ZoogVPN, based in Greece, began as just a mere idea in 2010 after it’s creators were dealing with censorship and barriers themselves.¹ The service formally launched in 2013 and since then has acquired mixed reviews. Unfortunately, while my speed tests were fast and had low latency, that’s where to good news ends. The Windows version of their app is slow and clunky and it was reported by a reddit user (albeit 3 years ago) that the killswitch functionality in the Windows application does not work properly.² According to top10vpn.com, the killswitch feature on their macOS version will leak your IP address.³

It cannot be understated that DNS leaks are a huge privacy concern. The last thing you would ever want to have happen to you is to a connect to a VPN that you paid for and entrusted with your privacy, and then were betrayed because of poor software.

Interestingly, their CEO, Yaroslav Savenkov, has previously worked for data and marketing firms⁴ which may be considered a red flag for some users. After all, using a VPN to encrypt and transport your data means you trust the provider with your data.

On a positive note, the VPN service passed the DNS leak test; however it revealed that ZoogVPN configures their servers to use Google DNS. While not a huge privacy concern in and of itself, I’d expect a better alternative from a company committed to privacy.

Footnotes

1. https://www.safetydetectives.com/blog/zoogvpn-interview/ [archive] ↩︎
2. https://www.reddit.com/r/VPNTorrents/comments/jsbksg/zoogvpn_users_be_careful/ ↩︎
3. https://www.top10vpn.com/reviews/zoogvpn/ ↩︎
4. https://dataforseo.com/blog/how-we-built-an-efficient-247-support-team [archive] ↩︎

DuckDuckGo, renowned for its stance on user privacy, has recently unveiled a new service bundle dubbed “Privacy Pro.” This package integrates a VPN with personal information removal services and identity theft protection into DuckDuckGo’s browser app. However, this expansion into the already saturated VPN and browser market brings to light concerns about the company’s strategic direction and brand identity.

Expanding Too Far from Core Services?

DuckDuckGo has built its reputation on offering a privacy-centric search engine, standing in stark contrast to data-hungry competitors like Google. Over the years, they’ve added an email forwarding service and a web browser to their repertoire, maintaining a focus on protecting user data. The introduction of “Privacy Pro” marks another expansion, but this time, it just feels ‘meh.’

The new bundle attempts to address several privacy concerns, including VPN services, personal information removal, and identity theft protection. While these additions might seem like a natural extension of their privacy protection mission, they somewhat dilute the brand’s impact. The market is flooded with similar offerings, making it increasingly difficult to stand out without a clear and focused brand proposition.

Questionable Partnerships Raise Eyebrows

My primary concern isn’t just the expansion, but also the choice of partnerships that underpin the new VPN service. DuckDuckGo has chosen to use i3d.net servers, a company owned by gaming giant Ubisoft. This is a perplexing choice, considering Ubisoft’s 10% ownership by CCP linked Tencent,¹ who also has a stake in Reddit.² Tencent is a company whose involvement in privacy-related controversies is well-noted. This connection is particularly alarming for privacy advocates who might expect DuckDuckGo to partner with entities that align more closely with its foundational privacy principles.

Technical Performance and User Experience

On a more positive note, the user interface of DuckDuckGo’s VPN service is commendably simple and efficient, catering well to those who prioritize ease of use. Performance-wise, the VPN impresses with high download speeds, peaking at 436Mbps during my tests. This indicates that while there may be concerns about the backend, users will not likely experience any compromise in performance.

Final Thoughts

Despite the technical strengths, DuckDuckGo’s venture into this crowded market segment with questionable partnerships might not resonate well with its user base, which primarily seeks uncompromised privacy. If DuckDuckGo wishes to truly enhance its offerings, perhaps a more robust expansion into email services or further development of their existing tools would be more in line with user expectations and their brand identity.

In conclusion, while “Privacy Pro” aims to offer comprehensive privacy tools, the actual value and alignment with DuckDuckGo’s core principles remain under scrutiny. As a long-time advocate for privacy, I find the lack of a focused brand strategy and questionable server partnerships to be major concerns, overshadowing the potential benefits of the new features. DuckDuckGo will need to tread carefully to maintain the trust and loyalty of its privacy-conscious users.

1. Crecente, B. (2018, March 20). Vivendi sells all of its Ubisoft shares to Tencent and others. Rolling Stone. https://web.archive.org/web/20180320211254/https://www.rollingstone.com/glixel/features/vivendi-sells-all-of-its-ubisoft-shares-to-tencent-and-others-w518120
   ↩︎
2. Kelly, K. J. (2019, February 15). Condé Nast’s hold on Reddit slips but Newhouse family has cushion. New York Post. https://nypost.com/2019/02/14/conde-nasts-hold-on-reddit-slips-but-newhouse-family-has-cushion/
   ↩︎

Betternet is a freemium VPN service that comes from the family of Pango services, alongside Hotspot Shield, VPN360 and Ultra VPN. This is an important detail that users must understand when putting faith into a VPN service to not just conceal, but protect their true identity. Further, Pango has a questionable track record and should generally be considered not trustworthy.

Terms of Service

Remember when I said Pango wasn’t trustworthy? It’s because their Terms of Service straight up says they’ll snitch on you to law enforcement if they deem it necessary or appropriate We already know from their Privacy Policy that they keep aggregated logs of websites their users go to. See the picture we’re painting here? They are not a privacy company.

Torrenting/P2P

One of the most common reasons people use VPNs is to use p2p/torrent services without revealing their IP address. This is usually not an issue if your VPN provider is registered in a foreign country, as they can usually disregard DMCA violation notices. Unfortunately, Betternet is registered in the United States which means they are obligated under law to take action against your account if they receive a DMCA notice. Generally speaking this just means they’ll terminate your account but depending on the severity or specifics of the matter, it could become a legal and/or criminal situation.

Connection Info

Frequently, VPN services oversell their services to increase profit margin, or sometimes just straight up throttle their servers. After a speed test using speed.cloudflare.com and fast.com I observed reliable speeds of 200Mbps down and 40Mbps up with a latency of 66ms. Obviously these results are subjective and may not reflect global results, but it’s an indication of their server quality.

Logging Policy

While Betternet’s logging policy is not the worst I’ve ever seen, there are a few potential red flags that users should be aware of. Most notably, in their Privacy Policy, they state that they log:

First and foremost, if you didn’t know that VPN providers can see which domains you are visiting, well… Now you know. That’s not the alarming part though. The alarming part is that they log this information to “monitor, support and optimize our VPN services.”

App Telemetry

I was pleasantly surprised to see that aside from core services, the only third party connection the app made was to Google Firebase for usage analytics. There were no hard coded tracking or advertising scripts. The most popular connections were

• *.cloudfront.com – where the core services are hosted
• *.apple.com – required for App Store services
• firebaseinstallations.googleapis.com – tracks app usage and does include analytics

GOOSE VPN is a VPN (Virtual Private Network) provider founded in 2016 in the Netherlands. The company’s mission is to make online privacy accessible and affordable for everyone. It is recognized for its features such as unlimited device connectivity and robust customer support available in multiple languages, including English, Dutch, French, German, Portuguese, Turkish, and Moroccan. Additionally, GOOSE VPN offers a 30-day money-back guarantee, allowing users to try its services without financial risk​​​

​GOOSE VPN has established a network of over 59 servers, primarily in Europe and the USA, with additional servers in diverse locations like Russia, Ukraine, Israel, India, and Egypt. The company prides itself on being the only VPN from the European Union and adheres to strict EU privacy requirements. This commitment to transparency and compliance with EU standards is a key aspect of their service offering​​​​.

GooseVPN P2P Policy

The terms of service for GooseVPN do not explicitly mention how they handle DMCA violations or copyright infringement issues. This lack of specific mention could mean that their policies on these matters are not detailed in the document you provided, or they might be covered under more general clauses related to illegal activities and the use of their services.

In cases like this, where specific terms or policies are not clearly outlined, it’s advisable to contact the service provider directly for more detailed information, especially on sensitive issues like DMCA violations and copyright infringement.

Goose VPN No Log Policy

GooseVPN’s terms of service state that they maintain a 100% no-log policy, which implies that they do not keep logs or save user information under normal circumstances. However, it also specifies that in compliance with the rules of public bodies, if a user of GooseVPN is suspected of criminal activities (such as terrorism), the company can start keeping a log on that specific user. Additionally, it is mentioned that GooseVPN does not support any other organization which supports any type of copyright claims​​.

This means that while GooseVPN generally does not log user activities or information, they may do so in exceptional circumstances, particularly if required by law in cases of suspected criminal activities. The terms do not specifically address how they handle DMCA notices or copyright infringement directly, but their stance of not supporting organizations that handle copyright claims suggests a general non-cooperation in such matters unless legally compelled.

GooseVPN Privacy Policy

Being based in the Netherlands, GOOSE VPN is subject to the General Data Protection Regulation (GDPR), a comprehensive set of privacy laws that apply throughout the European Union. The influence of GDPR is evident in various aspects of their privacy policy and plays a significant role in ensuring trust between GOOSE VPN and its customers.

Personal Data Protection: GDPR mandates strict standards for collecting and processing personal data. GOOSE VPN’s policy reflects this by clearly defining personal data and detailing the legal basis for its use, such as user consent and the necessity for contract fulfillment. This transparency aligns with GDPR’s requirement for clear communication about data processing.

User Consent and Rights: Under GDPR, individuals have enhanced rights regarding their personal data. GOOSE VPN’s policy acknowledges these rights, including the right to access, rectify, erase, and transfer personal data, and to withdraw consent for data processing. This empowers users and builds trust, as they have control over their data.

Data Minimization and Retention: GDPR emphasizes the principle of data minimization, meaning only necessary data should be collected and retained. GOOSE VPN’s commitment to not retaining data longer than necessary and not monitoring or saving users’ internet activities during VPN use demonstrates compliance with this principle.

Data Security: GDPR requires organizations to implement appropriate technical and organizational measures to secure personal data. GOOSE VPN’s use of SSL encryption and server hardening measures are examples of complying with these security obligations, thereby enhancing user trust in their commitment to data security.

Accountability and Transparency: GDPR demands accountability from data controllers, necessitating clear, transparent privacy policies. GOOSE VPN’s detailed privacy policy, which outlines data use, sharing, retention, and user rights, aligns with this requirement. This transparency is crucial for building trust, as customers are more likely to trust a company that is open about its data practices.

Regular Policy Updates: GDPR requires policies to be kept up to date. GOOSE VPN’s practice of updating their privacy policy and communicating changes reflects this obligation and demonstrates their ongoing commitment to compliance and user privacy.

See also:

vpnify is a cross platform VPN service provided by Neonetworks solution ltd. According to an investigative report by top10vpn.com, the company’s director is a Chinese citizen with an address in China’s Anhui Province. Looking at their website, they openly admit to collecting identifiable data:

Further down the page, they list an incredibly broad list of reasons why they would disclose your personal data:

Surprisingly, the download speed and latency turned out to better than I expected. The closest server I was able to connect to physically was in New York City, about 800 miles away. I maintained 278Mbps down with a ping of 46ms. It would appear that the servers are not being overutilized or throttled, but without further testing, this is mostly anecdotal.

See also:

SkyVPN is a freemium and ad-supported VPN service provided by Hong Kong based SkyVPN, Inc. They are part of an ever growing list of free VPNs owned and operated by pop up corporations with strong links to China which is a huge privacy and security concern.

The app features numerous outbound connections to third party services which are always a massive privacy concern. Some of the hosts most frequently connected to were:

Some third party connections are inevitable, specifically to services like payment processors or the iOS app store, but the above connections demonstrate a clear attempt to monitor and track the individual using their app.

Speeds

Speed loss and increased latency are common amongst all VPN services, but severe drop in speed or spike in latency is an indication that the service is being oversold or intentionally throttled. Since with SkyVPN you can only select your country of choice, the proximity of the selected server is random. I was able to connect to New Jersey which is about 1,200 miles away. While the latency was decent, the download speed was throttled to 18Mbps. For contrast, while connected to a ProtonVPN server in New York City, I was able to maintain 274Mbps down with similar latency. So, obviously your mileage will vary, and the speed required will depend heavily on your VPN usage.

See also:

Speed Test

Speed is a pivotal attribute when evaluating VPN services, yet it’s vital to recognize its inherent subjectivity, largely influenced by factors such as user hardware, geographic location, local infrastructure, and the quality of the servers employed by the VPN provider. In our testing, when connected randomly to a server in Oregon via Amazon EC2, we achieved an impressive 420 Mbps download speed and a latency of 32ms. While this performance is commendable, Norton’s lack of allowing users to select server locations only at the country level, rather than more specific locales, might be limiting. Such a broad selection mechanism can inadvertently connect users to geographically distant servers, potentially compromising both speed and latency. Thus, while our experience was positive, it’s conceivable that other users might encounter varied and less optimal outcomes due to this lack of granularity in server selection.

Privacy Policy

In assessing the Privacy Statement of Gen Digital Inc., it becomes evident that there are intricate concerns related to the VPN service they offer. Traditionally, Virtual Private Networks (VPNs) are employed to bolster online privacy, acting as a protective shield for users against potential eavesdroppers and malicious entities. However, the privacy policy of Gen Digital Inc. elucidates extensive data collection procedures that might be incongruent with the foundational principles of VPNs. Specifically, the policy highlights the collection of “Device Data,” which encompasses critical identifiers such as MAC addresses, mobile device IDs, and even unique installation identifiers (Privacy Statement, 2. Categories of Personal Data We Collect). Furthermore, the “Geolocation Data” clause indicates the potential for capturing precise user location information (Privacy Statement, 2. Categories of Personal Data We Collect). This level of detailed tracking might be antithetical to the primary objective of VPN users: anonymity. Compounding this concern is the company’s disclosure mechanisms. The data sharing stipulations with “partners, distributors, resellers, and advertisers” (Privacy Statement, 4. When and Why We Disclose Your Personal Data) introduce multifaceted vulnerabilities. Each additional sharing point potentially escalates the risk of data breaches or misuse. In essence, the comprehensive data collection and sharing policies of Gen Digital Inc., as delineated in their Privacy Statement, could be viewed as counterintuitive to the fundamental ethos of VPN services.

Telemetry

Upon analyzing the telemetry of Norton VPN, there are concerns regarding the volume and nature of domains the service connects to. For a virtual private network, the primary objective is user privacy and data security. However, connections to domains such as app-measurement.com, typically associated with Google Analytics, indicate that Norton VPN might be engaging in extensive user interaction tracking. While it’s understandable that some domains, like stats.norton.com or mobilesecuritycore-detection.norton.com, are linked directly to Norton for service functionalities, the rationale behind connections to others is less clear.

Specifically, connections to domains like api2.appsflyer.com and attr.appsflyer.com suggest potential involvement in advertising or campaign tracking. Furthermore, interactions with firebaselogging-pa.googleapis.com and googleadservices.com imply a connection to Google’s data infrastructure. This raises questions about the type and extent of data Norton VPN shares or collects. The ideal VPN service would minimize its external connections to preserve user anonymity. However, the extensive list of domains associated with Norton VPN could challenge its reliability as a secure and private service.

See also: