Best VPNs for Wi-Fi

Free Wi-FiIf you are like most of us, you can not live without your mobile Internet connected device and regularly take advantage of your favorite restaurant’s public wi-fi for free Internet access.  Though if the surveys are to be believed, you are aware that using such unsecured networks exposes you to a myriad of security risks.  Despite this, in practice you rarely think about the security offered by such networks.  We will examine some of these potential risk later but for now we just want to know what is the most secure way to access such public networks.  Most experts agree that the only way you can protect yourself while using such unsecured networks is by using a VPN.  Below you will see our list of the best VPNs for wi-fi or other unsecured networks like those found in airports and hotels.

60% Off
Read Review
SoftwareVisit Site
38% Off
Read Review
SoftwareVisit Site
35% Off
Read Review
SoftwareVisit Site
25% Off
Read Review
SoftwareVisit Site
52% Off
Read Review
SoftwareVisit Site

What is a Personal VPN and How Can It Help You?

To understand what a personal VPN is and how you can benefit by using one when connecting through free Wi-fis or other unsecure networks, you must first know what a VPN is.  VPNs have been around for quite some time.  They have been used in business to leverage a less secure network to extend a more secure one without investing in expensive infrastructure.  They work by creating an encrypted secure tunnel between two devices which protects the information been passed between them while allowing it to be transmitted across the open Internet.  Using VPNs allows businesses to expand globally, as well as, employees to access company assets remotely without requiring extra equipment.

A personal VPN service works in a similar manner.  The service uses a series or rules, called protocols to establish a secure tunnel between your device and a server on their network.  Once this tunnel has been set up, it them encrypts all traffic, bi-directionally, passed between your device and their server.  This protects all of your network traffic from any prying eyes, be they your Internet Service Provider (ISP), government surveillance, or a third party interloper, like a wi-fi attacker.  The VPN service then masks your true IP address and replaces it with one at its server location.  This allows you to virtually set you location by changing the server that you connect to.  Therefore, a personal VPN service allows you to securely access the open Internet while maintaining your privacy and helping to keep you more anonymous.  Most personal VPN services help to keep you even more anonymous by acting as an intermediary between your device and the open Internet and by sharing IP addresses between their subscribers.

Cyber Attacks That WI-Fi Users Are Exposed Too

Here is a list of the different types of risks or cyber attacks that you are exposed to when you when you use an open wi-fi or unsecured network to access the Internet while on the road.  The only way you can be sure that you are protected against them is by connecting to a personal Virtual Private Network (VPN) service when using your local public wi-fi or any unsecured network.

  • Packet sniffers:  A packet sniffer is a software program or piece of electronic hardware that can intercept and analyze data packets.  These are also called network or protocol analyzers and were designed to troubleshoot network problems or optimize network traffic.  However, cyber criminals can use sniffers to spy on other wi-fi network users and collect sensitive information such as login details or users cookies to spoof that users online identity.  Any network traffic (emails, web searches, files, or other information typed to unsecure websites) sent across an unsecured network can be passively intercepted by any eavesdropper using a packet sniffer.  Free software sniffers are readily available on the Internet as are videos showing how to use them.
  • Sidejacking:  Sidejacking, also called session hijacking, is a method whereby an attacker can intercept/steal a session cookie from a website that you have just visited.  Often these cookies contain usernames or passwords.  What is more they are usually sent unencrypted, even if the original login was protected through HTTPS.  Anyone eavesdropping on you can steal this log-in information and use it to log into your other online accounts like Facebook or G-mail.  This type of attack came to the general publics attention in October of 2010 when the Foxfire plugin called Firesheep was released.  It was designed to show security holes in sites that don’t always use encryption for their traffic.  Firesheep allowed an attacker to intercept a users Facebook session cookie and use it for subsequent request to Facebook which let them see friends and send viral messages to them, post to their wall, and change statuses.  Facebook has fixed this exploit but newer exploits are being discovered.  Spoofed cookies can sometimes give the hacker some access even if passwords or other data are not exposed.
  • Evil Twin: This is an attack where the hijacker sets up an identical wi-fi hotspot to a legitimate one in the same area.  The attacker then fools wireless users to connect to the bogus wi-fi with their laptops, mobile phones, and other wireless devices.  Once a wireless victim connects to the bogus wi-fi access point, it allows the attacker to launch a man-in-the-middle attack.  This will allow the attacker to passively intercept all Internet traffic sent from the victim’s device or they could set up an electronic phishing scheme to obtain password and other confidential information from the victim.  Tools to set up standard pay for access wi-fis like Hotspotter and Karma make this even easier.  The fact that many NIC cards are probing for wireless networks or broadcasting connections makes these kinds of attacks possible.
  • ARP spoofing – Address Resolution Protocol spoofing or ARP poisoning involves a technique whereby the attacker is able to associate his hardware Media Access Control (MAC) address with the legitimate IP of the victim by spoofing fake ARP messages to the Local Area Network (LAN), thus poisoning the ARP table used by the LAN.  Any traffic then meant for the victim device will then be sent mistakenly to the attacker instead.  The attacker could then either forward the traffic to the gateway, thus passively monitoring the traffic or modify the traffic before sending it on completing a MITM attack.  The attacker could institute a Denial-of-Service (DoS) attack by associating the IP to an non-existent MAC address.  These  attacks are only possible if the network uses ARP for address resolution.
  • Rogue Networks:  Rogue networks are wi-fi networks that advertise free Internet connectivity.  Once you connect to one of these rogues, all of your shared folders are accessible to every other device on the network.  A hacker can then infect your device and access confidential data on your hard drive.  These types of networks are common in airports and other hotspots.  Often they have the highest strength signal which entices wireless users to connect to them.  Do not connect to unknown free wi-fis and you can avoid been infected by them.  Reconfigure your network adapter so that it does not auto-connect to wireless networks.
  • Man-in-the-middle (MITM) attacks:  If an attacker can insert itself between your device and the server you are connecting to, then the attacker can execute a MITM attack which allow him to monitor all traffic to and from your device, modify the traffic before sending it on to the server, or modify traffic from the server before it reaches you.  As far as your device is concerned the MITM is the legitimate server and as far as the server is concerned the MITM is the legitimate client.  This allow the MITM to launch more sophisticated attacks on both depending on the access it has been given.

Connecting to a personal VPN service while using a public wi-fi or other unsecure network ensures that all of your Internet traffic is encrypted before being sent so that it is protected from wi-fi snoopers.  VPNs incorporate authentication of the client and the server to help protect against MITM attacks.  Finally they verify the data that is transferred using mesh algorithms to ensure that the traffic has not been modified.

Other Uses for a Personal VPN Service.

A personal VPN service encrypts all of your Internet traffic which can protect you from sniffers and MITM attacks when you are connecting to public wi-fis or other unsecure networks like those at many hotels and airports.  Because VPNs allow you to set your virtual location, they can help you to access geo-restricted content libraries from streaming media providers like Netflix and BBC iPlayer.  Using a VPN can help you secure all of your VoIP communications as well as save you money by changing your virtual location.   It can you to overcome Internet censorship by allowing you to set your virtual location to a region that is not being censored.  VPNs can also help you to bypass firewalls:  be they local school, work, or government ones like the Great Firewall of China.

Criteria You Should Consider When Choosing a Personal VPN Service

When choosing a personal VPN service, there are a few criteria that you need to look at to help you select the best one for your needs.

  • First is do you trust the VPN provider?
    • How much of your personal information do they collect ?
    • Is their privacy policy transparent about how they use your collected information?
    • How long have they been in the VPN industry and do they have a good reputation?
    • Where are they incorporated at?
  • Second is how big is their network of VPN servers?
    • Where are its servers located at?
    • Do they have a worldwide presence?
    • Does it have multiple servers in the US (on both coasts), the UK, and Europe.
      This will ensure greater speed and reliability when streaming accessing content in the US.
  • Third, what is their logging policy regarding VPN usage?
    • A no-log policy is best to protect your privacy.
    • If they do log, is their logging policy well defined and transparent?
  • Fourth, how does the VPN perform for your purpose?
    • How fast is the VPN service from your location?
    • Do they have servers close to your location?
    • Do they allow P2P traffic?
    • Can it help you scale your government firewall if that is necessary?
    • Can you access and configure it from your location?
  • Fifth, how reliable is the network?
    • You want to choose a VPN which is stable.
    • You will also want to choose a VPN whose servers are not over crowded.
    • Does the service have a good reputation for service and support in case you have any questions?
    • Do they offer a kill switch to protect your privacy if the VPN drops?
    • Do they support DNS leak protection?
  • Sixth, is the bandwidth. This refers to how much data (in GB) you can download.
    • The best VPNs offer unlimited bandwidth.
  • Seventh, is it compatible with desktops, phones, tablets or other devices you might want to use with it?
    • Does it support Windows? Mac OS? Linux? iOS? Android? Others like Blackberry?
    • How many simultaneous connections does it allow? Two or more is better.
    • You should thoroughly test the VPN with all of your devices to make sure that they provide the performance and reliability that you want.
    • Test its performance at local Wi-Fis that you want to use it with.
  • Eighth, is it secure and private to protect your traffic from prying eyes: be they ISP, the NSA, or cyber criminals at you local wi-fi hotspot?
    • What kind of protocols does the VPN use?  Protocols are rules for transmitting data.
      • A VPN service that supports all three protocols: OpenVPN, L2TP/IPsec and PPTP is best.
        • OpenVPN (UDP/TCP) (Best mix of security and speed)
          • It is highly configurable, fast, and secure.
          • Port forwarding helps increase its utility and help scale firewalls.
        • IKEv2 – Internet Key Exchange version 2 Protocol: an alternate protocol that provides excellent security with support for 256-bit AES encryption and others ciphers.
          • It has support for mobile and multi-homing (MOBIKE) support which allows it to maintain sessions when moving from one wi-fi connection to another or when switching from a cellular network to a wi-fi network.
          • It allows for fast reconnection of mobile devices if the VPN connection drops.
          • It can do NAT firewall translation.
        • L2TP/IPsec – Layer 2 Tunnel Protocol / Internet Protocol Security is the encryption protocol for traffic.
          • It provides excellent security.
          • It has slower performance than that of OpenVPN due to double encapsulation of data.
          • It has built-in support on most devices which makes it easy to implement.
            Like OpenVPN, it has greater utility if it supports port forwarding.
        • PPTP – Point to Point Tunneling Protocol
          • It is considered the least secure and probably better suited for devices that can not use other protocols or where speed, not security is the main concern.
          • Like L2TP, it is built into most devices and very easy to setup.
    • Encryption is usually AES or Blowfish based.
      • It should use at least 128 bit which is not as secure but provides faster speed.
      • 256 bit is better for security but provides slower performance.
    • Other protocols include proprietary stealth ones to scale the Great Firewall of China and SSTP which is primarily for Windows devices.
  • Ninth, how easy is the VPN to actually use?
    • Does the VPN have easy to use and install software for your mobile devices?
    • Does it have well written guides?
    • Does the service have an intuitive user interface to connect and disconnect from its service?
  • Tenth, how much does the VPN service cost?
    • As always, you should spend what your budget can afford.  Trust, security and performance should be weighed against cost before choosing a VPN to make sure you will be happy with it.
    • Does it support crypto currencies like Bitcoin or other anonymous ways to pay for the service?
    • Remember to use the money-back guarantee to thoroughly test the service to ensure it suits your intended purpose.

All of the above criteria were examined for each of the VPNs in our best VPNs for wi-fi list.  Care was taken to look at other purposes that you might need a VPN for including streaming media and others that were mentioned previously.  We also looked at other regions in the world you might want access to like the US, the UK, Europe, Asia, and others.  You should also look at your individual needs to see which VPN in our list best suits them.  For example, if you need file sharing, make sure the VPN supports it and test your favorite P2P software with it to make sure you are happy with its performance.

Final Thoughts

The only way you can be sure that your Internet communications are safe from prying eyes when using your local free Wi-Fi hotspot or an unsecured network like those found in hotels or airports is to always connect though a personal VPN service.  OpenVPN and IKEv2 are two of the most secure protocols for making these connections because they support the best encryption ciphers (256-bit AES and Blowfish), authentication procedures, and data verification algorithms.  A personal VPN service will encrypt all of your internet traffic which will protect you from passive wi-fi attackers.  It will also protect you from many known active attacks through authentication of the client and server and verification of data sent.  To ensure the best performance while using your mobile devices at local wi-fis, you should look for services that offer the best service, reliability and speed.  You should examine your needs to see which VPN best satisfies them.

We have selected not only the best VPNs for Wi-Fi and also ones that will help you with other VPN needs you may have.  They provide some of the most secure mobile environments for their subscribers, as well as, reliability and speed.  All also have money-back guarantees.  Select the one that you think best fits your current needs and test it for yourself.