My VPN Testing Site is Finally Up

Discussion in 'privacy technology' started by mirimir, Jun 16, 2016.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, there's an important distinction about "pings can be allowed should the lock be on and the VPN not connected". I mean, if I manually disconnect the VPN, I'd expect that pings would be allowed. But if the VPN client is reconnecting after a network interruption, I'd expect that pings would be blocked. Because that could happen while you're torrenting or whatever, so whatever apps are running could be pinging stuff.
    Yes, for sure. Always use a firewall. But then, people who use VPN clients from providers tend toward cluelessness about configuring firewalls. And that was the point of the leak testing project. To see how well VPN clients protect clueless users.
    I will let all y'all know :)

    It'll be a few days before I get to this. I'm currently obsessing with ping localization of VPN servers. It turns out that it's not as straightforward as I had expected. Maybe some of the ping probes aren't where they claim to be. Or maybe lots of stuff isn't really where it claims to be. Or rather, maybe ping times reflect complexities of network routing more than simple physical distances.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  3. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    36
    Location:
    My Desk
    @mirimir How are you doing bro? I hope everything is good for you. It's been a year since I have read your extensive leak test for a number of VPN Services. It was very helpful and made me follow up the 6 one which are passed the test. Finally, I made a decision between IVPN and Perfect Privacy. I have read many good feature about them but according to Restore Privacy blog then Perfect Privacy is the Best VPNs for 2017 in terms of Privacy, Security and Speed:
    Updated: August 17, 2017 By Sven Taylor
    https://restoreprivacy.com/best-vpns/

    What do you think about Perfect Privacy?
    Do you think that IVPN is still offering more secure VPN than Perfect Privacy?

    He didn't put IVPN in his list and I will ask him to make a review about it and compare it to Perfect Privacy.

    Thanks,
     
    Last edited: Sep 4, 2017
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Perfect Privacy is pretty good. When I tested last year, their Windows client didn't leak. But their OS X client leaked IPv4 and IPv6 during reconnection after uplink interruption. With your own firewall rules, I'm sure that it'd be fine.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Oops, I misspoke about Perfect Privacy's "OS X client". They didn't have one then, so I used Viscosity. So I should have said that Perfect Privacy with Viscosity leaked in OS X.
     
  6. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Hi

    You didn't test VPN.ac?

    I recall reading something negative about perfect privacy.

    So ivpn or proton VPN when it's out of beta?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's important to keep in mind that I was testing from the perspective of n00bs, who don't necessarily get the distinction between VPN services and VPN clients. Or why firewall rules are important. And so on.

    So basically, the test was "Buy and install this app. Use it, and see if I can make it leak". Emulating, say, someone torrenting or streaming.

    Anyway, Perfect Privacy's Windows client didn't leak. Viscosity leaked in OS X. But then, Viscosity with just about all VPNs would leak in OS X, uless you configure firewall (pf) rules to prevent that.

    I tested what I tested. And at this point, I doubt that I'll be testing any more. Maybe if someone paid me enough, I guess ;) But anyway, when I get around to it, I'll be redesigning the site to focus on testing methods. With more detail, and instructions. And I'll restyle the results as examples.

    My favorites remain AirVPN, BolehVPN, IVPN, Mullvad and PIA. There are many other great VPNs, I'm sure. Perfect Privacy has some cool multi-hop features. As does IVPN. IPVanish seems cool too. And ProtonVPN certainly has a great pedigree. But at this point, those five have been great for several years, and that in itself distinguishes them.
     
  8. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Cool doesn't cut it though does it.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    OK, "cool" doesn't mean much. Re Perfect Privacy and IVPN multihop, I mean that multi hop provides more "anonymity" than single hop. But multi hop through nested chains using different VPNs provides even more.

    I've never used IPVanish. However, I've been playing with geolocating VPN servers through ping testing. Beating the https://restoreprivacy.com/vpn-server-locations/ idea into the ground :) They have 828 servers, ans at least 98% of them seem to be where claimed. That's impressive!

    Conversely, by the way, claimed locations for 58% of VyprVPN's 73 servers are physically implausible. In that there are "distant" ping probes with rtt less than half of what you'd expect, based on the speed of light.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Thanks again for all the hard work you put into this stuff. It benefits us all. The results are pretty much what I expected, though I've never tried out FrootVPN or SlickVPN.

    Though it seems like whatever test/criteria you throw at iVPN or Mullvad they pass with flying colors. Definitely the best 2 IMO.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks :)
    True. AirVPN, BolehVPN and PIA are also good. As I've noted before, some of us have been recommending those five for several years, now. They're some of the oldest VPN services. Cryptohippie is older, but costs too much and has a throughput cap. Anonymizer is even older, perhaps the first, but it's linked to the CIA.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's not that hard to run your own leak tests. The methods that I used for that website are pretty close to what I describe in this guide: https://www.ivpn.net/privacy-guides/how-to-perform-a-vpn-leak-test

    Recently, I've been geolocating VPN servers by pinging from multiple probes (asm.ca.com, maplatency.com, ping.pe, etc). IPVanish has lots of servers, and almost all of them seem to be located where it says they are. In contrast to, notibly, HMA and VyprVPN. I'll eventually publish that as a series of blog posts on IVPN.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Your test site identifies PIA as a service that leaks (in Windows), but you are saying here that PIA is good and is recommended? Could you explain that for me, please?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's very likely that my tests basically identified leaks in VPN clients. So yes, I did find leaks with PIA's Windows client. And with AirVPN's OS X client. Just about any VPN would leak, using stock OpenVPN and no firewall rules or restrictions on routing. And in most OS, routing restrictions alone are very iffy protection. So anyway, in my tests, I emulated naive users. I installed whatever client was provided or recommended. I turned on obvious security features. Then I just used the bloody thing.

    But conversely, any VPN can be leak-free with tight firewall rules, in any OS. And most of the Wilders audience arguably knows about firewall rules :) When I talk about those five being old and well-trusted, that's mostly about usability and commitment to privacy. In particular, within the last year or so, PIA told a US court that they didn't retain logs, and that was the end of it. But PIA is by no means perfect. Their servers are sometimes overloaded. And they are among the most aggressive in paying for good reviews.
     
  15. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    1. Is it less likely to leak if they are just browsing the internet and not torrenting or streaming?
    2. Would the test results still apply if you were not using the VPN company's downloadable client but rather using OpenVPN client under your test conditions?
    3. Lastly, can iTunes desktop app leak under a VPN?
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    1) The issue about torrenting and streaming is that the app is constantly connecting to stuff, be it swarm peers or servers. And that it reacts to interruptions by connecting more aggressively to more things. So if the Internet uplink gets broken or stalled temporarily, the VPN client may disconnect and then reconnect. And while that's happening, unless there are firewall rules to prevent it, the torrenting/streaming app may establish direct connections, bypassing the VPN. And reveal your ISP-assigned IP address.

    2) Using the stock OpenVPN client in my tests, there will be leaks with just about any VPN service. Even IVPN ;) To prevent that, you need firewall rules. Or a custom VPN client that handles that.

    3) I know nothing about the iTunes app. But I'm guessing that it would. I mean, wget and ping leak, so why not some app. Or at least, if it relies on established connections, and attempts to reconnect if disconnected.
     
  17. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    255
    Location:
    Albany, CA
    Did you ever test freevpn.me? Now that Vpnium bit the dust, it looks to be the only free VPN left that is worthwhile.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Nope :(

    I think that SecurityKISS is a good free VPN. From the privacy perspective, anyway. Last I checked, they had a 300 MB/day cap :(
     
  19. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    255
    Location:
    Albany, CA
    Too bad you did not test freevpn.me, but I'll likely jump on that bandwagon and give it a test drive anyway. As a free VPN, SecurityKISS does not impress me. I think too much effort for too little reward. Their 'olivine' plan at $28.30 is way cheaper than any other pay-for-play VPN I have seen, so that is definitely one I doubt I can resist.
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    I am curious to see an updated review or NordVPN, which I think is warranted now. The old review stated that ipv6 was not supported or blocked, in fact that was a major knock against them. That is no longer the case. Mirimir, I wonder, what's your impression of them now?

    My mullvad subscription is almost up and I need to determine if I should continue it or switch.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Sorry mate :( I'm just not into it. But you can do the same testing that I did. There are instructions on the site. Also in a guide on IVPN. The only difficult part would be setting up IPv6 connectivity through a private VPN. But if you already have IPv6 connectivity, you don't need that. And if you don't have IPv6 connectivity, you don't need to test for IPv6 leaks.
     
  22. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    No worries, Mirimir. Anyways, I had to exclude Nord because it does not allow for forwarded ports, so the issue is moot. Thanks anyway.
     
  23. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Interested in what VPN you went with instead of Nord. I stopped using Nord as it ignored my (Windows) firewall block rules. Perfect privacy is good but quite expensive.
     
  24. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Mullvad. It was either that or AirVPN. Both are constantly rated as excellent in many reviews, but I really don't like the Eddie (the AirVPN client).
     
  25. 142395

    142395 Guest

    It's coincidence (or not, maybe), these 2 are what I finally arrived and bought. They're not just keeping good reps, but their technical expertise is superior, they contribute either OpenVPN or OpenSSL audit, do not put MUCH effort to advertising & affiliate, and adopt only secure protocols (Mullvad stopped PPTP support in the beginning of 2017).
    PerfectPrivacy seems not bad and it's rated as top provider in RestorePrivacy, but I don't think highly of their TrackStop & Neurorouting (or 4 hops itself) much. Triple tunneling w/ different providers should be much safer than 4 hops within the same which only gives limited value. Also ad-blocking on server side is limited unless one use MITM.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.