I made a spreadsheet comparing different open source VPN providers.
Part 2 here
Providers
Notes
- Please do not start a flame war about Proton.
- Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
- The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
- IVPN has two differing plans, which is why “Standard” and “Pro” are sometimes differentiated.
- For accounts, “Generated” means a random identifier is created for you to act as your account, “Required” means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
- Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
- All prices are in United States Dollars. Tax is not included.
- Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
- The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
- The Proton VPN Flatpak is unofficial, but based on the official code.
- Availability on secureblue is based on the
ujust install-vpncommand. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages. - I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.
Takeaways
- NymVPN is very very new, but it’s off to a strong start. It wins in almost every category. I actually hadn’t heard of it until I started this project.
- If you want a free VPN, Proton VPN is the only one here that meets that requirement.
- If you want to pay week-by-week, IVPN is the only one that allows that.
- If you’re paying month-by-month on a budget, Mullvad VPN is the cheapest option.
- NymVPN is the cheapest plan for anything past 1 month.
- If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
- If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
- Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn’t even matter.
ProtonVPN has started to become blocked on tons of websites. I have to switch servers all the time, to the point I won’t be able to keep a VPN connection up like I used to.
I’ve read Mullvad has worsened as well. There seems to be a general ban on VPN use (there was always some of course)
My last hope: non profits who offer VPN. They keep logs, don’t allow torrenting, and require a real name to subscribe. Very few server choices, if any.
I’m… fine with that. I just want privacy. No surveillance. And I trust the non profit. Plus I torrent on a VPS anyway
What I would like to see are local VPNs, with a small enough pool of users on each server to not get flagged. A rotation between servers from time to time. Compliant with the law of course (as long as the law doesn’t require total surveillance, evidently). The goal is to hide everyone’s activity from the providers and websites (yes, I know, fingerprinting)
But maybe there’s some other existing tool/service I’m not aware of?
Does using a VPS truly enhance safety while torrenting? Isn’t it still possible for downloads and uploads to be traced back to your identifiable IP address, especially considering that the VPS provider logs your IP and email details?
VPN on VPS (easy to do with gluetun)
Basically you use a container that’s a VPN connection and connect other containers to it.
Exactly this, the commenter above even mentioned they have a VPS already, what’s stopping them from (this is just an option) slapping tailscale on there, enabling it as an exit node and being done with it? Would literally take 5 minutes and suddenly your traffic is coming from a datacenter and not your home IP
Both comments are me. Configuring Tailscale (or Headscale?) is on my to-do.
To be clear, connecting to the VPS is not what I use for the anonymizing part, it’s the gluetun container that connects to ProtonVPN servers. This way I can still access my VPS with its real IP. Not sure if there was a confusion there.
Simply using my VPS as relay would still attach my browsing to a single IP I’m the sole user of… or not? I do not know how that works.
Thank you for clarifying. Does using a VPN on a VPS offer the same level of privacy as connecting a VPN container to a torrent container from a home connection? I’m curious about the advantages of using a VPS in this context.
No advantages privacy-wise, but it’s like a seedbox! I keep the torrent client running. Also I’m on a limited mobile data plan on my router at home, so this helps.
When I found out you could get a free 200GB VPS (look up free tier vps) - and because I had another paid VPS already anyway - I decided to make a seedbox. It’s not a ton of storage but it works really well, very happy with it.
AirVPN needs some spotlight.
Nymvpn seams great! I’ve never heard of it either. I just hope it stays around and gets a name for itself.
Same here… but I don’t know what I think about vpns that say around a long time. You can’t help but wonder that the reason they are still around is because they got co-opted.
This is great, thanks for sharing! You’ve got a few useful feedback points, let me add one more: does a provider have an onion address. This allows decoupling of payment from usage. Not a big thing, but good to know.
Great work!
+1 to add NordVPN
Why? They (used to) push disgustingly deceptive marketing and had an embarrassing server breach.
Is it even open source?
No, only some of their clients are.
Linux and the newly openwrt clients are, also their main low level lib (libtelio)… windows/macos are not though
Isn’t Mozilla VPN built on Mullvad? Also, why this instead of https://thatoneprivacysite.xyz/#detailed-vpn-comparison
Isn’t Mozilla VPN built on Mullvad?
Yes. That’s included in the comparison.
Also, why this instead of https://thatoneprivacysite.xyz/#detailed-vpn-comparison
They don’t include NymVPN.
No .ods file?
Soon :)
I plan to make a version 2.0 with some requested changes.
What about logging policies? Seems like that would be an important category to visit - which providers store logs or don’t etc. I’ve heard of some that use RAM-only logging that allegedly never gets stored on disk.
Even so, you never knowif they’re really no log. What guarantees that apart from a verbal promise?
Best way I know is to observe them being unable to comply with legal demands to supply data when they receive them. From what I’ve heard Mullvad has passed that test, but I’ve never tried to follow up and find details.
There is no guarantee unless you could personally audit their facilities and inspect what they did with your account etc. But I would still choose one that states they have a good policy versus one that says nothing on the subject.
Are any of these good options for port forwarding? I’m currently using PIA and I’d rather not.
Proton VPN supports port forwarding. IVPN and Mullvad VPN do not. Mozilla VPN and NymVPN don’t explicitly state whether or not they do from what I found, so I’m not sure.
Mozilla VPN is just mullvad so they do not
NymVPN doesn’t supports it. I asked their support. They have plans for the future.
If you are looking for reliable port forwarding consider Windscribe VPN.
I had the same dilemma after mullvad stopped allowing you to create port forwards. I switched to Proton which works fine but I’m curious what other options are out there. It can be hard to find the details about port forwarding, especially if it only works when using their app and not with openvpn/wireguard which is easier for running containers.
AirVPN lets you open 5 ports and allow p2p. Works with their app and openvpn/wireguard. I’ve been paying for it couple years now and I’m pretty happy with it
Yeah the spreadsheet is kind of useless without that information
I wouldn’t call it useless, for people who just use a vpn for privacy, for all I know the only main use case for port forwarding in a vpn is torrenting linux iso’s rather than genuine privacy measures.
That’s why I said kind of
Why not PIA? I was looking into it for port forwarding
It’s owned by an Israeli spyware company.
Of course 😔
Oh boy, seems I missed something again. What’s wrong with PIA? I’ve been using them forever.
Oh, you know, the usual. Bought out by an Israeli spyware company.
Okay, what exactly are the benefits of a VPN for the average user (non-corporate), besides pretending to be somewhere else?
Would Nym work with Glueten? It seems bewz so its not listed on their github but it supports wireguard so maybe it does.
As long as you can generate a wireguard config that works, for example, on your desktop/main pc with wireguard directly, then Gluetun should have no issue (as far as im aware).
Gluetun specific provider support is usually just there to get setup faster (I think so it can automatically get configs for certain countries, etc).
I have never heard of NymVPN
Most people haven’t, till they have.
no love for windscribe? :(
CEO is a jackass but the product is fantastic and has a great free tier, although P2P/torrenting was removed from the free tier unfortunately I believe
CEO is a jackass but the product is fantastic
evergreen
Nice comparison. Thanks for sharing! Any reason NordVPN was excluded?
It isn’t open source.
However, their client software for Linux at least is:
Those are clients/for clients tho.
Server is proprietary closed-sauce.
I wonder which VPNs of the ones listed open sourced their backend/server side?
edit: Neither Mullvad or Proton have…
Wow, Nym’s payment model past month-to-month looks good. I don’t really need port forwarding, so the advantage I see they have over Mullvad is the decentralized nature of their servers. Mullvad does have multi-hop but it goes through Mullvad owned or rented servers. Does anyone know if Nym really does use servers that aren’t leased/rented by them for decentralization? Otherwise, they are no different from Mullvad and only the payment model is better.
Nym pays users to be a relay as far as I know. There are 5 relays or 2 relays with your preference (depends on the speed and security you want). Maybe they own some servers that I don’t know but their encryption techniques are quite advanced. There are articles on their websites that they cannot log anything.
