VPN Transparency Project

Tag: hostroyale

  • StrongVPN

    StrongVPN

    StrongVPN is a virtual private network (VPN) service provider. A VPN is a service that encrypts a device’s internet connection and routes it through a server in a location of the user’s choosing. This can be used to protect the user’s privacy and security online, as well as to access content that may be restricted in their location. StrongVPN offers a range of VPN plans and features, including support for multiple devices, unlimited bandwidth, and a variety of security protocols. The company is based in the United States and has been in operation since 2005.

    StrongVPN, formerly Black Oak Computers / Reliable Hosting / Overplay, is owned by Ziff Davis (formerly J2 Global) who owns NetProtect who operates IPVanish as well as StrongVPN.

    Is StrongP2P safe for torrenting?

    In the book Resistance, Liberation Technology and Human Rights in the Digital Age by Giovanni Ziccardi, he writes:

    This company did not directly answer questions but pointed to their logkeeping policy instead. StrongVPN do log and are able to match an external IP address to their subscribers. They were the most outwardly aggressive provider in the survey when it came to dealing with infringement. “StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden, please do not do this or we will have to take action against your account”

    “StrongVPN Notice: You may NOT distribute copyright-protected material through our network. We may cancel your account if that happens.”

    Privacy Policy

    The StrongVPN privacy policy is reasonably transparent and does not appear to have any major contradictions. However, a few aspects stand out as potential privacy concerns:

    • They collect email addresses, payment information, names, credit cards, and billing addresses to create accounts. This is quite a bit of personal information.
    • They use cookies and allow third party cookies for analytics and functionality. Users have to opt out of each third party cookie separately.
    • They may send marketing and promotional emails, requiring users to actively unsubscribe.
    • They disclaim warranties and liability, reducing accountability.
    • Users have to take multiple steps to exercise data rights like deletion. StrongVPN can retain data if needed for legal reasons.
    • They can monitor, restrict, or suspend accounts without notice for any reason. This could enable unfettered surveillance.
    • Data can be shared across their corporate group and third party processors quite freely.
    • Data is transferred internationally, with some protection measures. Local laws may differ.
    • Retention periods are vaguely defined as “necessary” for purposes in the policy.

    Overall the policy seems standard for a VPN provider, but the collection of personal information, broad data sharing allowances, and power to monitor/suspend accounts stand out as areas of concern that could impact privacy. The policy meets transparency requirements but still merits careful review by users.

    Terms of Service

    Users should carefully scrutinize the StrongVPN Terms of Service before signing up for the VPN service. Several clauses in the Terms grant StrongVPN alarming levels of discretion when it comes to monitoring, restricting, and terminating user accounts without notice. Users must agree to binding arbitration and waive rights to class action lawsuits, severely limiting legal recourse options. Additionally, StrongVPN disclaims all warranties and liability on their end, removing accountability for services. The Terms also give StrongVPN broad rights to collect and use customer data with few constraints. Restrictions like prohibiting account sharing among household members seem unnecessarily strict as well.

    Overall, the StrongVPN Terms of Service appear heavily stacked against users and in favor of StrongVPN’s interests. Users have little power or recourse under the Terms as written. StrongVPN reserves the right to change the Terms anytime without directly notifying users beyond posting to their website. Those concerned about privacy and accountability are advised to fully review the StrongVPN privacy policy and Terms of Service before subscribing. Important to understand exactly what user data StrongVPN collects, how they use it, and what options users have. Proceed with caution given the broad disclaimers and unilateral power granted to StrongVPN under the Terms of Service.

  • IPVanish

    IPVanish

    IPVanish is a virtual private network (VPN) service that allows users to securely and anonymously access the internet. A VPN creates a secure, encrypted connection between a device and the internet, protecting data and preventing snooping or tampering by third parties. IPVanish offers a range of VPN products and services, including support for Windows, Mac, iOS, Android, Linux, and other platforms. The company was founded in 2012 and is headquartered in the United States.

    A few years ago, IPVanish handed over user logs to the FBI. This caused consumers to question just how seriously the company takes user privacy, and it saw a dip in use and confidence as a result. As part of my review, I look to see if there have been any changes, or if IPVanish still deserves caution when choosing a VPN.

    IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

    Can you torrent with IPVanish?

    One of the most common reasons why people sign up for VPNs is so they can use BitTorrent without revealing their true IP address. If you look at section 12 and 13 of the IPVanish Terms of Service, it clearly states that they respect copyright and intellectual property. They also have a page on their website instructing individuals how to submit DMCA notices. It is clear from their ToS that repeated DMCA violations will result in termination of your account:

    It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others.

    Looking at their privacy policy

    The IPVanish privacy policy starts off the generic “we do not log, monitor, or collect your browsing history” which is the baseline for a decent VPN. A lot of people will read that line and go SEE!!! They’re anonymous!!!1. However, the devil is in the details – just a few lines down in G. Lawful Bases for Processing Personal Data it states:

    We may Process your Personal Data where the Processing is required by applicable law;

    What exactly does that mean? Just a few more lines down it explains:

    “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
    “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    In a nutshell – they may not “monitor” or “log” your browsing activity but per their Privacy Policy they will hand over any and all information they have on you if required by law.

    Hands in many different pies

    IPVanish has an interesting history that also includes a few different ownership changes over the years.

    Here is a brief summary of IPVanish’s history based on my research for this review:

    • IPVanish was founded by Mudhook Marketing in 2012, a subsidiary of Highwinds Network Group in Orlando, Florida.
    • In 2017, StackPath acquired Highwinds Network Group, which also included IPVanish.
    • In 2019, IPVanish was sold off to J2 Global (now called ZiffDavis Inc.) under the “Net Protect” division.

    J2 Global, also known as ZiffDavis Inc., isn’t just any ordinary company – they’re the parent company for many websites that publish reviews, including PCMag. But wait, there’s more. J2 Global doesn’t just stop at publishing reviews, they also own several VPN services, such as IPVanish, StrongVPN, and Encrypt.me. As if that’s not enough, they also have a secure cloud storage service called SugarSync. It seems like J2 Global wants to control every aspect of the digital world, doesn’t it? Who knows what kind of data they’re collecting from all these different services. It’s enough to make you wonder who’s really in charge of your data and privacy.

    So, J2 Global is the proud owner of a collection of VPN services, which means we’re now in a situation where VPN review websites are recommending products that are actually owned by the parent company. How convenient, right?

    It’s a bit of a dubious situation if you ask me, and we’ve discussed it before in our article on VPNs that own review websites. It’s hard not to be skeptical when the very same company that owns the VPN service is also the one getting glowing reviews from their own review websites. One has to wonder if these reviews are truly unbiased or just part of a larger marketing scheme. It’s a classic case of “who watches the watchers,” and it’s not exactly comforting.

  • Surfshark

    Surfshark

    Surfshark VPN is one of the most popular VPN services in 2022. Its competitive price and unlimited simultaneous connections make it a very attractive VPN option for all kinds of users. But does this VPN live up to give the actual value for money that it claims? Surfshark also offers thousands of servers worldwide, excellent connection speeds, and next-gen AES encryption. However, users have been questioning its jurisdiction and whether it’s as private as showcased.

    Surfshark offers some really useful features like SmartDNS, the fast WireGuard protocol, P2P-optimized servers, and provides a selection of easy-to-use intuitive apps and platforms.

    So, when you’re connected to Surfshark – who’s servers are you really using? After completing my testing I have concluded that Surfshark uses 20% their own servers, 17% CDNext, 17% M247, 14% CDN77, 13% Host Royale, and the remaining few are Host Universal, Clouvider, and Hydra Communications.

    Surfshark Network Overview

    M247
    CDNext
    CDN77
    Host Royale
  • ProtonVPN

    ProtonVPN

    ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.

    What services are available when you’re connected to ProtonVPN?

    Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).

    ServiceBlocked / Restricted
    Amazon PrimeLimited; some IP ranges are blocked
    NetflixAccessible
    SpotifyAccessible
    PandoraLimited; some IP ranges are blocked
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible
    Google SearchMay encounter CAPTCHA
    ChatGPTLimited; some IP ranges are blocked
    YouTubeAccessible

    When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:

    Comment
    byu/protonvpn from discussion
    inIAmA

    ProtonVPN Network Overview

    Stealth Protocol vs WireGuard

    WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.

    In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.

    ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.

    In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.

    In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.

    Audits

    ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.

    In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”

    ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.

    Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.

    Related Posts

  • NordVPN

    NordVPN

    NordVPN is a Virtual Private Network (VPN) service provider that was founded in 2012 by four childhood friends in Panama. The company is now headquartered in Cyprus, with offices in the United States, the United Kingdom, and Lithuania. NordVPN is one of the most well-known VPNs in the market, and this is due to their extensive advertising on various platforms, including YouTube. NordVPN’s ads feature catchy taglines and famous personalities, making them one of the most recognizable VPN brands in the market.

    But just because NordVPN is based in Panama, that doesn’t mean their servers are. After testing around 6,700 servers used by NordVPN, I concluded that NordVPN servers predominantly use Datacamp Limited, M247, Clouvider, and Hydra Communications. It is worth noting that NordVPN does own and operate about 10% of their servers which are operated under the business name Tefincom.

    NordVPN Privacy Policy

    The privacy policy and terms of service are one key way a VPN provider can put their money where their mouth is. Afterall, a service can make whatever claims they want, but the truth lies in their policies. NordVPN has one of the worst privacy policies and acceptable use policies I’ve ever seen. First, in their ToS they stipulate that you are not to use NordVPN for anything that that they as a company would find inappropriate or offensive.

    • communicate, transmit, store, make available, share anything that is illegal, abusive, harassing, or otherwise objectionable (objectionable means anything which interferes with the rights of Nord, its users, or other third parties, or causes conditions that are dangerous, hazardous, and detrimental to others, or anything that most users and/or Nord would find to be offensive or inappropriate);

    Further, it goes on to suggest that using their service to bypass georestrictions is also against their ToS:

    • attempt to circumvent any technological measure and/or arrangement implemented by Nord and/or its licensors, or by the owner of the resource or the source of the material that the technological measure protects;

    • violate general ethical or moral norms, good customs, and fair conduct norms;

    Their privacy policy isn’t much better. It states that they will retain your billing information for ten years, and even worse, will retain your data if they receive a court order or subpoena:

    (ii) Nord also may retain information associated with you (e.g., payments data) in order to fulfill its obligations as required by applicable laws, regulations, court orders, subpoenas, or other legal processes for archival purposes.

    Lack of transparency

    One of the most well-known players in the VPN industry, has faced its fair share of controversy over the past few years. While it maintains a significant user base and performs admirably in various audits, numerous concerns have emerged about the company’s privacy practices, integrity, and security.

    One of the most glaring concerns revolves around a data breach that occurred in 2019. An attacker managed to gain access to a server by exploiting an insecure remote management system left by the data center provider. This incident, which went undisclosed by NordVPN until highlighted by a third party, is a clear violation of trust, raising valid concerns over the VPN provider’s transparency.

    Moreover, NordVPN’s relationship with Tesonet, a data-mining, analytics, SEO, and targeted marketing company, has been under scrutiny. Despite vehement initial denials, NordVPN finally admitted to this association, only to downplay its relevance. This admission further exacerbates concerns over user privacy, considering Tesonet’s activities.

    Adding fuel to the fire, NordVPN has been discovered to be based out of Lithuania, a country with mandatory data retention laws. This revelation contradicts the company’s claim of being registered in Panama, a known privacy-friendly jurisdiction, thus eroding trust.

    NordVPN’s partnership with Hola VPN, which was involved in forming a data mining botnet, and its alleged theft of technology from Hola VPN further draws into question the company’s ethics. It’s important to note that Hola VPN has been widely criticized for its own practices, which makes its association with NordVPN disconcerting.

    Several troubling practices have also surfaced relating to NordVPN’s marketing and sales techniques. The company has been accused of engaging in price discrimination, making it difficult for users to cancel auto-renewal, and reducing features for those who cancel auto-renewal. There are also reports of NordVPN sharing data with Facebook and leaking sensitive customer data.

    Adding to these controversies, NordVPN has been accused of blackmailing competitor TorGuard and has faced criticism from a UK-based watchdog for misleading marketing. It also reportedly sent cease-and-desist copyright claims to Njalla, further tarnishing its reputation.

    NordVPN’s wide-ranging sponsorship deals, which include football teams and numerous YouTubers, have also been called into question. Many believe these partnerships are incentivised by high affiliate commissions, which may be influencing the integrity of VPN reviews and recommendations.

    Despite the series of security audits that NordVPN has undergone, these revelations and practices suggest that trust and transparency are far from guaranteed. It’s crucial for users to conduct their due diligence and weigh the potential risks before choosing a VPN provider. The issues surrounding NordVPN serve as a sobering reminder that not all VPNs deliver on their promises of privacy and security.

    NordVPN, Surfshark, Denial

    NordVPN’s credibility was further strained when it was discovered that the company had ties to Surfshark, another popular VPN service. This discovery was unexpected and raised concerns given Surfshark’s track record.

    Surfshark has its share of controversies, which include system-level changes that persisted even after uninstallation, exposing user IPs and making them vulnerable. The company’s TrustDNS app has been implicated in data collection for advertising and marketing purposes. There’s also the issue of weak security, including the installation of risky root certificates on user devices.

    The link between NordVPN and Surfshark was initially and extensively denied by both entities. However, they eventually acknowledged their relationship, adding another layer to NordVPN’s complicated narrative. The merger between these two was officially announced, which startled users who were relying on these services for anonymity and security.

    These revelations not only shed light on NordVPN and Surfshark’s questionable practices but also underscore the need for users to question the transparency of VPN services. It’s essential to keep in mind that the practices of these companies can directly impact user privacy and security. Therefore, users must stay informed about the operations of their chosen VPN services.

    In the end, the core of the VPN business relies on trust, and the denial and eventual admission of the connection between NordVPN and Surfshark is a blatant breach of that trust. It highlights the need for vigilance and constant scrutiny of companies that promise to protect our digital rights and freedom.

    Related Posts