highly interested in that because that is one of the things that is keeping me away from PIA at this point.
(comment deleted)
Despite the unfortunate name, http://www.hidemyass.com has a pretty decent service.
heh. it's pretty catchy. quite like the name
Just don't think they'll ignore US subpoenas.
Not really. They log, and there have been anecdotes about people losing anonymity because of it. You are much better off with PIA or another product with stronger anonymity guarantees.

Ultimately, you never know if the guarantee is worth anything until it's tested, but there have been cases where HMA was tested, and failed.

The only reason not to roll your own VPN on some private server, is the lack of deniability. The dedicated IP of the server is tied directly to your name/credit card. A public VPN, while also tied to your banking info, usually acts as a NAT. Multiple clients exit the VPN given the same source IP address. If no logs are kept (as promised on most services), no one can (accurately) tie an IP address to your name. I personally use the BTGuard VPN for this reason.
(comment deleted)
Recommend https://www.privateinternetaccess.com/

Never had any problems and can report the bandwidth they give you is good. It's also quite cheap $40/year.

Had multiple issues including poor bandwidth with a prior VPN whose name i forgot. Was also accused of being an email spammer by prior VPN, which I'm not, lol. Got a refund after that...

Mine! I own and operate https://GetCloak.com/.

Cloak is a little different. Our unique features include: (1) zero configuration, (2) elegant VPN clients with first-to-market security features, like OverCloak^, and (3) tight integration between our clients and our global VPN network, to allow things like automatic lowest-latency selection of server endpoints.

Ask me anything you like!

^ OverCloak: silly name, great feature: https://www.getcloak.com/about/overcloak/

Some screenshots might have been nice - Can't even figure out whether it's an app or just a config enabler for the native VPN feature.
Actually the very first image on the home page slider shows you our apps and the devices they run on. On the Mac, it's a little menu bar icon that stays out of your way (and wraps OpenVPN under the hood.) On iOS, it's effectively a configurator.
A location picker right from the menu bar would be nice. VyprVPN does that (Not to say that it's a great app).
Right now it's in Preferences, under Transporter. But we do plan to add your favorite locations directly to the menu for easy access. Thanks!
I use https://hide.io/ and have 0 complaints. I'm always a keystroke away from being in 1 of 10 different countries: http://i.imgur.com/ijUu3y3.png

I've also heard great things about http://www.spotflux.com/. Spotflux is actually free to use until you want to bring the service to your mobile device. It also encrypts your traffic and filters for malware and ad-tracking.

vpntunnel is a pretty good service, and there are no logs.