It’s highly likely that you’re familiar with McAfee if you’re acquainted with any company in the realm of digital security and virus protection. Founded in the United States in 1987, McAfee has gained notoriety primarily for its antivirus software. However, upon discovering that they also offer a VPN service, we felt compelled to put it to the test. Here are our findings.
We found that McAfee has an extremely poor logging policy. Their VPN service logs information that can be used to personally identify you, including your IP address and the websites you visit. By using McAfee Safe Connect, you’re essentially forfeiting your privacy to McAfee instead of safeguarding it. While it’s true that VPN providers retain logs, they are typically only the minimum necessary to ensure their services run smoothly.
Infested with tracking scripts
One thing I always do when testing out app-based VPNs is pay attention to my DNS logs for anything suspicious. One or two pings to home servers is nothing unusual, you do have to connect to your provider’s servers to log in, change account settings, etc. But when I start to see a bunch of advertising domains come up, it makes the company lose any credibility whatsoever. While using their VPN app, I saw the following connections in my DNS logs:
It’s common knowledge that using a VPN service can often result in a slower internet connection – but I found McAfee’s speeds to be horrendously slow. One of the reasons for this is that VPN providers may have a limited infrastructure that they use to route their customers’ internet traffic through. To save money and reduce infrastructure costs, VPN providers may opt to use a smaller number of servers, which can become overloaded and slow down the overall connection speed. While some VPN providers do invest in larger server networks and higher quality infrastructure, the cost associated with this can make their services more expensive than other options on the market. Clearly McAfee is not one of them.
IPVanish is a virtual private network (VPN) service that allows users to securely and anonymously access the internet. A VPN creates a secure, encrypted connection between a device and the internet, protecting data and preventing snooping or tampering by third parties. IPVanish offers a range of VPN products and services, including support for Windows, Mac, iOS, Android, Linux, and other platforms. The company was founded in 2012 and is headquartered in the United States.
A few years ago, IPVanish handed over user logs to the FBI. This caused consumers to question just how seriously the company takes user privacy, and it saw a dip in use and confidence as a result. As part of my review, I look to see if there have been any changes, or if IPVanish still deserves caution when choosing a VPN.
IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.
Can you torrent with IPVanish?
One of the most common reasons why people sign up for VPNs is so they can use BitTorrent without revealing their true IP address. If you look at section 12 and 13 of the IPVanish Terms of Service, it clearly states that they respect copyright and intellectual property. They also have a page on their website instructing individuals how to submit DMCA notices. It is clear from their ToS that repeated DMCA violations will result in termination of your account:
It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others.
Looking at their privacy policy
The IPVanish privacy policy starts off the generic “we do not log, monitor, or collect your browsing history” which is the baseline for a decent VPN. A lot of people will read that line and go SEE!!! They’re anonymous!!!1. However, the devil is in the details – just a few lines down in G. Lawful Bases for Processing Personal Data it states:
We may Process your Personal Data where the Processing is required by applicable law;
What exactly does that mean? Just a few more lines down it explains:
“Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In a nutshell – they may not “monitor” or “log” your browsing activity but per their Privacy Policy they will hand over any and all information they have on you if required by law.
Hands in many different pies
IPVanish has an interesting history that also includes a few different ownership changes over the years.
Here is a brief summary of IPVanish’s history based on my research for this review:
IPVanish was founded by Mudhook Marketing in 2012, a subsidiary of Highwinds Network Group in Orlando, Florida.
In 2017, StackPath acquired Highwinds Network Group, which also included IPVanish.
In 2019, IPVanish was sold off to J2 Global (now called ZiffDavis Inc.) under the “Net Protect” division.
J2 Global, also known as ZiffDavis Inc., isn’t just any ordinary company – they’re the parent company for many websites that publish reviews, including PCMag. But wait, there’s more. J2 Global doesn’t just stop at publishing reviews, they also own several VPN services, such as IPVanish, StrongVPN, and Encrypt.me. As if that’s not enough, they also have a secure cloud storage service called SugarSync. It seems like J2 Global wants to control every aspect of the digital world, doesn’t it? Who knows what kind of data they’re collecting from all these different services. It’s enough to make you wonder who’s really in charge of your data and privacy.
So, J2 Global is the proud owner of a collection of VPN services, which means we’re now in a situation where VPN review websites are recommending products that are actually owned by the parent company. How convenient, right?
It’s a bit of a dubious situation if you ask me, and we’ve discussed it before in our article on VPNs that own review websites. It’s hard not to be skeptical when the very same company that owns the VPN service is also the one getting glowing reviews from their own review websites. One has to wonder if these reviews are truly unbiased or just part of a larger marketing scheme. It’s a classic case of “who watches the watchers,” and it’s not exactly comforting.
Windscribe, a cross-platform virtual private network (VPN) service provider, was founded by Yegor Sak and Alex Paguis in 2016. Based in Canada, it has grown to operate internationally, supporting a broad range of operating systems and platforms, and providing services to personal computers, smartphones, routers, and smart TVs1.
The company’s offerings include OpenVPN, Internet Key Exchange v2/IPsec, and WireGuard protocols in its applications, supporting peer-to-peer file sharing, and ensuring user privacy with a no-log policy. Additionally, Windscribe provides open source applications and encrypted proxy support, while allowing for unlimited device connections1.
Windscribe has been recognized for its social responsibility efforts, particularly in advocating for freedom of access to information in regions of political unrest. It has also developed transparency tools to shine a light on the relationship between corporate VPNs and their paid promoters.
Despite earning accolades from publications like Wired UK and Engadget for its reliability, cost-effectiveness, and range of server options, Windscribe has faced criticism related to security vulnerabilities. However, the company has demonstrated swift response to these issues, underscoring its commitment to user security.
Some users familiar with the name may be wary to trust their services, after the poor security practices were revealed in their 2021 data breach. The company has since promised to do better. You can read the original article, but here are the main highlights:
Windscribe left its VPN servers in Ukraine unencrypted and unsecured.
When Ukrainian authorities seized the servers, they also obtained Windscribe’s private key.
With the private key, Ukrainian officials could decrypt traffic and spy on Windscribe users.
Windscribe admitted that it does not follow “industry best practices” with its server network, but promised to change.
Windscribe is in the process of upgrading server security and hopefully undergoing a security audit.
Based on data collected, when you are using Windscribe VPN you are predominantly using Quadranet, CDNext, Global Secure Layer, CDN77, or M247 servers.
Global Coverage
Windscribe showcases an impressive degree of geographic diversity in its server locations. It has a presence in 59 countries across multiple continents including North America, South America, Europe, Africa, Asia, and Oceania. This comprehensive global coverage provides users with extensive options for regional access and optimizes connection speeds. Key locations such as the United States, Canada, the United Kingdom, Australia, and the Netherlands host a significant number of servers, ensuring a robust and reliable service. Windscribe’s commitment to geographic diversity is also demonstrated by their notable presence in emerging markets. Given this extensive geographic spread, Windscribe earns an impressive score on our Global Coverage Index, receiving an 85 out of 100.
WeVPN users acquired by Windscribe
In 2023 VPN service provider WeVPN announced that it is shutting down due to unforeseen financial difficulties. In a statement, the company assured its customers that those with active subscriptions will be able to use Windscribe for the remaining duration of their subscription free of charge. Windscribe has agreed to offer free accounts to WeVPN users, which will provide them access to Windscribe’s network of servers, robust security features, and customer support.
However, many are skeptical of this offer, as it appears to be a backdoor deal, and there is a lack of transparency regarding the relationship between the two companies. Windscribe and WeVPN have confirmed that Windscribe did not acquire WeVPN, but rather, it is a gesture of goodwill by Windscribe’s founder, Yegor. The company will cover WeVPN accounts for three months up to two years, but those who purchased their subscriptions from specific promotions such as lifetime deals will not be covered. Despite this offer, customers are disappointed by the lack of compensation from WeVPN and the lack of transparency regarding the closure.
It’s super weird that they’ve removed theWeVPN founder’s and CEO information from the site, and there is so little information about them on the Internet. Specially when WeVPN founder claims to “have been running” Private Internet Access for years, and there’s a blog post saying that he used to be the President for PIA, and some other press releases saying he was the CEO.
The cache for their “about us” section [0]:
Jonathan Roudier
Founder
VPN Experience: 8 years
Jon has nearly a decade of working in the VPN industry originally in Marketing and later in leadership and senior management. With his years of insight and customer knowledge gained from running Private Internet Access®, one of the world's biggest VPN providers, Jon decided to build his own VPN to ensure that the moral and ethics which he holds true are upheld and to provide an industry leader in transparency and accountability. Outside of WeVPN, He enjoys spending time at the gym and watching movies.
Press release in PIA’s blog for when they bought Cypherpunk VPN [1]:
Private Internet Access President Jon Roudier
Press release announcing CES sponsor [2]:
Jonathan Roudier, CEO of PIA, said “We, at Private Internet Access, are so thrilled..."
ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.
What services are available when you’re connected to ProtonVPN?
Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).
Service
Blocked / Restricted
Amazon Prime
Limited; some IP ranges are blocked
Netflix
Accessible
Spotify
Accessible
Pandora
Limited; some IP ranges are blocked
YouTube Music
Accessible
Hulu
Accessible
Disney+
Accessible
Google Search
May encounter CAPTCHA
ChatGPT
Limited; some IP ranges are blocked
YouTube
Accessible
When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:
WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.
In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.
ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.
In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.
In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.
Audits
ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.
In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”
ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.
Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.
The Aloha Browser is one of the up-and-coming new browser apps for mobiles which targets one of the most important aspects of modern browsing — privacy. The Aloha Browser is the only browser (to our knowledge) that comes with a built-in VPN and encrypts user data at all levels.
When you are using Aloha VPN Browser, just who’s servers are you really using? According to our research their servers are 38% M247, 16% IPXO, 16% Ghost, 10% CDN77, 7% Server Stadium, 7% Creanova, and 7% ZenLayer.
Privacy Policy
Upon reviewing the provided privacy policy for Aloha VPN, several areas of concern or potential anti-privacy practices can be identified. The points highlighted below may have implications on user privacy and security based on the information provided in the policy:
Collection of Non-Personal Information:
The policy mentions the collection of standard information typically made available by web browsers. While this is framed as non-personal information, combined data could potentially be used to identify individuals, especially when correlated with other data.
Manual Entry of Personal Information:
Manually entered information for accessing certain services, getting in touch with Aloha VPN, or participating in surveys may expose users to privacy risks, especially if the collected information is sensitive in nature.
Information Protection:
The policy acknowledges that no method of transmission over the internet or electronic storage is 100% secure. This honest disclosure reflects a potential risk to user data, despite the measures in place to protect personal information.
Use of Collected Information:
Personal information is used for a variety of purposes including improving services, marketing, and promotional purposes. This broad usage could be concerning depending on the exact nature and sensitivity of the collected information.
Mention of providing personal information to third parties if obligated by law implies a potential privacy risk in legal or governmental scenarios.
Sharing with Service Providers:
Sharing personal information with third-party service providers may pose a privacy risk, especially if these third parties have differing privacy practices or less stringent security measures.
Disclosure in Legal and Other Situations:
The policy outlines several scenarios where user information might be disclosed, including in response to legal processes, investigative demands, or during significant business transactions like mergers or asset sales. These disclosures could potentially expose users to privacy risks, especially in adversarial legal scenarios or if the acquiring entity has different privacy standards.
Opt-Out Options:
While there is mention of opt-out options regarding updates, promotions, or surveys, the extent and ease of these opt-out mechanisms are not detailed, which could potentially affect user control over their data.
Public Sharing of Aggregated Data:
The policy mentions sharing aggregated but non-personally identifiable information publicly. However, the effectiveness of the anonymization process and whether the aggregated data could be de-anonymized is not addressed.
Notification of Legal Process:
The policy mentions the possibility of notifying users about legal processes compelling disclosure of their information but doesn’t guarantee such notifications. This can potentially leave users unaware of legal actions involving their data.
The points above highlight some potential areas of concern regarding privacy and security within Aloha VPN’s privacy policy, and users should consider these factors when deciding whether to use this service, especially if they are concerned about maintaining a high level of privacy and security.
TunnelBear is a virtual private network (VPN) service that is known for its user-friendly interface and its commitment to privacy and security. The company was founded in 2011 and is headquartered in Toronto, Canada.
TunnelBear offers a range of VPN services that are designed to protect users’ online privacy and security by encrypting their internet connection and hiding their IP address. The company’s VPN services are available for a variety of devices, including computers, smartphones, and tablets, and are suitable for both personal and business use.
TunnelBear is known for its easy-to-use VPN software, which is available for a variety of platforms, including Windows, Mac, iOS, and Android. The software is designed to be user-friendly, with a simple interface and clear instructions for connecting to the VPN.
In addition to its VPN services, TunnelBear is also known for its commitment to privacy and security. The company has a strict no-logs policy, which means that it does not keep any records of users’ online activities. TunnelBear is also independently audited to ensure that it is in compliance with its privacy and security policies.
Overall, TunnelBear is a well-respected and trusted VPN service that is known for its user-friendly interface and its commitment to privacy and security.
TorGuard is a virtual private network (VPN) service that encrypts internet traffic and helps to secure online activity. It is designed to protect privacy and increase security, and is often used to bypass internet censorship and access blocked content. TorGuard is based in the United States and was founded in 2012. In addition to its VPN service, the company also offers proxy services and anonymous email. TorGuard claims to have servers in over 50 countries and to support a wide range of devices and platforms, including Windows, Mac, Linux, iOS, Android, and routers.
According to TorGuard’s website and privacy policy, the company does not keep logs of its users’ online activity or IP addresses. TorGuard states that it has a strict no-log policy, which means that it does not collect or store any information about its users’ online activity or IP addresses. This is intended to protect the privacy and security of TorGuard’s users. It’s worth noting that VPNs can be subject to government and law enforcement requests for user data, and a VPN company’s no-log policy may not necessarily protect users in all cases. However, in the absence of any logs, a VPN company like TorGuard would not have any information to provide to third parties if requested.
Network Overview
2019 Security Incident
According to a report by PCMag, NordVPN and TorGuard were hit by hacks involving insecure servers. The server did not contain user activity logs, but the hacker stole a Transport Layer Security key, which temporarily opened the door for a ‘man in the middle’ attack. The hackers may have also gained root access to the server, enabling them to potentially view and modify VPN traffic. NordVPN says that the attacker was able to nab the Transport Layer Security key that is used to verify that a site is actually run by NordVPN. TorGuard said that it manages its certificate authority and keys in-house and that its VPN or proxy traffic was not compromised during an isolated breach of a single VPN server and no sensitive information was compromised during this incident.
Global Coverage
TorGuard’s VPN service demonstrates a measure of global reach, with servers located in 34 countries. However, the number of servers per location is relatively modest, leading to less robust representation in each of the countries. The most prominent presence is in the United States, with 54 servers, which, although beneficial for users specifically seeking connections within this region, may not provide the most comprehensive access or optimal speeds for users desiring connections in other areas.
Upon applying the Global Diversity Index (GDI) – a scoring system designed to assess the geographical spread of VPN server locations – TorGuard achieves a score of 45 out of 100. This rating is influenced by the geographic diversity of server locations, the number of servers within these locations, and the global coverage of the service.
In constructing the GDI, several key factors are taken into account. The breadth of geographic representation is vital – providers with a greater number of countries covered generally score higher. The quantity of servers within each country is another crucial element, as a higher server count often equates to increased connection stability and potentially faster speeds. Furthermore, we consider the presence in regions typically underrepresented in VPN services, such as Africa and South America, as indicative of truly global coverage.
Thus, while TorGuard demonstrates a degree of global presence, the relative scarcity of servers within each location impacts its overall GDI score. It’s essential to reiterate, however, that the GDI score represents just one dimension of evaluating a VPN service, and users should also consider factors such as privacy policies, speed, security features, and customer support in making their choice.
