which if any VPN is recommended for MacBook Pro and iPhoneX

For what purpose? If security - non-corporate VPNs don't really provide that (not the way people think they do anyway). But for what they do provide the key is a reputable, for-profit provider with independent security audits and a verified "no-logging" policy. There are plenty out there - SurfShark, NordVPN, etc, etc.

If you need real security - like for dissendent/actvist/journalist work, then you probably need a real security solution - TOR, Signal and a bunch of best practices for personal security.

If you just want to get around geoblocking for TV and sports games, it hardly matters. But they'll sell your personal info, so treat that use case like the first one.

If you already have Proton mail, why not just upgrade and use their paid VPN and secure storage too? At least that's a known and consistent ecosystem with a provider that started with a privacy/security mission from the very beginning.

Nothing keeps email safe from surveillance unless it's encrypted with public key encryption of some kind.

Even when the email service you use uses secure sockets to communicate with the server, the email isn't encrypted at rest. Server-server communications may not be encrypted. And of course with Gmail, Google can and probably will use your emails for building marketing profiles and training their AI.

Proton will, I believe, do end-to-end email encryption - but only when both parties are using Proton Mail because they can only "guarantee" security on the infrastructure they control. Their big claim to fame was being in a Swiss jurisdiction that wouldn't respond to judicial production orders...except they will from Swiss courts, including ones from foreign jurisdictions that Swiss courts approve.

Don't get me wrong, still a good service and all - but by no means a privacy panacea.

Algo. At least you have some idea what that’ll do with your metadata.

Or use iCloud+ with Private Relay and ODoH.

The mass-hyped “coffee shop” VPNs (outside of geo-shifting for website or CDN testing) not so much. They badly solve a problem that hasn’t existed for a decade or so, but badly solve it in a way perfect for personally-identified metadata collection.

Almost all other uses are a SCAM.

All other uses??? What about all the poor people in Florida and 19-odd other States who want to access PornHub without providing their ID to the government???

:)

Generally none is recommended and more importantly none is necessary. Mac OS security is all that required. If this is for your work, they should provide professional level VPN. Never EVER install a free VPN unless you want a slow, buggy and very unstable Mac.

others have quietly tried to gently dissuade you from using a VPN.. I have a somewhat stronger opinion:

A virtual private network, or VPN, is a private connection over the Internet from a device to a specific network.  VPN technology is widely used in corporate environments. If you need to be "present" on an institutional network, a VPN is a great tool for accomplishing this. it is generally issued and controlled by the institution.

Almost all other uses are a SCAM. There is generally no need for you to have a private connection to a VPN vendor's Network, except to make it easier for them to harvest your data to sell. There is NO security advantage whatsoever in using a VPN. Your connections are already encrypted in almost all cases.

If VPN vendors just stopped there, it would be bad. But many of these packages also insist on scanning all your files, non-stop, -- nominally looking for viruses, but who knows for sure what data they are harvesting. Their non-stop file reading punishes your computer's performance in the process.

Some also break into your other secure connections so they can be FIRST to examine your data, often leaving your Mac MORE vulnerable to attack.

https://gist.github.com/joepie91/5a9909939e6ce7d09e29

7RosesCross wrote:

Thank you for your thoughtful response. Honestly, I'm a bit confused. I was thinking that a VPN was for security. If not, then why would anyone, as a private personal entity, want to get one?

Yes. You do understand it. Why would someone want that?

To answer your question of what purpose, I'd like for 1) my two (and maybe if a family or duo acct. 4) emails (both a protonmail and gmail) to be secure (no surveillance). And 2) for my internet activity to be secure (no surveillance).

Against who? Against any entity with ubiquitous access, you're headed for trouble.

As for other adversaries, iCloud+ with Private Relay and ODoH with the existing end-to-end tunnels does well.

Is there any other reason that people use a VPN?

Absolutely!

The heavily-advertised “coffee shop” VPNs are very useful for adding unnecessary connection overhead from poorly re-encrypting what is already encrypted, and personally-identified data collection, and they’re basically free money.

All while badly solving a problem that hasn’t existed for a decade or so.

Oh, and some of those that claim no logging were caught out when the “non-existent” logs were found exposed on the ‘net.

https://gist.github.com/joepie91/5a9909939e6ce7d09e29#dont-use-vpn-services

Too many of the add-on “security” apps in the recent era can look or act like malware, but they get installed with an end-user license agreement. While providing negligible benefits over the builtin features.

One of the better-known anti-malware packages got caught and fined for selling personally-identified web browsing and online purchasing data. And the fine was because they didn’t disclose that sale in their fine print. Not because the vendor was collecting and selling it.

Another add-on security vendor spent (six months?) merrily reporting part of macOS as malware.

And add-ons have tried deleting part of macOS too, only to be blocked by the built-in anti-malware. (Those are particularly pernicious, because the folks using those apps can and variously do reject any feedback from others pointing to a false positive. yeah, a decade old hunk of Windows malware was found in a macOS system file. Right.)

Are there some cases where a VPN or end-point security is appropriate? Sure. But there are a whole lot of cases where add-on security apps are adding problems, and adding noise.

7RosesCross wrote:

Last question is, Does my laptop's security keep my gmail acct safe from surveillance?? I'm guessing not and that any sensitive info should just go through Protonmail. Do you agree?

Who is your assumed adversary?

If any entity with legal powers or with ubiquitous access, or with access to substantial resources, you’re going to have trouble. And that’s assuming some of your tools don’t hand you surprises.

If the capabilities of your perceived adversary are more mundane, iCloud mail with advanced data protection enabled will be fine, as well as with iCloud+ Private Relay and ODoH for browsing-related comms.

Metadata and endpoint security gets people in trouble. And wrenches. And warrants.

If you’re more than a little cautious, and haven’t already considered Advanced Data Protection, and a handful of security keys in use, and a recovery key, might want to start with a review of your security, your perceived threats, and your exposures. Why a review? Because security tools are far from a panacea, such as “coffee shop” VPN vendors and risks of metadata collection, or anti-malware tools that have themselves introduced vulnerabilities, too. The Juniper VPN server implant was an example of security apps adding problems, and there are others.

7RosesCross wrote:

I'm looking for a VPN that can cover my iPhoneX and MacBook Pro with both gmail and protonmail acts.

Stop looking. Don't use VPN services.

Cmon, I said 'ALMOST'

Please read Grant Bennet Alder’s first post, he gives a pretty good explanation.