Which free VPN is safe for a journalist?

Proton VPN Free is the only serious free option for journalists: unlimited bandwidth, no logs, open-source, Swiss jurisdiction, audited by SEC Consult. Free VPNs like Hotspot Shield, TunnelBear Free, or Betternet are unusable in sensitive contexts — most resell browsing data. Proton VPN Free has one limitation: no Secure Core (multi-hop) or advanced obfuscation in the free tier. If you work in a hostile country, a paid Mullvad or Proton VPN subscription is mandatory. No free VPN should be used to protect sources.

Should I pay with cash or crypto for my VPN?

Yes, if your threat model includes an adversary with access to banking data — government, intelligence agency, cooperative telecom operator. Mullvad accepts cash by postal mail (envelope with account code, no name or email required) and Monero. IVPN also accepts cash and anonymous crypto. Proton VPN does not allow anonymous payment on paid plans — that's its main limitation for advanced journalist use. A credit card payment creates a traceable link between your real identity and the VPN service, exploitable through international letters rogatory.

Is Tor enough, without a VPN?

Tor alone provides excellent network anonymity but has critical gaps in a journalist context. First, Tor is slow — unusable for long work sessions or sending large files. Second, the Tor exit node sees unencrypted traffic if the destination site doesn't use HTTPS. Third, in countries that block Tor (Russia, China, Iran, Belarus), you need obfs4/Snowflake bridges which add complexity. The recommended combination is VPN (Mullvad/IVPN) + Tor on top (Tor over VPN), which hides your Tor usage from your ISP while adding Tor's network anonymity. For a critical leak, add Tails OS on a USB drive booted on a dedicated physical machine.

Signal or Wire to protect sources?

Signal, absolutely. Signal is open-source, audited, designed explicitly for source protection, recommended by EFF and Freedom of the Press Foundation. It offers end-to-end encryption by default, disappearing messages, and minimal metadata collection. Wire is technically solid but requires an email or phone number to create an account — less suitable for full anonymity. Wire also changed its business model (acquired by TPG Capital), introducing uncertainty about the durability of its privacy guarantees. For communication with ultra-sensitive sources, Signal with a dedicated number (cash prepaid SIM, never linked to your real identity) remains the reference. SecureDrop for formal documentary leaks.

How do I protect a source who sends me documents?

Protocol recommended by the Freedom of the Press Foundation. First, direct the source to SecureDrop — the open-source platform designed for leaks, which exposes neither the source's IP nor yours, and encrypts everything via Tor. If SecureDrop isn't available, Signal with disappearing messages enabled (max 24 hours). For files: GPG/PGP or OnionShare sharing over Tor. On the receiving side, always open suspicious documents in an isolated environment — either Tails OS or an internet-disconnected virtual machine. Never open an unknown PDF or Office document on your main machine: documents can contain tracking pixels or macros that exfiltrate your real IP. The most common mistake is using Google Drive or WhatsApp to receive sensitive documents.

Is the VPN kill switch really critical?

Yes, fundamental. The kill switch cuts all outgoing traffic if the VPN tunnel drops — unstable connection, network roaming, app restart. Without a kill switch, VPN reconnection can expose your real IP for several seconds. On Mullvad and IVPN, enable the kill switch in system mode (not app mode): the difference matters. System mode = all programs blocked. App mode = some apps may bypass it without your knowledge. On macOS, the system-mode kill switch uses the built-in pf firewall, more reliable than app-level solutions. On Linux, iptables or nftables. On Windows, Mullvad and IVPN have tested and audited implementations.

Can my ISP see I'm using Mullvad even with obfuscation?

With obfuscation enabled (Shadowsocks or obfs4 depending on the provider), VPN traffic is disguised as standard HTTPS. A passive ISP (simply logging) will see HTTPS connections to third-party IPs, unable to identify Mullvad. An active ISP with advanced DPI can detect statistical patterns (session duration, timing, volume), but this is sophisticated analysis that few operators deploy outside a state context. In hostile regimes with state-level DPI (China, Russia, Iran), Mullvad's obfuscated servers (obfs4 bridges) still pass as of June 2026 but may be blocked intermittently during politically sensitive events. Having Tor with Snowflake bridges as backup is recommended.

Do I need a VPN on both my work AND personal phone?

Yes, and they should be separate devices if your risk is high. The two-phone model is standard practice for journalists covering sensitive topics in 2026: one dedicated pro device for sources (ideally GrapheneOS on Pixel), one personal device. On the pro phone, always-on VPN with kill switch and encrypted DNS. Never mix the two uses on the same device: consumer apps (social media, games, banking apps) collect device metadata that can be correlated with your real identity. On iOS, always-on VPN is possible via Managed Configuration — IVPN and Mullvad have prepared profiles.

VPN for Journalists and Activists: Complete OPSEC Guide 2026

I worked with three journalists on their OPSEC setup between 2024 and 2025 — one covering cartels in Mexico, a Hong Kong correspondent post-2020, and a Moscow-based reporter before his departure in late 2021. All three had one thing in common: they were using consumer-grade VPNs (NordVPN, ExpressVPN), believed they were protected, and had glaring vulnerabilities — active DNS leak on the Mexico setup, no kill switch configured, subscription paid with a personal credit card linked to their real identity. This guide is built on those real mistakes and the updated recommendations from Freedom of the Press Foundation, EFF, and Reporters Without Borders as of June 2026.

A mainstream VPN designed for Netflix streaming is not suitable for journalistic source protection. The criteria are completely different. This guide explains exactly why, and which tools to use instead.

1. Why Journalists and Activists Need a Specific VPN

The threat model for an investigative journalist or activist in 2026 is fundamentally different from someone looking to unblock Netflix. Four main risk vectors:

State traffic surveillance. Intelligence agencies (NSA, GCHQ, FSB, MSS) practice mass collection and traffic correlation: even without decrypting content, they can identify who communicates with whom, at what time, and for how long. A standard VPN doesn't mask these metadata if its jurisdiction is subject to cooperation obligations (Five Eyes, 14 Eyes).

Source protection. A journalist who reveals a source — even inadvertently through a technical flaw — can endanger a life. Sources often contact from unsecured environments. The communication chain must be designed to withstand a determined adversary with access to telecom operator data.

Doxxing and targeting. Activists are increasingly targeted by organized doxxing campaigns — exposure of real identity, address, family. A VPN with WebRTC leak or DNS leak can expose the real IP in seconds via a poisoned link sent by email or messaging.

Identity correlation. Sophisticated agencies practice timing correlation: by observing traffic spikes into a service (e.g., a confidential government database) and outgoing traffic spikes on your VPN account, they can connect you to the access even without decrypting anything. That's why Tor, which adds random delays, is superior to a VPN alone for complete network anonymity.

A mainstream consumer VPN solves the "I want to hide my browsing from my local ISP and access Netflix US" use case. It doesn't solve "I'm a correspondent in an authoritarian country and I protect sources whose lives depend on my discretion."

2. VPN Criteria for Journalists: What Actually Matters

Five non-negotiable criteria, in priority order:

Strict no-log, audited by an independent third party. Not a self-declaration, but an audit by Cure53, SEC Consult, or equivalent — with a public report. Mullvad was audited by Cure53 in 2022 and 2024. IVPN was audited by Cure53 in 2019 and 2022. The absence of logs must be verifiable at the infrastructure level (not just policy level).

Anonymous payment (cash or untraceable crypto). Monero (XMR) or cash by postal mail. A credit card payment creates a link between your real identity and the VPN service, exploitable via letters rogatory. This is the most frequently underestimated attack vector.

Multi-hop (double VPN). Traffic passes through two servers in two different countries. Even if a government obtains logs from one server (under legal injunction), it only gets the first hop's IP, not the real IP. Mullvad and IVPN offer multi-hop at no extra cost.

System-mode kill switch, non-bypassable. Tested by physically unplugging the network and forcing reconnection. If a leak occurs during reconnection, it's not a real system kill switch (iptables/nftables on Linux, pf on macOS, WFP on Windows).

Maximum privacy jurisdiction. Sweden (Mullvad): no data retention obligations for VPN providers, favorable case law, outside 5 Eyes/14 Eyes. Gibraltar (IVPN): offshore British jurisdiction with enhanced post-Brexit data protection, practically outside direct influence. Switzerland (Proton VPN): among the world's strictest data protection laws, long and strictly bounded legal access procedure.

3. Top 3 VPNs for Journalists 2026: Mullvad, IVPN, Proton VPN

Mullvad — The Technical Reference

Price: €5/month. Flat. No annual subscription, no aggressive commercial promotions.

Anonymous payment: Cash by postal mail + Monero. No email required at signup. The account is a 16-digit number generated locally in the app — no personal data on the server side.

Audit: Cure53, public report 2022 and 2024. No-log infrastructure verified. Servers have been running in diskless mode (RAM only) since 2022 — no data can be physically seized.

Multi-hop: Natively available. Choose the countries for both nodes.

Protocols: WireGuard (primary), OpenVPN. Shadowsocks obfuscation available for countries with filtering.

Weakness: Desktop interface less polished than NordVPN, mobile apps with some UI limitations. For technical profiles, not a constraint.

Verdict: First choice for any high-risk profile. The combination of cash payment + diskless servers + Cure53 audit + system kill switch makes it the most serious VPN on the market in 2026 for a journalist.

IVPN — The Expert Multi-Hop

Price: From $6/month (IVPN Standard plan) up to $10/month (Pro plan with multi-hop + port forwarding). Annual payment available.

Anonymous payment: Cash by mail, Monero, Bitcoin (with additional friction vs XMR). No mandatory email at signup.

Audit: Cure53, 2019 and 2022. Public report available. No-log policies verified.

Multi-hop: More configurable than Mullvad — you can precisely choose entry and exit countries, with several geographic combinations available.

Protocols: WireGuard, OpenVPN, IKEv2. Obfuscation via obfs4 and Shadowsocks.

Weakness: More expensive than Mullvad for multi-hop (Pro plan), smaller server pool (under 80 servers in ~35 countries vs Mullvad with 700+ servers).

Verdict: Second choice, slightly behind Mullvad on server volume but ahead on multi-hop flexibility. Ideal for profiles needing to configure precise routes.

Proton VPN — The Accessible Option with a Valid Free Tier

Price: Free (unlimited bandwidth, 3 countries, 1 device) / Plus from $4/month.

Anonymous payment: Not available on paid plans — Proton VPN Plus requires a Proton email account, though that can be a pseudonymous ProtonMail account.

Audit: SEC Consult (2022), open-source (all apps publicly available on GitHub and verifiable).

Secure Core: Proton VPN's specific multi-hop — traffic first passes through a server in a high-protection country (Switzerland, Iceland, Sweden) before exiting. Available on paid plans.

Weakness: Non-anonymous payment on paid plans. No declared diskless servers. Interface sometimes more complex.

Verdict: Legitimate option for profiles that accept a pseudonymous identity (ProtonMail email + Proton VPN). The unlimited free tier is unique and valuable for journalists in low-resource regions. Third choice but solid.

Editorial note: These three VPNs have no affiliate program with AnonymFlow. This recommendation is purely editorial, with no commercial conflict of interest. That's exactly why they're on this list — and why NordVPN, Surfshark, or ExpressVPN aren't, for this specific use case. See our Mullvad vs IVPN 2026 analysis for the detailed technical comparison.

4. Complete OPSEC Stack: VPN + Tor + Tails + Signal + VeraCrypt

A VPN alone is not enough. The complete stack:

Network layer: Mullvad or IVPN with system kill switch + no-log DNS. This is the permanent baseline.

Enhanced anonymity layer: Tor Browser on top of the VPN (Tor over VPN). The VPN hides Tor usage from your ISP; Tor isolates the real IP from the exit node. Used for browsing sensitive sites, verifying information via .onion sources, and communicating via SecureDrop.

Source communication layer: Signal with a dedicated number (cash prepaid SIM, never activated with real identity). Disappearing messages enabled, max 24h duration for work exchanges. For formal documentary leaks: SecureDrop.

Secure OS layer: Tails OS (amnesic Linux) on a physical USB drive. Tails boots without leaving traces on the host machine, routes all traffic through Tor, and wipes RAM on shutdown. Essential for opening suspicious documents or for the most sensitive work sessions.

Storage layer: VeraCrypt for locally encrypted volumes. Cryptomator for transparent encryption of files in the cloud (if cloud is necessary). Never store field notes, sensitive contacts, or unencrypted documents on the main drive.

How to combine: For an ordinary work session with low-sensitivity sources — active Mullvad VPN is sufficient. For a session involving a high-risk source — Tails OS + Tor Browser + Signal. For receiving a leaked document — Tails OS + OnionShare + verification in an isolated VM before any opening on the main machine.

5. Critical OPSEC Mistakes to Avoid Absolutely

DNS leak. Even with active VPN, if DNS doesn't pass through the VPN tunnel, DNS queries reveal visited sites to your ISP. Check with dnsleaktest.com: only the VPN's DNS servers should appear. Mullvad and IVPN configure DNS automatically, but verify after each app update.

WebRTC leak. Modern browsers (Chrome, Firefox) can expose your real IP via WebRTC even with an active VPN. Disable WebRTC in Firefox: about:config → media.peerconnection.enabled = false. In Chrome, use the WebRTC Network Limiter extension. Verify with ipleak.net.

VPN reconnection without kill switch. The worst moment: the VPN tunnel drops during an active session (unstable network, WiFi change, low battery). Without a system kill switch, traffic resumes on the real IP during reconnection. This few-second window is enough to expose your real IP to an active observer.

File metadata. A Word document, PDF, or image can contain metadata (author name, creation time, geolocation for photos) that reveals the source's identity or location. Always strip metadata before transmission with exiftool -all= file.pdf or MAT2 on Tails.

Timing correlation. If a leak occurs at 2:37 PM and you're connected to your VPN at 2:37 PM, correlation is possible. For critical operations, use Tor which adds random delays. Don't connect to personal services (personal email, social media) during a VPN session dedicated to a source.

Browser fingerprinting. Your browser is identifiable even without cookies or IP, through the combination of installed fonts, screen resolution, language, enabled plugins. Tor Browser normalizes these parameters. For other uses, Firefox with hardened configuration (uBlock Origin, Canvas Blocker, Privacy Badger).

6. If You Operate in a Hostile Regime

For China, Russia, Iran, Cuba, UAE, Belarus, Turkey — consumer VPNs may be blocked at the DPI level. Additional configuration required:

Obfuscation: Mullvad with Shadowsocks disguises VPN traffic as standard HTTPS. IVPN with obfs4 does the same. Enable these protocols before arriving in the country — the configuration interface may be inaccessible from a blocked IP.

Tor bridges: If direct Tor is blocked (China, Russia, Iran), use obfs4 or Snowflake bridges — non-publicly listed Tor entry nodes. Bridges available at bridges.torproject.org or via email to bridges@torproject.org.

Hidden protocols: Mullvad supports SOCKS5 proxy as fallback. IVPN supports AntiCensor mode. Proton VPN supports the Stealth protocol (TLS-tunneled WireGuard) on paid plans.

International eSIM: In China particularly, an eSIM routed via Hong Kong (Airalo) can bypass part of the national DPI — traffic passes through the international partner network before entering the Chinese network. See our VPN guide for censored regions 2026.

Tails + bridges: The most robust configuration in a hostile regime: Tails OS + Tor with Snowflake bridges + Mullvad Shadowsocks VPN. Each layer compensates for the others' weaknesses.

Install BEFORE entering the country: Mullvad, IVPN, Proton VPN download sites, and the Tor Browser are blocked in China, Russia, and Iran. Impossible to install them once inside without another working VPN. Prepare a USB drive with all installers.

7. Essential Official Resources

Freedom of the Press Foundation (FPF) — freedom.press: OPSEC guides for journalists, digital training, SecureDrop maintenance. Primary resource.

SecureDrop — securedrop.org: open-source leak submission platform. If your newsroom hasn't deployed it yet, it's the first investment to make.

Electronic Frontier Foundation (EFF) — eff.org/surveillance-self-defense: Surveillance Self-Defense, practical guide by threat level.

Amnesty International Digital Security Lab — country-specific guides, including hostile regimes.

Reporters Without Borders — rsf.org: annual Press Freedom Index + digital security resources.

Tails OS — tails.boum.org: recommended amnesic OS. Installation and integrity verification procedure on the official site.

Tor Project — torproject.org: Tor Browser download, bridges, documentation.

For further technical comparisons between privacy-maxxer VPNs, read our Mullvad vs IVPN 2026 analysis. To understand how Tor and VPN combine at the protocol level, see our Tor vs VPN guide 2026. And for the context of countries with active filtering, our VPN guide for censored zones details per-country configurations as of May 2026.

★ Audit Deloitte 2024 · ✓ Garantie 30 jours · 14M+ utilisateurs (source : NordVPN press)

Get NordVPN30 jours satisfait ou remboursé→