Freedom respecting VPN providers, alternative to PIA - Community help request

Hello,

There are frequent discussions on Telegram, regarding recent purchase of PrivateInternetAccess, and concerns about security and privacy, I would like to start a thread where we can share potential alternatives, evaluate and review together. This will hopefully help our community by providing interesting insight on various VPN providers.
This is not to discus private droplets/VPS/VMs that you self deployed. This is more about companies that provide services similar to PIA, while being linux compatible, privacy and security respecting, and using open source technology.

How to help?
If you are using a VPN provider you think respects privacy and security, please copy-paste the list below and fill it with as many details as you can.

  • Share VPN service webpage link:
  • Is it open source or not?
  • Does it have a linux client? is it opensource ?
  • Does it provide a browser extension? for which browsers ?
  • Does it provide a SOCKS5/SSH/HTTP/SSL proxy server ?
  • How many devices can you use per account ?
  • Available openvpn/openconnect/wireguard profiles ?
  • Does the provider Log traffic and info or not ?
  • Does the provider have proven security track record ?
  • Did the provider ever undergo an external security audit? Is this a recurring process?
  • Link an external review if found any:
  • Price per month/year:
  • PROs & CONs found by reviewer:

Cheers
Mauro

1 Like

ProtonVPN

Share VPN service webpage link: https://protonvpn.com/

Is it open source or not?
I can’t find information on which solutions they’re using internally.

Does it have a linux client? is it opensource ?
Yes there’s a Linux CLI under the GPLv3 but I don’t currently recommend it. Linux users should download the OpenVPN profile of their choice and run it in terminal using openvpn.

https://protonvpn.com/support/linux-vpn-setup/
https://github.com/ProtonVPN/protonvpn-cli-ng
https://protonvpn.com/blog/open-source/

Does it provide a browser extension? for which browsers ?
No

Does it provide a SOCKS5/SSH/HTTP/SSL proxy server ?
None of the above but they’ll tunnel through the client.

How many devices can you use per account ?
ProtonVPN Free: 1
ProtonVPN Basic: 2
ProtonVPN Plus: 5

Available openvpn/openconnect/wireguard profiles ?
Supports OpenVPN and IKEv2 (TCP/UDP)
Wireguard inclusion has been under development for about a year: https://protonvpn.com/blog/wireguard-donation/

Does the provider Log traffic and info or not?
No

https://protonvpn.com/support/no-logs-vpn/
https://protonvpn.com/blog/transparency-report/

Does the provider have proven security track record ?
There’s been no issues i’m aware of since it’s launch in 2017 and it’s sister company Protonmail has a stellar record under the same founders:

https://www.ibtimes.com/protonmail-leads-encryption-companies-committed-user-privacy-after-paris-terrorist-2198749
https://protonmail.com/blog/swiss-surveillance-law-referendum/

Did the provider ever undergo an external security audit? Is this a recurring process?
Their Android, iOS, Mac OS and Windows clients have been audited by Sec Cosult: https://protonvpn.com/blog/open-source/

Mozilla reviewed their “implementations, organizational structure, and our technology” as part of the beginning of an ongoing partnership. I’m unaware if this includes ongoing audits: https://blog.mozilla.org/futurereleases/2018/10/22/testing-new-ways-to-keep-you-safe-online/

Link an external review if found any:
https://www.youtube.com/results?search_query=protonvpn

Price per month/year:
ProtonVPN Free: 1
ProtonVPN Basic: $4/mo or $48/yr
ProtonVPN Plus: $8/mo or $96/yr

When combined with a paid Protonmail account both the Email and the VPN are discounted 20% under the monthly option or 36% under the yearly option.

PROs & CONs found by reviewer:
Well trusted company, good service, a lot of locations but the features are simplistic.

Extras:

Unique Features:
“SecureCore” servers tunnel your traffic through them prior to the destination country so if the endpoint is compromised it makes it a lot more difficult to “match VPN clients with their traffic”.

https://protonvpn.com/support/secure-core-vpn/

They supply some Tor VPN servers so all traffic goes over Tor beyond the VPN.

https://protonvpn.com/support/tor-vpn/

Customer Support:
Email form, wiki

Is there a bug bounty program?
Yes: https://protonvpn.com/blog/bug-bounty-program/

Does it throttle or block specific ports or types of traffic like torrenting or TOR?
No

Does it provide a DNS service?
All traffic is automatically bound to ProtonVPNs DNS service. They don’t have one you can point to when not using their VPN.

7 Likes

I second ProtonVPN. I am using it myself and think I said so countless times on this forum. :slight_smile: I have nothing more to add.

2 Likes

Hello guys,

Thanks for the replies. In order to expand the research and provide more alternatives, I had a look at various FOSS oriented forums, and it seems that people are recommending:

ProtonVPN
Mullvad VPN https://mullvad.net/en/
TorGuard https://torguard.net/

Since ProtonVPN has been covered already, I want to ask if there is anyone here using either mullvad or torguard, that can provide some feedback/review?
If not, I will dig more info, subscribe to both and follow up here.

1 Like

ExpressVPN

Share VPN service webpage link: https://www.expressvpn.com/

Is it open source or not?
Only their leak test and browser extension are open source under GPLv2: https://github.com/ExpressVPN

Does it have a linux client? is it opensource ?
User friendly Linux CLI: https://www.expressvpn.com/support/vpn-setup/app-for-linux/
No mention if it’s open source, need confirmation from someone with an account who can download it.

Officially supports 32/64bit Debian, Ubuntu, Fedora and CentOS

Does it provide a browser extension? for which browsers ?
Firefox/Chrome: https://www.expressvpn.com/blog/browser-extensions-latest-updates/
Under GPLv2: https://github.com/expressvpn/expressvpn_browser_extension

Does it provide a SOCKS5/SSH/HTTP/SSL proxy server ?
None of the above but they’ll tunnel through the client.

How many devices can you use per account ?
5, https://www.expressvpn.com/blog/connect-five-devices/

Available openvpn/openconnect/wireguard profiles ?
OpenVPN (TCP/UDP), SSTP, L2TP/IPSec, and PPTP

Does the provider Log traffic and info or not ?
No: https://www.expressvpn.com/privacy-policy

Does the provider have proven security track record ?
Dec 2017, Turkish investigators seized an ExpressVPN server and were unable to find any logs: https://www.expressvpn.com/blog/expressvpn-statement-andrey-karlov-investigation/

Jan 2016, after being criticized by a former Google information security engineer over weak encryption ExpressVPN upgraded users from 1024-bit RSA key to 4096-bit RSA a month later: http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/

Ongoing ownership and location anonymity:

https://www.pcworld.com/article/3223384/expressvpn-vpn-review.html

According to their website in 2009 they originally claimed, “our network is located in Hong Kong”, currently they declare their corporate location as the British Virgin Islands.

https://web.archive.org/web/20090816192024/http://www.expressvpn.com/

Late 2019, HP partnered with ExpressVPN to have it pre-installed on HP Spectre x360 13 laptops with a 30-day free trial. ExpressVPN expects similar partnerships with more companies.

https://www.expressvpn.com/blog/expressvpn-preinstalled-on-hp-computers/

Did the provider ever undergo an external security audit? Is this a recurring process?
Jan 2019, invited Cure52 to test their browser extension: https://cure53.de/pentest-report_expressvpn.pdf

May 2019, PwC (Pricewaterhouse Coopers) hired to verify their VPN server’s codebase

https://s22908.pcdn.co/wp-content/uploads/2019/07/ExpressVPN-PWC-Audit-May20.pdf
https://www.expressvpn.com/blog/pwc-audits-expressvpn-servers-to-confirm-essential-privacy-protections/

No mention of commitments to reoccuring audits.

Link an external review if found any:
Top Spark: https://www.youtube.com/watch?v=N1MkWLyBSTI
Top Spark: https://www.youtube.com/watch?v=cJJMolC4RAM

Price per month/year:
Monthly
$12.95/mo
$59.94/6 mo ($9.99/mo)
$99.84/yr ($8.32/mo)
Accepting: Credit Card / Paypal / Bitcoin / Paymentwall

https://www.expressvpn.com/order

PROs & CONs found by reviewer:
Good speeds, good customer support, high price, anonymous location and leadership.

Extras:

Customer Support:
Live chat, Email form, wiki

Is there a bug bounty program?
Yes: https://www.expressvpn.com/bug-bounty

Does it throttle or block specific ports or types of traffic like torrenting or TOR?
No

Does it provide a DNS service?
Yes but i’m not sure if it requires their Windows software to use it or if it’s applied on their servers. There’s also no mention of an IP you can use seperate from their VPN.

https://www.expressvpn.com/support/troubleshooting/set-dns-servers-for-windows/

TorGuard

Share VPN service webpage link: https://torguard.net/

Is it open source or not?
I can’t find information on which solutions they’re using internally.

Does it have a linux client? is it opensource ?
Yes with a full featured GUI, no evidence of any of their client code being open source aside from 3rd party packages they’ve included.

Supported:
Ubuntu, Mint and Debian (64Bit only) .deb download
Red Hat, Fedora, CentOS (64Bit only) .rpm download
Arch Linux (64Bit only) Arch install download

Does it provide a browser extension? for which browsers ?
Firefox extension - Mozilla Public License v2.0
Chrome extension - No mention of a license (someone needs to check the XPI)

Does it provide a SOCKS5/SSH/HTTP/SSL proxy server ?
SOCKS5, HTTP and SSL: https://torguard.net/anonymousbittorrentproxy.php

How many devices can you use per account ?
VPN: 8
Proxy: 5

Available openvpn/openconnect/wireguard profiles ?

  • OpenVPN, WireGuard, L2TP, IPSec and SSTP
  • SSL VPN via OpenConnect, Stunnel, WireGuard and Browser Extensions

https://torguard.net/anonymoustorrentvpn.php

Does the provider Log traffic and info or not ?
No, https://www.vpnnologs.com/en/torguard-net/

Does the provider have proven security track record ?
(Needs more research)

Did the provider ever undergo an external security audit? Is this a recurring process?
Not one that I could find.

Link an external review if found any:

https://www.youtube.com/watch?v=vjpUHKpegnc

Price per month/year:
VPN: $9.99/mo, $19.99/4mo, $29.99/6mo, $59.99/yr
Proxy: $5.95/mo, $14.95/4mo, $29.95/6mo, $46.95/yr
Accepting: Credit Card / Bitcoin + Litecoin / CoinPayments / Gift Card / Paymentwall / Amazon Pay

PROs & CONs found by reviewer:
High reliability, good speed, high customization/features

Extras:

Corporate Location:
US

CVEs (0)

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=torguard

Unique Features:

  • They have a working relationship with Netflix to provide compatibility
  • Both network and per-application kill switches (confirmed on Linux)

Customer Support:
Email, wiki

Is there a bug bounty program?
Yes but it’s limited to “TorGuard servers, the TorGuard website, and the TorGuard mobile apps” so the browser extensions and VPN clients aren’t covered.

https://torguard.net/blog/new-torguard-2020-bug-bounty-program-details/

Does it throttle or block specific ports or types of traffic like torrenting or TOR?
No