VPN Transparency Project

Tag: digital ocean

  • X-VPN

    X-VPN

    X-VPN is a freemium VPN service that has become well-known for its simplicity and extensive server network. However, these points are overshadowed by some major concerns, making it a questionable choice for privacy-conscious users. One key issue is the existence of adware built into its app, making it a risky choice for users valuing privacy and security.

    X-VPN is owned by Free Connected Limited, a Hong Kong-based company that, upon investigation, revealed alarming links to mainland China. Given China’s notorious approach towards VPNs and digital rights, this is a significant cause for concern.

    Considering all these factors, X-VPN doesn’t come across as a trustworthy service. Its price and value for money also rank low at 6.0 out of 10, especially when there are cheaper and more reliable alternatives available.

    Privacy Practices

    Among the numerous concerns associated with X-VPN, the most unsettling is its privacy and logging policy, which received a dismal score of 2.9 out of 10. While many VPNs pride themselves on a strict no-logs policy, X-VPN has chosen a path far from it.

    Firstly, X-VPN logs a range of information that should typically be off-limits for a VPN service, especially one that purportedly values user privacy. This logged data includes device information, individual bandwidth usage, and connection timestamps, a decision we find to be unacceptable. While none of this information may be immediately identifiable, when correlated, such data can potentially be used to de-anonymize user activity.

    For mobile app users, X-VPN goes a step further, collecting VPN connection timestamps, choice of VPN protocol, and network type. Although the service has recently reduced its data retention period from 96 to 48 hours, it still raises eyebrows as to why it needs to collect this data in the first place. Top VPN providers have shown it’s entirely possible to optimize service without maintaining such logs.

    Furthermore, X-VPN’s vague privacy policy and the extent of data it collects vary by device. Across all its apps, it logs data like device information, usage, and city-level location, ostensibly for product development purposes. Even though this data can be deleted upon request, it’s unclear how straightforward this process is and whether any residual data remains.

    X-VPN’s logging practices become all the more concerning when coupled with its ties to China. Given the stringent regulation and censorship in the country, the possibility of data being accessed by third parties or government authorities can’t be ruled out.

    Lastly, X-VPN’s logging policy has not been verified by an independent audit or backed by a warrant canary. This lack of transparency and validation casts further doubt on X-VPN’s commitment to user privacy.

    In conclusion, X-VPN’s privacy policy and data logging practices not only betray the core principles of what a VPN should stand for – privacy, security, and anonymity – but also place it as a poor choice for those seeking a genuinely private and secure online experience. Users are strongly advised to consider VPNs that have clear, user-friendly, and audited no-logs policies to ensure their online activities remain private and secure.

    During the review, we also noted multiple connections to various domains such as get-xmore-links8.com, api.du-just-link.com, etc., which only compounds our concerns about its commitment to user privacy and security.

    We strongly advise against using X-VPN, particularly its free version which comes without a kill switch and is restrictive on server locations. While it does have some positives like ease of use and ability to unblock streaming platforms, its serious flaws, especially the adware issue, make it a risky choice.

    We suggest exploring other VPN services ranked higher, which offer fast speed, reliable unblocking capabilities, and most importantly, prioritize user privacy and security.

  • TurboVPN

    TurboVPN

    TurboVPN is a virtual private network (VPN) service that allows users to browse the internet securely and anonymously. However, before investing in this service, it’s important to consider the ownership of TurboVPN.

    TurboVPN is owned and operated by Innovative Connecting Pte. Limited, a Singapore-based company. While the company has been in business since 2016 and offers a variety of VPN services, I approached their brand with a hint of skepticism, given the company’s history in the VPN space.

    While Innovative Connecting Pte. Limited’s mission is to provide secure and private internet access to users worldwide, there have been concerns raised in the past about their privacy policies and data practices. As with many VPN providers, there is no guarantee that your personal data will be kept confidential, and it’s important to do your research and choose a service that takes your privacy seriously.

    At the time of this review, their servers are 41% M247, 17% Digital Ocean, 10% Take2, 7% Choopa, 7% Ghost, and the remaining servers are a mix of Lineode, Hetzner, Oracle, and Datacamp Limited. All in all this is a fairly common spread of providers which almost half being M247, but I was surprised to see a good distrubution of providers for the other 60%.

    Designed to track you

    Any time you decide to use a service or VPN owned and operated by a company from Asia, I would be very cautious. In my testing, after using the app for several minutes I found the following in my DNS logs:

    pangolin16.sgsnssdk.com
    www.wshifen.com
    sdk.iad-01.braze.com
    data.flurry.com
    baidu.com

    app-measurement.com
    cdn.snigelweb.com
    api16-access-sg.pangle.io
    pitaya-task-sg.byteintlapi.com
    alisg-normal-lb.byteoversea.net

    TurboVPN’s free version is indeed ad-supported and comes with some usage limitations, such as a limited number of servers and slower connection speeds. However, its premium version is available for a reasonable price and includes many advanced features, such as dedicated IP addresses and unlimited bandwidth.

    Overall, while TurboVPN may seem like an appealing option for those looking to protect their online privacy, it’s important to always approach VPN providers with a hint of skepticism. Although owned by Innovative Connecting Pte. Limited, TurboVPN claims to prioritize user privacy and data security, but it’s ultimately up to each individual user to decide whether they trust the company’s practices or not.

    Related Posts

  • McAfee VPN

    McAfee VPN

    It’s highly likely that you’re familiar with McAfee if you’re acquainted with any company in the realm of digital security and virus protection. Founded in the United States in 1987, McAfee has gained notoriety primarily for its antivirus software. However, upon discovering that they also offer a VPN service, we felt compelled to put it to the test. Here are our findings.

    We found that McAfee has an extremely poor logging policy. Their VPN service logs information that can be used to personally identify you, including your IP address and the websites you visit. By using McAfee Safe Connect, you’re essentially forfeiting your privacy to McAfee instead of safeguarding it. While it’s true that VPN providers retain logs, they are typically only the minimum necessary to ensure their services run smoothly.

    Infested with tracking scripts

    One thing I always do when testing out app-based VPNs is pay attention to my DNS logs for anything suspicious. One or two pings to home servers is nothing unusual, you do have to connect to your provider’s servers to log in, change account settings, etc. But when I start to see a bunch of advertising domains come up, it makes the company lose any credibility whatsoever. While using their VPN app, I saw the following connections in my DNS logs:

    polargrizzly.com
    lazerpenguin.com
    usbla.net
    usabilla.com
    appsflyer.com
    moengage.com

    Slower speeds

    It’s common knowledge that using a VPN service can often result in a slower internet connection – but I found McAfee’s speeds to be horrendously slow. One of the reasons for this is that VPN providers may have a limited infrastructure that they use to route their customers’ internet traffic through. To save money and reduce infrastructure costs, VPN providers may opt to use a smaller number of servers, which can become overloaded and slow down the overall connection speed. While some VPN providers do invest in larger server networks and higher quality infrastructure, the cost associated with this can make their services more expensive than other options on the market. Clearly McAfee is not one of them.

    Recommended VPNS:

  • Aloha Browser VPN

    Aloha Browser VPN

    The Aloha Browser is one of the up-and-coming new browser apps for mobiles which targets one of the most important aspects of modern browsing — privacy. The Aloha Browser is the only browser (to our knowledge) that comes with a built-in VPN and encrypts user data at all levels. 

    When you are using Aloha VPN Browser, just who’s servers are you really using? According to our research their servers are 38% M247, 16% IPXO, 16% Ghost, 10% CDN77, 7% Server Stadium, 7% Creanova, and 7% ZenLayer.

    Privacy Policy

    Upon reviewing the provided privacy policy for Aloha VPN, several areas of concern or potential anti-privacy practices can be identified. The points highlighted below may have implications on user privacy and security based on the information provided in the policy:

    1. Collection of Non-Personal Information:
      • The policy mentions the collection of standard information typically made available by web browsers. While this is framed as non-personal information, combined data could potentially be used to identify individuals, especially when correlated with other data.
    2. Manual Entry of Personal Information:
      • Manually entered information for accessing certain services, getting in touch with Aloha VPN, or participating in surveys may expose users to privacy risks, especially if the collected information is sensitive in nature.
    3. Information Protection:
      • The policy acknowledges that no method of transmission over the internet or electronic storage is 100% secure. This honest disclosure reflects a potential risk to user data, despite the measures in place to protect personal information.
    4. Use of Collected Information:
      • Personal information is used for a variety of purposes including improving services, marketing, and promotional purposes. This broad usage could be concerning depending on the exact nature and sensitivity of the collected information.
      • Mention of providing personal information to third parties if obligated by law implies a potential privacy risk in legal or governmental scenarios.
    5. Sharing with Service Providers:
      • Sharing personal information with third-party service providers may pose a privacy risk, especially if these third parties have differing privacy practices or less stringent security measures.
    6. Disclosure in Legal and Other Situations:
      • The policy outlines several scenarios where user information might be disclosed, including in response to legal processes, investigative demands, or during significant business transactions like mergers or asset sales. These disclosures could potentially expose users to privacy risks, especially in adversarial legal scenarios or if the acquiring entity has different privacy standards.
    7. Opt-Out Options:
      • While there is mention of opt-out options regarding updates, promotions, or surveys, the extent and ease of these opt-out mechanisms are not detailed, which could potentially affect user control over their data.
    8. Public Sharing of Aggregated Data:
      • The policy mentions sharing aggregated but non-personally identifiable information publicly. However, the effectiveness of the anonymization process and whether the aggregated data could be de-anonymized is not addressed.
    9. Notification of Legal Process:
      • The policy mentions the possibility of notifying users about legal processes compelling disclosure of their information but doesn’t guarantee such notifications. This can potentially leave users unaware of legal actions involving their data.

    The points above highlight some potential areas of concern regarding privacy and security within Aloha VPN’s privacy policy, and users should consider these factors when deciding whether to use this service, especially if they are concerned about maintaining a high level of privacy and security.

    See also:

  • TunnelBear

    TunnelBear

    TunnelBear is a virtual private network (VPN) service that is known for its user-friendly interface and its commitment to privacy and security. The company was founded in 2011 and is headquartered in Toronto, Canada.

    TunnelBear offers a range of VPN services that are designed to protect users’ online privacy and security by encrypting their internet connection and hiding their IP address. The company’s VPN services are available for a variety of devices, including computers, smartphones, and tablets, and are suitable for both personal and business use.

    TunnelBear is known for its easy-to-use VPN software, which is available for a variety of platforms, including Windows, Mac, iOS, and Android. The software is designed to be user-friendly, with a simple interface and clear instructions for connecting to the VPN.

    In addition to its VPN services, TunnelBear is also known for its commitment to privacy and security. The company has a strict no-logs policy, which means that it does not keep any records of users’ online activities. TunnelBear is also independently audited to ensure that it is in compliance with its privacy and security policies.

    Overall, TunnelBear is a well-respected and trusted VPN service that is known for its user-friendly interface and its commitment to privacy and security.

  • VPN – Super Unlimited

    VPN – Super Unlimited

    Just about everyone knows what a VPN is these days, or at the very least, they’ve heard of them. And businesses keen on making a quick dollar have caught on to the recent surge in VPN users. A quick glance at the iOS App Store shows over a dozen VPN apps, all with their own unique names and branding. Many purport to be the best and many are free. Unfortunately, many of these VPNs are immensely popular due to their free or inexpensive services.

    After all, all VPNs are the same… right? In theory. All mechanics are indeed mechanics. But that doesn’t mean you should bring your car to any old mechanic with out at least doing some research or reading reviews. Every city has the shops to avoid because they will do unauthorized work or will exaggerate the severity of your cars work to get an easy Buck out of you. Blinker fluid, anyone? VPNs are no different exempt you are entrusting these companies with some of your most personal, sensitive data.

    Our opinion: Thumbs down

    Website: https://www.mobilejump.mobi/

    Mobile Jump is based in Singapore, but according to Top10VPN, the company’s roots are in mainland China. And it’s the risk of user data being transferred to China that has prompted Top10VPN’s head of research Simon Migliano to issue a warning to U.S. users. “It’s certainly a surprise to see a Chinese VPN grow so rapidly in such a short space of time,” he told me. “There are two main risks. First, it collects unusually large amounts of personal information, including location data. Second, not only does it use that information for advertising, but it explicitly states it will share that data with authorities around the world, including those in China.”

    https://www.forbes.com/sites/zakdoffman/2019/12/03/top-ios-security-app-shares-user-data-with-china-8-million-americans-impacted/?sh=2481a89454d7
    • LA 38.75.137.21 as63023
    • Russia 146.185.215.81 AS210756
    • Dallas 38.68.134.247 AS63023
    • Seattle 169.197.143.20 AS63023
    • Germany 64.225.110.152
    • NY 38.91.101.107 AS63023
    • London 37.120.198.174
    • Mexico 103.14.26.33
    • Spain 195.206.107.242
    • Netherlands 185.200.119.110
    • Portugal 94.46.171.166 AS24768
    • Canada 217.138.213.106

    And, in fairness, Mobile Jump’s privacy policy should leave users in no doubt as to the risks being taken. For a VPN it’s extraordinary small print: “We regularly collect and use information that could identify an individual, in particular about your purchase or use of our products, services, mobile and software applications and websites… We use various technologies to determine [your] location, including IP addresses, GPS, and other sensors.” An app whose primary purpose is to anonymise users, collects and stores personal information that could identify and locate those users. And there’s worse. The company says it might share data with “regulators and law enforcement or investigation agencies in the EU, U.S., China, and around the world.”

    https://www.forbes.com/sites/zakdoffman/2019/12/03/top-ios-security-app-shares-user-data-with-china-8-million-americans-impacted/?sh=2481a89454d7
  • TorGuard

    TorGuard

    Table of Contents

    TorGuard is a virtual private network (VPN) service that encrypts internet traffic and helps to secure online activity. It is designed to protect privacy and increase security, and is often used to bypass internet censorship and access blocked content. TorGuard is based in the United States and was founded in 2012. In addition to its VPN service, the company also offers proxy services and anonymous email. TorGuard claims to have servers in over 50 countries and to support a wide range of devices and platforms, including Windows, Mac, Linux, iOS, Android, and routers.

    According to TorGuard’s website and privacy policy, the company does not keep logs of its users’ online activity or IP addresses. TorGuard states that it has a strict no-log policy, which means that it does not collect or store any information about its users’ online activity or IP addresses. This is intended to protect the privacy and security of TorGuard’s users. It’s worth noting that VPNs can be subject to government and law enforcement requests for user data, and a VPN company’s no-log policy may not necessarily protect users in all cases. However, in the absence of any logs, a VPN company like TorGuard would not have any information to provide to third parties if requested.

    Network Overview

    2019 Security Incident

    According to a report by PCMag, NordVPN and TorGuard were hit by hacks involving insecure servers. The server did not contain user activity logs, but the hacker stole a Transport Layer Security key, which temporarily opened the door for a ‘man in the middle’ attack. The hackers may have also gained root access to the server, enabling them to potentially view and modify VPN traffic. NordVPN says that the attacker was able to nab the Transport Layer Security key that is used to verify that a site is actually run by NordVPN. TorGuard said that it manages its certificate authority and keys in-house and that its VPN or proxy traffic was not compromised during an isolated breach of a single VPN server and no sensitive information was compromised during this incident.

    Global Coverage

    TorGuard’s VPN service demonstrates a measure of global reach, with servers located in 34 countries. However, the number of servers per location is relatively modest, leading to less robust representation in each of the countries. The most prominent presence is in the United States, with 54 servers, which, although beneficial for users specifically seeking connections within this region, may not provide the most comprehensive access or optimal speeds for users desiring connections in other areas.

    Upon applying the Global Diversity Index (GDI) – a scoring system designed to assess the geographical spread of VPN server locations – TorGuard achieves a score of 45 out of 100. This rating is influenced by the geographic diversity of server locations, the number of servers within these locations, and the global coverage of the service.

    In constructing the GDI, several key factors are taken into account. The breadth of geographic representation is vital – providers with a greater number of countries covered generally score higher. The quantity of servers within each country is another crucial element, as a higher server count often equates to increased connection stability and potentially faster speeds. Furthermore, we consider the presence in regions typically underrepresented in VPN services, such as Africa and South America, as indicative of truly global coverage.

    Thus, while TorGuard demonstrates a degree of global presence, the relative scarcity of servers within each location impacts its overall GDI score. It’s essential to reiterate, however, that the GDI score represents just one dimension of evaluating a VPN service, and users should also consider factors such as privacy policies, speed, security features, and customer support in making their choice.