The truth behind VPN protection

Discussion in 'Off-topic' started by Gass, Sep 14, 2016.

?

Would you use a VPN service if it was assoicated with Adguard, or outright owned by Adguard?

  1. Yes - of course, no question there

  2. Yes - but the price would be a breaking point

  3. Yes - and I hope servers and countries are good

  4. No - wouldn't interest me one bit

  5. No - if it wasn't solely owned by Adguard

  6. No - if price, servers, countries wasn't a value

Multiple votes are allowed.
Results are only viewable after voting.
  1. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    ^POLL - your allowed up to 3 selections/choices of your Vote / OK / You can only Vote once per member.
    ===========================================================================================

    A common misconception is that only people who want to make themselves anonymous on the internet, enter questionable websites, or harbor extreme views have use for VPN services. The reality is that anyone who uses public WIFI, online banking, or e-commerce should consider protecting themselves with an encrypted VPN tunnel.

    The reality is that many VPN providers are based in countries where they are legally required to log user information. Under the pretense of combatting international terrorism and organized crime, law enforcement agencies throughout the world are pushing for invasive laws that force internet and telecom companies to continuously collect and store records that document the online activities of millions of ordinary users

    Countries like the UK, Canada and Australia make it compulsory for net-based companies including VPNs to log certain personal data for a time period. Some highlights about data retention laws in the UK, USA, Canada and Australia are:

    DRIP (The Data Retention and Investigatory Powers Act 2014) is an Act of the Parliament of the United Kingdom that received Royal Assent on 17 July 2014, after being introduced on 14 July 2014. The purpose of DRIP Act is to allow security services to continue to have access to phone and internet records of individuals.

    Beginning October 13 2015, every phone call, text message and email will be tracked by the government under a new metadata retention law in Australia. Essentially all law enforcement and security agencies, including local police, all the way up to the Australian Federal Police and ASIO, will have access to this information.

    Canada has a range of mandatory data retention laws. There are several Acts like Bill C-30 (the Protecting Children from Internet Predators Act) and Bill C-11 (The Copyright Modernization act) which limit online privacy. Canada’s Copyright Act, came into force in November 2012 and forces ISPs to keep logs, which must be handed over to copyright enforcers on demand.

    The United States doesn’t have mandatory Data Retention Laws, but all internet companies including VPN providers are bound to monitor and store users’ log according to the Stored Communications Act. All companies are required to then hand these over on receipt of a court order from a law enforcement agency.
    In addition to this, any legal prosecutor or investigator can ask any VPN provider to spy on any of their individual users and keep a record of his/her online activities and credit card details for 90 or more days. And, if the National Security issues a letter under the Patriot Act, the provider is forbidden to inform the users that they are being watched.
    The FBI can collect any information from any U.S. based company by means of National Security Letter (NSL).

    What can we do to protect our information?
    95% of VPN providers claim that they don’t store any user logs, however, as I’ve discussed, this is simply not the whole truth.

    One of the ways that you can identify whether a VPN is storing logs or not is by looking at where they are based, and which laws they have to abide by. Do not sign up for any VPN until you have read their privacy policy completely. If they do not state their location or data logging policy on their website, then you should contact the vendor and request this information.

    When searching for a “safe” VPN service, users should search for a company that is not based in a country with mandatory data retention laws. The top five countries for ensuring your VPN is not logging data are:

    1. Malaysia
    2. Switzerland
    3. Hong Kong
    4. Sweden
    5. Romania
    The five “safe” countries outlined above have been highlighted for a number of reasons. They have high levels of internet freedom, there are no data retention laws and these countries are not part of the international surveillance agencies partnership known as “five eyes”.

    The Freedom on the Net report from 2014 lists the countries that have the highest and lowest levels of internet freedom based on blocked social networks, online surveillance by government bodies, cyberattacks, and the intimidation and arrests of journalists and digital activists. While Iceland, Estonia, Canada, Australia, and Germany top the list, prospective VPN users should note that Germany is the only country on the list that has resisted the E.U. DRD mandate, but has seen many cases of arrests which have come to fruition from government monitoring online. Just because you are allowed to view content does not mean that your online behavior is not being logged.

    Regardless of your reasons for wanting more security online, the lesson to be learned is simple: Before choosing your VPN, you should carefully check where the provider is based, and that this country has high levels of internet freedom, and does not have data retention laws. If you choose not to follow this advice, then you should accept that your online information is most likely vulnerable to snooping eyes.

    Bottom Line:
    Don’t forget to read the Privacy Policy before choosing a VPN...
    SOURCE: https://vpncreative.net
     
    Last edited: Sep 16, 2016
    user3 likes this.
  2. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    The ideal scenario for a VPN provider these days is having a well designed website, a great open source program with a firewall kill switch and US servers that aren't censored. Allows P2P on them etc. AirVPN set the bar pretty high for the rest of the VPN providers and very few are actually in the same league as them. Mullvad is pretty much the only other provider that even comes close to AirVPN in terms of their openness with their servers, but reported speed issues with Mullvad and wouldn't want to use them as a daily provider.

    I wouldn't use a VPN provider these days unless they allow P2P on US servers, this shows that they are willing to get dirty and willing to find new data centers when other data centers shut them down in the US. This proves that they are fighting for a true free internet and very fewVPN providers these days are doing the same thing. Most of them are just out to make a few bucks and don't want to put in any efforts so they just censor off their US servers and blame it on the copyright politics, when really they are just lazy bums and only want your money the easiest possible way. Last year Mullvad had no US servers for like a month, because their US data center terminated their contract, because of abuse. AirVPN lost a US data center last year as well. This is how VPN providers should run their business. Look at these two providers and learn from them.

    I think that this is how VPN providers should be rated, not based on 14 eyes alliances, as for a VPN provider as long as they are in a country that doesn't have logging laws and retain any user information. What really matters is the ethics of the provider and if they are willing to allow P2P on US servers and take a profit loss when data centers shut them down and they are forced to find new data centers. That proves to me that they really do care for privacy and internet freedom. You really don't need a huge list of servers as a start-up VPN, just find a list of data centers with non logging servers that allow P2P on US servers for the volume of your clientele and you will find the trust in your company from your subscribers, plain and simple.
    Gass
     
  3. ag_bug_finder

    ag_bug_finder Beta Tester

    Joined:
    May 27, 2014
    Messages:
    1,612
    I'm a person that does want privacy, but if it means that terrorists and child porn and sex offenders, etc are caught using these techniques, then I guess I just don't have that much to hide to try and bypass these techniques. Its the age old question, if you didn't do anything wrong, why would you run when a cop stops you. Just my 2c anyway.
     
  4. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    First and foremost I respect your opinions, with them it makes you, individually different from me and everybody else called a human.
    That's a good thing by the way - if after reading it, you may have thought differently.

    In the OP I left out this part of the article-
    "People choose to use VPNs for a wide range of reasons, from expats who want to access their home country content – newspapers, media streaming sites, online radio – while living in another country, to people who live under authoritarian regimes and want to use restricted social networks, or access blocked news websites. Regardless of their motives for doing so, people generally use VPNs based on the assumption that they are paying for extra security, and that once they are wearing the protective veil of the VPN, their online behavior is safe from prying eyes. Unfortunately, this is not always the case."

    (I also found this)-
    VPN technology was originally developed to allow remote workers to securely connect to corporate networks in order to access corporate resources when away from the office. Although VPN is still used in this way, the term now usually refers to commercial VPN services that allow free and paid customers to access the internet privately through their servers.

    The whole theme I wanted to present here was that of "something" is not always as it seems (VPN specific) - not in regards that of, if something is to be considered morally right or wrong of it's effects on humanity.

    I do know people that don't eat Devils Food Cake just for the fact it has Devil to it's name. If one is susceptible to outside influences upon their temple, then your better off knowing your limits and living a life best suited for you. All things are good but, not all things are beneficial to each ones self. A man capable of the most sane act is a man capable of a most insane act as well...


    So like you said "terrorists and child porn and sex offenders, etc. are caught using these techniques, then I guess I just don't have that much to hide". So true, all can benefit just the same as anyone else using a VPN. I could also see most of that statement holding true to the Artificial Intelligence realm being advanced today, who knows what dark side uses will come to be developed in that.
    Just to not do something or use something cause some bad characters have associated themselves with it, I say is giving these kinds unwarranted power to some aspects in your life today, then what about tomorrow if it's something else, does your world shrink even smaller yet, and then so on and so forth.

    Back on topic -

    "I don't really worry about invasions of privacy because I don't have anything to hide."
    I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide."
    www.privacytools.io

    Quotes:
    Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.
    Edward Snowden on reddit

    The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards. I don't want to live in a society that does these sort of things... I do not want to live in a world where everything I do and say is recorded. That is not something I am willing to support or live under.
    Edward Snowden in The Guardian

    We all need places where we can go to explore without the judgmental eyes of other people being cast upon us, only in a realm where we’re not being watched can we really test the limits of who we want to be. It’s really in the private realm where dissent, creativity and personal exploration lie.
    Glenn Greenwald in Huffington Post

    Participate with suggestions and constructive criticism.
    privacytoolsIO on it's website

    More than likely if not already, I'd say it's sooner than later, these bad characters are on some authorities radar and their days have been numbered. So their online activities are under observations and being scrutinized and will be dealt with accordingly.

    Thanks, Gass ;)
     
    Last edited: Sep 15, 2016
  5. ag_bug_finder

    ag_bug_finder Beta Tester

    Joined:
    May 27, 2014
    Messages:
    1,612
    I hear what you're saying also....
     
  6. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,980
    Gass likes this.
  7. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
  8. avatar

    avatar Administrator Staff Member Administrator

    Joined:
    Oct 26, 2010
    Messages:
    12,980
    Yep, I guess so. I've just mentioned your thread there.
     
  9. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    Thank you friend :)
    Gass
     
  10. kevnjohn

    kevnjohn New Member

    Joined:
    Jan 7, 2017
    Messages:
    13
    In my opinion people show there more trust in those VPN providers that offers security and privacy in countries like the USA, Canada, UK, and Australia because the government agencies of these countries have complete authority and latest technology which monitors ever single user data perfectly.
     
    anajames likes this.
  11. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    Hello kevnjohn and welcome to the Adguard Forums :)
    I'm not quite sure of your point, if your saying VPN's that are headquartered in these mentioned countries then YES I agree - yes to much trust is given then by the free and paid users of these home based VPN's. Which should never be the case in using a VPN. The less info. a VPN company knows of you - is the least that can be surrendered when authorities come a calling or monitoring the connections.

    Else your moving your trust from knowing your ISP is spying on you to who knows all that are. Then when "logs" are kept its on record for a reference and a tougher scrutiny is possible when others can get ahold of the logs before the VPN's discard them.
    There's even controversy when a VPN is not based in the 14 eyes nations and yet has servers in them, I guess cause the laws of the land is still recognized where these servers are housed and one needs to know what kind of policy the actual VPN service their using has regarding them and how and who has access and if seized just what is retained there and how well its encrypted.

    I guess two reason for this to play out would be the connection latency, which should be low, and its bandwidth, which should be high. Latency is particularly important for a synchronous protocol where each packet must be acknowledged before the next can be transmitted.
    Some people can only afford a somewhat slow Internet connection, so in using a VPN closer to home - the lesser speeds of a VPN that is caused by its use - is less noticeable to the user then.

    There's a pretty good break down VPN's found here (if you choose and load the whole list it will take a little time)- https://thatoneprivacysite.net/vpn-comparison-chart/
    it tells a lot of important information to look at of VPN's in general.

    Hope I was able to understand your point and answered you correctly.
    Gass :D
     
  12. kevnjohn

    kevnjohn New Member

    Joined:
    Jan 7, 2017
    Messages:
    13
    Yes, I was saying that those VPNs which are located in the countries mentioned gets more trust from the users no matter the VPN service is free or paid.

    I know that almost every VPN keep "logs" and can share anytime with the security agencies of the country because VPN services have to follow the rules and regulations of that country and because this of few VPNs headquarters are located in countries like Hong Kong, Panama, and British Virgin Islands where the laws are less effective or strict as compare to countries like the USA, UK, Canada, or Australia.

    Many cheap and few premium VPNs slow down the speed of your internet connection or have the limited bandwidth which creates problem for user over downloading files or streaming videos.

    The VPN comparison chart you have shared of "That One Piracy Guy" is so effective in selecting the best VPN according to the country and purposes.
     
  13. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    I totally agree with you.
    Then have you given any thoughts to of "It's absolutely true that paying for software is in no way a guarantee that your data won't be collected and sold on to others, which can then lead to a cause of harm and damages to ourselves." Not forgetting it can be stored for an indefinite amount of time then.

    I'm speaking of security software that's a must in todays digital age.
    No matter if you use a VPN, you give a security product mostly free run of your system which a VPN has no affect on then. If something is not already in the security product data base as being safe-listed then its uploaded (supposedly through the venders secure channels) - but - what about all the other information which can be collected in that act and also submitted with it as well.

    Then if a governments action has been to employ that vender for whatever reasons to spy for them on that user, they the user would be clueless to this clearly. Heck anyone using a Windows based OS must give thoughts that it may have some backdoor for USA intelligent agencies to use as well.
    But - "Clearly, antivirus manufacturers have to comply with the laws of the countries in which they are established in. In the event of e.g. a court order requiring the vendor to provide information about a customer, the company has no choice but to do this. However, this should be the only reason for providing that user data to a third party." None the least its stored again for an indefinite amount of time.
    Data transmission in Internet security products-
    https://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf
    http://www.ghacks.net/2014/05/03/av-comparatives-analysis-data-transmission-security-products/


    Its alarming to me of the freedom we give so many software's on our systems and that the average "Joes" doesn't give the proper considerations to of then. Which I can see Adguard helping here in someway, but I'm not to sure just how it would work. I guess anything considered sensitive of personal and/or a system related - a check list in some kind of settings in a special tool module , then a user could mark for that kind of information to be filter by and then Adguard would give a warning to that it has been accessed or collected. Giving the possibility of a review to see it and then the user giving an ok to let this proceed (upload) or stop it cold in its tracks. Possibly giving the user control to mark this kind of information from being collected in the future or making it encrypted as to render it harmless if in the only way that Adguard can address this !

    It just stinks how open and/or exposed we make ourselves through technology we must use.
    Any thoughts here @kevnjohn and others?
    Gass :D
     
    Last edited: Jan 12, 2017
  14. anajames

    anajames Member

    Joined:
    Feb 15, 2017
    Messages:
    30
    What i heard was that good vpn's do not keep logs, and even if they do they just keep the log of point of origination and the point of destination and no other information. Is it true?
     
  15. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    Hello anajames and welcome to the Adguard forums.

    Who am I to say. . .
    Given enough time all things do change.
    Logs are logs - if they only contain when you login into VPN and amount of traffic sent through it or other system IDing related info. to you - if they encrypted log info. or not, and how long any logs are retained, the ones who do claim logs aren't always a bad thing as it's needed for the business to maintain itself. The ones on the other hand who claim no logs - I'd really question their transparency to the user.

    I'd make a list of a few your interested in, and then truly research each one in depth as to answer your questions. After what you'd find online about them - question the VPN customer service agents. Report your online research info. against any VPN's written TOS and Private Policies and hash out a better understanding through their CS agents. Transparency is the key to your questions lock.

    Some points to remember:
    1. Your moving a trust from your ISP to a VPN - (connection speed will most likely suffer).
    2. Country where a VPN is Headquartered in (specifically related to privacy laws) and their located Servers through the world (do they maintain their own Servers with their own Staffed personnel or indeed leased out a server from a data center in that country) - bottomline in how that affects your privacy. . .
    *(better found as in the Servers are "Self OWNED and the VPN Company do maintain a PHYSICAL Control over them" - wherever it's being located at!)
    3. How you'd buy and pay for it (Yearly and Anonymously - many even take alternate payment methods, some offer taking gift cards too), even an email to signup with can be linked back to you - use some discretion, if wanting to be as discreet in making them to respecting your privacy that would led to yourself being anonymous. Not forgetting your IP address is being recorded when you purchase it - or even to in just visiting the site. So cloaking all forms of yourself to become truly anonymous - if that's your purpose.

    Two online sources with VPN specific facts (Detailed VPN Comparison) I find helpful-
    https://thatoneprivacysite.net/vpn-comparison-chart/
    (selecting all will take a while to load fully depending on your connection speed - or - by one specifically named in the search box)

    https://torrentfreak.com/vpn-anonymous-review-160220/
    (has been updated in last years, in the last half of that year - NOTE: the 12 specific questions asked and the VPN companies answers)
    Biggest isn't always the best and up-time should count for all it's servers. Holidays you can find good discounts on VPN's, and if lucky it will continue with each renewal. Try it for a month before committing to a year. Understand their refund policy. Look into double-hop VPN's - granted if you have a fast ISP connection to start with. My verdict is still out on a Lifetime VPN's license offered by some and the deep discount given for it, how is it to grow and be better this way, and if it becomes compromised later who really wins then?
    Run two VPN's at different times rotating them. Use different browsers with them. Run a virtualized OS with a VPN inside it.

    I hope I've raised more questions than I've answered here, as most are still lacking a definite tried and trusted to being of true factual answers that I can share of experience. Not one source (but in the two mentioned above links seem to go farther than most), then in no VPN review seems to have all the answers being backed up by facts. Most any VPN review site I've come upon, are setup as a click through to make a percentage of your purchase, or at the least being sponsored by the few they've given any reviews of.
    Just be wise in knowing the difference and to the shady practices of some VPN review sites.
    Hope this has been informative none the less for you and anyone else reading it.
    Thanks :D
    Gass

    PS: if you haven't taken the Poll (top of Thread) please take the time to do so, it helps to let Adguard know :)
     
    Last edited: Feb 28, 2017
    anajames likes this.
  16. anajames

    anajames Member

    Joined:
    Feb 15, 2017
    Messages:
    30
    Thank you for enlightening me. Thumbs UP.
     
  17. anajames

    anajames Member

    Joined:
    Feb 15, 2017
    Messages:
    30
    Well, that is mostly the case i guess. There were the highest number of searches for a VPN when US passed the ISP bill.
     
  18. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    I think you meant to say when the FCC rolled-back or reversed it's prior 2015 decision on the rules. Hope I understood :)
    It's a shame too as current FCC administrator is basically gutting the rules, enforcements, policy, and attitude of the FCC - and that American people had voiced up to strengthen all of this.
    Gass
     
  19. anajames

    anajames Member

    Joined:
    Feb 15, 2017
    Messages:
    30
    You are spot On.
     
  20. Gass

    Gass Member

    Joined:
    Jan 30, 2015
    Messages:
    437
    Here, I've found a good write-up with an in depth variety of information covering many platforms.
    It was written earlier this year (2017).

    An introduction to six types of VPN software

    A VPN is simply an encrypted connection between two computers, each side running VPN software. The two sides, however, are not equal.

    The software that you, as the user of a VPN service deal with, is known as the VPN client. The software run by a VPN company is a VPN server. The encrypted connection always starts with a VPN client making a request to a VPN server.

    There are many different flavors of VPN connections, each with its own corresponding client and server software. The most popular flavors are probably L2TP/IPsec, OpenVPN, IKEv2 and PPTP.

    Some VPN providers support only one flavor, others are much more flexible. Astrill, for example, supports OpenWeb, OpenVPN, PPTP, L2TP, Cisco IPSec, IKEv2, SSTP, StealthVPN and RouterPro VPN. At the other extreme, OVPN, as their name implies, only supports OpenVPN.

    whether you should use a VPN, he said "... VPNs rely on specialized software that you download and install on your computer."

    Likewise, Lily Hay Newman, in Wired, recently wrote " ... the set-up process is fairly straightforward: You pay for access from the VPN of your choice, create an account, and then download the VPN’s portal program onto your computer and mobile devices."

    The fact is, VPNs can be used without installing software. And, a case can be made, that this is the safer way to go.

    BUILT-IN VPN SOFTWARE

    To avoid installing software, the operating system on the computer/device that is the VPN client has to natively support the same VPN flavor(s) offered by a VPN provider.

    As my recent blog, Triple your privacy with a Chromebook and two VPNs, showed, Chrome OS, the operating system on a Chromebook, natively supports L2TP/IPsec and OpenVPN.

    iOS version 10 supports IKEv2, IPsec and L2TP. You can see this with Settings -> VPN -> Add VPN Configuration -> Type. iOS 9 supported these three plus PPTP, but support for PPTP was removed in version 10.

    Android version 6 supports PPTP, L2TP/IPSec PSK, L2TP/IPSec RSA, IPSec Xauth PSK, IPSec Xauth RSA and IPSec Hybrid RSA. You can see this with Settings -> More -> VPN -> Plus sign -> Type.

    OS X 10.11 El Capitan supports PPTP, L2TP, IPSec and IKEv2. The previous version, 10.10 Yosemite, did not support IKEv2. The latest version, macOS Sierra 10.12, dropped support for PPTP.

    Configuring a VPN on Sierra does not have to be hard. These instructions from Apple, macOS Sierra: Set up a connection to a virtual private network, talk about using a VPN settings file to automatically import VPN settings that configure the built-in VPN client software.

    Windows 7 and Windows 10 support PPTP, L2TP/IPSec, SSTP and IKEv2.

    Both ExpressVPN and NordVPN give their customers a Windows phonebook file (.pbk) for use with the VPN client software built into Windows. The file is pre-configured to work with the multiple VPN servers each company supports.

    NordVPN describes this in their Windows 7 setup instructions. ExpressVPN refers to the file as a Windows Dialer file and describes its use here.

    OPEN SOURCE

    And, there's another option.

    Open source client software is available for OpenVPN and IKEv2 based VPNs (not sure about other VPN flavors). With this option, you can use software that has, hopefully, been audited or vetted. OpenVPN provider Mullvad is flexible, they let their customers use either Mullvad-provided software or an open source alternative.

    Open source software is not always an option though, some VPN providers, such as TunnelBear and F-Secure Freedome, require customers to use their software.

    The NordVPN tutorials page (above) shows that they support all three types of VPN software on Windows. With Windows 7, 8 and 10, they offer six ways to connect to their VPN service.

    "Application" uses software provided by NordVPN, "OpenVPN" uses software downloaded from openvpn.org. The other four options (L2TP/IPSec, PPTP, IKEv2/IPSec and SSTP) use no external software, they merely configure Windows to use VPN client software that is built into the system. To a Windows VPN user, this total flexibility is as good at it gets.

    CHOOSING A TYPE

    Which of these three types of VPN client software is the safest is debatable.

    Software from a VPN provider, while tempting, is probably the least secure option.

    It's tempting for non-techies because it can paper over the complexity of making the VPN connection. It can also be tempting for nerds because of extra bells and whistles such as a kill switch, IPv6 blocking and easy access to multiple VPN servers.

    Tempting or not, software from a VPN provider is a black box (Note: Mullvad is an exception, their software is open source). There is no practical way to fully know what it's doing. There is also no way to test the quality of the software. There have been multiple reports over the years about VPN client software not doing what it should be doing. There is no way to know if it is actively maintained with bug fixes or if has been abandoned.

    Running a VPN service requires expertise in networking, server software and encryption. To also expect an organization to employ good programmers for their macOS, Windows, iOS and Android software is a lot to ask.

    I have no first hand knowledge, but it's likely that some VPN providers outsource the programming of their apps. It's bad enough that you have to trust the VPN provider not to spy on you, you may also have to trust whoever wrote their VPN client software on the operating system you use.

    Anyone running Windows, may not trust Microsoft. Fair enough. But at least if you use the VPN client software built into Windows you know who wrote it.

    If you trust Apple to protect your privacy, then you are probably safest using their VPN client software built into iOS and macOS.

    And, speaking as a long time Windows user, I have seen too many instances where installing software creates a problem. None of the older operating systems (Windows, OS X, macOS, Linux) are as good as the newer systems (iOS, Android, Chrome OS) at isolating application software, so any software installation on these "desktop" systems carries some risk.

    Amul Kalia of the EFF recently suggested we "look for services that you can use with an open source client. There are many clients that support the above-mentioned OpenVPN or IPSec protocols." The article, however, offered no links or suggestions for finding such software.

    And, while open source software may be an open book, that doesn't make it perfect or bug free.

    Personally, I find a specific VPN feature important enough that, on my cellphone, I consider it a must have.

    My phone spends most of its time disconnected. That is, both the Wi-Fi and the LTE/4G are disabled. When I connect to the Internet, I want the VPN software to kick in immediately. If I had to manually enable the VPN, I would surely forget every now and then. Even when I did remember, data transmitted before the VPN kicks in, can leak information, so I want that interval as short as possible.

    Thus, I look for VPN client software that runs all the time and immediately detects when the phone goes on-line and protects that connection, be it Wi-Fi or LTE/4G.

    BROWSER BASED VPNS

    The three options described so far all work at the operating system level. Any VPN connection made this way should (if all is working correctly) send everything to/from your computing device to the VPN server.

    But VPNs can also exist at the web browser level. These are not nearly as secure because they only protect data coming/going from the browser.

    Presently, the desktop (Windows, Mac, Linux) version of the Opera browser stands alone - it is the only browser to include VPN client software. Opera is hard wired into a VPN provider called SurfEasy that they purchased in 2015. The VPN access is disabled by default, but turning it on is a simple matter. Its also free and there is no bandwidth limitation.

    On the downside, SurfEasy is based in Canada, a Five Eyes country. Also, Opera is owned by a consortium of Chinese companies, including Qihoo 360. And, as of September 2016 at least, many of the technical details of the VPN were unknown.

    Other browsers can gain VPN functionality via add-ons/extensions. Many VPN providers, such as Mullvad, TunnelBear, PureVPN, Private Internet Access and ZenMate offer Chrome extensions. Some of these can also be installed in Opera and at least one works with Firefox.

    AND FINALLY

    The first five types of VPN client software are designed to work on a single computing device, be it a laptop, desktop, tablet or phone. Anyone wanting to use a VPN to protect multiple devices has a sixth option, a router with VPN client software.

    This is a somewhat rare feature, but there are, nonetheless, many choices. Some of the router operating systems (the official term being "firmware") that support VPN clients are DD-WRT, Tomato, OpenWRT, MikroTik, Sabai and DrayTek.

    Among consumer routers, Asus has been offering a VPN client for a long time. Many Asus routers can function as clients for OpenVPN, L2TP and PPTP VPNs. ExpressVPN offers instructions for configuring an Asus router to work with their service.

    For anyone that does not want to configure a router, there are at least three companies that sell modified routers pre-configured to act as VPN clients. Many VPN providers, such as ExpressVPN, BlackVPN, StrongVPN, WiTopia and VyprVPN will sell you a router customized to work with their service. I keep a list of routers that can act as VPN clients on my Router Security site.

    Some articles about VPN client routers assume it will be the only router. This is a mistake. A VPN client router is best installed behind an existing router. When you need privacy connect to the VPN client router, when not, connect to the normal router.

    So, that's it. Six types of VPN software to choose from. Not to mention the many flavors of VPNs themselves.
    Source: http://computerworld.com/article/3190140/security/an-introduction-to-six-types-of-vpn-software.html

    None of these are my words, I just happen to thing it's a well thought out and cover article to bring up here.
    Gass