When we first started this VPN anonymity series, almost a decade ago, the market was relatively small and easy to oversee.
Today, the VPN industry is booming with hundreds of companies offering a wide variety of services, some more anonymous than others.
The VPN review business is also booming. Just do a random search for “best VPN” or “VPN review” and you’ll see dozens of sites filled with recommendations and preferred picks.
We don’t want to make any recommendations. When it comes to privacy and anonymity, an outsider can’t offer any guarantees. Vulnerabilities are always lurking around the corner and even with the most secure VPN, you still have to trust the VPN company with your data.
Instead, we aim to provide an unranked overview of VPN providers, asking them questions we believe are important. Many of these questions relate to anonymity and security, and the various companies answer them in their own words.
We hope that this helps users to make an informed choice. However, we stress that users themselves should always make sure that their setup is secure.
This year’s questions and answers are listed below. We have included all VPNs that don’t keep extensive logs or block BitTorrent traffic on all of their servers. This list is not exhaustive.
—
1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a current or former user of your service? If so, exactly what information do you hold and for how long?
2. What is the name under which your company is incorporated, and under which jurisdiction does your company operate?
3. What tools are used to monitor and mitigate abuse of your service, including limits on concurrent connections if these are enforced?
4. Do you use any external email providers (e.g. Google Apps), analytics, or support tools ( e.g Live support, Zendesk) that hold information provided by users?
5. In the event you receive a DMCA takedown notice or a non-US equivalent, how are these handled?
6. What steps would be taken in the event a court orders your company to identify an active or former user of your service? How would your company respond to a court order that requires you to log activity for a user going forward? Have these scenarios ever played out in the past?
7. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? Do you provide port forwarding services? Are any ports blocked?
8. Which payment systems/providers do you use? Do you take any measures to ensure that payment details can’t be linked to account usage or IP-assignments?
9. What is the most secure VPN connection and encryption algorithm you would recommend to your users?
10. Do you provide tools such as “kill switches” if a connection drops and DNS/IPv6 leak protection? Do you support Dual Stack IPv4/IPv6 functionality?
11. Are any of your VPN servers hosted by third parties? If so, what measures do you take to prevent those partners from snooping on any inbound and/or outbound traffic? Do you use your own DNS servers?
12. In which countries are your servers physically located? Do you offer virtual locations?
—
1. We do not store any logs relating to traffic, session, DNS or metadata. There are no logs for any person or entity to match an IP address and a timestamp to a user of our service. In other words, we do not log, period. Privacy is our policy.
2. London Trust Media Incorporated, an Indiana corporation.
3. We have an active, proprietary system in place to help mitigate abuse.
4. At the moment we are using Google Apps Suite and Google Analytics with interest and demographics tracking disabled and anonymize IP addresses enabled.
5. We do not monitor our users, and we keep no logs, period. That said, we have an active, proprietary system in place to help mitigate abuse.
6. Every subpoena is scrutinized to the highest extent for compliance with both the “spirit” and “letter of the law.” While we have not received valid court orders, we periodically receive subpoenas from law enforcement agencies that we scrutinize for compliance and respond accordingly. This is all driven based upon our commitment to privacy.
All this being said, we do not log and do not have any data on our customers other than their signup e-mail and account information.
7. BitTorrent and file-sharing traffic are allowed and treated equally to all other traffic (although it’s routed through a second VPN in some cases). We do not censor our traffic, period.
8. We utilize a variety of payment systems, including, but not limited to: PayPal, Credit Card (with Stripe), Amazon, Google, Bitcoin, Bitcoin Cash, Zcash, CashU, OKPay, PaymentWall, and any major store-bought gift card. Payment data is not linked nor linkable to user activity due to our no logs policy.
9. At the moment, the most secure and practical VPN connection and encryption algorithm that we recommend to our users would be our cipher suite of AES-256 + RSA4096 + SHA256.
10. Yes, our users gain access to a plethora of additional tools, including but not limited to:
(a) Kill Switch: Ensures that traffic is routed through the VPN such that if the VPN connection is unexpectedly terminated, the traffic will not route.
(b) IPv6 Leak Protection: Protects clients from websites which may include IPv6 embeds, which could lead to IPv6 IP information coming out.
(c) DNS Leak Protection: This is built-in and ensures that DNS requests are made through the VPN on a safe, private, no-log DNS daemon.
(d) Shared IP System: We mix clients’ traffic with many other clients’ traffic through the use of an anonymous shared-IP system ensuring that our users blend in with the crowd.
(e) MACE™: Protects users from malware, trackers, and ads.
11. We utilize our own bare metal servers in third-party data centers that are operated by trusted friends and, now, business partners whom we have met and on which we have completed serious due diligence. Our servers are located in facilities including 100TB, Choopa, Leaseweb, among others.
We also operate our own DNS servers on our high throughput network. These servers are private and do not log.
12.We currently operate 3,335 servers across 53 locations in 33 countries. For more information on what countries are available, please visit our network information page. All of our locations are physical and not virtualized.
Private Internet Access website
1. We do not keep any logs nor timestamps that could allow our customers to be identified.
2. Tefincom S.A., operated under the jurisdiction of Panama.
3. We are only able to see the server load, which helps us optimize our service and provide the best possible Internet speed to our users. We also have developed and implemented an automated tool that limits the maximum number of concurrent connections to six. Apart from that, we do not use any other tools.
4. NordVPN uses third-party data processors for emailing services and to collect basic website and app analytics. We use Iterable for correspondence, Zendesk to provide customer support, Google Analytics to monitor website and app data, as well as Crashlytics, Firebase Analytics and Appsflyer to monitor application data.
All third-party services we use are bound by a contract with us to never use the information of our users for their own purposes and not to disclose the information to any third parties unrelated to the service.
5. We operate under Panama’s jurisdiction, where DMCA and similar orders have no legal bearing. Therefore, they do not apply to us.
6. If the order or subpoena is issued by a Panamanian court, we would have to provide the information if we had any. However, our zero-log policy means that we do not store any information about our users’ online activity – only their email address and basic payment info. So far, we haven’t had any such cases.
7. We do not restrict any BitTorrent or other file-sharing applications on most of our servers. We have optimized a number of our servers specifically for file-sharing. At the moment, we do not offer port forwarding and block outgoing ports SMTP25 and NetBIOS.
8. Our customers are able to pay via all major credit cards, regionally localized payment solutions (e.g. AliPay, Yandex, etc.) and cryptocurrencies. Our payment processing partners collect basic billing information for payment processing and refund requests, but it cannot be related to any Internet activity of a particular customer. Bitcoin is the most anonymous option, as it does not link the payment details to the user identity or other personal information.
9. For OpenVPN connection, we use the AES 256 GCM algorithm. For IKEv2/IPSec, the ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys.
10. Yes, we provide both an automatic kill switch and a feature for DNS leak protection. Dual Stack IPv4/IPv6 functionality is not yet supported with our service; however, all NordVPN apps offer an integrated IPv6 Leak Protection.
11. We use a hybrid model, whereby we own some of our servers ourselves but also partner with premium data centers with strong security practices.
Due to our special server configuration, no one is able to collect or retain any data, ensuring compliance with our no-logs policy. We also have specific requirements for network providers to ensure the highest service quality for our customers. We do have our own DNS servers, and all DNS requests go through those. Also, our customers can use any DNS server they like.
12. All of our servers are physically located in the stated countries. We do not offer virtual locations. At the moment, NordVPN provides more than 5,000 servers in 61 countries, and the full location list can be found here.
NordVPN website
1. No, ExpressVPN doesn’t keep any connection or activity logs, including never logging browsing history, data contents, DNS requests, timestamps, source IPs, outgoing IPs, or destination IPs. This ensures that we cannot ascertain whether a given user was connected to the VPN at a certain time, assumed a particular outgoing IP address, or generated any specific network activity.
2. Express VPN International Ltd. is a BVI (British Virgin Islands) company.
3. We do not monitor or log any user activity on our network. We reserve the right to block specific abusive traffic to protect the server network and other ExpressVPN customers.
With regards to limits on the number of devices simultaneously connected, no timestamps or IP addresses are ever logged; our systems are merely able to identify how many active sessions a given license has at a given moment in time and use that counter to decide whether a license is allowed to create one additional session. This counter is temporary and is not tracked over time.
4. We use Zendesk for support tickets and SnapEngage for live chat support; we have assessed the security profiles of both and consider them to be secure platforms. We use Google Analytics and cookies to collect marketing metrics for our website and several externals tools for collecting crash reports (only if a user opts into sharing these reports).
5. As we do not keep any data or logs that could link specific activity to a given user, ExpressVPN does not identify or report users as a result of DMCA notices.
6. Legally our company is only bound to respect subpoenas and court orders when they originate from the British Virgin Islands government or in conjunction with BVI authorities via a mutual legal assistance treaty.
As a general rule, we reply to law enforcement inquiries by informing the investigator that we do not possess any data that could link activity or IP addresses to a specific user. Regarding a demand that we log activity going forward: were anyone ever to make such a request, we would refuse to re-engineer our systems in a way that infringes on the privacy protections that our customers trust us to uphold.
7. ExpressVPN allows all traffic, including BitTorrent and other file-sharing traffic (without rerouting), from all of our VPN servers. At the moment, we do not support port forwarding.
8. ExpressVPN accepts all major credit cards, PayPal, and a large number of local payment options. We also accept Bitcoin, which we recommend for those who seek maximum privacy in relation to their form of payment. As we do not log user activity, IP addresses, or timestamps, there is no way for ExpressVPN or any external party to link payment details entered on our website with a user’s VPN activities.
9. ExpressVPN apps generally default to our recommended protocol for security and performance: OpenVPN UDP. Our apps use a 4096-bit CA, AES-256-CBC encryption, TLSv1.2, and SHA512 signatures to authenticate our servers.
10. Yes, ExpressVPN protects users from data leaks in a number of ways; our leak protection and open-source leak testing tool suite are detailed on our Privacy Research Lab page.
Our “Network Lock” feature, which is turned on by default, prevents all types of traffic including IPv4, IPv6, and DNS from leaking outside of the VPN, such as when your internet connection drops or in various additional scenarios where other VPNs might leak.
We do not yet support IPv6 routing through the VPN tunnel, although we are considering adding this in the future in a subset of our server locations.
11. Our VPN servers are hosted in trusted data centers with strong security practices, where the data center employees do not have server credentials.
In the past year, we have developed technology to let our servers run in RAM only, booted from a read-only disk. That means we can apply server patches quickly and with certainty and prevent any possible intruder from persisting on our servers.
We do not keep activity logs or connection logs, and because our VPN servers cannot write to hard drives, they are unable to log sensitive data even by accident. We run our own logless DNS on every server, meaning no personally identifiable data is ever stored. We do not use third-party DNS.
12) ExpressVPN has over 3,000 servers covering 94 countries. For countries where it is difficult to find servers that meet ExpressVPN’s rigorous standards for server security, reliability, and speed, we use virtual locations to still make it possible for users to assume IP addresses registered to such countries.
These locations represent less than 3% of ExpressVPN’s server count, and the specific countries are published on our website here.
ExpressVPN website
1. No logs or timestamps are kept whatsoever. TorGuard does not store any traffic logs or user session data on our network. In addition to a strict no logging policy we run a default shared IP configuration across all servers. Because there are no logs or timestamps kept and multiple users sharing a single IP address, it is not possible to match any user to an IP address or username.
2. TorGuard is owned by VPNetworks LLC and operates under US jurisdiction.
3. We utilize customized software to monitor server health and network performance, we use global rule sets to try to catch and block attempts to abuse our service in real time. We also limit simultaneous connections through our backend authentication servers.
4. We use anonymized Google Analytics data to optimize our website and Sendgrid for transactional email. TorGuard’s 24/7 live chat services are provided through Livechatinc’s platform. Customer support desk requests are maintained by TorGuard’s own private ticketing system.
5. In the event a valid DMCA notice is received it is immediately processed by our abuse team. Due to our no log and no time stamp policy and shared IP network – we are unable to forward any requests to a single user.
6. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the nature of our shared IP network configuration and the fact that we do not hold any identifying logs or time stamps.
TorGuard’s network was designed to operate with minimum server resources and is not physically capable of retaining such logs. There is no on/off switch to log activity so it would be impossible to comply with such a request. No, this has never happened.
7. Yes, BitTorrent and all P2P traffic is allowed on all servers, no restrictions are in place. Yes, we do provide port forwarding through OpenVPN (with port fail protection), we also offer the ability to whitelist IP’s that can access open ports externally, and all other IPs will be blocked. We allow all ports above 2048 to be opened by users through the control panel in the member’s area.
8. We currently offer over 200 different payment options. This includes all forms of credit card, PayPal, Bitcoin, cryptocurrency (e.g. Litecoin, Ethereum, Monero + many more), Alipay, WeChat Pay, UnionPay, 100+ Gift Card brands, and many other worldwide local payment options.
It is impossible to be linked back to account usage or IP assignments because we maintain zero logs across our network.
9. For best security, we advise clients to use OpenVPN and select the cipher option AES-256-GCM, with 4096bit RSA and SHA512 HMAC. We use TLS 1.2 on all servers with perfect forward secrecy enabled. This can also be used in conjunction with Stunnel for a second SSL layer or it can be used in conjunction with shadowsocks stealth proxy that also uses AES-256-CBC on top of what you’re already using. OpenVPN port 53 also takes advantage of tls-crypt.
TorGuard offers a wide range of VPN protocols, including OpenVPN, iKEV2, IPsec, SSTP, OpenConnect/AnyConnect, Stunnel, WireGuard, SSH Tunnels and Shadowsocks.
10. TorGuard’s VPN software provides strict security features by automatically disabling IPv6 and blocking any potential DNS or WebRTC leaks.
We offer a full connection kill-switch that safeguards your VPN traffic against accidental disconnects and will hard kill your interfaces if needed. There is also an application kill-switch that can terminate specific apps if the VPN connection is interrupted.
TorGuard will begin offering IPv6 VPN connectivity in select Shared IP and Residential IP locations in the coming months.
11. We retain full physical control over all hardware and only seek partnerships with data centers who can meet our strict security criteria. All servers are deployed and managed exclusively by TorGuard staff.
By default, the TorGuard VPN app uses private no log DNS on each VPN endpoint. The TG android and desktop apps also allow clients to modify their connected DNS with a custom DNS entry of their choosing or to use TorGuard Endpoint DNS on 10.9.0.1.
All traffic between the end user and the VPN server is encrypted making it impossible for any provider to decipher the tunnel or snoop on user activity.
12. TorGuard currently maintains thousands of servers in over 55 countries around the world, and we continue to expand the network each month. All servers are physically located in the stated country of origin and we do not use any virtual locations on any location within the TorGuard network.
TorGuard website
1. No logs are retained that would allow the correlation of the user’s IP address to a VPN address. The session database does not include the origin IP address of
the user. Once a connection has been terminated the session information is deleted from the session database.
2. The name of the company is PrivActually Ltd which operates out of Cyprus.
3. Real abuse is mitigated by meatware [humans]. User traffic is not monitored or inspected in any way. TCP/IP sessions are not limited individually, but by server, to 10 million established connections. Packet floods are dealt with by using adaptive packet rate limiters at the switch port level and kick in at 90k pps. The number of concurrent connections is limited by the VPN backend software.
4. There is no visitor tracking mechanism, not even passive ones analyzing the web server logs. IPredator runs its own mail infrastructure and does not use third party products like Gmail. Neither do we use data hogs like a ticket system to manage support requests. IPredator sticks to a simple mail system and deletes old data after three months from the mailboxes.
5. Requests are evaluated according to the legal frameworks set forth in the jurisdictions the service operates in and we react accordingly. After receiving a request its validity is verified. DMCA takedown abuse using fake credentials seems to be all the rage these days.
6. If the court order is not a gag order, notice would be given in the canary and other media channels. In the case that we would be forced to log user activity, we would shut down the service. Spontaneous bankruptcy … sometimes the only winning move is not to play.
7. BitTorrent and other file-sharing traffic is allowed. On the public IP VPN pools, port forwarding is not required.
8. PayPal, Bitcoins, and Payson are fully integrated. Other payment methods are available on request. An internal transaction ID is used to link payments to the payment processor.
We do not store any other data about payments associated with the user’s account. The systems dealing with payments have no connection to the part of the infrastructure that handles VPN connections.
Frontend proxies are used to make sure user IP addresses do not show up in any of the backend systems. Payment processors cannot link a payment to a specific account or IP address based on the data we have to provide.
9. IPredator provides config files for various platforms and clients that enforce TLS1.2 on supported systems. Ideally, the client negotiates ECDHE-RSA-AES256-GCM as a suite for the control and AES256 for the data channel. For further protection, detailed setup instructions and howtos are provided to our users.
10. Netsplice, IPredator’s cross-platform VPN client, has native support for various types of kill switches. You can kill a program, just put it to sleep, shutdown your machine or wipe your hard disk … it is up to you. Users can use this page to check for a number of leaks, not just DNS leaks.
11. We own every server, switch, and cable we use to provide the VPN service up to our uplink network. The machines are located in Sweden due to the laws that allow us to run our service in a privacy-protecting manner.
If the situation should change we are able to move operations to a different country. The core of any privacy service is trust in the integrity of the underlying infrastructure. Everything else has to build upon that, which includes the DNS servers.
12. Sweden, no virtual locations at this time.
Ipredator website
1. No. Each time a user connects to ProtonVPN, we only monitor the timestamp of their last successful login attempt. This gets overwritten upon each successful login. This timestamp does not contain any identifying information, just the time and date of the login.
We do not collect any information regarding a user’s IP address, and we only retain the limited timestamp information to protect user accounts from password brute force attacks.
2. Our registered name is Proton Technologies AG, and we operate under the jurisdiction of Switzerland.
3. We use internal tools and systems to mitigate the abuse of our service and to ensure the best quality for our users.
4. We currently use anonymized Google Analytics data to optimize our website, but we are migrating to a local installation of Matomo, an open source analytics tool. For customer support, we use ZenDesk.
The information users provide when they contact our support team is processed for analytics purposes (like aggregating the number of questions regarding Secure Streaming), but they are not combined with any personal data.
5. A DMCA takedown notice or its non-US equivalent would be handled according to our internal processes. Such a request would never be connected to a specific user, thanks to our strict no-logs policy.
6. We can only disclose the limited user data we possess, but our strict no-logs policy means we don’t have any information about our users’ online activity.
The limited data we have will only be disclosed when requested by a Swiss court for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.
Court orders must be approved by either the Cantonal Courts of Geneva or the Swiss Federal Supreme Court. Under Swiss law, it is obligatory to notify the target of a data request, although such notification may come from the authorities and not from the Company. We have not had any requests of this kind.
7. We allow P2P torrenting on all of our paid plans. Depending on the laws of the country hosting the server, we might have to tunnel the connection through a P2P-friendly country. Currently, we do not provide port forwarding services.
8. We rely on third parties to process credit card and PayPal transactions, and we never save our users’ full credit card details. Our payment processing partners collect basic billing information to process payments and refunds, but it cannot be linked to a user’s online activity. We also accept anonymous cash or Bitcoin payments.
9. We only use VPN protocols that are known to be secure — either IKEv2/IPSec or OpenVPN. We encrypt our users’ traffic with AES-256, key exchange is done with 4096-bit RSA, and HMAC with SHA384 is used for message authentication. This is available for all users, including the ones on our Free plan. Plus and Visionary plan users can also use our Secure Core feature for an extra layer of security.
10. We currently support a Kill Switch on Windows, Android, and Mac. iOS users can use Always-on feature, as a true Kill Switch is prevented by Apple’s network-level restrictions on iOS. We operate our own DNS servers to ensure DNS leak prevention. Our servers currently support IPv4.
11. We never compromise on security; we only use physical servers from reputable third parties that have gone through our vetting process. Our Secure Core servers provide an extra layer of protection against any potential interference with our end servers, including by our partners. We do use our own DNS servers, which handle all our users’ DNS requests.
12. We currently have 380 servers in 31 countries, and we are continuously expanding our network. We only use physical servers that are located in their stated countries. We do not use any virtual servers or offer any virtual locations. A list of all our servers and their locations can be found here.
ProtonVPN website
1. Currently, we store no logs related to any IP addresses. There is no way for any third-party to match a user IP to any specific activity on the internet.
2. The registered name of the company is Server Management LLC and we operate under US jurisdiction.
3. A single subscription can be used simultaneously for three connections. Abuses of service usually means using non-P2P servers for torrents or DMCA notices. We use iptables plugin to block P2P traffic on servers where P2P is not explicitly allowed. We block outgoing mail on port 25 to prevent spamming activity.
4. We use live chat provided by tawk.to and Google Apps for incoming email. For outgoing email, we use our own SMTP server.
5. Since no information is stored on any of our servers, there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make it impossible to track who downloaded any data from the internet using our VPN.
6. HideIPVPN may disclose information, including but not limited to, information concerning a client, in order to comply with a court order, subpoena, summons, discovery request, warrant, statute, regulation, or governmental request. But due to the fact that we have a no-logs policy and we use shared IPs, there won’t be anything to disclose, excepting billing details. This has never happened before.
7. This type of traffic is welcomed on our German (DE VPN), Dutch (NL VPN), Luxembourg (LU VPN) and Lithuanian (LT VPN) servers. It is not allowed on US, UK, Canada, Poland, Singapore, Australia and French servers as stated in our TOS – the reason for this is our agreements with data centres. We do not allow port forwarding and we block ports 22 and 25 for security reasons.
8. Currently, HideIPVPN accepts the following methods: PayPal, Bitcoin, Credit & Debit cards, JCB, American Express, Diners Club International, Discover. All our clients billing details are stored in the WHMCS billing system.
9. SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case connection drops. Our apps are able to re-establish VPN connection and once active restart closed applications. Also, the app has the option to enable DNS leak protection.
10. Yes, our free VPN apps have both features built in. We do not support Dual Stack IPv4/IPv6 functionality.
11. We don’t have physical control on our VPN servers. Servers are outsourced in premium data-centre with high-quality tire1 networks. Our servers are self-managed, access is restricted to our personnel only. We use Google DNS for our VPN servers and ofcourse our DNS servers for Smart DNS.
12. At the moment we have VPN servers located in 11 countries – US, UK, Netherlands, Germany, Luxembourg, Lithuania, Canada, Poland, France, Australia and Singapore. As you can see a number of available locations are steadily growing.
HideIPVPN website
1. No, we don’t keep any logs. We have developed our system with an eye on our customers’ privacy, so we created a distributed VPN cluster with independent public nodes that do not store any customer data or logs at all.
2. Hide.me VPN is operated by eVenture Limited and based in Malaysia with no legal obligation to store any user logs at all.
3. We do not limit or monitor individual connections. To mitigate abuse we deploy general firewall rules on some servers that apply to specific IP ranges. By design one username can only establish one simultaneous connection.
4. Our landing pages which are solely used for advertising purposes include a limited amount of third-party tracking scripts, namely Google Analytics. However, no personal information that could be linked to the VPN usage is shared with these providers. We do not send information that could compromise someone’s security over email.
5. Since we don’t store any logs and/or host copyright infringing material on our services, we’ll reply to these notices accordingly.
6. It has never happened, but in such a scenario we won’t be able to entertain the court orders because our infrastructure is built in a way that it does not store any logs.
There is no way we could link any particular cyber activity to any particular user. In case we are forced to store user logs, we would prefer to shut down rather than putting our users at stake who have put their trust in us.
7. There is no effective way of blocking file-sharing traffic without monitoring our customers, which is against our principles and would even be illegal.
8. We support a wide range of popular payment methods, including all major cryptocurrencies like Bitcoin, Litecoin, Ethereum, Dash, Monero, Paypal, Credit Cards and Bank transfer.
All payments are handled by external payment providers and are linked to a temporary payment ID. This temporary payment ID cannot be connected to the user’s VPN account/activity. After the payment is completed, the temporary payment ID will be permanently removed from the database.
9. All modern VPN protocols that we all support – like IKEv2, OpenVPN, SoftEtherVPN and SSTP, are considered secure even after the NSA leaks. We follow cryptographic standards and configure our VPN servers accordingly in order to support a secure key exchange with 8192-bit key size and strong symmetric encryption (AES-256) for the data transfer.
10. Our users’ privacy is of utmost concern to us. Our Windows client has the features such as Kill Switch, Firewall to limit apps to VPN, Firewall to limit all connections to VPN, Split Tunnel, Auto Connect, Auto Reconnect etc which makes sure that the user is always encrypted and anonymous.
We have put in some additional layers of security which include default protection against IP and DNS leaks. Our Desktop apps also block outgoing IPv6 connections automatically to prevent IP leaks. Dual Stack IPv4/IPv6 functionality will be rolled out in Q2 2019.
11. We operate our own non-logging DNS-servers to protect our customers from DNS hijacking and similar attacks. However, we do not own physical hardware. There is intrusion detection and other various security measures in place to ensure the integrity and security of all our single servers.
Furthermore, we choose all third party hosting providers very carefully, so we can assure that there are certain security standards in place (ISO 27001) and no unauthorized person could access our servers. Among our reputable partners are Leaseweb, NFOrce, M247 and Softlayer.
12. Our servers are located in countries all over the world, among the most popular ones are Canada, Netherlands, Singapore, Germany, Brazil, Mexico and Australia. Below is the complete list of countries, alternatively you can view all available locations here.
Hide.me website
1. No. We believe that not logging VPN connection related data is fundamental to any privacy service regardless of the security or policies implemented to protect the log data.
2. Privatus Limited, Gibraltar.
3. We limit simultaneous connections by maintaining a temporary counter on a central server that is deleted when the user disconnects.
4. No. We made a strategic decision from day one that no company or customer data would ever be stored on third-party systems. All our internal services run on our own dedicated servers that we setup, configure and manage. No third parties have access to our servers or data.
We don’t host any external scripts on our website nor do we engage in advertising on Google or Facebook etc.
5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we inform them that we never store the IP addresses of customers connected to our network nor are we legally required to do so.
6. Firstly, this has never happened. However, if asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information. If legally compelled to log activity going forward we would do everything in our power to alert the relevant customers directly (or indirectly through our warrant canary).
7. Yes, we treat all traffic equally on all servers. Yes, we provide a port forwarding service.
8. We accept Bitcoin, Cash, PayPal and credit cards. When using cash there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system.
If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin. When paying with PayPal or a credit card a token is stored that is used to process recurring payments but this is not linked in anyway to VPN account usage or IP-assignments.
9. We provide RSA-4096 / AES-256-GCM with OpenVPN, which we believe is secure enough for our customers’ requirements.
10. Yes, the IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible including IPv6, DNS, network failures, WebRTC STUN etc. Our VPN clients work on a dual-stack IPv4/IPv6 but we currently only support IPv4 on our VPN gateways.
11. We use bare metal dedicated servers leased from third-party data centers in each country where we have a presence. We install each server using our own custom images and employ full disk encryption to ensure that if a server is ever seized the data is worthless.
We also operate an exclusive multi-hop network allowing customers to choose an entry and exit server in different jurisdictions which would make the task of legally gaining access to servers at the same time significantly more difficult. We operate our own network of log free DNS servers that are only accessible to our customers through the VPN tunnel.
12. Please see here. We do not offer virtual locations.
IVPN website
1. No, we do not record or store any logs related to our services. No traffic, user activity, timestamps, IP addresses, number of active and total sessions, DNS requests, or any other kind of logs are stored. System logs are disabled.
2. The registered company name is Netbouncer AB and we operate under Swedish jurisdiction where there are no data retention laws that apply to VPN providers.
3. We took extra security steps to harden our servers. They are running using Blind Operator mode, a software module which ensures that it’s extremely difficult to set up any kind of traffic monitoring. Abuses like incoming DDoS attacks are usually mitigated with UDP filtering on the source port used by an attacker.
4. No, we do not rely on and refuse to use external third-party systems. We run our own email infrastructure and encourage people to use PGP encryption for reaching us. The ticketing support system, website analytics (Piwik, with anonymization settings) and other tools are hosted in-house on open-source software.
5. We politely inform the sender that we do not keep any logs and
are unable to identify a user.
6. In the case that a valid court order is issued, we will inform the other party that we are unable to identify an active or former user of our service due to our particular infrastructure. In that case, they would probably force us to handover physical access to the server, which they would have to reboot to gain any kind of access due to the Blind Operator mode. Since we are running our custom system images directly into RAM, all data would be lost.
So far, we have never received any court order and no personal information has ever been given out.
7. Yes, BitTorrent, peer-to-peer and file-sharing traffic is allowed and treated equally to any other traffic on all of our servers. We do not provide port forwarding services, however, we do provide a public IPv4+IPv6 addresses mode which assigns IP addresses being used by only one user at a time the whole duration of the connection to the server.
In this mode, all ports are opened, with the exception of unencrypted outgoing port 25 TCP, usually used by the SMTP protocol, which is blocked to prevent abuse by spammers.
8. As of now, we propose a variety of payments options including anonymous methods such as Bitcoin, Bitcoin Cash, Litecoin, Monero, Ethereum and some other cryptocurrencies (through CoinPayments) and cash money via postal mail.
We also offer PayPal, credit cards (VISA, MasterCard and American Express through Paymentwall) and Swish. We do not store sensitive payment information on our servers, we only retain an internal reference code for order confirmation.
9. We recommend our users to use our WireGuard servers, using official
clients and tools available on Linux, macOS, Android, iOS, OpenWRT
(routers), and soon on Windows.
– Data channel cipher: ChaCha20 with Poly1305 for authentication and
data integrity
– Authenticated key exchange: Noise Protocol Framework’s Noise_IKpsk2,
using Curve25519, Blake2s, ChaCha20, and Poly1305. It uses a formally
verified construction.
10. We offer a custom open-source VPN application called azclient for all major desktop platforms (Windows, macOS and Linux) and currently support OpenVPN. Its source code is released on Github under a GPLv2 license. We plan to add a kill switch and DNS leak protection features to our client in the future.
As we provide our users with a full dual stack IPv4/IPv6 functionality on all
servers and VPN protocols, we do not need to provide any IPv6 leak protection. Our tunnels are natively supporting IPv6 even from IPv4 only lines, by tunneling IPv6 traffic into IPv4 transparently. Also, our WireGuard servers can be reached through both IPv4 and IPv6.
11. We physically own all of our hardware in all locations, including bare metal dedicated servers and switches, brought and installed on our own, co-located in closed racks on different data centers around the world meeting our strict security criteria, using dedicated network links and carefully chosen network upstream providers for maximum privacy and network quality.
We host our own non-logging DNS servers in different locations and provide DNSCrypt support for DNS requests encryption.
12. As of now, we operate across five locations including Canada, Spain,
Sweden, the United Kingdom, and the United States. New locations in Oslo,
Norway and Amsterdam, the Netherlands are planned soon. There are no
virtual locations.
AzireVPN website
1. We do not store a historical record of VPN sessions, source IPs, or sites you visited. We store a byte count of data used in the last 30 days and number of parallel connections.
2. Windscribe Limited, Ontario (Canada) Corporation.
3. We use bespoke tools specifically made for the purpose. We use the bandwidth usage in 30 days + number of parallel connections to weed out extreme cases of abuse (100+ connections and hundreds of terabytes used).
4. No, we self host everything. This includes email, analytics, support desk, and live chat. The only 3rd party services we use are Stripe, PayPal and CoinPayments.
5. We notify the sender that the IP address is a VPN node and is shared by hundreds of people at any given moment, so there is no way to trace the activity to any single user.
6. We have received multiple subpoenas and court orders requesting subscriber information. Our response was identical to what we send in case of a DMCA related request. We were never ordered to log users (although there were requests), but since we’re in Canada which has no mandatory data retention directives that apply to VPNs, we wouldn’t need to comply.
7. BitTorrent is allowed in all locations as we don’t interfere with the traffic. We request that users don’t use it in India, Russia and South Africa due to more stringent providers in those regions, but it’s more of a guideline than a rule.
8. Credit cards (Stripe), PayPal, all major cryptocurrencies and various gift cards. As we don’t store any logs of this type, there is nothing to link the payments to.
9. We support OpenVPN and IKEv2. Both are equally secure as we use the strongest encryption possible (GCM-AES-256) with both. We recommend trying IKEv2 first, as it’s faster almost in all cases. If it’s blocked on your network, then you can use OpenVPN which operates on common ports and is a lot harder to block, especially when using Stealth (Stunnel) mode. Our application tries all the protocols automatically and uses the best one for your specific network.
10. The Windscribe Firewall is built into our Windows and Mac applications. It blocks all connectivity outside of the tunnel to ensure that there is zero chance of any kind of leak, including but not limited to DNS leaks, IPv6 leaks, WebRTC leaks, etc. This is superior to a “kill switch”, which is a reactive measure, so there is no guarantee that nothing will leak.
11. All our servers are bare metal machines which are leased from various reputable hosting providers worldwide. We request to remove all anti-DDoS mitigations when possible to help reduce the chance of network monitoring. Each VPN node we operate has a recursive DNS server running on it, which is only accessible over the tunnel.
12. We have servers in 60 countries and over 110 cities. All our servers are physically where they are claimed to be, as we don’t have any fake/virtual locations.
Windscribe website
1. We do not keep or record any logs. We are therefore not able to match an IP-address and a time stamp to a user of our service.
2. The registered name of our company is “Offshore Security EOOD” (spelled “ОФШОР СЕКЮРИТИ ЕООД” in Bulgarian). We’re a VAT registered business. We operate under the jurisdiction of Bulgaria.
3. To prevent email spam abuse we block mail ports used for such activity, but we preemptively whitelist known and legit email servers so that genuine mail users can still receive and send their emails.
To limit concurrent connections to 6, we use an in-house developed system that adds and subtracts +1 or -1 towards the user’s “global-live-connections-count” in a database of ours which the authentication API corresponds with anonymously each time the user disconnects or connects to a server. The process does not record any data about which servers the subtracting/detracting is coming from or any other data at any time, logging is completely disabled at the API.
4. We host our own email servers. We host our own Ticket Support system on our servers. The only external tools we use are Google Analytics for our website and Live Chat software by Tawk.
5. DMCA notices are not forwarded to our users as we’re unable to identify a responsible user due to not having any logs or data that can help us associate an individual with an account. We would reply to the DMCA notices explaining that we do not host or hold any copyrighted content ourselves and we’re not able to identify or penalize a user of our service.
6. This has not happened yet. Should it happen our attorney will examine the validity of the court order in accordance with our jurisdiction, we will then inform the appropriate party that we’re not able to match a user to an IP or timestamp, because we’re not keeping any logs.
7. BitTorrent is allowed on all our servers. We offer port forwarding only on the dedicated IP private VPN servers at the moment. We will work on providing port forwarding automatically on all servers soon. The only ports which are blocked are those widely related to abuse, such as spam.
8. We accept PayPal, Credit/Debit cards, AliPay, Bitcoin, Bitcoin Cash, WebMoney, GiroPay, and bank transfers. In the case of PayPal/card payments, we link usernames to the transactions so we can process a refund. We do take active steps to make sure payment details can’t be linked to account usage or IP assignments. In the case of Bitcoin, we do not link usernames to transactions.
9. We use AES-256-CBC + SHA256 cipher and RSA4096 keys on all our VPN servers without exception. We also have Double VPN servers, where for example the traffic goes through Russia and Israel before reaching the final destination.
10. Yes, we provide both KillSwitch and DNS Leak protection. We actively block IPv6 traffic to prevent IP leaks, so connections are enforced via IPv4.
11. We work with reliable and established data centers. Nobody but us has virtual access to our servers. The entire logs directories are wiped out and disabled, rendering possible physical brute force access to the servers useless in terms of identifying users. We use our own DNS servers.
12. All our servers are physically located in the stated countries. A list of our servers in 60+ countries can be found here.
VPNArea website
1. We do not keep traffic logs that match an IP address to a user.
2. Our registered legal name is Hexville SRL. We’re under Romanian jurisdiction, which is a member of the European Union.
3. Our tools are developed in-house. To limit the concurrent connections we keep track of the active connections of users. Every user has a limited number of concurrent connections, depending on his subscription. When he connects, we subtract one. When he disconnects, we add one back. Reach zero and the service will not allow the user to connect until he disconnects one of his active instances.
To limit the brute force types of abuses, we monitor the health of the servers and limit the network priority of the obvious DDOS that might be masked through our service. SMTP abuses will also result in temporary port blocking for that service.
4. Emails and the support platform are hosted in-house. For our sales site analytics, we rely on Google Analytics. Live support is hosted by tawk.to, which has a great privacy policy.
5. We designed our system in such a way that DMCA notices cannot be forwarded to our users. A diverse approach is needed to deal with this particular industry issue: from explaining that we don’t host any content to replacing IPs and servers that received multiple strikes.
6. No subpoena has been received by our company. If that happens, we’ll be sure to assist as much as we’re legally obliged.
7. We allow any kind of traffic, P2P included. Port forwarding is not active at this time.
8. We use Bitcoins (and many other kinds of virtual currencies: ETH, XRP, DGB, LTC ), PayPal, PerfectMoney and credit cards. The sales & billing platform is stored separately from the actual VPN system, and VPN credentials are randomly generated, making it harder for them to be associated with an email address.
9. For mobile, we recommend IKEV2 Protocol which supports VPN-ON-DEMAND, allowing users to stay connected even when changing wifi networks or switching from wifi to data. We also support OpenVPN, with AES-256-CBC cipher, TLSv1/SSLv3 DHE-RSA-AES512-SHA, 2048 bit RSA.
On top of the OpenVPN, you can also choose one of the two anti DPI (Deep Package Inspection) protocols: “TOR’s OBFSPROXY Scamblesuit” and “SSL” that mask your VPN connection from your ISP. These protocols come handy in places that actively block VPN connections, like China, Egypt or university campuses.
10. Yes, we have an incorporated kill switch in our client as well as DNS leak protection. At the moment, only IPv4 is supported, but we do provide assistance to any user that might experience leaks.
11. We use our own DNS and Google DNS for some servers. Because of the nature of the industry, we consider that replacing servers and blacklisted IPs is fast as possible. The partners don’t have permission to access the servers and we’ll immediately stop the collaboration at any suspicion of snooping.
12. We do not offer virtual locations. We offer more than 30 servers in 18 countries and we’re expanding fast. You can find the full list here.
VPNBaron website
1. We do not keep any logs, and thus we have no data that could be retained and attributed to a current or former user. We do not collect any IP addresses, browsing history, session information, used bandwidth, connection timestamps, network traffic, or similar data.
2. Surfshark provided by Surfshark Ltd., a company registered in the British Virgin Islands (BVI).
3. We neither monitor nor log user activity on our network. Also, currently we do not limit the number of simultaneous connections. As a safeguard against abuse, such as unauthorized resellers or organizers of illicit activities which involve the use of a very large number of devices, we have implemented a Fair Usage Policy which manages inappropriate use of network and guarantees that our services can be used fairly by everyone.
4. For our operations and day-to-day business, we use the secure email system Hushmail. We do not use any of Alphabet Inc. products, except for Google Analytics, which is used to improve our website performance for potential customers. For a live 24/7 customer support and ticketing service, we use industry-standard Zendesk.
5. DMCA takedown notices do not apply to our service as we operate outside the jurisdiction of the United States. In case we received a non-US equivalent, we could not be of any help to authorities because of our strict no logs policy. It would simply not be possible to attribute any claims to a specific user as we have no information about any of our current or former users.
6. We have never received a court order or any logging requirement from the British Virgin Islands (BVI) authorities. If we ever received a court order from the BVI authorities, we would truthfully respond that we are unable to identify any user as we keep no logs whatsoever. If data retention laws would be enacted in the BVI, we would look for another country to register our business in.
For any information regarding received legal inquiries and orders we have a live Warrant canary.
7. Surfshark is a torrent-friendly service. We not only allow all file-sharing activities and P2P traffic, including BitTorrent, but also protect P2P users from any possible threats, such us tracking, surveillance, and such. We do not provide port forwarding services, and we block port 25.
8. Surfshark subscriptions can be purchased using various payment methods, including many which are only available in certain countries. As well as cryptocurrency we accept PayPal, Alipay and major credit cards. None of these payments can be linked to a specific user account.
9. For our users, we recommend using advanced IKEv2/IPsec and OpenVPN security protocols with strong and fast AES-256-GCM encryption and SHA512 signatures. The AES-256-GCM is different from a widespread AES-256-CBC as it has an inbuilt authentication which makes encryption process much faster. All our apps are based on a fast, stable, and reliable IKEv2 security protocol, including Windows app, which is a very rare case in the industry. Our Linux app is based on OpenVPN.
10. We provide ‘kill switches’ in most of our apps which also have built-in DNS leak protection. Also, Surfshark comes with a plethora of other security features, such as IP masking, IPV6 leak protection, WebRTC protection, a CleanWeb™ feature to block trackers, ads, and malware, MultiHop™ which works as double VPN, Whitelister™ for a split tunneling functionality, etc.
Currently, we do not support Dual Stack IPv4/IPv6 functionality, but it is in the product development roadmap.
11. We use our own DNS servers which do not keep any logs as per our Privacy Policy. All our servers are physically located in trusted third-party data centers. We always perform due diligence before choosing each of our providers to make sure they meet our security and trust requirements.
Nevertheless, even in the case of unanticipated snooping attempts, nobody would be able to decrypt the traffic as we encrypt it with modern AES-256-GCM encryption which has not been cracked yet.
12. As of March 2019, we maintain over 800 servers which are physically located in 69 locations, based in 50 different countries. We do not offer virtual locations.
Surfshark website
1. We don’t store any kind of IP logs in any shape or form, neither through the available payment methods during the order, nor on the VPN servers themselves.
All VPN servers are set up in a way to completely avoid producing critical output in the first place, or in the very few rare cases where they do, we redirect it to “/dev/null” right away.
2. Technically speaking, we don’t have a company which is incorporated with our VPN business infrastructure. We operate this entire service with a group of four individual persons, who mostly reside in the Eastern European region and we, therefore, don’t have, need or want a company headquarter address.
There is no such thing as a main jurisdiction under which our service operates from. For tax reasons only, we have a company structure set up in Bosnia. It is not visible in the public eye and only used behind the curtains for certain actions.
3. We take common counter-measures if deemed reasonable. For example, blocking certain ports like 25, 80. Or, if we know certain ports are the default port of RATs then we disallow such few ports from being forwarded. But seeing how a user could simply use another non-default port instead, this isn’t really so effective either. Concurrent connections are not checked.
If we receive an abuse complaint about an event which is literally happening right now, in realtime, then we do a quick simple check if the user is maybe assigned to a dedicated IP. If that’s the case, we go ahead and suspend this account to end the ongoing abuse.
4. Yes, we use Kayako ticket software for support. Apart from that, we use self and custom coded solutions within our whole infrastructure wherever possible. On the website, we use only two third-party services, that being the CAPTCHA picture provider and the support ticket software.
5. DMCA notices are internally treated as low ranked abuse cases which are mostly ignored where possible. For countries like the USA, we send an automated template reply to the hosting provider informing them the case has been solved. Only in very rare cases, we would even think about moving an entire shared IP group to another country where DMCA notices are ignored, like Sweden, Switzerland and the like.
6. The steps are identical and always the same. We reply to the requester and explain that there are no IP logs kept and that no other useful information is available which could help during the event of an investigation.
And yes, requests along the lines of somebody basically asking us to start logging in order to help solve a certain case, have actually happened in the past, but we did not and are not going to comply with those kinds of requests.
7. File-sharing is allowed on all our server locations and it’s really no issue to us. We offer a port forwarding feature. We have only one port blocked in the Firewall: 25/tcp
8. Non-disputable payment solutions like Bitcoin (Cryptocurrency in generally), PerfectMoney, WebMoney, Paysafecard, Amazon Giftcard, Yandex are NOT linked with the user account, because there is no reason to do this. Non-disputable payments are paid and forgotten. Contrary to that, disputable payment methods like PayPal, Skrill are linked to a user account in order to suspend the account in the case of a payment dispute.
This has nothing to do with IP assignments or account usage, the linking for disputable payment methods is strictly limited to the event where a payment gets disputed, so that the related account can be closed.
9. We would still recommend using our default OpenVPN 256 Bit AES-CBC / SHA512 solution, but on top of that, we offer even further obfuscation / hardening approaches. For example, a TLS-crypt OpenVPN config, or even combine it with Stunnel (which is available on all servers) to add a second layer of traffic obfuscation where needed/desired.
10. Yes, our own custom-coded client has an advanced IP kill-switch and as well a DNS leak protection for IPv4 included. Furthermore, we are currently working on a fully native IPv6 integration some point this year. Once that is completed, we will add IPv6 DNS/IP leak protection. There is no Dual Stack IPv4/IPv6 functionality available yet.
11. The server infrastructure for the VPN servers is operated from third-party datacenters. Even if we wanted, we can not always have full physical control of all servers all over the globe. Yes, we are from now on using our own setup DNS nameservers provided by the “Unbound” software.
About the snooping part, we are in fact currently working on our own implementation approach to further harden potential snooping attempts from third-parties.
12. At the time of writing this, we operate physically located servers in the following countries: Albania, Armenia, Australia, Austria, Belarus, Canada, Czechia, Denmark, Finland, France, Germany, Hong Kong, Hungary, India, Iran, Israel, Italy, Kaliningrad, Macedonia, Moldova, Netherlands, Norway, Panama, Poland, Romania, Russia, Serbia, Singapore, South Africa, South Korea, Spain, Sweden, Swiss, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.
Given that some of those locations are very exotic and hard to acquire, 11 of those countries use virtual servers.
nVpn website
1. No, we don’t keep such logs and we do not log or inspect users’ traffic data and/or metadata.
2. The name is AirVPN and it operates in Italy. The VPN service has been active since 2010.
3. Our infrastructure remains totally protocol and application agnostic. The limit of 5 concurrent connections per account is enforced through a simple integer counter to not affect in any way the customers’ privacy layer.
4. No, we do not use any external e-mail provider or any external analytics or support tool. We do not use any tracker for any purpose, not even in our Android app.
5. They are ignored unless the takedown notice pertains to some web site hosted behind our VPN servers (thanks to our remote port forwarding system), in which case we reserve the right to investigate that web site and make a decision based on a case-by-case basis.
6. We will do our best to comply with legitimate orders by competent magistrates, but of course, we can’t give out information that we do not have.
About orders enforcing indiscriminate traffic monitoring, they can’t be satisfied by us because we do not meet the legal requirements to gather data in such a way which can be legally meaningful in a court (the chain of integrity cannot be assured), so it’s unrealistic to suppose such a scenario, which actually has never occurred in 9 years of operations.
7. Yes, P2P protocols are allowed on every and each Air VPN server. Our infrastructure remains protocol and application agnostic. The only and unique exception is our block of outbound port 25, which is anyway not a big deal except for professional spammers. We support inbound remote port forwarding, while no outbound ports (except 25) are blocked. Therefore, services behind our VPN servers, including P2P software, can receive incoming connections if the user wishes so.
8. We rely on PayPal, 2Checkout Avangate and CoinPayments for a wide range of cryptocurrencies, including Monero and ZCash, while we process Bitcoin directly without intermediaries. Since the transaction data will be retained indefinitely (or for a very long time) by credit card companies and PayPal, we make sure to accept payments with cryptocurrencies, to offer the option to make the privacy and anonymity layers stronger and prevent any correlation between VPN usage and customers’ identities.
Additionally, we do not require any personal data to use the service, not even an e-mail address. If a customer shares an e-mail address (essentially to receive support via e-mail) this will be protected according to the best privacy and personal data protection practices and in accordance with the GDPR. No data is ever sent to any third-party entity.
9. We would recommend using the latest OpenVPN version supporting tls-crypt and TLS 1.2 (as soon as OpenVPN 2.4.7 will be widespread, we will also support TLS 1.3). Preferred cipher for both the Control Channel and the Data Channel are AES-256-GCM (default settings in our service). In case an old OpenVPN version is used, we recommend AES-256-CBC with HMAC-SHA384 as MAC (default settings again in our service when used with old OpenVPN versions). The initial handshake must be protected by an RSA key, which must have at least a 2048 bit size (4096 bit in our service).
It is essential that on server side OpenVPN operates in “full TLS” mode to ensure Perfect Forward Secrecy. For an effective PFS, Diffie-Hellman keys must be at least 2048 bit in size, and should be unique on each server (we use per server unique 4096 bit DH keys).
Last but not least, as an obvious requirement for the aforementioned TLS mode that AirVPN has always employed, OpenVPN must be configured properly to ensure reciprocal authentication between client and server via certificates and keys (never with username and password alone).
10. Our free and open source software, available for Android, GNU/Linux, OS X, macOS and Windows, implements a “Network Lock” method to prevent traffic leaks outside the VPN tunnel.
AirVPN supports pure IPv6, pure IPv4, and IPv6 over IPv4 connections. Optionally, our software can even block IPv6 completely (disabling IPv6 option is not available on Android for system access limitations). Users whose ISP does not provide IPv6 connectivity can access IPv6 based services through our VPN servers. DNS leaks are prevented as well.
11. We do not own datacenters, so our servers are all hosted in third-party datacenters, either when they are our property or they are rented. Mitigation against data snooping by datacenters is carefully applied. Mitigation includes, but is not limited to:
– no database is kept on the VPN servers
– all logging is sent to /dev/null
– everything is kept in RAM except the parts required for the bootstrap of the server
– any change to the system is recorded and sent encrypted to us (and not stored on the server)
– unnecessary kernel or system parts are discarded
– DH keys are on the server, but they are unique per each server
– IPMI is disabled or access to it is restricted to specific VPN or specific IP addresses
– VPN servers do not communicate directly with backend servers: any necessary communication passes through reverse proxies, so that single datacenters can not know where the databases (client keys, certificates, etc.) are located.
We talk about mitigation because the main threat in this respect is simply inspecting all incoming packets and correlating them with all outgoing packets. There is no known method to ascertain for sure when such “black boxes”, external to the server, are operating, simply because they work “outside”. For such a threat model, again we recommend partition of trust and that’s also the reason for which we support Tor so strongly by running or financing a great number of relays and exit nodes.
12. Our servers locations, as well as a lot of additional information, are visible in our real-time servers monitor here. We don’t use virtual servers.
AirVPN website
1. We don’t keep any logs.
2. CactusVPN Inc., Canada
3. We restrict our services to up to 5 devices per account for the VPN connection. Abuse of services is regulated by our Linux firewall and most of the datacenters we rent servers from provide additional security measures against server attacks.
4. No.
5. We haven’t received any official notices yet. We will only respond to local court orders.
6. If we receive a valid order from Canadian authorities, we have to help them identify the user. But as we do not keep any logs, we just can’t do that. We haven’t received any orders yet.
7. BitTorrent and other file-sharing traffic are allowed on servers in the Netherlands, Germany, Switzerland, Spain and Romania.
8. PayPal, Visa, MasterCard, Discover, American Express, Bitcoin & Altcoins, Alipay, Qiwi, Webmoney, Boleto Bancario, Yandex Money and other less popular payment options.
9. We recommend users to use SoftEther with ECDHE-RSA-AES128-GCM-SHA256 cipher suite.
10. Yes, our apps include a Kill Switch. They also include DNS Leak protection. We only support Iv4.
11. We use servers from various data centers. All the VPN traffic is encrypted so the data centers cannot see the nature of the traffic, also the access on all servers is secured and no datacenter can see its configuration.
12. Here is our overview of server locations.
CactusVPN website
1. Trust.Zone doesn’t store any logs. All we need from VPN users is an email to sign up. No first name, no last name, no personal info, no tracking, no logs.
2. Trust.Zone is under Seychelles jurisdiction. The company is operated by Internet Privacy Ltd.
3.Trust.Zone doesn’t use any third party tools on our website. The only restriction is three simultaneous connections per user.
4. Trust.Zone does not use any third-party support tools or tracking systems.
5. If we receive any type of DMCA requests or Copyright Infringement Notices – we ignore them.
6. A court order would not be enforceable because we do not log information and therefore there is nothing to be had from our servers.
Trust.Zone is a VPN provider with a Warrant Canary. Trust.Zone has not received or been subject to any searches, seizures of data or requirements to log any actions of our customers.
7. We don’t restrict any kind of traffic. Trust.Zone does not throttle or block any protocols, IP addresses, servers or any type of traffic whatsoever.
8. All major credit cards are accepted. Besides PayPal, Alipay, wire transfer and many other types of payments are available. In 2018 we have started working in partnerships with anonymous crypto like Verge, Bytecoin, Emercoin.
9. We use a protocol which is faster than OpenVPN and also includes Perfect Forward Secrecy (PFS). Trust.Zone uses AES-256 Encryption by default. We also offer L2TP over IPsec which also uses 256bit AES Encryption.
10. Trust.Zone supports a kill-switch function. We also own our DNS servers and provide users with using our DNS to avoid any DNS leaks. Trust.Zone has no support for IPv6 connections to avoid any leaks. We also provide users with additional recommendations to be sure that there are no DNS leaks or IP leaks.
11. We have a mixed infrastructure. Trust.Zone owns some physical servers and we have access to them physically. In locations with lower utilization, we normally host with third parties. But the most important point is that we use dedicated servers in this case only, with full control by our network administrators. DNS queries go through our own DNS servers.
12. We are operating with 177+ dedicated servers in 37 countries and are still growing. We also provide users with dedicated IP addresses if needed. The full map of the server locations is available here.
Trust.Zone website
1. SwitchVPN does not store any logs which would allow anyone to match an IP address and a time stamp to a current or former user of our services.
2. The name of the company is CS SYSTEMS, INC and it operates out of the United States.
3. We use preventive methods to prevent abuse of our service such as SMTP blocking which would prevent any spamming from occurring.
4. We use Crisp Live Chat and Google Analytics but users can choose to chat with us without providing any identifying details and no personal information is stored.
5. SwitchVPN is transitory digital network communications as per 17 U.S.C § 512(a) of the Copyright Act. So in order to protect the privacy of our users we use shared IP addresses, which makes it impossible to pinpoint any specific user. If the copyright holder only provides us with an IP address as identifying information, then it is impossible for us to associate a DMCA notice with any of our users.
6. There have been no court orders since we started our operation in 2010, and as we do not log our users’ sessions and we utilize shared IP addresses, it is not possible to identify any user solely based on timestamps or IP addresses.
Currently, there is no mandatory data logging in the United States but in-case the situation changes, we will migrate our company to another privacy friendly jurisdiction.
7. Yes, all torrent traffic is allowed on all of our servers, however, we have a special list of servers which provides a port forwarding option which will give people a better experience while torrenting. No ports are blocked.
8. We accept Credit Card, PayPal, Bitcoin, and Paymentwall. SwitchVPN assigns all of its users random login details instead of email and password. Which makes it more anonymous while using our service.
9. By default, our application uses the highest encryption settings in OpenVPN with AES-256-GCM.
10. Yes, our application comes with built-in Kill Switch in case of any drops and SwitchVPN also uses its private DNS to anonymize all DNS requests. It also comes with DNS leak protection and it has passed all the tests by major reviewers. Currently, we do not offer Dual Stack IPv6 Functionality but it will be implemented very soon.
11. Before we get into agreement with any third party, we make sure the company does not have any poor history for privacy and we make sure the company is in-line with our privacy requirements for providing our users with a no log VPN service. We also use our own DNS servers to anonymize all DNS requests.
12. All our servers are physically located in the countries we have mentioned, we do not use virtual locations.
SwitchVPN website
1. At VyprVPN we do not log any usage data from our VPN service, and we are unable to match an IP-address and a time stamp to a specific user.
2. Golden Frog, GmbH – Meggen, Switzerland. We have operated under the jurisdiction of Swiss law since 2014.
3. Our proprietary server software checks open VPN connections to the servers so we can enforce concurrent connection limitations. This state information is not logged. Once the connection closes the state information is gone. We also block port 25 (SMTP) outbound on our edge routers to mitigate the use of our service to send SPAM.
4. We use a couple of different platforms, namely Zendesk for support tickets and SnapEngage for live chat support. We also utilize Silverpop and MailChimp as our email platforms to communicate with customers. Our customers, of course, keep the option to opt out of our email program if they’re not interested. We only share account information, such as email address, with our providers; and have a strict no log policy that prevents us from obtaining or sharing any customer VPN usage data internally or externally.
5. To increase the privacy for our users, we do not log the IP address used by any user. If we receive a DMCA notice that relies on IP address and a time stamp as identifying information, it is not technically possible for us to associate a DMCA notice with any of our users with this information.
6. We cooperate fully with law enforcement agencies. In the past, we have always requested a subpoena before providing a member’s identifying information – minimal information reasonably calculated to identify and no more.
We only record personal data that is associated with a user’s account which can include name, email address, phone number, payment information and/or physical address. We do not retain any data associated with the VPN service usage. Although we have never been asked by law enforcement to log additional user activity, we would seek the protection of strong Swiss privacy laws to vigorously fight such an attempt.
7. We do not discriminate against devices, protocols, or application. All traffic is allowed on our network at any of our VPN servers across the world, including BitTorrent.
Once a customer is connected to our service they are provided with a public IP address that allows all ports inbound to them. Outbound traffic is open as well with the exception of port 25. We block 25 outbound to prevent the abusive use of our service for sending spam.
8. We never store credit card information or other potentially vulnerable payment information for any of our customers. We utilize well known, industry standard, payment processors to protect this information. And since we are a No Log VPN service we cannot link any individual’s account usage or IP-assignments to our customers.
9. For the most private experience, we recommend that our users try our proprietary Chameleon VPN Protocol in tandem with VyprDNS, our No Log DNS service.
10. Absolutely, we understand the need to protect people on insecure networks or living under censorship restrictions. VyprVPN includes a Kill Switch feature that is available on our Mac, Windows, and Android apps. DNS Leak Protection is included with all our desktop and mobile applications. VyprVPN also offer users access to our No Log DNS service, VyprDNS, to further protect DNS requests. We currently only run IPv4.
11. We own, engineer and manage our VPN servers and network so we can deliver fast and reliable connections and remain independent from any third parties. Along with owning 100% of the physical hardware to operate VyprVPN, we also own and operate our own DNS solution – VyprDNS.
12. We do have some virtual locations and we allow VyprVPN users to utilize more than 200,000 IP addresses. We maintain and operate more than 700 servers scattered across more than 70 different countries. We have virtual locations in our own physical data centers across the globe.
VyprVPN website
1. We do not keep any logs at all.
2. Three Monkeys International Inc., registered in Seychelles.
3. There’s no limit aside from three active auth sessions per membership. We use Wireshark and TCPdump once every while, to block problematic flows of traffic (such as DNS amplification), and we are one of the rare VPN providers to always inform our members before doing so.
4. No, everything runs in-house.
5. We publish a public report (itself recorded at the Lumen Clearinghouse), and we state to the reporter that beyond blocking the port there is nothing we can do.
6. We publish orders and requests to the public before undertaking any action. We will never actively monitor our users following the lessons we learned from the EFF and others. We can only give access to our servers to competent authorities while ensuring to keep our users updated about such a move, either through a direct notice or our warrant canary. So far, we modified our warrant canary once about a server in France that we later dropped from our network.
7. We do not discriminate any traffic activity so BitTorrent and other file-sharing traffic are allowed. We provide port forwarding services, and we only block ports that generate abuse for third-parties.
8. We use PayPal, G2A, Paymentwall, and CoinPayments. All four combined lets us process pretty much any kind of payment method ranging from credit card to cryptocurrencies.
9. We have an advanced TLScrypt curved coupled with Serpent that we are experimenting with. Alternatively, we recommend TOR’s “obfs4” obfuscation along with our standard AES-256 + RSA4096 + SHA512 (with Perfect Forward Secrecy) that alone matches the industry’s finest standards. We provide a variety of protocols (ECC, SoftEther-based, XOR, etc.) to match the tastes and expectations of everyone.
10. We provide kill switches directly inside our VPN client, and we also have detailed tutorials on implementing custom kill switches. Our network forbids any public IPv6 and provides dual stack technology to let users connect to the IPv6 network using private methods as with IPv4.
11. We use our custom DNSCrypt servers, and all our equipment is running from encrypted RAM-based processes. Most of our servers are bare-back with own hardware. And for exotic locations where we rent from third parties, we ensure to kill off any KVM access, so our setup runs from a unique, auto-starting image.
12. We operate servers in more than 50 countries, and we only provide real physical locations. We do not use virtual locations.
Proxy.sh website
1. We don’t log any user-identifying information. Metadata or identifiers namely IP addresses, timestamps or any sort of connections on our VPN or authentication servers. The speed of connections are not logged or retained at all. Period.
That being so, the total amount of data used is kept for a month solely for the limited purpose of preventing trial abuse duly stated in our money-back guarantee as well.
2. PrivateVPN is run by a Swedish company viz. ‘Privat Kommunikation Sverige AB’ under Swedish jurisdiction
3. The nature of our VPN service makes it practically impossible for us to do any sort of live monitoring at all.
4. We use a service known as LiveAgent to provide email or ticket and live chat support. They do not hold any information about chat sessions. Chat conversation transcripts are not stored on chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email to a user, and then destroyed.
5. DMCA is not applicable to our service as it is not a codified law or act under Swedish jurisdiction. So, it is none of our business. A Swedish equivalent isn’t in the scene as of now in our jurisdiction at all.
6. As already mentioned above, we don’t retain or log any identifiers at all. So, basically even when ordered to actively investigate a user we are limited to the number of active logins which is just a numerical value. That being said, we have not received a court order to date.
7. Of course, P2P is allowed on all our servers as a matter of policy. Port forwarding is readily available on all the platforms. Moreover, Dynamic Dedicated IP with all ports open (which you are allotted from a block of IPs we have dynamically when you are connected, this IP is a dedicated IP and when allotted to you, no one else in the world but you are uniquely using it.) are also available. Dynamic dedicated IPs are offered in multiple locations (not all as of now) with OpenVPN-TUN-UDP/1194 connection type only.
8. We support PayPal, Stripe, and Bitcoin. Alipay as a payment method is en route. We offer a 30-day money-back guarantee and in order to enforce it, we keep a track of payments linked to a user account. There is no way to link an IP address assigned from us to a user account as we do not log such data.
9. No single VPN protocol works for everyone. We support multiple VPN protocols viz. PPTP, L2TP, IPsec, IKEv2, OpenVPN and Wireguard(beta). Our default VPN protocol on all the platforms is OpenVPN over UDP with 256-bit security for both data and TLS control channel encryption.
We recommend a user with an ideal ISP to use OpenVPN over UDP/1194. In case your ISP happens to throttle default OpenVPN port 1194, you can use OpenVPN over TCP/443, which is deployed with the latest –tls-crypt that OpenVPN offers for additional privacy and very basic obfuscation of the protocol itself.
For users who love built-in VPN clients for an OS, like Windows, Mac, Blackberry, iOS etc, we recommend IKEv2. For users from UAE, Egypt, some parts of China etc, we are offering and actively improving secure Stealth VPN technology to tunnel a client’s VPN traffic for users from Egypt, UAE, China etc. For Tor lovers, we offer a guide, help, instructions on how to connect to our OpenVPN servers over Tor for additional security and privacy.
For speed and comparatively low latency, state-of-the-art Wireguard server is recommended.
10. Our Windows VPN App offers robust Kill switch and DNS leak protection. DNS leaks on any major platform are owing to broken installations which are fixed as soon we see a report or any issues. IPv6 leak protection is available on every platform and multiple VPN protocols. We offer guides and instructions to set up a kill switch on macOS, GNU/Linux, BSD etc and are rapidly working with our developers to add these features in our easy to use and install VPN applications.
As of now, no Dual stack VPN is available, unfortunately.
11. We have physical control over our servers and network in Sweden. We’re only using trusted data centers with strong security. Our providers have no access to PrivateVPN’s servers and most importantly, there is no customer data/activities stored on the VPN servers or on any other system we have.
12. We use a mix of physical and virtual servers depending on the demand and needs of a given location. Virtual servers are categorized in our server list on our website to avoid confusion and maintain transparency.
PrivateVPN website
1. No, FastestVPN does not record any logs. Your internet activity such as your browser history, traffic destinations, DNS queries, downloads and uploads, and the websites you visit all stay with you.
2. FastestVPN is incorporated under the name Fast Technology Limited. It operates out of the Cayman Islands and under its jurisdiction.
3. We use an in-house developed tool to limit the maximum number of connections to 10 devices. It is used for this purpose and this only.
4. We use Google Analytics and Hotjar to improve our service and make our website more user-friendly. We also use a live-chat tool called Tawk.to for the purpose of providing 24/7 support to customers.
5. Because we operate under the jurisdiction of Cayman Islands, the DMCA has no authority or influence on us. Therefore, we are not required to comply with such notices.
6. Although such an event has not occurred, we may comply in the event a Cayman Islands Court orders us to provide information on a user’s activity. But because we do not log any activity, the information we provide cannot help identify any of our customers.
7. Our servers are optimized for P2P and allow BitTorrent and other file-sharing traffic. We suggest users to connect to our European servers for the best speed.
8. We provide our customers with the option to pay with Credit Card, eWallets (PayPal, Apple Pay, Visa Checkout, MasterPass etc), AliPlay, and other payment methods such as Skrill, Webmoney etc. It is handled by the payment processor which requires only basic billing information for payment processing and refund requests. The details can’t be linked to any particular customer.
9. We recommend the use of the OpenVPN and IKEv2 protocols for better security. We use multiple security protocols coupled with AES 256-bit encryption.
10. We do provide Kill Switch and DNS leak protection features.
11. We rely on both owned and outsourced servers. We maintain exclusive rights to our servers that are physically located across various countries worldwide. We use our own DNS servers.
12. All of our servers are physically located in various countries worldwide. We currently have servers in 23 countries. You can check the full list of locations here.
FastestVPN website
1. No, none of our logs contain any data that can be used to match an IP or time stamp with a user.
2. Cryptostorm consists of several different entities that are in different regions. This is so if an adversary were to put legal pressure on one of those entities, we can simply drop and replace it, along with any resources that might be under it. The names and locations of these entities are not publicly disclosed, simply to make it more difficult for any potential adversaries.
3. Abuse is mitigated by using Snort’s NFQ DAQ as an Intrusion Prevention System. This allows us to block the most basic or automated attacks/scans that would violate the Terms of Service at most data centers. Snort is used directly against the tunnel interface, which means any alerts generated would only include the internal 10.x.x.x VPN IP, which is randomly generated. No customer IPs ever show up in those Snort alerts.
4. No, email/support is done in-house on our own servers.
5. Most of the data centers we’ve chosen aren’t legally required to do anything about DMCA notices or similar complaints. Currently, the only exceptions are one of our Dutch data centers and the London one, which both require a response from us. For them, we use a template very similar to this.
If an ISP, data center, or anyone else were to request customer information related to a DMCA complaint, we wouldn’t be able to provide anything since we don’t have anything. If a data center threatens to suspend our server if we don’t provide something more useful, we would simply stop doing business with that data center.
6. We wouldn’t be able to comply with any court order requesting customer information since we don’t have any information to give. If a court successfully ordered one of our entities to start collecting customer information, we would absolve any entities in that court’s region.
As of March 2019, we have never received any such court orders. If any “gag orders” were successful, our warrant canary would inform customers of its existence.
7. Yes, BitTorrent etc. is allowed. We also provide port forwarding. The only ports blocked at the moment are blocked for security reasons: ports 135, 139, and 445 which could be used to deanonymize a Windows customer using one of the many NetBIOS/SMB vulnerabilities.
8. Credit/debit card payments are accepted via PayPal and CCBill. Bitcoin is accepted through BitPay. Bitcoin, Litecoin, Bitcoin Cash, Monero, BlackCoin, CloakCoin, Dash, Decred, DigiByte, Dogecoin, Ether Classic, Ether, Expanse, GameCredits, Komodo, LISK, Namecoin, PotCoin, Peercoin, Qtum, Stratis, Syscoin, Vertcoin, VERGE, ZCash, ZenCash, and TetherUSD are accepted through CoinPayments.net.
Our anonymous token authentication system plus our no-logging policy prevents us from knowing which customers are connected to which server, or what traffic they’re generating on that server.
9. Our most secure OpenVPN instances use: AES-256-GCM to encrypt the data channel; TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 for the control channel, forced to at least TLSv1.2 to prevent downgrade attacks, with support for TLSv1.3; 521-bit secp521r1 ECC server/CA certificates (~15360-bit RSA), signed with ecdsa-with-SHA512; A 2048-bit static key for additional encrypting/authenticating of control channel packets via -tls-crypt.
Perfect Forward Secrecy is implemented in all of the above using ephemeral keys or unique DH parameters, with key renegotiation every 20 minutes.
10. For Windows users, our open-source VPN client includes a kill switch and DNS/IPv6 leak protection. For every other OS, we offer firewall rule sets for iptables, ufw, pf, etc. that will accomplish the same. Only IPv4 is supported at the moment, so instructions for blocking or disabling IPv6 are provided.
11. To account for the possibility of physical compromise (i.e., a confiscated server), each server is designed to be as disposable as possible. No data on the servers can be used to identify a customer, nor can it be used to gain access to any other server.
We also do secure PKI management, which means the CA private key is never stored on the VPN server, and each server gets its own unique server certificate/key pair.
Although our data centers aren’t known to actively monitor customers, we assume that they are, or can if requested. That’s why we use cryptography that’s probably unbreakable, which means the most any snooper can see is encrypted traffic coming in, but because of other users on the server, they won’t be able to correlate incoming and outgoing traffic.
We use our own DNS servers, as well as DNSCrypt to encrypt a client’s DNS before they connect to the VPN. We also offer an optional DNS-based ad/tracker blocking service. All of our DNS and DNSCrypt servers are publicly available, which means you don’t have to be a customer of ours to use them.
12. Our current country/server list is available here. We do not use VPS/VMs for our VPN servers. Only bare metal dedicated servers.
CryptoStorm website
1. We do not maintain any logs that would allow us to identify a user.
2. What The * Services, LLC is incorporated in the USA.
3. All limiting is done by active sessions to prevent one person from sharing an account with hundreds of people. We use a custom session management system which operates completely on real-time data and keeps no logs.
4. We run all of our own communications infrastructure. No analytics software is used currently.
5. We send out the following response as we have no logs.
6. We have only had one of these requests for a VPS client. The customer’s identity was never revealed to the people making the DMCA take-down request and subpoena, because the bill was paid in Bitcoin & throwaway email account was used.
If this happens again in the future, we will take several steps. First, we would consult with our lawyers to confirm the validity of the order/subpoena, and respond accordingly if it is NOT a valid order/subpoena. Then we would alert our user of the event in the event we are legally able to.
If the order/subpoena is valid, we would see if we have the ability to provide the information requested, and respond accordingly if we do NOT have the information requested. If we DO have the information requested, we would immediately reconfigure our systems to stop keeping that information. Then we would consult with our lawyer to determine if there is any way we can fight the order/subpoena and/or what is the minimum level of compliance we must meet, and notify the user of the event if we are legally able to do so.
If we were forced to start keeping logs on our users, we would go out of business and start a new company in a different jurisdiction.
7. We do allow file sharing on our network. We do ask people to use the EU nodes for file sharing. We have no way to enforce that, but it helps to prevent the USA based nodes from complaints and shutdown from overzealous copyright trolls. We do offer port forwarding plans with our Perfect Dark Plans. We do not block any ports.
8. We accept PayPal and cryptocurrency. As always, anyone can open an account anonymously with a wide variety of cryptocurrencies including Bitcoin (BTC), LiteCoin (LTC), Monero (XMR), and many more CryptoCurrencies and AltCoins via CoinPayments.net.
All that is required is a working email for signup. Signups via Tor or proxies are highly encouraged along with placeholder information if paying in cryptocurrency. We also use a completely different authentication infrastructure and random usernames for the VPN accounts.
9. We recommend OpenVPN and our VPN has Perfect Forward Secrecy setup with ECDHE-RSA-AES256-GCM-SHA384 for all our VPN servers. This is based on Softether and Ubuntu which allows people to use any protocols their devices supports.
10. Our VPN profiles are compatible with Qomui (Qt OpenVPN Management UI) and others which have this built into the opensource VPN client. We push custom adblocking DNS to clients. We also have ‘push “block-outside-dns”’ in our OpenVPN server config files which will prevent the client from leaking DNS requests. Additionally, we include “resolve-retry infinite” and “persist-tun” in the OpenVPN client config files which will prevent the client from sending data in the clear if the VPN connection goes down.
11. All of our infrastructure is hosted in 3rd party colocations. However,
we use full-disk-encryption on all of our servers.
12. We offer VPN server locations in AU, US, FR, DE, NL, UK, HK, JP. We do offer virtual locations upon request.
WhatTheServer website
1. We do not keep ANY logs that can identify a user of our service with an IP address and/or a timestamp.
2. The company’s registered name is Amplusnet SRL. We are a Romanian company, which means we are under EU jurisdiction. In Romania, there are no mandatory data retention requirements.
3. We limit the number of concurrent connections and we are using Radius for this purpose.
4. The back end of the website is a dedicated WHMCS for billing and support tickets. We do not use external e-mail providers (we host our own mail server). Our users can contact us via live chat (Zopim). The chat activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ account.
5. So far we did not receive any DMCA notice for any P2P server from our server list. That is normal considering that the servers are located in DMCA free zones. For the rest of the servers, P2P and file sharing activities are not allowed/supported.
6. So far, we have not received a court order. We do not support criminal activities, and in case of a valid court order, we must follow the EU laws under which we operate.
7. We have dedicated P2P servers that allow BitTorrent and other file-sharing traffic. The servers are located in the Netherlands, Luxembourg, Canada, Sweden, Russia, Hong Kong, and Lithuania. We do not provide port forwarding. We are blocking the SMTP ports 25 and 465 to avoid spam from our servers.
8. Payments are performed exclusively by third-party processors, thus no credit card info, PayPal ids or other identifying info are stored in our database. For those who would like to keep a low profile, we accept BitCoin, LiteCoin, Ethereum, WebMoney, Perfect Money etc.
9. We support SSTP and SoftEther on most of the servers. We also offer double VPN and TOR over VPN.
10. Yes, a Kill Switch and DNS leak protection are implemented in our VPN Clients. Our users can decide to block all the traffic when the VPN connection drops or to kill a list of applications. We allow customers to disable IPv6 Traffic and to make sure that only our DNS servers are used while connected to the VPN.
Also, we support SOCKS5 on our P2P servers which can be used for downloading torrents and does not leak any data if the connection to SOCKS5 proxy drops.
11. We do not have physical control over our VPN servers. We have full remote control to all servers. Admin access to servers is not provided for any third party.
12. The full list of server locations is available here.
ibVPN website
1. No, all details are explained in our no-logging data policy.
2. Amagicom AB, Swedish.
3. We mitigate abuse by blocking the use of ports 25, 137–139, and 445 due to email spam and Windows security issues.
When a customer connects to a VPN server, the server asks the central service to validate the account number, whether or not the account has any remaining time, if the account has reached its allowed number of connections, and so on. Everything is performed in temporary memory only; none of this information is permanently stored to disk.
Our VPN servers send three types of data to our monitoring system: total number of current connections, CPU load per core, and total bandwidth used per server. We log the total sum of each of these statistics in order to monitor the health of each individual VPN server. We ensure that the system isn’t overloaded, and we monitor the servers for potential attacks, bugs, and network issues.
4. We have no external elements on our website. We do use an external email provider. We encourage those who want to email us to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us.
5. There is no such Swedish law that is applicable to us.
6. From time to time, we are contacted by governments asking us to divulge information about our customers. Given that we don’t store activity logs of any kind, we have no information to give out.
Worst-case scenario: we would discontinue the servers in the affected countries. The only information AT ALL POSSIBLE for us to give out is records of payments since these are stored at PayPal, banks etc. This, however, does not prove anything more than you made a payment to us.
7. All traffic is treated equally, therefore we do not block or throttle BitTorrent or other file-sharing protocols. Port forwarding is allowed. Ports 25, 137–139, and 445 are blocked due to email spam and Windows security issues.
8. We accept cash, Bitcoin, Bitcoin Cash, bank wire, credit card, PayPal, and Swish. We encourage anonymous payments via cash or one of the cryptocurrencies. We run our own full node in each of the blockchains and do not use third parties for any step in the payment process, from the generation of QR codes to adding time to accounts.
9. We offer OpenVPN with RSA-4096 and AES-256-GCM. And we also offer WireGuard which uses Curve25519 and ChaCha20-Poly1305. We also offer an experimental post-quantum secure VPN tunnel using WireGuard and NewHope.
10. We offer a kill switch and DNS leak protection, both of which are supported in IPv6 as IPv4. While the kill switch is only available via our client/app, we also provide a SOCKS5 proxy that works as a kill switch and is only accessible through our VPN.
11. At 8 locations – 3 in Sweden, 1 in Amsterdam, 1 in Norway, 1 in the UK, 1 in Finland, 1 in Germany– we own and have physical control over all of our servers. In our other locations, we rent physical, dedicated servers (which are not shared with other companies) and bandwidth from carefully selected providers.
We use our own DNS servers. All DNS traffic that’s routed via our tunnel is hijacked. Even if you set accidentally select another DNS, our DNS will be used. Except if you have set up DNS over HTTPS or DNS over TLS.
12. We don’t have virtual locations. All locations are listed here.
Mullvad website
1. We do not log period. No meta-data logging, no traffic logging, no bandwidth usage tracking. We do not store any personal or billing information on VPN servers. IPs are shared amongst users and our configuration makes it extremely difficult to single out any user.
2. We are registered in the USA and operate as AceVPN.com
3. We have developed in-house tools to mitigate abuse.
4. We use Google Analytics on www.acevpn.com (marketing web site). We do not track proxied pages. We use G Suite for email. Emails are deleted regularly.
5. If we receive a DMCA takedown, we block the port mentioned in the complaint. IPs are shared by other users and our configuration makes it extremely difficult to single out any user. We do not share any information with third parties.
6. To date, we have not received a court order. We only store billing information which the payment processor or bank or credit card issuer has.
7. We have special servers for P2P and are in datacenters that allow such traffic. These servers also have additional security to protect privacy when P2P programs are running. We do not offer port forwarding.
8. We accept PayPal, Bitcoin and credit cards for payments. We store billing information on a secure server separate from VPN servers and do not track usage nor IP assignments.
9. Our IKEv2 and OpenVPN offer Elliptic curve cryptography (ECC) which
we recommend for secure connectivity. To give an idea, 384 bits ECDSA is equivalent to RSA 7680 bits. Higher the bits, the more secure it gets. We just completed a network upgrade and dropped all insecure algorithms.
10. Yes, we do provide kill switches if a connection drops. Our servers are tested for DNS leaks. We are an IPv4 only service.
11. We have full control over our servers. Servers are housed in reputed
datacenters. Many of them are ISO certified and are designed to the highest specifications for performance, reliability and security. We operate our own DNS servers (Smart DNS) for streaming videos.
For VPN, we use Cloudflare, Google, OpenDNS and Level3 DNS.
12. All our locations are physical, meaning servers are physically located in these locations. We have servers in 26+ countries and over 50+ locations / datacenters. USA, Brazil, Canada, Mexico, Denmark, Egypt, France, Germany, Ireland, Italy, Japan, Latvia, Luxembourg, Netherlands, Norway, Romania, Russia, Spain, Sweden, Switzerland, Turkey, UK, Hong Kong, Singapore, Australia, and South Africa.
AceVPN website
1. Perfect Privacy does not log or store any traffic, IP addresses or any other kind of data that would allow identification of our users or their activities.
2. Perfect Privacy is operated by Vectura Datamanagement, registered in Zug, Switzerland.
3. We don’t keep track of the number of VPN connections per user and are unable to limit it. In case of malicious activity towards specific targets, we block IP addresses or ranges, so they are not accessible from our VPN servers.
Additionally, we have limits on new outgoing connections for protocols like SSH, IMAP, and SMTP to prevent automated spam and brute force attacks. We do not use any other tools.
4. We develop and host all email and support tools in-house where it is under our control. We use Google Analytics for website optimization and better market reach, but with the anonymizeIp parameter set. However, Perfect Privacy users are exempted from any tracking by Google Analytics
and are also able to use our TrackStop filter which will block any tracking (as well as ads and known malware domains) directly on our servers.
5. Because we do not host any data, DMCA notices do not directly affect us. However, we do receive copyright violation notices for file-sharing in which case we truthfully reply that we have no data that would allow us to identify the responsible party.
6. If we receive a Swiss court order, we are forced to provide the data that we have. Since we don’t log any IP addresses, timestamps or other connection-related data, the only step on our side is to inform the inquiring party that we do not have any data that would allow the identification of a user based on that data.
Should we ever receive a legally valid court order that requires us to log activity for a user going forward, we’d rather shut down the servers in the country concerned than compromising our user’s privacy.
There have been incidents in the past where Perfect Privacy servers have been seized, but no user information was compromised that way. Since no logs are stored in the first place and additionally all our services are running within RAM disks, a server seizure will never compromise our customers. Although we are not subject to US-based laws, there’s a warrant canary page available.
7. Perfect Privacy users are allowed to use BitTorrent and other file-sharing tools. P2P traffic is treated equally to other traffic. However, at specific locations that are known to treat copyright violations rather harshly (very quick termination of servers), we block the most popular torrent trackers to reduce the impact of this problem. Currently, this is the case for servers located in the United States and France. Perfect Privacy users can use port forwarding.
8. We offer a variety of payment options ranging from anonymous methods
such as sending cash, or Bitcoin. We also offer PayPal and credit cards for users who prefer these options. Because we do not monitor or log IP assignments or account usage, there is no link to the payments.
9. Generally, we recommend using OpenVPN with 256-bit AES-GCM encryption on desktop computers. On mobile platforms, we recommend IPSec/IKEv2 with 256-bit AES-GCM encryption, a SHA2-512 integrity algorithm and Perfect Forward Secrecy (PFS) enabled using a CURVE25519 or ECP512 elliptic curve algorithm.
10. Our VPN apps for Windows and macOS both have a so-called kill switch
built in, which is advanced firewall protection against IP and DNS leaks. On Android and iOS, you can use the system-integrated On-Demand or Always-on features which are also often called a kill switch.
Perfect Privacy fully supports Dual Stack IPv4/IPv6 functionality. On the vast majority of the servers, users get both a public IPv4 and a public IPv6
address. Of course, the kill switches support IPv6, so there’s no need to disable IPv6.
11. All our VPN servers are dedicated bare-metal servers that run in various data centers around the world. While we have no physical access to the servers, they all are running within RAM disks only and are fully encrypted. Additional security can be established by using a cascaded multi-hop connection over up to four hops.
With NeuroRouting enabled, user’s traffic is brought as close as possible to the destination within the fully encrypted VPN network. That way, the traffic is only exposed to the internet where it is unavoidable. We operate our own DNS servers.
12. Currently, we offer servers in 24 countries worldwide. All servers are located in the city displayed in the hostname – there are no virtual or fake locations. For full details about all servers locations, please check our server status site as we are constantly adding new servers.
Perfect Privacy website
1. We don’t store logs with our users’ Internet activity, nor we are able to match a user to an IP address. In order to detect and prevent payment fraud, we do compare buyers’ IP addresses to their billing addresses.
2. VPNLand Inc, Toronto, ON, Canada.
3. We don’t impose limits on concurrent sessions. In terms of abuse prevention – each case is investigated individually and most of the time blocking the port in question for 1 day is sufficient.
4. We utilize Zendesk for online chat support. Other tools are in-house and data is stored in-house as well.
5. DMCA emails received on our non-US servers are usually ignored.
6. We won’t be able to identify such user due to the lack of matching IP-port-username logs. Regarding future requests: each case will be reviewed individually, and there is no universal scenario available.
7. P2P is allowed on ALL non-US servers. Yes, we do provide incoming port forwarding services for an additional fee.
8. Credit Cards, PayPal, CryptoCurrency. Yes, we have multiple physically separated databases with different functionalities.
9. We recommend our users to use OpenVPN + TLS-Crypt. In countries where OpenVPN is blocked, we utilize dual encryption via Stunnel.
10. In our new set of apps, we offer “kill switches”. Dual IPv4/IPv6 support work in progress.
11. We rent servers from multiple third parties. These servers don’t have anything stored on them except VPN config scripts, and all servers are used by numerous clients at a time. We use a combination of our own DNS servers and Google public DNS servers
12. US, Canada, UK, All European countries, Singapore, Korea, Japan. No, we don’t play these fraud games with RIPE or ARIN databases. All our servers are physically in the locations we claim
VPN Land website
1. We do not keep any logs on our VPN servers that would allow us to do this.
2. BV Internet Services Limited, Seychelles.
3. Generally, we just look at network graphs a number of connections and see if there is any abnormal activity. We also block certain sensitive ports that are often used for hacking/spamming.
4. We use Zendesk to deal with support queries and do track referrals from affiliates. We, however, provide the option to send us PGP encrypted messages via e-mail and also Zendesk. We do not use Cloudflare.
5. We generally find providers that are friendly towards such DMCA notices. Where it cannot be avoided, we just keep them as Surfing/Streaming servers with P2P disabled. These servers are more for geo-location or general purpose surfing rather than p2p. A no time we give out customer information.
6. Several years ago, we received a German police request for certain information in relation to a blackmail incident. Despite it appearing legitimate, we could not assist as we did not have any user logs. We maintain a warrant canary which we do update once a month or when there is a request for information (even if we have not complied with it).
7. We marked a few servers as Surfing-Streaming, as they are on providers with strict DMCA requirements. All other servers support P2P and are not treated differently from any other traffic.
8. Paypal, Paymentwall, Coinpayments, Paydollar, MolPay, Bitcoin, ZCoin, ZCash, Dash, and direct bank transfers.
9. We recommend OpenVPN, with our Cloak servers running AES-256 bit encryption as well as an XOR patch that obfuscates your traffic. This obfuscation prevents it from being recognized as VPN traffic.
10. Yes, we do. Our leak prevention also includes IPv6. We do support dual stack functionality.
11. They are bare metal boxes hosted in various providers. We do use our own DNS servers.
12. Canada, France, Germany, Italy, Japan, Luxembourg, Malaysia, Netherlands, Singapore, Sweden, Switzerland, United Kingdom, and the USA.
BolehVPN website
1. SlickVPN doesn’t log traffic or session data of any kind. We don’t store connection time stamps, used bandwidth, traffic logs, or IP addresses.
2. Slick Networks, Inc. is our recognized corporate name. We operate a complex business structure with multiple layers of offshore holding companies, subsidiary holding companies, and finally some operating companies to help protect our interests. The main marketing entity for our business is based in the United States of America but the top level of our operating entity is based out of Nevis.
3. We block port 25 to reduce the likelihood of spam originating from our systems. The SlickVPN authentication backend is completely custom and limits concurrent connections.
4. We utilize third party email systems to contact clients who opt in for our newsletters and Google Analytics for basic website traffic monitoring and troubleshooting. We believe these platforms to be secure. Because we do not log your traffic/browsing data, no information about how users may or may not use the SlickVPN service is ever visible to these platforms.
5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session. Otherwise, we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we rarely receive a valid DMCA complaint while a user is still in an active session.
6. This has never happened in the history of our company. Our customer’s privacy is of topmost importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. SlickVPN uses a warrant canary to inform users if we have received any such requests from a government agency.
7. Yes. All traffic is allowed. SlickVPN does not impose restrictions based on the type of traffic our users send. Outgoing mail is blocked but we offer a method to split tunnel the mail out if necessary. We can forward ports upon request. Some incoming ports may be blocked with our NAT firewall but these can be opened on request
8. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America (Marketing) and the other platform is operated out of Nevis (Operations).
Payment details are held by our marketing company which has no access to the Operations data. We offer the ability for the customer to permanently delete their payment information from our servers at any point and all customer data is automatically removed from our records shortly after the customer ceases being a paying member.
9. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and we use the AES-256-CBC algorithm for encryption.
10. Our leak protection (commonly called a ‘kill-switch’) keeps your IPv4 and IPv6 traffic from leaking to any other network and protects against DNS leaks. Your network will be disabled if you lose the connection to our servers and the only way to restore the network is manual intervention by the user. We don’t offer IPv6 connections at this time
11. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties unless there is enough demand in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries.
In all cases, our network nodes load over our encrypted network stack and run from RAMDisk . Anyone taking control of the server would have no usable data on the disk. We periodically remount our RAMDisks to remove any lingering data. Each of our access servers acts as the DNS server for customers connected to that node.
12. At SlickVPN we actually go through the expense of putting a physical server in each country that we list. SlickVPN offers VPN service in 40 countries around the world. We do not do offer virtual locations.
SlickVPN website
1. We do not keep any logs on our network servers that can match an IP address and time stamp with a user.
2. Our service is incorporated under a company in Seychelles for our users’ security and anonymity. The company name is “Global Stealth, Inc.”.
3. There are no such limits on our network.
4. Yes, we are using Google Analytics for our website traffic analysis. We also use Zendesk for chat platform.
5. We don’t receive DMCA notices as we have Special server network in DMCA free zones.
6. It will be basically ignored.
7. BitTorrent and P2P are allowed on our special networks designed for this purpose. These networks have all ports open.
8. We support credit card and PayPal. Payments can be linked to accounts.
9. We support AES256 SSL encryption supported protocols over multiple ports.
10. Yes, we do support Kill Switch for our users.
11. All our servers are hosted on globally known data centers with high security. We have our global DNS and SmartDNS network.
12. We have servers in more than 80 countries globally.
HeadVPN website
1. We do not keep any logs of data transmitted through our service and we have no way of knowing what our users are doing while connected to our servers. However, we will note that all payment processors store IP data for the purpose of fraud mitigation. Our payment processor is no different.
2. We operate under AppAtomic, physically headquartered with personnel in Cyprus. We also have offices in Montreal where sales, development, and support take place.
3. We have proprietary systems being used to mitigate abuse, but don’t enforce limitations on concurrent connections at the current time.
4. We use Google’s Firebase and Analytics for basic statistical reporting, however, those services do not have access to data transferred by our users. ZenDesk is currently employed to provide support, however, we plan on migrating everything in-house in the near future.
5. Since we keep no logs, there is virtually nothing we can do to respond to DMCA or equivalent inquiries.
6. Since we do not log activity, we have no way of identifying users. In the event that we are somehow forced to log activity for a user going forward, it would be reflected in the Warrant Canary within our Privacy Policy.
7. We do not restrict torrents, file sharing or P2P.
8. We use ProBiller as a payment provider on our web site, as well as Apple and Google within our iOS and Android apps respectively. Since we have no logs, there is never anything that can be linked to usage of our service nor IP assignment.
9. It depends on the platform. Open VPN and IKEv2 are both considered to be the best in the industry.
10. We have a kill-switch feature within our Desktop apps, as well as our Android app. For iOS, incorporating a kill-switch is not possible due to operating system restrictions, but we do have an Auto-Reconnect upon Disconnect feature there.
11. We’ve contracted StackPath for the purpose of network infrastructure. Our agreement forbids the snooping of any traffic, and we use DNS servers they host.
12. Here’s a full list.
VPNhub website
1. No. The service is designed to minimize the amount of information known about users.
2. SigaVPN, a sole proprietorship in the United States of America
3. I can’t monitor abuse because I don’t snoop on internet traffic passing through SigaVPN servers. Concurrent connections aren’t limited, because once again, there is truly no monitoring of users at all.
4. I use Tutanota for email. I had analytics briefly, but it has since been removed.
5. All DMCA requests must be sent by snail-mail to SigaVPN. They must be valid. The response is always the same: I can’t help you because I don’t have the information you are inquiring about.
6. I can’t identify a user of the service, former or active. I would close SigaVPN before I log activity for a user. These scenarios have not happened.
7. No ports are blocked. BitTorrent is allowed on every server. Port forwarding is not offered.
8. PayPal or cryptocurrencies. Absolutely.
9. AES-128-CBC
10. IPv6 leak protection is provided. There is no kill switch provided, however, users can configure qBittorrent to bind to the OpenVPN interface.
11. I use dedicated servers as the rest of the industry does. DNS requests are proxied through a recursive DNS server to Cloudflare. This way Cloudflare doesn’t even see the VPN IP. The DNS proxy server collects no logs.
12. France, Luxembourg, USA, Netherlands, Switzerland, Singapore, Romania. A new location will be added soon. Virtual locations are not offered.
SigaVPN website
1. We have a strict No Logs policy, so none of our traffic or DNS servers log or store any user info.
2. We’re incorporated as CyberGhost S.A. and we operate under Romanian jurisdiction.
3. Our dedicated team monitors the whole service and infrastructure for any abuse of service. We have several tools in place, from Cloudflare, to firewalls and our own server monitoring system. Concurrent connections limits are monitored & also enforced via our systems in order to avoid such types of abuses.
4. We use Conectoo, ActiveCampaign and Zendesk.
5. When we receive DMCA takedown notices, we send the other party a standard email informing them we keep no logs and cannot comply with the request.
6. Since we store no logs, such requests have no effect on us. Under Romanian law, data retention is not mandatory.
7. We have specific high-performance servers optimized for torrenting. In certain countries, local legislation prevents us from offering an adequate service for torrenting. Other locations have performance constraints.
No port forwarding is allowed, as this can be a security risk. Some ports are blocked to prevent malicious uses of our servers (25, 80).
8. Our current payment providers are Cleverbridge, Stripe, and BitPay. Payment details are held in a dedicated database and cannot be linked to anything else.
9. On iOS, macOS and Windows, our default protocol, IKEv2 with AES-256 encryption offers a good balance of performance and security. OpenVPN with AES-256 is also a solid alternative on Windows, Android, Linux, routers or other devices.
10. Yes, we have a kill switch in place, but we do not support dual stack.
11. Except for our NoSpy servers, we rent our VPN servers. All inbound connections from users to our servers are encrypted VPN tunnels, and we use our own DNS servers. We also install our custom OS on the servers to fully run a secure environment (no involvement from 3rd parties).
12. We have over 3,600 servers physically located in 60+ countries. The full list is here.
CyberGhost website
VPN provider(s) With Some Logs
1. We keep connection logs for one day to help us in troubleshooting customers’ connection problems but also to identify attacks (e.g. bruteforce, account theft). This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred. This info isn’t stored on any servers but transfered securely in real time to an undisclosed location.
2. Netsec Interactive Solutions SRL, registered in Romania.
3. There are automated firewall rules that can kick-in in the event of some specific abusive activities. Manual intervention can take place when absolutely necessary, in order to maintain the infrastructure stable and reliable for everyone. Concurrent connections are limited by the authentication back-ends.
4. No, we don’t.
5. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users.
6. It has never happened. In such an event, we would rely on legal advice.
7. It is allowed on all servers. Port forwarding is not supported due to security and privacy weaknesses that come with it, ports aren’t blocked except for SMTP/25.
8. All popular cryptocurrencies, PayPal, credit cards, several country-specific payment methods, gift cards. Crypto payments can be anonymous.
9. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE, curve secp256k1) is used by default in most cases. We also support RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use AES-256-GCM and AES-128-GCM. We are also supporting the WireGuard VPN protocol (in beta).
10. Yes, such features are embedded in our client software.
11. We have physical control over our servers in Romania. In other countries, we rent or collocate our hardware. We use our own DNS resolvers and all DNS traffic between VPN gateways and DNS resolvers is encrypted.
12. We don’t use “virtual locations”. All servers are physically located in several countries such as: Australia, Brazil, Canada, Belgium, Switzerland, Germany, Spain, Finland, France, Hong Kong, Italy, Japan, Lithuania, Luxembourg, Mexico, Netherlands, Norway, Poland, Portugal, Romania, Sweden, Singapore, Taiwan, UK, USA.
VPN.ac website
—–
Note: several of the providers listed in this article are TorrentFreak sponsors. We reserve the first three spots for our sponsors, as a courtesy. A few of the links to VPN providers contain affiliate links which help us pay the bills. We never sell positions in our review article or charge providers for a listing.
VPN providers who want to be in future question rounds are free to get in touch.
Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.
You must be logged in to post a comment.