Most “best VPN” content is, bluntly, an affiliate vehicle. The category pays some of the highest referral commissions in software, which is exactly why so many “top 10 VPN” lists rank whoever pays most and bury the conflict of interest in the footer. So before any recommendation, the useful move is to be skeptical — and the communities worth reading are skeptical too. We marked this mixed-consensus because there is a rough agreement among privacy-minded people, but it looks almost nothing like the ranked lists you get from a search, and that gap is the whole story.
Start with what a VPN actually does, because the marketing routinely overstates it. A VPN routes your traffic through the provider’s servers, which hides your real IP from sites you visit and your browsing from your network/ISP, and lets you appear in another country. That’s genuinely useful for some things. It does not make you anonymous, it does not stop you being tracked by the accounts you log into, it is not a substitute for good security hygiene, and the ads implying it protects you from “hackers” on every coffee-shop network are selling fear that HTTPS already mostly handled years ago. The recurring “do I even need a VPN” threads in r/privacy land on a sober answer: for specific jobs, yes; as a magic privacy blanket, no.
The short version
| Provider | What it’s genuinely good for | Pricing shape | The honest caveat |
|---|---|---|---|
| Mullvad | Privacy with minimal trust; no email, flat price, audited | Flat ~€5/mo, no discounts | Not built for unblocking streaming; fewer “features,” by design |
| Proton VPN | Privacy + usability; free tier exists; Swiss-based | Free tier; paid plans | The free tier is a funnel; full features need the paid plan |
| IVPN | Same privacy-first ethos; small, transparent | Subscription | Smaller network; not a mainstream consumer brand |
| The big sponsored brands | Marketing, server counts, streaming claims | Cheap long-term lock-ins | Conflicted reviews, ownership questions, over-promised privacy |
Mullvad: the one that asks who you even are as little as possible
Mullvad is the closest thing to a consensus privacy pick among people who actually care about the threat model, and it’s because of choices that are openly hostile to upselling. There’s no email and no account name — you get a random account number — and the price is a flat ~€5 a month with no annual discount tricks, which is itself a tell that they’re not running the usual psychological pricing funnel. It’s been independently audited, and the most-cited proof point in r/privacy is concrete: when Swedish police raided Mullvad in 2023 looking for customer data, they reportedly left with nothing because Mullvad doesn’t store it. You can’t hand over what you never collected.
The honest caveat is that Mullvad is built for privacy, not for entertainment. It’s not focused on reliably unblocking streaming services, and it deliberately lacks the bundle of “features” the consumer brands advertise. That’s a feature to the target user and a disappointment to anyone who bought a VPN mainly to watch another country’s Netflix catalog.
Who it’s not for: people whose main goal is streaming or torrenting region-locked content reliably, and people who want hand-holding and a feature-stuffed app. If you don’t actually care about the no-account, minimal-trust model, you’re choosing it for reasons that don’t apply to you.
Proton VPN: privacy you can actually hand to a normal person
Proton VPN is the pick the r/VPN and r/privacy crowd recommends when usability matters as much as ethos. It’s Swiss-based, has been independently audited, comes from the Proton Mail people, and — unusually for a credible provider — has a genuinely usable free tier, which makes it the easy recommendation for someone who won’t pay until they’re convinced. It’s the bridge between the hardliner picks and the mainstream.
Two honest notes. The free tier is, like all free tiers, a funnel — it’s limited on servers and speed to nudge you to pay, and that’s fine as long as you know it. And while Proton’s privacy story is strong, it’s a larger company with a broader product line, so the “minimal trust” purists still lean Mullvad or IVPN. It’s the best balance, which is a different claim than the best privacy.
Who it’s not for: absolutists who want the smallest possible trust footprint (Mullvad/IVPN edge it there), and people expecting the free tier to be a full replacement for the paid plan. It’s a strong all-rounder, not a maximalist privacy tool.
IVPN and the rest of the honest tier
IVPN comes up repeatedly in the same breath as Mullvad — same privacy-first ethos, transparent ownership, network-level tracker blocking, and a refreshing willingness to tell you when you don’t need a VPN. The tradeoff is simply scale: it’s a smaller provider with a smaller network and no consumer-brand recognition, which is irrelevant to privacy and relevant to someone who wants the most server locations.
This tier — Mullvad, Proton, IVPN — is roughly where independent, non-affiliate sources like Privacy Guides converge, and the overlap between “providers with no affiliate program or quiet ones” and “providers privacy people actually trust” is not a coincidence.
Who it’s not for: people who equate “biggest server count” with “best,” and anyone who needs a household-name brand for comfort. The smallness is the point and the limitation at once.
The big sponsored brands: read these reviews differently
The household-name VPNs that dominate search results and YouTube sponsorships aren’t necessarily bad software, but the way they’re sold should change how you read every recommendation of them. The reviews are frequently affiliate-driven, several brands have faced ownership-transparency and past-logging questions, and the marketing leans on overstated privacy and security claims plus cheap multi-year lock-ins designed to capture you before you compare. None of that means they don’t work for streaming — many do — it means treating their privacy promises with the same skepticism you’d treat any heavily incentivized pitch.
Who they might actually suit: people whose honest goal is reliable streaming/unblocking and who don’t have a serious privacy threat model — in which case, fine, but choose with eyes open and ignore the privacy theater.
Where the room is split — and where it isn’t
The genuine disagreement is narrow: privacy people argue Mullvad vs Proton vs IVPN around the edges (no-account purity vs usability vs network size), and that’s a real, healthy split. Where the room is not split is more striking — the privacy-literate communities broadly agree that the most-advertised brands are the least reliable signal, and that the bigger question is whether you need a VPN at all for your actual use case. That consensus-against-the-marketing is itself the most useful finding here.
So what should you actually use?
- Privacy with the least trust, and you don’t care about streaming? Mullvad.
- Strong privacy that a normal person can actually use, with a free tier to try? Proton VPN.
- Same ethos, transparent, don’t need a huge network? IVPN.
- Honestly just want to stream another region and don’t have a threat model? A mainstream brand is fine — but don’t believe its privacy ads.
- Not sure you need one at all? You might not. Figure out the specific job first.
That’s not the ranked top-10 the ads want you to read, and that’s the point. The category is built to be confusing because confusion sells subscriptions; the honest version is shorter, less exciting, and starts with “what are you actually trying to do.”
Consensus as of mid-2024. Pricing and audit status are summarized from official and independent sources and change over time; verify before subscribing. The Test Desk takes no affiliate commission and accepts no sponsorship — which in this category specifically is the disclosure that matters most. This is a synthesis of public discussion and official facts, with the usual caveat that loud subreddits are not a representative sample of all users.