Well, there's an important distinction about "pings can be allowed should the lock be on and the VPN not connected". I mean, if I manually disconnect the VPN, I'd expect that pings would be allowed. But if the VPN client is reconnecting after a network interruption, I'd expect that pings would be blocked. Because that could happen while you're torrenting or whatever, so whatever apps are running could be pinging stuff. Yes, for sure. Always use a firewall. But then, people who use VPN clients from providers tend toward cluelessness about configuring firewalls. And that was the point of the leak testing project. To see how well VPN clients protect clueless users. I will let all y'all know It'll be a few days before I get to this. I'm currently obsessing with ping localization of VPN servers. It turns out that it's not as straightforward as I had expected. Maybe some of the ping probes aren't where they claim to be. Or maybe lots of stuff isn't really where it claims to be. Or rather, maybe ping times reflect complexities of network routing more than simple physical distances.
OK, so I've posted to the thread about https://vpntesting.info/ on AirVPN's forum: https://airvpn.org/topic/23492-vpntestinginfo-report-of-29-vpns-leak-tests/ It needs moderator approval, however, because it's my first post.
@mirimir How are you doing bro? I hope everything is good for you. It's been a year since I have read your extensive leak test for a number of VPN Services. It was very helpful and made me follow up the 6 one which are passed the test. Finally, I made a decision between IVPN and Perfect Privacy. I have read many good feature about them but according to Restore Privacy blog then Perfect Privacy is the Best VPNs for 2017 in terms of Privacy, Security and Speed: Updated: August 17, 2017 By Sven Taylor https://restoreprivacy.com/best-vpns/ What do you think about Perfect Privacy? Do you think that IVPN is still offering more secure VPN than Perfect Privacy? He didn't put IVPN in his list and I will ask him to make a review about it and compare it to Perfect Privacy. Thanks,
Perfect Privacy is pretty good. When I tested last year, their Windows client didn't leak. But their OS X client leaked IPv4 and IPv6 during reconnection after uplink interruption. With your own firewall rules, I'm sure that it'd be fine.
Oops, I misspoke about Perfect Privacy's "OS X client". They didn't have one then, so I used Viscosity. So I should have said that Perfect Privacy with Viscosity leaked in OS X.
Hi You didn't test VPN.ac? I recall reading something negative about perfect privacy. So ivpn or proton VPN when it's out of beta?
It's important to keep in mind that I was testing from the perspective of n00bs, who don't necessarily get the distinction between VPN services and VPN clients. Or why firewall rules are important. And so on. So basically, the test was "Buy and install this app. Use it, and see if I can make it leak". Emulating, say, someone torrenting or streaming. Anyway, Perfect Privacy's Windows client didn't leak. Viscosity leaked in OS X. But then, Viscosity with just about all VPNs would leak in OS X, uless you configure firewall (pf) rules to prevent that. I tested what I tested. And at this point, I doubt that I'll be testing any more. Maybe if someone paid me enough, I guess But anyway, when I get around to it, I'll be redesigning the site to focus on testing methods. With more detail, and instructions. And I'll restyle the results as examples. My favorites remain AirVPN, BolehVPN, IVPN, Mullvad and PIA. There are many other great VPNs, I'm sure. Perfect Privacy has some cool multi-hop features. As does IVPN. IPVanish seems cool too. And ProtonVPN certainly has a great pedigree. But at this point, those five have been great for several years, and that in itself distinguishes them.
OK, "cool" doesn't mean much. Re Perfect Privacy and IVPN multihop, I mean that multi hop provides more "anonymity" than single hop. But multi hop through nested chains using different VPNs provides even more. I've never used IPVanish. However, I've been playing with geolocating VPN servers through ping testing. Beating the https://restoreprivacy.com/vpn-server-locations/ idea into the ground They have 828 servers, ans at least 98% of them seem to be where claimed. That's impressive! Conversely, by the way, claimed locations for 58% of VyprVPN's 73 servers are physically implausible. In that there are "distant" ping probes with rtt less than half of what you'd expect, based on the speed of light.
Thanks again for all the hard work you put into this stuff. It benefits us all. The results are pretty much what I expected, though I've never tried out FrootVPN or SlickVPN. Though it seems like whatever test/criteria you throw at iVPN or Mullvad they pass with flying colors. Definitely the best 2 IMO.
Thanks True. AirVPN, BolehVPN and PIA are also good. As I've noted before, some of us have been recommending those five for several years, now. They're some of the oldest VPN services. Cryptohippie is older, but costs too much and has a throughput cap. Anonymizer is even older, perhaps the first, but it's linked to the CIA.
It's not that hard to run your own leak tests. The methods that I used for that website are pretty close to what I describe in this guide: https://www.ivpn.net/privacy-guides/how-to-perform-a-vpn-leak-test Recently, I've been geolocating VPN servers by pinging from multiple probes (asm.ca.com, maplatency.com, ping.pe, etc). IPVanish has lots of servers, and almost all of them seem to be located where it says they are. In contrast to, notibly, HMA and VyprVPN. I'll eventually publish that as a series of blog posts on IVPN.
Your test site identifies PIA as a service that leaks (in Windows), but you are saying here that PIA is good and is recommended? Could you explain that for me, please?
It's very likely that my tests basically identified leaks in VPN clients. So yes, I did find leaks with PIA's Windows client. And with AirVPN's OS X client. Just about any VPN would leak, using stock OpenVPN and no firewall rules or restrictions on routing. And in most OS, routing restrictions alone are very iffy protection. So anyway, in my tests, I emulated naive users. I installed whatever client was provided or recommended. I turned on obvious security features. Then I just used the bloody thing. But conversely, any VPN can be leak-free with tight firewall rules, in any OS. And most of the Wilders audience arguably knows about firewall rules When I talk about those five being old and well-trusted, that's mostly about usability and commitment to privacy. In particular, within the last year or so, PIA told a US court that they didn't retain logs, and that was the end of it. But PIA is by no means perfect. Their servers are sometimes overloaded. And they are among the most aggressive in paying for good reviews.
1. Is it less likely to leak if they are just browsing the internet and not torrenting or streaming? 2. Would the test results still apply if you were not using the VPN company's downloadable client but rather using OpenVPN client under your test conditions? 3. Lastly, can iTunes desktop app leak under a VPN?
1) The issue about torrenting and streaming is that the app is constantly connecting to stuff, be it swarm peers or servers. And that it reacts to interruptions by connecting more aggressively to more things. So if the Internet uplink gets broken or stalled temporarily, the VPN client may disconnect and then reconnect. And while that's happening, unless there are firewall rules to prevent it, the torrenting/streaming app may establish direct connections, bypassing the VPN. And reveal your ISP-assigned IP address. 2) Using the stock OpenVPN client in my tests, there will be leaks with just about any VPN service. Even IVPN To prevent that, you need firewall rules. Or a custom VPN client that handles that. 3) I know nothing about the iTunes app. But I'm guessing that it would. I mean, wget and ping leak, so why not some app. Or at least, if it relies on established connections, and attempts to reconnect if disconnected.
Did you ever test freevpn.me? Now that Vpnium bit the dust, it looks to be the only free VPN left that is worthwhile.
Nope I think that SecurityKISS is a good free VPN. From the privacy perspective, anyway. Last I checked, they had a 300 MB/day cap
Too bad you did not test freevpn.me, but I'll likely jump on that bandwagon and give it a test drive anyway. As a free VPN, SecurityKISS does not impress me. I think too much effort for too little reward. Their 'olivine' plan at $28.30 is way cheaper than any other pay-for-play VPN I have seen, so that is definitely one I doubt I can resist.
I am curious to see an updated review or NordVPN, which I think is warranted now. The old review stated that ipv6 was not supported or blocked, in fact that was a major knock against them. That is no longer the case. Mirimir, I wonder, what's your impression of them now? My mullvad subscription is almost up and I need to determine if I should continue it or switch.
Sorry mate I'm just not into it. But you can do the same testing that I did. There are instructions on the site. Also in a guide on IVPN. The only difficult part would be setting up IPv6 connectivity through a private VPN. But if you already have IPv6 connectivity, you don't need that. And if you don't have IPv6 connectivity, you don't need to test for IPv6 leaks.
No worries, Mirimir. Anyways, I had to exclude Nord because it does not allow for forwarded ports, so the issue is moot. Thanks anyway.
Interested in what VPN you went with instead of Nord. I stopped using Nord as it ignored my (Windows) firewall block rules. Perfect privacy is good but quite expensive.
Mullvad. It was either that or AirVPN. Both are constantly rated as excellent in many reviews, but I really don't like the Eddie (the AirVPN client).
It's coincidence (or not, maybe), these 2 are what I finally arrived and bought. They're not just keeping good reps, but their technical expertise is superior, they contribute either OpenVPN or OpenSSL audit, do not put MUCH effort to advertising & affiliate, and adopt only secure protocols (Mullvad stopped PPTP support in the beginning of 2017). PerfectPrivacy seems not bad and it's rated as top provider in RestorePrivacy, but I don't think highly of their TrackStop & Neurorouting (or 4 hops itself) much. Triple tunneling w/ different providers should be much safer than 4 hops within the same which only gives limited value. Also ad-blocking on server side is limited unless one use MITM.