Pricing and Package Features
There are three pricing plans – The SideKick VPN, The Road Warrior VPN, and The Family VPN, with the main difference being the number of simultaneous connections (2, 4, and six respectively) allowed. The Family plan also throws in an extra PC and Mac Viscosity license. All packages can be upgraded with the new IPS firewall for an extra $3, a feature that LiquidVPN has told us it is very excited about, and which we will examine in more detail soon.
LiquidVPN is happy to let you download via P2P, although it does ask clients to use European rather than US servers for this purpose. The ToS prohibits the downloading of copyrighted material and ‘any DMCA notices received from our USA ISP’s that can be traced back to you may be grounds for account termination due to violation of our TOS’, but this appears to be a legal fig leaf rather than a real limitation, as LiquidVPN told the School of Privacy that,
‘We are a network transport provider. We do not host content, provide resources, monitor or log anything our customers do on our network. We respond to each DMCA letter personally explaining what I just explained to you. We have never forwarded off a DMCA letter to any of our users. Law enforcement requests are handled the same way. As long as the user in question is not using the same email address/username that was entered into our billing system then there won’t be any information to provide’, also adding that ’we do not police our network in any way shape or form’.
Customers can use any of LiquidVPN’s 10Gbps servers on the US West Coast and Czech Republic, its Gigabit servers in the Netherlands and Dallas, and its 100Mbs servers in the UK and Kansas.
Port forwarding is also supported through the User Control Panel.
The stand-out, and absolutely unique feature of this service is ‘Modulating IP connections’, which ‘varies the public IP addresses that your data is being sent and received from. It might change 100 or more times during a single session. The more people using the service the more IP addresses will be used and the more often it will change.’ This is a very interesting idea, and one that we have never seen before.
LiquidVPN describes Modulating IPs as the ‘most anonymous’ method of using its service, and upon questioning the support team we learnt that ‘Modulating IPs are shared. This is basically a shared IP that modulates from IP to IP making it more anonymous then a normal shared IP’. Given that the system uses shared IPs, it would seem to provide a genuine benefit to maintaining users’ online anonymity, and should be commended for its innovation.
The website and customer support
The LiquidVPN website is a slick looking affair, with a fancy animation and a video describing Modulating IPs (see above). It does a reasonable job of explaining the various options available, but we did find it a bit confusing to navigate around. There is a ‘Knowledgebase’ wiki forum with a fairly useful FAQ, although we did find ourselves still wanting to ask a couple of questions.
Customer support is provided by a ticket system. When we asked our questions using it, the reply was fairly prompt (given the time difference between where we are and Michigan), and informative (and our questions were added to the wiki).
The Control Panel does pretty much what you would expect – you can check your subscription settings, change private details etc., but we were slightly surprised when it fell down if accessed when connected to LiquidVPN’s own Modulating IPs servers, constantly locking us out of our account and not letting us log back in again! Disconnecting from the Modulating IP server fixed this problem, but we did find it frustrating.
Nevertheless, despite these issues, and the occasional difficulty in finding the information we were looking for (the Tos is not easy to find!), we are impressed by just how much information is available on the website if you dig around. There is even a Blog section hidden away in there, with some fairly interesting articles.
LiquidVPN keeps no usage logs (i.e. it does not log IP addresses, browsing history or traffic data), and the only connection logs are bandwidth usage logs, kept ‘for refunds’. It has also changed its signup process to only require a name and email address, which pleases us.
On the security technology side of things, LiquidVPN impresses us immensely. We have already looked at the innovative Modulating IP system which, although as we shall see later does come with a sizeable performance hit, promises genuine privacy benefits. All servers also offer use of more conventional of shared IPs, which is also great and impacts performance less.
OpenVPN encryption, in the form of CBC 256-bit AES, with 2048-bit RSA key encryption, is about as good as it gets (at least until VPN providers start to move away from NIST certified standards). Interestingly, LiquidVPN told us that ‘we are testing Elliptic curve DH and as long as nothing rears its head in our tests we will be rolling it out to all of our OpenVPN servers in the near future’. This is, again, a NIST certified standard that is gaining popularity, but which may include security vulnerabilities, so we are curious about how the tests will turn out.
PPTP uses 128 bit MPPE, and L2TP uses 256-bit encryption, which is fine, but in the wake of recent Edward Snowden revelations about NSA efforts to break and subvert VPN encryption standards we only recommend using OpenVPN.
Which brings us nicely to the unfortunate fact that LiquidVPN is a US based company, is subject to the Patriot Act, and is therefore at least potentially open to NSA interference. As LiquidVPN is still a fairly small company (in September it boasted of around 500 clients), it may well have slipped under the NSA radar so far, but those concerned (as they should be) about NSA snooping, are best off avoiding any US tech company.
We are pleased to say that LiquidVPN has simplified its signup process, and now only requires a name and email address. This is great as it accepts payment via Bitcoin, so it is now possible to pay for the service anonymously. You can also pay using PayPal or Credit Card.
The Windows client
LiquidVPN supplies its own custom OpenVPN client. Setup is straight forward enough, and there is plenty of hand-holding if you need it.
Once launched, you access the client through its icon in the Notification Bar.
All this adds up to quite a funky and fully featured VPN client, but it gets even better. On the website is a Scripts Library which lets you download scripts for the client to increase its functionality. For the Windows client these scripts include Fix DNS leaks, Start Application on Connect, VPN Check, Enable Internet Before VPN connects, Disable Internet on VPN Disconnect – Enable Internet on VPN Connect, Close Program on VPN Disconnect, and DNS Leak Prevention. Taken together, they make the client the most fully featured VPN software we have yet seen, while also allowing you to choose the features that you want. Excellent!
Once set up, the script worked perfectly as advertised, so no more naughty P2P downloading after a VPN disconnect for us!
Connecting using Modulating IPs was very interesting, as our IP address changed every few seconds.
The custom client is also available for OSX, and supports the scripts: Quit Transmission and notify via Growl, Start and Contro0l VPN & Transmission, and Start App on VPN Connect and Kill App on VPN Disconnect.
Setup instructions for other platforms, and for connecting other than by the custom client however, are difficult to find, require searching the Knowledgebase wiki, and are somewhat randomly incomplete. For example, we could nowhere find setup instructions for iOS or Blackberry devices (although it is stated that both can be used with the service), and we also couldn’t find any setup instructions at all for L2TP/IPsec on any platform.
Android users are catered for with detailed instructions for setting up the Feat VPN app (previously commercial but the full version is now available for free), Ubuntu users with a guide to setting up OpenVPN via Network Manager, and instructions are also available for setting up DD-WRT routers. Where they exist, the guides are good, but this is definitely an area where LiquidVPN could do better.
As usual, we tested the service out on speedtest.net using our 20 meg UK broadband connection.
We were somewhat surprised at how poor download speeds were when connecting using Modulating IPs (although note the very high upload speed). In fairness we retested again the next day and managed to get speeds of up to 6.15Mbs, but they remained very inconsistent and universally disappointing. Although speeds to the local UK server (using shared IPs) where great, they quickly dropped off when connecting to servers in Europe, and were almost unusable when connecting to US servers. Overall we were very disappointed with the results.
- Modulating IP technology is genuinely unique, innovative, and should bring substantial improvements in privacy
- Use of shared IPs is also good
- No usage logs (and connection logs purged regularly)
- Excellent encryption
- Fantastic client with customizable scripts
- Basic service is very cheap
- 4 simultaneous connections on Pro service
- P2P ok
- Port forwarding
- Static IPs available
We weren’t so sure about
- We usually like the fact that a provider accepts Bitcoin payments, but the requirement to provide personal information makes this somewhat redundant
- Far too much personal information required on sign-up
- Poor to very poor performance (especially when connecting used Modulating IPs)
- Although it looks good, finding information on the website can be a nightmare (and in some cases simply does not appear to exist). That said, there is a lot of information available if you dig hard enough
- Based in the United States
At the end of the day we think that LiquidVPN is currently only worthwhile if you are interested in the Modulating IP technology (and are prepared for the major performance hit this involves). However, we do think it is a very interesting company, and merits close attention to see what it does in the future. If it manages to improve performance then it will be become a much more interesting proposition (and that VPN software really is great), although we have nagging concerns about the amount of personal information asked, and that is based in the US (things that are unlikely to change).
Update 16 December 2013: LiquidVPN has been working hard to improve its modulating IP performance. Our latest test results show that while not perfect, implementation of the technology is advancing rapidly, and the now much faster service makes using the technology a hugely more practicable and attractive proposition.
In addition to this, LiquidVPN has started to change over from NIST certified encryption standards (such as AES), and has now implemented Camellia CBC encryption on its Russia and Germany servers, ‘with more to follow.’ It is the only company we know of to do this, and is to be greatly applauded for the move.
As we noted in the main review, LiquidVPN is an exciting VPN company, and one that we shall continue keeping a close eye on.
Update 21 April 2014: LiquidVPN has contacted BestVPN to let us about ‘the addition of our optional intrusion prevention system add on. Traditionally IPS has been very hard to implement on users systems without advanced technical knowledge. We thought what better method to deliver an advanced IPS system to consumers then via a VPN. In its current form it is a simple add-on but as the system learns and gets more robust and our users start to realize the benefits we may expand the service to allow more fine grained control over how the system works on a per user basis.’
At present ‘it is in a sort of test mode,’ but the technology sounds very interesting (we love LiquidVPN’s zest for innovation), so we will examine it in detail in the near future.
We have also modified the article to reflect current logging, pricing structure, and signup requirements.