Hi guys, VikingVPN admin here.
Our warrant canary is a "dead man's switch" style canary that activates if we do not refresh a timer at regular intervals. I am currently in Austria doing unrelated work for OSTIF (negotiating with the Austrian government to establish an EU wing) and did not get to it in time due to an overloaded schedule. The service is fine and we have received no requests for information, clandestine or otherwise.
I will publish a signed statement on the transparency blog shortly.
I'm glad that someone noticed!
Edit: The canary has been updated, and the PGP signed statement is up on our transparency blog.
We were recently notified by one of our customers of a response from our support department that didn't match with our company's policies in regard to logging. We immediately investigated the support ticket and determined that, to our dismay, one of our support agents provided grossly invalid information to the customer asking questions.
First and most importantly, none of the things the support agent said are true. Secondly, none of our support agents have any details on how our internal systems actually operate. Thirdly, we never informed any support agents of any of the things the agent in question said. This appears to simply be a case of an unfocused and possibly overworked support agent. The responses he gave were unforgivable and as such we have disabled his support account and are currently working on replacing him.
Giving our users information which directly contradicts our most important policy is not a mistake we can excuse. We are also reviewing his past tickets to see if he gave any other similar misinformation to customers and will be notifying them of any misrepresentations moving forward.
We'd like to re-iterate our logging policies:
If someone requests session or traffic logs from us, even with a subpoena, we have nothing to give them. We're absolutely committed to your privacy. Without you, we are nothing.
Thank you for your understanding, Private Internet Access
At this time, the United States is one of the few countries that has not enacted a mandatory data retention law.
We do not log, period. However, it is our position that CISPA is a highly intrusive and vague bill that will increase the surveillance power of the government at the expense of the privacy and freedom of internet users.
Private Internet Access has a contingency plan in place in the event CISPA is passed and enacted in the United States. We maintain our commitment to protecting the privacy of both our users and all netizens in the world.
Thank you for your continued trust and support, and let's keep up the good fight!
Private Internet Access
To our beloved customers,
We would like to address the issue of the sudden disappearance of our US-Denver region as well as the US-Ohio region. US-Ohio was providing us very poor latency and data transfer rates so we had, for awhile, been routing all traffic headed to Ohio to our US-Midwest region. As for US-Denver, we had significant issues with the host as they were providing poor quality of service as well. We are always looking to provide the best service for our customers, and this means we need to partner with the best datacenters to do this.
While we no longer have Ohio and Denver, we have increased our regions significantly and currently have well over 250 gateways. Our server count on our website is dynamic and you should gradually see it increase significantly as we have already put in orders to the hardware vendors for new servers. Additionally, we are working with one of our partners to achieve gigabit connectivity in other requested (and long awaited) regions as well.
As for Netherlands, we had a single gateway there with a 10Gbps connection but we decided to switch it to a 1Gbps connection as it was more cost effective since we weren't actually utilizing the full 10Gbps. That is why it may appear there was a 10Gbps drop when it actuality there was no actual drop in throughput. We're also ordering a bunch more servers there so this "drop" will go away shortly.
Rather than reduce expenses, we are increasing expenses by providing higher quality bandwidth and regions to our customers.
We are committed to provide the best service possible, and nothing else.
Thank you again for your beloved support, Private Internet Access
It’s pretty sad that they interviewed Hotspot Shield in the article and pushes it as “one of the most popular VPNs in the world”. The reputation of that company as a privacy tool is pretty crappy:
I didn't think PureVPN were even US based. Even more concerning they replied to a US based request.
From the article it seems like the FBI went to them suggesting a particular VPN IP was doing something illegal and they believe that Lin was using it and his home IP was and then Pure VPN confirmed that he was connected to the VPN at those times. So they didn't explicitly confirm he was responsible but it provided more evidence to support the FBI.
I think if the FBI had no suspects the VPN logs wouldn't have been too much use. I still don't see how they can say "we do not monitor or keep logs" and then in the next sentence say "we record your connections and bandwidth". They should be mutually exclusive.
EDIT 2: As always you need to trust your provider, but it seems like PureVPN logged exactly what they said they would on their site. If a provider is honest a policy like this should be okay: >We strictly keeps no logs of your activity online. That means we do not track the time or duration of any online session, and neither do we keep logs of IP addresses or servers used, websites visited or files downloaded. In other words, none of your private and secure data is logged and gathered at any time.
I'm not saying it's a liability per se, but this guide is using a Google backed VPN which I've never heard of before hosted on Amazon Web Services. If you're electing to build a VPN solely for the purposes of having a private server that you're not paying for, you're better off making a PFSense build with OpenVPN or using the OpenVPN client built into your router (Bonus points if you install DDWRT or Merlin). It's free, versus the 3-4 bucks a month AWS would charge, and you're not subject to potential prying Amazon eyes wondering why you're using a VPN in the first place. Keep in mind your private keys will be stored on AWS's servers.
You're also relying on AWS to not block you or go down, or have something happen - though they are pretty reliable as a good chunk of the internet uses AWS. Having said that, OpenVPN running on a home network provides a better learning experience, more thoroughly vetted software, and better control over your infrastructure and privacy.
My setup uses an OpenVPN instance at home, as well as a paid subscription to AirVPN.
ANY VPN ultimately comes down to trust. For some people, trusting Facebook is more palatable than trusting their ISP or their government.
If you're in a country where Onavo is a terrible option (like the Gizmodo author) - that's great! Your life is pretty good.
I guarantee there are worse providers than Onavo though - HideMyAss, Tunnelbear, PureVPN ... and so on.
This is the response that I got; I'm hoping they're fine with listing this here.
> Since it is a new launch of FrootVPN, we decided to keep it free as long as we are able to run it. Resources are enough to keep it running for free at least a few months more, but we might rethink this very soon. Even if FrootVPN were to charge our users, it would be very low as compared to other providers out in the market. > > The people behind FrootVPN support freedom of speech and want the Internetz to be a uncensored place =)
I'm in China. I don't think you can ban all the VPN theoretically, and Chinese goverment ban VPN statement is more of a regulation, means it's illegal to sell VPN( yes few people have been jailed for this by now), but there are "legal" VPN which provide services to some companies and of course leave you little privacy. Individuals like me, use varies of means to pass the GFW.
1. foreign VPN like expressVPN, works in China, and CCP can't get their hands on them.
2. set up a VPN with offshore VPS like vultr, the most popular means is via shadowsocks. and you can do this youself or buy services from other people( which is illegal now but there're people doing this, guess it's because they're not in China so don't give a fuck to CCP)
3.buy a HK telephone SIM card, since they don't have GFW over there and their card can works in China.
it's absolutely a pain in the ass because of the effort and time and money you have to devote just to be able to use Google, but it's not possible and many people are doing this.
Because they advertised their services specifically for piracy, they 'poked the bear'.
Other VPN providers won't (hopefully) suffer the same fate as they have the sense to make it clear that their services are not to be used for illegal purposes.
LiquidVPN made a stupid/arrogant mistake. Having said that, if the lawsuit is successful it could have serious implications for the rest of the VPN providers.
VPN I use provide "Obfuscated servers" option to connect specifically from China. I strongly doubt that the Egypt developed better VPN blocking method than the one implemented into the Great Firewall, so it should work just fine.
Still, it would be wise to test it first.
Tried ExpressVPN for a week and discovered that every server I mapped to on my coast was actually located in New Jersey... When I contacted them about it (I assumed I was misconfiguring something) they told me I needed to use their webpage to locate my IP address, not anyone else's.
Just my 2 cents. PureVPN is known for the shills, fake accounts and blogs.
You won't be able to see posts to /r/vpn but you can see how this user spams other subreddits.
Opera ~~VPN~~ proxy by SurfEasy (which Opera Software acquired).
Opera Software may have been a reputable company (at least before the Chinese ownership), but remember the "if it is free, you're the product" rule.
Linus Tech promotes shit logging TunnelBear and if you read there terms and conditions they keep LOGS even when they say they don’t ! Everyone should spend 5 mind reading there VPN terms and conditions very very few vpns truly don’t log .
Many VPNs will have options to connect using port 443 or 80 using either UDP or TCP so that shouldn't be an issue. However, the issue is knowing what type of filtering your university is using. If its basic port blocking and webpage blocking, then just using a VPN that uses port 443 or 80 will do (TCP 443 should be guaranteed to work as its the same port HTTPS websites use) as long as the IP address for that VPN node isn't blocked. However, if they also use a type of filtering known as Deep Packet Inspection (DPI), then it will be harder as DPI can detect its a OpenVPN packet and block it, no matter what port it's on. In this case, you want to make sure the VPN you use supports OpenVPNs TLS-crypt function. This makes OpenVPN share its encryption keys and connection details using TLS, which to DPI filters looks like a HTTPS website using TLS 1.3 encryption (which most HTTPS sites currently) and should get around DPI checks. The VPN I use, AirVPN, supports this as well as many others do as well or are planning to adopt it so you shouldn't have a problem finding one that support it.
So in short, your best bet is to find a VPN that has options to use OpenVPN on ports TCP and UDP 443 and 80, and supports TLS-crypt.
Except they recommend HideMyAss, which has to be the absolute worst VPN for privacy, they log everything.
I also don't think any of their other suggestions are all that reputable either (especially hotspot shield).
Use the open source OpenVPN app with your providers ovpn files. Works great for me. Don't see the need to install proprietary apps.
Also there is no such thing as a truly free vpn. If you are not paying with money you are probably paying with your information.
IMPORTANT EDIT: I'd like to bring attention to a response from /u/Youknowimtheman about my characterization of AirVPN's practices (emphasis added). This is important because I don't want to mischaracterize AirVPN's operations. I am still uncomfortable with AirVPN, and the fact that they make live usage information available over the Web, but a clarification is clearly needed.
> The privacy community has a convoluted relationship with logging.
> Real time statistics are not logging if the data is not retained.
> We tend to take the most prudent approach possible and use a stripped version of Linux that only gives us the basic functionality that we need to operate. We try to disable / remove / break everything else. Even with this approach we can see real-time statistics about the network.
> I wouldn't be comfortable with live sensitive information coming to me in that manner, but in practice, this is not logging and if everything is being handled properly it is not a danger to the use
My original comment:
AirVPN claims they don't log but users can get live data via the AirVPN website on bandwidth usage for their own active sessions. This means that AirVPN logs data, and at earliest discards those logs after a session's completion, which may be too late for some. It's also clearly not a no-logging company, which they claim to be.
Someone isn't happy but the whole point in this post is to show reddit users favourite VPN and each VPN has a score of how "private" they are and i'm asking a question which could completely throw BlackVPN's privacy score out the window. Should I not ask a question directly relating to the article? And one which could chabge the article? But I guess I am the "dense" aren't I?
LOL its facebooks service, how would it not be giving the data to facebook? Thats like saying "Private internet Access collects all traffic and sends it to Private Internet Access".
I get the point, people just automatically assume VPNs are "PRIVATE" but if you're the sort to be concerned about a VPN collecting info about you, I'm guessing you do more than 3 seconds of research and can come to the conclusion that so called 'free' services do things to monitize their users... like do people expect facebook to just offer a free VPN at a loss?
my advice would be dont bother. Im not sure how tech and network savvy you are, but the fact your asking the question leads me to believe that it would be a massive headache for you to setup, maintain and your taking a ton of liability for what others are browsing.
Unless you know and fully understand the processes of what your wanting to do, and you have a full understanding legally of what your undertaking, leave it to the big boys like PIA or NordVPN to do the leg work for you.
Im not trying to shit on your parade, its just that there is a huge difference between setting up a private VPN server for you and a group of close, trusted friends to use, and one that you sell a monthly subscription for, to anyone whose willing to pay.
What happens if person X decides to go on a kiddie porn downloading FBI (or India's equivalent) finds out and starts tracking the breadcrumbs, who do you think they go after? Person X, who has some piece of paper with you saying they are paying for the service, or will they just look at the VPS hoster, find out whose card and details are on that instance? Ill answer the question for will come after you, and you will be 100% responsible unless you agreement contracts are water tight.
TLDR: dont do it
This is a great question and you deserve a straight forward response. Logs are never turned on. Period. It is our policy to maintain the utmost privacy for our customers. This, amongst other things, is the reason that our customers have found us to have some of the best speeds in the industry.
Our customer support is there, primarily, for technical reasons and will not know the internals of our network. Once again, we are serious advocates of privacy, and we will stand for the rights to privacy of all.
> A final option, which I will go ahead and discuss but flat-out tell you we do not recommend is to sacrifice security for performance almost entirely. Weakening the encryption protocol and dropping the authentication protocol entirely—AES-128-CBC/None—resulted in 51.25 Mbps throughput on my R8000.
First, unless you work with anything related to government, AES128 is perfectly fine if performance is an issue. Just use any digest ("--auth" in OpenVPN) stronger than SHA1, e.g. RSA-256 etc.
I can understand his motivation for not recommended anything other than the reasonably optimum security available case as default, so that there's no possibility newbies can screw up with that specific setting. But the rest of his technical essay is not really for anyone new to software configuration.
Second, as we were all recently disquieted to learn, despite their great open source support, Netgear is now adding support for "analytics data collection" in their consumer routers.
So, if you do recommend Netgear routers for VPNs, you really should absolutely recommend taking full advantage of that open source support ... while it lasts ... or their corporate routers.
Every bitcoin transaction can be traced back, it's pseudonymous. The best is probably cash. Some offer that. I actually did test Mullvad a while back, and sent them 5€ cash via anonymous letter an anonymously created acc number in it. 5 days later the account received a month of runtime. Really liked that system, though it adds cost for postage stamp. I am not sure who else does this type of anonymous payment.
This was highly needed. I constantly see posts like "Best VPN?" then someone goes "CactusVPN has no logs11!!1!1"etc etc. Then I try to explain that what a company says and what they do behind your back are two different things. Hopefully you'll update those sections more often.
So i asked them about their Business model, >Hello, I wondered about your business model since I'm truly interested in a VPN service. You say your service is completely free, you keep no logs and provide a high speed connection, however you don't reveal the catch. Running such a service is expensive and you don't provide how you make money of of your users. Advertising? Selling user data? There is no reason for users to trust you if you don't tell us how you manage to sustain.
and got this reply >Thank you for your request. Since it is a new launch of FrootVPN, we decided to keep it free as long as we are able to run it. Resources are enough to keep it running for free at least a few months more, but we might rethink this very soon. Even if FrootVPN were to charge our users, it would be very low as compared to other providers out in the market. The people behind FrootVPN support freedom of speech and want the Internetz to be a uncensored place =)
I dont know what to make of this
Learn how you roll your own VPN. Then pick a server wherever you want.
Here is a good guide. https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
While this might seem daunting it's well worth the effort.
I got you. So I follow the website below. He is a solid writer and help you protect your privacy. There is a section for browsers and he will give you direction on the about:config.
Because the OpenVPN GUI is open source and almost all provider applications are closed source and basically black boxes. Who knows what they are really doing? There have been at least one case with CyberGhost where the client was installing a root certificate on the PC to filter web traffic (this has been removed from the lastest client version) and they where harvesting unique hardware ids and sending them to their servers. They propably don't want to do bad things with these, but by being so shortsighted and implementing something into your privacy and security minded product that could pose a potential privacy and/or security risk they clearly don't know how to write software with privacy and security in mind. Therefore closed source software that does things that are security or privacy oriented are better open source, because some developers don't fully understand the consequences that the code in their software could have.
I'm a big fan of AirVPN.
I really like that they let me statically assign port forwards. With this, I don't have to make arrangements in clients to change the port they listen on each time I start a new vpn session.
Gonna have to say, what the hell on this one. They did list some great providers, but why are they listing EarthVPN after the logging fiasco?
CryptoStorm is structurally anonymous by default.
Gotta say, I'm a little disappointed with this one.
There are commercial VPN's that run in China - ExpressVPN and Vyper (I used Express during August in China and it worked with their Hong Kong servers). That's the lowest effort method to be honest.
Otherwise it's actually difficult enough to get proper internet access over there. SSH Tunnel does work but the great firewall does throttle it somewhat. I use one of my company's routers with SSH Tunnel and Tor and that does the trick too. If you're going that route (pun intended!) you'd need to set it up for her before she goes.
Interview with PureVPN from 2013:
>1) Does PureVPN keep any logs, IP Addresses, Timestamps, Bandwidth caps, Traffic or other data?
>We do not keep activity logs [which websites you visited, DNS lookups, emails etc.]. However, we do keep session logs [access attempts to our servers (for security and troubleshooting), session durations, bandwidth used and user clicks made to our software (for features popularity tracking and improvements) etc]. You can find out more about our formal policy here:
paging: /u/o2pb /u/benediktkr /u/droptune /u/realrasengan /u/blackVPN /u/SumRando /u/TorGuardVPN /u/NordVPN /u/menopia /u/kfreds /u/BTCJacob /u/carebear_tb /u/PerfectPrivacy /u/expressvpn /u/noizebazz /u/vpnasia /u/tech347 /u/FreedomeVPN /u/oVPN_to /u/ItGotZenified /u/szillaio /u/smrdave
To all that I have mentioned above, as people who work for commercial VPN services and are flaired/verified as such in /r/vpn; You charge us a fee to use your services, please give back to the community and have your companies donate some of the money you get from us to this security review so you can help better protect our privacy.
This is way I've always stayed with BlackVPN, open communication and pure privacy.
I'm glad they're sticking to not negotiating with the attackers, paying ransoms only shows weakness. I'd rather put up with downtime but knowing why rather than seeing the service go out of business by throwing money to all these bullies.
If you are a UK citizen or resident, please contact your representatives in parliament and explain why this is not a good idea.
(I have not used this site myself, but it seems helpful)
This does not affect Mullvad because we are incorporated in Sweden, but I'm sure some of my colleagues are incorporated there. The fewer jurisdictions privacy-friendly companies can operate from the worse for all of us.
There's different types of VPN. There's a corporate VPN such as Cisco AnyConnect, this is for business. Then there is "Anonymizers", they change your IP address into something that can't be traced back to you, such as Private Internet Access. Then there is literal "VPN's", which stands for "virtual private network", done by software such as Hamachi, and it's intended purpose is to create large LAN's, so you and your friend can play Playstation together.
Co-founder here. I left years ago.
There's no one running VikingVPN anymore. The warrant canary gets tripped when no one bothers to update it. (it is a dead-man's-switch design.)
I don't advise using it. They likely aren't doing security updates nor have they even publicly responded to getting compromised rather recently. There's much better VPNs out there.
This being a guide for starting a Wireless ISP, which helps you avoid a lot of the capital intensive infrastructure requirements.
That being said, running an ISP versus running a public-access VPN service requires a lot more know-how and knowledge.
A VPN service could be setup with a simple front-end, some knowledge of LDAP/FreeRADIUS and working knowledge of Linux. You could probably work through enabling no-logging through reading through VyprVPN's security audits, setting up RAMDisk servers and doing constant meta-searches for data/self-auditing.
An ISP requires a heavy initial investment, among other things.
Nope. It shouldn't be that way. PureVPN is the biggest scam there is. They are completely unsecure and in addition log connections.
I remember that another user wrote a ticket about this issue and they replied that this is technically not fixable... Wonder how any other provider managed it then...
The best advice I can give you in regards to PureVPN: Run.
Never thought I would come across a VPN service that is actually worse than HideMyAss, but I'm sorry to say that this takes the cake. I'm actually a bit peeved that NoScript runs ads for them on their upgrade pages (last time I checked). I like NoScript but that's a strange ad partnership in this light.
After the vote, Today I purchased my first VPN, I had been creating fake twitter accounts and tweeting TunnelBear for the extra bandwidth for quite awhile. After subbing here I decided to go with PIA as they offer layers and do not collect logging. (Or so they say)
Prior to me paying the fee, I did a speedtest (like any good researcher should) and I got 3.18mb/s and 3.21mb/s at my hotel room's shit internet. As soon as I paid the 1 year fee ($39), I got 3.12, 3.17, 3.05, and 3.12 again on my tests with the VPN active for different locations. 3.05 was Canada. I even used the VPN to watch a streamer earlier and had no lag or anything. $40? No difference in daily activities? Sign me TF up.
(I cancelled the purchase because I hate recurring charges, but I'll keep my year of VPN)
Most important bit from that link:
> We [Golden Frog] log the following information and retain it for 30 days: > > * Customer’s source IP address > * VyprVPN IP address used by the user
Oh so that's like totally ok then. LOL
That link is just a lot of bollocks to justify that they do log your data.
Look, we all know that a no-logging policy isn't the be-all and end-all of online anonymity but an explicit we-do-log policy doesn't help anyone either.
Hotspot Shield is entirely ad and consumer data funded. They log almost all information about their users, and, by using their VPN service, you are forced to tunnel all of your information right to their servers and, subsequently, anyone to which they want to sell you.
We built Private Internet Access with our primary focus being the business of privacy. Our users wish to protect themselves in the digital age from the illegal erosion of privacy. However, with any privacy service it is possible that some users could try to use our service for other nefarious means.
We have spent well over 6 figures (USD) for legal consultation and legal opinion from the top law firms in this space, and additionally, we have spent countless development hours developing our proprietary abuse department with our users' privacy as our number one objective. Unfortunately, our system is also our proprietary competitive advantage and, as such, we cannot disclose the way it works.
However, please rest assured. We have never disclosed our users' identities, nor are we planning on it. We have no intention of stepping back from the responsibility entrusted to us, by the Internet, to protect the future of privacy. Where we cannot fight, we donate (EFF, FFTF, ACLU, GNOME, and many others), and where we can fight, we are fighting frontline and center.
I know this does not answer your question, but I do hope it does help you better understand our principles. If, for some reason, this does not, I do hope that you will not step away from VPN and, at the least, sign up for one of our friendly competitors.
With all this being said, we would like to make it clear that we absolutely do not log any VPN traffic or even any session data, period. We are one of the few if not only providers who have adopted this policy, but, it makes sense since privacy is our policy.
Our technical team was just in South Korea testing our connectivity to our west coast VPN gateways for 1 week. We tested from Kangnam, Itaewon and Hannamdong. Lastly, we also ran a fun test from the Jeju Island.
We are very confident that you will be very impressed with the speeds you will receive with our service from South Korea.
Thank you, Private Internet Access
Google does all that - because they are essentially an Ad service, so they can provide you with the best matching ads based on who you are and where you are.
If you want to avoid this. Stop using any of the Google services first of all. Use a de-googled phone, like https://e.foundation/ ... and wipe cookies as often as you can.
Just don't. Only free VPN I could trust a little bit is ProtonVPN and that is simply because their whole business model (including of ProtonMail) is centered around "trust" and this would be destroyed if they get caught doing something suspicious even on the "free" tier.
Regardless of this news, they have been a shady provider from the beginning, even with their marketing techniques alone. They constantly make fake user names, astroturf, and shill all over Reddit and deals sites.
They use fake server locations as well. Ivacy and PureVPN are one in the same company, btw.
> If you want them to respond to you, it is.
I'm sorry you have had a difficult time navigated their website but here is their contact page.
>For the last time, I'm not talking about whatever post you are fixated on.
That would be the first time. And I'm "fixated" on the only real piece of information you have provided, an image of a comment by AirVPN staff. Who responded very reasonably, with information on a possible fix and a request for further information to help you fix your problem.
Why are you alluding to something else but not providing any information about something else?
and don't trust vpn who say they don't log. most say it but then when they are put to the test they rat out their customers such as happened with PureVPN. the only one who actually has proven to not log as far as i know is Private Internet access when they couldn't hand anything to the fbi in 2016. stay away from anyone claiming no logging without courtproven evidence.
The privacy community has a convoluted relationship with logging.
Real time statistics are not logging if the data is not retained.
We tend to take the most prudent approach possible and use a stripped version of Linux that only gives us the basic functionality that we need to operate. We try to disable / remove / break everything else. Even with this approach we can see real-time statistics about the network.
I wouldn't be comfortable with live sensitive information coming to me in that manner, but in practice, this is not logging and if everything is being handled properly it is not a danger to the user.
Edit: Because this blew up and a lot of people are reading it. AirVPN is one of the best in the industry. They take privacy and security very seriously and actively participate in the privacy community at large. This particular feature is something that users have asked us for in the past. Everything privacy related is on a spectrum, and AirVPN is still a very good choice.
Missing a /s somewhere? It certainly appears that you got an invoice from PureVPN for their service, treated it as SPAM, and then they cancelled your service because you hadn't yet paid. If you're suggesting that you asked them to verify the invoice and then they just cancelled (without seeing your email it's difficult to know), I'd say that's likely more an issue of a help desk with minimal English skills.
CyberGhost. They're really awesome but I have a feeling their speeds are going to be turtle slow with all those users slamming away at their servers.
I mean the only good thing the UK has going for it in this case is that you can hop the channel and use any other European countries servers without increasing your ping too much. We in North America don't have that luxury.
Most people viewing this spreadsheet won't know what to make of it. This needs some context to explain the significance of different attributes and some way to filter the list down to the best and worst service providers. For example, while it's commendable that a service donates to the EFF, that has no bearing on how good or secure a service they are.
Here's a perfect example: HideMyAss, the notorious sleazebag service provider who has enthusiastically ratted out their users. Any resource claiming to provide a comparison of VPN services that doesn't immediately red flag this company is useless.
Also, the way this doc is locked down, it's impossible to filter, sort, and compare the data. You can't even lock the headers in place so they're visible when you scroll.
> If enough people are interested, I would love to make a video explaining how I set everything up from the ground up.
build it and they will come. Also if you are going the video route, consider having text instructions too. It's much easier to follow along than a video where you have to pause / rewind to catch things.
> Some topics I would cover: > AirVPN vs PIA
Leave it vendor neutral.
So, EarthVPN is right down there with Hide My Ass now?
Yeesh. I really hope that a screening agency for these things can pop up soon. I know there's been talk of one eventually being made, but seriously, there needs to be one.
DNS leaks are also possible.
Make sure you use a site like one of these to check and see what IP you appear to be torrenting from while you are torrenting:
https://ipleak.net/ (look in the lower left hand corner of that site)
They have been proven not to keep logs as of about 2 years ago, but that can change. In terms of marketing, PIA is one of the shadiest VPN companies out there. They are also based in the US which is a big no-no. I don’t trust them after they were caught trying to spread rumors about ProtonVPN. One of their high ranking executives has also been caught selling data at a different company.
The only real advantages of PIA is that they’re dirt cheap and they accept gift cards as payment, so you finally have something to do with that subway gift card aunt sally gets you every birthday.
ProtonVPN and Mullvad are two superior companies but they’re a buck or two more expensive.
First time VPN user here. I'm a little lost on what to go with? If I'm being honest, all I want the VPN for is to download music, movies, and games as safely as possible.
I was looking into AVG Secure but I've had a few people tell me not to. I've seen Private Internet Access suggested as well. What's the best and most affordable route for me to safely download music, movies, and games anonymously?
Also, how appropriate is it to only turn the VPN on for the act of downloading said files? Is it okay to leave it off to prevent the VPN slowdown and only have it on for what I need it for?
Recently this happened with PureVPN, and a few years back, HideMyAss handed information about a customer, logs etc.
But when you look at HMA, they are still in business.
And when you search as 'best VPNs' etc, you will end up seeing some services over and over again, and you will encounter HMA and PureVPN often.
The only semi-decent VPN provider not based inside 14 eyes is IVPN. I still wouldn't pick them over a provider like Mullvad, because they block P2P on US servers. I'm not paying a VPN provider to censor me.
PIA doesn't have shills on Reddit, because they wouldn't make money from it as they aren't able to link their referral code. The "shills" are people who have used them for years and see that they are good for the average user. Having a provider based outside the 14 eye countries doesn't really mean much since it's dirt cheap to register a company in countries like Panama. It's not going to give you a get out of jail free card. The provider actually has to care about privacy and the fact is that most providers who actually have been out for a while and were the first VPN providers who had no logging from the start are based in 14 eye countries. Most of these providers based outside these countries only recently changed to "No Logs" once they saw that they can grab some cash.
I tested 29 Windows VPN clients for DNS, IPv4 and IPv6 Leaks. Six (AirVPN, FrootVPN, IVPN, Mullvad, Perfect Privacy and SlickVPN) performed perfectly. Three others (CyberGhost, and ) hit VPN-specified nameservers directly while reconnecting after uplink interruption. They didn't hit other nameservers, but this leak does reveal hostnames being browsed. The other 20 Windows VPN clients failed in various ways. Over half leaked IPv6 packets whenever the machine was connected to the Internet. After uplink interruption, some failed to reconnect automatically, and some leaked IPv4 packets.
IVPN provided funding and technical support for this work.
I've been testing AirVPN and it's been great. I tried using their zip files with stunnel and OpenVPN to encrypt the initial VPN connection but I couldn't get it to work - kept getting a certificate error in the stunnel log file. The "Eddie" client from the AirVPN website works well. It's 1 Euro for a 3 day trial. I just wish they had an easy anonymous pay option as with other VPN providers. You can use Bitcoin if you have an account with Coinbase (I do not) or, I suppose you could just buy a Visa gift card as well, but I believe you still have to create an account and provide some identifying information now, so there's still a trail if you're concerned about TNO (trust no one) mentality. Otherwise it's a fine service with good server selections and fast speeds.
I believe that ExpressVPN's client is OpenVPN based with an obfuscation layer.
This means that unless they have significantly modified the source code (they likely haven't) they would be subject to the TCP black holes issue. The OpenVPN protocol is designed to work the best on UDP, but it supports TCP. Normally UDP does not track if packets arrive at their destination. OpenVPN has a method that tracks and verifies if data reached it's destination outside of UDP.
The problem that surfaces is that in TCP mode, the OpenVPN protocol still does its own outside verification for each packet, even though TCP also has this functionality built-in.
This means that if a packet is lost in TCP mode, the data is re-requested twice and if either of those new packets are lost, the data is once again re-requested twice for those. And so on...
(This is a little simplified for brevity) This means that if your connection has a hiccup and 6 consecutive packets are lost;
On UDP: OpenVPN re-requests the missing packets and the data is filled in with the 6 missing packets.
On TCP: OpenVPN and TCP both re-request the first packet, neither arrives, and then OpenVPN and TCP request those lost packets, they don't arrive... and so on 6 times. This means that instead of 6 packets being lost and attempted to be recovered, you have now bloated to the 6th request being 64 packets of redundant useless data.
It continues growing exponentially until the connection is reestablished, or a timeout occurs causing OpenVPN to consider itself "disconnected" from the VPN server.
This is known as the "TCP black holes" issue.
tl;dr For OpenVPN based clients, use UDP.
Well done by Perfect Privacy for writing about this. Obviously it was needed if there were services that were vulnerable.
Can this really be the first time this vulnerability is discussed publicly? I would be very surprised. If that's the case, shame on those of us that have already mitigated it long ago without publishing our findings.
In the case of Mullvad, we discovered and fixed this long ago, I believe in 2010. Our solution was to use separate in and exit addresses, which is why our servers are named things like and .
> Based in US, Private Internet Access can boast of greater online privacy and anonymity for the user due to the lack of any stringent data retention or privacy laws of the United States.
Erm... that's not a good reason to use them, no matter how you paint it. Surely them being US-based is a bad thing because of recent history?
Im recommending to everyone to not use NordVPN. Thier support is non existent. People have complained in reviews and no responses. Your lucky to get a working server if at least for an hour. Please do your research in vpnreviews.
That said whats the overall take on other btc vpn services in same price range? I did like Nords app for when it used to work for mobile and need to find a good replacement for mobile and for router.
Not really. That is a reasonable inference, if he thinks you are halfway smart. Free services are complete shit.
I run a device on my home network that monitors and manages what my kids do. Check out . If anyone on my network uses a VPN, I can see that. I can also block access to VPNs. I've tried it with my own VPN services. I'm still able to punch through using AirVPN's SSL/SSH tunnels because the device doesn't know it's a VPN connection.
Food for thought.
I'm a co-founder of VikingVPN.
Unfortunately, in that video he also does not say what he is doing in the background.
In the description he does say that he is using obfsproxy which is specifically to hide from deep packet inspection, and his speeds do seem to go up! There could be other things going on though, and we would need greater information than this to be able to file a complaint.
Did he change the port? Is he using OpenVPN? Is he using PPTP, IPSEC, or SSTP? are there traceroutes showing that there's no peer in between VZ and the VPN server that could be throttling?
There's also the issue with using itself if the VPN server has compression enabled. It can throw off your results by a huge margin.
Furthermore it is really strange that his particular connection gets throttled, but we have many customers on VZ Fios that do not seem to have this issue. They could have implemented this in his area for some strange policy reason, but that seems like a reach.
We need more information regarding the connection before and after to make things work, but the evidence is pretty damning in the video nonetheless.
Briefly looking in to this I have seen VikingVPN claim to have a canary...their icon will change colour 'noticeably' on their home page if they are compromised. Its red right now which seems like a warning sign but maybe it was always red and will go black when compromised? I havent looked that far in to it :P
PIA have said they have received letters, in 2012 they received 11, 3 from outside US. Their stance seems to be 'We get asked for user data, but we dont log data so we dont have any data to give'. They said they havent been compelled to start logging thats a matter of trust. They acknowledged that a canary would help build trust but there is still no canary. old article as source
~prepares self for the crushing downvotes~
There are some very opinionated individuals in this subreddit, and everyone has a favorite. I can only speak about the only one I use daily, which is Private Internet Access. $40 a year, complete protection. It doesn't get any easier.
I've been using AirVPN since almost 2 years and I couldn't be more satisfied.
You can pay with bitcoin. And they have a howto explaining how to use TOR with bitcoin to process the transfer. You should not trust a VPN provider that doesn't use bitcoin.
It's EU based (Italy). US laws don't apply. And it is run by a political hacktivist, Paolo Brini. They don't keep logs and I trust them on that.
Their understanding on how VPN works and the surrunding technology is top notch. Very tech savvy staff. Check out their forum, you'll find some of the best piece about openvpn technology there.
Lots of exit nodes in different countries.
I'm always able to max my VDSL speed using most of the exit nodes (50Mbits/6Mbits).
They only use openvpn.
This sub has two sorts of people:
1) People who want information about VPN's
2) Batshit insane lunatics screaming about Private Internet Access being a honeypot for the NSA and that they're going to come to get you in the night and touch your butt without permission
Case in point, I just downvoted 3 - 4 posts created by trolls screaming about some kind of PIA conspiracy. Unfortunately I cannot give them the professional psychological help they require, but I can at least try and stop others being exposed to the disease.
So my suggestion is, ban the trolls. This is not a comedy sub. Everybody is entitled to an opinion, if people don't want to use PIA that's fine, but abusing people who recommend PIA is ridiculous.
I am using Private Internet Access VPN for Netflix, great service and awesome speeds.
If your ISP does not block DNS filtering, then you may use service, you simply have to change your DNS address and you are able to stream Netflix without any speed loss (that's the best part). You can sign up with an 8 day trial on
I used to use Hidemyass until lulzsec issue then I stopped, I noticed they now claim they may log activities up to 2 years. I also used to use Witopia for several years which I also stopped, I think they log for a week but that isn't the issue, issue is they are located in Virginia, heartland of alphabet agencies.
So far I tried AirVPN, BolehVPN & PIA all are obviously good enough.
Ones that I previously tried but gave up even though they claim not to log are Torguard as they had frequent hiccups while I was a customer as well as IPedator which is safe but at times slow and even worse speed was CryptoCloud. Not sure if they improved now.
Here is list of some VPNs that you could consider
Not all EU countries are the same in this case. National data laws vary, many countries being part of the Five/Nine/Fourteen Eyes and e.g. Romania has declated EU's data retention law unconstitutional.
Stay away from browser extensions, and go for the good, reputable VPNs. ProtonVPN is a good option. No logs, I use it to get around blocked websites, bypasses DPI (at least, as far as I know.) and has a 7 day free trial to their highest tier. You can't torrent with the free servers, but at least they allow TCP port 443 and UDP port 1194.
The Venezuelan government just implemented a new rule that disables your access to online banking if you attempt to access it from overseas. I will be needing a service that allows me to access the online banking site using a Venezuelan IP.
I'm not really sure if there are any other security features I need, I basically just also want to prevent the geo-unblocking provider to be able to access my bank account!
And also perhaps a service that is easy to switch on and off, since I will only be needing it for the few times per month that I need access to my Venezuelan account.
Edit: in case anyone else is interested, I found 3 providers listed in thatoneprivacysite that claim to have servers in Venezuela: ExpressVPN, HideMyAss, PureVPN. All cost around $8 per month on yearly plans. I have not tried any of them yet.
Working as intended.
Chromecast and the device you use for streaming needs to talk to each other through same local network (your wifi). Using a VPN means they can't talk to each other, because the VPN connection is isolated from the rest of the network.
iirc only way to use Chromecast with a VPN is to install VPN on your router or use a virtual router. Looks like ExpressVPN has instructions for the latter and specifically Chromecast in mind.
> Thats true, i assume a VPN that is found to keep/sell logs no longer has a business.
That fact that some like HideMyAss is still in the business tells a lot more about the average customer than about the VPN service itself. The one you referring to must be PureVPN (or WANSecurity). I would expect PureVPN to continue to be fairly popular in the future too.
Quite many still reputable services also openly tell that they do store some connection logs for x amount of time, usually for maintenance reasons (but they are also very clear and transparent about it, which is in a way more believable than simply claiming "no logs" without any details about what is and what is not logged, because none of this can be verified by the user).
I assume that you are setting up a manual L2TP/IPSec connection using the CLI of your router? It would be much easier to use a normal router with a web interface. You won't get anywhere near 1Gbps over a VPN on your router anyway. I would just plug another router into your ubiquiti edgerouter-x as a subnetwork and run the VPN on that router. ExpressVPN has a dedicated firmware (aka "router app") for Linksys WRT1200AC and WRT1900AC series routers. You can easily change servers from the web interface. If you want the best performance, I recommend the WRT1900ACS with 1.6Ghz dual core CPU. I can get up to 70Mbps with OpenVPN (Expresss and others) with this router. If you want something cheaper then anything that can flash dd-wrt, Tomato, or OpenWRT will work. The higher the CPU, the better.
EDIT - Another option is to use your computer as a virtual VPN router and share the VPN connection with your whole network that way.
If you don't plan on hacking the US/UK government or planning a terrorist attack, then you would be perfectly fine using PIA. The US doesn't care what porn you watch or that you're downloading the latest One Direction album off torrents like the people on this Subreddit think that they do. They aren't going to force a VPN provider as big as PIA to log their servers just to catch you downloading that One Direction CD. It would take something huge for them to force one of the biggest VPN providers in the world (PIA) to log their servers and it's clear that PIA cares about privacy and they have the money to fight it.
If you don't want to risk it, then Mullvad and AirVPN are both good. I personally plan on switching to Mullvad at the end of the month after being with PIA for over 4 years. It has nothing to do with PIA as they are great. I just wanted to switch it up and support Mullvad for making a lot of great changes over the past few months.
How did make it into your shortlist? I don't think many people would consider them, aside from them being cheap they offer nothing special. The rest you post don't have many servers and are quite expensive for VPNs but offer a good service. I've not used them but they appear quite slow according to the comparison chart.
Edit: I'm also in the UK and used VPNs for quite some time now. I have found AirVPN to be the best I have used. They offer a free trial if you email them. Most of them do, so make use of that.
The typical thing I've seen is that these restricted Internet Access Points will block everything that doesn't go on port 80 and 443. Now, depending on the type of VPN protocol you use, that could be a challenge, but on OpenVPN you can typically set it to port 443/TCP, and it will likely be unblocked. However, be warned, OpenVPN connections have a VERY CLEAR fingerprint that can be seen, regardless of its grade of encryption, and make a MITM attacker be able if it's authentic HTTPS traffic or OpenVPN. China implements this kind of Deep Packet Inspection, but most universities don't (I'm using eduroam through such method). Now, if you want to go 100% invisible while using OpenVPN, you can use a number of techniques. The easiest one is to wrap it in stunnel, an SSL tunnel that will make your connections look like simple SSL traffic (this is what HTTPS looks like), rather than OpenVPN or SSH. Another option is to use the OpenVPN XOR patch that will require you to recompile both OpenVPN client and server
However, if you're looking for a paid OpenVPN provider with stunnel or XOR support, most do nowadays. AirVPN and are a few of them.
Edit: There are also other techniques that can be used to overcome censorship, like tunneling web traffic over DNS, or applications like ShadowSocks (which, by the way, the Chinese government has forced the main developer to delete the entire GitHub repository).
I don't want to be that guy, but i see quite a few providers on that list that fall under 9/14 eyes and two of them are VPN providers that i would take for privacy over all the others that aren't.
Location of the provider means very little. PIA, AirVPN and Mullvad are some of the best VPN providers in the world and all fall under 14 eyes. The stance the provider takes on privacy matters more then the location of the provider (as long as they are in a country with no logging laws).
That list also has two providers who have given up users information in the past. gave up information on a guy for harassing his ex-GF on Facebook and Earthvpn gave up information on a hacker a while ago and claimed that the datacenter was logging and not them. BlackVPN used to give out DMCA notices to their users and the owner was chased off this subreddit quite a few times for lying about their logging policy. Meanwhile PIA a US based provider has court documents from the FBI requesting a users information from a bomb threat proving that they don't log.
You know how simple and cheap it is for these VPN Providers who register their company in these countries like Panama? Their company might be registered in these countries, but 99% of these providers have owners from the US or 14 eye countries making it pointless.
ExpressVPN is good, a little more expensive than some similar ones, but not by much.
Setup on the ASUS router is good, though you'll be limited to about 8-15mbps, depending on the model. Running your work VPN inside the router VPN should work fine, with just a little increase to ping times.
Also, check out the Merlin firmware for your ASUS.
AirVPN, Mullvad and NordVPN are some of the best for under 100$ a year.
PIA is also good. I have been with PIA for over 3 years now. I have to admit that i will be switching to one of the listed providers above after my billing cycle is up in Dec as PIA has ads on some of the biggest open trackers now and that is going to bring a lot of attention to them. I really don't wanna be with that kind of VPN provider.
Thank you for choosing Private Internet Access to be your VPN provider.
The reason is because a user from the mentioned countries is connecting to the VPN and probably had language settings set to that country. And enough users are doing this so Google thinks that you're Indonesian or Australian. A way to test is to try other global search engines, such as Yahoo or Bing and see what results you get.
I used my CC to pay for a year's worth of Private Internet Access. The only thing they could prove with that is that I have paid for a VPN service and there's no crime against that. If I don't trust my VPN provider not to keep activity logs then 1.) I need to find a new provider. And 2.) If they are keeping logs, then I have a bigger problem than what kind of payment I used.
Bitcoins is such a pain in the butt to use. I see them as a method to pay for services when other methods are not allowed for one reason or another.
We operate Private Internet Access which you can visit at:
We are committed to the privacy of our users and provide up to 3 simultaneous connections per account. It can be used with an unlimited number of devices as long as only 3 are connected simultaneously. We have one of the most (if not the most) amounts of bandwidth and servers in the industry, so you will have great performance:
We hope you will give us the opportunity to earn your business and keep it. With that said, whichever provider you choose, you are making the right choice to protect yourself with a VPN service provider.
You might like Mullvad.
It can disconnect the internet on VPN connection failure. Reconnection is automatic. There is a client for Windows, Linux, Mac OS X, iOS and Android. It uses OpenVPN by default underneath, which is widely scrutinized and trusted (stay away from PPTP if you are worried about adversaries). Mullvad can also be sort of anonymous if you want; you can send cash or Bitcoin so they only know your IP address. Like others, they strenuously claim no logs are kept.
You may also be interested in this article at TorrentFreak, where many privacy-conscious VPNs are described. Not all VPNs claim to protect your privacy. Read the small print.
If you keep pissing off a well-resourced adversary they can always break into your house and compromise your hardware. There are no completely secure solutions.
I have the same email issue and asked them about it. They responded quickly with...
>As for email not sending, any VPN provider that does not retain logs must block SMTP traffic due to rampant spam associated with usage of VPN services. This is necessary for the security and privacy of our users, and we apologize for any inconvenience this may cause.
>With that said, we can whitelist any/all SMTP servers that require authentication, and/or are correctly setup so they are not open relays. If you provide us the hostname of your SMTP server(s) you are using, along with the IP addresses for each (as found by pinging them through the command prompt on your system), we will be happy to whitelist these servers after ensuring they are setup correctly to comply with either of these requirements.
>Mitch M, Level 1 Tech Support Private Internet Access™