NordVPN

AirVPN Testbericht

unsere Zusammenfassung

AirVPN bietet exzellente Verschlüsselung und Sicherheit. Funktionen wie VPN über Tor, Unterstützung von OpenVPN und 3 simultane Verbindungen sind nur ein paar Gründe, aus denen AirVPN ein hervorragender VPN-Dienst ist. In meinem Review zu AirVPN erfährst du, warum!

Our Score

9.4
Some alternative options for you...
ExpressVPN
Our Score
9.8
From
$6.67
per month
NordVPN
Our Score
9.8
From
$3.29
per month
IPVanish
Our Score
9.2
From
$3.25
per month

Ich möchte mein Review mit der Feststellung beginnen, dass ich nach rund zwei Jahren, in denen ich AirVPN als meinen persönlichen VPN-Dienst nutze, ein größerer Fan davon bin als je zuvor. Diesem italienischen VPN-Anbieter, der sich damit rühmen kann, von „Hacktivisten und Aktivisten“ aufgebaut worden zu sein, ist es auf fast konkurrenzlose Weise ein Anliegen, den Datenschutz seiner Nutzer aufrechtzuerhalten. Außerdem kommen exzellente Verschlüsselungs- und Sicherheitsmaßnahmen zum Einsatz und es gibt fantastische Funktionen zur Verbesserung der Datensicherheit (wie VPN über SSL und VPN über Tor). Meiner Erfahrung nach ist AirVPN mit an Sicherheit grenzender Wahrscheinlichkeit der schnellste und stabilste VPN-Dienst, den ich jemals genutzt habe. Und doch…

Die Analysen von BestVPN zeigen, dass zwar die Neuregistrierungen bei AirVPN recht hoch sind, die meisten Nutzer aber keine Reviews dazu verfassen. Es sieht daher danach aus, dass viele den Dienst ausprobiert haben, ihn aber einfach nicht mögen. Ich kann nicht mit Zahlen argumentieren, aber ich behalte diese Tatsache im Hinterkopf, während ich dieses Review schreibe.

Preise & Pläne

AirVPN berechnet 7 € (ca. 8 $) für ein Monats-Abo und bietet die üblichen Mengenrabatte, sodass der Preis beim Kauf eines Jahres-Abos bis auf 4,50 € (ca. 5 $) fällt. Eine kostenlose 3-Tage-Testversion ist auf Anfrage erhältlich, wer ungeduldig ist, kann ein 3-Tage-Abo für 1 € kaufen.

AirVPN prices

Alle Abos bieten vollen Zugang zu sämtlichen Funktionen von AirVPN, was AirVPN im Vergleich zu vielen konkurrierenden Diensten zu einer ziemlich preiswerten Option macht.

AirVPN payment methods

AirVPN akzeptiert Zahlung über PayPal und eine beeindruckend breite Palette von Zahlungsdienstleistern. Das bedeutet, dass Nutzer in den Teilen der Welt, die oft diskriminiert werden, wenn es um internationale Zahlungen geht, keine Probleme beim Kauf eines Abonnements haben sollten. Darüber hinaus wird nicht nur Zahlung per Bitcoin akzeptiert, sondern auch über so gut wie jede andere Kryptowährung, die Ihnen in den Sinn kommen könnte.

Fazit

Was mir gefallen hat

  • Keine Protokolle
  • Starke Verschlüsselung (einschließlich Perfect Forward Secrecy)
  • Open-Source-Client mit DNS-Leak-Schutz, Killswich und WebRTC-„Bug“-Schutz
  • VPN über Tor
  • SSL- und SSH-Tunnelling
  • Port-Weiterleitung
  • Akzeptiert Bitcoins (und andere Kryptowährungen)
  • DNS-Routing, um VPN-Sperren zu umgehen
  • Kostenlose 3-Tage-Testversion
  • Schnell und stabil
  • 3 simultane Verbindungen
  • Die Website ist ein fantastisches Archiv für VPN-Wissen
  • P2P: Ja

Wo ich mir unsicher war

  • Keine allzu große Anzahl von Server-Standorten
  • Italien ist kein idealer Standort

Was ich gehasst habe

  • Alle Aspekte des Dienstes gehen davon aus, dass die Nutzer einen Doktortitel in höherer VPN-Konfiguration haben

Funktionen

AirVPN hat seinen Sitz in Italien und bietet Server in 15 Ländern, von denen die meisten in Europa liegen, mit Ausnahme von solchen in den USA, Kanada und Hongkong. Im Vergleich zu manchen anderen Anbietern ist das nicht viel, deckt aber die gängigsten Standorte ab.

AirVPN unterstützt nur das OpenVPN-Protokoll, da es PPTP und sogar L2TP/IPsec als zu unsicher erachtet (das Urteil über IPSec steht noch aus, aber OpenVPN ist unerschütterlich sicher und wird im Allgemeinen als bestes verfügbares VPN-Protokoll für kommerzielle Zwecke betrachtet). Angesichts der Tatsache, dass OpenVPN inzwischen auf allen wichtigen Plattformen (außer Blackberry und Windows Mobile) läuft, stellt das wahrscheinlich für die meisten Nutzer kein Problem dar.

Nutzer können bis zu 3 simultane Verbindungen aufbauen (perfekt, um PC, Handy und Tablet gleichzeitig zu verbinden).

DNS-Routing

Nachdem mehr und mehr Streaming-Dienste die Umgehung von Geo-Sperren mittels VPN und anderen Technologien zur Standortverschleierung blockieren, kommt das raffinierte DNS-Routing-System von VPN sehr gelegen, weil es die Verbindung über interne Server „doppelhüpfen“ lässt, um Zensur dieser Art zu umgehen.

dns routing

Das heißt, ich kann auch dann, wenn ich mit Servern außerhalb der USA und Großbritanniens verbunden bin, auf Dienste wie Hulu und BBC iPlayer zugreifen (es ist nicht erforderlich, sich mit einem VPN-Server in dem Land zu verbinden, in dem der geo-eingeschränkte Service gehostet ist!). In der Praxis hat das bei mir im Allgemeinen gut funktioniert… aber nicht immer. In diesen Fällen habe ich mich einfach mit einem Server in dem gewünschten Land verbunden, und das hat bei mir immer geklappt.

Ich sollte vielleicht noch anmerken, dass Netflix.com mich auf eine lokale Version der Website bringt (basierend auf der IP-Adresse meines VPN-Servers).

VPN über Tor

Neben BolehVPN ist AirVPN der einzige mir bekannte Service, der VPN über Tor anbietet, wobei man sich zuerst mit dem Tor-Netzwerk verbindet und dann mit AirVPN. Wenn du darüber hinaus noch eine anonyme Zahlungsmethode (zum Beispiel gut gemischte Bitcoins) nutzt, bedeutet das, dass AirVPN nicht wissen kann, wer du bist, weil es deine echte IP-Adresse nicht sieht.

VPN über Tor erreicht ein sehr hohes Niveau wirklicher Anonymität, etwas, das üblicherweise mit VPN nicht möglich ist. Es wird daher als die beste Möglichkeit angesehen, die Datenschutzvorteile von VPN und Tor zu kombinieren, obwohl die Tatsache, dass AirVPN einen festen Punkt in der Kette darstellt, der potenziell angreifbar ist, etwas darstellt, das man im Hinterkopf behalten sollte.

AirVPN stellt auch eine Anleitung zur Verfügung, wie man den Tor-Browser nutzen muss, um sicheres Tor über VPN zu erreichen (was sehr viel sicherer ist als die VPN-Funktion „Transparent Bridge“, die von einigen Anbietern bereitgestellt wird). Eine umfassende Diskussion zu diesem Thema findet sich unter
Die 5 besten VPNs bei der Nutzung von Tor..

Alternative Ports, SSL- und SSH-Tunnelling

Es kommt selten vor, dass VPNs geblockt werden, aber es kann in Ländern wie China und dem Iran passieren (obwohl es üblicherweise nur teilweise wirksam ist). AirVPN bietet dir die Möglichkeit, solchen Maßnahmen zu begegnen, indem du OpenVPN-Traffic über TCP-Port 443 laufen lässt. Dabei handelt es sich um den gleichen Port, der von normalem SSL-Traffic genutzt wird (dem Verschlüsselungsstandard, der vom gesamten Internet zur Sicherung von Websites und Internetdiensten verwendet wird).

Dadurch sieht OpenVPN-Traffic aus wie ganz normaler SSL-Traffic, der beides verbirgt und sehr schwierig zu blockieren ist (weil das effektiv das Internet zusammenbrechen lassen würde!)

AirVPN port settings

Die Port-Einstellungen lassen sich leicht im Client ändern. über TCP-Port 443 hinaus kannst du Zensur dadurch umgehen, dass du über eine Reihe von Ports hin- und herspringst, die wahrscheinlich nicht blockiert werden.

Ein zu allem entschlossener Gegner kann allerdings anspruchsvolle Deep-Packet-Inspection einsetzen, um zu aufzuspüren, dass VPN-Protokolle genutzt werden (und Länder wie China sind sich nicht zu schade, das Internet für die Nutzer zusammenbrechen zu lassen!).

tunnel_ssl

Die Antwort von AirVPN darauf ist, es seinen Nutzern möglich zu machen, ihre OpenVPN-verschlüsselten Daten mit noch einer weiteren Verschlüsselungsschicht (SSL oder SSH) zu umhüllen. Das sollte so ziemlich jede Methode, die dazu eingesetzt wird, die Nutzung von VPN aufzuspüren, unschädlich machen (die NSA ist möglicherweise in der Lage, das alte SSH-Protokoll zu entschlüsseln, deshalb empfehle ich bei Bedarf SSL-Tunneling).

SSL- und SSH-Tunneling sollten mehr als ausreichend sein, die Great Firewall of China, zu besiegen, aber man muss auch bedenken, dass beide für die zusätzliche Verschlüsselungsschicht zusätzliche Rechnerleistung benötigen, was deine Internet-Verbindung langsamer macht.

Auch Remote-Port-Weiterleitung steht denjenigen Nutzern zur Verfügung, die bis zu 20 offene Ports für eingehende Verbindungen brauchen, was für selbst gehostete Websites und Spiele-Server praktisch ist.

AirVPN besuchen »

Sicherheit & Datenschutz

Wie wir in der Tabelle sehen, nutzt AirVPN eine sehr starke Verschlüsselung.*

OpenVPN Encryption
Cipher
AES-256
Data Auth
HMAC SHA1
Handshake
RSA-4096
Control Auth
HMAC SHA384
Forward Secrecy
DHE-4096
Logs & Legal
Connection
None
Traffic
None
Country
Ok
Es muss eigentlich nicht erwähnt werden, dass AirVPN keine Protokolle aufbewahrt und geteilte IP-Adressen nutzt und einer der wenigen VPN-Anbieter ist, die Perfect Forward Secrecy implementieren (ohne das man OpenVPN nicht für besonders sicher halten sollte). Dafür setzt es 4096-Bit Diffie-Hellman-Schlüssel ein, die alle 60 Minuten erneuert werden (oder über den Client häufiger eingestellt werden können).

Dank dieser Maßnahme war AirVPN stets immun gegen die potenziellen Logjam-Attacken, die letztes Jahr von Forschern offengelegt wurden. Es war auch immun gegen „port fail“, die jüngste Schwachstelle, die viele VPN-Dienste betroffen hat, und zwar deswegen, weil es auf jedem VPN-Server unterschiedliche IP-Adressen für Eingang und Ausgang nutzt. Darüber hinaus ist AirVPN einer von nur wenigen VPN-Anbietern, die ihre Nutzer vor dem WebRTC -Bug schützen (und wie wir noch sehen werden, werden auch DNS-Leak -Schutz und ein Killswitch über den Desktop-Client geboten).

Wie oben besprochen, bietet AirVPN auch verschiedene (optionale) Technologien, die den Einsatz von VPN extrem sicher und privat machen (und dank VPN über Tor möglicherweise sogar wirklich anonym – vor allem angesichts der Fülle von anonymen Zahlungsmethoden, die AirVPN akzeptiert).

Aus meiner Sicht gibt es in Bezug auf technische Innovation und Exzellenz sowie Liebe zum Detail, was den Schutz der Privatsphäre seiner Kunden angeht, keinen anderen Service da draußen, der auch nur in die Nähe von AirVPN kommt.

Man muss allerdings festhalten, dass sich die Sprache, die AirVPN zur Beschreibung von Sinn und Zweck seiner Technologie und die Anleitung zum Setup verwendet, am besten als lapidar und Jargon-überladen bezeichnen lässt. Wenn man sich die Dokumentation von AirVPN ansieht, wird schnell klar, warum Mainstream-Nutzer davonlaufen könnten!

Ein weiteres potenzielles Problem ist, dass AirVPN seinen Sitz in Italien hat, einem Mitglied der Spionage-Allianz Fourteen Eyes, die mit der NSA und der GCHQ zusammenarbeitet. Das ist definitiv nicht ideal, und Italien ist auch nicht besonders freundlich, wenn es um Copyright-Piraterie geht.

Andererseits waren italienische VPN-Anbieter auch schon, bevor die EU-Richtlinie über die Vorratsdatenspeicherung aus Gründen der Menschenrechte vom Europäischen Gerichtshof für ungültig erklärt wurde, nicht verpflichtet, Protokolle aufzubewahren. AirVPN sagt, dass es den Fall vor den EuGH bringen würde, falls ein EU-Land, in dem es tätig ist, jemals solche Forderungen stellen sollte.

AirVPN hat nichts gegen P2P-Downloads von einem seiner Server.

Die Website

Die AirVPN-Website sieht eher funktional als hübsch aus, ein Eindruck, der auch durch die benutze Sprache nicht besser wird, die sehr häufig mit Jargon überladen ist und Terminologie nutzt, die wahrscheinlich nur fortgeschrittene Verschlüsselungs-Junkies verstehen. Das ist mit Sicherheit (und auch durch Kommentare unserer Leser bestätigt) nicht nur für Gelegenheitsnutzer abschreckend, sondern auch für Leute mit überdurchschnittlichem technischen Verständnis.

AirVPN stats 2

Eine Ausnahme von diesem allgemeinen Präsentationsstil, der sich nur an Technikfreaks richtet, ist die schön aussehende Server-Statistik, die es leicht macht, Details, wie Belastung, Benutzerzahlen, Ping-Zeiten, Routing und mehr auf einen Blick zu sehen.

Support

Support gibt es vor allem über die umfangreichen AirVPN-Foren. Leider tendieren die Diskussionen dazu, sehr technikverliebt zu sein, und es ist daher keine Überraschung, dass viele Nutzer sie als höchst einschüchternd empfinden (das kommt uns doch irgendwie bekannt vor, oder?).

Auf der positiven Seite sind die Foren eine Schatzkammer von VPN-Wissen, und die Bereitschaft des AirVPN-Teams, über intime Details ihres Betriebs zu sprechen (vor dem Hintergrund von etwas, das eindeutig hervorragende technische Kenntnisse sind) stellt eine frische Brise in einer Branche dar, wo der Support häufig entweder einfache Antworten auf komplexe Fragen gibt oder – noch schlimmer – den Eindruck erweckt, keine Ahnung davon zu haben, worüber er spricht!

Über Fragen im Forum hinaus kann man aber auch das AirVPN-Team (per Ticketsystem) direkt anmailen. Ich habe das in der Vergangenheit schon versucht und dabei die Erfahrung gemacht, dass es bis zu einem Tag dauern kann, bis die Antwort kommt, diese aber dann immer umfassend ist.

Der Prozess

Anmeldung

Die Anmeldung bei AirVPN ist kurz und schmerzlos, wobei die einzigen persönlichen Daten, die abgefragt werden, in einer gültigen E-Mail-Adresse bestehen (AirVPN ermutigt die Nutzer aktiv, für diesen Zweck eine Wegwerf-E-Mail-Adresse zu nutzen).

Bitcoin-Zahlungen werden über CoinBase getätigt, während Zahlungen mit anderen Kryptowährungen über CoinPaymnents abgewickelt werden. Sobald die Zahlung erfolgt ist, erhältst du eine Willkommens-E-Mail mit einigen praktischen Links. Anders als bei manchen anderen Anbietern werden keine Kontodaten per Klartext-E-Mail verschickt – man wählt seinen Login-Namen und Passwort während der Anmeldung.

Der Windows-VPN-Client von AirVPN

AirVPN nennt seinen benutzerdefinierten Desktop-Client (auch verfügbar für Mac OSX Mavericks und Yosemite sowie Linux) „Eddie“, und man muss natürlich nicht erwähnen, dass Eddie vollständig open source ist. Das heißt, er kann unabhängig geprüft werden, wodurch sichergestellt ist, dass nichts Unerwünschtes vorgeht, und ich wünschte, mehr VPN-Anbieter würden ihre Software open source machen.AirVPN Eddie 1

Eddie verfügt über DNS-Leak-Schutz, dynamische Serverauswahl und viele Statistiken als Entscheidungshilfe dafür, mit welchem Server du dich am besten verbindest.

AirVPN Eddie 2

Jede Menge Informationen!

AirVPN logs

Dank Echtzeit-Protokollen ist es möglich, ein Auge darauf zu haben, was Eddie genau macht (wenn man das Wissen hat, sie zu verstehen!).

AirVPN Eddie 4

Das Vorhängeschloss rechts oben zeigt an, dass „Network Lock“ aktiviert ist. Dadurch wird eine Firewall erstellt, die den Computer vor Ein- und Ausgang von Traffic außerhalb des VPN-Tunnels zu den AirVPN-Servern abschirmt. AirVPN bietet DNS-Leak-Schutz, und zwar auch dann, wenn Network Lock nicht aktiviert ist (mir ist bei der Nutzung des Dienstes nie ein DNS-Leak untergekommen), aber Network Lock sollte gewährleisten, dass DNS-Leaks unmöglich sind, während es auch als Killswitch fungiert.

Dieses Setup sollte auch IP-Leaks aufgrund des WebRTC-„Bugs“ verhindern, aber auf meinem System verursacht die Network-Lock-Firewall einen Konflikt mit meiner regulären Firewall, weswegen diese Funktion nicht läuft. Da sich dieses Problem nicht lösen ließ, ohne meine Firewall komplett zu deinstallieren (etwas, das ich nicht tun will), war es mir nicht möglich, diese Funktion zu testen, aber theoretisch sollte sie gut funktionieren.

Eddie routet IPv6-Anfragen nicht ordnungsgemäß, deaktiviert aber IPv6, um DNS-Leaks zu verhindern (man sollte aber deswegen AirVPN nicht zu sehr niedermachen, da außer Mullvad kein Anbieter DNS-Anfragen ordnungsgemäß handhabt).

Das eigentliche Problem, das ich mit Eddie habe, ist, dass er die Windows-DNS-Einstellungen ändert. Das ist in der Regel eine gute Sache, da dadurch gewährleistet ist, dass alle DNS-Anfragen von AirVPN-Servern gelöst werden. Aber wenn aus irgendeinem Grund der Client plötzlich herunterfährt, muss ich die DNS-Einstellungen manuell zurücksetzen, bevor ich mich wieder mit dem Internet verbinden kann (Systemsteuerung -> Netzwerk und Freigabecenter -> Adapter-Einstellungen ändern -> rechtsklicken auf Verbindung -> Eigenschaften -> Internet-Protokoll Version 4 auswählen -> Eigenschaften -> Bevorzugter DNS-Server: 8.8.8.8).

Eddie ist wahrscheinlich der VPN-Client mit der vollständigsten Ausstattung an Funktionen, den ich je benutzt habe. Wie bei den meisten Dingen im Zusammenhang mit AirVPN liegt der Fokus allerdings sehr auf Technik, und es werden Begriffe verwendet, die auch ein erfahrener VPN-Nutzer wie ich zuweilen nachschlagen muss, um sie vollständig zu verstehen.

Performance (Tests zu Geschwindigkeit, DNS, WebRTC und IPv6)

Speed-Tests wurden über eine 50Mbps/3Mbps UK Breitbandverbindung durchgeführt.

AirVPN_download
AirVPN_upload b
Die Diagramme zeigen die höchste, niedrigste und durchschnittliche Geschwindigkeit nach Server und Standort. Für mehr Details siehe unsere vollständige Erläuterung zu Speed-Tests.

Wie wir sehen können, sind die Ergebnisse ziemlich gut, auch wenn für mich (leicht merkwürdigerweise) die Verbindung mit einem Server in den Niederlanden schneller ist als die mit einem in Großbritannien. US-Performance ist von Großbritannien aus sehr solide.

Auch ohne dass Network Lock aktiviert war, habe ich nie Probleme mit DNS-Leaks gehabt, und wie vorher schon erwähnt verhindert Eddie IPv6-Leaks und (wenn Network Lock aktiviert ist) WebRTC-Leaks. Erfahrungsgemäß habe ich bei der Nutzung von AirVPN nur sehr selten VPN-Aussetzer erlebt.

Weitere Plattformen

Zusätzlich zum Desktop-Client Eddie bietet AirVPN Setup-Anleitungen für Android-Geräte (mit OpenVPN für Android, OpenVPN Client für Android und OpenVPN Connect) und iOS-Geräte (mit OpenVPN Connect) sowie DD-WRT- und Tomato-Router.

Ich persönlich nutze OpenVPN für Android und finde, dass es einwandfrei funktioniert. Die App verbindet sich schnell neu, wenn ich mich zwischen Routern hin und her bewege oder von mobil auf WLAN-Verbindung wechsle, und ich kann keine DNS-Leaks ausmachen. OpenVPN für Android kann sogar so konfiguriert werden, dass es als Killswitch fungiert.

AirVPN Review – Fazit

Was mir gefallen hat

  • Keine Protokolle
  • Starke Verschlüsselung (einschließlich Perfect Forward Secrecy)
  • Open-Source-Client mit DNS-Leak-Schutz, Killswich und WebRTC-„Bug“-Schutz
  • VPN über Tor
  • SSL- und SSH-Tunnelling
  • Port-Weiterleitung
  • Akzeptiert Bitcoins (und andere Kryptowährungen)
  • DNS-Routing, um VPN-Sperren zu umgehen
  • Kostenlose 3-Tage-Testversion
  • Schnell und stabil
  • 3 simultane Verbindungen
  • Die Website ist ein fantastisches Archiv für VPN-Wissen
  • P2P: Ja

Wo ich mir unsicher war

  • Keine allzu große Anzahl von Server-Standorten
  • Italien ist kein idealer Standort

Was ich gehasst habe

  • Alle Aspekte des Dienstes gehen davon aus, dass die Nutzer einen Doktortitel in höherer VPN-Konfiguration haben

Sogar schon die Beschreibung der zahlreichen Funktionen von AirVPN in diesem Review zeigt zur Genüge die Stärken dieses Dienstes, aber auch, warum viele Nutzer Probleme damit haben. Was Engagement für Datenschutz, coole Funktionen und technisches Knowhow angeht, ist AirVPN äußerst beeindruckend – tatsächlich kommt meiner Ansicht nach kein anderer Anbieter auf dem Markt diesbezüglich auch nur in die Nähe.

Aber (und das ist ein großes Aber!) AirVPN gelingt es aufgrund seiner undurchdringlichen, techniklastigen Ausrichtung nicht, ein breiteres Publikum anzusprechen. In vielerlei Hinsicht ist das unfair, da der AirVPN-Client leicht zu bedienen ist (einfach herunterladen und ausführen!) und es kleinlich wirkt, einen Service dafür zu kritisieren, dass er gewissenhaft auf Details achtet und eine ganze Reihe von Funktionen anbietet, die man anderswo nur selten (wenn überhaupt) findet.

Wenn wir allerdings einen kurzen Blick auf die Diskussionen in den Foren oder auf große Teile der Dokumentation werfen, die eigentlich dazu gedacht ist, Nutzern zu helfen, oder wenn wir uns ansehen, wie die Optionen im Client präsentiert werden, wird schnell klar, warum die Website auf Besucher und Kunden einschüchternd wirkt!
Daher denke ich (so begeistert ich auch davon bin), dass man AirVPN eher als Nischen-Anbieter betrachten sollte, der sich mehr an Technikfreaks und Datenschutz-Junkies richtet als an ein Mainstream-VPN-Publikum.

AirVPN besuchen »

*Der Abschnitt zu Datenschutz und Sicherheit in diesem Artikel wurde aktualisiert, nachdem AirVPN Kontakt mit mir aufgenommen hat, um ein paar Irrtümer/Ungereimtheiten zu klären, von denen sich die wichtigste auf die Nutzung von HMAC SHA1 Authentifizierung von Daten- und Kontrollkanälen bezogen hat. Ich bin inzwischen überzeugt, dass HMAC SHA1 äußerst sicher ist. Die ausführliche Begründung von AirVPN findet sich im Kommentarbereich zu diesem Artikel.

Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

108 Antworten auf “AirVPN Review 2017

  1. Hi Douglas,

    You wrote “No logs”, however we can read on their “Privacy” page:
    “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.”

    So, it seems they log our personnal IP address, am I wrong?

    1. Hi Bob,

      As I discuss in 5 Best No Logs VPNs, every VPN must, as a function of VPN technology, keep real-time logs. AirVPN, however, only keeps such logs in RAM until the client disconnects, and all output is directed to /dev/null (meaning that is it not recorded). This is pretty much as close the definition of a no-logs VPN as it is possible to get. This exact question is addressed in this discussion.

      It is worth noting, however, that you can access quite detailed session history via your archive page. This includes stuff such as timestamps and connection duration, and is enabled by default (it can be disabled). I have asked for further clarification on how this squares with the above information, and will update this answer (and the article) when I receive an answer.

  2. Dear Mr. Crawford,
    Thanks for your various reviews and articles that have proved very helpful for someone finally getting more serious about privacy, and in particular for your AirVPN review. AirVPN seems the best for my purposes, with its tech orientation duly noted. I plan to sign up, via annonymous payment.

    First off my needed level of privacy is more general and in response to new laws allowing ISPs to sell personal net usage history. Also, I would like to feel free to excersize my free speech rights and publish satirical political commentary without fear of undue harrassemnt (for legal speech), particularly by thin skinnned and vindictive, high governent officials.

    I understand that if someone engages in activities that cause the government to really want you, they will probably find you. I looked at some deep web leaning security sites, which are way too head-spinning, disciplined and paranoia inducing on a daily basis for me to try to maintain something near anonymimity with with sandboxes, and an array of other measures. My goal is more modest, a VPN, firewall, and browser track-blocking set up that provides a baseline of privacy for an average joe, with a sometimes sharp tongue.

    Your articles raised a lot of questions, which I hope you can help out with. My basic set up plan is:

    A) Major ISP provided cable modem router, which has 4 LAN ports.
    B) 1 Modem Port: To run Non-VPN Wifi Router for guests, and smartTV/AppleTV over which to run Netflix and possibly other streaming services without speed hits, as i have no geolocation issues at this point.
    C) 2nd Modem Port: to run OpenVPN flashed Wifi Router running AirVPN for Mac Desktop (wired) and when home, Mac Laptop, iPad and iPhone (over wifi) for private home browsing and online activity.

    QUESTIONS, mostly from general to specific
    1) Is this dual router set up, 1 non-VPN and 1 VPN router, secure if set up properly? Will the non-vpn one give up the VPN one somehow?

    2) Will the insecure nature of mobile devices when used over the VPN router (iphone and ipad with GPS chip) make my real IP address vulnerable to someone interested in corrolating the IP with my mobile device locations? Meaning that the mobile iOS devices should use the OpenVPN Connect software, rather than depend on the VPN router. Or would I still be susceptable to that kind of identification? though this kind of thing mostly done by government law enforcement agencies than by criminals or malicious hackers?

    3) Probably revealing my ignorance here, but could one run AirVPN desktop and/or OpenVPN Connect software at the same time as running over the VPN enabled router? Or would that cause conflicts, speed or looping issues?
    3b) Would there be an advantage to running the router on a 2nd AirVPN account, or from another VPN provider and the AirVPN desktop / OpenVPN Connect software for each device. Or would that make things super slow?

    4) You note in one of the comments that its better to use desktop VPN software, rather than over a router as you would lose some AirVPN features, notably the Kill Switch (“e.g. “network lock DNS leak protection and kill switch, port selection etc.”).

    This seems sound advice, but then I found some router code that enables you to “install” a Kill switch on a flashed router:
    Go to the Administration > Scripts > Firewall section and paste in the following script:
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    Click Save and then reboot your router.
    This is pretty simple to impliment, assumiing this code is correct.

    I am wondering if there are other OpenVpn router level script tweeks like this to fill in some of the other lost AirVPN features like network lock DNS leak, or simply by using Little Snitch/VPN Monitor as you mention in other articles?

    4b) As above, you mention port selection as another feature lost via router set up (which seems to be good for gaming, which i don’t need). But what are the other “etc.” features I might not want to miss in a router set up?

    5) Since I will need to install the desktop VPN software on my laptop and iOS devices anyway, for when away from my vpn router, was it really premature to buy and flash the OpenVPN enabled router?

    Thanks for any and all comments on the above!

    1. Hi AnnoyedCitizen,

      Thanks!

      1) That should be a secure setup. I like it!

      2) The biggest problem with mobile devices is that both the OS and individual apps tend to send a lot of information back to their publishers (including Apple). This information gets sent regardless of whether a VPN is used. This can only be countered to a limited extent by clamping down on app’s permissions (which may prevent them from working correctly). So it’s really private companies rather than the government which are the danger here (although Apple did cooperate with the NSA…). Criminal hackers are not a big problem for home users, as your WiFi connection to the router will be encrypted (with WPA/WPA2). Using a VPN will, however, protect you when using an iOS device on public hotspots.

      3) Yes, you can do this, but as I discuss in this article, I think the advantages are limited if both VPNs connect to the same provider. Using two different providers has greater privacy benefit, but will cost more and be slow.

      4) That script is a good find. If you implement it, I’d be interested in hearing how it works out. You can certainly use IP tables on your router to prevent DNS leaks (see also here for instructions on configuring Little Snitch to work as a kill switch/ DNS leak protection).

      4b) VPN through SSH or SSL tunnels, VPN through Tor. But I’m guessing you probably aren’t interested in these features, anyway!

      5) Well, you can now connect all devices to AirVPN at once (AirVPN permits 3 simultaneous connections). Other family members and guests can also benefit from using the VPN.

  3. 2 questions:
    1) Does the AirVPN setup in particular, and VPN setups in general, play well with cable TV modem routers?

    2) Does AirVPN have an open source IOS setup or app for Iphones?

    1 comment:
    Cisco Jupiter routers were compromised by the NSA, and for high-priority honeypot operations, it is SOP to target, intercept & re-direct shipments of computer component hardware in transit to engineer backdoor code insertions through chip-sets, so short of building your own servers and also visually monitoring them 24/7/365, it is very appropriate to ask the question whether servers manufactured in the UK, or anywhere else for that matter, are being competently inspected by VPN providers at the hardware, firmware & software level to detect similar compromises by GCHQ, NSA or any other hackers through code insertions into the server. After looking at the descriptions of your best 5 logless & encryption VPN providers, each of them describe a minimum of one or more glaring attack vectors for data interception or insertion by players operating at the level of the 5 Eyes Alliance.
    Even though yet to be reviewed by you, OVPN is the only commercial VPN service I am aware of which has demonstrably established functional design security all the way down to the bare metal level. As a result they have effectively eliminated all covert vectors of undetectable server-side SIGINT. So much so, I am confident of their ability to handle the targeted scrutiny that will come their way due to publicly raising their profile. Besides, they could use the business to setup more servers in more countries, lol! Of course, they remain exposed to the risk of HUMINT penetration & compromise, but as Edward Snowden has spectacularly demonstrated, everyone is exposed to that risk, even the NSA.

    1. Hi Orwellian,

      1. Being based in the UK, I am not really familiar with cable routers (cable is not a thing here). But if it is a modem/router, then I see no reason why any VPN would not play well with it.

      2. No. AirVPN does not have any custom mobile apps. It instead provides the OpenVPN files necessary to manually configure OpenVPN Connect. This is the official app from OpenVPN Technologies, Inc. It is not 100% open source, but is the closest you will get for iOS.

      3. If the NSA is really out to get you (specifically), it probably will. It would be safer to use Tor than a VPN, but even then… If running OpenVPN in software, then it doesn’t matter if the router has been compromised, as the data is encrypted before and decrypted after it passes through the router. And a VPN router (or server will be able to resist almost all port attacks as long as strong handshake authentication is used (e.g. RSA-2048).

      4. Looking at the OVPN.se website, I am indeed impressed by the fact that it runs all of its own bare-metal servers, and does so without using any type of storage media. I am very busy at the moment, but when I have the time I would love to investigate this service more closely. Thank you for bringing it to my attention.

  4. I’m still enjoying AirVPN for a month now. No hiccups. I also couldn’t resist buying a very inexpensive Lifetime subscription to VPN.asia (also reviewed on this site). They both seem comparable, although VPN.asia doesn’t have as many servers and does not support Perfect Forward Secrecy. It does have a killswitch now.

    One odd thing: whoer.net warns with VPN.asia: “We have determined that you work under a proxy server with a low level of anonymity. Proxy servers are intended to increase the speed of your connection with the help of caching. Your IP replacement in the process is just a sideway action rather than a main purpose of proxies, and they can be easily detected. Please use other means, for example VPN. Open ports 80, 11080, 1723 [cached]. AirVPN give no such warning. Both are running OpenVPN.

    VPN.asia’s response was: “There are more ports open on our servers because we run multiply protocols, but this not means that its not secure.”

    Is this something to be concerned about?

    1. Hi R,

      I must admit that I have not come across this issue before. But I think VPN.asia’s response sounds valid, and there is nothing to worry about. Do you get any such warnings when you visit ipleak.net?

      1. Douglas,

        ipleak.net reports: “No forwarded IP detected. If you are using a proxy, it’s a transparent proxy.” for both AirVPN and VPN.asia.

        With my provider-direct connection there are no errant open ports. (Shields Up! stealth mode) I was expecting the same with VPN’s (both Fail). So, if some of these ports must be open to support various protocols doesn’t that put the VPN at risk for attack?

        1. Hi R,

          – I’m afraid that I don’t really understand why you are saying “I was expecting the same with VPN’s (both Fail).” ipleak.net detected no issues, while whoer.net only reported an issue with VPN.asia. Perhaps I am getting a little confused?

          – All VPN servers must open some ports, or else there would be no way for traffic to go in or out! The L2TP protocol, for example, uses UDP port 500, while by default OpenVPN uses UDP
          port 1194 (although it is common to run OpenVPN over TCP port 443 in order to mimic HTTPS traffic). It therefore stands to reason that the more VPN protocols a server supports, the more ports it must open.

          – It is my understanding that a strong authentication certificate (e.g. RSA-2048) will prevent a VPN server from being hacked via any open ports. In addition to this, any VPN worth its salt will employ failsafe mitigation measures. It is common practice, for example, to create log files to log any invalid authentications. The VPN provider can then filter these logs with a firewall named fail2ba. If there is X number of failed auths from one ip, fail2ban will enter the ip in iptable and the server will not respond to any a packets sent from that IP.

  5. I signed up with AirVPN about 18 months ago. I am not a techie, but am not tech averse. I signed up on the recommendation of a former military guy I know who is well versed in this topic, personally and professionally.

    It took a while to work through the nuances or AirVPN and Open VPN but if you’re patient, and refer back and forth between the instructions and the apps, it will happen.

    I also like their site for checking your IP address, ipleak.net. It shows the IP you’re using, plus shows any leakage, and helps you plug that leakage.

  6. In one of your replies to my questions you suggested I go with express vpn but I replied with a concern of setting the VPN for my android tablet (amazon fire) and you gave me instructions on AirVPN so which one do you like most for: privacy and streaming video on such providers as kodi, Netflix, and Hulu. Oh do both VPNs provide set up instructions on their sites. Sorry I am full of questions.

    1. Hi Scott,

      I persoanlly use AirVPN for reasons discussed in this review. But it is a service aimed more at techies, and can be a little rough around the edges. It also has no dedicated Android app. This is not a much of a problem for me, as the third-party OpenVPN for Android app is very good. But it does require a little setting up. I recommend ExpressVPN for you because it is a very professional service that offers an easy-to-use Android app which requires almost no setting-up at all (just install and run). Both services provide setup instructions on their websites, however, so neither should be too hard to get up and running. Note that AirVPN will give you a 3-day free trial if you email them about it, so you can always just give it try to see how you get on.

  7. Douglas
    So one more thing…what about my concern for the VPN gaining access to my desk top PC when I use my tablet at home. Can and will they? You suggested express vpn due to it being user friendly and having good android mobile apps. You said they keep some logs but they are aggregated. Sorry for my ignorance but what does aggregated mean as it relates to the VPN service Can I feel secure using kodi with Express VPN as I would assume most inforcment is interested in things more significant.

    1. Hi Scott,

      – Using a VPN does not give anyone access to your PC or tablet. It’s simply not how they work.

      – Aggregated means that things such as connection times to the VPN server and length of session are logged, but these logs are not associated with an individual IP address (user). They are therefore useful for troubleshooting purposes, but pose a minimal privacy threat.

      – ExpressVPN has no problem with people using P2P or Kodi etc. on its service, and will protect you wile doing so.

  8. I just wanted to let you know that, after months of reading reviews here and a lot of procrastination, I finally signed up for airVPN and couldn’t be more pleased. I found the signup process easy and had no problems getting setup quickly and online. Everything works fine – no leaks of any kind, straight VPN, VPN over TOR, TOR over VPN. Although there is variability in server latency and speed I have found a few that give me fantastic throughput on my 150mbps connection. I would say my first VPN experience has been a very good one.

    Many Thanks!

  9. AirVPN is not so good now. All last new servers in Switzerland, Belgium, Austria, Czech Republic they buy at M 247 Ltd. But M247 is UK company. And you know what is going on now with privacy in UK.
    I don’t understand what is the point to buy CH and other servers at UK company ? Airvpn doing bad things.

    1. Hi Se55iE,

      Interesting find. You are correct about AirVPN using M 247 Ltd servers. In this article AirVPN argues that it is irrelevant who owns the servers, but I will reach out to it for further comment on the situation.

      1. Hi Se55iE,

        AirVPN has responded to my query about this (which cited the IPB) with the following,

        “The Investigatory Powers Act scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016).

        The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2012 about partition of trust to deal with this problem):
        airvpn.org/topic/54-using-airvpn-over-tor/#entry1745

        Note that with M247 we have various servers in various countries, not only in the UK. The applicable law is the law of the country the servers phyisically is located, as clarified by Art. 29 Working Party in the EP.

        Also please note that the Act has not yet been implemented operatively for data retention, not even at ISP level at the moment, and chances are that it will never be operative for datacenters (in regard to indiscriminate retention). About this last important point (data retention), our policy does not change and any interference with that will cause us to discontinue any server in the UK, just like we already did in France.”

        So what I take from this is that it does not matter whether M247 Ltd is a UK company, as long as you avoid UK servers (which is always a good idea anyway).

      2. Hi Doug- I’m pretty much of a total novice re VPNs, etc., but was wondering if I could enhance the privacy of my telephone contacts by using a VPN with a VOIP service. Since I understand there can be compatibility issues, is AirVPN compatible with VOIP services?, and, if so, which one(s). Also,if not, which VPN would you recommend that would afford maximum privacy and VOIP compatibility? TIA Roger

        1. Hi Roger,

          Using any VPN service (including AirVPN) will prevent your VoIP conversations being listened into by hackers when using public WiFi hotspots. But that is pretty much it. Your best option to improve phone/VoIP security would be to use Signal.

          1. Thanks for the Signal tip Doug-Actually though,(vs hack protection),I’m at least as concerned with Voip as a vehicle to maintain my anonymity when I make calls to regular phone numbers. Was assuming that if I started using a VPN(like AirVPN),if I then set up a Voip account like Skype over that VPN, that 1)all location tags would be blocked, and, 2)Only indication of my identity would be the name that shows up on caller ID. Assuming these are both true, which Voip providers afford the best protection of subscriber personal information(since I don’t believe Skype does). If such a Voip exists, would assume that would solve all my problems. Any suggestions? TAIA

          2. Hi Roger,

            Well, if using a VoIP though a VPN (such as AirVPN), then your IP address will appear to be that our the VPN server you are connected to. So yes, it should work for you in this context.

    1. Hi Eng. Tarek,

      With AirVPN (as with most VPN services) you are assigned an IP address that is shared with many other AirVPN users (usually 50-100) . This is good privacy as it makes it very hard to determine which of the IP addresses many users is responsible for what action on the internet.

  10. Hi

    1) Is there any possibility of choosing the encryption type for each server?

    2) Any feature(s) that AirVPN would charge for extra like choosing PFS over Cipher?

    3) The issue of Kaspersky Internet Security’s firewall conflicting with AirVPN’s firewall anyway to resolve it? I’m thinking of using Kasperskey on my PC.

    Thanks

    Regards

    1. Hi Sim,

      1. AirVPN only supports the OpenVPN protocol. Given that this is the most secure (as long as PFS is used) and flexible VPN protocol available, I believe this to be sensible and principled decision.
      2. PFS is used in addition to the cipher. All AirVPN connections use PFS (for an explanation of what PFS is, lease see here).
      3. I’m afraid that I don’t use Kaspersky Internet Security’s firewall, so I can’t comment. The best place to ask about this is probably on AirVPN’s forums. You can, of course always use AirVPN without Network Lock (the firewall) enabled. I have never suffered DNS leaks even when Network Lock is turned off, although it does mean kill switch functionality is not available. There may well be other, better, solutions.

  11. Hello,
    I need your help if possible .
    I just discovered Air VPN and started to use it now for one month.
    I was award of privacy while surfing but it was not easy to to decide which way to go and which tool to use but after reading alot on this site it gave me my answer,I’m in for a full year and even if there’s a lot of stuff I don’t get while looking at the logs I feel safer.
    My questions are regarding 2 points.
    I was using services from “Returnil Quietzone”and still do and I was wondering if the 2 softwares are complementary ? I have it not working on for now .
    My second questions is regarding the use of the ALFA R-36 router in my configuration,feels like I’m experiencing slower speeds while going through the router,I don’t know what should I change in the router’s settings.
    For infos,my 2 testing configs are: (connecting to my friends’s Wi-Fi whit her approbation).
    – A 14dB panel antenna directly to the AWUS036NH with an active 5m USB cable to my PC,it works fine,looking at the logs after a full day,no connexion breaks.
    – Same installation but going to the R-36 to have a my personnal wi-fi in the house is a different story,lots of connexion breaks but returns after these messages,’Disconnecting’, ‘Authorzation check failed,continue anyway’,after the 4 th try it connect back to a server and keeps on.
    Not sure if I’m at the right place for that and hope I did explain my little problem not to confusing.
    Thank you for your great work,I learned alot .
    terry

    1. Hi Terry,

      1) Quietzone sandboxes your web sessions as well as connecting you to the internet via the Tor Network. It is closed source proprietary software, so for simple sandboxing your browser I would use free and open source Sandboxie instead. You can also use Sandboxie to sandbox the Tor Browser, which will achieve pretty much same thing as Quietzone, while being more secure (the Tor Browser is hardened, and you are not trusting a third party to make your VPN connection for you).

      Using Quietzone and a VPN together will dramatically slow down your internet connection (thanks to Tor). Sandboxing your browser does have complimentary function, but whether this is worth the extra hassle depends on your threat model. Personally I wouldn’t bother, but that is up to you to decide.

      2) The main problem with using a router for VPN is that processing a VPN connection is very processor-intensive (especially for OpenVPN). This means that all but the beefiest routers struggle with the job, resulting in poor internet performance.

  12. Hi douglas, can you help me to configure my airvpn for best surfing websites ? how to activate dns leak protection and killswitch, i always see on ipleak.net i see that is no airvpn exit activate, i just see my country i think because of dns leak ? thank you, sorry about my poor english.

    1. Hi Wilton,

      In order to enable DNS leak protection and the kill switch in the AirVPN client you must enable the “Network Lock” feature. This creates a firewall that only allows internet connections that go through the VPN. When you first start the client up, and before you hit “Connect”, you are offered the chance to enable Network Lock (see screenshot). The option can also be turned on and off in Preferences -> General.

  13. I have been living on this site for the past few days. I’m going to purchase a VPN very soon. I travel extensively and I don’t go to “adult” sites or anything like that.
    However, I do a lot of online banking and Amazon purchases.
    I, obviously, want to keep all of that info encrypted since I’m in hotels and airports.
    Would AirVPN be the best choice for me?
    I’ve been swayed back and forth a good bit lately between ExpressVPN and AirVPN.
    Thank you for your hard work and time. This is a great educational site!
    Mark

    1. Hi Mark,

      For simply visiting your banking website and Amazon, etc., you do not really need a VPN, as your connection is protected by HTTPS. In many ways ExpressVPN and AirVPN straddle opposite ends of the VPN spectrum. ExpressVPN is arguably the best provider around in terms of newbie-friendly software, great customer service, and a genuine no quibble 30-day money-back guarantee. AirVPN, on the other hand, is arguably the best VPN service out there in terms of dedication to privacy and technical know-how. But it is not newbie-friendly and customer orientated in the way that ExpessVPN is. So it’s a bit like chalk and cheese. Personally I use AirVPN, but I fully understand why many others prefer ExpressVPN’s more approachable service.

      1. Douglas,
        Is there anyway I can email you with a few questions? I would rather do that than have everyone see our questions.
        If you can see my email address that’s needed to post, please send me an email there.
        I signed up for AirVPN for a few days and I just have a few questions.
        Thank you.
        Mark

        1. Hi Mark,

          I am employed by BestVPN, so please direct your questions here. We do not check whether the email address you enter is valid, so feel free to make one up and post your questions anonymously.

          1. Douglas
            I am so frustrated! I am not computer savvy and have been fretting over VPNs for days now. I want one where privacy is of first importance and do not keep logs. I just want kodi covered. I want the VPN to only work on my tablet and not have access to my personal desk top pc and the info that is on it. I want one that is not going to cause lag in streaming. I was going to go with private internet access but then there was tons of complaints. Then I was thinking AirVPN but the UK kind of freaks me out. I have seen a lot of youtube vids that say go with IPvannish and other say private internet access. Im also worried that when I pick one that im not going to set it up right and my tablet is not going to function as I need it to. Just an FYI my tab is 32gb with 28gb available. HELP ME PLEASE!

          2. Hi scott,

            Any decent VPN will do what you ask. I would suggest ExpressVPN because it has very easy-to-use mobile apps (perfect for your tablet). It does keep some minimal connection logs, but even these are aggregated.Not that AirVPN is based in Italy, not the UK (still 14-Eyes, so not perfect, but where is?) IPVanish and PIA are based in the US, and so are not recommended for privacy. NordVPN is based in Panama, keeps no logs at all, and has a mobile app, but can be slow. Another good option is Gibraltar-based IVPN, but this has no mobile apps.

          3. Hi scott,

            In the OpenVPN for Android app select the Settings tab. Tick “Connect on boot”, then touch “VPN used on boot and for Always-On” and select the AirVPN profile you want to use. If you are not already using AirVPN then you will find a provider that offers an Android app much easier to configure for your tablet.

    Nice review Douglas, I’m another of those totally satisfied customers (using it for 1 year, just renewed for another one).
    But yes, it is definitely for the more tech-savy crowd, nothing you point your mother at and just say “use that” 😉
    Two issues can get really frustrating the mentioned DNS problem when Eddy crashes, which they really should just give a prominent posting at their website as I needed some hours to find the root of the problem and resolve it.
    The other problem (general VPN problem not AirVPN related) is what I’ll call the MTU-Problem. I was at my mothers home who uses Unitymedia cable as a provider and I just couldn’t get a stable VPN connection, it worked for a short time and then just failing to transfer anything and sometimes even taking the router with it so I had to reset the router. That took me a lot of time resolving including reading a lot of VPN documentation and all sorts of partially related hints, postings,…
    You have to lower the maximum MTU-size then it works (eg link-mtu=1300 in the openVPN manual settings). Still don’t fully understood how to calculate the optimum MTU-size but playing around with the size should get you a working connection. If I sometimes decide to delve really deep into this topic and finally really understand the parameters (there is the fragment parameter to set and the correct mss-size to get the optimal throughput) then I really have to write a FAQ on this as there is not one easy explanation on the Web.
    But this is NOT an AirVPN problem, this is related to the provider!

    So, sorry for the long entry, just wanted to help other people having this problem, as I had big problems finding the cause and solution (and I’m very good at searching the web).

    Jochen

    PS: Just adding this for Search Engines to find it, remove if unwanted:
    Unitymedia VPN problems disconnection

    1. Hi Jochen,

      Thanks!

      – In fairness, the DNS issue affects just about any VPN client that uses a firewall for DNS leak protection and kill switch. I totally agree that AirVPN should do more to flag up the problem and explain how to fix it.
      – I must admit that I have never heard of or encountered this “MTU-Problem before. Thanks for flagging it up, and for what sounds like the sterling work you have put into researching it. Do you know if it is just a Unitymedia (a German ISP) issue, or can it affect customers of other ISPs? If/when you do write a FAQ, please do contact me or post a link to it here.

  14. I’m a rookie. This info sounds like a good choice. I have a new ASUS dual band router. How does this work? The software is to be installed on my router?

    1. Hi Phillski,

      You can either install the AirVPN software client on your computers or configure your router (AirVPNs instructions for doing this using Asus-WRT are available here). Note that if you run the VPN from your router, you do not benefit from the additional functionality provided by AirVPN’s desktop software (e.g. “network lock DNS leak protection and kill switch, port selection etc.). It is also worth noting that the processor in even high-end routers can struggle to cope with the demands of processing OpenVPN, so your internet connection when using VPN will likely be faster using desktop or mobile VPN software.

  15. Hi Douglas,

    Just a few words of feedback on my 1-week journey with AirVPN. Well, in fact I’m satisfied with the speeds I get, when connected to their 1-Gigabit servers with the minimum latency.
    What I don’t really like is that Network Lock feature simply does not work when Kaspersky Internet Security is installed and operating. Whenever I disconnect from whatever AirVPN VPN-server, the software is telling me: “Network is locked” or something like that. So, I assume, I shouldn’t be able to browse Internet anymore, right? Not a chance. The internet is still working as it has always been working.
    I need to shut down Kaspersky to make this feature work. Not good!

    Second issue is that AirVPN broke my Wi-Fi connection on the very same computer, when I utilized AirVPN through it. I have no idea what the software changed, but now Wi-Fi simply does not work — there is still a normal connection, but no connection to the Internet. I need to switch AirVPN back to browse internet while on wi-fi (I have a TP-Link 300mbps n-type USB adapter and I’m getting the internet from my smartphone, which is able to create a wi-fi hotspot).
    Guess I need to go and browse their forums for some info, I’m not sure I’m the only one with these problems.
    So, these are the facts, which kinda preventing me from purchasing a one-year package.
    I don’t like these facts and I’m really not very enthusiastic as to investigating these issues myself. Maybe you can advise anything? Overall it seems like they don’t have competitors on the VPN-market offering the same features and general stability. Correct?
    Thanks a lot.

    1. Hi Leon,

      Thanks for the feedback.

      1) AirVPN’s “Network Lock” is in fact a firewall that prevents all connections outside the VPN. The Kaspersky Internet Security suite also uses a firewall. The 2 firewalls clearly have conflicting rules, and the Kapersky one is blocking Network Lock from functioning correctly. This is annoying, to be sure, but I don’t think really fair to blame AirVPN for the issue.
      2) As with most good VPN services, AirVPN routes DNS requests to its own servers (rather than your ISP performing this function). What you are experiencing is almost certainly due to your DNS settings not returning to default values after quitting AirVPN. Please see my How to Change your DNS Settings guide on how to fix this.
      3) When it comes to VPN technology, AirVPN is in a class of its own. But as noted in this review, user-friendliness is not one of its strengths.

  16. hi Douglas,

    Im using PIA (private internet access) vpn. i use viber alot. on viber what ever vpn you use it always shows your exact location (i mean your true location). you can change to hundred location on vpn but it never change on viber. why is that? how can tweak the settings so it could show my vpn location?

    1. Hi nic,

      The problem with Viber is that it is a mobile app, and mobile apps use information other than your IP address to determine your location (for example your GPS location data , network provider information, and IMEI number). Using a VPN cannot help with this, and unfortunately there is very little else you can do about it.

  17. Douglas

    Your review of AirVPN is much appreciated. I have come close to signing up with others by reading comments as held me back. The only value I see from using VPN is to keep each persons ISP or local government off their back. If one only used VPN when needed it might make sense.

    I used VPN years ago through HMA. It was almost okay at the time but had no kill switch that worked. A lot has changed since then so I am back to the newbie level.

    Paranoia in the war with the three letter guys is not misplaced. They are very good at what they do. Experience with these guys tells me that they know almost everything about us they want to know. The new $1B+ NSA complex in Utah is coupled with a new Adobe complex across the road with direct fibers interconnecting. One of the prime principles of surveillance is to hide things in plain sight. Nobody thinks to look there. I have blocked all Adobe connections on my computer and do not use Flash or Adobe reader. The first thing they do when activated is to call home. I don’t know how much or what information is sent but the one thing that rarely changes is my MAC address. You might say the MAC address does not go past my router but that is only when it is in the header. If it is sent as part of the payload then all bets are off.

    I can see the effects of my blocking Adobe and AddThis by the number of connections the system tries to establish and are rejected by the firewall. Standard procedure is for them to keep incrementing port numbers looking for a way out.

    So why do I go into such detail? I want my life back only to myself about what I do on the internet. With all of this software calling home, with who knows what or how much information, I wonder if using the best VPN available will help if when I start my browser, my identity is revealed. When Firefox came out with a recent update they included a black box (no longer open source) for the DRM people. I found the DRM module was calling home every time FF loaded. I don’t use any DRM material on my machine. I chose to install the non-DRM version. Most people don’t even know it exists.

    I see VPN as only a partial solution. A solid firewall with Adobe, AddThis, and others blocked helps. NoScript is another good weapon.

    What I don’t understand, as a newbie, is if I install AirVPN will I still have access to my network printers and other computers on my LAN that I share files with? I don’t want to be trashed by the wizards at AirVPN for asking these types of simple questions. If I have to change some ports, configure something, or edit the register I am okay with that. The problem is I don’t know what to do and don’t have their experience.

    One thing AirVPN could do is provide help files or links to simple information a non-wizard needs. Forgive me, Mr. Wizard, if I offend you by asking what you think are dumb questions. I have my specialties and you have yours. Please guide me in the right direction. I am willing to dig for it and learn. I just don’t know where to look.

    1. Hi John,

      Offend? Ha ha. That’s what I’m here for!

      – I completely agree that using a VPN is a only partial privacy/security solution. I think you should view internet privacy and security as a complex problem, and to have any chance of addressing the problem, you need the right tools. A VPN is one such tool, and if implemented well (as it is by AirVPN), a very good one.

      – If the NSA is after you in particular, then you are probably fucked. A VPN, however, is very effective at hiding your internet activity from blanket surveillance measures.

      – Please see my article on Firefox to incorporate DRM (reluctantly). Note that DRM can be turned off in Firefox (Settings -> Content).

      – To stop online tracking, browser extensions such as Privacy Badger, uBlock Origin, and (if you want to go nuclear) NoScript are better than VPN (or more accurately, should be used in combination with a VPN – see “toolbox” comments above).

      – As with almost all VPN clients, AirVPN exempts LAN connections from its firewall, allowing you to use local resources such network printers and NSA drives as normal. The only problem I have ever encountered is connecting to my Chromecast from my PC when AirVPN is running (although, strangely enough, Casting from my Android phone with AirVPN running works just fine).

      1. Ublock Origin with Dynamic Blocking enabled is better than NoScript, as it prevents your browser from sending requests to the server in the first place.

  18. Hi Douglas,

    very helpful review, thanks! I am in China, using two vpn …just in case. The Air VPN set-up took some time as the user interface requires some understanding, which I do not have. But there was a good explanation on the website and I managed. Now I am able to use google and watch you tube videos. It also works during times of increased blocking activities (during public holidays and party congresses).

    Thanks!

    Matthias

  19. Save your money by reading this! Being AirVPN user for 3+ months, I can say – run away as fast as you can!

    Their servers worked well enough for 2+ months, then connection problems started occurring more and more often. Today I posted a message on their forum telling that service is down again, and called it a “great service”. Do you know what happened? They instantly banned me on the forum, closed my VPN account (I paid for 12 months of service) and this is it!

    Needless to say, they ignore all my emails and refund requests, so stay away from this “company”! Otherwise, your account will be closed and they will keep all your money in case you complain about their service.

    1. Hi nobody,

      Ouch! That’s not good! I must say, however, that my experience has been somewhat different, and that AirVPN’s support has always tried to help when I’ve had an issue..

    2. @nobody (Poster)
      Well with the tone in which you write, I can understand why they might ban you, as you were probably quite indignant. By the sound of it, you appeared on the forum and cried like a baby, no offence. “Your servers are down! Nothing works!!!” and not even bothering to:

      – Describe the problem
      – Describe your setup and/or show relevant client logs
      – Describe things in a civil way
      – Describe the results of using AirVPNs OWN TESTING SERVICES such as the Route Checking feature, that lets you check all servers at once, to see if only 1 server is the problem or not: https://airvpn.org/routes/

      If that’s the case, then you kinda deserve a ban IMO, because honestly, there’s no telling legitimate users from spammers and trolls a lot of the time. What’s the result? Clean forums, where information isn’t obscured by emotional outbursts and senseless slurs. Because you know what? There’s a 99.99999% chance that the servers were not down that day; if so, more users than simply you, would’ve been on the forums reporting the issue. So what likely happened (and I did try look for your post), is that you appeared on the forums, moaned about problems in a lazy and unhelpful way (even downright rudely, if that “great service” remark was sarcasm) and then tried to pin the problem on the service itself, before checking and getting feedback on your own setup. This is basic 101 stuff.

      There’s also many helpful people on the forums. Just check this new-user guide that an AirVPN member made:

      https://airvpn.org/topic/18339-new-to-airvpn-or-just-confused-guide-to-getting-started/

      So if anything, you could ask him personally or post in the thread. The point is, you didn’t try to solve the problem like an adult, it seems, so why should anyone treat you like one?

      ———————————————-

      Otherwise it’s an excellent review Douglas. You put out some great stuff.
      The location of AirVPN doesn’t make a huge difference, because in a way, there’s not many viable countries in the world for this stuff. A lot of VPN providers they fake their Geo-IP, to make it appear that they’re located in a different country for instance. I think you should mention something about VPS instances:

      Namely that some services, such as PIA, offer many locations officially. But in reality, a lot of these locations are fake and run on a VPS. Running a VPS setup can be okay if users are informed as such; but most aren’t. This means people think you run “bare metal” servers in country X or Y, but in reality those servers are in country A, pretending to look like they’re in country X and Y. This then lets the VPN provider “add another flag” to their front-page. My point is, that AirVPN doesn’t do this. They’re very honest. In fact, they care so much about security and privacy, that they simply won’t setup servers in countries deemed bad for them. So it’s not because they don’t *want* to set up more servers or are physically unable to, it’s because they have a mission to protect the privacy of their users. That, and they make actual cost-benefit analysis about server locations: for instance, the Middle-East is an expensive place to set up a connection. If you could even get a good-quality one in the first place. But many other VPN providers don’t mention this. Just like they don’t mention that using a VPS means you can log everything the virtual “servers” are doing.

      I think you should’ve given it 5 stars for pricing, considering you get so much for your money. No over-selling, no lies or attempts at deceiving people. Oh well.

      I do agree their customer service could be a little better however, as well as making things more user-friendly for newcomers; but then there’s members who’ve already posted guides, like the one I linked to, as you said.

      Thank you.

      1. Hi v13,

        Thanks! 🙂 As you will know if you have read this review, I am a big of fan of AirVPN. In fact, I think it runs both the most principled and technically capable VPN service on the market. As for the star rating, these are are not decided by me, or even by the BestVPN staff. They are derived from the ratings entered by readers when they post comments here.

      2. I disagree that you can infer accurately from someone’s tone what type of client she/he’s been in the past. Several large publications on the psychology of complaining point out that many people don’t want to invest the effort and time in complaining–especially in a compliants-averse culture like that of the US, so by the time they do, often the issue they’re confronting has gone on for so long or has become so critical that tempers easily flare. If someone’s already tried diplomatically to handle the matter but has been ignored or mistreated, she/he’s likely to become significantly more agitated. Even tacitly censoring these individuals in other forums is counterproductive, as we should all know if companies whose services we’re paying for can be unprofessional. And ad hominem certainly doesn’t resolve anything (“…cried like a baby…”). Your own argument would have been much more credible without it.

        We, at least, appreciate Nobody’s heads-up as we look for a replacement VPN for our at-home browsing needs.

      3. Firstly, and I’ll comment on your post vyl01, I’m a basic user and have used airvpn for over a yr now…and it’s fantastic! I had some connection issues to start which were quickly solved by a polite email to support.

        Secondly. I completely agree with your suggested comment about the previous post, the manner in which we conduct ourselves or the impression we portray…not to mention publicly degrade a very high service, I agree will be met with severe consequences

    3. I have been using AirVPN for 3 years, the only problem I have ever encountered was with P2P slowing WAY down. The help desk, as stated, is very techie and did not help me at all fix the solution but for some reason it fixed itself. This was about 1 year ago and everything went back to good speeds after about a week, not sure why and it wasn’t anything I did. My subscription finished 4 days ago and I have been spending all that time searching for another provider but so far AIRVPN is still tops, even if all the vpn review sites don’t show it as. Once setup, which is just an install really, everything works out of the box. I renewal for a year, with a 10% coupon, will be $4.05 per month, slightly more than the cheaper vpns charge but far better product.

      I use Windows 8.1 firewall and the network lock works as advertised for me. I run IPLEAK test and nothing ever points to my real location. Sometimes when you shut down AIR the lock won’t reset your IP4 address, then you have to go in and change it from their DNS number to default, but that is it.

      As stated, I am buying their service again for the 4th year right now.

  20. AirVPN accept a wide range of payment options but beware if you are using a prepaid credit card. Their card processor Avangate does not always respond nicely to users of prepaid giftcards.

    Hello Douglas,

    can you explain why Italy is not an ideal loc?
    Cause I’m from Italy and I’m looking for a vpn to use here.

    Specifically, I work in an italian university, so the athenaeum network managing office assigned an IP to me, but I know they can (and probabily do) monitoring my traffic.

    Can you tell me if a vpn can allow me to safety dl with utorrent even in this circumstance and are there specific risks using an italian based vpn in Italy?

    Thanks

    1. Hi Marco,

      Italy is a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. I have provided a couple of links in the article to demonstrate that this is more than a theoretical problem. Despite this issue, I still regard AirVPN as the most secure and privacy-conscious provider on the market. You can download safely using AirVPN (or any torrent-friendly VPN provider) – the NSA etc. does not care about this. As a precaution, however, I would suggest using a server based in Switzerland, as copyright piracy for personal use is not illegal there.

      1. Thanks for your ready answer!
        In truth, I don’t care at all about NSA spying activities, i fear much more the university network manager.

        Well I’ll try out airvpn, thanks again.

    Worst service ever!

    I was happily signed in the web site and then i decide to log out.
    Then i was not able to sign in again! I asked for a password reset and after several trials i finally decided to change the password to the most difficult one: 1111.

    NOTHING, always the same message: “username or password incorrect”

    They do not support anything else than OpenVPN. I wander why everyone is surprised by the fact that many potential users seem to be put off by AirVPN.

    Only few top routers support this protocol, and even less xDSL modem router do.

    Thank God i was smart enough to spend only 7 Euros in this junk.

    1. Hi Dario,

      Support is not AirVPN’s strongest point, but I am surprised if it didn’t offer some assistance with this issue. As for support only for OpenVPN – it is the most secure and flexible VPN protocol, and I admire AirVPN’s decision to use only it. I agree, however, that AirVPN is not for everyone.

    A quick follow-up regarding AirVPN. It appears one of the main founders of AivVPN is Mr. Paolo Brini. He is also a spokesperson for ScambioEtico, an Italian group that campaigns for civil liberties and copyright reform.

    This bit of info fills in, for me, the statement on AirVPN’s website that:
    “Air VPN was originally founded in 2010, by a group of ‘hacktivists’ and lawyers, both of which were willing to donate their time to a cause that they believed in. The AirVPN system was originally created for the Pirate Party festival in Rome, which shows just how involved they are in the pro-privacy and anonymity scene.”

    This gives me additional confidence and comfort in using AirVPN. Thank you Mr. Brini.

    One of the interesting and recurring questions that comes up in the 15 years I’ve been using vpns is how can you decide which ones to trust? Are there some sort of “inside” forums or IRC channels where ‘those who know” know who runs various vpns? A simple statement on a vpn’s website of their good intentions really isn’t worth its screen space. For example Perfect Privacy, which provides a very good quality vpn service with easy triple hopping would seem to be a trustworthy operation based on their statement that they are a group of “privacy advocates”. Until you find out that this group of “privacy advocates” is founded and run by serious neo-Nazis. It seems very hard to determine who is actually behind many of the vpns so you could make a best judgement about their likely trustworthiness. Are there any recognized persons respected in the privacy community that vouch for particular vpns? (similar in principle to reviewing public encryption code). There ought to be. Does EFF for example vouch for the bona fides of any vpns?

    I would like to hear some trusted person vouch for AirVPN for example. I’ve found it very hard to find out anything about who is behind Air, just as it was hard to find out who was behind Perfect Privacy. It would seem nearly dereliction of duty for TLOs not to be operating some vpn honey pots, but how would you identify them? Without some kind of a web of trust, choosing a vpn is nothing more than a crap shoot.

    1. Hi K,

      A web of trust to vouch for VPN providers is an excellent idea (especially if supported by the likes of the EFF)! Unfortunately no such thing currently exists, and I have no idea how it might be implemented, but BestVPN would be very happy to support such an initiative.

      With refernece to Perfect Privacy, could you please explain this statement and provide references? Thanks. Edit. ah… this. Ouch, not nice. Thanks for bringing it to my atention.

      1. Yes, this is a very distressing accusation against Perfect Privacy. And I wouldn’t say it if there weren’t definitive proof. In this case I will take a conviction by German courts as definitive. Below are two links to publications detailing the German court case against three neo-Nazis, and their relationship to PP. The third link is Wikipedia about one of those convicted. No doubt some further drilling down would reveal many additional connections.

        https://linksunten.indymedia.org/en/node/61004

        http://www.constantinereport.com/austria-home-mozart-liszt-strauss-hitler-neo-nazisvpn-provider-perfect-privacy-run-neo-nazis/

        https://en.wikipedia.org/wiki/Gottfried_K%C3%BCssel

        In 2012 a reference to the above arrests and trial appeared in the Perfect Privacy forums, but very quickly disappeared. I imagine a large percentage of PP users do not know that their (rather high) subscription fees go toward supporting people who advocate this kind of hateful and disgraced ideology. I seem to remember that I stumbled on some web references connecting the convicted neo-Nazis above and Stormfront, one of the largest American and European neo-Nazi groups. But I would encourage anyone interested to verify this independently.

        Re: web of trust for vpns, in the next few days, I’ll try contacting some of the privacy advocacy organizations listed here, https://epic.org/privacy/privacy_resources_faq.html, to see if they can offer some advice on how to go about creating a web of trust for vpns. I’d be happy to collaborate with you and some small group on such a project. Perhaps we can build a critical momentum to make this happen :). Feel free to contact me at my email below. Cheers.

        1. Hi K,

          Thanks for tipping us off about this, we have now updated our Perfect Privacy review to include mention of the issue. It is entirely possible that Perfect Privacy was always unaffiliated with the vile political views of some of its staff, or even if it was, that this may no longer be true. We do, however, feel it an issue customers should be aware of, as many would be horrified to think thier subscription fees might contribute to propagating such extremist views. I have emailed you about your web of trust ideas.

        2. One of the best comments on the site. I would try AirVPN but I’m afraid it’s too expensive. I’m sticking to PIA now that they’re offering a discount after my account expired 🙁

    How much processing power would you recommend for the additional layer of SSL?

    I was thinking of buying the Netgear R7000 Nighthawk DD-WRT FlashRouter with 1 GHz.

    1. Hi Dave,

      I’m afraid that I can’t give you a definitive answer on this one, but when Peter reviewed this router he encountered no slowdown when using it for regular VPN. I would guess that it is powerful enough to deal with the extra layer of SSL, but it might be a good idea to ask AirVPN’s own forums just to be sure.

    Hi, Douglas
    I have to agree with all the previous posters that your review is excellent and IMHO, spot on! I’ve been using Air for about a year, it’s the 5th vpn I’ve used in the last 15 years. The functionality is superb and, as you said, it’s actually very easy (and reliable) to use.

    But, as again you put very nicely, the sort of icy ubertech can be at times frustrating. And I’m pretty tech savvy. At the moment I’m felling frustrated that some forum posts there were blocked because they weren’t sufficiently tech focused. God forbid you should talk about the political environment of privacy. Well, with Air it seems warm n fuzzy isn’t an option, you have to be satisfied with technical expertise par excellence. Which is what I’ve chosen by re-upping. As a future improvement to their service I would really like to see them add selectable multihop to Eddie. But they don’t seem well disposed to considering suggestions. Perhaps it’s just as well that they remain a smaller niche provider…increasing size often deteriorates quality. It does worry me that the group and all its severs (but one) are located in 15 Eyes countries. It would be comforting to be able to multihop (easily) through non-cooperating political jurisdictions. Cheers.

    1. Hi K,

      Thanks! I will just note that I am dubious about the value of mulit-hop connections. The VPN still routes the signal, and so a) adversaries will be easily able to trace a user to the the VPN provider, and b) the provider still does the routing, so knows exactly who is connected to what. I am happy, however, for someone to explain why I’m wrong about this.

      1. Hi, Douglas

        What you have said is correct if you assume that the vpn provider is compromised, i.e. giving your information to some government organization. If they are protecting your information as they have promised, then it seems it would be much harder for lets say, the NSA to do backtracking traffic analysis through Russia to China to its originator in i.e. Venezuela. If the vpn is compromised, then 1 or 100 hops is irrelevant. But the same holds true for Tor or any vpn service, if it’s compromised, game over. If the vpn is not compromised, just multi-hopping itself makes traffic analysis exponentially harder with each hop, i.e 100 users on hop one X 100 users on hop two X 100 users on hop three…now you have to sort through 1 million sources for the source of the signal, not 100.

        Also not having the cooperation of the governments where the servers are located would seem to make the problem even harder than having that cooperation which might allow for example physical access to the servers.

        1. Hi K,

          Interesting points, thanks. This only seems to be true, however, if you locate double-hop servers in countries where your primary adversary (say the NSA for argument’s sake) has no reach, which is itself problematic. Russia, for example, is hardly a place where I would want servers protecting my privacy to be located, and China actively tries to block VPN traffic. If we are going to assume the VPN provider is not compromised, then use of shared IPs and Perfect Forward Privacy should thwart all but the most advanced traffic analysis (and if someone capable of this e.g. the NSA is targeting you in this way, then you are probably in big trouble anyway).

          I also think that “the same holds true for Tor” seems wrong, as Tor connections are routed through at least 3 random nodes, and are re-encrypted each time. This makes it all but impossible to trace the route from beginning to end (a very powerful adversary such as the NSA, if it was willing to throw insane resources at pwning enough Tor nodes across the world, might be able to pull this off, but even then, it would be a long shot).

          1. I agree with most of your first paragraph. Actually the reach of 5 Eyes within Russia or China is probably only known to 5 Eyes. But it seems at least a bit comforting to think about triple hopping through non-cooperating jurisdictions. But it would depend on who you thought the threat was from; a Russian or Chinese dissident obviously wouldn’t want to use servers in their own countries. Also it would seem logical that a foreign government would be less invested in determining one’s political views, for example.

            As I understand Perfect Forward Secrecy, it wouldn’t really impact on traffic analysis as it only changes keys frequently, but traffic patterns wouldn’t change. But multihopping gives exponential improvements in defeating traffic analysis.

            There are several vpns that offer multihop. Do you know if it’s a sort of common practice to re-encrypt at each hop?

            A real weakness in TOR is that some percent (sometimes a very large percent) of volunteer nodes are controlled by government or hacker groups (sometimes a large percent, especially exit nodes). Also compromising a small number of administrative nodes could give a TOR attacker control over the routing of all TOR traffic. As far as I know this is not known to have happened, but is a theoretical weakness.

            Regards

          2. Hi K,

            1) I think you do have a good point. If the double-hop server is located in a country hostile to your adversary, then it might be useful (but if it is located anywhere else, then I don’t think it is).
            2) True, PFS won’t prevent traffic analysis per se, but it does make it pretty much impossible to compromise an OpenVPN connection (my bad for being unclear).
            3) I know that NordVPN does encrypt data each time it leaves a double-hop server, but then most of its double-hop servers are located in countries friendly to the NSA and most international police forces…
            4) To effetely deanonymise someone on the Tor network the NSA would need to run a lot of those nodes… as I noted earlier, this might be possible, but would require a very large effort.

  21. Hi Douglas,

    very nice review, thanks.

    I would just like to point out a bad mistake in it that you might like to fix. You write: “As we can see on the table, AirVPN uses very strong encryption, although it is probably about time to move away from SHA1 data authentication to something stronger (SHA1 is still considered secure, but may not be for long)”

    The main problem is that you assume that SHA1 is the cipher for packets authentication, either on the Data or the Control Channel. But that was never the case, the cipher is HMAC SHA1 in the Data Channel (or HMAC SHA384 in the Control Channel).

    Let’s assume that collision methods against SHA can be routinely performed: even if that were true, that would not allow an attacker not knowing the HMAC key to make an undetected change in a packet (and therefore inject packets in the flow surreptitiously).

    To bring on the collision attacks on SHA-1 you need to know the state of the SHA-1 chaining variable. The key enters both extremities of the iteration of rounds in which the message (the packet, in our case) stands in HMAC. A much deeper break of SHA-1’s round function would be needed to break HMAC and then starting SHA1 collisions attempts.

    For a mathematical proof that HMAC (and NMAC) provide security without needing collision resistance of the underlying hash algorithm please see this very important paper:
    https://cseweb.ucsd.edu/~mihir/papers/hmac-new.html

    “This paper proves that HMAC is a PRF under the sole assumption that the compression function is a PRF. This recovers a proof based guarantee since no known attacks compromise the pseudorandomness of the compression function, and it also helps explain the resistance-to-attack that HMAC has shown even when implemented with hash functions whose (weak) collision resistance is compromised. We also show that an even weaker-than-PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal, where again the value lies in the fact that known attacks do not invalidate the assumptions made. ”

    Kind regards and thank you again for the great review.

    Paolo
    AirVPN

  22. Hi Douglas

    Very nice review, it stands apart from many other VPN reviews i have read.
    I’am a Air-VPN user for the 4’th year now and love there service.
    Not long ago i renewed it for the next to years.
    I can agree to your “heavy tech focus” when discribing the language and the forum, but there are many nice people writing how to’s and torturials.
    The three simultaneous connections come very handy when you try to utilize all your broadband bandwidth. I use them in a simultaneous loadbalancing setup with opnsense firewall.
    Keep up the good work!

    Regards
    Sebastian

  23. AirVPN is surely the best VPN I’ve ever used. The speeds are damn good, it never felt like I was using a VPN. The only problem I faced was with the client. The client often crashed while minimizing the tab. But when it comes to privacy, this is the best

  24. Hi Douglas, one quesiton,

    I see airvpn has servers in Canada. Is safest to download/p2p from them? I read this

    “Canada has enacted mandatory data logging and monitoring by Internet Providers and VPN service providers based in Canada”.

    Don’t know if this apply to all vpn providers located in Canada, or to all servers no matter where the vpn provider is located (i understand airvpn headquarters are in italy)

    Thanks!

    1. Hi Max,

      If AirVPN says it’s safe to download then it will be safe. I think the mandatory logging situation in Canada is very “grey” at the moment, and no-one is really sure what is going on (including providers).

        1. Hi Max,

          Yes it will. Not only is it dedicated to protecting users’ privacy, but it uses shared IPs and keeps no logs, so it would be almost impossible to hand over users’ details, even somehow if forced to. Note that pretty much all VPN services who permit P2P also protect their customers in the same way.

  25. Hi Douglas,

    Excellent review. I was quite surprised at the low renewal stats that you mentioned. Perhaps as a somewhat regular contributor on the AirVPN forum I/we could perhaps be a little more aware that newbies could be treated with a little more due care and attention. I for one can tend to be a little terse and impatient with what I deem to be ‘daft’ questions or comments from some.

    However, the general feeling is that we point or nudge people to look up stuff for themselves and therefore learn more about the subject by doing so. Need to be somewhere in the middle I guess!

    Best Regards

  26. Douglas

    As I happy AirVPN user I mostly agree with Your review. Mostly except, Air DNS double-hop. It’s at best patchy. For example BBC iPlayer just doesn’t work on most server locations outside UK. I’m currently on Netherlands servers and can’t connect to iPlayer. This is important, because some people may have false expectations that they can connect to fast, nearby server and stream content from all over the world. This just not work. However You may, as with any other VPN provider connect to given country and bypass geo-blocking.

    Another important information is that with their subscription You may have up to three simultaneous connections.

    Just my $0,02.

    1. Hi Artur,

      I totally meant to include info about simultaneous connections, but simply forgot. I generally find that the “double-hop routing! works well, but you are right that it is not perfect. Thanks for your input, and I have updated the article accordingly.

    1. Hi Guy,

      TBH I don’t find anything that difficult (just download and install the software as per normal), but based on reader’s comments and our market analytics, many potential users seem to be put off by AirVPN very techy and jargon heavy focus.

  27. Nice Review Douglas and as always I learned something new. So who are some other VPN providers that provide ‘ Perfect Forward Secrecy’?
    I just finished a 1 year sub with PIA and sign-up with NordVPN. Nord’s servers are noticeably slower and do drop-out quite often. In your opinion which provider has better security features? Do either of them offer Perfect Forward Secrecy? it’s not mentioned anywhere on their website, I assume it’s something their marketing departments would splash on their website. Thanks.

    1. Hi Rick,

      Thanks! To be honest, I don’t know which other services use PFS, but will include this information in any future reviews I do. As for PIA and NordVPN, it is probably best to ask them – I suspect they don’t implement PFS (or as you say, they would shout about it), but asking may encourage them (and other providers) top pull their socks up in this regard!

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Möchten Sie ein Stern zu deinem Kommentar hinzufügen? Klick hier
Preis
Funktionen
Zuverlässigkeit
Tempo
Kundenservice

Exclusive Offer
SAVE 77% TODAY
LIMITED TIME OFFER
Get NordVPN for only
$2.75/month