Most “Free” VPN Apps Secretly Owned by China

It's crazy to think about how much information you're handing over to any VPN provider, free or paid. I don't even trust my cellphone or internet providers to not get hacked and leak my information all over the place. So a VPN is critical and so far the best I've found is Mullvad. They have a long track record of maintaining user privacy and not logging activity. Accounts are anonymous, and their privacy policies are human-readable and easy to find on their website.

I'm more curious about the paid ones. I use IPVanish but there's a certain level of trust involved that your traffic isn't being heavily monetized.

Handing over all you network traffic to an unknown entity is nuts - and in the name of security / privacy it's even more nuts. To me, using a VPN is akin to asking someone you meet at the pub who has a gun to look after your house. YMMV

VPNs might be an unknown, but ISPs and telcos are known to retain and sell your information. An alternative would be to form your own VPN on a VPS or webhost (of course then you are subject to the host's terms, trust, and opsec).

There is simply no way you can trust anyone other than yourself about encryption. A VPN usually has two ends, and in a consumer scenario you are either trying to get around geo restrictions, or protecting yourself from an untrustworthy (W)LAN. Setting up your own VPN in the cloud is easy with systems like Algo or Streisand. I personally just roll my own using OpenBSD and it’s OpenIKEd, but then I have access to a non-cloud endpoint with static IP for it.

I don't think it is nuts to use VPN, if you're being selective and make some research. Of course you will never really *know* for sure, you just have to make up your mind for whom you trust more and less. E.g. I actually trust Apple not to sell my private data to the Chinese government, but I can not be 100 percent sure, no one can. But I trust Apple *more* than Huawei for reason I don't think I have to explain.

So when it comes to VPN:s it's a matter of finding the most trustworthy and then asking yourself: do I trust this VPN provider more than my ISP/telco? Which is less "nuts"?

Mullvad was mentioned above and I think they are trustworthy from what I've read, as do I think some other Swedish and Finnish VPNs are.

Rolling your own VPN sounds great if you have the internet connection and endpoint to support it. Barring that it devolves to “layered defense” and “who do you trust and how much?” On macOS layered defense is running a hostfile, Little Snitch, and maybe AdGuard just at the network level. For most endusers on iOS the only option is local “VPN” profile for something like AdGuard Pro and then a vendor VPN,

I have serious misgivings about “just trusting a (free) VPN vendor” or something like Guardian OS, which requires the VPN because Apple “required” the VPN previous to the “rule change” for local profiles.

I’m glad the AdGuard devs did not compromise (too much) with Apple about AdGuard Pro, it (alone with a strong hostfile like Steven Black) is currently, AFAIK, the best “layered defense” on iOS... along with a good, vetted VPN.

(My choices, along with AdGuard in “split VPN” compatibility mode, these VPN vendors: VPNUnlimited, ProtonVPN free or paid, Guardian OS free or paid — AdG Pro takes up the “Personal Configuration” slot and the VPN vendors use the “Personal VPN” slot and they work in tandem... and quite well).