Clarify and expand VPN criteria
This commit is contained in:
@ -20,6 +20,118 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
|
||||
|
||||
{% include sections/vpn.html %}
|
||||
|
||||
<hr>
|
||||
<h1 id="criteria" class="anchor"><a href="#criteria"><i class="fas fa-link anchor-icon"></i></a> Our VPN Provider Criteria</h1>
|
||||
|
||||
<p><strong>Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.</strong> We have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.</p>
|
||||
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Jurisdiction</span></h3>
|
||||
<p>Operating outside the five/nine/fourteen-eyes countries is not a guarantee of privacy necessarily, and there are other factors to consider. However, we believe that avoiding these countries is important if you wish to avoid mass government dragnet surveillance, especially from the United States. Read our page on <a href="/providers/#ukusa">global mass surveillance and avoiding the US and UK</a> to learn more about why we feel this is important.</p>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>Operating outside the USA or other Five Eyes countries.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>Operating outside the USA or other Fourteen Eyes countries.</li>
|
||||
<li>Operating inside a country with strong consumer protection laws.</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Technology</span></h3>
|
||||
<p>We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. <strong>If</strong> a VPN provides their own custom client, we required a kill-switch to block network data leaks when disconnected.</p>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>OpenVPN support.</li>
|
||||
<li>Kill switch built in to clients.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>OpenVPN and Wireguard support.</li>
|
||||
<li>Kill-switch with highly configurable options (enable/disable on certain networks, on boot, etc.)</li>
|
||||
<li>Easy-to-use mobile clients, especially open-source.</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Anonymity</span></h3>
|
||||
<p>We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required.</p>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>Bitcoin or cash payment option.</li>
|
||||
<li>No personal information required to register: Only username, password, and email at most.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.)</li>
|
||||
<li>No personal information accepted (autogenerated username, no email required, etc.)</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Security</span></h3>
|
||||
<p>A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security. Ideally in a very comprehensive manner and on a repeated (yearly) basis.</p>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-1024 or better handshake; AES-256-GCM or AES-256-CBC data encryption.</li>
|
||||
<li>Perfect Forward Secrecy (PFS).</li>
|
||||
<li>Published security audits from a reputable third-party firm.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>Strongest Encryption: RSA-2048 or RSA-4096.</li>
|
||||
<li>Perfect Forward Secrecy (PFS).</li>
|
||||
<li>Comprehensive published security audits from a reputable third-party firm.</li>
|
||||
<li>Bug-bounty programs and/or a coordinated vulnerability-disclosure process</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Trust</span></h3>
|
||||
<p>You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.</p>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Minimum to Qualify:</strong></p>
|
||||
<ul>
|
||||
<li>Public-facing leadership or ownership.</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-md-6">
|
||||
<p><strong>Best Case:</strong></p>
|
||||
<ul>
|
||||
<li>Public-facing leadership.</li>
|
||||
<li>Frequent transparency reports.</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="col-12">
|
||||
<h3><span class="badge badge-info">Additional Functionality</span></h3>
|
||||
<p>While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<hr>
|
||||
|
||||
<h1 id="info" class="anchor"><a href="#info"><i class="fas fa-link anchor-icon"></i></a> Further Information and Dangers</h1>
|
||||
|
||||
<div class="container">
|
||||
@ -67,17 +179,6 @@ description: "Find a no-logging VPN operator who isn't out to sell or read your
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<h3>Our VPN Provider Criteria</h3>
|
||||
|
||||
<ul>
|
||||
<li><strong>Jurisdiction:</strong> Operating outside the USA or other Five Eyes countries.<br>More: <a href="https://www.bestvpn.com/the-ultimate-privacy-guide/#avoidus">Avoid all US and UK based services.</a></li>
|
||||
<li><strong>Technology:</strong> OpenVPN software support with strong encryption and Perfect Forward Secrecy (PFS).</li>
|
||||
<li><strong>Anonymity:</strong> Accepts Bitcoin and/or cash as an additional payment method. No personal information is required to create an account: Only username, password and email at most.</li>
|
||||
<li><strong>Security:</strong> Has been independently audited by a third party to validate security claims.</li>
|
||||
<li><strong>Trust:</strong> Has public-facing leadership and/or ownership.</li>
|
||||
</ul>
|
||||
|
||||
<p>We're not affiliated with any of the above-listed VPN providers. This way we can give you honest recommendations.</p>
|
||||
|
||||
<h3>More VPN Providers</h3>
|
||||
<ul>
|
||||
|
||||
Reference in New Issue
Block a user