Looking for vpn recommendations
March 11, 2022 4:11 PM   Subscribe

I’m in the U.S. and would like to use a vpn to access international tennis streams. In the past I’ve used ExpressVPN but I guess they got purchased by some sketchy company and we shouldn’t use use them now? So curious what people would recommend as a replacement.

I feel like all the googling I do around this leads to discussions/arguments among clearly very tech savvy individuals, who make it sound like using most vpns will lead to some type of ruin and there’s only ONE good one out there. But then everyone disagrees on what that specific good one is.

I just … want to watch tennis. I’m not using the vpn for privacy purposes, though I also don’t want to sign up for something that will expose me to malware or something like that. So I care about privacy/security to that extent. And it needs to be something I can just sign up for and use on my laptop and phone. I saw an old post recommending that someone build their own vpn in GitHub and I have only the vaguest awareness of what that is, to give you an idea of my level of tech knowledge.

I’m seeing Mullvad recommended, and NordVPN. Are those ok? Should I look at something else?
posted by imalaowai to Technology (21 answers total) 10 users marked this as a favorite
NordVPN has had a couple security breaches (Wikipedia link) but I've been using them for years with zero issues at all. No complaints; would recommend. I don't think it's possible to be perfectly squeaky clean in the VPN business; the business exists because for the most part (not all obviously) its customers are trying to do things others don't want them to do.
posted by cgg at 4:22 PM on March 11 [2 favorites]

I've used Torguard for years, it's cheap if you buy 6 or 12 mo and scout around for a half-off coupon code.
posted by lloquat at 4:25 PM on March 11

i use Mullvad and they are 100% not sketchy at all. they are pure privacy advocates at heart. also they do not advertise all over porn sites and torrent sites like NordVPN and other VPNs do, so you aren't having to support and validate a scummy ad spend.

that said, i've never tried to use it for overseas-teevees so i can't say how well or badly it works for that.
posted by glonous keming at 4:40 PM on March 11 [3 favorites]

I’m a big fan of Proton VPN. Very much not sketchy, affordable, and easy to use.
posted by neushoorn at 4:54 PM on March 11 [3 favorites]

Seconding Mullvad. I switched to them after private internet access (PIA) was purchased by a shady company and have no complaints.
posted by phil at 5:02 PM on March 11

I use an extension called Free VPN for Chrome so I can look at some US sites that are blocked in the UK (due to our stupidly restrictive Data Protection legislation), e.g. Food Network, or local news sites. There's a paid version, but the free one allows users to select from various servers around the world. Every now and then it'll prompt you to sign up for the paid one, but it works fine on the free version.
posted by essexjan at 5:10 PM on March 11

I also use Proton, and have used it to watch stuff from all over. The account I have will let me use it on my mobile, but I haven't yet.

It came recommended from some people in IT security at my firm, not that that should sway you.
posted by Gorgik at 5:11 PM on March 11

Best answer: I did a lot of VPN research and settled on ProtonVPN. It and Mullvad are the least shady of the options out there (they're not shady at all). I tried both and stuck with ProtonVPN because it has more server options and is detected by fewer streaming services (most streaming services employ some kind of VPN detection and not all VPNs are equally good at evading those measures).

Most free VPN options are shady and I would not use them.
posted by Anonymous at 5:52 PM on March 11

I've been using Mullvad for a few years. I like it.
posted by ToddBurson at 7:30 PM on March 11

Mozilla sells one. (Caveat: I work there.)
posted by mhoye at 8:31 PM on March 11 [2 favorites]

15 years of information security experience here. It’s really very simple: don’t use a VPN, any VPN, for anything sensitive. It’s less secure than just going about your business on the internet without one.

There are two exceptions:

1. You just want to get around region blocking — this is you! In that case it literally doesn’t matter, use whatever you want. Just remember to turn it off when the match is over.

2. It’s a corporate VPN, run by your employer. If they’re competent this is safe, but they may not be so only use it for work.

That’s it. All the other debate here is a mix of marketing, misunderstanding, outdated information, and outright lies. Don’t use a VPN unless your company tells you to, or to watch tennis.
posted by dorothy hawk at 9:03 PM on March 11 [2 favorites]

Mullvad! (I think the one Mozilla sells is rebranded Mullvad)
posted by anadem at 9:14 PM on March 11

very tech savvy individuals, who make it sound like using most vpns will lead to some type of ruin

15 years of information security experience here. It’s really very simple: don’t use a VPN, any VPN, for anything sensitive

The main thing to grasp about IT security is that it's really really easy to get lulled into a false sense of it unless you have a clear understanding of the threats you're trying to secure yourself against. Security is not and never will be something that anybody ever has in any absolute sense. It's not a product you can buy, but it is an attitude you can learn.

The central questions to keep in mind at all times are these: who exactly am I attempting to keep my information away from, what are the consequences of failing to do so, and how much will my adversary need to spend in order to obtain the information I'm trying to hide?

Any encrypted connection between two internet-connected machines, assuming only that the encryption is being done by some modern method as strong as TLS, is designed to prevent any entity other than those two machines from having any access to the actual content of the messages being exchanged over that connection. If you're browsing a website via HTTPS, you can be reasonably confident that nobody but you and the site operator can intercept or tamper with the data you're exchanging with it.

Metadata, though, is different. If I browse to PornHub, the HTTPS connection I make with it means that nobody but me and PornHub can see what exact content I'm viewing there, but my ISP can see and will routinely record the fact that my house or my phone connected to PornHub on such and such a date at such and such a time and downloaded so and so quantity of data from there. And since it's my internet service making the connection, PornHub itself will have that metadata as well.

What a VPN is for - aside from the side effect of wrapping all your traffic in a strong encrypted connection to snoop- and tamper-proof it on its way in and out of your endpoint - is obfuscating metadata. If I were browsing PornHub via a VPN, then my ISP would see only that my house made an encrypted connection to a VPN service's entry node, and PornHub would see only a connection coming from the VPN service's exit node. You can think of the VPN as working much like a very long cable running directly between your computer and the VPN exit node.

The only entity capable of knowing that it's actually my computer connecting to PornHub over the VPN, in this case, is the VPN service provider. Basically, what you do when you use a VPN is take pretty much all the data monitoring powers that your ISP currently has away from the ISP and give them to the VPN service provider instead. You also make it seem, from the point of view of anybody outside the VPN, that the VPN service provider is your Internet service provider.

If the exit node at the far end of your long virtual cable is in a different country from you, that last part is what works around geoblocking - though, as noted above, increasing numbers of streaming services have started to treat known VPN exit nodes as an unauthorized "country" in and of themselves.

Using a VPN can also be a net security win, if your VPN service provider is more trustworthy than your ISP. This could easily be the case if, for example, your VPN service provider is Mullvad and your current ISP is some random public wifi hotspot operator. But if you're using some random freebie VPN service, especially one that requires you to install their software on your endpoint device, the risk analysis would almost certainly tip the other way.

1. You just want to get around region blocking — this is you! In that case it literally doesn’t matter, use whatever you want. Just remember to turn it off when the match is over.

I'd mostly agree, as long as "whatever you want" is a VPN service provider that offers you configuration details for the VPN support that's already built into whatever device you have at your end and doesn't actually require you to install any of their software before being able to use their service. Because it doesn't matter how good the encryption between endpoints is if your endpoint has been compromised by some dodgy operator's spyware-disguised-as-a-vpn app whose installer you've given administrative permission to do whatever the hell it wants.

Short answer: Mullvad, via the WireGuard VPN protocol if your endpoint supports it or OpenVPN otherwise (last time I looked, Mullvad offers both).
posted by flabdablet at 11:09 PM on March 11 [5 favorites]

Nice words, flabdablet. I talk about the VPN tunnel because that's what people really want, putting a computer in a foreign country inside a virtual computer network to pretend to be in that country and having the tunnel hide your metadata.

In the past I've advocated for rolling your own tunnel to a rented computer in a cloud computing company. You give the cloud company your credit card, they bill you by the second and you run a script to create the virtual machine that joins your virtual private neywork when you use another script to start the encrypted tunnel -- but it's $$$ to stream video through that tunnel. A provider like Nord, mullvad, Proton and TorGuard will be cheaper.
posted by k3ninho at 11:24 PM on March 11

rolling your own tunnel to a rented computer in a cloud computing company

I recently started renting the cheapest available seedbox from ultra.cc, which costs €53.46 per year and comes with OpenVPN support included. I haven't actually used the VPN but every other connection I've made to my seedbox has absolute buckets of bandwidth so I have no doubt it would easily work well enough for heavy duty streaming.

Renting your own endpoint could be an anonymity win if having VPN endpoints blocked by the services you're trying to connect to is an issue, but the beauty of the specialist VPN providers is that they all run multiple exit nodes all over the world and make it very easy to switch between them. You're not tied down to having your exit node in whichever country the cloud box you're renting happens to be.

Some of the cloud computing providers do give you some choices about where to instantiate what you're renting, but that choice is usually nowhere near as wide as what's provided by outfits most of whose business rests on working around geoblocking. It's also very rare to find a cloud computing provider that offers non-logging and payment privacy guarantees as explicit as Mullvad's.
posted by flabdablet at 12:10 AM on March 12

posted by lecorbeau at 3:01 AM on March 12

Malwarebytes offers a VPN. Probably not the cheapest. I went for it mostly because they are a vendor I already deal with which made it an iota simpler.
posted by SemiSalt at 5:41 AM on March 12

From a complete ignoramus' point of view, I've been with NordVPN for a while and have a few minor issues, but none serious enough to walk away from a stupidly cheap account that I think runs to the end of 2023.

  • their nodes seem to be "known" and blocked by various providers haphazardly. They're good for doing "keep my stuff private" activity but routinely blocked by international streaming services (so trying to access, say, US Netflix from Canada is a no-go).
  • similarly, other sites will block their nodes periodically; Canada Computers seems to be very up on this.
  • they really, really, really want to push their other things like their password service to a degree I find aggravating
  • they require you to install software on your computer, and you have to log in via the web to log into their software. I don't know much about that stuff but it seems sort of dumb.
  • any requests for support with the node-blocked issues have been worse than pointless and active wastes of my time; basically it's the not-really-support script of telling you to reinstall multiple times, then tons of busywork until you drop the ticket.
I think I trust them, and I'm not doing anything so nefarious that if they sold all their data to the FBI or whatever it would really affect me. They're also stupid cheap if you pick up a multi-year sale. But I would not recommend if you can spend a little more and like one of the options presented above that seem more robust.
posted by Shepherd at 6:22 AM on March 12 [1 favorite]

They're good for doing "keep my stuff private" activity

Depends who you're trying to keep it private from. Personally I would have trouble trusting an organization that behaves the way you've described NordVPN behaving to protect my privacy better than a well-established ISP would do.

When what I care about is keeping both my data and metadata secret from just about any conceivable attacker, I have way more confidence in the Tor Browser than any commercial VPN, Mullvad included. Tor is about as close to perfect privacy as the Internet can achieve.

Sometimes Tor even works for downloading video content in the face of geoblocking, as long as I have the patience to keep trying new Tor circuits until the exit node ends up in the right country by accident. Not so good for streaming though, mainly because volunteer-run Tor nodes often have pretty mediocre bandwidth. Also because consuming video-sized chunks of bandwidth on a largely volunteer-run service whose justification for existing is protecting the citizens of oppressive regimes from their own governments feels kind of petty and selfish.
posted by flabdablet at 8:20 AM on March 12

Also, just reiterating that actually perfect Internet security is a unicorn: Attacks on Tor
posted by flabdablet at 8:34 AM on March 12

Response by poster: Thanks everyone! I'm trying out Proton. So far it seems to do the job!
posted by imalaowai at 8:28 PM on March 13

« Older how to bay area apartment search from a distance...   |   What interesting stuff can I do in D.C. on a... Newer »

You are not logged in, either login or create an account to post comments