Most VPN Services are Terrible
Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
Again I strongly do not recommend using any of these providers.
Provider / known "Secret" Key
Astril / way2stars EarthVPN / earthvpn GFwVPN / gfwvpn GoldenFrog / thisisourkey IBVPN / ibVPNsharedPSK! IPVanish / ipvanish NordVPN / nordvpn PrivateInternetAccess (PIA) / mysafety PureVPN / 12345678 SlickVPN / gogoVPN TorGuard / torguard TigerVPN / tigerVPN UnblockVPN / xunblock4me VPNReactor / VPNReactor
Yes, I know. Many/most of these offer OpenVPN, or special clients for IPSec. But for all of the above, they are actively placing a significant portion of their user base (particularly those with older Androids and desktops) at risk by not using per-user PSKs. If your threat model is streaming BBC or helping your cousin geo-shift Hulu, go wild and plug into the Mad Max-esque Thunderdome commons and take your chances. If you're a dissident in Tehran or Riyadh, be extremely cautious of any of these providers.
Lastly, a VPN Hall of Shame honorary mention goes to
DoubleHop.me* on general principle for blatant sexism and utter insincerity. Their privacy/legal policy section includes LGBT slurs and literally has your-mom jokes. But even ignoring that, as of this writing, there is virtually zero technical information provided, only YouTube videos apparently intended for 10 year-old boys.
Moral of the story: Don't believe everything you read on, say, TorrentFreak and PCMagazine. And (crucially) think about your threat model—are you guarding against amateur WiFi snoops at Starbucks or Marriott? Reducing identity monetization profiling by ISPs (ie ad tracking)? Minimizing exposure to government surveillance? Trying to be anonymous online? If the latter, a VPN won't help much.
https://www.google.com/#q=goldenfrog+thisisourkey Archive: http://archive.is/qlrLK
http://www.gfwvpn.com/?q=node/224 Archive: http://archive.is/EdpFV
https://www.vpnreactor.com/android_l2tp_ipsec.html Archive: http://archive.is/uwJvk
http://unblockvpn.com/support/how-to-set-up-l2tp-on-the-android.html Archive: http://archive.is/4To5Y
http://www.ibvpn.com/billing/knowledgebase/34/Set-up-the-VPN-connection-on-Android-handsets.html Archive: http://archive.is/srptW
http://billing.purevpn.com/knowledgebase.php?action=displayarticle&id=33 Archive: http://archive.is/R4JTi
https://www.privateinternetaccess.com/pages/client-support/ Archive: http://archive.is/U1bkL
http://torguard.net/knowledgebase.php?action=displayarticle&id=58 Archive: http://archive.is/iKJjl
https://www.ipvanish.com/visualguides/L2TP/Android/ Archive: http://imgur.com/IQU1mdg
http://www.earthvpn.com/android-l2tp-setup-guide/ Archive: http://archive.is/roKtf
https://nordvpn.com/tutorials/android/l2tpipsec/ (scroll down) Archive: http://archive.is/BQumt
https://help.tigervpn.com/support/search/solutions?term=shared+secret+tigerVPN Archive: http://archive.is/xZ136
https://www.slickvpn.com/tutorials/ipsec-for-iphone/ and http://archive.is/h4rI9
*DoubleHop.me: Archive:http://archive.is/G11WQ and http://archive.is/MZgWE and http://imgur.com/Zn5HSIj
I have been focusing on reviewing the VPN connection speed, it's surprising to read about the pre-shared key issues. I am wondering how to verify is it still a issue in 2022 as this gist was reported in 2016. Now most VPN provider advertise their Wireguard VPN mode. Will this implicitly resolve the disclosed pre-share key issue?