Tag: gsl

  • StrongVPN

    StrongVPN

    StrongVPN is a virtual private network (VPN) service provider. A VPN is a service that encrypts a device’s internet connection and routes it through a server in a location of the user’s choosing. This can be used to protect the user’s privacy and security online, as well as to access content that may be restricted in their location. StrongVPN offers a range of VPN plans and features, including support for multiple devices, unlimited bandwidth, and a variety of security protocols. The company is based in the United States and has been in operation since 2005.

    StrongVPN, formerly Black Oak Computers / Reliable Hosting / Overplay, is owned by Ziff Davis (formerly J2 Global) who owns NetProtect who operates IPVanish as well as StrongVPN.

    Is StrongP2P safe for torrenting?

    In the book Resistance, Liberation Technology and Human Rights in the Digital Age by Giovanni Ziccardi, he writes:

    This company did not directly answer questions but pointed to their logkeeping policy instead. StrongVPN do log and are able to match an external IP address to their subscribers. They were the most outwardly aggressive provider in the survey when it came to dealing with infringement. “StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden, please do not do this or we will have to take action against your account”

    “StrongVPN Notice: You may NOT distribute copyright-protected material through our network. We may cancel your account if that happens.”

    Privacy Policy

    The StrongVPN privacy policy is reasonably transparent and does not appear to have any major contradictions. However, a few aspects stand out as potential privacy concerns:

    • They collect email addresses, payment information, names, credit cards, and billing addresses to create accounts. This is quite a bit of personal information.
    • They use cookies and allow third party cookies for analytics and functionality. Users have to opt out of each third party cookie separately.
    • They may send marketing and promotional emails, requiring users to actively unsubscribe.
    • They disclaim warranties and liability, reducing accountability.
    • Users have to take multiple steps to exercise data rights like deletion. StrongVPN can retain data if needed for legal reasons.
    • They can monitor, restrict, or suspend accounts without notice for any reason. This could enable unfettered surveillance.
    • Data can be shared across their corporate group and third party processors quite freely.
    • Data is transferred internationally, with some protection measures. Local laws may differ.
    • Retention periods are vaguely defined as “necessary” for purposes in the policy.

    Overall the policy seems standard for a VPN provider, but the collection of personal information, broad data sharing allowances, and power to monitor/suspend accounts stand out as areas of concern that could impact privacy. The policy meets transparency requirements but still merits careful review by users.

    Terms of Service

    Users should carefully scrutinize the StrongVPN Terms of Service before signing up for the VPN service. Several clauses in the Terms grant StrongVPN alarming levels of discretion when it comes to monitoring, restricting, and terminating user accounts without notice. Users must agree to binding arbitration and waive rights to class action lawsuits, severely limiting legal recourse options. Additionally, StrongVPN disclaims all warranties and liability on their end, removing accountability for services. The Terms also give StrongVPN broad rights to collect and use customer data with few constraints. Restrictions like prohibiting account sharing among household members seem unnecessarily strict as well.

    Overall, the StrongVPN Terms of Service appear heavily stacked against users and in favor of StrongVPN’s interests. Users have little power or recourse under the Terms as written. StrongVPN reserves the right to change the Terms anytime without directly notifying users beyond posting to their website. Those concerned about privacy and accountability are advised to fully review the StrongVPN privacy policy and Terms of Service before subscribing. Important to understand exactly what user data StrongVPN collects, how they use it, and what options users have. Proceed with caution given the broad disclaimers and unilateral power granted to StrongVPN under the Terms of Service.

  • IPVanish

    IPVanish

    IPVanish is a virtual private network (VPN) service that allows users to securely and anonymously access the internet. A VPN creates a secure, encrypted connection between a device and the internet, protecting data and preventing snooping or tampering by third parties. IPVanish offers a range of VPN products and services, including support for Windows, Mac, iOS, Android, Linux, and other platforms. The company was founded in 2012 and is headquartered in the United States.

    A few years ago, IPVanish handed over user logs to the FBI. This caused consumers to question just how seriously the company takes user privacy, and it saw a dip in use and confidence as a result. As part of my review, I look to see if there have been any changes, or if IPVanish still deserves caution when choosing a VPN.

    IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

    Can you torrent with IPVanish?

    One of the most common reasons why people sign up for VPNs is so they can use BitTorrent without revealing their true IP address. If you look at section 12 and 13 of the IPVanish Terms of Service, it clearly states that they respect copyright and intellectual property. They also have a page on their website instructing individuals how to submit DMCA notices. It is clear from their ToS that repeated DMCA violations will result in termination of your account:

    It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others.

    Looking at their privacy policy

    The IPVanish privacy policy starts off the generic “we do not log, monitor, or collect your browsing history” which is the baseline for a decent VPN. A lot of people will read that line and go SEE!!! They’re anonymous!!!1. However, the devil is in the details – just a few lines down in G. Lawful Bases for Processing Personal Data it states:

    We may Process your Personal Data where the Processing is required by applicable law;

    What exactly does that mean? Just a few more lines down it explains:

    “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
    “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    In a nutshell – they may not “monitor” or “log” your browsing activity but per their Privacy Policy they will hand over any and all information they have on you if required by law.

    Hands in many different pies

    IPVanish has an interesting history that also includes a few different ownership changes over the years.

    Here is a brief summary of IPVanish’s history based on my research for this review:

    • IPVanish was founded by Mudhook Marketing in 2012, a subsidiary of Highwinds Network Group in Orlando, Florida.
    • In 2017, StackPath acquired Highwinds Network Group, which also included IPVanish.
    • In 2019, IPVanish was sold off to J2 Global (now called ZiffDavis Inc.) under the “Net Protect” division.

    J2 Global, also known as ZiffDavis Inc., isn’t just any ordinary company – they’re the parent company for many websites that publish reviews, including PCMag. But wait, there’s more. J2 Global doesn’t just stop at publishing reviews, they also own several VPN services, such as IPVanish, StrongVPN, and Encrypt.me. As if that’s not enough, they also have a secure cloud storage service called SugarSync. It seems like J2 Global wants to control every aspect of the digital world, doesn’t it? Who knows what kind of data they’re collecting from all these different services. It’s enough to make you wonder who’s really in charge of your data and privacy.

    So, J2 Global is the proud owner of a collection of VPN services, which means we’re now in a situation where VPN review websites are recommending products that are actually owned by the parent company. How convenient, right?

    It’s a bit of a dubious situation if you ask me, and we’ve discussed it before in our article on VPNs that own review websites. It’s hard not to be skeptical when the very same company that owns the VPN service is also the one getting glowing reviews from their own review websites. One has to wonder if these reviews are truly unbiased or just part of a larger marketing scheme. It’s a classic case of “who watches the watchers,” and it’s not exactly comforting.

  • Windscribe

    Windscribe

    Windscribe, a cross-platform virtual private network (VPN) service provider, was founded by Yegor Sak and Alex Paguis in 2016. Based in Canada, it has grown to operate internationally, supporting a broad range of operating systems and platforms, and providing services to personal computers, smartphones, routers, and smart TVs​1​.

    The company’s offerings include OpenVPN, Internet Key Exchange v2/IPsec, and WireGuard protocols in its applications, supporting peer-to-peer file sharing, and ensuring user privacy with a no-log policy. Additionally, Windscribe provides open source applications and encrypted proxy support, while allowing for unlimited device connections​1​.

    Windscribe has been recognized for its social responsibility efforts, particularly in advocating for freedom of access to information in regions of political unrest. It has also developed transparency tools to shine a light on the relationship between corporate VPNs and their paid promoters​.

    Despite earning accolades from publications like Wired UK and Engadget for its reliability, cost-effectiveness, and range of server options, Windscribe has faced criticism related to security vulnerabilities. However, the company has demonstrated swift response to these issues, underscoring its commitment to user security​.

    Some users familiar with the name may be wary to trust their services, after the poor security practices were revealed in their 2021 data breach. The company has since promised to do better. You can read the original article, but here are the main highlights:

    • Windscribe left its VPN servers in Ukraine unencrypted and unsecured.
    • When Ukrainian authorities seized the servers, they also obtained Windscribe’s private key.
    • With the private key, Ukrainian officials could decrypt traffic and spy on Windscribe users.
    • Windscribe admitted that it does not follow “industry best practices” with its server network, but promised to change.
    • Windscribe is in the process of upgrading server security and hopefully undergoing a security audit.

    Based on data collected, when you are using Windscribe VPN you are predominantly using Quadranet, CDNext, Global Secure Layer, CDN77, or M247 servers.

    Global Coverage

    Windscribe showcases an impressive degree of geographic diversity in its server locations. It has a presence in 59 countries across multiple continents including North America, South America, Europe, Africa, Asia, and Oceania. This comprehensive global coverage provides users with extensive options for regional access and optimizes connection speeds. Key locations such as the United States, Canada, the United Kingdom, Australia, and the Netherlands host a significant number of servers, ensuring a robust and reliable service. Windscribe’s commitment to geographic diversity is also demonstrated by their notable presence in emerging markets. Given this extensive geographic spread, Windscribe earns an impressive score on our Global Coverage Index, receiving an 85 out of 100.

    WeVPN users acquired by Windscribe

    In 2023 VPN service provider WeVPN announced that it is shutting down due to unforeseen financial difficulties. In a statement, the company assured its customers that those with active subscriptions will be able to use Windscribe for the remaining duration of their subscription free of charge. Windscribe has agreed to offer free accounts to WeVPN users, which will provide them access to Windscribe’s network of servers, robust security features, and customer support.

    However, many are skeptical of this offer, as it appears to be a backdoor deal, and there is a lack of transparency regarding the relationship between the two companies. Windscribe and WeVPN have confirmed that Windscribe did not acquire WeVPN, but rather, it is a gesture of goodwill by Windscribe’s founder, Yegor. The company will cover WeVPN accounts for three months up to two years, but those who purchased their subscriptions from specific promotions such as lifetime deals will not be covered. Despite this offer, customers are disappointed by the lack of compensation from WeVPN and the lack of transparency regarding the closure.

    It’s super weird that they’ve removed theWeVPN founder’s and CEO information from the site, and there is so little information about them on the Internet. Specially when WeVPN founder claims to “have been running” Private Internet Access for years, and there’s a blog post saying that he used to be the President for PIA, and some other press releases saying he was the CEO.

    The cache for their “about us” section [0]:

      Jonathan Roudier
      Founder
      
      VPN Experience: 8 years
      
      Jon has nearly a decade of working in the VPN industry originally in Marketing and later in leadership and senior management. With his years of insight and customer knowledge gained from running Private Internet Access®, one of the world's biggest VPN providers, Jon decided to build his own VPN to ensure that the moral and ethics which he holds true are upheld and to provide an industry leader in transparency and accountability. Outside of WeVPN, He enjoys spending time at the gym and watching movies.
    

    Press release in PIA’s blog for when they bought Cypherpunk VPN [1]:

      Private Internet Access President Jon Roudier
    

    Press release announcing CES sponsor [2]:

      Jonathan Roudier, CEO of PIA, said “We, at Private Internet Access, are so thrilled..."

    0: https://webcache.googleusercontent.com/search?q=cache:LVfIvHK77E4J:https://wevpn.com/about-us&cd=2&hl=es&ct=clnk&gl=es
    1: https://www.privateinternetaccess.com/blog/private-internet-access-london-trust-media-acquired-cypherpunk-vpn/
    2: https://www.businesswire.com/news/home/20151221005130/en/Private-Internet-Access-Top-Mobile-Sponsor-2016

    Windscribe pros & cons

    Pros

    • Free version with 10GB of data
    • Unlimited simultaneous connections
    • Unblocks various streaming sites
    • Supports torrenting
    • No DNS leaks
    • Highly configurable
    • Military-grade encryption
    • Lots of tunneling protocols
    • Reliable kill switch
    • Split tunneling on Android

    Cons

    • Potential speed issues
    • Not that many servers
    • WireGuard only on Android
    • No independent audit
    • Has had at least 2 unencrypted servers in Ukraine
    • Based in a 5-Eyes country
  • ExpressVPN

    ExpressVPN

    ExpressVPN was launched in 2009 by serial entrepreneurs Peter Burchhardt and Dan Pomerantz. From its inception, ExpressVPN’s commitment to privacy and security would be called in to question as several unsettling events unfolded. The service would eventually be acquired by Kape Industries (see more below) for just shy of 1 billion dollars. You have to ask yourself – what kind of company has that kind of cash sitting around, and how do they earn it? Certainly no humble privacy thinktank or nonprofit.

    Contents

    The notoriety of ExpressVPN began to gain prominence in 2016, when Turkish authorities confiscated one of its servers. The device was believed to be implicated in the erasure of evidence linked to the assassination of the Russian ambassador to Turkey.

    The spotlight shone on ExpressVPN again in 2021, but this time due to a change in its corporate structure. The VPN provider was acquired by Kape Technologies, an Israeli company with a concerning history of generating malware and adware. The implications of this acquisition remain debatable, especially considering the parent company’s questionable past activities.

    The plot thickened in the same year when Daniel Gericke, ExpressVPN’s Chief Information Officer, admitted to participating in Project Raven. In this scheme, he helped the UAE spy on American dissidents and journalists, a revelation that raised alarm bells among privacy advocates. It was discovered by Reuters that some of those individuals were later tortured by the UAE.

    ExpressVPN Privacy Policy

    When evaluating ExpressVPN’s privacy policy, there is one interesting bit that stands out:

    Legal. Your Personal Data is controlled by and stored under ExpressVPN, and not by its ultimate holding company, Kape Technologies PLC (UK) or other related entities. Express Technologies Ltd. operates under BVI jurisdiction, in accordance with BVI laws (pursuant to Section 16 of the Terms). Consequently, any demand via legal means for Personal Data (or other types of data) is subject to BVI jurisdiction and laws. We fight vigorously to defend our rights (and those of our users) if an attempt is made to bypass the privacy protections provided for by the BVI. A parent, subsidiary, or related entity cannot be compelled to, nor would it voluntarily, provide Personal Data stored by Express Technologies Ltd.

    Let’s translate this from legalese and break it down. What that essentially means is that if a law enforcement agency from outside the British Virgin Islands, such as an American agency, wants access to your account information, the request would be assessed under BVI legal standards. This does not mean gaining access to your account information is not impossible, just more difficult.

    If a U.S. law enforcement agency contacted ExpressVPN for your account information, several scenarios could unfold:

    1. Mutual Legal Assistance Treaty (MLAT): The agency might go through an MLAT or other formal channels to request assistance from BVI authorities. If BVI authorities deem the request valid under BVI law, they might compel ExpressVPN to comply.
    2. Direct Request Refusal: If the U.S. agency approached ExpressVPN directly, the company might refuse the request based on BVI jurisdiction unless ordered by BVI courts to comply.
    3. Challenge and Defense: ExpressVPN indicates it would fight vigorously to defend its rights and the rights of its users against attempts to bypass BVI privacy protections. While highly unlikely, this could involve legal battles where the legitimacy of the request would be tested against BVI privacy laws.

    The more heinous your offense was, the more likely the British Virgin Islands are to cooperate with the United States.

    App Telemetry

    When evaluating a company’s commitment to privacy, one of the best representations is what data or telemetry is collected while you are using their app. It’s kind of like if you were to find out a guest went through your medicine cabinet while using your bathroom. I do applaud ExpressVPN for immediately asking whether you would like to participate in sending usage analytics – most apps leave that option buried in the settings.

    However, despite turning this setting off, the iOS App Privacy Report tells an interesting story. The most contacted domains are all related to analytics and marketing:

    • app-measurement.com
    • firebaselogging-pa.googleapis.com
    • googleadservices.com
    • adservice.google.com
    • app.usercentrics.eu
    • fonts.googleapis.com
    • googleads.g.doubleclick.net
    • app.launchdarkly.com
    • sdk.iad-05.braze.com

    Collectively, these instances draw attention to ExpressVPN’s tangled engagement with privacy, power, and politics. They suggest a need for more in-depth investigations and disclosures to make informed decisions about the use of such services. Evaluating any VPN service is no longer just about comparing features and prices; it also entails a keen understanding of the company’s ethics, allegiances, and accountability. It’s clear that trust and transparency are vital in the digital age, but the story of ExpressVPN reminds us that these values are often harder to find than we’d like.

    Can you safely torrent with ExpressVPN?

    In section 7 Acceptable Use Policy of the ExpressVPN Terms of Service it clearly states that you are not to upload, download, or distribute material that is copyrighted, and that they will terminate your account after repeated violations. That is not to say that ExpressVPN actively monitors for BitTorrent usage – it simply means if your account is flagged multiple times for DMCA violations they will terminate your account in order to remain legally compliant. That being said, quite often once an IP address is verified to be from a VPN the group representing the intellectual property holders will not bother to submit the DMCA notice, but your mileage may vary.

    What services are available while using ExpressVPN?

    ServiceBlocked / Restricted
    Amazon PrimeAccessible; non-US IPs blocked
    NetflixAccessible
    SpotifyAccessible
    PandoraAccessible
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible
    Google SearchCaptcha for non-US IPs
    ChatGPTAccessible
    YouTubeAccessible

    It’s also worth discussing ExpressVPN’s questionable advice regarding browser choice. Their marketing team has recommended the Chrome browser to its users, a decision that stands in stark contrast to their ostensible privacy-focused ethos. Chrome, as is well known, is a product of Google, a company with a prominent role in the realm of data collection and targeted advertising. Recommending a browser that has been at the center of various privacy controversies suggests a surprising disconnect from the fundamental principles of data protection. This discrepancy between ExpressVPN’s supposed commitment to privacy and its browser recommendation raises questions about the company’s understanding and prioritization of privacy issues. It serves as a sobering reminder that companies may not always act in the best interest of users when it comes to safeguarding digital rights and freedom.

    Kape Industries

    In our original article, we highlighted the evolution of Kape Technologies, formerly known as Crossrider. Initially, Crossrider was involved in the production of a browser development platform that was unfortunately exploited by third parties to distribute malware onto devices. However, in 2016, Crossrider decided to shut down its development platform. Subsequently, the company underwent a significant transformation, acquiring various VPNs starting in 2017 and ultimately rebranding as Kape Technologies in 2018.

    Under the umbrella of Kape Technologies, several notable VPN services are now owned, including CyberGhost, Private Internet Access, ZenMate VPN, and recently, ExpressVPN. It is worth noting that Kape Technologies also runs VPN “review” websites, which curiously rank its own VPN services in top positions. This arrangement raises questions about the impartiality and objectivity of these rankings.

    Despite the acquisition, ExpressVPN seems to be operating independently for the time being. However, the long-term impact of the ownership change remains uncertain. It will be interesting to see how ExpressVPN develops under the ownership of Kape Technologies. In our latest round of tests, ExpressVPN has performed well, surpassing its performance from the previous year. We will closely monitor the situation and update our ExpressVPN review accordingly to provide accurate observations and insights to our readers.

    ExpressVPN’s ‘No Logs’ Policy Put to the Test

    In December 2017, Turkish authorities seized an ExpressVPN server in an attempt to obtain customer data. However, the authorities were unable to find any logs on the server, as ExpressVPN does not keep any logs of its users’ activity.

    This incident demonstrates the strength of ExpressVPN’s ‘No Logs’ policy. Even when authorities seized a server, they were unable to obtain any user data. This is because ExpressVPN does not store any logs of its users’ activity, including their IP addresses, browsing history, or connection times.

    ExpressVPN is one of the few VPN providers that can make this claim. Many other VPN providers claim to have a ‘No Logs’ policy, but they have been caught logging user data in the past. This makes ExpressVPN a more trustworthy option for users who are concerned about their privacy.

    See Also

  • ProtonVPN

    ProtonVPN

    ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.

    What services are available when you’re connected to ProtonVPN?

    Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).

    ServiceBlocked / Restricted
    Amazon PrimeLimited; some IP ranges are blocked
    NetflixAccessible
    SpotifyAccessible
    PandoraLimited; some IP ranges are blocked
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible
    Google SearchMay encounter CAPTCHA
    ChatGPTLimited; some IP ranges are blocked
    YouTubeAccessible

    When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:

    Comment
    byu/protonvpn from discussion
    inIAmA

    ProtonVPN Network Overview

    Stealth Protocol vs WireGuard

    WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.

    In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.

    ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.

    In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.

    In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.

    Audits

    ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.

    In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”

    ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.

    Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.

    Related Posts

  • CyberGhost VPN

    CyberGhost VPN

    CyberGhost VPN was founded in 2011 in Bucharest, Romania, and initially began as a free VPN service. By the following year, it had gathered around 1.7 million users​. In 2017, a notable change occurred when Kape Technologies (then known as Crossrider) acquired CyberGhost VPN. This acquisition brought about concerns among observers due to Crossrider’s background as an ad-tech firm known for concealing spyware within its apps, which seemed to present a conflict of interest given CyberGhost’s focus on privacy. However, these concerns were largely allayed as Crossrider rebranded to Kape Technologies and positioned itself as a “privacy-first digital security software provider.” Following this, Kape Technologies went on to acquire other well-known VPN brands such as ExpressVPN and Private Internet Access, though these continue to operate independently. As of 2023, CyberGhost VPN has grown significantly with around 38 million users, making it one of the more popular VPNs available​.

    The company faced a minor hiccup in 2020 when a breach involving Typeform affected around 120 of its users. However, no evidence has emerged to suggest improper use of subscriber data by Kape, its subsidiaries, or any third parties. Despite past skepticism due to its history, CyberGhost VPN has maintained a strong reputation for privacy, continuing to provide valued services to its global user base​.

    Can I torrent with CyberGhost?

    One of the most popular reasons why people use VPNs is to encrypt their traffic and mask their IP while using P2P or BitTorrent services. CyberGhost even offers P2P servers to enhance your experience. However, right in section 8 of their Terms of Service is this alarming statement:

    We reserve the right to take appropriate measures when CyberGhost Products are being used contrary to these Terms and applicable laws, including cooperating with public or private authorities as provided by law.

    The “terms and applicable laws” are so broad that it essentially means anything illegal based on your local laws, wherever you may be. For DMCA violations generally they will just terminate your account and offer no refund. That being said, intellectual property companies rarely bother to file DMCA complaints for IPs associated with VPNs, especially when that company is registered outside of the United States.

    What services are accessible when connected to CyberGhost?

    ServiceBlocked / Restricted
    Amazon PrimeAccessible for browsing; streaming blocked
    NetflixAccessible for browsing; streaming blocked
    SpotifyAccessible; CAPTCHA during registration
    PandoraAccessible
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible; no restrictions
    Google SearchCaptcha
    ChatGPTSome IPs blocked
    YouTubeAccessible

    Data collection

    Like almost every VPN, CyberGhost does collect some maintenance-related data, but it claims to not log your server location choices, your total amount of data transferred nor your connection timestamps. As with any VPN, it’s nearly impossible to independently verify the company’s no-logs claim. Even so, CyberGhost does log certain user hardware data in what is likely a bid to enforce the company’s limit of seven simultaneous connections per account. 

    According to the spokesperson CNET spoke to in August of 2019, CyberGhost does have the ability to help law enforcement by activating a limited user-tracking feature.  

    “The only way to do it is if that user is still in the system and if the law enforcement knows the IP and could provide also a warrant to track that IP,” the spokesperson said. “We can activate a special feature like a logging feature for that IP, but we have that ability to prevent malicious actions when using our service. But only if that user is still active and we have proof of what exactly is wrong, what IP he is using, and so on. So we’ve got to bring that in order to activate that, to be sure we don’t activate it on a regular user. Otherwise, we can not help any law enforcement company.” 

    In 2016, however, CyberGhost was called to the carpet by ProPrivacy when the company was discovered to be quietly requesting potentially dangerous, root-level access to customers’ computers — a function the software hasn’t included for about three years now. The service was also caught logging the unique identifiers of each of its user’s computers. Similarly, other reviewers have also expressed wariness after CyberGhost appeared to remove some threads from its forum which may have detailed a critical 2016 malfunction and potentially revealed log-keeping practices within its free proxy service.

    Speaking of revelations, in March 2019, CyberGhost took a small hit when the customer-survey company it contracted, Typeform, was breached. The company said 120 email addresses and 14 CyberGhost usernames — but no passwords — were included in the two forms involved in the compromised data. 

    The bigger concern for me is that CyberGhost still uses a method of ad-blocking that’s considered at best ineffective and at worst insecure. Most VPNs block ads by filtering out requests from websites identified as suspicious. Not CyberGhost. The company instead uses a method which inspects and modifies — rather than filters out — those requests. The method is twice as risky and only half effective since it only works on sites with an HTTP URL and not those with HTTPS. 

    CNET asked Beyel in June this year about this method of ad-blocking and the criticism it’s received. 

    “We know this is not very effective. That’s why we’re already working on a better solution which is working on the process,” he said. “We need to completely move this kind of technology on the client side because in the browser you can, of course, do that.” 

    In its suite of features, however, CyberGhost does offer an option (enabled by default in its MacOS client) which forces your browser to redirect away from sites not secured by HTTPS. 

    Beyel also said that CyberGhost will be releasing a new suite of privacy modules in the coming weeks which go beyond its VPN to include tools for optimizing your computer and preventing vulnerable apps from affecting your privacy.[2]

    See also:

  • Private Internet Access

    Private Internet Access

    Private Internet Access (commonly known as PIA) is a capable VPN provider, now owned by Kape, which also owns CyberGhost, ZenMate and ExpressVPN.

    PIA has servers available in just about every single state in America, which is great if you want to encrypt and protect your connection but don’t want to get locked out your account for suspicious activity. Choosing a server in a remote country for instance can have some benefits but it is not always the most practical choice.

    Privacy Policy

    PIA’s privacy policy is a classic example of a company trying to paint itself in the best possible light regarding privacy and legal compliance. They talk a big game about scrutinizing legal requests and standing up for user privacy, emphasizing their commitment to the “spirit” and “letter” of the law. This is meant to reassure you, the user, that they’re on your side, ready to shield your data from the prying eyes of the law—unless absolutely necessary of course.

    But here’s the rub: when push comes to shove, the majority of companies, especially those anchored in the U.S., have a breaking point. The notion of a corporate David going toe-to-toe with the Goliath that is the federal government and emerging unscathed is, frankly, more fairy tale than fact. It’s not just about being bullied into submission; it’s about survival. Companies operate under the jurisdiction of local and federal laws, and while they might resist or push back on requests initially, the potential consequences of outright defiance—legal battles, hefty fines, or worse—make compliance the path of least resistance.

    What often goes unsaid in these polished statements is the scale and intensity of pressure a company can face behind closed doors. Yes, they might question or attempt to narrow down overly broad subpoenas, but these are tactical moves within a game where the house always wins. The promise to not participate with unconstitutional or illegal requests is noble but navigating the complex web of legal interpretations and potential repercussions makes this a tightrope walk at best.

    And let’s not gloss over the part where they say they’ll give users a chance to object to disclosures “when it is possible and a valid option.” That’s a lot of leeway packed into a few words, suggesting that this opportunity is more of an exception than a rule.

    In essence, while the statement aims to reassure you of the company’s steadfastness in protecting your privacy, the reality is often shaped by legal and political pressures that can turn those assurances into well-intentioned but ultimately hollow promises.

    Terms of Service

    As far as Terms of Service go, PIA’s is boilerplate industry standard. If you violate law they reserve the right to terminate your service. They don’t include any of the vague terms and phrases like some other providers due like “inappropriate conduct”.

    You must conduct yourself in a way that complies with law and would not violate these rules of conduct.

    Log Policy

    In the book Resistance, Liberation Technology and Human Rights in the Digital Age author Giovanni Ziccardi shares this response from Private Internet Access:

    “We absolutely do not maintain any VPN logs of any kind. We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. These are some of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required.” Q2: “Our company currently operates out of the United States with gigabit gateways in the US, Canada, UK, Switzerland, and the Netherlands.

    We chose the US, since it is one of the only countries without a mandatory data retention law. We will not share any information with third parties without a valid
    court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs and maintain absolutely no logs.”

    Torrenting

    Private Internet Access (PIA) beats around the bush when it comes to using their VPN services for BitTorrent. While their terms of service explicitly prohibit copyright infringement, their Frequently Asked Questions page delicately navigates the subject of torrenting. PIA suggests that utilizing their VPN can enhance online privacy and prevent ISPs from potentially labeling a user’s activities as suspicious. However, this stance is somewhat disingenuous, as ISPs generally do not actively monitor their customers’ web traffic. The primary concern with torrenting, particularly in the context of piracy, is the risk of receiving DMCA takedown notices, which is a more direct consequence of copyright violation than mere ISP scrutiny.

    Torrenting with PIA is a breeze, however. After I connected to a Canadian server about 1,200 miles away I fired up QBitorrent and within seconds was connectable. I was able to achieve speeds of 10Mbps down and 1.4Mbps up. Not too shabby. It’s important to remember that torrenting is a completely subjective experience and these results are only indicative of my experience. Yours may differ wildly.

    According to my research, PIA VPN predominantly uses CDNext, GTT, and M247 servers depending on where you are connecting to.

    Use of virtual servers

    While it’s not uncommon for VPN providers to use location virtualization, some do see it as dishonest and another deceitful marketing technique. During our testing, we discovered that PIA does in fact use location virtualization. For instance, 100% of the servers advertised as being in the Philippines were actually located in Singapore.

    IP                Advertised Country   Actual Country  ISP    ASN      
    188.214.125.131   Philippines          Singapore       M247   AS9009	

    ASN Diversity

    In the realm of Virtual Private Networks (VPNs), diversity is a key indicator of network resilience. A significant measure of this diversity can be evaluated using the Shannon Diversity Index (SDI), a concept borrowed from ecology to measure the biodiversity in a given community. In the context of VPNs, the SDI offers a quantitative assessment of the diversity of Autonomous System Numbers (ASNs) among VPN servers. Theoretically, a higher SDI correlates with increased network diversity, indicating a more resilient network structure less prone to single-point failures.

    An examination of Private Internet Access (PIA), with its SDI value of 1.8, reveals a comparatively lower network diversity in relation to other VPNs. For instance, Windscribe, Surfshark, and NordVPN have reported SDI values of 3.6, 2.88, and 2.75 respectively. This suggests a potential susceptibility in PIA’s network to failures or targeted attacks, owing to its relatively less diverse network.

    However, it is crucial to emphasize that SDI, while informative, is not the sole determinant of network performance and resilience. Several other factors, including the choice of Internet Service Providers (ISPs), geographical server distribution, total network capacity, and VPN service management practices significantly influence a VPN’s overall performance. Thus, while PIA’s SDI value may not place it at the pinnacle of network diversity, it is important to consider the holistic context when evaluating VPN performance and resilience.

    See also:

  • NordVPN

    NordVPN

    NordVPN is a Virtual Private Network (VPN) service provider that was founded in 2012 by four childhood friends in Panama. The company is now headquartered in Cyprus, with offices in the United States, the United Kingdom, and Lithuania. NordVPN is one of the most well-known VPNs in the market, and this is due to their extensive advertising on various platforms, including YouTube. NordVPN’s ads feature catchy taglines and famous personalities, making them one of the most recognizable VPN brands in the market.

    But just because NordVPN is based in Panama, that doesn’t mean their servers are. After testing around 6,700 servers used by NordVPN, I concluded that NordVPN servers predominantly use Datacamp Limited, M247, Clouvider, and Hydra Communications. It is worth noting that NordVPN does own and operate about 10% of their servers which are operated under the business name Tefincom.

    NordVPN Privacy Policy

    The privacy policy and terms of service are one key way a VPN provider can put their money where their mouth is. Afterall, a service can make whatever claims they want, but the truth lies in their policies. NordVPN has one of the worst privacy policies and acceptable use policies I’ve ever seen. First, in their ToS they stipulate that you are not to use NordVPN for anything that that they as a company would find inappropriate or offensive.

    • communicate, transmit, store, make available, share anything that is illegal, abusive, harassing, or otherwise objectionable (objectionable means anything which interferes with the rights of Nord, its users, or other third parties, or causes conditions that are dangerous, hazardous, and detrimental to others, or anything that most users and/or Nord would find to be offensive or inappropriate);

    Further, it goes on to suggest that using their service to bypass georestrictions is also against their ToS:

    • attempt to circumvent any technological measure and/or arrangement implemented by Nord and/or its licensors, or by the owner of the resource or the source of the material that the technological measure protects;

    • violate general ethical or moral norms, good customs, and fair conduct norms;

    Their privacy policy isn’t much better. It states that they will retain your billing information for ten years, and even worse, will retain your data if they receive a court order or subpoena:

    (ii) Nord also may retain information associated with you (e.g., payments data) in order to fulfill its obligations as required by applicable laws, regulations, court orders, subpoenas, or other legal processes for archival purposes.

    Lack of transparency

    One of the most well-known players in the VPN industry, has faced its fair share of controversy over the past few years. While it maintains a significant user base and performs admirably in various audits, numerous concerns have emerged about the company’s privacy practices, integrity, and security.

    One of the most glaring concerns revolves around a data breach that occurred in 2019. An attacker managed to gain access to a server by exploiting an insecure remote management system left by the data center provider. This incident, which went undisclosed by NordVPN until highlighted by a third party, is a clear violation of trust, raising valid concerns over the VPN provider’s transparency.

    Moreover, NordVPN’s relationship with Tesonet, a data-mining, analytics, SEO, and targeted marketing company, has been under scrutiny. Despite vehement initial denials, NordVPN finally admitted to this association, only to downplay its relevance. This admission further exacerbates concerns over user privacy, considering Tesonet’s activities.

    Adding fuel to the fire, NordVPN has been discovered to be based out of Lithuania, a country with mandatory data retention laws. This revelation contradicts the company’s claim of being registered in Panama, a known privacy-friendly jurisdiction, thus eroding trust.

    NordVPN’s partnership with Hola VPN, which was involved in forming a data mining botnet, and its alleged theft of technology from Hola VPN further draws into question the company’s ethics. It’s important to note that Hola VPN has been widely criticized for its own practices, which makes its association with NordVPN disconcerting.

    Several troubling practices have also surfaced relating to NordVPN’s marketing and sales techniques. The company has been accused of engaging in price discrimination, making it difficult for users to cancel auto-renewal, and reducing features for those who cancel auto-renewal. There are also reports of NordVPN sharing data with Facebook and leaking sensitive customer data.

    Adding to these controversies, NordVPN has been accused of blackmailing competitor TorGuard and has faced criticism from a UK-based watchdog for misleading marketing. It also reportedly sent cease-and-desist copyright claims to Njalla, further tarnishing its reputation.

    NordVPN’s wide-ranging sponsorship deals, which include football teams and numerous YouTubers, have also been called into question. Many believe these partnerships are incentivised by high affiliate commissions, which may be influencing the integrity of VPN reviews and recommendations.

    Despite the series of security audits that NordVPN has undergone, these revelations and practices suggest that trust and transparency are far from guaranteed. It’s crucial for users to conduct their due diligence and weigh the potential risks before choosing a VPN provider. The issues surrounding NordVPN serve as a sobering reminder that not all VPNs deliver on their promises of privacy and security.

    NordVPN, Surfshark, Denial

    NordVPN’s credibility was further strained when it was discovered that the company had ties to Surfshark, another popular VPN service. This discovery was unexpected and raised concerns given Surfshark’s track record.

    Surfshark has its share of controversies, which include system-level changes that persisted even after uninstallation, exposing user IPs and making them vulnerable. The company’s TrustDNS app has been implicated in data collection for advertising and marketing purposes. There’s also the issue of weak security, including the installation of risky root certificates on user devices.

    The link between NordVPN and Surfshark was initially and extensively denied by both entities. However, they eventually acknowledged their relationship, adding another layer to NordVPN’s complicated narrative. The merger between these two was officially announced, which startled users who were relying on these services for anonymity and security.

    These revelations not only shed light on NordVPN and Surfshark’s questionable practices but also underscore the need for users to question the transparency of VPN services. It’s essential to keep in mind that the practices of these companies can directly impact user privacy and security. Therefore, users must stay informed about the operations of their chosen VPN services.

    In the end, the core of the VPN business relies on trust, and the denial and eventual admission of the connection between NordVPN and Surfshark is a blatant breach of that trust. It highlights the need for vigilance and constant scrutiny of companies that promise to protect our digital rights and freedom.

    Related Posts