481

submitted 2 days ago* (last edited 2 days ago) by Charger8232@lemmy.ml to c/privacy@lemmy.ml

146 comments fedilink hide all child comments

VPN Comparison

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

AirVPN
IVPN
Mozilla VPN
Mullvad VPN
NordVPN
NymVPN
Private Internet Access (abbreviated PIA)
Proton VPN
Surfshark VPN
Tor (technically not a VPN)
Windscribe

Notes

I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

If you don't mind the speed cost, Tor is a really good option to protect your IP address.
If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

you are viewing a single comment's thread
view the rest of the comments

[-] cmhe@lemmy.world 28 points 2 days ago

Na... The likelyhood of installing some bad or fake app from google play store is much higher than on fdroid.

[-] Corridor8031@lemmy.ml 3 points 2 days ago

i think the security issues are not about fake apps, but about fdroid signing the builds themself, while their build infrastrcuture is described as insecure

[-] cmhe@lemmy.world 4 points 2 days ago* (last edited 2 days ago)

The issue there AFAIK is that some app builds aren't fully reproducible, because if they were the developer signature would still apply and be used. In the reproducible case the security of the build infra wouldn't matter, because the same app would be produced the same regardless were they are build.

Without reproducible builds, you cannot really trust the software anyway, because the Dev could hook some hidden code only for the released binary app and sign that.

[-] Corridor8031@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

uhm no not really? I mean reproducible builds are used to cross verfiy that it is the same binary in this case, but like android has no mechanism to do that, this is not how it works.

that a build should be reproducible is more about your second point and doesnt really have anything to do with fdroid, as far as i know

Edit: these links should explain it all: https://discuss.grapheneos.org/d/21675-fdroid-security/2

[-] cmhe@lemmy.world 4 points 2 days ago

Once it passes inspection, the F-Droid build service compiles and packages the app to make it ready for distribution. The package is then signed either with F-Droid’s cryptographic key, or, if the build is reproducible, enables distribution using the original developer’s private key. In this way, users can trust that any app distributed through F-Droid is the one that was built from the specified source code and has not been tampered with.

https://f-droid.org/en/2025/09/29/google-developer-registration-decree.html

this post was submitted on 10 Oct 2025

481 points (97.8% liked)

Privacy

42502 readers

874 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS