Operating outside the five/nine/fourteen-eyes countries is not necessarily a guarantee of privacy, and there are other factors to consider. However, we believe that avoiding these countries is important if you wish to avoid mass government dragnet surveillance, especially from the United States. Read our page on global mass surveillance and avoiding the US and UK to learn more about why we feel this is important.
We regard these features as important in order to provide a safe and optimal service to users. Users should consider the provider which has the features they require.
We prefer our recommended providers to collect as little data as possible.
Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their users.
You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
With the email providers we recommend we like to see responsible marketing.
While not strictly requirements, there are some factors we looked into when determining which providers to recommend.
Operating outside the five/nine/fourteen-eyes countries is not a guarantee of privacy necessarily, and there are other factors to consider. However, we believe that avoiding these countries is important if you wish to avoid mass government dragnet surveillance, especially from the United States. Read our page on global mass surveillance and avoiding the US and UK to learn more about why we feel this is important.
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. If a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required.
A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
With the VPN providers we recommend we like to see responsible marketing.
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.