Rate this post

When we started this VPN anonymity series, almost a decade ago, the market was relatively small and easy to monitor.

Today, the VPN industry is booming with hundreds of companies offering a wide variety of services, some more anonymous than others.

The VPN review business is also booming. Simply do a random search for "best VPN" or "VPN review" and you'll see dozens of sites filled with recommendations and preferred selections.

We do not want to make any recommendation. When it comes to privacy and anonymity, an intruder can not offer any guarantee. Vulnerabilities always lurk around the corner and even with the most secure VPN, you should still trust the VPN company with your data.

Instead, our goal is to provide an unclassified overview of VPN providers, asking them questions that we consider important. Many of these questions are related to anonymity and security, and the different companies respond with their own words.

We hope this helps users make an informed decision. However, we emphasize that users themselves must always ensure that their configuration is secure.

The questions and answers for this year are listed below. We have included all VPNs that do not maintain extensive records or block BitTorrent traffic on all of your servers. This list is not exhaustive.

1. Do you keep ANY record that allows you to match an IP address and timestamp with a current or previous user of your service? If so, exactly what information do you have and for how long?

2. What is the name with which your company is incorporated and in what jurisdiction does your company operate?

3. What tools are used to monitor and mitigate abuse of your service, including limits on concurrent connections if they apply?

4. Do you use an external email provider (for example, Google Apps), analytics or support tools (for example, Live Support, Zendesk) that contain information provided by users?

5. In the event that you receive a DMCA removal notice or equivalent that is not from the US. UU., How are they handled?

6. What steps would be taken in the event that a court orders your company to identify an active or former user of its service? How would your company respond to a court order that requires you to record a user's activity in the future? Have these scenarios been played in the past?

7 Is BitTorrent and other file sharing traffic allowed on all servers? But because? Do you provide port forwarding services? Are there blocked ports?

8. What payment systems / providers do you use? Do you take any steps to ensure that the payment details can not be linked to the use of the account or IP assignments?

9. that is The most secure encryption and VPN connection algorithm you would recommend to your users?

10. Do you provide tools such as "interrupt switches" if a connection is interrupted and protection against DNS / IPv6 leaks? Is it compatible with the Dual Stack IPv4 / IPv6 functionality?

11. Are any of your VPN servers hosted by third parties? If so, what steps does it take to prevent these partners from being investigated in any incoming and / or outgoing traffic? Do you use your own DNS servers?

12. In which countries are your servers physically located? Do you offer virtual locations?

VPN review1. We do not store any records related to traffic, session, DNS or metadata. There are no records for any person or entity that matches an IP address and a timestamp for a user of our service. In other words, we do not register, period. Privacy is our policy.

2. London Trust Media Incorporated, an Indiana corporation.

3. We have an active and proprietary system to help mitigate the abuse.

4. At this moment, we are using Google Apps Suite and Google Analytics with the tracking of demographic and disabled data and anonymizing the IP addresses enabled.

5. We do not supervise our users and do not keep records, period. That said, we have a patented and active system to help mitigate the abuse.

6. Each citation is examined to the fullest extent possible to comply with the "spirit" and the "letter of the law". While we have not received valid court orders, we periodically receive citations from law enforcement agencies that we examine for compliance and respond accordingly. All this is based on our commitment to privacy.

Having said all this, we do not register or have data from our clients other than their registration email and account information.

7. BitTorrent and file sharing traffic are allowed and treated in the same way as the rest of the traffic (although in some cases it is routed through a second VPN). We do not censor our traffic, period.

8. We use a variety of payment systems, which include, among others: PayPal, Credit Card (with Stripe), Amazon, Google, Bitcoin, Bitcoin Cash, Zcash, CashU, OKPay, PaymentWall and any important gift purchased in the store card. The payment data are not linked or linked to the user's activity due to our non-registrations policy.

9. At this time, the safest and most practical VPN encryption and connection algorithm we recommend to our users would be our encryption set of AES-256 + RSA4096 + SHA256.

10. Yes, our users get access to a large number of additional tools, which include, among others:

(a) Deactivation switch: ensures that traffic is routed through the VPN, so that if the VPN connection is terminated unexpectedly, traffic will not be routed.

(b) IPv6 Leak Protection: protects clients from websites that may include IPv6 incrustations, which could cause IPv6 IPv6 information to come out.

(c) Protection against DNS leakage: it is integrated and ensures that DNS requests are made through the VPN in a secure, private and unregistered DNS daemon.

(d) Shared IP system: we combine customer traffic with the traffic of many other customers through the use of an anonymous shared IP system, which ensures that our users mix with the crowd.

(e) MACE ™: protects users from malware, crawlers and ads.

11. We use our own metal servers in third-party data centers that are operated by trusted friends and, now, business partners with whom we have met and in which we have completed due diligence. Our servers are located in facilities that include 100 TB, Choopa, Leaseweb, among others.

We also operate our own DNS servers in our high performance network. These servers are private and are not registered.

12. We currently operate 3,335 servers in 53 locations in 33 countries. For more information on what countries are available, visit our network information page. All of our locations are physical and not virtualized.

Private internet access website

1. We do not keep records or time stamps that can allow the identification of our customers.

2. Tefincom S.A., operated under the jurisdiction of Panama.

3. We can only see the server load, which helps us optimize our service and provide the best possible Internet speed to our users. We have also developed and implemented an automated tool that limits the maximum number of simultaneous connections to six. Apart from that, we do not use any other tool.

4. NordVPN uses third-party data processors for email services and to collect basic analysis of applications and websites. We use Iterable for correspondence, Zendesk to provide customer support, Google Analytics to monitor the data of websites and applications, as well as Crashlytics, Firebase Analytics and Appsflyer to monitor the data of the applications.

All third party services that we use are subject to a contract with us to never use the information of our users for their own purposes and not to disclose the information to third parties that are not related to the service.

5. We operate under the jurisdiction of Panama, where DMCA and similar orders have no legal influence. Therefore, they do not apply to us.

6. If the order or citation is issued by a Panamanian court, we would have to provide the information if we had one. However, our zero registration policy means that we do not store any information about our users' online activity, only their email address and basic payment information. So far, we have not had such cases.

7. We do not restrict any BitTorrent application or other applications to share files on most of our servers. We have optimized some of our servers specifically to share files. At the moment, we do not offer port forwarding or block outgoing SMTP25 and NetBIOS ports.

8. Our clients can pay through the main credit cards, regionally located payment solutions (for example, AliPay, Yandex, etc.) and cryptocurrencies. Our payment processing partners collect basic billing information for payment processing and reimbursement requests, but can not relate to any Internet activity of a particular customer. Bitcoin is the most anonymous option, since it does not link the payment details to the user's identity or other personal information.

9 For the OpenVPN connection, we use the AES 256 GCM algorithm. For IKEv2 / IPSec, the ciphers used to generate the Phase1 keys are AES-256-GCM for encryption, together with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys.

10. Yes, we provide an automatic interrupt switch and a function for DNS leak protection. The Dual Stack IPv4 / IPv6 functionality is not yet compatible with our service; however, all NordVPN applications offer integrated IPv6 leak protection.

11. We use a hybrid model, for which we own some of our servers, but we also partner with premium data centers with strong security practices.

Due to the special configuration of our server, no one can collect or retain any data, which guarantees compliance with our policy of no records. We also have specific requirements for network providers to guarantee the best quality of service for our customers. We have our own DNS servers, and all DNS requests go through them. In addition, our clients can use any DNS server they wish.

12. All our servers are physically located in the indicated countries. We do not offer virtual locations. At this time, NordVPN provides more than 5,000 servers in 61 countries, and the full list of locations can be found here.

NordVPN website

expressvpnlogo1. No, ExpressVPN does not maintain any connection or activity log, including browsing history, data content, DNS requests, timestamps, source IPs, outgoing IPs or destination IPs . This ensures that we can not determine whether a particular user connected to the VPN at any given time, assumed a particular outgoing IP address, or generated some specific network activity.

2. Express VPN International Ltd. is a BVI company (British Virgin Islands).

3. We do not monitor or record any user activity in our network. We reserve the right to block specific abusive traffic to protect the server network and other ExpressVPN clients.

With regard to the limits on the number of devices connected simultaneously, never record time stamps or IP addresses; our systems can simply identify how many active sessions a given license has at a given time and use that counter to decide if a license is allowed to create an additional session. This counter is temporary and is not tracked over time.

4. We use Zendesk for support tickets and SnapEngage for live chat support; We have evaluated the security profiles of both and consider them secure platforms. We use Google Analytics and cookies to collect marketing metrics for our website and several external tools to collect bug reports (only if a user chooses to share these reports).

5. As we do not keep any data or records that can link a specific activity to a specific user, ExpressVPN does not identify or inform users as a result of DMCA notifications.

6. Legally, our company is only required to respect subpoenas and court orders when they originate in the government of the British Virgin Islands or in conjunction with the BVI authorities through a mutual legal assistance treaty.

As a general rule, we respond to the questions of the police authorities informing the researcher that we do not have any data that could link the activity or the IP addresses with a specific user. Regarding the demand that we may register the activity in the future: if someone ever made such a request, we would refuse to redesign our systems in a way that violates the privacy protections our customers trust us to maintain.

7. ExpressVPN allows all traffic, including BitTorrent and other file exchange traffic (without rerouting), from all our VPN servers. At the moment, we do not support the forwarding of ports.

8. ExpressVPN accepts all major credit cards, PayPal and a large number of local payment options. We also accept Bitcoin, which we recommend for those who seek maximum privacy in relation to their payment method. As we do not record user activity, IP addresses or timestamps, ExpressVPN or any other external party can not link the payment details entered on our website with a user's VPN activities.

9. ExpressVPN applications are usually pre-defined in our recommended protocol for security and performance: OpenVPN UDP. Our applications use a 4096-bit CA, the AES-256-CBC encryption, the TLSv1.2 and SHA512 signatures to authenticate our servers.

10. Yes, ExpressVPN protects users from data leaks in several ways; our suite of legacy leak detection and open source leak testing tools is detailed on our Privacy Investigation Lab page.

Our "Network blocking" feature, which is enabled by default, prevents all types of traffic, including IPv4, IPv6 and DNS, from leaking out of the VPN, such as when your Internet connection is interrupted or in various scenarios where other VPNs may leak.

We still do not support IPv6 routing through the VPN tunnel, although we are considering adding this in the future to a subset of our server locations.

11. Our VPN servers are hosted in trusted data centers with strong security practices, where data center employees do not have server credentials.

Last year, we developed technology to allow our servers to run only in RAM, booted from a read-only disk. That means that we can apply server patches quickly and safely and prevent any possible intruder from persisting on our servers.

We do not maintain activity logs or connection logs, and because our VPN servers can not write to hard drives, they can not log confidential data even by accident. We run our own DNS without registration on each server, which means that personal identification data is never stored. We do not use third-party DNS.

12) ExpressVPN has more than 3,000 servers covering 94 countries. For countries where it is difficult to find servers that meet ExpressVPN's rigorous standards for server security, reliability and speed, we use virtual locations so that users can assume IP addresses registered in those countries.

These locations represent less than 3% of the number of ExpressVPN servers, and specific countries are published on our website here.

ExpressVPN website

1. No records or timestamps are kept at all. TorGuard does not store any traffic records or user session data in our network. In addition to a strict non-registration policy, we execute a default shared IP configuration on all servers. Because no records or timestamps are kept and several users share a single IP address, it is not possible to match any user with an IP address or user name.

2. TorGuard is owned by VPNetworks LLC and operates under the jurisdiction of the US. UU

3. We use customized software to monitor server health and network performance, we use global rule sets to try to detect and block attempts to abuse our service in real time. We also limit simultaneous connections through our backend authentication servers.

4. We use anonymous Google Analytics data to optimize our website and Sendgrid for transactional email. TorGuard 24/7 live chat services are provided through the Livechatinc platform. Requests from the customer service desk are maintained by TorGuard's own private ticketing system.

5. In the event that a valid DMCA notice is received, our abuse team will process it immediately. Due to our policy of no registration and no time stamp and shared IP network, we can not forward any request to a single user.

6. If a court order is received, it is first handled by our legal team and examined to determine its validity in our jurisdiction. If deemed valid, our legal representation would be required to explain in more detail the nature of our shared IP network configuration and the fact that we do not have identification records or time stamps.

The TorGuard network was designed to work with minimal server resources and is not physically able to retain such records. There is no on / off switch to record the activity, so it would be impossible to comply with that request. No, this has never happened.

7. Yes, BitTorrent and all P2P traffic is allowed on all servers, without restrictions. Yes, we provide port forwarding through OpenVPN (with protection against port failures), we also offer the possibility to include in the IP whitelist that can access externally open ports, and all other IPs will be blocked. We allow all ports over 2048 to be opened by users through the control panel in the members area.

8. We currently offer more than 200 different payment options. This includes all forms of credit cards, PayPal, Bitcoin, cryptocurrency (eg, Litecoin, Ethereum, Monero + many more), Alipay, WeChat Pay, UnionPay, more than 100 gift card brands and many other payment options local throughout the world.

It is impossible to link it again with the use of the account or IP assignments because we maintain zero records throughout our network.

9. For greater security, we advise customers to use OpenVPN and select the encryption option AES-256-GCM, with 4096bit RSA and SHA512 HMAC. We use TLS 1.2 on all servers with the secret of perfect forwarding activated. It can also be used together with Stunnel for a second SSL layer or it can be used together with the invisible shadowsocks proxy that also uses AES-256-CBC in addition to what you are already using. Port 53 of OpenVPN also takes advantage of tls-crypt.

TorGuard offers a wide range of VPN protocols, including OpenVPN, iKEV2, IPsec, SSTP, OpenConnect / AnyConnect, Stunnel, WireGuard, SSH Tunnels and Shadowsocks.

10. TorGuard VPN software provides strict security features by automatically disabling IPv6 and blocking any possible loss of DNS or WebRTC.

We offer a full connection interrupt switch that protects your VPN traffic against accidental disconnections and, if necessary, will annihilate your interfaces. There is also an application interrupt switch that can terminate specific applications if the VPN connection is interrupted.

TorGuard will begin offering IPv6 VPN connectivity in selected locations of shared IP and residential IP in the coming months.

11. We maintain full physical control over all hardware and only seek partnerships with data centers that can meet our strict security criteria. All servers are implemented and managed exclusively by TorGuard staff.

By default, the TorGuard VPN application uses private DNS without registration at each VPN endpoint. TG's desktop and Android applications also allow customers to modify their connected DNS with a custom DNS entry of their choice or use TorGuard's Endpoint DNS on 10.9.0.1.

All traffic between the end user and the VPN server is encrypted, which makes it impossible for any provider to decipher the tunnel or the user activity inquiry.

12. TorGuard currently maintains thousands of servers in more than 55 countries around the world, and we continue to expand the network every month. All servers are physically located in the indicated country of origin and we do not use any virtual location in any location within the TorGuard network.

Torguard website

1. Records that allow the correlation of the IP address of the user with a VPN address are not kept. The database of the session does not include the source IP address of
the user. Once a connection is terminated, session information is removed from the session database.

2. The name of the company is PrivActually Ltd, which operates in Cyprus.

3. Actual abuse is mitigated by meat (humans). User traffic is not monitored or inspected in any way. TCP / IP sessions are not limited individually, but per server, to 10 million established connections. The packet overflows are resolved by the use of adaptive packet speed limiters at the port level of the switch and are activated at 90k pps. The number of simultaneous connections is limited by the VPN back-end software.

4. There is no mechanism to track visitors, not even passives that analyze web server logs. IPredator runs its own mail infrastructure and does not use third-party products such as Gmail. We also do not use data like a ticket system to manage support requests. IPredator adheres to a simple mail system and removes the old data after three months from the mailboxes.

5. The requests are evaluated in accordance with the legal frameworks established in the jurisdictions in which the service operates and we react accordingly. After receiving a request, its validity is verified. The abuse of DMCA demolition with false credentials seems to be in fashion these days.

6. If the court order is not a gag order, it will be notified on canary channels and other means. In the event that we were forced to register the user's activity, we would close the service. Spontaneous bankruptcy … sometimes the only winning movement is not to play.

7. BitTorrent and other file sharing traffic is allowed. In public IP VPN pools, port forwarding is not necessary.

8. PayPal, Bitcoins and Payson are fully integrated. Other payment methods are available upon request. An internal transaction ID is used to link the payments to the payment processor.

We do not store any other data about the payments associated with the user's account. The systems that deal with payments have no connection to the part of the infrastructure that handles VPN connections.

Frontend proxies are used to ensure that the IP addresses of users are not displayed on any of the backend systems. Payment processors can not link a payment to a specific account or IP address based on the data we have to provide.

9. IPredator provides configuration files for various platforms and clients that apply TLS1.2 on supported systems. Ideally, the client negotiates ECDHE-RSA-AES256-GCM as a suite for control and AES256 for the data channel. For added protection, detailed configuration instructions and procedures are provided to our users.

10. Netsplice, IPredator's multiplatform VPN client, has native support for several types of interrupt switches. You can kill a program, just put it on hold, turn off your machine or clean your hard drive … it's up to you. Users can use this page to verify a series of leaks, not just DNS leaks.

11. We own each server, switch and cable that we use to provide the VPN service to our uplink network. The machines are located in Sweden due to the laws that allow us to run our service privately.

If the situation changes, we can move the operations to a different country. The core of any privacy service is trust in the integrity of the underlying infrastructure. Everything else has to build on that, which includes the DNS servers.

12. Sweden, there are no virtual locations at this time.

Ipredator website

1. No. Every time a user connects to ProtonVPN, we only monitor the timestamp of their last successful login attempt. This is overwritten at each successful session start. This timestamp does not contain any identification information, only the date and time of the session start.

We do not collect any information about a user's IP address, and we only keep limited time stamp information to protect user accounts from password brute force attacks.

2. Our registered name is Proton Technologies AG and we operate under the jurisdiction of Switzerland.

3. We use internal tools and systems to mitigate the abuse of our service and to guarantee the best quality for our users.

4. We currently use anonymous data from Google Analytics to optimize our website, but we are migrating to a local installation of Matomo, an open source analysis tool. For customer service, we use ZenDesk.

The information that users provide when they contact our support team is processed for analytical purposes (such as adding the number of Secure Streaming questions), but they are not combined with any personal data.

5. A DMCA removal notice or its non-US counterpart will be handled in accordance with our internal processes. Such a request would never connect to a specific user, thanks to our strict non-registration policy.

6. We can only disclose the limited data of the user we own, but our strict non-registration policy means that we do not have information about our users' online activity.

The limited data we have will only be disclosed when requested by a Swiss court for the purposes of prevention, investigation, detection or prosecution of crimes or the execution of criminal sanctions, including protection against and prevention of threats to public safety.

Court orders must be approved by the Cantonal Courts of Geneva or by the Federal Supreme Court of Switzerland. According to Swiss law, it is mandatory to notify the purpose of a data request, although such notification may come from the authorities and not from the Company. We have not had any request of this type.

7. We allow P2P in all our paid plans. Depending on the laws of the country hosting the server, we may need to channel the connection through a country that supports P2P. Currently, we do not provide port forwarding services.

8. We rely on third parties to process transactions with credit card and PayPal, and we never keep the complete data of our users' credit card. Our payment processing partners collect basic billing information to process payments and refunds, but they can not be linked to a user's online activity. We also accept anonymous payments in cash or Bitcoin.

9. We only use VPN protocols that are known to be safe, either IKEv2 / IPSec or OpenVPN. We encrypt the traffic of our users with AES-256, the exchange of keys is done with RSA of 4096 bits and HMAC with SHA384 is used for message authentication. This is available to all users, including those in our free plan. Plus and Visionary plan users can also use our Secure Core feature for an additional layer of security.

10. Actualmente, admitimos un interruptor Kill en Windows, Android y Mac. Los usuarios de iOS pueden usar la función Always-on, ya que las restricciones de nivel de red de Apple en iOS impiden un verdadero Kill Switch. Operamos nuestros propios servidores DNS para garantizar la prevención de fugas de DNS. Nuestros servidores actualmente soportan IPv4.

11. Nunca comprometemos la seguridad; solo utilizamos servidores físicos de terceros con buena reputación que han pasado por nuestro proceso de investigación. Nuestros servidores Secure Core brindan una capa adicional de protección contra cualquier posible interferencia con nuestros servidores finales, incluidos nuestros socios. Usamos nuestros propios servidores DNS, que manejan todas las solicitudes de DNS de nuestros usuarios.

12. Actualmente tenemos 380 servidores en 31 países y estamos expandiendo continuamente nuestra red. Solo utilizamos servidores físicos que se encuentran en sus países declarados. No utilizamos ningún servidor virtual ni ofrecemos ubicaciones virtuales. Una lista de todos nuestros servidores y sus ubicaciones se pueden encontrar aquí.

ProtonVPN sitio web

hideipvpn1. Actualmente, no almacenamos registros relacionados con ninguna dirección IP. No hay forma de que un tercero haga coincidir la IP de un usuario con ninguna actividad específica en Internet.

2. El nombre registrado de la compañía es Server Management LLC y operamos bajo la jurisdicción de los EE. UU

3. Una sola suscripción puede usarse simultáneamente para tres conexiones. Los abusos de servicio generalmente significan el uso de servidores no P2P para torrents o avisos de DMCA. Usamos el complemento de iptables para bloquear el tráfico P2P en servidores donde P2P no está permitido explícitamente. Bloqueamos el correo saliente en el puerto 25 para evitar la actividad de spam.

4. Utilizamos el chat en vivo proporcionado por tawk.to y Google Apps para el correo electrónico entrante. Para el correo electrónico saliente, usamos nuestro propio servidor SMTP.

5. Dado que no se almacena información en ninguno de nuestros servidores, no hay nada que podamos eliminar. Respondemos al centro de datos o al titular de los derechos de autor que no registramos el tráfico de nuestros usuarios y que usamos direcciones IP compartidas, lo que hace imposible rastrear quién descargó los datos de Internet mediante nuestra VPN.

6. HideIPVPN puede divulgar información, incluida, entre otras, información sobre un cliente, para cumplir con una orden judicial, citación, citación, solicitud de descubrimiento, orden judicial, estatuto, reglamento o solicitud gubernamental. Pero debido al hecho de que tenemos una política de no registros y usamos IP compartidas, no habrá nada que revelar, excepto los detalles de facturación. Esto nunca ha sucedido antes.

7. Este tipo de tráfico es bienvenido en nuestros servidores alemán (DE VPN), holandés (NL VPN), luxemburgués (LU VPN) y lituano (LT VPN). No está permitido en los servidores de EE. UU., Reino Unido, Canadá, Polonia, Singapur, Australia y Francia como se indica en nuestros Términos de servicio: el motivo de esto son nuestros acuerdos con los centros de datos. No permitimos el reenvío de puertos y bloqueamos los puertos 22 y 25 por razones de seguridad.

8. Actualmente, HideIPVPN acepta los siguientes métodos: PayPal, Bitcoin, tarjetas de crédito y débito, JCB, American Express, Diners Club International, Discover. Todos los detalles de facturación de nuestros clientes se almacenan en el sistema de facturación de WHMCS.

9. El protocolo VPN de SoftEther se ve muy prometedor y seguro. Los usuarios actualmente pueden usar nuestras aplicaciones VPN en sistemas Windows y OSX. Ambas versiones tienen una función de "interruptor de interrupción" en caso de que se caiga la conexión. Nuestras aplicaciones pueden restablecer la conexión VPN y, una vez activas, reiniciar las aplicaciones cerradas. Además, la aplicación tiene la opción de habilitar la protección de fugas de DNS.

10. Sí, nuestras aplicaciones VPN gratuitas tienen ambas funciones integradas. No admitimos la funcionalidad Dual Stack IPv4 / IPv6.

11. No tenemos control físico en nuestros servidores VPN. Los servidores están subcontratados en un centro de datos premium con redes de neumáticos de alta calidad1. Nuestros servidores son autogestionados, el acceso está restringido solo a nuestro personal. Utilizamos Google DNS para nuestros servidores VPN y, por supuesto, nuestros servidores DNS para Smart DNS.

12. En este momento contamos con servidores VPN ubicados en 11 países: Estados Unidos, Reino Unido, Países Bajos, Alemania, Luxemburgo, Lituania, Canadá, Polonia, Francia, Australia y Singapur. Como puede ver, un número de ubicaciones disponibles están creciendo constantemente.

Sitio web de HideIPVPN

escondeme1. No, no mantenemos ningún registro. Hemos desarrollado nuestro sistema con un ojo en la privacidad de nuestros clientes, por lo que creamos un clúster VPN distribuido con nodos públicos independientes que no almacenan ningún dato o registro del cliente.

2. Hide.me VPN es operado por eVenture Limited y tiene su sede en Malasia, sin obligación legal de almacenar ningún registro de usuario.

3. No limitamos ni monitoreamos conexiones individuales. Para mitigar el abuso, implementamos reglas generales de firewall en algunos servidores que se aplican a rangos de IP específicos. Por diseño, un nombre de usuario solo puede establecer una conexión simultánea.

4. Nuestras páginas de destino que se utilizan únicamente con fines publicitarios incluyen una cantidad limitada de scripts de seguimiento de terceros, a saber, Google Analytics. Sin embargo, ninguna información personal que pueda estar vinculada al uso de VPN se comparte con estos proveedores. No enviamos información que pueda comprometer la seguridad de alguien por correo electrónico.

5. Ya que no almacenamos ningún registro ni hospedamos material que infrinja los derechos de autor en nuestros servicios, responderemos a estas notificaciones en consecuencia.

6. It has never happened, but in such a scenario we won’t be able to entertain the court orders because our infrastructure is built in a way that it does not store any logs.

There is no way we could link any particular cyber activity to any particular user. In case we are forced to store user logs, we would prefer to shut down rather than putting our users at stake who have put their trust in us.

7. There is no effective way of blocking file-sharing traffic without monitoring our customers, which is against our principles and would even be illegal.

8. We support a wide range of popular payment methods, including all major cryptocurrencies like Bitcoin, Litecoin, Ethereum, Dash, Monero, Paypal, Credit Cards and Bank transfer.

All payments are handled by external payment providers and are linked to a temporary payment ID. This temporary payment ID cannot be connected to the user’s VPN account/activity. After the payment is completed, the temporary payment ID will be permanently removed from the database.

9. All modern VPN protocols that we all support – like IKEv2, OpenVPN, SoftEtherVPN and SSTP, are considered secure even after the NSA leaks. We follow cryptographic standards and configure our VPN servers accordingly in order to support a secure key exchange with 8192-bit key size and strong symmetric encryption (AES-256) for the data transfer.

10. Our users’ privacy is of utmost concern to us. Our Windows client has the features such as Kill Switch, Firewall to limit apps to VPN, Firewall to limit all connections to VPN, Split Tunnel, Auto Connect, Auto Reconnect etc which makes sure that the user is always encrypted and anonymous.

We have put in some additional layers of security which include default protection against IP and DNS leaks. Our Desktop apps also block outgoing IPv6 connections automatically to prevent IP leaks. Dual Stack IPv4/IPv6 functionality will be rolled out in Q2 2019.

11. We operate our own non-logging DNS-servers to protect our customers from DNS hijacking and similar attacks. However, we do not own physical hardware. There is intrusion detection and other various security measures in place to ensure the integrity and security of all our single servers.

Furthermore, we choose all third party hosting providers very carefully, so we can assure that there are certain security standards in place (ISO 27001) and no unauthorized person could access our servers. Among our reputable partners are Leaseweb, NFOrce, M247 and Softlayer.

12. Our servers are located in countries all over the world, among the most popular ones are Canada, Netherlands, Singapore, Germany, Brazil, Mexico and Australia. Below is the complete list of countries, alternatively you can view all available locations here.

Hide.me website

ivpn1. No. We believe that not logging VPN connection related data is fundamental to any privacy service regardless of the security or policies implemented to protect the log data.

2. Privatus Limited, Gibraltar.

3. We limit simultaneous connections by maintaining a temporary counter on a central server that is deleted when the user disconnects.

4. No. We made a strategic decision from day one that no company or customer data would ever be stored on third-party systems. All our internal services run on our own dedicated servers that we setup, configure and manage. No third parties have access to our servers or data.

We don’t host any external scripts on our website nor do we engage in advertising on Google or Facebook etc.

5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we inform them that we never store the IP addresses of customers connected to our network nor are we legally required to do so.

6. Firstly, this has never happened. However, if asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information. If legally compelled to log activity going forward we would do everything in our power to alert the relevant customers directly (or indirectly through our warrant canary).

7. Yes, we treat all traffic equally on all servers. Yes, we provide a port forwarding service.

8. We accept Bitcoin, Cash, PayPal and credit cards. When using cash there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system.

If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin. When paying with PayPal or a credit card a token is stored that is used to process recurring payments but this is not linked in anyway to VPN account usage or IP-assignments.

9. We provide RSA-4096 / AES-256-GCM with OpenVPN, which we believe is secure enough for our customers’ requirements.

10. Yes, the IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible including IPv6, DNS, network failures, WebRTC STUN etc. Our VPN clients work on a dual-stack IPv4/IPv6 but we currently only support IPv4 on our VPN gateways.

11. We use bare metal dedicated servers leased from third-party data centers in each country where we have a presence. We install each server using our own custom images and employ full disk encryption to ensure that if a server is ever seized the data is worthless.

We also operate an exclusive multi-hop network allowing customers to choose an entry and exit server in different jurisdictions which would make the task of legally gaining access to servers at the same time significantly more difficult. We operate our own network of log free DNS servers that are only accessible to our customers through the VPN tunnel.

12. Please see here. We do not offer virtual locations.

IVPN website

azire1. No, we do not record or store any logs related to our services. No traffic, user activity, timestamps, IP addresses, number of active and total sessions, DNS requests, or any other kind of logs are stored. System logs are disabled.

2. The registered company name is Netbouncer AB and we operate under Swedish jurisdiction where there are no data retention laws that apply to VPN providers.

3. We took extra security steps to harden our servers. They are running using Blind Operator mode, a software module which ensures that it’s extremely difficult to set up any kind of traffic monitoring. Abuses like incoming DDoS attacks are usually mitigated with UDP filtering on the source port used by an attacker.

4. No, we do not rely on and refuse to use external third-party systems. We run our own email infrastructure and encourage people to use PGP encryption for reaching us. The ticketing support system, website analytics (Piwik, with anonymization settings) and other tools are hosted in-house on open-source software.

5. We politely inform the sender that we do not keep any logs and
are unable to identify a user.

6. In the case that a valid court order is issued, we will inform the other party that we are unable to identify an active or former user of our service due to our particular infrastructure. In that case, they would probably force us to handover physical access to the server, which they would have to reboot to gain any kind of access due to the Blind Operator mode. Since we are running our custom system images directly into RAM, all data would be lost.

So far, we have never received any court order and no personal information has ever been given out.

7. Yes, BitTorrent, peer-to-peer and file-sharing traffic is allowed and treated equally to any other traffic on all of our servers. We do not provide port forwarding services, however, we do provide a public IPv4+IPv6 addresses mode which assigns IP addresses being used by only one user at a time the whole duration of the connection to the server.

In this mode, all ports are opened, with the exception of unencrypted outgoing port 25 TCP, usually used by the SMTP protocol, which is blocked to prevent abuse by spammers.

8. As of now, we propose a variety of payments options including anonymous methods such as Bitcoin, Bitcoin Cash, Litecoin, Monero, Ethereum and some other cryptocurrencies (through CoinPayments) and cash money via postal mail.

We also offer PayPal, credit cards (VISA, MasterCard and American Express through Paymentwall) and Swish. We do not store sensitive payment information on our servers, we only retain an internal reference code for order confirmation.

9. We recommend our users to use our WireGuard servers, using official
clients and tools available on Linux, macOS, Android, iOS, OpenWRT
(routers), and soon on Windows.

– Data channel cipher: ChaCha20 with Poly1305 for authentication and
integridad de los datos
– Authenticated key exchange: Noise Protocol Framework’s Noise_IKpsk2,
using Curve25519, Blake2s, ChaCha20, and Poly1305. It uses a formally
verified construction.

10. We offer a custom open-source VPN application called azclient for all major desktop platforms (Windows, macOS and Linux) and currently support OpenVPN. Its source code is released on Github under a GPLv2 license. We plan to add a kill switch and DNS leak protection features to our client in the future.

As we provide our users with a full dual stack IPv4/IPv6 functionality on all
servers and VPN protocols, we do not need to provide any IPv6 leak protection. Our tunnels are natively supporting IPv6 even from IPv4 only lines, by tunneling IPv6 traffic into IPv4 transparently. Also, our WireGuard servers can be reached through both IPv4 and IPv6.

11. We physically own all of our hardware in all locations, including bare metal dedicated servers and switches, brought and installed on our own, co-located in closed racks on different data centers around the world meeting our strict security criteria, using dedicated network links and carefully chosen network upstream providers for maximum privacy and network quality.

We host our own non-logging DNS servers in different locations and provide DNSCrypt support for DNS requests encryption.

12. As of now, we operate across five locations including Canada, Spain,
Sweden, the United Kingdom, and the United States. New locations in Oslo,
Norway and Amsterdam, the Netherlands are planned soon. There are no
virtual locations.

AzireVPN website

1. We do not store a historical record of VPN sessions, source IPs, or sites you visited. We store a byte count of data used in the last 30 days and number of parallel connections.

2. Windscribe Limited, Ontario (Canada) Corporation.

3. We use bespoke tools specifically made for the purpose. We use the bandwidth usage in 30 days + number of parallel connections to weed out extreme cases of abuse (100+ connections and hundreds of terabytes used).

4. No, we self host everything. This includes email, analytics, support desk, and live chat. The only 3rd party services we use are Stripe, PayPal and CoinPayments.

5. We notify the sender that the IP address is a VPN node and is shared by hundreds of people at any given moment, so there is no way to trace the activity to any single user.

6. We have received multiple subpoenas and court orders requesting subscriber information. Our response was identical to what we send in case of a DMCA related request. We were never ordered to log users (although there were requests), but since we’re in Canada which has no mandatory data retention directives that apply to VPNs, we wouldn’t need to comply.

7. BitTorrent is allowed in all locations as we don’t interfere with the traffic. We request that users don’t use it in India, Russia and South Africa due to more stringent providers in those regions, but it’s more of a guideline than a rule.

8. Credit cards (Stripe), PayPal, all major cryptocurrencies and various gift cards. As we don’t store any logs of this type, there is nothing to link the payments to.

9. We support OpenVPN and IKEv2. Both are equally secure as we use the strongest encryption possible (GCM-AES-256) with both. We recommend trying IKEv2 first, as it’s faster almost in all cases. If it’s blocked on your network, then you can use OpenVPN which operates on common ports and is a lot harder to block, especially when using Stealth (Stunnel) mode. Our application tries all the protocols automatically and uses the best one for your specific network.

10. The Windscribe Firewall is built into our Windows and Mac applications. It blocks all connectivity outside of the tunnel to ensure that there is zero chance of any kind of leak, including but not limited to DNS leaks, IPv6 leaks, WebRTC leaks, etc. This is superior to a “kill switch”, which is a reactive measure, so there is no guarantee that nothing will leak.

11. All our servers are bare metal machines which are leased from various reputable hosting providers worldwide. We request to remove all anti-DDoS mitigations when possible to help reduce the chance of network monitoring. Each VPN node we operate has a recursive DNS server running on it, which is only accessible over the tunnel.

12. We have servers in 60 countries and over 110 cities. All our servers are physically where they are claimed to be, as we don’t have any fake/virtual locations.

Windscribe website

vpnarea1. We do not keep or record any logs. We are therefore not able to match an IP-address and a time stamp to a user of our service.

2. The registered name of our company is “Offshore Security EOOD” (spelled “ОФШОР СЕКЮРИТИ ЕООД” in Bulgarian). We’re a VAT registered business. We operate under the jurisdiction of Bulgaria.

3. To prevent email spam abuse we block mail ports used for such activity, but we preemptively whitelist known and legit email servers so that genuine mail users can still receive and send their emails.

To limit concurrent connections to 6, we use an in-house developed system that adds and subtracts +1 or -1 towards the user’s “global-live-connections-count” in a database of ours which the authentication API corresponds with anonymously each time the user disconnects or connects to a server. The process does not record any data about which servers the subtracting/detracting is coming from or any other data at any time, logging is completely disabled at the API.

4. We host our own email servers. We host our own Ticket Support system on our servers. The only external tools we use are Google Analytics for our website and Live Chat software by Tawk.

5. DMCA notices are not forwarded to our users as we’re unable to identify a responsible user due to not having any logs or data that can help us associate an individual with an account. We would reply to the DMCA notices explaining that we do not host or hold any copyrighted content ourselves and we’re not able to identify or penalize a user of our service.

6. This has not happened yet. Should it happen our attorney will examine the validity of the court order in accordance with our jurisdiction, we will then inform the appropriate party that we’re not able to match a user to an IP or timestamp, because we’re not keeping any logs.

7. BitTorrent is allowed on all our servers. We offer port forwarding only on the dedicated IP private VPN servers at the moment. We will work on providing port forwarding automatically on all servers soon. The only ports which are blocked are those widely related to abuse, such as spam.

8. We accept PayPal, Credit/Debit cards, AliPay, Bitcoin, Bitcoin Cash, WebMoney, GiroPay, and bank transfers. In the case of PayPal/card payments, we link usernames to the transactions so we can process a refund. We do take active steps to make sure payment details can’t be linked to account usage or IP assignments. In the case of Bitcoin, we do not link usernames to transactions.

9. We use AES-256-CBC + SHA256 cipher and RSA4096 keys on all our VPN servers without exception. We also have Double VPN servers, where for example the traffic goes through Russia and Israel before reaching the final destination.

10. Yes, we provide both KillSwitch and DNS Leak protection. We actively block IPv6 traffic to prevent IP leaks, so connections are enforced via IPv4.

11. We work with reliable and established data centers. Nobody but us has virtual access to our servers. The entire logs directories are wiped out and disabled, rendering possible physical brute force access to the servers useless in terms of identifying users. We use our own DNS servers.

12. All our servers are physically located in the stated countries. A list of our servers in 60+ countries can be found here.

VPNArea website

vpnbaron1. We do not keep traffic logs that match an IP address to a user.

2. Our registered legal name is Hexville SRL. We’re under Romanian jurisdiction, which is a member of the European Union.

3. Our tools are developed in-house. To limit the concurrent connections we keep track of the active connections of users. Every user has a limited number of concurrent connections, depending on his subscription. When he connects, we subtract one. When he disconnects, we add one back. Reach zero and the service will not allow the user to connect until he disconnects one of his active instances.

To limit the brute force types of abuses, we monitor the health of the servers and limit the network priority of the obvious DDOS that might be masked through our service. SMTP abuses will also result in temporary port blocking for that service.

4. Emails and the support platform are hosted in-house. For our sales site analytics, we rely on Google Analytics. Live support is hosted by tawk.to, which has a great privacy policy.

5. We designed our system in such a way that DMCA notices cannot be forwarded to our users. A diverse approach is needed to deal with this particular industry issue: from explaining that we don’t host any content to replacing IPs and servers that received multiple strikes.

6. No subpoena has been received by our company. If that happens, we’ll be sure to assist as much as we’re legally obliged.

7. We allow any kind of traffic, P2P included. Port forwarding is not active at this time.

8. We use Bitcoins (and many other kinds of virtual currencies: ETH, XRP, DGB, LTC ), PayPal, PerfectMoney and credit cards. The sales & billing platform is stored separately from the actual VPN system, and VPN credentials are randomly generated, making it harder for them to be associated with an email address.

9. For mobile, we recommend IKEV2 Protocol which supports VPN-ON-DEMAND, allowing users to stay connected even when changing wifi networks or switching from wifi to data. We also support OpenVPN, with AES-256-CBC cipher, TLSv1/SSLv3 DHE-RSA-AES512-SHA, 2048 bit RSA.

On top of the OpenVPN, you can also choose one of the two anti DPI (Deep Package Inspection) protocols: “TOR’s OBFSPROXY Scamblesuit” and “SSL” that mask your VPN connection from your ISP. These protocols come handy in places that actively block VPN connections, like China, Egypt or university campuses.

10. Yes, we have an incorporated kill switch in our client as well as DNS leak protection. At the moment, only IPv4 is supported, but we do provide assistance to any user that might experience leaks.

11. We use our own DNS and Google DNS for some servers. Because of the nature of the industry, we consider that replacing servers and blacklisted IPs is fast as possible. The partners don’t have permission to access the servers and we’ll immediately stop the collaboration at any suspicion of snooping.

12. We do not offer virtual locations. We offer more than 30 servers in 18 countries and we’re expanding fast. You can find the full list here.

VPNBaron website

1. We do not keep any logs, and thus we have no data that could be retained and attributed to a current or former user. We do not collect any IP addresses, browsing history, session information, used bandwidth, connection timestamps, network traffic, or similar data.

2. Surfshark provided by Surfshark Ltd., a company registered in the British Virgin Islands (BVI).

3. We neither monitor nor log user activity on our network. Also, currently we do not limit the number of simultaneous connections. As a safeguard against abuse, such as unauthorized resellers or organizers of illicit activities which involve the use of a very large number of devices, we have implemented a Fair Usage Policy which manages inappropriate use of network and guarantees that our services can be used fairly by everyone.

4. For our operations and day-to-day business, we use the secure email system Hushmail. We do not use any of Alphabet Inc. products, except for Google Analytics, which is used to improve our website performance for potential customers. For a live 24/7 customer support and ticketing service, we use industry-standard Zendesk.

5. DMCA takedown notices do not apply to our service as we operate outside the jurisdiction of the United States. In case we received a non-US equivalent, we could not be of any help to authorities because of our strict no logs policy. It would simply not be possible to attribute any claims to a specific user as we have no information about any of our current or former users.

6. We have never received a court order or any logging requirement from the British Virgin Islands (BVI) authorities. If we ever received a court order from the BVI authorities, we would truthfully respond that we are unable to identify any user as we keep no logs whatsoever. If data retention laws would be enacted in the BVI, we would look for another country to register our business in.

For any information regarding received legal inquiries and orders we have a live Warrant canary.

7. Surfshark is a torrent-friendly service. We not only allow all file-sharing activities and P2P traffic, including BitTorrent, but also protect P2P users from any possible threats, such us tracking, surveillance, and such. We do not provide port forwarding services, and we block port 25.

8. Surfshark subscriptions can be purchased using various payment methods, including many which are only available in certain countries. As well as cryptocurrency we accept PayPal, Alipay and major credit cards. None of these payments can be linked to a specific user account.

9. For our users, we recommend using advanced IKEv2/IPsec and OpenVPN security protocols with strong and fast AES-256-GCM encryption and SHA512 signatures. The AES-256-GCM is different from a widespread AES-256-CBC as it has an inbuilt authentication which makes encryption process much faster. All our apps are based on a fast, stable, and reliable IKEv2 security protocol, including Windows app, which is a very rare case in the industry. Our Linux app is based on OpenVPN.

10. We provide ‘kill switches’ in most of our apps which also have built-in DNS leak protection. Also, Surfshark comes with a plethora of other security features, such as IP masking, IPV6 leak protection, WebRTC protection, a CleanWeb™ feature to block trackers, ads, and malware, MultiHop™ which works as double VPN, Whitelister™ for a split tunneling functionality, etc.

Currently, we do not support Dual Stack IPv4/IPv6 functionality, but it is in the product development roadmap.

11. We use our own DNS servers which do not keep any logs as per our Privacy Policy. All our servers are physically located in trusted third-party data centers. We always perform due diligence before choosing each of our providers to make sure they meet our security and trust requirements.

Nevertheless, even in the case of unanticipated snooping attempts, nobody would be able to decrypt the traffic as we encrypt it with modern AES-256-GCM encryption which has not been cracked yet.

12. As of March 2019, we maintain over 800 servers which are physically located in 69 locations, based in 50 different countries. We do not offer virtual locations.

Surfshark website

1. We don’t store any kind of IP logs in any shape or form, neither through the available payment methods during the order, nor on the VPN servers themselves.

All VPN servers are set up in a way to completely avoid producing critical output in the first place, or in the very few rare cases where they do, we redirect it to “/dev/null” right away.

2. Technically speaking, we don’t have a company which is incorporated with our VPN business infrastructure. We operate this entire service with a group of four individual persons, who mostly reside in the Eastern European region and we, therefore, don’t have, need or want a company headquarter address.

There is no such thing as a main jurisdiction under which our service operates from. For tax reasons only, we have a company structure set up in Bosnia. It is not visible in the public eye and only used behind the curtains for certain actions.

3. We take common counter-measures if deemed reasonable. For example, blocking certain ports like 25, 80. Or,  if we know certain ports are the default port of RATs then we disallow such few ports from being forwarded. But seeing how a user could simply use another non-default port instead, this isn’t really so effective either. Concurrent connections are not checked.

If we receive an abuse complaint about an event which is literally happening right now, in realtime, then we do a quick simple check if the user is maybe assigned to a dedicated IP. If that’s the case, we go ahead and suspend this account to end the ongoing abuse.

4. Yes, we use Kayako ticket software for support. Apart from that, we use self and custom coded solutions within our whole infrastructure wherever possible. On the website, we use only two third-party services, that being the CAPTCHA picture provider and the support ticket software.

5. DMCA notices are internally treated as low ranked abuse cases which are mostly ignored where possible. For countries like the USA, we send an automated template reply to the hosting provider informing them the case has been solved. Only in very rare cases, we would even think about moving an entire shared IP group to another country where DMCA notices are ignored, like Sweden, Switzerland and the like.

6. The steps are identical and always the same. We reply to the requester and explain that there are no IP logs kept and that no other useful information is available which could help during the event of an investigation.

And yes, requests along the lines of somebody basically asking us to start logging in order to help solve a certain case, have actually happened in the past, but we did not and are not going to comply with those kinds of requests.

7. File-sharing is allowed on all our server locations and it’s really no issue to us. We offer a port forwarding feature. We have only one port blocked in the Firewall: 25/tcp

8. Non-disputable payment solutions like Bitcoin (Cryptocurrency in generally), PerfectMoney, WebMoney, Paysafecard, Amazon Giftcard, Yandex are NOT linked with the user account, because there is no reason to do this. Non-disputable payments are paid and forgotten. Contrary to that, disputable payment methods like PayPal, Skrill are linked to a user account in order to suspend the account in the case of a payment dispute.

This has nothing to do with IP assignments or account usage, the linking for disputable payment methods is strictly limited to the event where a payment gets disputed, so that the related account can be closed.

9. We would still recommend using our default OpenVPN 256 Bit AES-CBC / SHA512 solution, but on top of that, we offer even further obfuscation / hardening approaches. For example, a TLS-crypt OpenVPN config, or even combine it with Stunnel (which is available on all servers) to add a second layer of traffic obfuscation where needed/desired.

10. Yes, our own custom-coded client has an advanced IP kill-switch and as well a DNS leak protection for IPv4 included. Furthermore, we are currently working on a fully native IPv6 integration some point this year. Once that is completed, we will add IPv6 DNS/IP leak protection. There is no Dual Stack IPv4/IPv6 functionality available yet.

11. The server infrastructure for the VPN servers is operated from third-party datacenters. Even if we wanted, we can not always have full physical control of all servers all over the globe. Yes, we are from now on using our own setup DNS nameservers provided by the “Unbound” software.

About the snooping part, we are in fact currently working on our own implementation approach to further harden potential snooping attempts from third-parties.

12. At the time of writing this, we operate physically located servers in the following countries: Albania, Armenia, Australia, Austria, Belarus, Canada, Czechia, Denmark, Finland, France, Germany, Hong Kong, Hungary, India, Iran, Israel, Italy, Kaliningrad, Macedonia, Moldova, Netherlands, Norway, Panama, Poland, Romania, Russia, Serbia, Singapore, South Africa, South Korea, Spain, Sweden, Swiss, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States.

Given that some of those locations are very exotic and hard to acquire, 11 of those countries use virtual servers.

nVpn website

airvpn1. No, we don’t keep such logs and we do not log or inspect users’ traffic data and/or metadata.

2. The name is AirVPN and it operates in Italy. The VPN service has been active since 2010.

3. Our infrastructure remains totally protocol and application agnostic. The limit of 5 concurrent connections per account is enforced through a simple integer counter to not affect in any way the customers’ privacy layer.

4. No, we do not use any external e-mail provider or any external analytics or support tool. We do not use any tracker for any purpose, not even in our  Android app.

5. They are ignored unless the takedown notice pertains to some web site hosted behind our VPN servers (thanks to our remote port forwarding system), in which case we reserve the right to investigate that web site and make a decision based on a case-by-case basis.

6. We will do our best to comply with legitimate orders by competent magistrates, but of course, we can’t give out information that we do not have.

About orders enforcing indiscriminate traffic monitoring, they can’t be satisfied by us because we do not meet the legal requirements to gather data in such a way which can be legally meaningful in a court (the chain of integrity cannot be assured), so it’s unrealistic to suppose such a scenario, which actually has never occurred in 9 years of operations.

7. Yes, P2P protocols are allowed on every and each Air VPN server. Our infrastructure remains protocol and application agnostic.  The only and unique exception is our block of outbound port 25, which is anyway not a big deal except for professional spammers. We support inbound remote port forwarding, while no outbound ports (except 25) are blocked. Therefore, services behind our VPN servers, including P2P software, can receive incoming connections if the user wishes so.

8. We rely on PayPal, 2Checkout Avangate and CoinPayments for a wide range of cryptocurrencies, including Monero and ZCash, while we process Bitcoin directly without intermediaries. Since the transaction data will be retained indefinitely (or for a very long time) by credit card companies and PayPal, we make sure to accept payments with cryptocurrencies, to offer the option to make the privacy and anonymity layers stronger and prevent any correlation between VPN usage and customers’ identities.

Additionally, we do not require any personal data to use the service, not even an e-mail address. If a customer shares an e-mail address (essentially to receive support via e-mail) this will be protected according to the best privacy and personal data protection practices and in accordance with the GDPR. No data is ever sent to any third-party entity.

9. We would recommend using the latest OpenVPN version supporting tls-crypt and TLS 1.2 (as soon as OpenVPN 2.4.7 will be widespread, we will also support TLS 1.3). Preferred cipher for both the Control Channel and the Data Channel are AES-256-GCM (default settings in our service). In case an old OpenVPN version is used, we recommend AES-256-CBC with HMAC-SHA384 as MAC (default settings again in our service when used with old OpenVPN versions). The initial handshake must be protected by an RSA key, which must have at least a 2048 bit size (4096 bit in our service).

It is essential that on server side OpenVPN operates in “full TLS” mode to ensure Perfect Forward Secrecy. For an effective PFS, Diffie-Hellman keys must be at least 2048 bit in size, and should be unique on each server (we use per server unique 4096 bit DH keys).

Last but not least, as an obvious requirement for the aforementioned TLS mode that AirVPN has always employed, OpenVPN must be configured properly to ensure reciprocal authentication between client and server via certificates and keys (never with username and password alone).

10. Our free and open source software, available for Android, GNU/Linux, OS X, macOS and Windows, implements a “Network Lock” method to prevent traffic leaks outside the VPN tunnel.

AirVPN supports pure IPv6, pure IPv4, and IPv6 over IPv4 connections. Optionally, our software can even block IPv6 completely (disabling IPv6 option is not available on Android for system access limitations). Users whose ISP does not provide IPv6 connectivity can access IPv6 based services through our VPN servers. DNS leaks are prevented as well.

11. We do not own datacenters, so our servers are all hosted in third-party datacenters, either when they are our property or they are rented. Mitigation against data snooping by datacenters is carefully applied. Mitigation includes, but is not limited to:

– no database is kept on the VPN servers
– all logging is sent to /dev/null
– everything is kept in RAM except the parts required for the bootstrap of the server
– any change to the system is recorded and sent encrypted to us (and not stored on the server)
– unnecessary kernel or system parts are discarded
– DH keys are on the server, but they are unique per each server
– IPMI is disabled or access to it is restricted to specific VPN or specific IP addresses
– VPN servers do not communicate directly with backend servers: any necessary communication passes through reverse proxies, so that single datacenters can not know where the databases (client keys, certificates, etc.) are located.

We talk about mitigation because the main threat in this respect is simply inspecting all incoming packets and correlating them with all outgoing packets. There is no known method to ascertain for sure when such “black boxes”, external to the server, are operating, simply because they work “outside”. For such a threat model, again we recommend partition of trust and that’s also the reason for which we support Tor so strongly by running or financing a great number of relays and exit nodes.

12. Our servers locations, as well as a lot of additional information, are visible in our real-time servers monitor here. We don’t use virtual servers.

AirVPN website

cactus1. We don’t keep any logs.

2. CactusVPN Inc., Canada

3. We restrict our services to up to 5 devices per account for the VPN connection. Abuse of services is regulated by our Linux firewall and most of the datacenters we rent servers from provide additional security measures against server attacks.

4. No.

5. We haven’t received any official notices yet. We will only respond to local court orders.

6. If we receive a valid order from Canadian authorities, we have to help them identify the user. But as we do not keep any logs, we just can’t do that. We haven’t received any orders yet.

7. BitTorrent and other file-sharing traffic are allowed on servers in the Netherlands, Germany, Switzerland, Spain and Romania.

8. PayPal, Visa, MasterCard, Discover, American Express, Bitcoin & Altcoins, Alipay, Qiwi, Webmoney, Boleto Bancario, Yandex Money and other less popular payment options.

9. We recommend users to use SoftEther with ECDHE-RSA-AES128-GCM-SHA256 cipher suite.

10. Yes, our apps include a Kill Switch. They also include DNS Leak protection. We only support Iv4.

11. We use servers from various data centers. All the VPN traffic is encrypted so the data centers cannot see the nature of the traffic, also the access on all servers is secured and no datacenter can see its configuration.

12. Here is our overview of server locations.

CactusVPN website

trustzone1. Trust.Zone doesn’t store any logs. All we need from VPN users is an email to sign up. No first name, no last name, no personal info, no tracking, no logs.

2. Trust.Zone is under Seychelles jurisdiction. The company is operated by Internet Privacy Ltd.

3.Trust.Zone doesn’t use any third party tools on our website. The only restriction is three simultaneous connections per user.

4. Trust.Zone does not use any third-party support tools or tracking systems.

5. If we receive any type of DMCA requests or Copyright Infringement Notices – we ignore them.

6. A court order would not be enforceable because we do not log information and therefore there is nothing to be had from our servers.

Trust.Zone is a VPN provider with a Warrant Canary. Trust.Zone has not received or been subject to any searches, seizures of data or requirements to log any actions of our customers.

7. We don’t restrict any kind of traffic. Trust.Zone does not throttle or block any protocols, IP addresses, servers or any type of traffic whatsoever.

8. All major credit cards are accepted. Besides PayPal, Alipay, wire transfer and many other types of payments are available. In 2018 we have started working in partnerships with anonymous crypto like Verge, Bytecoin, Emercoin.

9. We use a protocol which is faster than OpenVPN and also includes Perfect Forward Secrecy (PFS). Trust.Zone uses AES-256 Encryption by default. We also offer L2TP over IPsec which also uses 256bit AES Encryption.

10. Trust.Zone supports a kill-switch function. We also own our DNS servers and provide users with using our DNS to avoid any DNS leaks. Trust.Zone has no support for IPv6 connections to avoid any leaks. We also provide users with additional recommendations to be sure that there are no DNS leaks or IP leaks.

11. We have a mixed infrastructure. Trust.Zone owns some physical servers and we have access to them physically. In locations with lower utilization, we normally host with third parties. But the most important point is that we use dedicated servers in this case only, with full control by our network administrators. DNS queries go through our own DNS servers.

12. We are operating with 177+ dedicated servers in 37 countries and are still growing. We also provide users with dedicated IP addresses if needed. The full map of the server locations is available here.

Trust.Zone website

1. SwitchVPN does not store any logs which would allow anyone to match an IP address and a time stamp to a current or former user of our services.

2. The name of the company is CS SYSTEMS, INC and it operates out of the United States.

3. We use preventive methods to prevent abuse of our service such as SMTP blocking which would prevent any spamming from occurring.

4. We use Crisp Live Chat and Google Analytics but users can choose to chat with us without providing any identifying details and no personal information is stored.

5. SwitchVPN is transitory digital network communications as per 17 U.S.C § 512(a) of the Copyright Act. So in order to protect the privacy of our users we use shared IP addresses, which makes it impossible to pinpoint any specific user. If the copyright holder only provides us with an IP address as identifying information, then it is impossible for us to associate a DMCA notice with any of our users.

6. There have been no court orders since we started our operation in 2010, and as we do not log our users’ sessions and we utilize shared IP addresses, it is not possible to identify any user solely based on timestamps or IP addresses.

Currently, there is no mandatory data logging in the United States but in-case the situation changes, we will migrate our company to another privacy friendly jurisdiction.

7. Yes, all torrent traffic is allowed on all of our servers, however, we have a special list of servers which provides a port forwarding option which will give people a better experience while torrenting. No ports are blocked.

8. We accept Credit Card, PayPal, Bitcoin, and Paymentwall. SwitchVPN assigns all of its users random login details instead of email and password. Which makes it more anonymous while using our service.

9. By default, our application uses the highest encryption settings in OpenVPN with AES-256-GCM.

10. Yes, our application comes with built-in Kill Switch in case of any drops and SwitchVPN also uses its private DNS to anonymize all DNS requests. It also comes with DNS leak protection and it has passed all the tests by major reviewers. Currently, we do not offer Dual Stack IPv6 Functionality but it will be implemented very soon.

11. Before we get into agreement with any third party, we make sure the company does not have any poor history for privacy and we make sure the company is in-line with our privacy requirements for providing our users with a no log VPN service. We also use our own DNS servers to anonymize all DNS requests.

12. All our servers are physically located in the countries we have mentioned, we do not use virtual locations.

SwitchVPN website

1. At VyprVPN we do not log any usage data from our VPN service, and we are unable to match an IP-address and a time stamp to a specific user.

2. Golden Frog, GmbH – Meggen, Switzerland. We have operated under the jurisdiction of Swiss law since 2014.

3. Our proprietary server software checks open VPN connections to the servers so we can enforce concurrent connection limitations. This state information is not logged. Once the connection closes the state information is gone. We also block port 25 (SMTP) outbound on our edge routers to mitigate the use of our service to send SPAM.

4. We use a couple of different platforms, namely Zendesk for support tickets and SnapEngage for live chat support. We also utilize Silverpop and MailChimp as our email platforms to communicate with customers. Our customers, of course, keep the option to opt out of our email program if they’re not interested. We only share account information, such as email address, with our providers; and have a strict no log policy that prevents us from obtaining or sharing any customer VPN usage data internally or externally.

5. To increase the privacy for our users, we do not log the IP address used by any user. If we receive a DMCA notice that relies on IP address and a time stamp as identifying information, it is not technically possible for us to associate a DMCA notice with any of our users with this information.

6. We cooperate fully with law enforcement agencies. In the past, we have always requested a subpoena before providing a member’s identifying information – minimal information reasonably calculated to identify and no more.

We only record personal data that is associated with a user’s account which can include name, email address, phone number, payment information and/or physical address. We do not retain any data associated with the VPN service usage. Although we have never been asked by law enforcement to log additional user activity, we would seek the protection of strong Swiss privacy laws to vigorously fight such an attempt.

7. We do not discriminate against devices, protocols, or application. All traffic is allowed on our network at any of our VPN servers across the world, including BitTorrent.

Once a customer is connected to our service they are provided with a public IP address that allows all ports inbound to them. Outbound traffic is open as well with the exception of port 25. We block 25 outbound to prevent the abusive use of our service for sending spam.

8. We never store credit card information or other potentially vulnerable payment information for any of our customers. We utilize well known, industry standard, payment processors to protect this information. And since we are a No Log VPN service we cannot link any individual’s account usage or IP-assignments to our customers.

9. For the most private experience, we recommend that our users try our proprietary Chameleon VPN Protocol in tandem with VyprDNS, our No Log DNS service.

10. Absolutely, we understand the need to protect people on insecure networks or living under censorship restrictions. VyprVPN includes a Kill Switch feature that is available on our Mac, Windows, and Android apps. DNS Leak Protection is included with all our desktop and mobile applications. VyprVPN also offer users access to our No Log DNS service, VyprDNS, to further protect DNS requests. We currently only run IPv4.

11. We own, engineer and manage our VPN servers and network so we can deliver fast and reliable connections and remain independent from any third parties. Along with owning 100% of the physical hardware to operate VyprVPN, we also own and operate our own DNS solution – VyprDNS.

12. We do have some virtual locations and we allow VyprVPN users to utilize more than 200,000 IP addresses. We maintain and operate more than 700 servers scattered across more than 70 different countries. We have virtual locations in our own physical data centers across the globe.

VyprVPN website

attorney1. We do not keep any logs at all.

2. Three Monkeys International Inc., registered in Seychelles.

3. There’s no limit aside from three active auth sessions per membership. We use Wireshark and TCPdump once every while, to block problematic flows of traffic (such as DNS amplification), and we are one of the rare VPN providers to always inform our members before doing so.

4. No, everything runs in-house.

5. We publish a public report (itself recorded at the Lumen Clearinghouse), and we state to the reporter that beyond blocking the port there is nothing we can do.

6. We publish orders and requests to the public before undertaking any action. We will never actively monitor our users following the lessons we learned from the EFF and others. We can only give access to our servers to competent authorities while ensuring to keep our users updated about such a move, either through a direct notice or our warrant canary. So far, we modified our warrant canary once about a server in France that we later dropped from our network.

7. We do not discriminate any traffic activity so BitTorrent and other file-sharing traffic are allowed. We provide port forwarding services, and we only block ports that generate abuse for third-parties.

8. We use PayPal, G2A, Paymentwall, and CoinPayments. All four combined lets us process pretty much any kind of payment method ranging from credit card to cryptocurrencies.

9. We have an advanced TLScrypt curved coupled with Serpent that we are experimenting with. Alternatively, we recommend TOR’s “obfs4” obfuscation along with our standard AES-256 + RSA4096 + SHA512 (with Perfect Forward Secrecy) that alone matches the industry’s finest standards. We provide a variety of protocols (ECC, SoftEther-based, XOR, etc.) to match the tastes and expectations of everyone.

10. We provide kill switches directly inside our VPN client, and we also have detailed tutorials on implementing custom kill switches. Our network forbids any public IPv6 and provides dual stack technology to let users connect to the IPv6 network using private methods as with IPv4.

11. We use our custom DNSCrypt servers, and all our equipment is running from encrypted RAM-based processes. Most of our servers are bare-back with own hardware. And for exotic locations where we rent from third parties, we ensure to kill off any KVM access, so our setup runs from a unique, auto-starting image.

12. We operate servers in more than 50 countries, and we only provide real physical locations. We do not use virtual locations.

Proxy.sh website

1. We don’t log any user-identifying information. Metadata or identifiers namely IP addresses, timestamps or any sort of connections on our VPN or authentication servers. The speed of connections are not logged or retained at all. Period.

That being so, the total amount of data used is kept for a month solely for the limited purpose of preventing trial abuse duly stated in our money-back guarantee as well.

2. PrivateVPN is run by a Swedish company viz. ‘Privat Kommunikation Sverige AB’ under Swedish jurisdiction

3. The nature of our VPN service makes it practically impossible for us to do any sort of live monitoring at all.

4. We use a service known as LiveAgent to provide email or ticket and live chat support. They do not hold any information about chat sessions. Chat conversation transcripts are not stored on chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email to a user, and then destroyed.

5. DMCA is not applicable to our service as it is not a codified law or act under Swedish jurisdiction. So, it is none of our business. A Swedish equivalent isn’t in the scene as of now in our jurisdiction at all.

6. As already mentioned above, we don’t retain or log any identifiers at all. So, basically even when ordered to actively investigate a user we are limited to the number of active logins which is just a numerical value. That being said, we have not received a court order to date.

7. Of course, P2P is allowed on all our servers as a matter of policy. Port forwarding is readily available on all the platforms. Moreover, Dynamic Dedicated IP with all ports open (which you are allotted from a block of IPs we have dynamically when you are connected, this IP is a dedicated IP and when allotted to you, no one else in the world but you are uniquely using it.) are also available. Dynamic dedicated IPs are offered in multiple locations (not all as of now) with OpenVPN-TUN-UDP/1194 connection type only.

8. We support PayPal, Stripe, and Bitcoin. Alipay as a payment method is en route. We offer a 30-day money-back guarantee and in order to enforce it, we keep a track of payments linked to a user account. There is no way to link an IP address assigned from us to a user account as we do not log such data.

9. No single VPN protocol works for everyone. We support multiple VPN protocols viz. PPTP, L2TP, IPsec, IKEv2, OpenVPN and Wireguard(beta). Our default VPN protocol on all the platforms is OpenVPN over UDP with 256-bit security for both data and TLS control channel encryption.

We recommend a user with an ideal ISP to use OpenVPN over UDP/1194. In case your ISP happens to throttle default OpenVPN port 1194, you can use OpenVPN over TCP/443, which is deployed with the latest –tls-crypt that OpenVPN offers for additional privacy and very basic obfuscation of the protocol itself.

For users who love built-in VPN clients for an OS, like Windows, Mac, Blackberry, iOS etc, we recommend IKEv2. For users from UAE, Egypt, some parts of China etc, we are offering and actively improving secure Stealth VPN technology to tunnel a client’s VPN traffic for users from Egypt, UAE, China etc. For Tor lovers, we offer a guide, help, instructions on how to connect to our OpenVPN servers over Tor for additional security and privacy.

For speed and comparatively low latency, state-of-the-art Wireguard server is recommended.

10. Our Windows VPN App offers robust Kill switch and DNS leak protection. DNS leaks on any major platform are owing to broken installations which are fixed as soon we see a report or any issues. IPv6 leak protection is available on every platform and multiple VPN protocols. We offer guides and instructions to set up a kill switch on macOS, GNU/Linux, BSD etc and are rapidly working with our developers to add these features in our easy to use and install VPN applications.

As of now, no Dual stack VPN is available, unfortunately.

11. We have physical control over our servers and network in Sweden. We’re only using trusted data centers with strong security. Our providers have no access to PrivateVPN’s servers and most importantly, there is no customer data/activities stored on the VPN servers or on any other system we have.

12. We use a mix of physical and virtual servers depending on the demand and needs of a given location. Virtual servers are categorized in our server list on our website to avoid confusion and maintain transparency.

PrivateVPN website

1. No, FastestVPN does not record any logs. Your internet activity such as your browser history, traffic destinations, DNS queries, downloads and uploads, and the websites you visit all stay with you.

2. FastestVPN is incorporated under the name Fast Technology Limited. It operates out of the Cayman Islands and under its jurisdiction.

3. We use an in-house developed tool to limit the maximum number of connections to 10 devices. It is used for this purpose and this only.

4. We use Google Analytics and Hotjar to improve our service and make our website more user-friendly. We also use a live-chat tool called Tawk.to for the purpose of providing 24/7 support to customers.

5. Because we operate under the jurisdiction of Cayman Islands, the DMCA has no authority or influence on us. Therefore, we are not required to comply with such notices.

6. Although such an event has not occurred, we may comply in the event a Cayman Islands Court orders us to provide information on a user’s activity. But because we do not log any activity, the information we provide cannot help identify any of our customers.

7. Our servers are optimized for P2P and allow BitTorrent and other file-sharing traffic. We suggest users to connect to our European servers for the best speed.

8. We provide our customers with the option to pay with Credit Card, eWallets (PayPal, Apple Pay, Visa Checkout, MasterPass etc), AliPlay, and other payment methods such as Skrill, Webmoney etc. It is handled by the payment processor which requires only basic billing information for payment processing and refund requests. The details can’t be linked to any particular customer.

9. We recommend the use of the OpenVPN and IKEv2 protocols for better security. We use multiple security protocols coupled with AES 256-bit encryption.

10. We do provide Kill Switch and DNS leak protection features.

11. We rely on both owned and outsourced servers. We maintain exclusive rights to our servers that are physically located across various countries worldwide. We use our own DNS servers.

12. All of our servers are physically located in various countries worldwide. We currently have servers in 23 countries. You can check the full list of locations here.

FastestVPN website

1. No, none of our logs contain any data that can be used to match an IP or time stamp with a user.

2. Cryptostorm consists of several different entities that are in different regions. This is so if an adversary were to put legal pressure on one of those entities, we can simply drop and replace it, along with any resources that might be under it. The names and locations of these entities are not publicly disclosed, simply to make it more difficult for any potential adversaries.

3. Abuse is mitigated by using Snort’s NFQ DAQ as an Intrusion Prevention System. This allows us to block the most basic or automated attacks/scans that would violate the Terms of Service at most data centers. Snort is used directly against the tunnel interface, which means any alerts generated would only include the internal 10.x.x.x VPN IP, which is randomly generated. No customer IPs ever show up in those Snort alerts.

4. No, email/support is done in-house on our own servers.

5. Most of the data centers we’ve chosen aren’t legally required to do anything about DMCA notices or similar complaints. Currently, the only exceptions are one of our Dutch data centers and the London one, which both require a response from us. For them, we use a template very similar to this.

If an ISP, data center, or anyone else were to request customer information related to a DMCA complaint, we wouldn’t be able to provide anything since we don’t have anything. If a data center threatens to suspend our server if we don’t provide something more useful, we would simply stop doing business with that data center.

6.  We wouldn’t be able to comply with any court order requesting customer information since we don’t have any information to give. If a court successfully ordered one of our entities to start collecting customer information, we would absolve any entities in that court’s region.

As of March 2019, we have never received any such court orders. If any “gag orders” were successful, our warrant canary would inform customers of its existence.

7. Yes, BitTorrent etc. is allowed. We also provide port forwarding. The only ports blocked at the moment are blocked for security reasons: ports 135, 139, and 445 which could be used to deanonymize a Windows customer using one of the many NetBIOS/SMB vulnerabilities.

8. Credit/debit card payments are accepted via PayPal and CCBill. Bitcoin is accepted through BitPay. Bitcoin, Litecoin, Bitcoin Cash, Monero, BlackCoin, CloakCoin, Dash, Decred, DigiByte, Dogecoin, Ether Classic, Ether, Expanse, GameCredits, Komodo, LISK, Namecoin, PotCoin, Peercoin, Qtum, Stratis, Syscoin, Vertcoin, VERGE, ZCash, ZenCash, and TetherUSD are accepted through CoinPayments.net.

Our anonymous token authentication system plus our no-logging policy prevents us from knowing which customers are connected to which server, or what traffic they’re generating on that server.

9. Our most secure OpenVPN instances use: AES-256-GCM to encrypt the data channel; TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 for the control channel, forced to at least TLSv1.2 to prevent downgrade attacks, with support for TLSv1.3; 521-bit secp521r1 ECC server/CA certificates (~15360-bit RSA), signed with ecdsa-with-SHA512; A 2048-bit static key for additional encrypting/authenticating of control channel packets via -tls-crypt.

Perfect Forward Secrecy is implemented in all of the above using ephemeral keys or unique DH parameters, with key renegotiation every 20 minutes.

10. For Windows users, our open-source VPN client includes a kill switch and DNS/IPv6 leak protection. For every other OS, we offer firewall rule sets for iptables, ufw, pf, etc. that will accomplish the same. Only IPv4 is supported at the moment, so instructions for blocking or disabling IPv6 are provided.

11. To account for the possibility of physical compromise (i.e., a confiscated server), each server is designed to be as disposable as possible. No data on the servers can be used to identify a customer, nor can it be used to gain access to any other server.

We also do secure PKI management, which means the CA private key is never stored on the VPN server, and each server gets its own unique server certificate/key pair.

Although our data centers aren’t known to actively monitor customers, we assume that they are, or can if requested. That’s why we use cryptography that’s probably unbreakable, which means the most any snooper can see is encrypted traffic coming in, but because of other users on the server, they won’t be able to correlate incoming and outgoing traffic.

We use our own DNS servers, as well as DNSCrypt to encrypt a client’s DNS before they connect to the VPN. We also offer an optional DNS-based ad/tracker blocking service. All of our DNS and DNSCrypt servers are publicly available, which means you don’t have to be a customer of ours to use them.

12. Our current country/server list is available here. We do not use VPS/VMs for our VPN servers. Only bare metal dedicated servers.

CryptoStorm website

1. We do not maintain any logs that would allow us to identify a user.

2. What The * Services, LLC is incorporated in the USA.

3. All limiting is done by active sessions to prevent one person from sharing an account with hundreds of people. We use a custom session management system which operates completely on real-time data and keeps no logs.

4. We run all of our own communications infrastructure. No analytics software is used currently.

5. We send out the following response as we have no logs.

6.  We have only had one of these requests for a VPS client. The customer’s identity was never revealed to the people making the DMCA take-down request and subpoena, because the bill was paid in Bitcoin & throwaway email account was used.

If this happens again in the future, we will take several steps. First, we would consult with our lawyers to confirm the validity of the order/subpoena, and respond accordingly if it is NOT a valid order/subpoena. Then we would alert our user of the event in the event we are legally able to.

If the order/subpoena is valid, we would see if we have the ability to provide the information requested, and respond accordingly if we do NOT have the information requested. If we DO have the information requested, we would immediately reconfigure our systems to stop keeping that information. Then we would consult with our lawyer to determine if there is any way we can fight the order/subpoena and/or what is the minimum level of compliance we must meet, and notify the user of the event if we are legally able to do so.

If we were forced to start keeping logs on our users, we would go out of business and start a new company in a different jurisdiction.

7. We do allow file sharing on our network. We do ask people to use the EU nodes for file sharing. We have no way to enforce that, but it helps to prevent the USA based nodes from complaints and shutdown from overzealous copyright trolls. We do offer port forwarding plans with our Perfect Dark Plans. We do not block any ports.

8.  We accept PayPal and cryptocurrency. As always, anyone can open an account anonymously with a wide variety of cryptocurrencies including Bitcoin (BTC), LiteCoin (LTC), Monero (XMR), and many more CryptoCurrencies and AltCoins via CoinPayments.net.

All that is required is a working email for signup. Signups via Tor or proxies are highly encouraged along with placeholder information if paying in cryptocurrency. We also use a completely different authentication infrastructure and random usernames for the VPN accounts.

9. We recommend OpenVPN and our VPN has Perfect Forward Secrecy setup with ECDHE-RSA-AES256-GCM-SHA384 for all our VPN servers. This is based on Softether and Ubuntu which allows people to use any protocols their devices supports.

10. Our VPN profiles are compatible with Qomui (Qt OpenVPN Management UI) and others which have this built into the opensource VPN client. We push custom adblocking DNS to clients. We also have ‘push “block-outside-dns”’ in our OpenVPN server config files which will prevent the client from leaking DNS requests. Additionally, we include “resolve-retry infinite” and “persist-tun” in the OpenVPN client config files which will prevent the client from sending data in the clear if the VPN connection goes down.

11. All of our infrastructure is hosted in 3rd party colocations. But nevertheless,
we use full-disk-encryption on all of our servers.

12. We offer VPN server locations in AU, US, FR, DE, NL, UK, HK, JP. We do offer virtual locations upon request.

WhatTheServer website

ibvpn1. We do not keep ANY logs that can identify a user of our service with an IP address and/or a timestamp.

2. The company’s registered name is Amplusnet SRL. We are a Romanian company, which means we are under EU jurisdiction. In Romania, there are no mandatory data retention requirements.

3. We limit the number of concurrent connections and we are using Radius for this purpose.

4. The back end of the website is a dedicated WHMCS for billing and support tickets. We do not use external e-mail providers (we host our own mail server). Our users can contact us via live chat (Zopim). The chat activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ account.

5. So far we did not receive any DMCA notice for any P2P server from our server list. That is normal considering that the servers are located in DMCA free zones. For the rest of the servers, P2P and file sharing activities are not allowed/supported.

6. So far, we have not received a court order. We do not support criminal activities, and in case of a valid court order, we must follow the EU laws under which we operate.

7. We have dedicated P2P servers that allow BitTorrent and other file-sharing traffic. The servers are located in the Netherlands, Luxembourg, Canada, Sweden, Russia, Hong Kong, and Lithuania. We do not provide port forwarding. We are blocking the SMTP ports 25 and 465 to avoid spam from our servers.

8. Payments are performed exclusively by third-party processors, thus no credit card info, PayPal ids or other identifying info are stored in our database. For those who would like to keep a low profile, we accept BitCoin, LiteCoin, Ethereum, WebMoney, Perfect Money etc.

9. We support SSTP and SoftEther on most of the servers. We also offer double VPN and TOR over VPN.

10. Yes, a Kill Switch and DNS leak protection are implemented in our VPN Clients. Our users can decide to block all the traffic when the VPN connection drops or to kill a list of applications. We allow customers to disable IPv6 Traffic and to make sure that only our DNS servers are used while connected to the VPN.

Also, we support SOCKS5 on our P2P servers which can be used for downloading torrents and does not leak any data if the connection to SOCKS5 proxy drops.

11. We do not have physical control over our VPN servers. We have full remote control to all servers. Admin access to servers is not provided for any third party.

12. The full list of server locations is available here.

ibVPN website

1. No, all details are explained in our no-logging data policy.

2. Amagicom AB, Swedish.

3. We mitigate abuse by blocking the use of ports 25, 137–139, and 445 due to email spam and Windows security issues.

When a customer connects to a VPN server, the server asks the central service to validate the account number, whether or not the account has any remaining time, if the account has reached its allowed number of connections, and so on. Everything is performed in temporary memory only; none of this information is permanently stored to disk.

Our VPN servers send three types of data to our monitoring system: total number of current connections, CPU load per core, and total bandwidth used per server. We log the total sum of each of these statistics in order to monitor the health of each individual VPN server. We ensure that the system isn’t overloaded, and we monitor the servers for potential attacks, bugs, and network issues.

4. We have no external elements on our website. We do use an external email provider. We encourage those who want to email us to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us.

5. There is no such Swedish law that is applicable to us.

6. From time to time, we are contacted by governments asking us to divulge information about our customers. Given that we don’t store activity logs of any kind, we have no information to give out.

Worst-case scenario: we would discontinue the servers in the affected countries. The only information AT ALL POSSIBLE for us to give out is records of payments since these are stored at PayPal, banks etc. This, however, does not prove anything more than you made a payment to us.

7. All traffic is treated equally, therefore we do not block or throttle BitTorrent or other file-sharing protocols. Port forwarding is allowed. Ports 25, 137–139, and 445 are blocked due to email spam and Windows security issues.

8. We accept cash, Bitcoin, Bitcoin Cash, bank wire, credit card, PayPal, and Swish. We encourage anonymous payments via cash or one of the cryptocurrencies. We run our own full node in each of the blockchains and do not use third parties for any step in the payment process, from the generation of QR codes to adding time to accounts.

9. We offer OpenVPN with RSA-4096 and AES-256-GCM. And we also offer WireGuard which uses Curve25519 and ChaCha20-Poly1305. We also offer an experimental post-quantum secure VPN tunnel using WireGuard and NewHope.

10. We offer a kill switch and DNS leak protection, both of which are supported in IPv6 as IPv4. While the kill switch is only available via our client/app, we also provide a SOCKS5 proxy that works as a kill switch and is only accessible through our VPN.

11. At 8 locations – 3 in Sweden, 1 in Amsterdam, 1 in Norway, 1 in the UK, 1 in Finland, 1 in Germany– we own and have physical control over all of our servers. In our other locations, we rent physical, dedicated servers (which are not shared with other companies) and bandwidth from carefully selected providers.

We use our own DNS servers. All DNS traffic that’s routed via our tunnel is hijacked. Even if you set accidentally select another DNS, our DNS will be used. Except if you have set up DNS over HTTPS or DNS over TLS.

12. We don’t have virtual locations. All locations are listed here.

Mullvad website

as1. We do not log period. No meta-data logging, no traffic logging, no bandwidth usage tracking. We do not store any personal or billing information on VPN servers. IPs are shared amongst users and our configuration makes it extremely difficult to single out any user.

2. We are registered in the USA and operate as AceVPN.com

3. We have developed in-house tools to mitigate abuse.

4. We use Google Analytics on www.acevpn.com (marketing web site). We do not track proxied pages. We use G Suite for email. Emails are deleted regularly.

5. If we receive a DMCA takedown, we block the port mentioned in the complaint. IPs are shared by other users and our configuration makes it extremely difficult to single out any user. We do not share any information with third parties.

6. To date, we have not received a court order. We only store billing information which the payment processor or bank or credit card issuer has.

7. We have special servers for P2P and are in datacenters that allow such traffic. These servers also have additional security to protect privacy when P2P programs are running. We do not offer port forwarding.

8. We accept PayPal, Bitcoin and credit cards for payments. We store billing information on a secure server separate from VPN servers and do not track usage nor IP assignments.

9. Our IKEv2 and OpenVPN offer Elliptic curve cryptography (ECC) which
we recommend for secure connectivity. To give an idea, 384 bits ECDSA is equivalent to RSA 7680 bits. Higher the bits, the more secure it gets. We just completed a network upgrade and dropped all insecure algorithms.

10. Yes, we do provide kill switches if a connection drops. Our servers are tested for DNS leaks. We are an IPv4 only service.

11. We have full control over our servers. Servers are housed in reputed
datacenters. Many of them are ISO certified and are designed to the highest specifications for performance, reliability and security. We operate our own DNS servers (Smart DNS) for streaming videos.

For VPN, we use Cloudflare, Google, OpenDNS and Level3 DNS.

12. All our locations are physical, meaning servers are physically located in these locations. We have servers in 26+ countries and over 50+ locations / datacenters. USA, Brazil, Canada, Mexico, Denmark, Egypt, France, Germany, Ireland, Italy, Japan, Latvia, Luxembourg, Netherlands, Norway, Romania, Russia, Spain, Sweden, Switzerland, Turkey, UK, Hong Kong, Singapore, Australia, and South Africa.

AceVPN website

pplogovpn" width="178" height="178" srcset="https://torrentfreak.com/images/pplogovpn.jpg 178w, https://torrentfreak.com/images/pplogovpn-150x150.jpg 150w" sizes="(max-width: 178px) 100vw, 178px"/>1. Perfect Privacy does not log or store any traffic, IP addresses or any other kind of data that would allow identification of our users or their activities.</p>
<p>2. Perfect Privacy is operated by Vectura Datamanagement, registered in Zug, Switzerland.</p>
<p>3. We don’t keep track of the number of VPN connections per user and are unable to limit it. In case of malicious activity towards specific targets, we block IP addresses or ranges, so they are not accessible from our VPN servers.</p>
<p>Additionally, we have limits on new outgoing connections for protocols like SSH, IMAP, and SMTP to prevent automated spam and brute force attacks. We do not use any other tools.</p>
<p>4. We develop and host all email and support tools in-house where it is under our control. We use Google Analytics for website optimization and better market reach, but with the anonymizeIp parameter set. However, Perfect Privacy users are exempted from any tracking by Google Analytics<br />and are also able to use our TrackStop filter which will block any tracking (as well as ads and known malware domains) directly on our servers.</p>
<p>5. Because we do not host any data, DMCA notices do not directly affect us. However, we do receive copyright violation notices for file-sharing in which case we truthfully reply that we have no data that would allow us to identify the responsible party.</p>
<p>6. If we receive a Swiss court order, we are forced to provide the data that we have. Since we don’t log any IP addresses, timestamps or other connection-related data, the only step on our side is to inform the inquiring party that we do not have any data that would allow the identification of a user based on that data.</p>
<p>Should we ever receive a legally valid court order that requires us to log activity for a user going forward, we’d rather shut down the servers in the country concerned than compromising our user’s privacy.</p>
<p>There have been incidents in the past where Perfect Privacy servers have been seized, but no user information was compromised that way. Since no logs are stored in the first place and additionally all our services are running within RAM disks, a server seizure will never compromise our customers. Although we are not subject to US-based laws, there’s a warrant canary page available.</p>
<p>7. Perfect Privacy users are allowed to use BitTorrent and other file-sharing tools. P2P traffic is treated equally to other traffic. However, at specific locations that are known to treat copyright violations rather harshly (very quick termination of servers), we block the most popular torrent trackers to reduce the impact of this problem. Currently, this is the case for servers located in the United States and France. Perfect Privacy users can use port forwarding.</p>
<p>8. We offer a variety of payment options ranging from anonymous methods<br />such as sending cash, or Bitcoin. We also offer PayPal and credit cards for users who prefer these options. Because we do not monitor or log IP assignments or account usage, there is no link to the payments.</p>
<p>9. Generally, we recommend using OpenVPN with 256-bit AES-GCM encryption on desktop computers. On mobile platforms, we recommend IPSec/IKEv2 with 256-bit AES-GCM encryption, a SHA2-512 integrity algorithm and Perfect Forward Secrecy (PFS) enabled using a CURVE25519 or ECP512 elliptic curve algorithm.</p>
<p>10. Our VPN apps for Windows and macOS both have a so-called kill switch<br />built in, which is advanced firewall protection against IP and DNS leaks. On Android and iOS, you can use the system-integrated On-Demand or Always-on features which are also often called a kill switch.</p>
<p>Perfect Privacy fully supports Dual Stack IPv4/IPv6 functionality. On the vast majority of the servers, users get both a public IPv4 and a public IPv6<br />address. Of course, the kill switches support IPv6, so there’s no need to disable IPv6.</p>
<p>11. All our VPN servers are dedicated bare-metal servers that run in various data centers around the world. While we have no physical access to the servers, they all are running within RAM disks only and are fully encrypted. Additional security can be established by using a cascaded multi-hop connection over up to four hops.</p>
<p>With NeuroRouting enabled, user’s traffic is brought as close as possible to the destination within the fully encrypted VPN network. That way, the traffic is only exposed to the internet where it is unavoidable. We operate our own DNS servers.</p>
<p>12. Currently, we offer servers in 24 countries worldwide. All servers are located in the city displayed in the hostname – there are no virtual or fake locations. For full details about all servers locations, please check our server status site as we are constantly adding new servers.</p>
<p>Perfect Privacy website</p>
<p><img class=1. We don’t store logs with our users’ Internet activity, nor we are able to match a user to an IP address. In order to detect and prevent payment fraud, we do compare buyers’ IP addresses to their billing addresses.

2. VPNLand Inc, Toronto, ON, Canada.

3. We don’t impose limits on concurrent sessions. In terms of abuse prevention – each case is investigated individually and most of the time blocking the port in question for 1 day is sufficient.

4. We utilize Zendesk for online chat support. Other tools are in-house and data is stored in-house as well.

5. DMCA emails received on our non-US servers are usually ignored.

6. We won’t be able to identify such user due to the lack of matching IP-port-username logs. Regarding future requests: each case will be reviewed individually, and there is no universal scenario available.

7. P2P is allowed on ALL non-US servers. Yes, we do provide incoming port forwarding services for an additional fee.

8. Credit Cards, PayPal, CryptoCurrency. Yes, we have multiple physically separated databases with different functionalities.

9. We recommend our users to use OpenVPN + TLS-Crypt. In countries where OpenVPN is blocked, we utilize dual encryption via Stunnel.

10. In our new set of apps, we offer “kill switches”. Dual IPv4/IPv6 support work in progress.

11. We rent servers from multiple third parties. These servers don’t have anything stored on them except VPN config scripts, and all servers are used by numerous clients at a time. We use a combination of our own DNS servers and Google public DNS servers

12. US, Canada, UK, All European countries, Singapore, Korea, Japan. No, we don’t play these fraud games with RIPE or ARIN databases. All our servers are physically in the locations we claim

VPN Land website

bolehvpn1. We do not keep any logs on our VPN servers that would allow us to do this.

2. BV Internet Services Limited, Seychelles.

3. Generally, we just look at network graphs a number of connections and see if there is any abnormal activity. We also block certain sensitive ports that are often used for hacking/spamming.

4. We use Zendesk to deal with support queries and do track referrals from affiliates. We, however, provide the option to send us PGP encrypted messages via e-mail and also Zendesk. We do not use Cloudflare.

5. We generally find providers that are friendly towards such DMCA notices. Where it cannot be avoided, we just keep them as Surfing/Streaming servers with P2P disabled. These servers are more for geo-location or general purpose surfing rather than p2p. A no time we give out customer information.

6. Several years ago, we received a German police request for certain information in relation to a blackmail incident. Despite it appearing legitimate, we could not assist as we did not have any user logs. We maintain a warrant canary which we do update once a month or when there is a request for information (even if we have not complied with it).

7. We marked a few servers as Surfing-Streaming, as they are on providers with strict DMCA requirements. All other servers support P2P and are not treated differently from any other traffic.

8. Paypal, Paymentwall, Coinpayments, Paydollar, MolPay, Bitcoin, ZCoin, ZCash, Dash, and direct bank transfers.

9. We recommend OpenVPN, with our Cloak servers running AES-256 bit encryption as well as an XOR patch that obfuscates your traffic. This obfuscation prevents it from being recognized as VPN traffic.

10. Yes, we do. Our leak prevention also includes IPv6. We do support dual stack functionality.

11. They are bare metal boxes hosted in various providers. We do use our own DNS servers.

12. Canada, France, Germany, Italy, Japan, Luxembourg, Malaysia, Netherlands, Singapore, Sweden, Switzerland, United Kingdom, and the USA.

BolehVPN website

1. SlickVPN doesn’t log traffic or session data of any kind. We don’t store connection time stamps, used bandwidth, traffic logs, or IP addresses.

2. Slick Networks, Inc. is our recognized corporate name. We operate a complex business structure with multiple layers of offshore holding companies, subsidiary holding companies, and finally some operating companies to help protect our interests. The main marketing entity for our business is based in the United States of America but the top level of our operating entity is based out of Nevis.

3. We block port 25 to reduce the likelihood of spam originating from our systems. The SlickVPN authentication backend is completely custom and limits concurrent connections.

4. We utilize third party email systems to contact clients who opt in for our newsletters and Google Analytics for basic website traffic monitoring and troubleshooting. We believe these platforms to be secure. Because we do not log your traffic/browsing data, no information about how users may or may not use the SlickVPN service is ever visible to these platforms.

5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session. Otherwise, we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we rarely receive a valid DMCA complaint while a user is still in an active session.

6. This has never happened in the history of our company. Our customer’s privacy is of topmost importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. SlickVPN uses a warrant canary to inform users if we have received any such requests from a government agency.

7. Yes. All traffic is allowed. SlickVPN does not impose restrictions based on the type of traffic our users send. Outgoing mail is blocked but we offer a method to split tunnel the mail out if necessary. We can forward ports upon request. Some incoming ports may be blocked with our NAT firewall but these can be opened on request

8. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America (Marketing) and the other platform is operated out of Nevis (Operations).

Payment details are held by our marketing company which has no access to the Operations data. We offer the ability for the customer to permanently delete their payment information from our servers at any point and all customer data is automatically removed from our records shortly after the customer ceases being a paying member.

9. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and we use the AES-256-CBC algorithm for encryption.

10. Our leak protection (commonly called a ‘kill-switch’) keeps your IPv4 and IPv6 traffic from leaking to any other network and protects against DNS leaks. Your network will be disabled if you lose the connection to our servers and the only way to restore the network is manual intervention by the user. We don’t offer IPv6 connections at this time

11. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties unless there is enough demand in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries.

In all cases, our network nodes load over our encrypted network stack and run from RAMDisk . Anyone taking control of the server would have no usable data on the disk. We periodically remount our RAMDisks to remove any lingering data. Each of our access servers acts as the DNS server for customers connected to that node.

12. At SlickVPN we actually go through the expense of putting a physical server in each country that we list. SlickVPN offers VPN service in 40 countries around the world. We do not do offer virtual locations.

SlickVPN website

1. We do not keep any logs on our network servers that can match an IP address and time stamp with a user.

2. Our service is incorporated under a company in Seychelles for our users’ security and anonymity. The company name is “Global Stealth, Inc.”.

3. There are no such limits on our network.

4. Yes, we are using Google Analytics for our website traffic analysis. We also use Zendesk for chat platform.

5. We don’t receive DMCA notices as we have Special server network in DMCA free zones.

6. It will be basically ignored.

7. BitTorrent and P2P are allowed on our special networks designed for this purpose. These networks have all ports open.

8. We support credit card and PayPal. Payments can be linked to accounts.

9. We support AES256 SSL encryption supported protocols over multiple ports.

10. Yes, we do support Kill Switch for our users.

11. All our servers are hosted on globally known data centers with high security. We have our global DNS and SmartDNS network.

12. We have servers in more than 80 countries globally.

HeadVPN website

1. We do not keep any logs of data transmitted through our service and we have no way of knowing what our users are doing while connected to our servers. However, we will note that all payment processors store IP data for the purpose of fraud mitigation. Our payment processor is no different.

2. We operate under AppAtomic, physically headquartered with personnel in Cyprus. We also have offices in Montreal where sales, development, and support take place.

3. We have proprietary systems being used to mitigate abuse, but don’t enforce limitations on concurrent connections at the current time.

4. We use Google’s Firebase and Analytics for basic statistical reporting, however, those services do not have access to data transferred by our users. ZenDesk is currently employed to provide support, however, we plan on migrating everything in-house in the near future.

5. Since we keep no logs, there is virtually nothing we can do to respond to DMCA or equivalent inquiries.

6. Since we do not log activity, we have no way of identifying users. In the event that we are somehow forced to log activity for a user going forward, it would be reflected in the Warrant Canary within our Privacy Policy.

7. We do not restrict torrents, file sharing or P2P.

8. We use ProBiller as a payment provider on our web site, as well as Apple and Google within our iOS and Android apps respectively. Since we have no logs, there is never anything that can be linked to usage of our service nor IP assignment.

9. It depends on the platform. Open VPN and IKEv2 are both considered to be the best in the industry.

10. We have a kill-switch feature within our Desktop apps, as well as our Android app. For iOS, incorporating a kill-switch is not possible due to operating system restrictions, but we do have an Auto-Reconnect upon Disconnect feature there.

11. We’ve contracted StackPath for the purpose of network infrastructure. Our agreement forbids the snooping of any traffic, and we use DNS servers they host.

12. Here’s a full list.

VPNhub website

1. No. The service is designed to minimize the amount of information known about users.

2. SigaVPN, a sole proprietorship in the United States of America

3. I can’t monitor abuse because I don’t snoop on internet traffic passing through SigaVPN servers. Concurrent connections aren’t limited, because once again, there is truly no monitoring of users at all.

4. I use Tutanota for email. I had analytics briefly, but it has since been removed.

5. All DMCA requests must be sent by snail-mail to SigaVPN. They must be valid. The response is always the same: I can’t help you because I don’t have the information you are inquiring about.

6. I can’t identify a user of the service, former or active. I would close SigaVPN before I log activity for a user. These scenarios have not happened.

7. No ports are blocked. BitTorrent is allowed on every server. Port forwarding is not offered.

8. PayPal or cryptocurrencies. Absolutamente.

9. AES-128-CBC

10. IPv6 leak protection is provided. There is no kill switch provided, however, users can configure qBittorrent to bind to the OpenVPN interface.

11. I use dedicated servers as the rest of the industry does. DNS requests are proxied through a recursive DNS server to Cloudflare. This way Cloudflare doesn’t even see the VPN IP. The DNS proxy server collects no logs.

12. France, Luxembourg, USA, Netherlands, Switzerland, Singapore, Romania. A new location will be added soon. Virtual locations are not offered.

SigaVPN website

cyberghost1. We have a strict No Logs policy, so none of our traffic or DNS servers log or store any user info.

2. We’re incorporated as CyberGhost S.A. and we operate under Romanian jurisdiction.

3. Our dedicated team monitors the whole service and infrastructure for any abuse of service. We have several tools in place, from Cloudflare, to firewalls and our own server monitoring system. Concurrent connections limits are monitored & also enforced via our systems in order to avoid such types of abuses.

4. We use Conectoo, ActiveCampaign and Zendesk.

5.  When we receive DMCA takedown notices, we send the other party a standard email informing them we keep no logs and cannot comply with the request.

6. Since we store no logs, such requests have no effect on us. Under Romanian law, data retention is not mandatory.

7.  We have specific high-performance servers optimized for torrenting. In certain countries, local legislation prevents us from offering an adequate service for torrenting. Other locations have performance constraints.

No port forwarding is allowed, as this can be a security risk. Some ports are blocked to prevent malicious uses of our servers (25, 80).

8. Our current payment providers are Cleverbridge, Stripe, and BitPay. Payment details are held in a dedicated database and cannot be linked to anything else.

9. On iOS, macOS and Windows, our default protocol, IKEv2 with AES-256 encryption offers a good balance of performance and security. OpenVPN with AES-256 is also a solid alternative on Windows, Android, Linux, routers or other devices.

10. Yes, we have a kill switch in place, but we do not support dual stack.

11. Except for our NoSpy servers, we rent our VPN servers. All inbound connections from users to our servers are encrypted VPN tunnels, and we use our own DNS servers. We also install our custom OS on the servers to fully run a secure environment (no involvement from 3rd parties).

12. We have over 3,600 servers physically located in 60+ countries. The full list is here.

CyberGhost website

ovpn1. Our entire infrastructure and VPN service is built to ensure that no logs can be stored – anywhere. Our servers are locked in cabinets and operate without any hard drives. We use a tailored version of Alpine, which doesn’t support SATA controllers, USB ports etc. To further increase security, we use TRESOR and grsecurity to be resistant to cold boot attacks.

2. OVPN Integritet AB (Org no. 556999-4469). We operate under Swedish jurisdiction.

3. We don’t monitor abuse. In order to limit concurrent connections, our VPN servers validate account credentials by making a request to our website. Our web server keeps track of the number of connected devices. This is stored as a value of 0-4, where it is increased by 1 when a user connects and decreased by 1 when a user disconnects.

4. For website insights, we use Piwik, an Open Source solution that we host ourselves. The last two bytes of visitors’ IP addresses are anonymized; hence no individual users can be identified. Automatic emails from the website are sent using Mailgun, but we never send any sensitive information via email. Intercom is used for support.

5. Since we don’t store any information, such requests aren’t applicable to us.

6. We can’t provide any information to the court. A court wouldn’t be able to require logging in our jurisdiction – but in case it did happen we would move the company abroad.

7. We don’t do any traffic discrimination. As such, BitTorrent and other file-sharing traffic are allowed on all servers. We do provide port forwarding services as incoming ports are blocked by default.

8.  PayPal, credit cards (via Braintree), Bitcoin (via Bitpay), Bitcoin Cash (via Bitpay), cash in envelopes as well as a Swedish payment system called Swish. We never log IP addresses of users, so we can’t correlate an IP address to a payment.

9. We offer AES-256-GCM. In terms of connection, we recommend using our Multihop add-on.

10. Our desktop client provides a kill switch as well as DNS leak protection. All our servers support dual stack IPv4 & IPv6.

11. We own all the servers and routers used to operate our service. All VPN servers run without any hard drives – instead we use tmpfs storage in RAM. Writing permissions for the OpenVPN processes have been removed, as well as syslogs. Our VPN servers do not support physical console access, keyboard access nor usb access. The servers are collocated in various datacenters that meet our requirements. OVPN does not rent any physical or virtual servers.We operate our own DNS servers.

12.  We do not offer any virtual locations. At the time of this writing OVPN has VPN servers in USA, Sweden, Germany, Switzerland, the Netherlands, Canada and Norway.

OVPN website

1. Privacy is so important for VPNCity, therefore, we do not store or retain any logs relating to traffic, sessions, DNS, etc. There is no way you could match a person or entity to an IP Address or time stamp.

2. VPNCity.com is wholly owned and operated by Think Huge Ltd, incorporated in Hong Kong.

3. We don’t monitor abuses automatically, this is handled carefully by a member of staff. There is a limitation of 1 connection at a time for port 25 and we do limit the VPN concurrent connections according to our advertised plans.

4. We do use Google Analytics for marketing purposes and Kayako/Zopin for live chat, however, our staff is instructed to never ask customers for their public IP Addresses. Our applications have a feature which will help the customer to provide our support team the internal IPs to avoid leakage of external IPs during chat/support.

5. As we are incorporated in HK, DMCA and similar Acts have no legal ground.

6. If the order or subpoena is issued by a Hong Kong court, we would have to provide any information we hold. However, as our clients’ privacy is paramount, our NO log policy means that we don’t have any user-specific data to pass onto the authorities.

7. We currently do not block any forms of traffic on any of our servers. We do not currently offer port forwarding services, and we currently do not block any ports.

8. We accept payments via PayPal, all major credit cards and AliPay. Credit cards are processed via Stripe and AliPay is processed via Payssion. We are also about to introduce crypto payments in the coming weeks, processed via CoinGate.

There is a link between the payment and the users account as that must be tracked in case of support concerns such as refunds/credits. There is no link between the VPN connection and the user account though. The user account just allows them access to pay for a VPN – beyond that, there is no correlation between the user’s account and the connections that the user has to our VPN servers.

9. TLS 1.2, 256-GCM, 4096bit RSA and SHA512 HMAC. shadowsocks/proxy should use 256-CBC and of course, all DNS should be encrypted by TLS.

10. Yes, a Kill Switch is available to all clients and we’ve gone to great lengths to ensure clients information is secure. IPv6 is enabled by default however our customers have the ability to disable it.

11. We use our own DNS servers, and as the traffic is encrypted, our data center providers are unable to port mirror our traffic. We also insist on strict procurement procedures where we insist our suppliers provide security certificates, such as ISO 270001, and ensure they comply with our security checklist.

12. At the moment we have infrastructure operating in 68 cities across 47 countries.

VPNCity website

1. During active session (when the user is connected via one of the available protocols) we record the amount of consumed traffic (bytes sent/received) and store this in DB. After the user disconnects, we no longer have info about the IP, so there’s no way to identify a customer.

2. Edelino Commerce, Seychelles.

3. We use an in-house set of custom scripts that run on each server.

4. For support we use Freshdesk, GA for analyzing web pages, mail is self-hosted.

5. This depends on where the server is hosted. We either ignore it or issue an automatic email reply. The autoreply is long, but basically, it says that we don’t host any files and are not obliged to reveal any info about our customers.

6. We haven’t seen such scenarios in the past, however, we received email requests to get info about users. We always replied as it is – that we don’t have any logs to provide, and are not obliged to store any. The same reply would be to the court order in case it happens.

7. BitTorrent and other p2p protocols are mostly allowed. On some servers, it’s blocked due to fact that there are no hosters in that region that will tolerate torrents. This means that if we enable torrenting on such servers – we’re basically losing this server/location. Yes, we have port forwarding. We block 25 port due to spam issues, any other ports are allowed.

8. We accept credit cards via integration with few different payment systems, PayPal and Bitcoin. Latter is the most anonymous option. Even though when paying with credit card payment system collects basic info required for payment – we don’t store it, and it can’t be linked to any activity that happened while the customer was connected to our VPN.

9. Our recently upgraded OpenVPN with AES256, 4096-bit keys and TLS auth. Upcoming Wireguard rollout will also offer state-of-art
modern encryption.

10. Yes, we added killswitch support to our application recently. Also regardless of what protocol customer choose we protect you from
DNS leaks. We support only IPv4 for now.

11. Depending on location we either own hardware or rent it. In both cases, only several people from our staff have access to servers.
We strictly control access to servers and encrypt disks. All traffic regardless is it management or our customer’s traffic is encrypted.
We use our own DNS servers, and protect customers from leaking their IP by using any other DNS.

12. All servers are located in countries that are listed on our web site. Now we offer servers in 35 countries, and most of the countries have servers in different cities. We do not offer virtual locations when you connect to a specific location – you connect to the server located in that country.
Anonine website

1. We do not keep any kind of logs on our systems. When the user is logged into the server, his information is only available at that time, on our server, and only used for authentication. Once he disconnects all his login information is destroyed.

2. Rothas Apps Limited, we are located in Hong Kong.

3. We offer 5 Multi-Logins, for one account. Abuse of our services is monitored through our server built-in tools and techniques.

4. We have our own email servers. But yes, we use Google Analytics for traffic analysis and Tawk.to for live chat.

5. We monitor our services for misuse in real time. Our system is built upon multiple tools and techniques to assist in the monitoring of our services and alerts us for any misuse.

6. To date, no valid court orders have been submitted to us, but we do receive requests from law enforcement periodically, on which we perform our own investigations for compliance and respond according to our Privacy Policy.

7. We have certain servers that allow the use of torrents and related tools for file-sharing, and they are only allowed in cases where file-sharing is legal and allowed, therefore, all such traffic is treated as regular traffic. On these servers, file-sharing ports are all open.

8. At the moment our payment methods include PayPal and Stripe for Major Credit and Debit Cards. All payments made by any user is not linked nor is logged as stated in our Privacy Policy. Hence, this information is controlled by the user as we keep no logs.

9. AES-256 + RSA4096 + SHA256.

10. Our applications have Kill Switch and DNS Leak Protection. We are only working with IPv4 at the moment.

11. Our VPN servers are hosted in trusted data centers with strong security practices, where the data center employees do not have server credentials.

12. We have +150 servers in over 57 countries, more are added continuously and will not stop.

CASVPN website

SecureVPNto1. We don’t log any individually identifying information. The privacy of our customers is our top priority.

2. Our service is operated by a group of autonomous privacy activists outside of “Fourteen Eyes” or “Enemy of the Internet” countries. Each server is handled within the jurisdiction of the server’s location.

3. There are no tools which monitor our customers but we use techniques which don’t require any logging to prevent the abuse of our service.

4. Our website has entirely been developed by ourselves and thus we don’t rely on external service providers.

5. We reply to takedown notices but nobody can force us to hand out information because of our non-logging policy.

6. This hasn’t happened yet, but if we were forced to identify any of our customers at a specific server location, we would immediately terminate this location. We are not going to log, monitor or share any information about our customers under any circumstances.

7. BitTorrent and other file-sharing traffic is allowed and treated equally to other traffic on all servers. Port forwarding and TCP port 25 (SMTP) are disabled to prevent our servers from being abused for shady things.

8. The only payment methods we offer are privacy preserving payment methods like Bitcoin, Dash, Ethereum, Paysafecard and Perfect Money. No external payment processor receives any information because all payments are processed by our own payment interface.

9. We would recommend OpenVPN, available in UDP and TCP mode. We are using AES-256-GCM/CBC for traffic encryption, 4096 bit RSA keys for the key exchange and SHA-512 as HMAC. This setup offers a very high grade of security.

10. Our VPN Client provides advanced security features like a Kill Switch, DNS Leak Protection, IPv4/IPv6 Leak Protection, WebRTC Leak Protection and many more. Connections from Dual Stack IPv4/IPv6 are supported.

11. We rent 24 servers in 18 countries and are continuously enhancing our server park. It is impossible to have physical control over all widespread servers but we took security measures like disabling hardware ports to prevent unintended server access. The solution to an adversary snooping to inbound/outbound traffic is our service itself. Due to the nature of a VPN connection is not possible to correlate a connection between inbound and outbound traffic. Thus it is not possible to learn anything from such an attack which could break our customers privacy. At the moment we are using the nameservers of Quad9 which offer good privacy.

12. Every server is physically located in its specified country and thus we don’t offer virtual locations. You can find our server list at the following link.

SecureVPN.to website

VPN provider(s) With Some Logs

vpnac1. We keep connection logs for one day to help us in troubleshooting customers’ connection problems but also to identify attacks (e.g. bruteforce, account theft). This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred. This info isn’t stored on any servers but transfered securely in real time to an undisclosed location.

2. Netsec Interactive Solutions SRL, registered in Romania.

3. There are automated firewall rules that can kick-in in the event of some specific abusive activities. Manual intervention can take place when absolutely necessary, in order to maintain the infrastructure stable and reliable for everyone. Concurrent connections are limited by the authentication back-ends.

4. No, we don’t.

5. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users.

6. It has never happened. In such an event, we would rely on legal advice.

7. It is allowed on all servers. Port forwarding is not supported due to security and privacy weaknesses that come with it, ports aren’t blocked except for SMTP/25.

8. All popular cryptocurrencies, PayPal, credit cards, several country-specific payment methods, gift cards. Crypto payments can be anonymous.

9. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE, curve secp256k1) is used by default in most cases. We also support RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use AES-256-GCM and AES-128-GCM. We are also supporting the WireGuard VPN protocol (in beta).

10. Yes, such features are embedded in our client software.

11. We have physical control over our servers in Romania. In other countries, we rent or collocate our hardware. We use our own DNS resolvers and all DNS traffic between VPN gateways and DNS resolvers is encrypted.

12. We don’t use “virtual locations”. All servers are physically located in several countries such as: Australia, Brazil, Canada, Belgium, Switzerland, Germany, Spain, Finland, France, Hong Kong, Italy, Japan, Lithuania, Luxembourg, Mexico, Netherlands, Norway, Poland, Portugal, Romania, Sweden, Singapore, Taiwan, UK, USA.

VPN.ac website

VPN providers With Some Logs

seed4me1. General connection logs are stored on a secure server for 7 days to solve network issues if there are any (for example if VPN IP is blocked in China and needs replacement). These logs are deleted after 7 days if there are no network problems.

2. We operate under a few jurisdictions and prefer to keep this information private as an extra layer of protection for our customers.

3. We use simple firewall rules to avoid some abuses in advance. Regarding concurrent connections: we do not have any limits when people use our Windows, MAC, iOS or Android app. When Customer sets up L2TP/PPTP VPN manually he has 3 simultaneous connections by default, this number can be increased and it’s totally free. We use our own solution to manage abusive accounts and limit concurrent L2TP/PPTP connections.

4. Currently, we utilize Google Analytics and G Suite (ex. Google Apps).

5. In case of abuse we null route the IP to keep ourselves in compliance with DMCA. Currently, we use simple firewall rules to block torrents in countries where DMCA applies.

6. We will act in accordance with the laws of the jurisdiction, only if a court order comes from a jurisdiction where the affected server is located. Fortunately, as we said before, we do not keep any logs on VPN nodes, on the other hand, we do not encourage illegal activity. This never happened.

7. Torrents are allowed on our VPN servers in Switzerland, Sweden and Latvia. This is torrent-friendly countries with high-quality data centers and network. We firewall mail ports on some servers to avoid mail spam.

8. We accept Bitcoin, PayPal, Visa, MasterCard, bank transfers, In-App purchases in our mobile apps (iTunes, Google Play, Amazon) and all kinds of electronic payments like WeChat, Webmoney, QIWI, Yandex.Money.

We do not store sensitive payment information on our servers, in most cases, the payment system simply sends us a notification about successful payment with the amount of payment. We validate this data and grant access to the VPN. BTW, we do not require the name of the cardholder when he pays for the VPN with a card.

9. Obfuscated OpenVPN with 2048-bit key will be a good choice, it’s available in our Desktop and Android apps. Also, our iOS App has Automatic protection option that guarantees for example that all outgoing connections on open Wi-Fi will be encrypted and passed through a secure VPN channel.

10. Yes, we do provide DNS leak protection in our Desktop app (Windows and MacOS) and we suggest customers to turn off IPv6 support. We offer Kill switch option in our Desktop apps. We are also compatible with free software that prevents unsecured connections after VPN connection goes down.

11. We rent servers. Here are some basic facts to help people enjoy using our Network:
– No data is stored on VPN nodes (if the node is confiscated, there will not be any data).
– VPN nodes only receive and forwards traffic.
– All data sent to our clients is encrypted.
– All servers are remotely administered by our team only, no outsourcing.

We prefer to deal with trustworthy Tier-3 (PCI-DSS) data centers and providers to ensure reliable service with high security. As for DNS, we use Google, users can override these settings with their own.

12. We avoid using “virtual locations”. Currently we offer VPN nodes in 30+ countries: USA, UK, Canada, Russia, Latvia, Lithuania, Ukraine, Finland, Moldova, Romania, Sweden (torrent-friendly), Bulgaria, Czech Republic, Germany, Netherlands, Swiss (torrent-friendly), Belgium, Italy, France, Israel, Spain, India, Hong Kong, Japan, Taiwan, Singapore, Australia and a special China-optimized cluster for users in China.

Seed4.me website

—–

Note: several of the providers listed in this article are TorrentFreak sponsors. We reserve the first three spots for our sponsors, as a courtesy. A few of the links to VPN providers contain affiliate links which help us pay the bills. We never sell positions in our review article or charge providers for a listing.

VPN providers who want to be in future question rounds are free to get in touch.