The best VPN – that is, a Virtual Private Network – to keep your internet activity private in a quickly-changing online world is a tricky thing to choose, and before you start forking over cash, some research is needed. Yet, for the most part, actually trying out all the contenders would cost a good chunk of change, even if VPNs frequently offer low-cost or even free trials.

Luckily, you can always count on The Shortcut to come in clutch with recommendations based on real testing insights, not just glorified guesswork.

Do you need a VPN?

When deciding if you need a VPN, remember that web traffic to any well-made website already uses the same AES 256-bit encryption (often termed “military grade” in marketing copy) touted by some VPNs. 

That encryption means that while your ISP can still see some data about your browsing habits – namely, which websites you visit and how long you’re there – but it can’t necessarily see the contents of that data. However, it can sell that information, coupled with your personal information, provided you haven’t opted out. If that’s not an issue to you, you may not need a VPN at home.

Out in the world, however, it’s a different story. An enterprising hacker can use a router to broadcast the same network name (called an SSID) as a business’ WiFi network, and if you connect to that access point, your data is theirs for the taking. In simple terms, a VPN shields that data, acting as a tunnel through which your data travels to get where it’s going. 

How to choose a VPN

• Pick VPNs with routine transparency statements

• Look for independent audits commissioned by VPNs with no-log policies

• Review a prospective VPN’s privacy statement for concerning policies

• Low prices are great, but if it seems too good to be true, it may be

• Research whether the VPN has had security issues in the past

• If a VPN’s been hacked before, look for an open disclosure about it

1. CyberGhost VPN

Best VPN overall

• ✅ Great price-to-speed ratio

• ✅ Significantly better pricing than NordVPN

• ❌ Parent company raises questions

CyberGhost VPN

CyberGhost VPN is the second-fastest VPN we’ve tested, averaging just a 22% speed loss when tested against a straight-up wired connection. It has more servers than those offered by NordVPN, though it’s likely that its server count is inflated by virtual servers, which providers will use to beef up supply when demand for a particular server outstrips available physical servers in that locale.

In addition to providing decent speeds, there are reasons to believe CyberGhost is a good bet, at least in the short term, for privacy. CyberGhost publishes quarterly transparency reports detailing how many legal requests it’s received, status updates on projects and future plans, analysis of data surrounding malicious web activity and more. 

Like PIA, it also recently completed an independent security audit by Deloitte, one of the largest independent auditing firms in the world, to confirm its no-logging policy. The company says Deloitte confirmed it keeps no logs, though the report isn’t published on CyberGhost’s website – we’ve requested a copy from the auditor and hope to verify CyberGhost’s claims.

And a brief disclaimer: I awarded CyberGhost our Editor’s Choice distinction because, although it’s not the fastest VPN, I’m impressed by its thorough transparency work, and lightweight app that tends to use few system resources – which could be unimportant to you if you have the best CPU, but not all of us do. Combined with its recent audit, it appears to be the most trustworthy company for privacy (that’s not to say the other companies look shady – CyberGhost has just put in the most transparency effort).

However, CyberGhost’s parent company, Kape Technologies, raises some questions, given its past existence as Crossrider, a company that distributed tech that enabled massive malware distribution. As far as I can tell, the company wasn’t directly responsible (its software was being misused), and to its credit, when the situation spun out of control, it openly shut down that part of its business and pivoted to cybersecurity, citing malware distribution on its platform.

Restore Privacy has a great write-up if you’d like to read more, with links out to other reputable security analysts’ sites.

2. NordVPN

Best VPN for speed

• ✅ Very fast throughput

• ✅ Easy interface

• ❌ Expensive

NordVPN

NordVPN is one of the most well-regarded VPNs on the market today, making it a natural choice for my testing. It’s not without issues, however. A 2019 breach of one of its servers raised questions about its security practices, prompting Nord to issue a lengthy statement detailing the breach, which it disclosed within a day of it coming to light. The attacker reportedly had unfettered access to the server and all data coursing through it. This was just one server of thousands, but it’s worth noting upfront.

While I encourage you to read up on it, it’s an unavoidable option, so here is my take of the surface-level NordVPN experience.

NordVPN is an easy-to-use VPN with the fastest, most consistent speeds of any I’ve tested, so far. Across twenty tests, divided evenly between the VPN and going bareback, download throughput averaged 416Mbps on my 500Mbps connection. Without the VPN, I averaged 473.72Mbps down. That’s a 12% speed loss, which is fantastic for a VPN.

It wouldn’t be a modern VPN without bells and whistles, so NordVPN is packed with its own ad-blocking, tracker-blocking and anti-malware software. That’s for just the basic “Standard” plan – upgrading nabs you features like a password manager, data breach scanner or, at the highest level, 1TB of cloud storage – if you like that plan, buying it longer-term is a decent value if you’re using it as a supplemental backup to your existing cloud and local storage, though I hesitate to recommend it as your only cloud backup.

As of this writing, Nord offers access to about 5,500 servers in 59 countries. That’s a little light, compared to other VPN services – CyberGhost, for example, offers almost 10,000 – and though it serves Europe, the Americas and the Asia Pacific well, if robust African and Middle East servers are important to you, you won’t find that here.

3. Private Internet Access

Best cheap VPN

• ✅ Supports 10 devices

• ✅ Good pricing for the performance

• ❌ Slowest of those we’ve chosen

Private Internet Access

Private Internet Access (PIA) was the first VPN I ever used years ago, and it remains a solid choice now. Buyers will get VPN service for ten devices at a price cheaper than the 7-device coverage offered by CyberGhost VPN, one of our other picks for best VPN, at least at the time of this writing.

Its monthly plan is also more reasonable than the others on this list, sitting at just $11.95 per month and undercutting the next cheapest option by a buck a month. Its 1-year and 3-year plans are the lowest of those we’ve tested and its yearly plan ends up being perhaps the best deal when compared to the rest. If you want a dedicated IP address, it costs about as much as that offered by CyberGhost, but is cheaper than Nord’s offering by quite a bit.

Of course, the old adage “you get what you pay for” holds somewhat true here, and PIA was the slowest during our test period compared to other VPNs. Averaging a roughly 31% throughput penalty, it cut a fairly significant chunk off my 500Mbps cable plan, rarely topping 400Mbps. 

Part of the poor speed issues might be the result of its tendency to ignore nearby servers in the Midwest and instead connect me to east coast servers. It didn’t do this every time, but it was nevertheless frustrating, as I would rather rely on auto-connect than to manually pick my server. 

Even so, at its slowest, PIA was fast enough to be unnoticeable in normal usage – so if cost is an issue and you’re not frequently pulling down large files, it’s worth a gander.

Final note: Private Internet Access is owned by Kape Technologies. See the last half of my write-up above about CyberGhost, which is also owned by Kape. PIA has a seemingly impressive track record on transparency as well, but its transparency reports don’t appear to be on a schedule, nor are they quite as thorough as Cybert’s.

How to stay secure online

While a VPN can be a handy tool, it’s not a whole-cloth security solution. Here are some other online privacy and security best practices: 

• Use trusted, up-to-date browsers.

• Avoid websites with expired security certificates or which don’t begin with HTTPS – an indicator that the site encrypts web traffic data. 

• Always download the latest security updates for your software and hardware ASAP.

• Create complex, unique passwords for all online accounts.

• Enable 2-factor authentication where possible – preferably through an authenticator app or trusted device, but if text message is your only option, that’s better than nothing.

• Do not store your passwords on physical paper or in places like Google Drive – instead, keep them in a password manager like 1Password or even the one included in the Chrome or Firefox browsers. We do not recommend, given its poor cybersecurity track record, using LastPass.

How I’m testing

Properly testing a VPN, as with any internet-based testing, is tricky. Many confounding variables exist that can influence internet throughput, such as your physical location, your ISP, your hardware and even your software. My tests are as controlled as possible, but being a remote worker means when I use these products, for the most part, I’m using them as you would: I turn them on and go about my day.

To get some ideas about how they perform, I used Ookla Speedtest, which uses information about your public IP address – that is, the digital address that signifies your home network – and connects you to a nearby server that it believes to be the fastest. There are other internet speed test services like it – Fast.com, Netflix’s utility, offers a basic interface for checking your streaming capability, while Google’s Chrome browser incorporates M-Lab’s internet speed test tool. I prefer Ookla’s offering for its feature-rich implementation and the ability to view my history – doing this has enabled me to offer proof to my ISP of ongoing issues that led to the repair of one of its nearby hubs.

My tests involve running random dual throughput tests throughout the day and night, one with the VPN on and one with it off. I then average these tests and find the percentage difference between my VPN results and those going straight through my ISP, which for me is Spectrum. 

My test computer is a Samsung Galaxy Book 2 360, which I have hardwired, using a Plugable 2.5GbE USB-C adapter, into an unmanaged network switch plugged straight into my router. While I do some testing on my primary machine, a 2021 M1 iMac, most people still use Windows-based machines, so it makes sense to gather my numbers there.

A disclaimer

I am not a cybersecurity expert, and it would be irresponsible for me to claim otherwise. While I’m well familiar with many of the concepts involved in the use of VPNs, I have only made sparing use of them in the past. The trade-off of speed and reliability for privacy isn’t worth it for my purposes, particularly since I do my best to follow web security best practices like complicated, unique passwords and using 2-factor authentication wherever possible.

Because I’m not a security researcher, I cannot tell you for certain if a VPN will keep your personal data and web habits safe any more than I could claim any company will – I can only test them, look over their feature set and privacy claims, and report my findings. 

VPNs are a murky world, filled with misleading security claims, privacy breaches and confusing terminology. By necessity, they often operate in hazy legal arenas, host their infrastructure in countries with liberal privacy laws and at times it’s even difficult to suss out who owns them. So, do consider the data I present here, but only as one part of your research into the best VPN for your needs.