NordVPN is actually the best VPN if we balance out the categories.
Posts in total: 6
SurfShark's advantage on Nord is that it offers unlimited devices, is much cheaper and enables efficient split-tunneling.
If you pick anything other than SurfShark or Nord, you are either paying too much or paying for trash. Find me one exception and I'll 'eat my hat'.
SurfShark says that it offers unlimited devices. It also says that it has an efficient whitelister (split tunneling) mechanism and that it camouflages your connection as HTTPS traffic to your ISP (which is extremely important if you're in an oppressed nation).
Transparency issue 1: Split-tunneling
The problem is lack of transparency and I am going to explain how/why. As soon as you enable split-tunneling with SurfShark, you are not fully camouflaging your connection because it demands Ikev2 Protocol (which they never explain, and your settings will say you're on OpenVPN with UDP but really you have IKev2 with maybe some layer of OpenVPN on top). This is especially true if using the Android or iOS when/if you have their 'whitelister' activated for some apps. It is spitting the connection but operating on a protocol designed for good configuration but less 'pure security' nonetheless I'd say sure, there's no leaks happening but the key is that the apps/programs you make 'whitelisted' will sense you're using a VPN due to how it splits. This means if you think you can just split it like that and the things using your real IP will go 'ah everything is fine' you are so wrong. If you play online poker, use any bank-related programs or something that basically your money and real-life depend on, you can technically be banned for doing this even though you white-listed it. That aside, to truly whitelist a program in Windows with SurfShark is so utterly more complex than they make out with their 'tick the game you want to whitelist' options. The Client you play on is one of many .exe files (Idk what mac has instead of .exe and never ever will care, Apple and me fell out of love a long time ago). If you go through all the .exe files, you often find 'tracker' especially for games that want to ban 2 people playing from the same IP or track cheating or ban-bypassing like that. If you are not running that through your real IP, you can get banned for it. It comes down to how lenient and understanding the tech team is and how recipient to them, the admins are, that determines the mercy given to you when you explain you didn't realise you weren't whitelisting it fully. Note, even when whitelisted fully, split tunneling cannot and will not ever fully work for things like that because it works by it understanding you're blocking tracking and other things with your VPN active and then going 'oh we are lucky to have your real IP anyway but how do we really know for sure?'. If you understand programming, you'll realise why NordVPN is much more honest for only enabling you to have split tunneling on Android and why the only true way to split-tunnel on computers is to have browser extensions with your VPN there and the rest of your computer completely 'exposed'. This registers to games and programs as completely acceptable as there is no way you're faking your IP to them, regardless of your VPN on the browser being active. You can split-tunnel on Android with NordVPN if you read their support guide on IKeV2 but it's not 'easy' to setup ('just a bit easier than medium' is what I'd rank it).
Hotspot Shield and many VPNs (including ExpressVPN but it's secure regardless) do not mean 'no logs'. Only SurfShark and NordVPN have a pure understanding of 'no logs' and only SurfShark is so extreme that it leads to a security flaw in the 'unlimited device' promise.
HSS and ExpressVPN both promise no logs. The problem is that they, like many other VPNs that promise this, keep your logs during your session, delete the 'content of your browsing' afterwards (which you are completely needing to trust them to do) and then say 'we have no logs of anything' but they have logs of your IP addresses, duration of usage etc. ExpressVPN works around this by being very expensive and able to afford storing your sessions on Random Access Memory (RAM) that means it never has the servers to properly be seized by governments. Turkey seized their servers after the assassination and the following occured:
As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators. Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs. We believe that the investigators’ seizure and inspection of the VPN server in question confirmed these points.
- ExpressVPN via: https://www.comparitech.com/blog/vpn-privacy/expressvpn-server-seized-in-turkey-verifyies-no-logs-claim/
Hotspot Shield is, other than VyprVPN, amongst the true "Original Gangsters" (OGs) in the VPN game, VyprVPN owns all its own servers and is very carefully wording its 'no logs policy' by avoiding admitting what it's keeping and using Switzerland laws not to reveal. HSS also uses sly wording but has only ever been proven to be recording the bare minimum required to give targetted ads to its free users (it's a very unusual VPN in that it offers itself free but then charges premium users more to make up the difference and be a 'hero' in some kind of genuine sense). I am almost entirely certain that if in fourteen years, HSS has never once been reported to turn anyone in but I admit it has no 'warrant canary' and is shockingly operating in Ukraine and Russia. I will honestly tell you that track record means a lot in the VPN world, so I don't distrust them due to this. I do, however, find the VPN is not worth the price and I know they are charging that much in order to handle the free users' load.
SurfShark has a simple flaw with regards to their 'pure no logging' attitude. They let you have unlimited devices to one account but don't let you log people out of devices even if you change your password, they justify this as them being true to their no-logs policy. I won't say more as I could be accused of revealing something that I agreed not to reveal as a user in some fineprint but that is a blatant flaw and one you could find out by talking to support as a non-user of the product. That alone increases the security threat to you since a whole array of people can continually impersonate you on their service doing god knows what and no matter how early or late you realise you can't trust them, you can't log them out of your account on their device. So, how does NordVPN who is also a diehard 'no logs' VPN in the genuine sense of the term, keep to its 'maximum 6 devices using the VPN at any time' policy? Well, that's classified, as in it's a copyrighted audit report that only users of the VPN can access and agree to reveal nothing of when seeing it so it's up to Nord to truly explain it but to put it simply; it's based on using a server solely used for the counting of devices, that is independent of the data transfer happening in one's session. That is obviously the only way this could be done and is how Hotspot Shield does it too, as does ExpressVPN.
Value for money and customer support
Some of the most expensive VPNs (other than ExpressVPN, which has fanastic support) do not offer true 24/7 live chat. You are often talking to a bot, not a person, and they cover these hours by automated 'please ask later' stuff and Idk what I didn't go ahead and test every single one as that's immoral to do if I'm never intending to use the product even if the support is good. Live chat support is not available on many VPNs even as a premium user. That is hilarious as they are often more expensive than SurfShark, which is the single cheapest and yet one of the single best. NordVPN is the best as an all-rounder and is weak in no category at all other than split-tunneling capacity on computers.
If you are in an oppressed nation and use NordVPN just take note that you need to use obfuscated servers (equivalent of SurfShark's camouflaging which is automatic and not opt-in or opt-out but only properly works if you have OpenVPN UDP and avoid split-tunneling, oh yeah and you have to choose their NoBorders option, which they never explain is actually their camouflage mode but I think it's because the support staff never realised this is the in-app name of the website-named 'camouflage mode'. Since it's automatically opted-in they say it's automatic with the product).
You will find that NordVPN and SurfShark are the options to go for if you are in an oppressed nation and using them behind a browser like TOR or Firefox with good privacy add-ons is your best bet at freeing your mind on the Internet.
NordVPN completely deletes the device and usage data after your session, but the other 2 do not necessarily do so althought they perhaps stay 'true' to the policy as they keep it airtight within their company.
NordVPN has great speeds if you pick a location close to you and don't make it obfuscated (but obfuscation is a must if you are in an oppressed nation, regarding Internet rights).
I may have been wrong about Split tunneling on Surfshark using IKEv2 but it still is much less open about what/how to use its functions, though for the money paid it is indeed brilliant. If knowing everything about your VPN matters less to you than having a lot for less money, go for SurfShark, if you like to know a lot and still have a fantastic deal that makes split tunneling awkward as hell to make work, go for NordVPN as in all other ways it equals and/or surpasses Surfshark while still having an absolutely brilliant price for the 3-year plan.
Any other VPN is either based in a nation where logs are obligated to keep and can be demanded at any times (even if it says it keeps no 'personally identifiable' logs, it's keeping many logs that are required by law) or is based in a good enough nation and situation security-wise but simply is too expensive vs what it offers.
I know for a fact that if you're in an oppressed nation the camouflage mode ('NoBorders') of SurfShark and the Obfuscated servers of NordVPN (Nord works brilliantly with Onion Router, TOR Browser for computers and Orbot router + Orfox browser for Android... Don't use iOS if you seriously want to connect to TOR... This matters a lot. ExpressVPN is good at that but is a rip-off price wise. Also, in very oppressed nations, ExpressVPN addresses and DNS servers are usually one of the first targetted by authorities like China, because it's such a high-end one that they know a lot of data transfer will happen over. It takes them up to 5 days to recover from a proper China security hit and other nations that dislike VPN target it also, but tend to struggle if you use the stealth mechanism properly.
If you have the money to buy ExpressVPN and require high speed connection on top of Stealth/Obfucation then sure, go for it. NordVPN has fantastic enough speeds if you don't need obfuscation and the obfuscated speeds are great for general browsing, as is SurfShark. I prefer NordVPN because it gives you more clarity on how to opt in and opt out of that, as well as clearly explaining when obfuscation is not happening. SurfShark support seem to think it still is camouflaging when on P2P servers as well as the double-VPN... In fact SurfShark even offers Virtual Servers that it claims it's obfuscating you while connecting to... That is insecure to do and ridiculous to add on top.