Discover more from The Shortcut
Best VPN 2023: keep your web browsing safe from prying eyes
What we’re learning in our pursuit of the best VPN so you can protect your online activity
Picking out the best VPN to shield your network traffic from view of big tech is no easy task that requires a good bit of research to complete. Although you can find free trials routinely, finding them all at the same time so you can do direct A and B testing over a given period of time is unlikely, and it can be costly to pay for them all.
Luckily, you can always count on The Shortcut to come in clutch with recommendations based on real testing insights, not just glorified guesswork or paid-for placement.
Do you need a VPN?
When deciding if you need a VPN, remember that web traffic to any well-made website already uses the same AES 256-bit encryption (often termed “military grade” in marketing copy) touted by some VPNs. That doesn’t mean their services aren’t valuable, but if encrypting your web traffic is a concern, that’s mostly already done without you spending a red cent (apart from paying exorbitant internet service rates, that is).
That encryption means that while your ISP can still see some data about your browsing habits – namely, which websites you visit and how long you’re there – but it can’t necessarily see the contents of that data. Even so, what it can do, and what VPNs can prevent, is sell the info it does have, couple with your personal information, to the highest bidder. You can opt out of that, but you’ll need to figure out how first. If that’s not an issue to you, you may not need a VPN at home.
Out in the world, however, it’s a different story. An enterprising hacker can use a router to broadcast the same network name (called an SSID) as a business’ WiFi network, and if you connect to that access point, your data is theirs for the taking. In simple terms, a VPN shields that data, acting as a tunnel through which your data travels to get where it’s going.
How to choose a VPN
Pick VPNs with routine transparency statements
Look for independent audits commissioned by VPNs with no-log policies
Review a prospective VPN’s privacy statement for concerning policies
Low prices are great, but if it seems too good to be true, it may be
Research whether the VPN has had security issues in the past
If a VPN’s been hacked before, look for an open disclosure about it
Best VPN overall
✅ Great price-to-speed ratio
✅ Significantly better pricing than NordVPN
❌ Parent company raises questions
CyberGhost VPN is the second-fastest VPN we’ve tested, averaging just a 22% speed loss when tested against a straight-up wired connection. It has more servers than those offered by NordVPN, though it’s likely that its server count is inflated by virtual servers, which providers will use to beef up supply when demand for a particular server outstrips available physical servers in that locale – a necessary practice and one most, if not all, VPN providers engage in.
In addition to providing decent speeds, there are reasons to believe CyberGhost is a good bet, at least in the short term, for privacy. CyberGhost publishes quarterly transparency reports detailing how many legal requests it’s received, status updates on projects and future plans, analysis of data surrounding malicious web activity and more.
Like PIA, it also recently completed an independent security audit by Deloitte, one of the largest independent auditing firms in the world, to confirm its no-logging policy. The company says Deloitte confirmed it keeps no logs, though the report isn’t published on CyberGhost’s website – we’ve requested a copy from the auditor and hope to verify CyberGhost’s claims, but the request hasn’t been acknowledged.
And a brief disclaimer: I awarded CyberGhost our Editor’s Choice distinction because, although it’s not the fastest VPN, I’m impressed by its thorough transparency work, and lightweight app that tends to use few system resources – which could be unimportant to you if you have the best CPU, but not all of us do. Combined with its recent audit, it appears to be the most trustworthy company for privacy (that’s not to say the other companies look shady, because they largely don’t – CyberGhost has just put in the most transparency effort).
However, CyberGhost’s parent company, Kape Technologies, raises some questions, given its past existence as Crossrider, a company that distributed tech that enabled massive malware distribution. As far as I can tell, the company wasn’t directly responsible (its software was being misused), and to its credit, when the situation spun out of control, it openly shut down that part of its business and pivoted to cybersecurity, citing malware distribution on its platform.
Restore Privacy has a great write-up if you’d like to read more, with links out to other reputable security analysts’ sites.
Best VPN for speed
✅ Very fast throughput
✅ Easy interface
NordVPN is one of the most well-regarded VPNs on the market today, making it a natural choice for my testing. It’s an easy-to-use VPN with the fastest, most consistent speeds of any I’ve tested, so far. Across twenty tests, divided evenly between the VPN and going bareback, download throughput averaged 416Mbps on my 500Mbps connection. Without the VPN, I averaged 473.72Mbps down. That’s a 12% speed loss, which is fantastic for a VPN.
It wouldn’t be a modern VPN without bells and whistles, so NordVPN is packed with its own ad-blocking, tracker-blocking and anti-malware software. That’s for just the basic “Standard” plan – upgrading nabs you features like a password manager, data breach scanner or, at the highest level, 1TB of cloud storage – if you like that plan, buying it longer-term is a decent value if you’re using it as a supplemental backup to your existing cloud and local storage, though I hesitate to recommend it as your only cloud backup.
As of this writing, Nord offers access to about 5,500 servers in 59 countries. That’s a little light, compared to other VPN services – CyberGhost, for example, offers almost 10,000 – and though it serves Europe, the Americas and the Asia Pacific well, if robust African and Middle East servers are important to you, you won’t find that here.
It’s not without issues, however. A 2019 breach of one of its servers raised questions about its security practices, prompting Nord to issue a lengthy statement detailing the breach, which it disclosed within a day of it coming to light. The attacker reportedly had unfettered access to the server and all data coursing through it. This was just one server of thousands, but it’s worth noting.
A top-tier VPN service
Throughput second only to NordVPN
Open-source browser extension
Pricey compared to others
ExpressVPN offers faster service than every VPN I’ve tested with the exception of NordVPN, making it an excellent alternative if you’re a little skittish about Nord’s now-4-year-old breach (which, by all accounts, was very minor). It only resulted in a little over a 13% download throughput penalty across 10 tests conducted on my Galaxy Book 2 360. I did see some low-single-digit upload speed during a stretch that wasn’t reflected by a non-VPN connection, but only over a short period – overall, it was a solid experience.
Choosing ExpressVPN comes with some drawbacks, however. Of the bunch we’ve tested, it supports the fewest devices on its basic plan, with five simultaneous device connections. Additionally, while it’s mostly competitive in monthly cost at $12.95/month (the cheapest plan tested is Private Internet Access at $11.95), bumping up to 6 months or yearly doesn’t result in any massive savings, as its $99.95 yearly plan only drops the monthly cost to $8.32.
Finally, ExpressVPN offers a unique product: the Aircove VPN router. While it’s true that you can configure most routers to use a VPN, having one built in comes with its perks – namely more user-friendly setup. I haven’t tested the router yet, but when I do, you can be sure I’ll publish my thoughts.
Best cheap VPN
✅ Supports 10 devices
✅ Good pricing for the performance
❌ Slowest of those we’ve chosen
Private Internet Access (PIA) was the first VPN I ever used years ago, and it remains a solid choice now. Buyers will get VPN service for ten devices at a price cheaper than the 7-device coverage offered by CyberGhost VPN, one of our other picks for best VPN, at least at the time of this writing.
Its monthly plan is also more reasonable than the others on this list, sitting at just $11.95 per month and undercutting the next cheapest option by a buck a month. Its 1-year and 3-year plans are the lowest of those we’ve tested and its yearly plan ends up being perhaps the best deal when compared to the rest. If you want a dedicated IP address, it costs about as much as that offered by CyberGhost, but is cheaper than Nord’s offering by quite a bit.
Of course, the old adage “you get what you pay for” holds somewhat true here, and PIA was the slowest during our test period compared to other VPNs. Averaging a roughly 31% throughput penalty, it cut a fairly significant chunk off my 500Mbps cable plan, rarely topping 400Mbps.
Part of the poor speed issues might be the result of its tendency to ignore nearby servers in the Midwest and instead connect me to east coast servers. It didn’t do this every time, but it was nevertheless frustrating, as I would rather rely on auto-connect than to manually pick my server.
Even so, at its slowest, PIA was fast enough to be unnoticeable in normal usage – so if cost is an issue and you’re not frequently pulling down large files, it’s worth a gander.
Final note: Private Internet Access is owned by Kape Technologies. See the last half of my write-up above about CyberGhost, which is also owned by Kape. PIA has a seemingly impressive track record on transparency as well, but its transparency reports don’t appear to be on a schedule, nor are they quite as thorough as CyberGhost’s.
How to stay secure online
While a VPN can be a handy tool, it’s not a whole-cloth security solution. Here are some other online privacy and security best practices:
Always use trusted, up-to-date browsers.
Avoid websites with expired security certificates or which don’t begin with HTTPS – an indicator that the site encrypts web traffic data.
Always download the latest security updates for your software and hardware ASAP.
Create complex, unique passwords for all online accounts.
Enable 2-factor authentication where possible – preferably through an authenticator app or trusted device, but if text message is your only option, that’s better than nothing.
Do not store your passwords on physical paper or in places like Google Drive – instead, keep them in a password manager like 1Password or even the one included in the Chrome or Firefox browsers. We do not recommend, given its poor cybersecurity track record, using LastPass.
How I’m testing
Properly testing a VPN, as with any internet-based testing, is tricky. Many confounding variables can influence internet throughput, such as your physical location, your ISP, your hardware and even your software. My tests are as controlled as possible, but being a remote worker means when I use these products, for the most part, I’m using them as you would: I turn them on and go about my day.
To get some ideas about how they perform, I used Ookla Speedtest, which uses information about your public IP address – that is, the digital address that signifies your home network – to connect you to the nearest, fastest server it can find.
There are other internet speed test services like it – Fast.com – Netflix’s utility – offers a basic interface for checking your streaming capability, while Google’s Chrome browser incorporates M-Lab’s internet speed test tool. I prefer Ookla for its feature-rich implementation and the ability to view my history – doing this has enabled me to offer proof to my ISP of ongoing issues that led to the repair of one of its nearby hubs, once.
My tests involve running random dual throughput tests during the day and night, one with the VPN on and one with it off. I then average these tests and find the percentage difference between my VPN results and those going straight through my ISP, which for me is Spectrum.
My test computer is a Samsung Galaxy Book 2 360, which I have hardwired, using a Plugable 2.5GbE USB-C adapter, into an unmanaged network switch plugged straight into my router. While I do some testing on my primary machine, a 2021 M1 iMac most people still use Windows-based machines, so it makes sense to gather my numbers with the Samsung laptop.
I am not a cybersecurity expert, and it would be irresponsible for me to claim otherwise. While I’m well familiar with many of the concepts involved in the use of VPNs, I have only made sparing use of them in the past. The trade-off of speed and reliability for privacy isn’t worth it for my purposes, particularly since I do my best to follow web security best practices like complicated, unique passwords and using 2-factor authentication wherever possible.
Because I’m not a security researcher, I cannot tell you for certain if a VPN will keep your personal data and web habits safe any more than I could claim any company will – I can only test them, look over their feature set and privacy claims, and report my findings.
VPNs are a murky world, filled with misleading security claims, privacy breaches and confusing terminology. I find the ones mentioned here are the most transparent and easy to use, which are huge pluses for the average person.
By necessity, VPNs often operate in hazy legal arenas, host their infrastructure in countries with liberal privacy laws and at times it’s even difficult to suss out who owns them. And while many VPNs make use of independent audits to verify their privacy claims and practices, there are reasons to think that the biggest audit companies in the world may not be as reliable as they claim. So, do consider the data I present here, but only as one part of your research into the best VPN for your needs.
Published: January 25, 2023
Updated: February 24, 2023