I'm a bit of a tin foil hat kind of guy.

  • DuckDuckGo instead of Google
  • I clear all cookies in all browsers weekly
  • I use 3 browsers on desktop and mobile for different sites
    • Mobile
      • DuckDuckGo - just switched to their iOS browser
      • Firefox for occasional Twitter (it's the only social media I access on mobile)
      • Safari
    • Desktop
      • Safari for most everything on desktop
      • Firefox for social media and specific logins using Mulit-Account Containers
        • If you use social media, you really need to check this out.
      • Opera (heavily modified) or Chrome Canary for much of my web development work so I don't have to use Chrome and have usage reported to Google
  • I use a VPN for mobile and desktop at all times - even when using cellular data.

NOTE: DuckDuckGo is my default search provider for all browsers. I can't recommend it enough.

DuckDuckGo provides a partial explanation as to why I care about my privacy and you probably should too.

NOTE: Even if you don't need/want a VPN, you really should checkout the 1.1.1.1 app on your mobile device. By using their DNS service, you'll get faster domain resolution and privacy.

NOTE: For your household, you really ought to consider using the 1.1.1.1 DNS service as well. It shields you from your ISP knowing every website your family visits and provides faster/more secure DNS resolution.

PSA: If you're using Google's 8.8.8.8 DNS resolution service, you are basically just handing them the keys to your house. By using it, you are filling in all the blanks they don't already know about you via searches and ad tracking. You're literally telling them every website and service your family uses.

VPN Provider Overview

This is a review of several VPN services I've used for several years or am trying out.

Encrpyt.me VPN Service ($9.99/mo or $99.99/yr)

For many years (since 2012 ??), I've used Encrypt.me (formerly known as Cloak) as my VPN provider for both mobile and desktop use. It's been a great service with amazing reliability and extensive features. For example, I can change my IP address to dozens of cities in the U.S.A and dozens more around the world.

When I travel internationally, I can still appear as if I'm in Dallas, TX so that my bank login doesn't freak out and lock me out or make me revalidate with SMS. I can also stream media from geo-locked services.

The best thing about Encrypt.me is the "Overcloak" feature. Basically, it locks down all network traffic until the VPN is connected.

For years, Encrypt.me has worked very reliably for me on mobile. Then, about 2 years ago, I switched from AT&T to T-Mobile. Sadly, I was very unimpressed with T-Mobile. Service in my neighborhood is terrible. I can't get service in parking lots (gas station, fast food, grocery store, barber, etc) in my area or even on my daily walks in my own neighborhood. In other areas of town, I get decent service. In some areas, I get no service.

Recently, I discovered that part of the problem has been my VPN. If I travel to an area where I get no service, toggle the VPN on and off, I suddently get data. Again, this being T-Mobile, the service is iffy at best. It might be blazing fast or like using a 56K dial-up connection, but at least it's service where there was none before. I had never had this problem with AT&T on the same phone and with the same VPN.

So, I reached out to Encrypt.me' support team. They explained that some carriers had issues with VPNs and wouldn't connect reliably between towers. I was very unimpressed that they basically told me, "Don't use a VPN on wireless - it's not really necessary" Really? That was the advice of a service that's soul purpose is to provide privacy from all carriers?

So, I started looking at other alternatives.

1.1.1.1 Warp+ (Free to up to 10GB or $4.99/mo)

Several months ago, I set up the new 1.1.1. Warp+ (powered by Cloudflare) service on my wife's iPhone. I did this because I wanted a dead simple VPN service for her. There was no way she was going to put up with the flakiness of my VPN service (on T-Mobile). Sadly, even in our house on 50MB WiFi, her phone had terrible connection problems using Warp+. She frequently could not connect to websites or use apps. So, I uninstalled it, and she was happy again.

In the last few weeks, there have been several releases and fixes to the Warp+ service. Since I was considering giving up on Encrypt.me, I tried it out again. In the house, I've had no troubles at all with the VPN connection quality or speeds. I also re-installed Warp+ on my wife's phone. She hasn't reported any troubles at all. It looks like Cloudflare managed to resolve whatever bugs they had.

The real test was going to be my mobile service. So, I deleted the previous VPN on my iPhone and setup the 1.1.1.1 Warp+ service. Setup is dead simple thanks to improvements in the way iOS 13 deals with VPN connections. For the last 2 days, I've driven around to many areas where I had trouble with the T-Mobile/Encrypt.me combination. To my amazement, I was able to get data everywhere I went (albeit stupidly slow in some areas - thanks T-Mobile!). I never had to toggle the VPN on or off. It just worked!

Now, there are some downsides to using 1.1.1.1 Warp+. It's .... not a traditional VPN. I'll let this Tweet and response explain in more detail.

The biggest thing I dislike about this "not quite a VPN" thing is that you can't "transport" yourself anywhere. Your IP address is basically always going to be the same as your provider. So, if you don't want some endpoint knowing where you are, you're out of luck.

TunnelBear ($9.99/mo or $59.88/yr)

I've been a long time fan of the marketing/copy for the TunnelBear VPN service. I think it's really cute and entertaining. I'm also impressed with their willingness to submit to an external audit of essentially 100% of their VPN service and apps. So, I thought I'd give them a try to see if they would be my replacement VPN service on my desktop and mobile. Also, I wanted to know if they'd be a good fit for my mobile needs as well. Why pay for 2 services, right?

Sadly, I can't say I had a very good experience with TunnelBear on any device today. On mobile, I configured TunnelBear to always connect on cellular and WiFi (I had no trusted networks). However, I found several instances of TunnelBear not connecting at all. For example, if I switched off WiFi to test the connection on mobile data, TunnelBear would just turn off the VPN. The same happened in reverse. If I disable carrier data and just used WiFi, the VPN would drop and not reconnect and let any traffic through unprotected. Every time I changed the network configuration, the VPN dropped and did not reconnect. I had to manually enable it after every network change.

Most importantly, using TunnelBear did not solve my problem with T-Mobile.

Next, I installed TunnelBear on my desktop. Installation and configuration was a breeze. I simply configured it to always be on and not trust any networks. I also configured it to start on any shutdown/reboot.

However, after rebooting, I discovered TunnelBear did not actually start! The settings still showed it configured properly, but on macOS Catalina, it was never added to the "Login Items" in System Preferences -> Users & Groups. After manually adding TunnelBear to my Login Items, it properly started on several reboot attempts.

I wasn't too thrilled about this configuration problem, but I still considered using TunnelBear anyway since it was cheaper per year than Encrypt.me.

There are some other strange things about TunnelBear's "Fastest Connection". Initially, it routed me through India 🤯 from the Dallas, TX area?? After manually modifying the connection to "United States" once and then back to "Fastest Connection", it routed me through Parsippany, NJ every single time I used it. So, this either means TunnelBear's routing logic is subpar, or they have very few connection points in the U.S. TunnelBear apparently doesn't support the ability to let you transport to specific cities - just general countries. Again, this points to a not very diverse network.

SpeedTest Comparison

I use the Speedtest by Ookla app on desktop (and mobile) to test network connectivity from time to time. Back when I was struggling to get T-Mobile to solve my problems (amazing customer service/horrible network), I relied on Speedtest daily to get stats for them. I decided to compare my desktop speeds on the 2 different VPNs vs using my ISP directly.

NOTE: I'm just providing 2 different tests. I performed several more tests on each VPN provider but didn't bother providing them in this review. All of the test results were similar.

ISP Speeds

  • 46.2/10.5

Encrypt.me Speeds (using the Dallas, TX endpoint)

  • 44.8/9.41

  • 46.4/8.75

TunnelBear Speeds

NOTE: These network tests show routing through Dallas, TX. However, all the IPs report as being in Parsippany, NJ.

  • 27.6/11.5

  • 28.1/11.6

As you can see from these results, Encrypt.me provide speeds on par with my direct ISP speeds. The difference is negligible and easily within the variance of typical internet speed fluctuations.

On the otherhand, TunnelBear had significantly slower speeds. This degradation is well outside any normal internet speed variances.

Conclusion

My goal of this process was to choose a single VPN provider that would give me the best experience on mobile and desktop. Due to T-Mobile's compatibility issues with some VPNs, that simply is not going to happen. So, I'm left with actually needing 2 VPN providers.

Clearly, I'll continue using 1.1.1. Warp+ for most of my mobile VPN usage.

Due to the software problems and connection speeds I experienced, I will not use TunnelBear.

For desktop and occasional mobile, I'll continue to use Encrypt.me. They've been a great provider for many years and have the best options for cloaking your location. My troubles with T-Mobile can't really be laid at their door.