Best free VPN in 2024: TunnelBear is our No. 1 pick


How we tested

We conducted a lot of hands-on testing before picking these apps, but we also consulted cybersecurity experts. When it comes to the types of things consumers should look for in VPN services, they told me in separate interviews, much of what separates the good from the bad can be gleaned before anything is installed. These experts include:

What the experts said

When you surf the internet freely without a VPN, you’re being tracked online constantly by multiple third parties, including your Internet Service Provider (ISP), search engines like Google, and possibly even your employer or school. Connecting to a VPN means taking your traffic away from them and putting it in the hands of one lone entity instead, conceding exclusive, unfettered access to all of your browsing data. It’s a privilege that needs to be earned, and the true caliber of a VPN ultimately comes down to whether you can wholly believe it’s keeping you safe.

Unfortunately, the VPN industry is notorious for hyperbolic marketing, especially when it comes to privacy practices. This can “give VPN users a false sense of security if they don’t realize that the protections offered are not comprehensive,” according to a Consumer Reports investigation into 16 providers. (Many popular VPNs shout about offering “military-grade” encryption, for example, which isn’t a thing.) It’s unwise to take a provider’s “trust me bro!” claims at face value.

So how do you know for sure if a VPN is trustworthy? A single Google search can be enlightening: A good provider won’t have a long rap sheet for mishandling users’ personal data or succumbing to server breaches, and bad headlines should raise a red flag — including those about a VPN’s ownership or parent company. A swift, effective response to crises and a healthy dose of corporate accountability can offset these concerns in some cases, but I also place a high value on a pristine reputation.

The best VPN services should also be willing to open themselves up to scrutiny. Bragging about a strong “no logs” privacy policy that specifies how users’ personal information gets protected is one thing, but subjecting that policy to independent audits — and making the results public — provides a much higher level of assurance. 

The most trustworthy VPNs will also issue regular transparency reports disclosing any requests for data they’ve received from government or law enforcement agencies. (These requests won’t yield anything if a provider’s privacy policy holds up.) Some go the extra mile by offering in-house bug bounty programs to researchers who comb their software and servers for vulnerabilities.

Hands-on testing

I’d previously assessed the company policies, histories, and overall reputations of CyberGhost VPN, ExpressVPN, and TunnelBear for Mashable’s “best VPNs” list. (I’ve also written standalone reviews of the latter two; I’ll soon revisit and update Mashable’s CyberGhost review.) For this particular guide, I hands-on tested each provider’s free tiers or trials on desktop and/or mobile, depending where they’re available:

For reference, I used my work-issued Apple MacBook Pro (a 14-inch M1 Pro model) running macOS Monterey version 12.1 and my personal iPhone 11 with iOS 16.6.1 for testing.

I had each VPN connected for approximately four to eight hours at a time to get a general sense of the user experience as part of a casual, everyday workflow (as opposed to a lab). I also put them through a handful of performance benchmarks:

DNS leak tests

Often described as “the internet’s phone book,” the DNS (Domain Name System) is basically a back-end directory that translates website domain names into computer-speak, aka internet protocol (IP) addresses. An IP address is a unique number that’s assigned to a device when it’s connected to the internet; it identifies the device’s general location and the name of the ISP.

Without making things overly complicated (bear with me): When you search for a website, your browser sends a query to one of your ISP’s DNS servers to track down its matching IP address(es) so it can send you to that page. Without the DNS, you’d have to type out a long string of numbers every time you wanted to visit a website. Instead of “Mashable.com,” for example, you’d enter “104.18.33.218” or “172.64.154.38” into your search bar.

A VPN is supposed to reroute your DNS queries to its own DNS servers while you’re connected to it — that way, your ISP (and possibly other snoops) can’t see where you are or what sites you’re looking up. If the VPN is faulty, it may continue to send DNS queries to the ISP’s DNS servers, putting your security at risk. That’s the gist of a DNS leak.

Some VPN apps have built-in DNS leak tests that tell you if your connection is secure and whether your real IP address is being hidden. Otherwise, you can perform them via DNSleaktest.com. When I try a VPN, I run its standard test twice: once with the VPN off, and once with it connected.

Trying different use cases

The No. 1 purpose of VPNs is to make it difficult for anyone other than the provider to identify and track your online activity, so every VPN I recommend must do that well — no exceptions. However, VPNs are also widely used to spoof user locations and skirt geo-restrictions on content, especially overseas streaming libraries. (Services like Netflix limit their libraries abroad because of region-specific distribution rights.)

While a VPN will never be disqualified simply because it can’t get users access to geo-blocked content, it’s a plus if it succeeds, so I still test for it. I do so by connecting to one of the VPN’s UK servers from my home in Chicago and running a DNS leak test to see if my IP address changes accordingly, then attempting to watch Love Island UK on the UK streaming service ITVX.

Speed tests

The connection speed of a VPN depends on a lot of different variables, but it will almost always be slower than your regular internet connection, so it’s not a huge factor in my final recs. That said, I try to get an idea of how well a VPN performs by using it for a lengthy period of time and running it through some quick Ookla Speedtests. (I do three of them: one with the VPN off, one with the VPN connected to a local server, and one with the VPN connected to a French server.) If a VPN is noticeably sluggish to the point where it affects usability, I’ll call it out. 

A general rule of thumb for any given VPN is that your connection speeds will be fastest when you’re connected to a server that’s geographically close to your actual location.

Other important details

I also took the following factors into account as I used each VPN and decided whether to recommend it, listed in no particular order:

Included features

Most premium VPNs come with similar sets of privacy tools, so I don’t encounter major provider-to-provider discrepancies in this regard. Still, it’s worth noting some of the important ones I look out for:

  • A kill switch will immediately disconnect your device from the internet if your VPN drops. (This one’s non-negotiable.) 

  • Support for multi-hop connections that route your traffic through two or more of the VPN’s servers. This adds an extra layer of protection. 

  • Split tunneling, a tool that sends some of your traffic through the VPN and some outside it to conserve bandwidth, can be useful for streaming and gaming.

Oftentimes, providers will also bundle their VPN with additional security features like malware/adware blockers, data breach detectors, and cloud storage. These won’t make the VPN itself any better, but they’re good to have alongside your go-to antivirus software and password manager. (If you have to choose between a reputable VPN or one that comes with a bunch of add-ons, always go with the former.)

Protocol type

A VPN’s protocol is the set of instructions that determine how data gets communicated between its servers and your devices. Many VPN providers have developed proprietary protocols within the past few years, but OpenVPN remains the most popular and widely respected option: It’s stable, secure, and open-source, meaning anyone can inspect its code for vulnerabilities. WireGuard is another good pick that’s newer than OpenVPN and supposedly faster.

Encryption type

A VPN protects your data by encrypting it, or scrambling it up into unreadable “ciphertext” that can only be decoded with a secret key or password. Virtually all premium VPNs use Advanced Encryption Standard (AES) 256-bit encryption, which is pretty much uncrackable to third parties.

Server network size and distribution

Picking a VPN with a large server network means there’s a lower likelihood of you sharing one with a bunch of other users, which is especially valuable for streaming (since there’s more bandwidth to go around). 

Relatedly, a VPN with a geographically diverse network of servers in many different parts of the world will make it easier for you to spoof specific locations and find one close to you to optimize connection speeds. Most premium VPNs maintain servers throughout the Americas, Europe, Asia, and Australia; few have a big presence in Africa.

Number of simultaneous connections

Most VPNs can be used on five to 10 devices per account (depending on the provider), which should be plenty for individual users. A handful of them support unlimited simultaneous connections to better serve bigger households.

Customer support options

Users should have access to some kind of help around the clock in case an issue arises with their VPN connection or account, whether it’s by phone, email, or live chat. (Online help forums and tutorials are nice, but not enough on their own.) I also give preference to VPNs that offer some kind of money-back guarantee; in most cases, it’s 30 days long.

Overall ease of use

Some VPNs are more intuitive and beginner-friendly than others.

It’s important to note that many popular VPN providers posit their jurisdiction, or the location of their headquarters, as something that can have serious privacy implications based on local surveillance laws (such as the Five, Nine, and 14 Eyes alliances). Without getting too in the weeds, the experts I spoke to said the average consumer shouldn’t put a big stake in these claims, and that authorities will get access to user data one way or another if the need is great enough. What’s more concerning, they added — to bring things full circle — is whether any data is being retained by a VPN provider in the first place. 

If anything, users might be better off choosing a VPN headquartered in a country with strong consumer protections against deceptive marketing (like the U.S. and many countries in the European Union). These could come in handy if a provider’s privacy policy was ever questioned.

Note: Ookla is owned by Mashable’s publisher, Ziff Davis.

Leave a Comment