My VPN Testing Site is Finally Up

Discussion in 'privacy technology' started by mirimir, Jun 16, 2016.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    Well, there's an important distinction about "pings can be allowed should the lock be on and the VPN not connected". I mean, if I manually disconnect the VPN, I'd expect that pings would be allowed. But if the VPN client is reconnecting after a network interruption, I'd expect that pings would be blocked. Because that could happen while you're torrenting or whatever, so whatever apps are running could be pinging stuff.
    Yes, for sure. Always use a firewall. But then, people who use VPN clients from providers tend toward cluelessness about configuring firewalls. And that was the point of the leak testing project. To see how well VPN clients protect clueless users.
    I will let all y'all know :)

    It'll be a few days before I get to this. I'm currently obsessing with ping localization of VPN servers. It turns out that it's not as straightforward as I had expected. Maybe some of the ping probes aren't where they claim to be. Or maybe lots of stuff isn't really where it claims to be. Or rather, maybe ping times reflect complexities of network routing more than simple physical distances.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
  3. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    20
    Location:
    Sulaimaniya, Iraq
    @mirimir How are you doing bro? I hope everything is good for you. It's been a year since I have read your extensive leak test for a number of VPN Services. It was very helpful and made me follow up the 6 one which are passed the test. Finally, I made a decision between IVPN and Perfect Privacy. I have read many good feature about them but according to Restore Privacy blog then Perfect Privacy is the Best VPNs for 2017 in terms of Privacy, Security and Speed:
    Updated: August 17, 2017 By Sven Taylor
    https://restoreprivacy.com/best-vpns/

    What do you think about Perfect Privacy?
    Do you think that IVPN is still offering more secure VPN than Perfect Privacy?

    He didn't put IVPN in his list and I will ask him to make a review about it and compare it to Perfect Privacy.

    Thanks,
     
    Last edited: Sep 4, 2017
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    Perfect Privacy is pretty good. When I tested last year, their Windows client didn't leak. But their OS X client leaked IPv4 and IPv6 during reconnection after uplink interruption. With your own firewall rules, I'm sure that it'd be fine.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    Oops, I misspoke about Perfect Privacy's "OS X client". They didn't have one then, so I used Viscosity. So I should have said that Perfect Privacy with Viscosity leaked in OS X.
     
  6. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Hi

    You didn't test VPN.ac?

    I recall reading something negative about perfect privacy.

    So ivpn or proton VPN when it's out of beta?
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    It's important to keep in mind that I was testing from the perspective of n00bs, who don't necessarily get the distinction between VPN services and VPN clients. Or why firewall rules are important. And so on.

    So basically, the test was "Buy and install this app. Use it, and see if I can make it leak". Emulating, say, someone torrenting or streaming.

    Anyway, Perfect Privacy's Windows client didn't leak. Viscosity leaked in OS X. But then, Viscosity with just about all VPNs would leak in OS X, uless you configure firewall (pf) rules to prevent that.

    I tested what I tested. And at this point, I doubt that I'll be testing any more. Maybe if someone paid me enough, I guess ;) But anyway, when I get around to it, I'll be redesigning the site to focus on testing methods. With more detail, and instructions. And I'll restyle the results as examples.

    My favorites remain AirVPN, BolehVPN, IVPN, Mullvad and PIA. There are many other great VPNs, I'm sure. Perfect Privacy has some cool multi-hop features. As does IVPN. IPVanish seems cool too. And ProtonVPN certainly has a great pedigree. But at this point, those five have been great for several years, and that in itself distinguishes them.
     
  8. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Cool doesn't cut it though does it.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    OK, "cool" doesn't mean much. Re Perfect Privacy and IVPN multihop, I mean that multi hop provides more "anonymity" than single hop. But multi hop through nested chains using different VPNs provides even more.

    I've never used IPVanish. However, I've been playing with geolocating VPN servers through ping testing. Beating the https://restoreprivacy.com/vpn-server-locations/ idea into the ground :) They have 828 servers, ans at least 98% of them seem to be where claimed. That's impressive!

    Conversely, by the way, claimed locations for 58% of VyprVPN's 73 servers are physically implausible. In that there are "distant" ping probes with rtt less than half of what you'd expect, based on the speed of light.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Thanks again for all the hard work you put into this stuff. It benefits us all. The results are pretty much what I expected, though I've never tried out FrootVPN or SlickVPN.

    Though it seems like whatever test/criteria you throw at iVPN or Mullvad they pass with flying colors. Definitely the best 2 IMO.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    Thanks :)
    True. AirVPN, BolehVPN and PIA are also good. As I've noted before, some of us have been recommending those five for several years, now. They're some of the oldest VPN services. Cryptohippie is older, but costs too much and has a throughput cap. Anonymizer is even older, perhaps the first, but it's linked to the CIA.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    It's not that hard to run your own leak tests. The methods that I used for that website are pretty close to what I describe in this guide: https://www.ivpn.net/privacy-guides/how-to-perform-a-vpn-leak-test

    Recently, I've been geolocating VPN servers by pinging from multiple probes (asm.ca.com, maplatency.com, ping.pe, etc). IPVanish has lots of servers, and almost all of them seem to be located where it says they are. In contrast to, notibly, HMA and VyprVPN. I'll eventually publish that as a series of blog posts on IVPN.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,958
    Location:
    Last Breath Farm
    Your test site identifies PIA as a service that leaks (in Windows), but you are saying here that PIA is good and is recommended? Could you explain that for me, please?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    It's very likely that my tests basically identified leaks in VPN clients. So yes, I did find leaks with PIA's Windows client. And with AirVPN's OS X client. Just about any VPN would leak, using stock OpenVPN and no firewall rules or restrictions on routing. And in most OS, routing restrictions alone are very iffy protection. So anyway, in my tests, I emulated naive users. I installed whatever client was provided or recommended. I turned on obvious security features. Then I just used the bloody thing.

    But conversely, any VPN can be leak-free with tight firewall rules, in any OS. And most of the Wilders audience arguably knows about firewall rules :) When I talk about those five being old and well-trusted, that's mostly about usability and commitment to privacy. In particular, within the last year or so, PIA told a US court that they didn't retain logs, and that was the end of it. But PIA is by no means perfect. Their servers are sometimes overloaded. And they are among the most aggressive in paying for good reviews.
     
  15. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    122
    Location:
    France
    1. Is it less likely to leak if they are just browsing the internet and not torrenting or streaming?
    2. Would the test results still apply if you were not using the VPN company's downloadable client but rather using OpenVPN client under your test conditions?
    3. Lastly, can iTunes desktop app leak under a VPN?
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    1) The issue about torrenting and streaming is that the app is constantly connecting to stuff, be it swarm peers or servers. And that it reacts to interruptions by connecting more aggressively to more things. So if the Internet uplink gets broken or stalled temporarily, the VPN client may disconnect and then reconnect. And while that's happening, unless there are firewall rules to prevent it, the torrenting/streaming app may establish direct connections, bypassing the VPN. And reveal your ISP-assigned IP address.

    2) Using the stock OpenVPN client in my tests, there will be leaks with just about any VPN service. Even IVPN ;) To prevent that, you need firewall rules. Or a custom VPN client that handles that.

    3) I know nothing about the iTunes app. But I'm guessing that it would. I mean, wget and ping leak, so why not some app. Or at least, if it relies on established connections, and attempts to reconnect if disconnected.
     
  17. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    108
    Location:
    Albany, CA
    Did you ever test freevpn.me? Now that Vpnium bit the dust, it looks to be the only free VPN left that is worthwhile.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,871
    Nope :(

    I think that SecurityKISS is a good free VPN. From the privacy perspective, anyway. Last I checked, they had a 300 MB/day cap :(
     
  19. Uitlander

    Uitlander Registered Member

    Joined:
    May 16, 2010
    Posts:
    108
    Location:
    Albany, CA
    Too bad you did not test freevpn.me, but I'll likely jump on that bandwagon and give it a test drive anyway. As a free VPN, SecurityKISS does not impress me. I think too much effort for too little reward. Their 'olivine' plan at $28.30 is way cheaper than any other pay-for-play VPN I have seen, so that is definitely one I doubt I can resist.
     
Loading...