I made a spreadsheet comparing different open source VPN providers.
Part 2 here
Providers
Notes
- Please do not start a flame war about Proton.
- Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
- The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
- IVPN has two differing plans, which is why “Standard” and “Pro” are sometimes differentiated.
- For accounts, “Generated” means a random identifier is created for you to act as your account, “Required” means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
- Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
- All prices are in United States Dollars. Tax is not included.
- Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
- The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
- The Proton VPN Flatpak is unofficial, but based on the official code.
- Availability on secureblue is based on the
ujust install-vpncommand. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages. - I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.
Takeaways
- NymVPN is very very new, but it’s off to a strong start. It wins in almost every category. I actually hadn’t heard of it until I started this project.
- If you want a free VPN, Proton VPN is the only one here that meets that requirement.
- If you want to pay week-by-week, IVPN is the only one that allows that.
- If you’re paying month-by-month on a budget, Mullvad VPN is the cheapest option.
- NymVPN is the cheapest plan for anything past 1 month.
- If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
- If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
- Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn’t even matter.
Never heard of NymVPN. Does anyone use them?
I use Mullvad, and I really trust their devs. Not really looking to change, but having more options is always good.
Yeah me neither. This kinda feels like a nymvpn ad
Same boat, Nym’s long term costs seem to scale much better, but I’d be reluctant to leave Mullvad
I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.
I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.
I don’t really pay attention to these “discounts”. It is, generally, just a marketing tactic. Plenty of services/websites/shops have the same discount 24/7.
You’re right, it is pretty common to do that but there’s always the chance they just cancel the discount around renewal. If you have autopay then you probably already committed to the new price before you realized what happened.
What would happen if you tried to put I2P on there?
… I guess you’d have to go by the different outproxies… ?
I was grumped by not seeing PIA on this break down. I’ve been using it for years and have always had a good experience with it. But I’m not so sure I know their privacy side now that I see this great break down
Edit: just re read the post again and I think PIA isn’t on here cause it’s not open source?
PIA is an American owned company obligated to comply with the Five Eyes Alliance, they’re legally obligated to retain your personal information unless noted otherwise.
Source their privacy policy, which FYi compare their Privacy Policy to another company like Mullvad and notice how theirs reads like a novel compared to Mullvads, that’s an immediate red flag.
Thank you for this
Still learning here
I’m finding out that I’ve been mislead. Probably by their marketing.
I remember an ad I saw for PIA saying something along the lines of “the only VPN that can prove in a court of law that they don’t retain your data”
Either it’s a lie or it doesn’t actually carry the weight I thought it did.
Isn’t Mozilla VPN built on Mullvad? Also, why this instead of https://thatoneprivacysite.xyz/#detailed-vpn-comparison
Isn’t Mozilla VPN built on Mullvad?
Yes. That’s included in the comparison.
Also, why this instead of https://thatoneprivacysite.xyz/#detailed-vpn-comparison
They don’t include NymVPN.
Nice comparison. Thanks for sharing! Any reason NordVPN was excluded?
It isn’t open source.
Those are clients/for clients tho.
Server is proprietary closed-sauce.
I wonder which VPNs of the ones listed open sourced their backend/server side?
edit: Neither Mullvad or Proton have…
However, their client software for Linux at least is:
I believe Wireguard/OpenVPN/etc profile availability is more important than Google Play Store.
Okay, what exactly are the benefits of a VPN for the average user (non-corporate), besides pretending to be somewhere else?
Data retention laws of your ISP.
What can they collect, seeing as HTTPS is common nowadays? I mean, they could have DNS wueries, I guess. But then how does custom DNS vs VPN compare?
Assuming every connection you make is encrypted with TLS (HTTPS) or otherwise encrypted:
If you use encrypted custom DNS, your ISP sees only the IP addresses you connect to. If you use unencrypted DNS or ISP-provided DNS, they see the hostnames plus the IP addresses.
How does one know if their DNS is encrypted?
And what would the benefits of a VPN be, if any, in this scenario?
It can prevent man in the middle observation or attack and allow you to avoid a particular type of location tracking.
Another user on an instance I don’t see posts from talked about tls in response to your question about https. It’s important to recognize that the certificate based system for establishing identity when making a tls connection is cooked and has been for twenty years at least. It may have been designed flawed from the start.
Because of that, the combination of dns over https or dns over tls and a vpn you trust allows you to bypass certificate attacks.
Can Nym be used on an OpenWrt router? Does it require a special app or can it be used with a standard wireguard config?
Can Nym be used on an OpenWrt router?
A guide is in the works.
Does it require a special app or can it be used with a standard wireguard config?
Nym looks interesting and I hadn’t heard of it before, but based on my reading I wouldn’t say it supports wireguard.
It implements wireguard but it still looks like you need to use their client instead of a vanilla wireguard one.
Why is being on the Google Play store a feature worth highlighting? To use an F-Droid expression, that would be an anti-feature.
As I mentioned, the availability section is security focused. F-Droid has potential security issues compared to Accrescent or the Google Play Store.
I didn’t suggest F-Droid for inclusion though. I merely used its applicable terminology. Still, with Google Play, you trust Google to ensure that the apk is from the actual source, and with F-Droid, that’s delegated to F-Droid. I don’t see that as being less secure.
I didn’t suggest F-Droid for inclusion though. I merely used its applicable terminology.
My bad, I understand now.
Because it’s security focused, it includes app stores that are good for their security (regardless of privacy). Other app stores, such as F-Droid, have security issues that Accrescent and the Google Play Store don’t share. This topic has been argued to death countless times before, and I don’t want to start a flame war, but do try researching it and see what comes up.
While F-Droid has security issues, the ideological security benefit it provides that Accrescent/Play Store/Obtainium doesn’t is the guarantee that the app is open source, and if the developer goes rogue (I.e. Simple Mobile Tools) it gets removed. A lot could be improved though.
With the upcoming restrictions on third-party apps that Google has announced maybe? It’ll be easier to get from Play, and may not be available otherwise at all.
I don’t think giving into Google seizing more power is the way. People doing that is what enables the corporation to continue and have more control over their lives, including their privacy.
Whats best for mainland China?
AirVPN needs some spotlight.
no love for windscribe? :(
CEO is a jackass but the product is fantastic and has a great free tier, although P2P/torrenting was removed from the free tier unfortunately I believe
CEO is a jackass but the product is fantastic
evergreen
This is great, thanks for sharing! You’ve got a few useful feedback points, let me add one more: does a provider have an onion address. This allows decoupling of payment from usage. Not a big thing, but good to know.
I have never heard of NymVPN
Most people haven’t, till they have.
I suggest adding AirVPN.
