I have been unable to make a choice between these two. I have used them both for a while, and I like them both. Which would you chose and why?
i'd go with insorg but between these two, mullvad it is. just put your cash into an envelope and mail it to them. couldn't be easier.
Mullvad is the most privacy focused VPN there is (source: https://thatoneprivacysite.net/vpn-comparison-chart/). Also, cash is the only truly anonymous payment method. Bitcoin isn't "safe" anymore. Mullvad accepts cash money which is nice. Another great thing is Mullvad donates A LOT of money to Wireguard and Cube OS. The drawback with Mullvad is their own VPN-client. They have a new version under development for Windows (their new Mac-client has just been released). But since you are going to use Viscosity that's no problem. I use Mullvad myself with Viscosity and it's great.
This is why I cannot chose between them; neither Mullvad or AirVPN have done anything to lose my trust. If I use Mullvad with Viscosity I'd lose the features of their client. What do you do to prevent DNS leaks and for a killswitch?
I use Mullvad with native OpenVPN client. You can use Windows built-in firewall to prevent leaks when VPN is connected. It's not set and forget setup, since you have to enable FW rule each time you connect to VPN server but it works.
Here are the firewall rules I've come up with to make it "set-and-forget." This assumes you are aware of Mullvad's VPN sock5 proxy. First things first, the Windows firewall is not hierarchical; meaning that deny rules cannot have exceptions. For that reason you cannot make catch-all deny rule. Also, set the connection type of your VPN to "private." Make a list of all the applications you want blocked should the VPN drop. With those applications , create an allow rule like the one pictured below. (10.8.0.1:1080 is the mullvad VPN socks proxy.) Alter the rule to allow only the "private" connection type. Then create a block rule for the exe that blocks everything but the "private" connection type. That should be sufficient with most applications. Torrenting applications are a bit different. The allow rule for that would need to use the client IP range (10.x.x.x) for the local address in the rule. Here I used the range 10.1.0.0-10.9.9.9 just in case I connect to more than one VPN server location. That seems to work for me. Set it up once, and then don't give it another thought. n8
I haven't used OpenVPN client on Windows so it's educational to me, and yes if I do I'll separate profiles for VPN usage. But you can deny all connection unless specifically allowed for each profile. I do this regardless of VPN usage. Just right-click on the root of the setting tree for WDFW setting, rather than inbound or outbound node.
Yes, you can do that. However, you are then not allowed to make exceptions to those rules. This makes it impossible for the VPN to connect. That's why I use application-based profile rules.
PIA accepts payment via gift card, which in my opinion is safer than mailing cash and can be extremely anonymous... simply purchase the gift card with cash from an acceptable retailer (which can be in another state while you are traveling if you prefer to do so), then enter the gift card number online and you're good. Better than cash, which can be lost or stolen. Not enough VPN providers accept gift cards. I wish they would do so.
Gift card disadvantages: Paying with gift card is only accepted by some VPN providers. The VPN provider will typically charge a price markup for this service (20-30%) because they have to sell the gift card at less than their true value to convert them back into cash.
The fact that not many VPN providers accept gift cards is, in my view, a limitation of the VPN provider rather than a disadvantage of the gift card, but you can call it what you wish. As for the price markup you've alluded to, yes, there is an added cost for processing the gift card, and I find it completely acceptable when I factor in the anonymity it affords.
what is the point of paying Mullvad with cash? your isp knows you are connecting to Mullvad servers each and every time. I don't get it. Mullvad only has 3 or 4 servers under their control physically.
Yes, ISP knows you are connecting to Mullvad, but they don't know what you are doing while connected. OTOH Mullvad only knows your IP address and doesn't know who you are if you pay with cash. They would have to ask your ISP for that information.
Privacytools.io VPN Provider Criteria: Operating outside the USA or other Five Eyes countries. More: Avoid all US and UK based services. OpenVPN software support. Accepts Bitcoin, cash, debit cards or cash cards as a payment method. No personal information is required to create an account. Only username, password and Email.
Let's all just keep in mind our "Threat Level" when we start pontificating on some of these services. We all use encryption, VPN's and wear Guy Fawkes masks for varying reasons. If the NSA can tap Chancellor Angela Merkel's phone do think it really matters where your VPN servers are based. If your threat level is that high then you can stick your head between your legs and kiss your **** goodbye. Nevertheless, I still use Mullvad, Signal and sacrifice a chicken every Friday night - with chips, and a beer.
I switched from OpenVPN to WireGuard and I like it so far. Connecting and disconnecting to their servers is really fast and overall speed is good also
It can be installed from their site: https://www.wireguard.com/install/ It doesn't say in which stage it is but there are no warnings about alpha, beta... About Wireguard option doesn't say anything about it either:
On Mullvad site though it says it's in pre-alpha stage: https://mullvad.net/en/help/wireguard-app-windows/ EDIT: Main webpage ( https://www.wireguard.com/ ) at the bottom says that whole project is still in progress to reach stable release:
I don't mind using it as long as it doesn't show any problems (even if there are some "security quirks" in code).
I've been using TunSafe for some time now. It has everything I could ever want in a VPN client. Kill switch, automatic starting, run as a service, etc.