~/tools/vpns

VPNs

last updated 2026-06-17 · 5 recommendations · what changed

A VPN does one thing: it moves trust from your internet provider to the VPN operator. That's genuinely useful on hostile networks, against ISP logging, and for shifting your apparent location, but it is not an invisibility cloak, whatever YouTube sponsorships say.

before you pick The VPN industry runs on fear marketing and affiliate money. Most "best VPN" lists are ranked by commission, not merit. This page has no affiliate links: these three are here because of audits, track records, and honest engineering. If a provider sponsors influencers heavily, ask yourself where that money comes from.

what actually matters

audited no-logs claims

Anyone can write "no logs" on a landing page. Independent audits, and better yet, real-world incidents handled transparently, are the proof.

anonymous payment

A VPN that knows your card number knows you. Cash, Monero, or vouchers keep the account unlinked from your identity, if your model needs that.

modern protocols

WireGuard (or well-implemented OpenVPN) with no proprietary mystery protocols. Bonus: multihop and obfuscation for hostile networks.

jurisdiction & ownership

Who owns the company, and which legal system can compel them? No VPN is above jurisdiction: transparent ownership beats a flag-of-convenience shell.

recommendations

Proton VPN

the default pick
🇨🇭 switzerlandaudited no-logswide networkreal free tierfree · ~€5/mo

Top-tier performance, an independently audited no-logs policy, a wide server network, and the practical kicker: bundling with Proton Mail at a meaningful discount. The suite deal is hard to compete with on value alone. The free tier is also the only one on the market worth recommending: no cap, no ads, funded by the paid plans rather than your traffic.

good
  • Fast, audited, open-source apps on every platform
  • 5th consecutive annual independent audit (Securitum), plus a SOC 2 Type II
  • Bundle pricing with Mail/Drive/Pass: one subscription, whole stack
  • Trustworthy free tier, rare enough to be notable
  • Stealth protocol for networks that block VPNs
mind the
  • VC-backed and increasingly commercial: worth tracking, not currently a red flag
  • Account requires an email address (use an alias)
  • Not above jurisdiction; no VPN is. Switzerland helps, it doesn't exempt
free tier · paid from ~€5/mo (less bundled) protonvpn.com →

Mullvad

the anonymity pick
🇸🇪 swedenno email signupcash acceptedaudited€5/mo flat

The privacy-first gold standard. You get a random account number, no email, no name, and you can pay by mailing cash in an envelope. Flat €5/month forever, RAM-only servers, frequent audits, and when Swedish police raided them in 2023 there was nothing to take. If maximum network-level anonymity matters more than convenience and ecosystem value, this is the correct answer.

good
  • Account is a number; payment can be cash or Monero
  • RAM-only infrastructure; minimal attack surface by design
  • Raid-tested no-logs claim, the rarest credential there is
  • WireGuard-only now (OpenVPN fully retired Jan 2026), multihop, quantum-resistant tunnels
mind the
  • No streaming-unblocking arms race: some services stay blocked
  • Port forwarding was removed entirely
  • OpenVPN is gone: no fallback protocol if WireGuard is blocked on your network
  • Fewer countries and conveniences than Proton: austerity is the product
€5/mo flat, always mullvad.net →

Windscribe

the everyday alternative
🇨🇦 canadaincident-testedstrong free tierbuild-a-planfree · from ~$3/mo

The closest runner-up to Proton on everyday usability. Transparent to a fault: NCC Group audited it in 2024, and in 2025 a Greek prosecution tried to compel user data and Windscribe had nothing to hand over, a real-world no-logs test. The team also communicates like humans rather than a legal department. Strong free tier, and the build-a-plan pricing means you only pay for locations you use.

good
  • NCC Group-audited (2024); withstood a real attempt to compel user data in 2025 with nothing to hand over
  • Generous free tier; flexible à-la-carte pricing
  • Built-in blocker (R.O.B.E.R.T.) covers ads/trackers at the tunnel level
mind the
  • Canada is a Five Eyes jurisdiction, if that's in your model
  • Still a thinner audit trail than Proton or Mullvad despite the 2024 audit
  • No anonymous-signup story comparable to Mullvad's
free tier · paid from ~$3/mo build-a-plan windscribe.com →

IVPN

the no-account pick
🇬🇮 gibraltarno email signupcash acceptedauditedmultihopfrom ~$3.90/mo

Privacy-first in the same lineage as Mullvad: sign up with nothing but a randomly generated account number, pay with cash mailed in or crypto, and get independently audited apps with multihop connections for splitting trust across two jurisdictions at once. IVPN has long published its own anti-marketing essays on why VPNs aren't a privacy panacea, a level of candor that's rare in this industry and a strong signal about who's actually running the place.

good
  • No email or personal info required to create an account
  • Cash and crypto payment options, same as Mullvad
  • Independently audited apps and infrastructure; on its 7th consecutive annual Cure53 audit
  • Multihop included in the base Standard plan, not gated to a pricier tier
mind the
  • Smaller server network than Proton or Mullvad
  • No meaningful free tier, short trial only
  • Less brand recognition; fewer eyes on it than the larger players
from ~$3.90/mo (3yr) · $6/mo month-to-month ivpn.net →

Obscura VPN

the split-trust pick
multi-party relaymacos/ios + androidsplit-trust architecturenewer entrant$8/mo

A newer architecture rather than a newer brand on the same old design: Obscura splits the VPN into two independently operated hops so that no single party ever sees both who you are and what you're doing, conceptually similar to Apple's iCloud Private Relay, but usable as a standalone VPN rather than tied to Apple's ecosystem rules. Available on macOS, iOS, and now Android, with Windows and Linux in development behind a waitlist; this is still newer, less-proven infrastructure relative to a decade-old operator.

good
  • Split-trust, two-hop design: structurally resistant to a single operator seeing everything
  • Modern WireGuard-based implementation
  • Clean, focused apps on Apple platforms and Android
  • Independently audited (Cure53, Dec 2025): no high/critical findings
mind the
  • New company, no long-term track record or raid history to point to yet
  • Windows and Linux apps are still in development (waitlist)
  • Smaller network and team than the established players
$8/mo obscura.net →

at a glance

providerjurisdictionanonymous signupcash/xmrauditedfree tierfrom
Proton VPN🇨🇭 CHemail neededcash via supportyesyes~€5/mo
Mullvad🇸🇪 SEaccount numberbothregularlyno€5/mo
Windscribe🇨🇦 CAemail optional-ishcryptoincident-testedyes~$3/mo
IVPN🇬🇮 GIaccount numberbothregularlyno~$2/mo
Obscura VPN🇺🇸 USemail needednonewer, unauditedno~$5/mo

prices are ballpark monthly rates; annual plans run cheaper.

worth knowing

Know what a VPN can't do. Logged into Google? Google knows it's you, VPN or not. Browser fingerprinting, cookies, and account logins all work fine through a tunnel. A VPN hides your IP from sites and your traffic from your ISP: that's the whole list.

You might not need one. On your home network with encrypted DNS, HTTPS already covers most of it. The strong cases: public Wi-Fi, ISPs that sell browsing data, censorship, and location shifting.

Turn on the kill switch. Every pick here has one. Without it, a dropped tunnel quietly leaks your real IP until you notice.

Match your DNS to your tunnel. When the VPN is up, use its resolver (Proton's NetShield, Mullvad's DNS) rather than fighting it with a third party: consistent infrastructure means a consistent fingerprint. See DNS & Network.

Tor, not a VPN, for anonymity. If your threat model involves someone determined to identify you, a VPN moves trust; Tor distributes it. Different tool, different guarantees.