TurboVPN is a virtual private network (VPN) service that allows users to browse the internet securely and anonymously. However, before investing in this service, it’s important to consider the ownership of TurboVPN.
TurboVPN is owned and operated by Innovative Connecting Pte. Limited, a Singapore-based company. While the company has been in business since 2016 and offers a variety of VPN services, I approached their brand with a hint of skepticism, given the company’s history in the VPN space.
While Innovative Connecting Pte. Limited’s mission is to provide secure and private internet access to users worldwide, there have been concerns raised in the past about their privacy policies and data practices. As with many VPN providers, there is no guarantee that your personal data will be kept confidential, and it’s important to do your research and choose a service that takes your privacy seriously.
At the time of this review, their servers are 41% M247, 17% Digital Ocean, 10% Take2, 7% Choopa, 7% Ghost, and the remaining servers are a mix of Lineode, Hetzner, Oracle, and Datacamp Limited. All in all this is a fairly common spread of providers which almost half being M247, but I was surprised to see a good distrubution of providers for the other 60%.
Designed to track you
Any time you decide to use a service or VPN owned and operated by a company from Asia, I would be very cautious. In my testing, after using the app for several minutes I found the following in my DNS logs:
TurboVPN’s free version is indeed ad-supported and comes with some usage limitations, such as a limited number of servers and slower connection speeds. However, its premium version is available for a reasonable price and includes many advanced features, such as dedicated IP addresses and unlimited bandwidth.
Overall, while TurboVPN may seem like an appealing option for those looking to protect their online privacy, it’s important to always approach VPN providers with a hint of skepticism. Although owned by Innovative Connecting Pte. Limited, TurboVPN claims to prioritize user privacy and data security, but it’s ultimately up to each individual user to decide whether they trust the company’s practices or not.
Zenmate is a virtual private network (VPN) based in Berlin, Germany service that encrypts your internet connection and hides your IP address to protect your online privacy and security. It allows you to access websites and content that may be blocked or restricted in your geographical location. Zenmate offers several different subscription plans that provide various levels of security and privacy protection, as well as the ability to access content from different locations around the world.
Is ZenMate safe?
ZenMate claims to be a no-logs VPN service, but it does keep some connection logs. It will also ask for your email address when signing up for the free version or the 7-day premium trial. It’s also possible that ZenMate may clash with other VPN apps installed on your device. When it’s running in the background, it may not allow you to launch any other VPN.
Their location in Germany may pose additional issues due to their strict stance on copyright infringement. In addition, they are owned by Kape Technologies, a company that was known to send malware through their software. Overall, this service is of questionable safety, if you’re looking for a top-security VPN service.
IPVanish is a virtual private network (VPN) service that allows users to securely and anonymously access the internet. A VPN creates a secure, encrypted connection between a device and the internet, protecting data and preventing snooping or tampering by third parties. IPVanish offers a range of VPN products and services, including support for Windows, Mac, iOS, Android, Linux, and other platforms. The company was founded in 2012 and is headquartered in the United States.
A few years ago, IPVanish handed over user logs to the FBI. This caused consumers to question just how seriously the company takes user privacy, and it saw a dip in use and confidence as a result. As part of my review, I look to see if there have been any changes, or if IPVanish still deserves caution when choosing a VPN.
IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.
Can you torrent with IPVanish?
One of the most common reasons why people sign up for VPNs is so they can use BitTorrent without revealing their true IP address. If you look at section 12 and 13 of the IPVanish Terms of Service, it clearly states that they respect copyright and intellectual property. They also have a page on their website instructing individuals how to submit DMCA notices. It is clear from their ToS that repeated DMCA violations will result in termination of your account:
It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others.
Looking at their privacy policy
The IPVanish privacy policy starts off the generic “we do not log, monitor, or collect your browsing history” which is the baseline for a decent VPN. A lot of people will read that line and go SEE!!! They’re anonymous!!!1. However, the devil is in the details – just a few lines down in G. Lawful Bases for Processing Personal Data it states:
We may Process your Personal Data where the Processing is required by applicable law;
What exactly does that mean? Just a few more lines down it explains:
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In a nutshell – they may not “monitor” or “log” your browsing activity but per their Privacy Policy they will hand over any and all information they have on you if required by law.
Hands in many different pies
IPVanish has an interesting history that also includes a few different ownership changes over the years.
Here is a brief summary of IPVanish’s history based on my research for this review:
IPVanish was founded by Mudhook Marketing in 2012, a subsidiary of Highwinds Network Group in Orlando, Florida.
In 2017, StackPath acquired Highwinds Network Group, which also included IPVanish.
In 2019, IPVanish was sold off to J2 Global (now called ZiffDavis Inc.) under the “Net Protect” division.
J2 Global, also known as ZiffDavis Inc., isn’t just any ordinary company – they’re the parent company for many websites that publish reviews, including PCMag. But wait, there’s more. J2 Global doesn’t just stop at publishing reviews, they also own several VPN services, such as IPVanish, StrongVPN, and Encrypt.me. As if that’s not enough, they also have a secure cloud storage service called SugarSync. It seems like J2 Global wants to control every aspect of the digital world, doesn’t it? Who knows what kind of data they’re collecting from all these different services. It’s enough to make you wonder who’s really in charge of your data and privacy.
So, J2 Global is the proud owner of a collection of VPN services, which means we’re now in a situation where VPN review websites are recommending products that are actually owned by the parent company. How convenient, right?
It’s a bit of a dubious situation if you ask me, and we’ve discussed it before in our article on VPNs that own review websites. It’s hard not to be skeptical when the very same company that owns the VPN service is also the one getting glowing reviews from their own review websites. One has to wonder if these reviews are truly unbiased or just part of a larger marketing scheme. It’s a classic case of “who watches the watchers,” and it’s not exactly comforting.
Windscribe, a cross-platform virtual private network (VPN) service provider, was founded by Yegor Sak and Alex Paguis in 2016. Based in Canada, it has grown to operate internationally, supporting a broad range of operating systems and platforms, and providing services to personal computers, smartphones, routers, and smart TVs1.
The company’s offerings include OpenVPN, Internet Key Exchange v2/IPsec, and WireGuard protocols in its applications, supporting peer-to-peer file sharing, and ensuring user privacy with a no-log policy. Additionally, Windscribe provides open source applications and encrypted proxy support, while allowing for unlimited device connections1.
Windscribe has been recognized for its social responsibility efforts, particularly in advocating for freedom of access to information in regions of political unrest. It has also developed transparency tools to shine a light on the relationship between corporate VPNs and their paid promoters.
Despite earning accolades from publications like Wired UK and Engadget for its reliability, cost-effectiveness, and range of server options, Windscribe has faced criticism related to security vulnerabilities. However, the company has demonstrated swift response to these issues, underscoring its commitment to user security.
Some users familiar with the name may be wary to trust their services, after the poor security practices were revealed in their 2021 data breach. The company has since promised to do better. You can read the original article, but here are the main highlights:
Windscribe left its VPN servers in Ukraine unencrypted and unsecured.
When Ukrainian authorities seized the servers, they also obtained Windscribe’s private key.
With the private key, Ukrainian officials could decrypt traffic and spy on Windscribe users.
Windscribe admitted that it does not follow “industry best practices” with its server network, but promised to change.
Windscribe is in the process of upgrading server security and hopefully undergoing a security audit.
Based on data collected, when you are using Windscribe VPN you are predominantly using Quadranet, CDNext, Global Secure Layer, CDN77, or M247 servers.
Global Coverage
Windscribe showcases an impressive degree of geographic diversity in its server locations. It has a presence in 59 countries across multiple continents including North America, South America, Europe, Africa, Asia, and Oceania. This comprehensive global coverage provides users with extensive options for regional access and optimizes connection speeds. Key locations such as the United States, Canada, the United Kingdom, Australia, and the Netherlands host a significant number of servers, ensuring a robust and reliable service. Windscribe’s commitment to geographic diversity is also demonstrated by their notable presence in emerging markets. Given this extensive geographic spread, Windscribe earns an impressive score on our Global Coverage Index, receiving an 85 out of 100.
WeVPN users acquired by Windscribe
In 2023 VPN service provider WeVPN announced that it is shutting down due to unforeseen financial difficulties. In a statement, the company assured its customers that those with active subscriptions will be able to use Windscribe for the remaining duration of their subscription free of charge. Windscribe has agreed to offer free accounts to WeVPN users, which will provide them access to Windscribe’s network of servers, robust security features, and customer support.
However, many are skeptical of this offer, as it appears to be a backdoor deal, and there is a lack of transparency regarding the relationship between the two companies. Windscribe and WeVPN have confirmed that Windscribe did not acquire WeVPN, but rather, it is a gesture of goodwill by Windscribe’s founder, Yegor. The company will cover WeVPN accounts for three months up to two years, but those who purchased their subscriptions from specific promotions such as lifetime deals will not be covered. Despite this offer, customers are disappointed by the lack of compensation from WeVPN and the lack of transparency regarding the closure.
It’s super weird that they’ve removed theWeVPN founder’s and CEO information from the site, and there is so little information about them on the Internet. Specially when WeVPN founder claims to “have been running” Private Internet Access for years, and there’s a blog post saying that he used to be the President for PIA, and some other press releases saying he was the CEO.
The cache for their “about us” section [0]:
Jonathan Roudier
Founder
VPN Experience: 8 years
Jon has nearly a decade of working in the VPN industry originally in Marketing and later in leadership and senior management. With his years of insight and customer knowledge gained from running Private Internet Access®, one of the world's biggest VPN providers, Jon decided to build his own VPN to ensure that the moral and ethics which he holds true are upheld and to provide an industry leader in transparency and accountability. Outside of WeVPN, He enjoys spending time at the gym and watching movies.
Press release in PIA’s blog for when they bought Cypherpunk VPN [1]:
Private Internet Access President Jon Roudier
Press release announcing CES sponsor [2]:
Jonathan Roudier, CEO of PIA, said “We, at Private Internet Access, are so thrilled..."
Surfshark VPN is one of the most popular VPN services in 2022. Its competitive price and unlimited simultaneous connections make it a very attractive VPN option for all kinds of users. But does this VPN live up to give the actual value for money that it claims? Surfshark also offers thousands of servers worldwide, excellent connection speeds, and next-gen AES encryption. However, users have been questioning its jurisdiction and whether it’s as private as showcased.
Surfshark offers some really useful features like SmartDNS, the fast WireGuard protocol, P2P-optimized servers, and provides a selection of easy-to-use intuitive apps and platforms.
So, when you’re connected to Surfshark – who’s servers are you really using? After completing my testing I have concluded that Surfshark uses 20% their own servers, 17% CDNext, 17% M247, 14% CDN77, 13% Host Royale, and the remaining few are Host Universal, Clouvider, and Hydra Communications.
ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.
What services are available when you’re connected to ProtonVPN?
Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).
Service
Blocked / Restricted
Amazon Prime
Limited; some IP ranges are blocked
Netflix
Accessible
Spotify
Accessible
Pandora
Limited; some IP ranges are blocked
YouTube Music
Accessible
Hulu
Accessible
Disney+
Accessible
Google Search
May encounter CAPTCHA
ChatGPT
Limited; some IP ranges are blocked
YouTube
Accessible
When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:
WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.
In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.
ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.
In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.
In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.
Audits
ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.
In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”
ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.
Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.
CyberGhost VPN was founded in 2011 in Bucharest, Romania, and initially began as a free VPN service. By the following year, it had gathered around 1.7 million users. In 2017, a notable change occurred when Kape Technologies (then known as Crossrider) acquired CyberGhost VPN. This acquisition brought about concerns among observers due to Crossrider’s background as an ad-tech firm known for concealing spyware within its apps, which seemed to present a conflict of interest given CyberGhost’s focus on privacy. However, these concerns were largely allayed as Crossrider rebranded to Kape Technologies and positioned itself as a “privacy-first digital security software provider.” Following this, Kape Technologies went on to acquire other well-known VPN brands such as ExpressVPN and Private Internet Access, though these continue to operate independently. As of 2023, CyberGhost VPN has grown significantly with around 38 million users, making it one of the more popular VPNs available.
The company faced a minor hiccup in 2020 when a breach involving Typeform affected around 120 of its users. However, no evidence has emerged to suggest improper use of subscriber data by Kape, its subsidiaries, or any third parties. Despite past skepticism due to its history, CyberGhost VPN has maintained a strong reputation for privacy, continuing to provide valued services to its global user base.
Can I torrent with CyberGhost?
One of the most popular reasons why people use VPNs is to encrypt their traffic and mask their IP while using P2P or BitTorrent services. CyberGhost even offers P2P servers to enhance your experience. However, right in section 8 of their Terms of Service is this alarming statement:
We reserve the right to take appropriate measures when CyberGhost Products are being used contrary to these Terms and applicable laws, including cooperating with public or private authorities as provided by law.
The “terms and applicable laws” are so broad that it essentially means anything illegal based on your local laws, wherever you may be. For DMCA violations generally they will just terminate your account and offer no refund. That being said, intellectual property companies rarely bother to file DMCA complaints for IPs associated with VPNs, especially when that company is registered outside of the United States.
What services are accessible when connected to CyberGhost?
Service
Blocked / Restricted
Amazon Prime
Accessible for browsing; streaming blocked
Netflix
Accessible for browsing; streaming blocked
Spotify
Accessible; CAPTCHA during registration
Pandora
Accessible
YouTube Music
Accessible
Hulu
Accessible
Disney+
Accessible; no restrictions
Google Search
Captcha
ChatGPT
Some IPs blocked
YouTube
Accessible
Data collection
Like almost every VPN, CyberGhost does collect some maintenance-related data, but it claims to not log your server location choices, your total amount of data transferred nor your connection timestamps. As with any VPN, it’s nearly impossible to independently verify the company’s no-logs claim. Even so, CyberGhost does log certain user hardware data in what is likely a bid to enforce the company’s limit of seven simultaneous connections per account.
According to the spokesperson CNET spoke to in August of 2019, CyberGhost does have the ability to help law enforcement by activating a limited user-tracking feature.
“The only way to do it is if that user is still in the system and if the law enforcement knows the IP and could provide also a warrant to track that IP,” the spokesperson said. “We can activate a special feature like a logging feature for that IP, but we have that ability to prevent malicious actions when using our service. But only if that user is still active and we have proof of what exactly is wrong, what IP he is using, and so on. So we’ve got to bring that in order to activate that, to be sure we don’t activate it on a regular user. Otherwise, we can not help any law enforcement company.”
In 2016, however, CyberGhost was called to the carpet by ProPrivacy when the company was discovered to be quietly requesting potentially dangerous, root-level access to customers’ computers — a function the software hasn’t included for about three years now. The service was also caught logging the unique identifiers of each of its user’s computers. Similarly, other reviewers have also expressed wariness after CyberGhost appeared to remove some threads from its forum which may have detailed a critical 2016 malfunction and potentially revealed log-keeping practices within its free proxy service.
Speaking of revelations, in March 2019, CyberGhost took a small hit when the customer-survey company it contracted, Typeform, was breached. The company said 120 email addresses and 14 CyberGhost usernames — but no passwords — were included in the two forms involved in the compromised data.
The bigger concern for me is that CyberGhost still uses a method of ad-blocking that’s considered at best ineffective and at worst insecure. Most VPNs block ads by filtering out requests from websites identified as suspicious. Not CyberGhost. The company instead uses a method which inspects and modifies — rather than filters out — those requests. The method is twice as risky and only half effective since it only works on sites with an HTTP URL and not those with HTTPS.
CNET asked Beyel in June this year about this method of ad-blocking and the criticism it’s received.
“We know this is not very effective. That’s why we’re already working on a better solution which is working on the process,” he said. “We need to completely move this kind of technology on the client side because in the browser you can, of course, do that.”
In its suite of features, however, CyberGhost does offer an option (enabled by default in its MacOS client) which forces your browser to redirect away from sites not secured by HTTPS.
Beyel also said that CyberGhost will be releasing a new suite of privacy modules in the coming weeks which go beyond its VPN to include tools for optimizing your computer and preventing vulnerable apps from affecting your privacy.[2]
The Aloha Browser is one of the up-and-coming new browser apps for mobiles which targets one of the most important aspects of modern browsing — privacy. The Aloha Browser is the only browser (to our knowledge) that comes with a built-in VPN and encrypts user data at all levels.
When you are using Aloha VPN Browser, just who’s servers are you really using? According to our research their servers are 38% M247, 16% IPXO, 16% Ghost, 10% CDN77, 7% Server Stadium, 7% Creanova, and 7% ZenLayer.
Privacy Policy
Upon reviewing the provided privacy policy for Aloha VPN, several areas of concern or potential anti-privacy practices can be identified. The points highlighted below may have implications on user privacy and security based on the information provided in the policy:
Collection of Non-Personal Information:
The policy mentions the collection of standard information typically made available by web browsers. While this is framed as non-personal information, combined data could potentially be used to identify individuals, especially when correlated with other data.
Manual Entry of Personal Information:
Manually entered information for accessing certain services, getting in touch with Aloha VPN, or participating in surveys may expose users to privacy risks, especially if the collected information is sensitive in nature.
Information Protection:
The policy acknowledges that no method of transmission over the internet or electronic storage is 100% secure. This honest disclosure reflects a potential risk to user data, despite the measures in place to protect personal information.
Use of Collected Information:
Personal information is used for a variety of purposes including improving services, marketing, and promotional purposes. This broad usage could be concerning depending on the exact nature and sensitivity of the collected information.
Mention of providing personal information to third parties if obligated by law implies a potential privacy risk in legal or governmental scenarios.
Sharing with Service Providers:
Sharing personal information with third-party service providers may pose a privacy risk, especially if these third parties have differing privacy practices or less stringent security measures.
Disclosure in Legal and Other Situations:
The policy outlines several scenarios where user information might be disclosed, including in response to legal processes, investigative demands, or during significant business transactions like mergers or asset sales. These disclosures could potentially expose users to privacy risks, especially in adversarial legal scenarios or if the acquiring entity has different privacy standards.
Opt-Out Options:
While there is mention of opt-out options regarding updates, promotions, or surveys, the extent and ease of these opt-out mechanisms are not detailed, which could potentially affect user control over their data.
Public Sharing of Aggregated Data:
The policy mentions sharing aggregated but non-personally identifiable information publicly. However, the effectiveness of the anonymization process and whether the aggregated data could be de-anonymized is not addressed.
Notification of Legal Process:
The policy mentions the possibility of notifying users about legal processes compelling disclosure of their information but doesn’t guarantee such notifications. This can potentially leave users unaware of legal actions involving their data.
The points above highlight some potential areas of concern regarding privacy and security within Aloha VPN’s privacy policy, and users should consider these factors when deciding whether to use this service, especially if they are concerned about maintaining a high level of privacy and security.
Private Internet Access (commonly known as PIA) is a capable VPN provider, now owned by Kape, which also owns CyberGhost, ZenMate and ExpressVPN.
PIA has servers available in just about every single state in America, which is great if you want to encrypt and protect your connection but don’t want to get locked out your account for suspicious activity. Choosing a server in a remote country for instance can have some benefits but it is not always the most practical choice.
Privacy Policy
PIA’s privacy policy is a classic example of a company trying to paint itself in the best possible light regarding privacy and legal compliance. They talk a big game about scrutinizing legal requests and standing up for user privacy, emphasizing their commitment to the “spirit” and “letter” of the law. This is meant to reassure you, the user, that they’re on your side, ready to shield your data from the prying eyes of the law—unless absolutely necessary of course.
But here’s the rub: when push comes to shove, the majority of companies, especially those anchored in the U.S., have a breaking point. The notion of a corporate David going toe-to-toe with the Goliath that is the federal government and emerging unscathed is, frankly, more fairy tale than fact. It’s not just about being bullied into submission; it’s about survival. Companies operate under the jurisdiction of local and federal laws, and while they might resist or push back on requests initially, the potential consequences of outright defiance—legal battles, hefty fines, or worse—make compliance the path of least resistance.
What often goes unsaid in these polished statements is the scale and intensity of pressure a company can face behind closed doors. Yes, they might question or attempt to narrow down overly broad subpoenas, but these are tactical moves within a game where the house always wins. The promise to not participate with unconstitutional or illegal requests is noble but navigating the complex web of legal interpretations and potential repercussions makes this a tightrope walk at best.
And let’s not gloss over the part where they say they’ll give users a chance to object to disclosures “when it is possible and a valid option.” That’s a lot of leeway packed into a few words, suggesting that this opportunity is more of an exception than a rule.
In essence, while the statement aims to reassure you of the company’s steadfastness in protecting your privacy, the reality is often shaped by legal and political pressures that can turn those assurances into well-intentioned but ultimately hollow promises.
Terms of Service
As far as Terms of Service go, PIA’s is boilerplate industry standard. If you violate law they reserve the right to terminate your service. They don’t include any of the vague terms and phrases like some other providers due like “inappropriate conduct”.
You must conduct yourself in a way that complies with law and would not violate these rules of conduct.
Log Policy
In the book Resistance, Liberation Technology and Human Rights in the Digital Age author Giovanni Ziccardi shares this response from Private Internet Access:
“We absolutely do not maintain any VPN logs of any kind. We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. These are some of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required.” Q2: “Our company currently operates out of the United States with gigabit gateways in the US, Canada, UK, Switzerland, and the Netherlands.
We chose the US, since it is one of the only countries without a mandatory data retention law. We will not share any information with third parties without a valid court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs and maintain absolutely no logs.”
Torrenting
Private Internet Access (PIA) beats around the bush when it comes to using their VPN services for BitTorrent. While their terms of service explicitly prohibit copyright infringement, their Frequently Asked Questions page delicately navigates the subject of torrenting. PIA suggests that utilizing their VPN can enhance online privacy and prevent ISPs from potentially labeling a user’s activities as suspicious. However, this stance is somewhat disingenuous, as ISPs generally do not actively monitor their customers’ web traffic. The primary concern with torrenting, particularly in the context of piracy, is the risk of receiving DMCA takedown notices, which is a more direct consequence of copyright violation than mere ISP scrutiny.
Torrenting with PIA is a breeze, however. After I connected to a Canadian server about 1,200 miles away I fired up QBitorrent and within seconds was connectable. I was able to achieve speeds of 10Mbps down and 1.4Mbps up. Not too shabby. It’s important to remember that torrenting is a completely subjective experience and these results are only indicative of my experience. Yours may differ wildly.
According to my research, PIA VPN predominantly uses CDNext, GTT, and M247 servers depending on where you are connecting to.
Use of virtual servers
While it’s not uncommon for VPN providers to use location virtualization, some do see it as dishonest and another deceitful marketing technique. During our testing, we discovered that PIA does in fact use location virtualization. For instance, 100% of the servers advertised as being in the Philippines were actually located in Singapore.
IP Advertised Country Actual Country ISP ASN
188.214.125.131 Philippines Singapore M247 AS9009
ASN Diversity
In the realm of Virtual Private Networks (VPNs), diversity is a key indicator of network resilience. A significant measure of this diversity can be evaluated using the Shannon Diversity Index (SDI), a concept borrowed from ecology to measure the biodiversity in a given community. In the context of VPNs, the SDI offers a quantitative assessment of the diversity of Autonomous System Numbers (ASNs) among VPN servers. Theoretically, a higher SDI correlates with increased network diversity, indicating a more resilient network structure less prone to single-point failures.
An examination of Private Internet Access (PIA), with its SDI value of 1.8, reveals a comparatively lower network diversity in relation to other VPNs. For instance, Windscribe, Surfshark, and NordVPN have reported SDI values of 3.6, 2.88, and 2.75 respectively. This suggests a potential susceptibility in PIA’s network to failures or targeted attacks, owing to its relatively less diverse network.
However, it is crucial to emphasize that SDI, while informative, is not the sole determinant of network performance and resilience. Several other factors, including the choice of Internet Service Providers (ISPs), geographical server distribution, total network capacity, and VPN service management practices significantly influence a VPN’s overall performance. Thus, while PIA’s SDI value may not place it at the pinnacle of network diversity, it is important to consider the holistic context when evaluating VPN performance and resilience.