The terms “5 Eyes“, “9 Eyes“, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs.
In short, these are just international surveillance alliances representing various countries around the world. These surveillance alliances work together to collect and share mass surveillance data. In other words, they are essentially acting as one global-surveillance entity to spy on you and record your activities.
In this guide we’ll explain the different “X” eyes surveillance alliances and why this topic is important when choosing a VPN service or any other privacy tool.
Five Eyes
The Five Eyes (FVEY) surveillance alliance includes:
- Australia
- Canada
- New Zealand
- United Kingdom
- United States
The history of this alliance goes all the way back to WWII and the UKUSA Agreement. This agreement officially formalized a partnership between the United Kingdom and United States for sharing intelligence. The partnership continued throughout the Cold War and has only strengthened following the “War on Terror” and subsequent “terrorist” events.
Edward Snowden brought renewed focus to the Five Eyes surveillance alliance in 2013 when he exposed the surveillance activities of the US government and its allies.
According to Wikipedia, these are the different “5 Eyes” surveillance agencies working together to collect and record your activities:
It is no surprise that some of the Five Eyes countries listed above are also the worst abusers of online privacy:
- United Kingdom – Since the passage of the Investigatory Powers Act in 2016, internet service providers and telecoms have been recording browsing history, connection times, and text messages. The data is stored for two years and is available to UK government agencies and their partners without any warrant necessary.
- United States – The US government has been implementing Orwellian mass surveillance collection methods with the help of large telecoms and internet service providers (see the PRISM program). Recently internet service providers have been given the legal authority to record user activity and sell this to third parties (and you can’t opt out).
- Australia – Australia has also implemented sweeping data retention laws similar to the United Kingdom. (See the best VPN for Australia guide.)
Broad authority – The other drawback with these Five Eyes countries is that they have tremendous authority to force companies to hand over data. This is particularly easy for US government agencies, which can also demand non-disclosure through gag orders.
Nine Eyes
The Nine Eyes countries include all of the previous Five Eyes countries plus:
- Denmark
- France
- Netherlands
- Norway
The existence of the Nine Eyes alliance is referenced in Wikipedia and other sources online. It is just an extension of the Five Eyes alliance with similar cooperation to collect and share mass surveillance data.
14 Eyes
The 14 Eyes surveillance countries include all of the previous Nine Eyes countries plus:
- Germany
- Belgium
- Italy
- Sweden
- Spain
As before, the original surveillance agreement was extended to these other countries. The official name of this group of countries is referred to as SIGINT Seniors Europe (SSEUR).
Additional surveillance partners
+ Israel – Israel must be included when discussing the Five Eyes surveillance partners. As many sources point out, it is one of the closest partners with the US government and the National Security Agency (NSA). Here are a few examples documenting this:
- Wikipedia claims Israel is an official “observer” to the Five Eyes alliance
- Source – NSA shares raw surveillance data directly with Israel; very close cooperation between US/Israeli surveillance agencies
- Source – “Shady Companies with Ties to Israel Wiretap the USA for the NSA”
- Source – Israeli authorities yield wider surveillance powers than US authorities
+ Singapore, South Korea, and Japan – Singapore and South Korea are also reported to be close partners in the Five Eyes alliance. Japan also appears to be a close surveillance partner with the United States (source; source; source).
VPN services located in 14 Eyes countries and territories
Jurisdiction is a big consideration for most people when selecting a trustworthy VPN service. Therefore we will briefly summarize the VPN services that are located in 14 Eyes countries below.
To recap, this list includes VPNs that are located in:
- Five Eyes (United States, United Kingdom, Australia, Canada, and New Zealand)
- Nine Eyes (Five Eyes + Denmark, France, Netherlands, and Norway)
- Fourteen Eyes (Nine Eyes + Germany, Belgium, Italy, Sweden, and Spain)
- Additional partners (Israel, Singapore, South Korea, and Japan)
AceVPN (USA)
ActiVPN (France)
AirVPN (Italy)
AnonVPN (USA)
Anonymizer (USA)
Avira Phantom VPN (Germany)
AzireVPN (Sweden)
BeeVPN (Denmark)
Betternet (Canada)
Blockless (Canada)
BTGuard (USA)
Celo (Australia)
ChillGlobal (Germany)
Cloak (USA)
CrypticVPN (USA)
CryptoHippie (USA)
DefenceVPN (Barbados)
Disconnect.me (USA)
FlowVPN (UK)
FlyVPN (USA)
FoxyProxy (USA)
FrootVPN (Sweden)
FrostVPN (USA)
GetFlix (Canada)
GhostPath (USA)
GooseVPN (Netherlands)
GoTrusted (USA)
GoVPN (Germany)
Hide My IP (USA)
HideIPVPN (USA)
HideMyAss (UK)
Hotspot Shield (USA)
IncognitoVPN (USA)
Integrity.st (Sweden)
Internetz.me (Germany)
IntroVPN (USA)
IPinator (USA)
IPredator (Sweden)
IPVanish (USA)
LibertyShield (UK)
LibertyVPN (USA)
LiquidVPN (USA)
Mullvad (Sweden)
My Expat Network (UK)
MyIP.io (USA)
MyVPN.Pro (USA)
Netshade (USA)
Newshosting (USA)
NolimitVPN (Singapore)
Norton WiFi Privacy (USA)
OctaneVPN (USA)
Opera Browser VPN* (Norway) [Note: “Opera VPN” is not actually a VPN, but instead a proxy.]
OverPlay (UK)
OVPN.com( Sweden)
Private Internet Access (USA)
PrivateTunnel (USA)
PrivateVPN (Sweden)
ProXPN (Netherlands)
PRQ (Sweden)
RA4W VPN (USA)
RogueVPN (Canada)
RootVPN (Netherlands)
SaferVPN (Israel)
ShadeYou (Netherlands)
SlickVPN (USA)
Speedify (USA)
Spotflux (USA)
Steganos (Germany)
StrongVPN (USA)
SunVPN (USA)
SuperVPN (USA)
SurfEasy (Canada)
TGVPN (UK)
Torguard (USA)
TorVPN (UK)
TotalVPN (UK)
Traceless.me (Germany)
TunnelBear (Canada)
Tunnelr (USA)
TVWhenAway (UK)
Unblock-Us (Barbados)
Unlocator (Denmark)
UnoTelly (Canada)
Unseen Online (USA)
Unspyable (USA)
VikingVPN (USA)
VPN Gate (Japan)
VPN Land (Canada)
VPN Master (USA)
VPN Unlimited (USA)
VPN.sh (UK)
VPN4All (Netherlands)
VPNAUS (Australia)
VPNJack (USA)
VPNMe (USA)
VPNSecure (Australia)
VPNShazam (Israel)
VPNUK (UK)
WASEL Pro (Netherlands)
WifiMask (Netherlands)
Windscribe (Canada)
WiTopia (USA)
WorldVPN (UK)
Zenmate (Germany)
ZoogVPN (UK)
Recommended VPNs that are outside of 14 Eyes countries
Many Restore Privacy visitors are looking for a VPN that is based in a good privacy jurisdiction. This is a wise consideration since there have been different cases of technology companies that were forced to log customer data and hand this over to government agencies. The PRISM program details shocking evidence of US technology companies giving government agencies, such as the NSA, direct access to user data.
There are also US VPNs that have provided data to US authorities, even while promising to be “no logs” to their customers. One example of this is with IPVanish (see the IPVanish logging case), which logged user data and provided it to the FBI for criminal prosecution.
Based on personally using, researching, and testing numerous VPNs over the past four years, here are my current top recommendations from the best VPN service report:
- ExpressVPN (based in the British Virgin Islands, a politically and legally autonomous country that does not fall under UK jurisdiction) [ExpressVPN review] – for discounts, see the ExpressVPN coupon page
- Perfect Privacy (based in Switzerland) [Perfect Privacy review]
- NordVPN (based in Panama) [NordVPN review] – for discounts, see the NordVPN coupon page
- VPNArea (based in Bulgaria) [VPNArea review]
- VPN.ac (based in Romania) [VPN.ac review]
- VyprVPN (based in Switzerland) [VyprVPN review]
Does jurisdiction even matter?
In the end, jurisdiction is just one of many factors to consider when selecting the best privacy tools for your unique situation. How much it matters to you depends on many factors, particularly your threat model and the types of adversaries you are looking to protect yourself from.
For those seeking higher levels of privacy and security, jurisdiction is indeed an important consideration, especially when you consider the growing power of governments to force companies to hand over data and log users.
Trust is also a major factor you should consider. After all, a VPN can operate in a good “overseas” jurisdiction, yet still lie to customers and provide data to government agencies.
Take for example PureVPN, a provider based in Hong Kong that gave US authorities connection logs for a criminal case. But PureVPN has a poor record and has been involved in numerous scandals over the years, so this case is certainly not the norm.
Good luck and stay safe!
Hey Sven,
Thanks for the informative article!
I’d just like to know, where did you learn all of this from? You seem reallly knowledgable
Thanks, well there’s a lot to read on these topics online if you have the time.
Mr Hudson, what about CyberGhost VPN based on Romania?
CyberGhost review here.
And AstrillVPN (www.astrill.com)?
Hi Sven.
I am currently using SurfShark VPN.
I believe they are pretty new.
Based in the British Virgin Islands which doesn’t belong to 14 eyes.
Anything I need to know about this company?
I have about 16 days left of a 30 day money back guarantee.
Great info by the way.
Cheers
you must have skipped the part about British Overseas Territories, which ultimately is part of 5 Eyes (UK)
Thanks for this comment, it reminded me I needed to update this guide since looking into this issue.
I must disagree: British Overseas Territories are not members of the 5 Eyes alliance, from either a legal perspective or practical application. Take for example the British Virgin Islands (BVI) or Gibraltar. Both are fully autonomous, legally and politically, and could never be forced to take orders from the UK. They are their own unique countries, far outside of UK jurisdiction, despite historical ties to the British empire. While citizens in these overseas territories can make a claim to citizenship under UK law, there is little that remains of any formal connections.
Furthermore, unlike the UK, both the BVI and Gibraltar are very privacy-friendly countries that respect secrecy and anonymity, which is why various VPN providers (and banks) choose to incorporate their business there.
Sven,
Interesting about BVI and Gibraltar , any secure email providers running from there? Any worthwhile software labels, vendors as well?
Hi Hard Sell, I know IVPN uses Gibraltar as their jurisdiction due to its favorable privacy regulations and independence. I’m not aware of any email providers based there, however.
Hi Lewie,
I’d not go with a new VPN company as to much about is unknown.
Just like with a claimed 500 servers in 50 countries – HUM…
You can bet somethings up there, and trying to get known by offering unlimited device connections per account would be something I’d suspect they’ll not keep for long or long term.
–
I don’t like these either-
Surfshark.com registrar is NameBright.com Inc, a Colorado corporation.
Why have any US ties for an offshore jurisdiction of a VPN?
NameBright
2635 Walnut Street
Denver, CO 80205
NameBright is a TurnCommerce corporation.
https://www.namebright.com/Whois/Surfshark.com
See H.R. (1981) Laws: https://privacysniffs.com/data-retention-law/united-states-of-america/
Would that play a roll here with Surfshark VPN ?
–
Surfshark TOS states:
#1. No-logs Policy – We do not collect IP addresses, browsing history, session information, used bandwidth, connection time stamps, network traffic and other similar data.
*We do not approve any unlawful, illicit, criminal or fraudulent activities committed by using Surfshark Services. As we are not logging any information about your activities, you are using the Surfshark Services at your own risk.
– Surfshark will not be liable in any way or form for illegal actions done by you arising through or from the use of our Services.
#2. You are solely responsible for all usage or activity on your account including, but not limited to, use of the account by any person who uses your account, with or without authorization, or who has access to any computer on which your account resides or is accessible.
#3. You may share your account, username, or password with your family and friends only. “and” You may be held liable for any losses incurred by Surfshark, its affiliates, officers, directors, employees, consultants, agents, and representatives due to someone else’s use of your account or password.
We reserve the right to terminate your account at anytime.
#4. Surfshark Services renew automatically for the same length at the end of each service period and you are charged according to your chosen payment method.
–
[-[Your payment info. is stored to automatically renew account – and the wordage of “Surfshark will not be liable in any way or form” with the meaning “You may be held liable for any losses incurred by Surfshark”. – – I surely wouldn’t trust or want anything directly related to me in way of payments but only Virtual payment cards or prepaid and gift cards with a set sum added to a VPN service this new.]-]
#9. We also do not guarantee that the Services is free from viruses or other harmful components. @ WOW THEY SAID THAT………..
https://surfshark.com/terms-of-service
–
1. What information is collected?
> Information we collect on our Website and apps.
In addition, when you visit our Website, we may also retain your IP address, a unique identifier for your computer or other access device.
When you use our app, we may collect advertising identifiers.
> Cookies and web beacons / Cookie a small string of information that transfers to your computer for identification purposes.
Web beacon is an invisible pixel-sized graphic image on a web page, web-based document or e-mail message. It helps us do things like view the URL of the page on which the beacon appears and the time the Website, document or email in question is viewed. They can be used to confirm the receipt of, and response to, our emails, including those that you forward to friends and family.
–
Further down the PP,
# 6. At this time Surfshark does not recognize automated browser signals regarding tracking mechanisms, which may include ‘do-not-track’ instructions.
# 7. We collect and use information about you in the same way and for the same purposes if you access Surfshark from your mobile phone, as we do when you use our Website. If you use our browser extension, we collect the same information as in case of our other Services.
# 8. By using the Services, you expressly acknowledge and agree that we cannot guarantee the security of any data provided to or received by us through the Services and that any personal information, general information, or other data or information received from you through the Website or our Services is provided at your own risk.
–
Pretty heavy TOS & PP and looks like they will know you well without logs – that’s why a trustworthy and time tested VPN is most important or it should be to everyone : )
Thanks a ton for such a deep and valuable insight into the subject and also the well-thought reviews (which I’m going through at the moment).
Possible to review ZoogVPN? [https://zoogvpn.com/]
Need to buy a service soon and I see they have a “No” everywhere in this list.
[https://thatoneprivacysite.net/vpn-comparison-chart/]
I’d appreciate it.
Cheers
ZoogVPN
Jurisdiction: United Kingdom => 5 eyes
additionally: 27 servers/ 18 contries
no kill switch
to avoid
Hi, could you review, or give us your opinion on Mullvad Vpn? You register without providing any personal information or your e-mail, so would it be a valid choice despite being subject to Sweden jurisdiction?
Hi Sven,
I think it’s time to seriously work for internet decentralization. The situation is getting worse every day.
If we do nothing internet will soon become our prison.
People must think about political system and capitalism more deeply and by themselves.
Things are going really bad on our world. Earth should be a paradise, not a hell. It’s all in our hands.
Regards.
Would tor be within the eyes if they are based in Germany??
Well, the Tor project is based in the US, but anyone can operate a Tor node – they are all over the world.
I need a free vpn that doesn’t log and require opening an account, recommendations?
Please do not recommend vpns that have trials attached to them.
I’d avoid free VPNs. If it’s free, then you are likely the product.
Spot on
I use Opera’s free VPN feature, and VPN addons with Firefox. I don’t see how this makes me a product, and meanwhile I benefit from the advantages of a VPN connection.
Read Opera’s privacy policy, where they describe how your data is collected and shared with third parties, then you will understand.
What is your opinion on Epic Browser’s VPN proxy ? :
https://www.epicbrowser.com/
Not recommended.
Browser-based proxies are not VPNs.
If it is like the “free VPN” in Opera’s browser, then it is a data collection tool.
Hi Sven,I’m not tech savvy,so this may seem a stupid question.If i’m using PIA and firefox when browsing,will this be recorded on my hard drive? thanks for your help.
Hi Jim, the VPN will not be recording anything, but Firefox may be storing your browsing data depending on your browser’s settings/configurations. You can modify Firefox for more privacy using the steps in this guide.
Hi Sven,i use avast internet security and also avast vpn.I have recently set up PIA and quite often find avast softlayer technologies appearing with the country chosen through PIA(very concerning and frustrating).Most common one is 173.192.103.7 US.another is 169.57.1.216. BTW my avast vpn is not on when this occurs.An earlier comment shed some doubt on PIA no logs,your opinions please.Also,if i use firefox and PIA will browsing be recorded on harddrive.thanks.
Hi, you should configure Firefox to keep as little data as possible. PIA is a US-based provider, which is not a good jurisdiction, but it has also had their “no logs” claims confirmed in court.
Regarding Avast, I’m not sure what is going on. I’ve seen that avast antivirus collects quite a bit of data, and last time I checked their privacy policy, this data could also be shared with third parties. I’m not sure about their VPN though.
Something for you to be aware of Sven, to be honest, I think it’s important enough to have it’s own article.
Yesterday, I found that UK mobile networks require “adult verification” when unblocking adult content restrictions, by submitting driving licence or passport details, if you are using a sim car that isn’t on a contract.
Now, the uninformed might think “It’s just to make sure that children aren’t accessing pornography & to safe guard the vulnerable”.
No. This is used to get a registrar of people who use encrypted communication over their ISP’s, plain & simple, because it explains all of the following…
Yesterday, I had to update my NordVPN Windows app, which at the time, was connected to my 4G hotspot. Upon doing this, I could no longer access the Nord app at all.
In addition, on an un-encrypted connection:
-I couldn’t LOAD any VPN website AT ALL.
-As a test, I tried a number of websites that some might consider “fringe” or “politically controversial” & I couldn’t load them without the “adult verification” prompt.
-I tried to install offline, the NordVPN windows app, couldn’t login.
-I setup the Windows 10 VPN IKEv2 & I couldn’t connect to the internet.
-I tried to install a Express VPN (trial) & ProtonVPN on my mobile & it wouldn’t configure (i.e blocked)
Eventually, I solved the problem by connecting to wifi & setting the connection type to “obfuscated”, but if I was with a VPN provider (or was technically unaware) & using a 4G hotspot to access the internet, I would no longer be able to use a VPN without verifying my identity…at all.
Now, what has prompted all this? It’s a recently passed UK law to “protect children”
This is some background info on the law, prior to it’s passing:
https://www.independent.co.uk/news/uk/politics/internet-laws-social-media-child-safety-terrorism-facebook-twitter-matt-hancock-a8360081.html
I wouldn’t be surprised if public wifi does the same thing soon.
I would now say that any VPN provider that doesn’t have a type of obfuscated connection, cannot be recommended for UK users, at all.
Hi Richard. Wow, this is interesting. If you don’t mind me asking, what is the internet provider you noticed this on? So you are saying that standard OpenVPN (non-obfuscated) connections are getting blocked on 4G mobile networks (without verification) and home networks (your WiFi) – correct? It looks like the UK is following in the steps of China and Saudi Arabia with internet censorship. And then there was the recent EU law passed regarding content filters, copyright for news articles, and link taxes. Probably it’s time for an article on EU censorship…
With home (landline) networks, some providers, by default, will have “adult content” restriction & you’ll need to login to your account to remove it. I know that Virgin & Sky have their adult filter enabled by default & while you can load a VPN site, you’d have to disable it to use a VPN connection. I don’t know about BT or Plusnet (BT owned).
https://betanews.com/2016/07/07/sky-broadband-web-filters/
I don’t know exactly how the recent law change may have affected the landline providers outside of what I’ve seen myself, but considering you need to be 18+ to sign a contract, it might vary from provider to provider & might require more research.
But…mobile networks, non-contract pay as you go…100% have adult verification. If you had a new phone & new sim card & tried to install a VPN app using a 3/4G connection, it won’t work, you would need to login to wi-fi to install & then you can use VPN (I was mistaken, non-obfuscated connections work on 3/4G connection…for now), BUT…if you turn on the hotspot feature on the phone & try & connect a laptop that ALSO has a VPN app…that won’t connect using a non-obfuscated connection using windows 10, which means many VPN servers in countries that can’t or for commercial reasons, aren’t available on a obfuscated connection type, if you’re using a 4G hotspot that isn’t age verified.
That is 100%. My concern is that the government will then force Google & Apple to also do age verification.
https://www.thesun.co.uk/tech/5783907/porn-verification-age-scheme-check-date-uk-when/ <— this gives a simple explanation of the law.
I sent the info to NordVPN, which they said they were unaware of & would investigate what to do about it.
https://www.vpncompare.co.uk/wp-content/uploads/2015/10/o2-age-block.png <—this is the screen I was getting when I tried to access some various "alt-media" that was more "right-leaning".
This dispels the lie of "protecting children from porn".
All the mobile networks are forced to comply with this law, I use 02…I checked the other main ones (Three, Vodafone, EE), they all state that age-verification requires an upload passport/Driving licence details, I think it also said about using a card payment, probably to use the credit check facility to confirm identity.
I did mention in my post yesterday about public wifi, well…I've noticed my local supermarket Morrisons blocks VPN (even obfuscated), as well as another large high street business which…I can't remember who it was, just that it wouldn't work, but that is probably related to the fact these business mine the user data for commercial purposes, maybe…
As for the EU…that article 13 is something that should concern us all.
Thanks for the information, Richard. I’m going to do an article on censorship in Europe, and perhaps also one for the UK specifically.
It seems NordVPN fixed the issue in their last update, although the Killswitch doesn’t work now, trying to connect always times out.
Hello, Is there safe to use a VPN provider from Panama and connect to a local location for accessing local content when the local country is on the 9 eyes list?
As you mentioned about PureVPN giving logging users data but what I know after reading their response on their blog is that they only keep timestamp which is Okay. What do you have to say about that?
Hey,
SaferVPN is not belonging to any of those alliance. I suggest checking our NO LOG POLICY
[link removed] and the privacy policy [link removed]
This has nothing to do with your VPN or your “no log policy”. Israel is a close surveillance partner with the US – see the links and sources in the article.
Hi,
Thank you very much for this site and your work.
Sad for me to see my VPN provider here, It’s office based in Italy.
I noticed, you sometimes advice PerfectPrivacy and VPN.ac, so I looked at their info. I just want to mention that the software they provide is closed-source, so you never can be sure what does this software do exactly. As for me, it looks strange a bit in the context of usage. And it has poor functionality. For example, the VPN I use (but now will look for another) provides an open-source client software, available on gitHub, with lots of views and commits, and so on. It also has much advanced options than PerfectPrivacy’s do, because there is a big suggestion thread on the forum.
VPN.ac looks great for me if there was a way to manage double tunnel on linux with easy steps. I’ll try to find it.
Thank you for this article.
What VPN do you use? Since it’s open source I will check it out on GitHub. Thanks in advance.
It seems that you guys now what you are talking about. I would like to hear a opinion on Mullvad besides that there are part of the fourteen eyes. Looking for a Perfect Privacy alternative
Why ProtonVPN is not on the list? It’s based in a Switzerland and has a cascading VPN option (called Secure Core).
Hi Piotr, check out the ProtonVPN review to see why it’s not recommended here.
Hello Sven,
This sounds so intriguing “you can definitely setup a VPN router to work at all times. And then, for an even higher level of protection, you can connect to the router with your computer, and then connect to another VPN server through your computer, thereby using two different VPNs at the same time. I’m actually testing this out right now with different routers.” If you can get it to work, I hope you will do a how-to guide for it. Since I am using Windows XP I do not know how practical it would be, but maybe I can figure something out.
Chau
Hi Chau, it works fine and is pretty easy to do. The main thing to keep in mind is using nearby servers to minimize latency.
It doesn’t matter!
Or I’d say US provides are safer from the US intels as they are at least protected by US laws!
The US intels don’t care foreign jurisdictions. They don’t have any law to obey outside US and so can operate more freely there.
I remember, after Snowden revelations, many self-proclaimed privacy specialists like “The One Privacy Guy” said Hong Kong was an ideal place for VPN providers to be based in as Snowden chose there. To me, it was obvious that he chose there because of “the enemy of my enemy is my friend” mentality as Hong Kong is a part of China, which is an enemy of the US. So, I called “The One Privacy Guy”‘ a phony because he rated Hong Kong based BlackVPN very highly for that.In fact, long before that, the owner of BlackVPN had admitted they had kept connection logs and called all no log VPNs lairs at Reddit many times. Nevertheless, “The One Privacy Guy”‘ labeled BlackVPN as “No log VPN” and rated it highly. And, later,it revealed that he was a user (and possibly fanboy) of BlackVPN! Back then, many people called me stupid, but now we know who was right about Hong Kong!(You know PureVPN, right?)
Also, I remember, long before then, the exactly same type of FUD or propaganda against US based VPN providers,like “Stay away from US providers and use offshore one!”, was used by FindNot and XeroBank, both of which were Panama based VPN providers and one day suddenly ceased the operations and disappeared. Poor, none of their users caught the con artists. I mean, how could they?—even though the FBI couldn’t touch them because they were an offshore company(What an irony)!
So, don’t say “US VPN providers are bad and offshore ones are better!”.
Also, remember rolling out VPNs is relatively easy and many of VPN providers could be shell companies or one person operations or run by online buddies who have actually never met each other.
So, you’d better not trust VPN providers based in ambiguous offshore countries.(Don’t you remember “Panama papers”?)
Good points Lisie, but it’s a tough call either way. I’d still opt for a provider outside of the US, but jurisdiction is just one of many factors to consider.
Regarding “That One Privacy Guy”, I too am skeptical of many of his claims. See this thread where he is called out for lying by AirVPN staff, but then doubles down on his accusations.
But back to jurisdiction, of course the NSA is a global adversary. But we already know that every large tech company in the US has been forced to cooperate on the surveillance agenda. This has been known for many years now – way before the “Snowden revelations”. A VPN in Switzerland would have a lot more independence and ability to resist NSA influence vs. a VPN in California. Remember Lavabit email?
Sven, I want to thank you for such a fantastic, well-written, and thorough article on a subject I have been researching for a while now. I have used PIA and others. I am constantly amazed by the amount of “Weasel words” used in their “no logs” policies. FWIW, I don’t do anything illegal online, I don’t even want VPN for torrents and stuff like that, I simple want ABSOLUTE Anonymity. Of course I know there is NO way to get that, as IF what someone is doing is high enough priority, all nations and companies will (and perhaps should) give up a user, for example someone planning to kill a few thousand people. The problem I have, and my main motivation for wanting the best VPN I can find, is the fact that western governments DO NOT go after crime, they don’t care about stuff that hurts PEOPLE, only stuff that hurts THE GOVT! This hypocrisy drives me insane, people buy illegal stuff online all the time and they do nothing, meanwhile they go after people expressing simple freedom of speech which is against the flow of the current government or politically correct agendae which are currently fashionable!
I use the internet to research issues of free speech and government corruption. I am therefore very concerned about spying etc. I simply want the most secure VPN service available, while I understand the fact that IF I was wanted badly enough, they could find me. I just don’t want people getting to me without a court order (as I don’t break any laws!)
Before reading your excellent article, I was wondering about NordVPN. I have PIA currently but feel like a change, not really sure why. Nord says two things which encouraged me, and I wonder if you could comment on these two points….
1. Based in Panama – outside the 14 eyes, safer?
2. They have DoubleVPN – I don’t really want to go near Tor network as I am sure that’s the best way to get spied on, but will it help in this case as my entrance is via a Panamanian based VPN?
Also, is it easy to set up a router as you suggested in one of your articles? Can you set a router up to use VPN all the time, and then connect to VPN on machine as well as and when needed?
Sorry, also !!….. do you know how the speeds compare between VPN providers as I like speed!
Thanks
Hi Ed, good points. The hypocrisy throughout the Western world is getting to be ridiculous. They can lock someone up for 10 years for downloading a song in the UK, but they will turn a blind eye to heinous crimes that happen every day. Corruption at the highest levels everywhere you look.
Regarding NordVPN, it definitely has pros and cons – check out the review here. Yes, you can definitely setup a VPN router to work at all times. And then, for an even higher level of protection, you can connect to the router with your computer, and then connect to another VPN server through your computer, thereby using two different VPNs at the same time. I’m actually testing this out right now with different routers. I’m using VPN.ac on the router and Perfect Privacy on my laptop.
Speeds can vary, but NordVPN did not have the best speeds when I ran the results. However, there are so many variables when it comes to speed, it’s tough to make definitive statements.
EEEEEEEEEEEEEEEEEEEEEXACTLY!
“heinous crimes that happen every day” – I more than get your drift, I know exactly what you’re talking about and it’s disgusting that it’s ignored for fear of being called a name, but meanwhile calling someone a name or saying something which might hurt someone’s feelings can land you in handcuffs and worse. It’s a joke.
I don’t think the VPN router option is viable for me, I really don’t know much about routers and settings etc, and would be more likely to make a mistake than I would with software i think. I will definitely keep it in mind for the future though.
For now, PP is the way I am going. I have another question though….
Tails and Tor Browser – It is my thinking that sometimes having a very odd or unusual set up attracts more attention than mixing with the crowd a bit more. For example using a Tor browser via VPN, would that not create a more unique browser fingerprint, by resisting giving any fingerprint?! My current thinking is using a version of Firefox which has some secure options set up, might be a bit less noticeable.
Tails – I was thinking of installing this OS and using all my VPN stuff through that OS. But for reasons given above, I wonder now if that’s more likely to flag something, than just using windows or mac, with good quality VPN.
Any thoughts?
Thanks again, I will be buying through your aff links to say thanks for the useful content.
Hi Ed, thanks! I think using the Tor browser with a good VPN service is one of the best options for more privacy. You blend in with all the other people using the Tor browser, so that’s a big benefit. With Perfect Privacy, you will also blend in with all the other people using the same IP address (they only use shared IP addresses) – another benefit for privacy. The Tor browser is just a hardened version of Firefox that includes many settings/tweaks that protect you from browser fingerprinting and other vulnerabilities. Firefox is also good, but it will need some basic modifications, such as disabling WebRTC.
I strongly advice against panamenian based vpn-s. They have a strong history and relationship with the Big uncle. Arrests and detentions have been made directly ordered in oder areas outside the internet realm. Sometimes in direct violations of neutrality laws… Just my 2 cents…
Hi Sven, thank for you reviews.
I have a question for you…because I could’t find this info..
All VPN providers have their main location (USA, UK, Japan, …) so we can decide how “safe” can be each provider for our privacy…
But what about their servers located in different parts of the world? Can they be influenced by local juridsiction?
I.e, I choose a VPN provider located out of 14 eyes counties, but I connect to one server in US (or UK…).
Is this server under US juridsiction or no? What that VPN provider can be forced to do, considering that that server is in US ?
thanks
Hi Fiore, so the operating jurisdiction will determine what laws the VPN company (business) must comply with. In other words, a Romanian VPN service will not need to comply with an American DMCA (copyright infringement) request. However, a server park (datacenter) would fall under the jurisdiction where it is located. So the answer to your question is yes – servers (datacenter) fall under the jurisdiction where they are physically located. So the VPN provider can’t be forced to do anything, but the police may seize servers in their jurisdiction if they are going after someone. This was the case last year when Dutch authorities seized two Perfect Privacy servers in Rotterdam (no customers were affected due to no logs being saved and the servers being operated in RAM disk mode). Servers could also be monitored externally by authorities, which I would assume is easily within the powers of the NSA or GCHQ – but who knows exactly.
This is where advanced privacy features come into play – such as multi-hop VPN chains and also NeuroRouting.
Hello,
Be careful with swizerland and Perfect Privacy ,they cooperate with Five eyes.
“Tier B countries with which the Five Eyes have “focused cooperation” on computer network exploitation, including Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungry, Iceland, Italy, Japan, Luxembourg, Netherland, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland and Turkey;”
See these articles : https://www.privacyinternational.org/node/51 and https://en.wikipedia.org/wiki/Five_Eyes
Hello. The two Switzerland-based VPNs on recommended on this site are Perfect Privacy and VyprVPN. I would just point out that the reference to “Tier B countries” does not appear to be sourced from anything on either the Wikipedia page or the Privacy International article. I can’t find the original source or any other sources for this statement.
Additionally, it is only suggesting “cooperation” with “computer network exploitation” – but not data collection and sharing. Big difference. If you find any good sources on this “focused cooperation” of “Tier B countries” feel free to drop the links in the comments. Thanks.
Hey! Japan must be added too! Because Japan is a large surveillance country. And Japan is a strong ally with the United States. Trump has held Abe’s birthday party! He also handed the gift directly to Abe.
Hello, indeed, you are correct. I have added it to the list along with some different sources documenting close cooperation between Japan and the NSA. Thanks for the feedback!
Wow! Thank you for listening and correcting me.
Hello Sven, thank you for this overview as I think ppl seem not to care so much about the 5/9/14 eyes when it comes to VPN (my experience so far). I was thinking of getting a VPN (perfect privacy seems to be good choice) and was wondering if it makes sense at all to pay for the VPN service anonymously (like, via Bitcoin etc.)? Wouldnt a good VPN NOT log or store any payment information anyway? As in, you buy an account, but the VPN only sees that it’s paid but no further details. And IF you manage to buy it anonymously somehow, you still connect to the VPN with your REAL IP address, thus the VPN provider can see where you’re located via your IP and ofc it’s linked to a certain account. So what do you think? Buy VPN anonymously or not and trust the VPN?
Hi Jaxxx, good questions – but it’s hard to give definitive answers because some people seek more anonymity than others. Ultimately it depends on your threat level. Keep in mind, a VPN does need to do basic accounting if they are accepting payment in return for subscriptions. You mentioned Perfect Privacy – with that service you can pay via Bitcoin or even send cash in the mail to their accountant in Latvia. You can also use a throwaway email when signing up to acquire your password, and then use different throwaway emails if you need to contact support. Some VPNs don’t allow anonymous payment, others do.
For more anonymity, you can also stack VPNs. In other words, use VPN #1 on your router, and then connect to your router and use VPN #2 on your computer. And for more security/privacy, you can also use VPNs through virtual machines.
Sven, then should you ever filter privatevpn and Mullvadvpn in Sweden? mullvad and privatevpn do not keep logs at all.
Hi Jack, I haven’t tested either of those providers, but things aren’t looking good for the future of online privacy in Sweden – see this article.
Regarding “no logs” – you may be interested in this article.
woooowwwwwwww!
It is too bad. I think the answer is to avoid all 14 eyes.
According to Mullvad.s FAQ:
“Do you obey the EU Data Retention Directive?”
“The directive does not apply to Mullvad because we are not considered an electronics communications service. This is also the case for Sweden’s Lagen om elektronisk kommunikation (LEK).”