Douglas Crawford

Douglas Crawford

febrero 10, 2016

Comenzaré este análisis diciendo que después de usarlo como mi servicio personal de VPN durante alrededor de dos años, soy incluso más fan que nunca de AirVPN. Este proveedor italiano de VPN, que se enorgullece de haber sido puesto en marcha por «hacktivistas y activistas». presta una atención casi inigualable a la protección de la privacidad de los usuarios. También emplea unas medidas de seguridad y un cifrado excelente, y ofrece características fantásticas que mejoran la privacidad (como VPN sobre SSL y VPN a través de Tor). Según mi experiencia, AirVPN es también casi con total seguridad el servicio de VPN más rápido y estable que he usado. Así y todo…

Las estadísticas de BestVPN muestran que, aunque los porcentajes de suscripción inicial a AirVPN son bastante altos, la mayoría de los usuarios no renuevan sus suscripciones. Eso parece indicar que muchos han probado el servicio, pero no les ha gustado. No puedo discutir las cifras y he tenido esto en cuenta al escribir este análisis.

Precios y planes

AirVPN cobra 7 € (unos 8 $) por un mes de suscripción, con los descuentos habituales disponibles para compras a largo plazo, que baja hasta los 4,50 € (unos 5 $) si se compra una suscripción anual. Dispone de una prueba gratuita de 3 días si se solicita por escrito, o si eres impaciente, se puede conseguir una suscripción de 3 días por 1 €.

AirVPN prices

Todas las suscripciones ofrecen acceso completo a todas las características de AirVPN, lo que convierte a AirVPN en una opción bastante barata en comparación con muchos servicios de la competencia.

AirVPN payment methods

AirVPN acepta pagos a través de PayPal y de una impresionante gama de procesadores de pagos, lo que supone que los usuarios de lugares del mundo que suelen ser discriminados a menudo al hacer pagos internacionales, no deberían tener problemas para comprar una suscripción. También acepta el pago no solo con bitcoins, sino también con casi cualquier otra criptomoneda que se te ocurra.

Conclusión

Me gustó

  • No guarda registros
  • Cifrado fuerte (que incluye secreto hacia adelante perfecto)
  • Cliente de código abierto con protección contra filtrado de DNS, fallo de WebRTC e interruptor de detención
  • VPN a través de Tor
  • Tunelizado SSL y SSH
  • El enrutamiento de puertos
  • Acepta Bitcoins (y otras criptomonedas)
  • Enrutamiento de DNS para evitar el bloqueo de VPN
  • Prueba gratuita de 3 días
  • Rápido y estable
  • 3 conexiones simultáneas
  • El sitio web es un fantástico archivo de conocimientos de VPN
  • P2P: sí

No estaba tan seguro sobre

  • No ofrece un gran número de ubicaciones para sus servidores
  • Italia no es una ubicación ideal

Odié

  • Todos los aspectos del servicio se ven resentidos por suponer que los usuarios tienen un máster en configuración de VPN

Características

AirVPN tiene su sede en Italia y ofrece servidores en 15 países, la mayoría de los cuales se encuentran en Europa, además de algunos en Estados Unidos, Canadá y Hong Kong. Comparado con ciertos proveedores no es mucho, pero sí que cubre los lugares más populares.

AirVPN solo admite el protocolo OpenVPN, ya que considera que PPTP e incluso L2TP/IPsec son demasiado inseguros (el debate está servido sobre IPSec, pero OpenVPN es tremendamente seguro y normalmente es considerado el mejor protocolo VPN disponible para uso comercial).  Como OpenVPN ya funciona en todas las plataformas principales (excepto Blackberry y Windows Mobile), es poco probable que suponga un problema para la mayoría de los usuarios.

Se permite a los usuarios hasta 3 conexiones simultáneas (perfecto para poder conectar tu PC, teléfono y tableta a la vez).

Enrutamiento de DNS

Cada vez más y más servicios de streaming bloquean a los usuarios que intentan saltarse sus restricciones geográficas mediante el uso de VPN y otras tecnologías de simulación geográfica. Por eso se agradece el sistema de enrutamiento de DNS de AirVPN que hace que tu conexión «salte» doblemente a través de sus servidores internos para evitar la censura.

dns routing

Esto implica que incluso cuando me conecto a servidores VPN de fuera de los EE. UU. o de Reino Unido, puedo acceder a servicios como Hulu y BBC iPlayer (¡ni siquiera es necesario conectarse a un servidor VPN en el país en el que está alojado el servicio con restricción geográfica!). Al usarlo por lo general esa característica funciona bien… pero no siempre. En esas situaciones, siempre ha bastado para que me funcione conectarme a un servidor situado en el país deseado.

También debo decir que al visitar Netflix.com me lleva a la versión local del sitio web (que se basa en la dirección IP de mi servidor VPN).

VPN a través de Tor

AirVPN es el único servicio que conozco, junto a BolehVPN, que ofrece VPN a través de Tor. Para ello hay que conectarse primero a la red Tor y luego a AirVPN. Al utilizar un método de pago anónimo (por ejemplo, bitcoins mezclados correctamente), esto hace que AirVPN no pueda saber quién eres, ya que no ve tu dirección IP real.

VPN a través de Tor ofrece un nivel muy alto de verdadero anonimato, algo que no suele ser posible con VPN. Por lo general se considera la mejor manera de combinar los beneficios de privacidad de VPN y Tor, aunque el hecho de que AirVPN sea un punto fijo en la cadena que podría verse potencialmente comprometido, es algo a tener en cuenta.

AirVPN también proporciona instrucciones para usar el navegador Tor y conseguir un Tor seguro a través de VPN (que es mucho más seguro que la característica que ofrecen algunos proveedores de «puente transparente» de Tor). Para ver comentarios completos sobre este tema, lee los 5 mejores VPN al usar Tor.

Puertos alternativos, tunelizado SSL y SSH

Es raro que se bloqueen las VPN, pero sucede en lugares como China e Irán (aunque esto suele ser solo parcialmente eficaz). AirVPN te permite contrarrestar estas medidas transportando el tráfico de OpenVPN a través del puerto TCP 443, que es el mismo puerto utilizado por el tráfico SSL normal (el estándar de cifrado utilizado por todo Internet para hacer seguros los sitios web y los servicios de Internet).

Esto hace que el tráfico de OpenVPN parezca tráfico normal SSL, que ambos ocultan, y lo hacen muy difícil de bloquear (¡porque eso rompería Internet!).

AirVPN port settings

La configuración del puerto se puede cambiar fácilmente en el cliente. Además del puerto TCP 443, puedes evitar la censura usando una variedad de puertos que es poco probable que te bloqueen

Sin embargo, un adversario muy decidido puede realizar inspecciones sofisticadas de paquetes profundos para descubrir que se están usando protocolos VPN (¡y a lugares como China no les importa romper Internet para los usuarios!).

tunnel_ssl

La respuesta de AirVPN a esto es permitir que los usuarios envuelvan sus datos cifrados de OpenVPN dentro de otra capa de encriptación (SSL o SSH). Esto debería frustrar prácticamente cualquier método empleado para detectar el uso de VPN (la NSA podría ser capaz de descifrar el antiguo protocolo SSH, por lo que recomiendo usar el tunelizado SSL si es necesario).

SSL y SSH deberían ser más que suficientes para burlar el Gran Cortafuegos de China, pero hay que tener en cuenta que ambos requieren procesamiento extra para la capa adicional de cifrado, lo que ralentizará tu conexión a Internet.

El enrutamiento remoto de puertos también está disponible para usuarios que necesiten hasta 20 puertos abiertos para conexiones entrantes, lo que es útil para sitios web y servidores de juegos alojados en casa.

Visita AirVPN »

Seguridad y privacidad

Como podemos ver en la tabla, AirVPN utiliza un cifrado muy fuerte.*

Cifrado de OpenVPN
Cipher
AES-256
Data Auth
HMAC SHA1
Handshake
RSA-4096
Control Auth
HMAC SHA384
Forward Secrecy
DHE-4096
Logs & Legal
Connection
None
Traffic
None
Country
Ok
 

Ni que decir tiene que AirVPN no guarda registros y utiliza direcciones IP compartidas. Es uno de los pocos proveedores de VPN que implementa secreto perfecto hacia adelante (sin el cual OpenVPN no debería ser considerado especialmente seguro). Para ello utiliza las claves Diffie-Hellman de 4096 bits, que se actualizan cada 60 minutos (y se puede configurar una frecuencia mayor a través del cliente).

Gracias a eso AirVPN siempre fue inmune a los posibles ataques Logjam revelados por los investigadores el año pasado. Tampoco le afectaba la reciente vulnerabilidad «port fail» que afectó a muchos servicios de VPN, gracias al uso de direcciones IP de entrada y salida distintas en cada servidor VPN. Además, AirVPN es uno de los pocos proveedores de VPN que protegen a los usuarios contra el error WebRTC (y como veremos, protección contra filtrado de DNS e interruptor de detención como añadido en el cliente de escritorio).

Como he comentado anteriormente, AirVPN también ofrece varias tecnologías (opcionales) que hacen que usar VPN sea tremendamente seguro y privado (y gracias al VPN a través de Tor, incluso potencialmente verdaderamente anónimo, en especial por la abundancia de métodos de pago anónimos que acepta AirVPN).

En mi opinión, en términos de innovación técnica y excelencia, además de por su atención al detalle en la protección de la privacidad de los clientes, no hay ningún otro servicio que pueda acercarse a AirVPN.

En cualquier caso, hay que señalar que el lenguaje que usa AirVPN para describir tanto el propósito de su tecnología como la forma de configurarla, puede describirse como recargado y poco claro. Al echar un vistazo a la documentación de AirVPN, puede parecer bastante claro por qué los usuarios normales huyen espantados.

Otro potencial problema es que AirVPN tiene su sede en Italia, miembro de la alianza de espionaje «Catorce Ojos» que coopera con la NSA y el GCHQ. Esto dista de ser lo ideal e Italia también suele ser beligerante con la piratería de los derechos de autor.

Aunque por otra parte, antes de que la Directiva sobre la conservación de datos de la UE fuera declarada inválida por el Tribunal Europeo de Justicia por razones relacionadas con los de derechos humanos, los proveedores de VPN italianos no estaban obligados a guardar registros.  AirVPN dice que si se produjera alguna demanda de ese tipo alguna vez por parte de cualquier país de la UE en el que opera, llevaría el caso ante el TJUE.

AirVPN aprueba que los usuarios puedan descargar P2P desde cualquiera de sus servidores.

El sitio web

El sitio Web de AirVPN parece más funcional que bonito, una impresión que no la mejora el lenguaje muy técnico, con terminología que es probable que solo los adictos más avanzados al cifrado entiendan. Esto es seguramente (y lo respaldan los comentarios de nuestros lectores) muy desalentador no solo para los usuarios poco frecuentes, sino incluso para aquellos con un entendimiento técnico superior a la media.

AirVPN stats 2

Una excepción a este estilo general de presentación tan técnico son las bonitas estadísticas del servidor, que facilitan ver de un vistazo detalles como la carga, el número de usuarios, los tiempos de ping, el enrutamiento y más.

Asistencia

La asistencia se proporciona principalmente a través de los grandes foros de AirVPN. Desafortunadamente, las conversaciones suelen ser muy técnicas y no es de extrañar que a muchos usuarios les puedan parecer muy intimidantes (¿te suena de algo?).

En el lado positivo, los foros son un tesoro de conocimientos relacionados con VPN y la voluntad del equipo de AirVPN de desvelar todos los detalles sobre cómo funcionan (respaldada por unos sólidos conocimientos técnicos) es un soplo de aire fresco en una industria donde la asistencia a menudo solo ofrece respuestas simples a preguntas complejas o, peor aún, ¡a veces parece que no tienen ni idea de lo que hablan!

Además de publicar preguntas en los foros, puedes enviar directamente correos electrónicos (sistema de solicitudes) al equipo de AirVPN. He intentado esto en el pasado y observé que puedes tardar hasta un día en recibir una respuesta, pero que las respuestas siempre son completas.

El proceso

El registro

Registrarse en AirVPN es un proceso fácil y sencillo. La única información personal solicitada es una dirección de correo electrónico válida (AirVPN anima activamente a los usuarios a utilizar una dirección de correo electrónico de usar y tirar).

Los pagos con bitcoin se realizan a través de CoinBase, mientras que los pagos con el resto de criptomonedas los gestiona CoinPaymnents. Una vez hecho el pago, recibirás un correo electrónico de bienvenida con algunos enlaces útiles. A diferencia de algunos proveedores, no se envía ningún dato de la cuenta a través de mensajes de correo electrónico en texto plano. El nombre de usuario y la contraseña se eligen durante el registro.

El cliente para Windows de AirVPN

AirVPN llama «Eddie» a su cliente de escritorio personalizado (también disponible para Mac OSX Mavericks y Yosemite, y Linux) y lo que más destaca es que Eddie es totalmente de código abierto. Esto significa que se puede auditar de forma independiente para asegurarse de que no hay nada inapropiado. Ojalá que más proveedores de VPN abrieran su software.

AirVPN Eddie 1

Eddie cuenta con protección contra filtrado de DNS, selección dinámica de servidores y muchas estadísticas que te ayudarán a decidir el mejor servidor al que conectarte.

AirVPN Eddie 2

¡Mucha información!

AirVPN logs

Gracias a los registros en tiempo real, es posible saber exactamente lo que está haciendo Eddie (si tienes los conocimientos para entenderlo).

AirVPN Eddie 4

El candado de la parte superior derecha indica que el «bloqueo de red» está activado. Esto crea un cortafuegos que evita que cualquier tráfico entre o salga del ordenador sin usar el túnel VPN hasta los servidores de AirVPN. AirVPN ofrece una buena protección contra las filtraciones de DNS, incluso sin activar el bloqueo de red (nunca he observado un filtrado de DNS con el servicio), pero el bloqueo de red debería asegurar que las filtraciones de DNS son imposibles, al mismo tiempo que actúa como un interruptor de detención.

Esta configuración también debería de evitar las filtraciones de IP debido al error de WebRTC, pero en mi sistema el cortafuegos del bloqueo de red afecta al cortafuegos que suelo usar, lo que impide que esta característica funcione. Como esto no se puede resolver sin desinstalar completamente mi cortafuegos (algo que no estoy dispuesto a hacer), no lo he podido comprobar, pero en teoría esta característica debería de funcionar bien.

Eddie no dirige correctamente las peticiones IPv6, sino que desactiva IPv6 para evitar las filtraciones de DNS (es difícil ensañarse demasiado con AirVPN por esto, ya que salvo Mullvad, ningún proveedor maneja las solicitudes DNS correctamente).

El único problema real que tengo con Eddie es que cambia la configuración de DNS de Windows. Esto suele ser algo bueno ya que garantiza que todas las solicitudes de DNS las resuelvan los servidores de AirVPN, pero si por alguna razón el cliente se cierra repentinamente, tengo que restablecer manualmente la configuración de DNS antes de poder volver a conectarme a Internet (Panel de Control -> Centro de redes y recursos compartidos -> Cambiar la configuración del adaptador -> hacer clic con el botón derecho en la conexión -> Propiedades -> seleccionar Protocolo de Internet versión 4 -> Propiedades -> Servidor DNS preferido: 8.8.8.8).

Eddie es probablemente el cliente de VPN más completo que he usado. Sin embargo, al igual que la mayoría de las cosas relacionadas con AirVPN, tiene un enfoque muy técnico y utiliza términos que incluso un usuario de VPN experimentado como yo a veces necesita investigar para entenderlas del todo.

Rendimiento (pruebas de velocidad, DNS, WebRTC e IPv6)

Las pruebas de velocidad se realizaron en una conexión de banda ancha del Reino Unido de 50 Mbps/3 Mbps.

AirVPN_download
AirVPN_upload b
Las gráficas muestran las velocidades más altas, más bajas y medias de cada servidor, además de la ubicación. Lee nuestra explicación sobre las pruebas de velocidad para saber más.

Como podemos ver, los resultados son bastante buenos, aunque (extrañamente) es más rápido conectarme a un servidor en los Países Bajos que a uno de Reino Unido. El rendimiento de los EE. UU. desde el Reino Unido es muy bueno.

Incluso sin el bloqueo de red activado nunca he tenido ningún problema de filtrado de DNS y como mencioné anteriormente Eddie evita las filtraciones de IPv6 y (si el bloqueo de red está activado) de WebRTC. Cabe señalar que muy rara vez he sufrido caídas al usar AirVPN.

Otras plataformas

Además del cliente de escritorio Eddie, AirVPN ofrece instrucciones de configuración para Android (para usar OpenVPN para Android, OpenVPN Client para Android y OpenVPN Connect), dispositivos iOS (con OpenVPN Connect) y routers DD-WRT y Tomato.

Personalmente uso OpenVPN para Android y me funciona perfectamente. La aplicación se vuelve a conectar rápidamente cuando cambio entre routers o paso de la conexión móvil al WiFi, y no detecto filtraciones de DNS. ¡OpenVPN para Android puede incluso configurarse para actuar como un interruptor de detención!

Conclusión del análisis de AirVPN

Me gustó

  • No guarda registros
  • Cifrado fuerte (que incluye secreto hacia adelante perfecto)
  • Cliente de código abierto con protección contra filtrado de DNS, fallo de WebRTC e interruptor de detención
  • VPN a través de Tor
  • Tunelizado SSL y SSH
  • El enrutamiento de puertos
  • Acepta Bitcoins (y otras criptomonedas)
  • Enrutamiento de DNS para evitar el bloqueo de VPN
  • Prueba gratuita de 3 días
  • Rápido y estable
  • 3 conexiones simultáneas
  • El sitio web es un fantástico archivo de conocimientos de VPN
  • P2P: sí

No estaba tan seguro sobre

  • No ofrece un gran número de ubicaciones para sus servidores
  • Italia no es una ubicación ideal

Odié

  • Todos los aspectos del servicio se ven resentidos por suponer que los usuarios tienen un máster en configuración de VPN

Al describir en este análisis la miríada de características de AirVPN salen a relucir ampliamente las fortalezas de este servicio, pero también por qué muchos usuarios tienen problemas con él. En términos de dedicación a la privacidad, características interesantes y conocimientos técnicos, AirVPN es muy impresionante (de hecho, en mi opinión nadie del mercado se le puede acercar en estos aspectos).

Aunque (¡y este es un gran pero!) AirVPN claramente no atrae a un público más amplio debido a su impenetrable enfoque técnico. En muchos sentidos esto es injusto, ya que el cliente de AirVPN es fácil de usar (¡solo hay que descargarlo y ejecutarlo!) y parece un poco maleducado criticar a un servicio por poner atención meticulosa en los detalles y por ofrecer una serie de características que raramente están disponibles en algún lugar (si lo están).

Sin embargo, si echamos un rápido vistazo a los foros, o incluso a mucha de la documentación diseñada para ayudar a los nuevos usuarios, o a cómo se muestran las opciones en el cliente, ¡es fácil ver por qué tanto los nuevos visitantes del sitio web como los ya existentes se ven intimidados!

Teniendo eso en cuenta (y a pesar de que creo que es genial), probablemente AirVPN debería ser considerado como un servicio de nicho dirigido a los más tecnológicos y a los adictos a la privacidad, en lugar de uno adecuado para una gran mayoría de usuarios de VPN.

Visita AirVPN »

*La sección de privacidad y seguridad de este artículo se ha actualizado después de que AirVPN me contactara para aclarar algunos errores/confusiones, los más destacados de los cuales se refieren al uso de la autenticación HMAC SHA1 en los canales de datos y de control. Ahora estoy convencido de que HMAC SHA1 es muy seguro. Lee la sección de

Douglas Crawford

Escrito por

Publicado en: febrero 10, 2016.

March 9th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

114 respuestas a “Análisis de AirVPN 2017

  1. Johnny dice:

    AirVPN didn’t allow me to log in with the password immediately after registering. I successfully reset the password 3 times, then tried to log in carefully checking it and it still wouldn’t let me in. The messed up thing is they won’t let me submit an inquiry to them without logging in! How am I supposed to get a refund?

    1. Douglas Crawford dice:

      Hi Johnny,

      You can email AirVPN’s support: support@airvpn.org.

  2. Iev dice:

    > Users are allowed up to 3 simultaneous connections (perfect for connecting your PC, phone, and tablet all at once).

    Review claims to be updated for 2018, but in fact it is somewhat out-of-date.

    Since November 2017 it is allowed to have 5 (five) simultaneous connections to AirVPN:
    https://airvpn.org/topic/24167-five-simultaneous-connections-per-account/

    Also the review is full of screenshots of the old client which has been redesigned more than a year ago. Worth updating in my opinion.

    Great review otherwise.

    1. Douglas Crawford dice:

      Hi lev,

      Well – the review claims to be updated only inasmuch as its publish date has been updated – its a Google results thing. That said, a full rewrite is due soon (and yeah – I use AirVPN as my personal VPN, so am aware of the changes :).)

  3. Fugadugadid dice:

    Wow if they are so willing and cared so much why did they open shop in Italy? Kind of reminds me of an anti-occupation human rights NGO housed in Tel Aviv. If they changed jurisdiction that would certainly be a leg-up in their commitment, and not look so much like controlled opposition. Given their vast knowledge and unsurpassed “consumer” tech, for all we know it could be run by the NSA (or partnered with them) running a compartmentalized top secret signals intelligence program with the expressed purpose of penetration testing in every form of encryption they offer; and using the ‘h@ktivizt’ meme as a selling point; never selling out their customers, not in the open anyway. We all hope this is not the case but…. nobody knows, so to wonder is just the way it is.

    1. Douglas Crawford dice:

      Hi Fugadugadid,

      I would guess AirVPN opened shop in Italy because that is where they live! I agree that there are better locations for a VPN to be based, but Italy is not a Five (or even Fourteen) Eyes member, and does not require VPNs foe keep logs.

  4. Bob dice:

    Hi Douglas,

    You wrote “No logs”, however we can read on their “Privacy” page:
    “Air servers and software procedures acquire only personal data which are strictly necessary for the technical functioning of the service, for example IP address.”

    So, it seems they log our personnal IP address, am I wrong?

    1. Douglas Crawford dice:

      Hi Bob,

      As I discuss in 5 Best No Logs VPNs, every VPN must, as a function of VPN technology, keep real-time logs. AirVPN, however, only keeps such logs in RAM until the client disconnects, and all output is directed to /dev/null (meaning that is it not recorded). This is pretty much as close the definition of a no-logs VPN as it is possible to get. This exact question is addressed in this discussion.

      It is worth noting, however, that you can access quite detailed session history via your archive page. This includes stuff such as timestamps and connection duration, and is enabled by default (it can be disabled). I have asked for further clarification on how this squares with the above information, and will update this answer (and the article) when I receive an answer.

  5. Onanuga tobiloba emmanuel dice:

    love your page

  6. AnnoyedCitizen dice:

    Dear Mr. Crawford,
    Thanks for your various reviews and articles that have proved very helpful for someone finally getting more serious about privacy, and in particular for your AirVPN review. AirVPN seems the best for my purposes, with its tech orientation duly noted. I plan to sign up, via annonymous payment.

    First off my needed level of privacy is more general and in response to new laws allowing ISPs to sell personal net usage history. Also, I would like to feel free to excersize my free speech rights and publish satirical political commentary without fear of undue harrassemnt (for legal speech), particularly by thin skinnned and vindictive, high governent officials.

    I understand that if someone engages in activities that cause the government to really want you, they will probably find you. I looked at some deep web leaning security sites, which are way too head-spinning, disciplined and paranoia inducing on a daily basis for me to try to maintain something near anonymimity with with sandboxes, and an array of other measures. My goal is more modest, a VPN, firewall, and browser track-blocking set up that provides a baseline of privacy for an average joe, with a sometimes sharp tongue.

    Your articles raised a lot of questions, which I hope you can help out with. My basic set up plan is:

    A) Major ISP provided cable modem router, which has 4 LAN ports.
    B) 1 Modem Port: To run Non-VPN Wifi Router for guests, and smartTV/AppleTV over which to run Netflix and possibly other streaming services without speed hits, as i have no geolocation issues at this point.
    C) 2nd Modem Port: to run OpenVPN flashed Wifi Router running AirVPN for Mac Desktop (wired) and when home, Mac Laptop, iPad and iPhone (over wifi) for private home browsing and online activity.

    QUESTIONS, mostly from general to specific
    1) Is this dual router set up, 1 non-VPN and 1 VPN router, secure if set up properly? Will the non-vpn one give up the VPN one somehow?

    2) Will the insecure nature of mobile devices when used over the VPN router (iphone and ipad with GPS chip) make my real IP address vulnerable to someone interested in corrolating the IP with my mobile device locations? Meaning that the mobile iOS devices should use the OpenVPN Connect software, rather than depend on the VPN router. Or would I still be susceptable to that kind of identification? though this kind of thing mostly done by government law enforcement agencies than by criminals or malicious hackers?

    3) Probably revealing my ignorance here, but could one run AirVPN desktop and/or OpenVPN Connect software at the same time as running over the VPN enabled router? Or would that cause conflicts, speed or looping issues?
    3b) Would there be an advantage to running the router on a 2nd AirVPN account, or from another VPN provider and the AirVPN desktop / OpenVPN Connect software for each device. Or would that make things super slow?

    4) You note in one of the comments that its better to use desktop VPN software, rather than over a router as you would lose some AirVPN features, notably the Kill Switch (“e.g. “network lock DNS leak protection and kill switch, port selection etc.”).

    This seems sound advice, but then I found some router code that enables you to “install” a Kill switch on a flashed router:
    Go to the Administration > Scripts > Firewall section and paste in the following script:
    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    Click Save and then reboot your router.
    This is pretty simple to impliment, assumiing this code is correct.

    I am wondering if there are other OpenVpn router level script tweeks like this to fill in some of the other lost AirVPN features like network lock DNS leak, or simply by using Little Snitch/VPN Monitor as you mention in other articles?

    4b) As above, you mention port selection as another feature lost via router set up (which seems to be good for gaming, which i don’t need). But what are the other “etc.” features I might not want to miss in a router set up?

    5) Since I will need to install the desktop VPN software on my laptop and iOS devices anyway, for when away from my vpn router, was it really premature to buy and flash the OpenVPN enabled router?

    Thanks for any and all comments on the above!

    1. Douglas Crawford dice:

      Hi AnnoyedCitizen,

      Thanks!

      1) That should be a secure setup. I like it!

      2) The biggest problem with mobile devices is that both the OS and individual apps tend to send a lot of information back to their publishers (including Apple). This information gets sent regardless of whether a VPN is used. This can only be countered to a limited extent by clamping down on app’s permissions (which may prevent them from working correctly). So it’s really private companies rather than the government which are the danger here (although Apple did cooperate with the NSA…). Criminal hackers are not a big problem for home users, as your WiFi connection to the router will be encrypted (with WPA/WPA2). Using a VPN will, however, protect you when using an iOS device on public hotspots.

      3) Yes, you can do this, but as I discuss in this article, I think the advantages are limited if both VPNs connect to the same provider. Using two different providers has greater privacy benefit, but will cost more and be slow.

      4) That script is a good find. If you implement it, I’d be interested in hearing how it works out. You can certainly use IP tables on your router to prevent DNS leaks (see also here for instructions on configuring Little Snitch to work as a kill switch/ DNS leak protection).

      4b) VPN through SSH or SSL tunnels, VPN through Tor. But I’m guessing you probably aren’t interested in these features, anyway!

      5) Well, you can now connect all devices to AirVPN at once (AirVPN permits 3 simultaneous connections). Other family members and guests can also benefit from using the VPN.

  7. Orwellian dice:

    2 questions:
    1) Does the AirVPN setup in particular, and VPN setups in general, play well with cable TV modem routers?

    2) Does AirVPN have an open source IOS setup or app for Iphones?

    1 comment:
    Cisco Jupiter routers were compromised by the NSA, and for high-priority honeypot operations, it is SOP to target, intercept & re-direct shipments of computer component hardware in transit to engineer backdoor code insertions through chip-sets, so short of building your own servers and also visually monitoring them 24/7/365, it is very appropriate to ask the question whether servers manufactured in the UK, or anywhere else for that matter, are being competently inspected by VPN providers at the hardware, firmware & software level to detect similar compromises by GCHQ, NSA or any other hackers through code insertions into the server. After looking at the descriptions of your best 5 logless & encryption VPN providers, each of them describe a minimum of one or more glaring attack vectors for data interception or insertion by players operating at the level of the 5 Eyes Alliance.
    Even though yet to be reviewed by you, OVPN is the only commercial VPN service I am aware of which has demonstrably established functional design security all the way down to the bare metal level. As a result they have effectively eliminated all covert vectors of undetectable server-side SIGINT. So much so, I am confident of their ability to handle the targeted scrutiny that will come their way due to publicly raising their profile. Besides, they could use the business to setup more servers in more countries, lol! Of course, they remain exposed to the risk of HUMINT penetration & compromise, but as Edward Snowden has spectacularly demonstrated, everyone is exposed to that risk, even the NSA.

    1. Douglas Crawford dice:

      Hi Orwellian,

      1. Being based in the UK, I am not really familiar with cable routers (cable is not a thing here). But if it is a modem/router, then I see no reason why any VPN would not play well with it.

      2. No. AirVPN does not have any custom mobile apps. It instead provides the OpenVPN files necessary to manually configure OpenVPN Connect. This is the official app from OpenVPN Technologies, Inc. It is not 100% open source, but is the closest you will get for iOS.

      3. If the NSA is really out to get you (specifically), it probably will. It would be safer to use Tor than a VPN, but even then… If running OpenVPN in software, then it doesn’t matter if the router has been compromised, as the data is encrypted before and decrypted after it passes through the router. And a VPN router (or server will be able to resist almost all port attacks as long as strong handshake authentication is used (e.g. RSA-2048).

      4. Looking at the OVPN.se website, I am indeed impressed by the fact that it runs all of its own bare-metal servers, and does so without using any type of storage media. I am very busy at the moment, but when I have the time I would love to investigate this service more closely. Thank you for bringing it to my attention.

  8. R dice:

    I’m still enjoying AirVPN for a month now. No hiccups. I also couldn’t resist buying a very inexpensive Lifetime subscription to VPN.asia (also reviewed on this site). They both seem comparable, although VPN.asia doesn’t have as many servers and does not support Perfect Forward Secrecy. It does have a killswitch now.

    One odd thing: whoer.net warns with VPN.asia: “We have determined that you work under a proxy server with a low level of anonymity. Proxy servers are intended to increase the speed of your connection with the help of caching. Your IP replacement in the process is just a sideway action rather than a main purpose of proxies, and they can be easily detected. Please use other means, for example VPN. Open ports 80, 11080, 1723 [cached]. AirVPN give no such warning. Both are running OpenVPN.

    VPN.asia’s response was: “There are more ports open on our servers because we run multiply protocols, but this not means that its not secure.”

    Is this something to be concerned about?

    1. Douglas Crawford dice:

      Hi R,

      I must admit that I have not come across this issue before. But I think VPN.asia’s response sounds valid, and there is nothing to worry about. Do you get any such warnings when you visit ipleak.net?

      1. R dice:

        Douglas,

        ipleak.net reports: “No forwarded IP detected. If you are using a proxy, it’s a transparent proxy.” for both AirVPN and VPN.asia.

        With my provider-direct connection there are no errant open ports. (Shields Up! stealth mode) I was expecting the same with VPN’s (both Fail). So, if some of these ports must be open to support various protocols doesn’t that put the VPN at risk for attack?

        1. Douglas Crawford dice:

          Hi R,

          – I’m afraid that I don’t really understand why you are saying “I was expecting the same with VPN’s (both Fail).” ipleak.net detected no issues, while whoer.net only reported an issue with VPN.asia. Perhaps I am getting a little confused?

          – All VPN servers must open some ports, or else there would be no way for traffic to go in or out! The L2TP protocol, for example, uses UDP port 500, while by default OpenVPN uses UDP
          port 1194 (although it is common to run OpenVPN over TCP port 443 in order to mimic HTTPS traffic). It therefore stands to reason that the more VPN protocols a server supports, the more ports it must open.

          – It is my understanding that a strong authentication certificate (e.g. RSA-2048) will prevent a VPN server from being hacked via any open ports. In addition to this, any VPN worth its salt will employ failsafe mitigation measures. It is common practice, for example, to create log files to log any invalid authentications. The VPN provider can then filter these logs with a firewall named fail2ba. If there is X number of failed auths from one ip, fail2ban will enter the ip in iptable and the server will not respond to any a packets sent from that IP.

  9. Mike M dice:

    I signed up with AirVPN about 18 months ago. I am not a techie, but am not tech averse. I signed up on the recommendation of a former military guy I know who is well versed in this topic, personally and professionally.

    It took a while to work through the nuances or AirVPN and Open VPN but if you’re patient, and refer back and forth between the instructions and the apps, it will happen.

    I also like their site for checking your IP address, ipleak.net. It shows the IP you’re using, plus shows any leakage, and helps you plug that leakage.

  10. Scott dice:

    In one of your replies to my questions you suggested I go with express vpn but I replied with a concern of setting the VPN for my android tablet (amazon fire) and you gave me instructions on AirVPN so which one do you like most for: privacy and streaming video on such providers as kodi, Netflix, and Hulu. Oh do both VPNs provide set up instructions on their sites. Sorry I am full of questions.

    1. Douglas Crawford dice:

      Hi Scott,

      I persoanlly use AirVPN for reasons discussed in this review. But it is a service aimed more at techies, and can be a little rough around the edges. It also has no dedicated Android app. This is not a much of a problem for me, as the third-party OpenVPN for Android app is very good. But it does require a little setting up. I recommend ExpressVPN for you because it is a very professional service that offers an easy-to-use Android app which requires almost no setting-up at all (just install and run). Both services provide setup instructions on their websites, however, so neither should be too hard to get up and running. Note that AirVPN will give you a 3-day free trial if you email them about it, so you can always just give it try to see how you get on.

  11. Scott dice:

    Douglas
    So one more thing…what about my concern for the VPN gaining access to my desk top PC when I use my tablet at home. Can and will they? You suggested express vpn due to it being user friendly and having good android mobile apps. You said they keep some logs but they are aggregated. Sorry for my ignorance but what does aggregated mean as it relates to the VPN service Can I feel secure using kodi with Express VPN as I would assume most inforcment is interested in things more significant.

    1. Douglas Crawford dice:

      Hi Scott,

      – Using a VPN does not give anyone access to your PC or tablet. It’s simply not how they work.

      – Aggregated means that things such as connection times to the VPN server and length of session are logged, but these logs are not associated with an individual IP address (user). They are therefore useful for troubleshooting purposes, but pose a minimal privacy threat.

      – ExpressVPN has no problem with people using P2P or Kodi etc. on its service, and will protect you wile doing so.

  12. R dice:

    I just wanted to let you know that, after months of reading reviews here and a lot of procrastination, I finally signed up for airVPN and couldn’t be more pleased. I found the signup process easy and had no problems getting setup quickly and online. Everything works fine – no leaks of any kind, straight VPN, VPN over TOR, TOR over VPN. Although there is variability in server latency and speed I have found a few that give me fantastic throughput on my 150mbps connection. I would say my first VPN experience has been a very good one.

    Many Thanks!

  13. Se55iE dice:

    AirVPN is not so good now. All last new servers in Switzerland, Belgium, Austria, Czech Republic they buy at M 247 Ltd. But M247 is UK company. And you know what is going on now with privacy in UK.
    I don’t understand what is the point to buy CH and other servers at UK company ? Airvpn doing bad things.

    1. Douglas Crawford dice:

      Hi Se55iE,

      Interesting find. You are correct about AirVPN using M 247 Ltd servers. In this article AirVPN argues that it is irrelevant who owns the servers, but I will reach out to it for further comment on the situation.

      1. Douglas Crawford dice:

        Hi Se55iE,

        AirVPN has responded to my query about this (which cited the IPB) with the following,

        “The Investigatory Powers Act scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016).

        The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2012 about partition of trust to deal with this problem):
        airvpn.org/topic/54-using-airvpn-over-tor/#entry1745

        Note that with M247 we have various servers in various countries, not only in the UK. The applicable law is the law of the country the servers phyisically is located, as clarified by Art. 29 Working Party in the EP.

        Also please note that the Act has not yet been implemented operatively for data retention, not even at ISP level at the moment, and chances are that it will never be operative for datacenters (in regard to indiscriminate retention). About this last important point (data retention), our policy does not change and any interference with that will cause us to discontinue any server in the UK, just like we already did in France.”

        So what I take from this is that it does not matter whether M247 Ltd is a UK company, as long as you avoid UK servers (which is always a good idea anyway).

      2. Roger Garos dice:

        Hi Doug- I’m pretty much of a total novice re VPNs, etc., but was wondering if I could enhance the privacy of my telephone contacts by using a VPN with a VOIP service. Since I understand there can be compatibility issues, is AirVPN compatible with VOIP services?, and, if so, which one(s). Also,if not, which VPN would you recommend that would afford maximum privacy and VOIP compatibility? TIA Roger

        1. Douglas Crawford dice:

          Hi Roger,

          Using any VPN service (including AirVPN) will prevent your VoIP conversations being listened into by hackers when using public WiFi hotspots. But that is pretty much it. Your best option to improve phone/VoIP security would be to use Signal.

          1. Roger Garos dice:

            Thanks for the Signal tip Doug-Actually though,(vs hack protection),I’m at least as concerned with Voip as a vehicle to maintain my anonymity when I make calls to regular phone numbers. Was assuming that if I started using a VPN(like AirVPN),if I then set up a Voip account like Skype over that VPN, that 1)all location tags would be blocked, and, 2)Only indication of my identity would be the name that shows up on caller ID. Assuming these are both true, which Voip providers afford the best protection of subscriber personal information(since I don’t believe Skype does). If such a Voip exists, would assume that would solve all my problems. Any suggestions? TAIA

          2. Douglas Crawford dice:

            Hi Roger,

            Well, if using a VoIP though a VPN (such as AirVPN), then your IP address will appear to be that our the VPN server you are connected to. So yes, it should work for you in this context.

  14. Erwin Schulze dice:

    Without a doubt an excellent VPN! 5 Stars with praise! ?????

    1. Falco dice:

      I have been using Air VPN for years, it’s the best choice for me. Defiantly 5 stars. Very prompt customer service.

  15. Eng. Tarek Herik dice:

    Is this airvpn service gives every user different public ip addresses ?

    1. Douglas Crawford dice:

      Hi Eng. Tarek,

      With AirVPN (as with most VPN services) you are assigned an IP address that is shared with many other AirVPN users (usually 50-100) . This is good privacy as it makes it very hard to determine which of the IP addresses many users is responsible for what action on the internet.

  16. Sim dice:

    Hi

    1) Is there any possibility of choosing the encryption type for each server?

    2) Any feature(s) that AirVPN would charge for extra like choosing PFS over Cipher?

    3) The issue of Kaspersky Internet Security’s firewall conflicting with AirVPN’s firewall anyway to resolve it? I’m thinking of using Kasperskey on my PC.

    Thanks

    Regards

    1. Douglas Crawford dice:

      Hi Sim,

      1. AirVPN only supports the OpenVPN protocol. Given that this is the most secure (as long as PFS is used) and flexible VPN protocol available, I believe this to be sensible and principled decision.
      2. PFS is used in addition to the cipher. All AirVPN connections use PFS (for an explanation of what PFS is, lease see here).
      3. I’m afraid that I don’t use Kaspersky Internet Security’s firewall, so I can’t comment. The best place to ask about this is probably on AirVPN’s forums. You can, of course always use AirVPN without Network Lock (the firewall) enabled. I have never suffered DNS leaks even when Network Lock is turned off, although it does mean kill switch functionality is not available. There may well be other, better, solutions.

    2. Anonymous dice:

      I use both Kaspersky and Air and have had no problems at all.

  17. Terry dice:

    Hello,
    I need your help if possible .
    I just discovered Air VPN and started to use it now for one month.
    I was award of privacy while surfing but it was not easy to to decide which way to go and which tool to use but after reading alot on this site it gave me my answer,I’m in for a full year and even if there’s a lot of stuff I don’t get while looking at the logs I feel safer.
    My questions are regarding 2 points.
    I was using services from “Returnil Quietzone”and still do and I was wondering if the 2 softwares are complementary ? I have it not working on for now .
    My second questions is regarding the use of the ALFA R-36 router in my configuration,feels like I’m experiencing slower speeds while going through the router,I don’t know what should I change in the router’s settings.
    For infos,my 2 testing configs are: (connecting to my friends’s Wi-Fi whit her approbation).
    – A 14dB panel antenna directly to the AWUS036NH with an active 5m USB cable to my PC,it works fine,looking at the logs after a full day,no connexion breaks.
    – Same installation but going to the R-36 to have a my personnal wi-fi in the house is a different story,lots of connexion breaks but returns after these messages,’Disconnecting’, ‘Authorzation check failed,continue anyway’,after the 4 th try it connect back to a server and keeps on.
    Not sure if I’m at the right place for that and hope I did explain my little problem not to confusing.
    Thank you for your great work,I learned alot .
    terry

    1. Douglas Crawford dice:

      Hi Terry,

      1) Quietzone sandboxes your web sessions as well as connecting you to the internet via the Tor Network. It is closed source proprietary software, so for simple sandboxing your browser I would use free and open source Sandboxie instead. You can also use Sandboxie to sandbox the Tor Browser, which will achieve pretty much same thing as Quietzone, while being more secure (the Tor Browser is hardened, and you are not trusting a third party to make your VPN connection for you).

      Using Quietzone and a VPN together will dramatically slow down your internet connection (thanks to Tor). Sandboxing your browser does have complimentary function, but whether this is worth the extra hassle depends on your threat model. Personally I wouldn’t bother, but that is up to you to decide.

      2) The main problem with using a router for VPN is that processing a VPN connection is very processor-intensive (especially for OpenVPN). This means that all but the beefiest routers struggle with the job, resulting in poor internet performance.

  18. Wilton dice:

    Hi douglas, can you help me to configure my airvpn for best surfing websites ? how to activate dns leak protection and killswitch, i always see on ipleak.net i see that is no airvpn exit activate, i just see my country i think because of dns leak ? thank you, sorry about my poor english.

    1. Wilton dice:

      ….and i aways connect in recommended server, and aways is Canada. in this site aways show my real ip, because of dns leak. http://dnsleak.com/

      1. Wilton dice:

        …ops sorry, no my real ip, my real DNS ip.

    2. Douglas Crawford dice:

      Hi Wilton,

      In order to enable DNS leak protection and the kill switch in the AirVPN client you must enable the “Network Lock” feature. This creates a firewall that only allows internet connections that go through the VPN. When you first start the client up, and before you hit “Connect”, you are offered the chance to enable Network Lock (see screenshot). The option can also be turned on and off in Preferences -> General.

      1. Wilton dice:

        Oh yeah! thank you very much, now everything works perfectly!

  19. Hugh Mungus dice:

    Hello, thanks for the review I’m just letting you know that your “visit AirVPN” links redirect to the NordVPN website, haha.

    1. Douglas Crawford dice:

      Hi Hugh,

      Thanks for pointing this out! I have alerted our tech team to get this fixed asap!

  20. Mark dice:

    I have been living on this site for the past few days. I’m going to purchase a VPN very soon. I travel extensively and I don’t go to “adult” sites or anything like that.
    However, I do a lot of online banking and Amazon purchases.
    I, obviously, want to keep all of that info encrypted since I’m in hotels and airports.
    Would AirVPN be the best choice for me?
    I’ve been swayed back and forth a good bit lately between ExpressVPN and AirVPN.
    Thank you for your hard work and time. This is a great educational site!
    Mark

    1. Douglas Crawford dice:

      Hi Mark,

      For simply visiting your banking website and Amazon, etc., you do not really need a VPN, as your connection is protected by HTTPS. In many ways ExpressVPN and AirVPN straddle opposite ends of the VPN spectrum. ExpressVPN is arguably the best provider around in terms of newbie-friendly software, great customer service, and a genuine no quibble 30-day money-back guarantee. AirVPN, on the other hand, is arguably the best VPN service out there in terms of dedication to privacy and technical know-how. But it is not newbie-friendly and customer orientated in the way that ExpessVPN is. So it’s a bit like chalk and cheese. Personally I use AirVPN, but I fully understand why many others prefer ExpressVPN’s more approachable service.

      1. Mark J dice:

        Douglas,
        Is there anyway I can email you with a few questions? I would rather do that than have everyone see our questions.
        If you can see my email address that’s needed to post, please send me an email there.
        I signed up for AirVPN for a few days and I just have a few questions.
        Thank you.
        Mark

        1. Douglas Crawford dice:

          Hi Mark,

          I am employed by BestVPN, so please direct your questions here. We do not check whether the email address you enter is valid, so feel free to make one up and post your questions anonymously.

          1. scott dice:

            Douglas
            I am so frustrated! I am not computer savvy and have been fretting over VPNs for days now. I want one where privacy is of first importance and do not keep logs. I just want kodi covered. I want the VPN to only work on my tablet and not have access to my personal desk top pc and the info that is on it. I want one that is not going to cause lag in streaming. I was going to go with private internet access but then there was tons of complaints. Then I was thinking AirVPN but the UK kind of freaks me out. I have seen a lot of youtube vids that say go with IPvannish and other say private internet access. Im also worried that when I pick one that im not going to set it up right and my tablet is not going to function as I need it to. Just an FYI my tab is 32gb with 28gb available. HELP ME PLEASE!

          2. Douglas Crawford dice:

            Hi scott,

            Any decent VPN will do what you ask. I would suggest ExpressVPN because it has very easy-to-use mobile apps (perfect for your tablet). It does keep some minimal connection logs, but even these are aggregated.Not that AirVPN is based in Italy, not the UK (still 14-Eyes, so not perfect, but where is?) IPVanish and PIA are based in the US, and so are not recommended for privacy. NordVPN is based in Panama, keeps no logs at all, and has a mobile app, but can be slow. Another good option is Gibraltar-based IVPN, but this has no mobile apps.

          3. scott dice:

            Douglas
            Oh I just want it to automatically be working when I power up my tablet!

          4. Douglas Crawford dice:

            Hi scott,

            In the OpenVPN for Android app select the Settings tab. Tick “Connect on boot”, then touch “VPN used on boot and for Always-On” and select the AirVPN profile you want to use. If you are not already using AirVPN then you will find a provider that offers an Android app much easier to configure for your tablet.

  21. happy user dice:

    i have used air for 2 years when i have money i have air thay are he very best vpn for xbox live that you can getand 7 bucks lol i love my air

  22. Jochen dice:

    Nice review Douglas, I’m another of those totally satisfied customers (using it for 1 year, just renewed for another one).
    But yes, it is definitely for the more tech-savy crowd, nothing you point your mother at and just say “use that” 😉
    Two issues can get really frustrating the mentioned DNS problem when Eddy crashes, which they really should just give a prominent posting at their website as I needed some hours to find the root of the problem and resolve it.
    The other problem (general VPN problem not AirVPN related) is what I’ll call the MTU-Problem. I was at my mothers home who uses Unitymedia cable as a provider and I just couldn’t get a stable VPN connection, it worked for a short time and then just failing to transfer anything and sometimes even taking the router with it so I had to reset the router. That took me a lot of time resolving including reading a lot of VPN documentation and all sorts of partially related hints, postings,…
    You have to lower the maximum MTU-size then it works (eg link-mtu=1300 in the openVPN manual settings). Still don’t fully understood how to calculate the optimum MTU-size but playing around with the size should get you a working connection. If I sometimes decide to delve really deep into this topic and finally really understand the parameters (there is the fragment parameter to set and the correct mss-size to get the optimal throughput) then I really have to write a FAQ on this as there is not one easy explanation on the Web.
    But this is NOT an AirVPN problem, this is related to the provider!

    So, sorry for the long entry, just wanted to help other people having this problem, as I had big problems finding the cause and solution (and I’m very good at searching the web).

    Jochen

    PS: Just adding this for Search Engines to find it, remove if unwanted:
    Unitymedia VPN problems disconnection

    1. Douglas Crawford dice:

      Hi Jochen,

      Thanks!

      – In fairness, the DNS issue affects just about any VPN client that uses a firewall for DNS leak protection and kill switch. I totally agree that AirVPN should do more to flag up the problem and explain how to fix it.
      – I must admit that I have never heard of or encountered this “MTU-Problem before. Thanks for flagging it up, and for what sounds like the sterling work you have put into researching it. Do you know if it is just a Unitymedia (a German ISP) issue, or can it affect customers of other ISPs? If/when you do write a FAQ, please do contact me or post a link to it here.

  23. Phillski dice:

    I’m a rookie. This info sounds like a good choice. I have a new ASUS dual band router. How does this work? The software is to be installed on my router?

    1. Douglas Crawford dice:

      Hi Phillski,

      You can either install the AirVPN software client on your computers or configure your router (AirVPNs instructions for doing this using Asus-WRT are available here). Note that if you run the VPN from your router, you do not benefit from the additional functionality provided by AirVPN’s desktop software (e.g. “network lock DNS leak protection and kill switch, port selection etc.). It is also worth noting that the processor in even high-end routers can struggle to cope with the demands of processing OpenVPN, so your internet connection when using VPN will likely be faster using desktop or mobile VPN software.

      1. Phillski dice:

        this is more great information. Thank You very much

  24. Leon dice:

    Hi Douglas,

    Just a few words of feedback on my 1-week journey with AirVPN. Well, in fact I’m satisfied with the speeds I get, when connected to their 1-Gigabit servers with the minimum latency.
    What I don’t really like is that Network Lock feature simply does not work when Kaspersky Internet Security is installed and operating. Whenever I disconnect from whatever AirVPN VPN-server, the software is telling me: “Network is locked” or something like that. So, I assume, I shouldn’t be able to browse Internet anymore, right? Not a chance. The internet is still working as it has always been working.
    I need to shut down Kaspersky to make this feature work. Not good!

    Second issue is that AirVPN broke my Wi-Fi connection on the very same computer, when I utilized AirVPN through it. I have no idea what the software changed, but now Wi-Fi simply does not work — there is still a normal connection, but no connection to the Internet. I need to switch AirVPN back to browse internet while on wi-fi (I have a TP-Link 300mbps n-type USB adapter and I’m getting the internet from my smartphone, which is able to create a wi-fi hotspot).
    Guess I need to go and browse their forums for some info, I’m not sure I’m the only one with these problems.
    So, these are the facts, which kinda preventing me from purchasing a one-year package.
    I don’t like these facts and I’m really not very enthusiastic as to investigating these issues myself. Maybe you can advise anything? Overall it seems like they don’t have competitors on the VPN-market offering the same features and general stability. Correct?
    Thanks a lot.

    1. Douglas Crawford dice:

      Hi Leon,

      Thanks for the feedback.

      1) AirVPN’s “Network Lock” is in fact a firewall that prevents all connections outside the VPN. The Kaspersky Internet Security suite also uses a firewall. The 2 firewalls clearly have conflicting rules, and the Kapersky one is blocking Network Lock from functioning correctly. This is annoying, to be sure, but I don’t think really fair to blame AirVPN for the issue.
      2) As with most good VPN services, AirVPN routes DNS requests to its own servers (rather than your ISP performing this function). What you are experiencing is almost certainly due to your DNS settings not returning to default values after quitting AirVPN. Please see my How to Change your DNS Settings guide on how to fix this.
      3) When it comes to VPN technology, AirVPN is in a class of its own. But as noted in this review, user-friendliness is not one of its strengths.

  25. nik dice:

    hi Douglas,

    Im using PIA (private internet access) vpn. i use viber alot. on viber what ever vpn you use it always shows your exact location (i mean your true location). you can change to hundred location on vpn but it never change on viber. why is that? how can tweak the settings so it could show my vpn location?

    1. Douglas Crawford dice:

      Hi nic,

      The problem with Viber is that it is a mobile app, and mobile apps use information other than your IP address to determine your location (for example your GPS location data , network provider information, and IMEI number). Using a VPN cannot help with this, and unfortunately there is very little else you can do about it.

  26. John Varga dice:

    Douglas

    Your review of AirVPN is much appreciated. I have come close to signing up with others by reading comments as held me back. The only value I see from using VPN is to keep each persons ISP or local government off their back. If one only used VPN when needed it might make sense.

    I used VPN years ago through HMA. It was almost okay at the time but had no kill switch that worked. A lot has changed since then so I am back to the newbie level.

    Paranoia in the war with the three letter guys is not misplaced. They are very good at what they do. Experience with these guys tells me that they know almost everything about us they want to know. The new $1B+ NSA complex in Utah is coupled with a new Adobe complex across the road with direct fibers interconnecting. One of the prime principles of surveillance is to hide things in plain sight. Nobody thinks to look there. I have blocked all Adobe connections on my computer and do not use Flash or Adobe reader. The first thing they do when activated is to call home. I don’t know how much or what information is sent but the one thing that rarely changes is my MAC address. You might say the MAC address does not go past my router but that is only when it is in the header. If it is sent as part of the payload then all bets are off.

    I can see the effects of my blocking Adobe and AddThis by the number of connections the system tries to establish and are rejected by the firewall. Standard procedure is for them to keep incrementing port numbers looking for a way out.

    So why do I go into such detail? I want my life back only to myself about what I do on the internet. With all of this software calling home, with who knows what or how much information, I wonder if using the best VPN available will help if when I start my browser, my identity is revealed. When Firefox came out with a recent update they included a black box (no longer open source) for the DRM people. I found the DRM module was calling home every time FF loaded. I don’t use any DRM material on my machine. I chose to install the non-DRM version. Most people don’t even know it exists.

    I see VPN as only a partial solution. A solid firewall with Adobe, AddThis, and others blocked helps. NoScript is another good weapon.

    What I don’t understand, as a newbie, is if I install AirVPN will I still have access to my network printers and other computers on my LAN that I share files with? I don’t want to be trashed by the wizards at AirVPN for asking these types of simple questions. If I have to change some ports, configure something, or edit the register I am okay with that. The problem is I don’t know what to do and don’t have their experience.

    One thing AirVPN could do is provide help files or links to simple information a non-wizard needs. Forgive me, Mr. Wizard, if I offend you by asking what you think are dumb questions. I have my specialties and you have yours. Please guide me in the right direction. I am willing to dig for it and learn. I just don’t know where to look.

    1. Douglas Crawford dice:

      Hi John,

      Offend? Ha ha. That’s what I’m here for!

      – I completely agree that using a VPN is a only partial privacy/security solution. I think you should view internet privacy and security as a complex problem, and to have any chance of addressing the problem, you need the right tools. A VPN is one such tool, and if implemented well (as it is by AirVPN), a very good one.

      – If the NSA is after you in particular, then you are probably fucked. A VPN, however, is very effective at hiding your internet activity from blanket surveillance measures.

      – Please see my article on Firefox to incorporate DRM (reluctantly). Note that DRM can be turned off in Firefox (Settings -> Content).

      – To stop online tracking, browser extensions such as Privacy Badger, uBlock Origin, and (if you want to go nuclear) NoScript are better than VPN (or more accurately, should be used in combination with a VPN – see “toolbox” comments above).

      – As with almost all VPN clients, AirVPN exempts LAN connections from its firewall, allowing you to use local resources such network printers and NSA drives as normal. The only problem I have ever encountered is connecting to my Chromecast from my PC when AirVPN is running (although, strangely enough, Casting from my Android phone with AirVPN running works just fine).

      1. Crispin dice:

        Ublock Origin with Dynamic Blocking enabled is better than NoScript, as it prevents your browser from sending requests to the server in the first place.

        1. Douglas Crawford dice:

          Hi Crispin,

          Thanks. When I have the time I will investigate this more.

  27. Matthias dice:

    Hi Douglas,

    very helpful review, thanks! I am in China, using two vpn …just in case. The Air VPN set-up took some time as the user interface requires some understanding, which I do not have. But there was a good explanation on the website and I managed. Now I am able to use google and watch you tube videos. It also works during times of increased blocking activities (during public holidays and party congresses).

    Thanks!

    Matthias

  28. nobody dice:

    Save your money by reading this! Being AirVPN user for 3+ months, I can say – run away as fast as you can!

    Their servers worked well enough for 2+ months, then connection problems started occurring more and more often. Today I posted a message on their forum telling that service is down again, and called it a “great service”. Do you know what happened? They instantly banned me on the forum, closed my VPN account (I paid for 12 months of service) and this is it!

    Needless to say, they ignore all my emails and refund requests, so stay away from this “company”! Otherwise, your account will be closed and they will keep all your money in case you complain about their service.

    1. Douglas Crawford dice:

      Hi nobody,

      Ouch! That’s not good! I must say, however, that my experience has been somewhat different, and that AirVPN’s support has always tried to help when I’ve had an issue..

    2. VYI01 dice:

      @nobody (Poster)
      Well with the tone in which you write, I can understand why they might ban you, as you were probably quite indignant. By the sound of it, you appeared on the forum and cried like a baby, no offence. “Your servers are down! Nothing works!!!” and not even bothering to:

      – Describe the problem
      – Describe your setup and/or show relevant client logs
      – Describe things in a civil way
      – Describe the results of using AirVPNs OWN TESTING SERVICES such as the Route Checking feature, that lets you check all servers at once, to see if only 1 server is the problem or not: https://airvpn.org/routes/

      If that’s the case, then you kinda deserve a ban IMO, because honestly, there’s no telling legitimate users from spammers and trolls a lot of the time. What’s the result? Clean forums, where information isn’t obscured by emotional outbursts and senseless slurs. Because you know what? There’s a 99.99999% chance that the servers were not down that day; if so, more users than simply you, would’ve been on the forums reporting the issue. So what likely happened (and I did try look for your post), is that you appeared on the forums, moaned about problems in a lazy and unhelpful way (even downright rudely, if that “great service” remark was sarcasm) and then tried to pin the problem on the service itself, before checking and getting feedback on your own setup. This is basic 101 stuff.

      There’s also many helpful people on the forums. Just check this new-user guide that an AirVPN member made:

      https://airvpn.org/topic/18339-new-to-airvpn-or-just-confused-guide-to-getting-started/

      So if anything, you could ask him personally or post in the thread. The point is, you didn’t try to solve the problem like an adult, it seems, so why should anyone treat you like one?

      ———————————————-

      Otherwise it’s an excellent review Douglas. You put out some great stuff.
      The location of AirVPN doesn’t make a huge difference, because in a way, there’s not many viable countries in the world for this stuff. A lot of VPN providers they fake their Geo-IP, to make it appear that they’re located in a different country for instance. I think you should mention something about VPS instances:

      Namely that some services, such as PIA, offer many locations officially. But in reality, a lot of these locations are fake and run on a VPS. Running a VPS setup can be okay if users are informed as such; but most aren’t. This means people think you run “bare metal” servers in country X or Y, but in reality those servers are in country A, pretending to look like they’re in country X and Y. This then lets the VPN provider “add another flag” to their front-page. My point is, that AirVPN doesn’t do this. They’re very honest. In fact, they care so much about security and privacy, that they simply won’t setup servers in countries deemed bad for them. So it’s not because they don’t *want* to set up more servers or are physically unable to, it’s because they have a mission to protect the privacy of their users. That, and they make actual cost-benefit analysis about server locations: for instance, the Middle-East is an expensive place to set up a connection. If you could even get a good-quality one in the first place. But many other VPN providers don’t mention this. Just like they don’t mention that using a VPS means you can log everything the virtual “servers” are doing.

      I think you should’ve given it 5 stars for pricing, considering you get so much for your money. No over-selling, no lies or attempts at deceiving people. Oh well.

      I do agree their customer service could be a little better however, as well as making things more user-friendly for newcomers; but then there’s members who’ve already posted guides, like the one I linked to, as you said.

      Thank you.

      1. Douglas Crawford dice:

        Hi v13,

        Thanks! 🙂 As you will know if you have read this review, I am a big of fan of AirVPN. In fact, I think it runs both the most principled and technically capable VPN service on the market. As for the star rating, these are are not decided by me, or even by the BestVPN staff. They are derived from the ratings entered by readers when they post comments here.

      2. WA Family dice:

        I disagree that you can infer accurately from someone’s tone what type of client she/he’s been in the past. Several large publications on the psychology of complaining point out that many people don’t want to invest the effort and time in complaining–especially in a compliants-averse culture like that of the US, so by the time they do, often the issue they’re confronting has gone on for so long or has become so critical that tempers easily flare. If someone’s already tried diplomatically to handle the matter but has been ignored or mistreated, she/he’s likely to become significantly more agitated. Even tacitly censoring these individuals in other forums is counterproductive, as we should all know if companies whose services we’re paying for can be unprofessional. And ad hominem certainly doesn’t resolve anything (“…cried like a baby…”). Your own argument would have been much more credible without it.

        We, at least, appreciate Nobody’s heads-up as we look for a replacement VPN for our at-home browsing needs.

      3. Smellysocks dice:

        Firstly, and I’ll comment on your post vyl01, I’m a basic user and have used airvpn for over a yr now…and it’s fantastic! I had some connection issues to start which were quickly solved by a polite email to support.

        Secondly. I completely agree with your suggested comment about the previous post, the manner in which we conduct ourselves or the impression we portray…not to mention publicly degrade a very high service, I agree will be met with severe consequences

    3. Drasmorg dice:

      I have been using AirVPN for 3 years, the only problem I have ever encountered was with P2P slowing WAY down. The help desk, as stated, is very techie and did not help me at all fix the solution but for some reason it fixed itself. This was about 1 year ago and everything went back to good speeds after about a week, not sure why and it wasn’t anything I did. My subscription finished 4 days ago and I have been spending all that time searching for another provider but so far AIRVPN is still tops, even if all the vpn review sites don’t show it as. Once setup, which is just an install really, everything works out of the box. I renewal for a year, with a 10% coupon, will be $4.05 per month, slightly more than the cheaper vpns charge but far better product.

      I use Windows 8.1 firewall and the network lock works as advertised for me. I run IPLEAK test and nothing ever points to my real location. Sometimes when you shut down AIR the lock won’t reset your IP4 address, then you have to go in and change it from their DNS number to default, but that is it.

      As stated, I am buying their service again for the 4th year right now.

  29. Michael dice:

    AirVPN accept a wide range of payment options but beware if you are using a prepaid credit card. Their card processor Avangate does not always respond nicely to users of prepaid giftcards.

  30. Marco dice:

    Hello Douglas,

    can you explain why Italy is not an ideal loc?
    Cause I’m from Italy and I’m looking for a vpn to use here.

    Specifically, I work in an italian university, so the athenaeum network managing office assigned an IP to me, but I know they can (and probabily do) monitoring my traffic.

    Can you tell me if a vpn can allow me to safety dl with utorrent even in this circumstance and are there specific risks using an italian based vpn in Italy?

    Thanks

    1. Douglas Crawford dice:

      Hi Marco,

      Italy is a member of the Fourteen Eyes spying alliance that cooperates with the NSA and GCHQ. I have provided a couple of links in the article to demonstrate that this is more than a theoretical problem. Despite this issue, I still regard AirVPN as the most secure and privacy-conscious provider on the market. You can download safely using AirVPN (or any torrent-friendly VPN provider) – the NSA etc. does not care about this. As a precaution, however, I would suggest using a server based in Switzerland, as copyright piracy for personal use is not illegal there.

      1. Marco dice:

        Thanks for your ready answer!
        In truth, I don’t care at all about NSA spying activities, i fear much more the university network manager.

        Well I’ll try out airvpn, thanks again.

  31. Dario dice:

    Worst service ever!

    I was happily signed in the web site and then i decide to log out.
    Then i was not able to sign in again! I asked for a password reset and after several trials i finally decided to change the password to the most difficult one: 1111.

    NOTHING, always the same message: “username or password incorrect”

    They do not support anything else than OpenVPN. I wander why everyone is surprised by the fact that many potential users seem to be put off by AirVPN.

    Only few top routers support this protocol, and even less xDSL modem router do.

    Thank God i was smart enough to spend only 7 Euros in this junk.

    1. Douglas Crawford dice:

      Hi Dario,

      Support is not AirVPN’s strongest point, but I am surprised if it didn’t offer some assistance with this issue. As for support only for OpenVPN – it is the most secure and flexible VPN protocol, and I admire AirVPN’s decision to use only it. I agree, however, that AirVPN is not for everyone.

      1. Dario dice:

        They quickly solved the problem.
        Stupid encoding problem in my username not notified during registration!

  32. coen dice:

    Perfect working! Installation full automatic, nice working on my iMac.

  33. K dice:

    A quick follow-up regarding AirVPN. It appears one of the main founders of AivVPN is Mr. Paolo Brini. He is also a spokesperson for ScambioEtico, an Italian group that campaigns for civil liberties and copyright reform.

    This bit of info fills in, for me, the statement on AirVPN’s website that:
    “Air VPN was originally founded in 2010, by a group of ‘hacktivists’ and lawyers, both of which were willing to donate their time to a cause that they believed in. The AirVPN system was originally created for the Pirate Party festival in Rome, which shows just how involved they are in the pro-privacy and anonymity scene.”

    This gives me additional confidence and comfort in using AirVPN. Thank you Mr. Brini.

    1. Douglas Crawford dice:

      Hi K,

      That is a great bit of detective work – thanks for sharing!

  34. K dice:

    One of the interesting and recurring questions that comes up in the 15 years I’ve been using vpns is how can you decide which ones to trust? Are there some sort of “inside” forums or IRC channels where ‘those who know” know who runs various vpns? A simple statement on a vpn’s website of their good intentions really isn’t worth its screen space. For example Perfect Privacy, which provides a very good quality vpn service with easy triple hopping would seem to be a trustworthy operation based on their statement that they are a group of “privacy advocates”. Until you find out that this group of “privacy advocates” is founded and run by serious neo-Nazis. It seems very hard to determine who is actually behind many of the vpns so you could make a best judgement about their likely trustworthiness. Are there any recognized persons respected in the privacy community that vouch for particular vpns? (similar in principle to reviewing public encryption code). There ought to be. Does EFF for example vouch for the bona fides of any vpns?

    I would like to hear some trusted person vouch for AirVPN for example. I’ve found it very hard to find out anything about who is behind Air, just as it was hard to find out who was behind Perfect Privacy. It would seem nearly dereliction of duty for TLOs not to be operating some vpn honey pots, but how would you identify them? Without some kind of a web of trust, choosing a vpn is nothing more than a crap shoot.

    1. Douglas Crawford dice:

      Hi K,

      A web of trust to vouch for VPN providers is an excellent idea (especially if supported by the likes of the EFF)! Unfortunately no such thing currently exists, and I have no idea how it might be implemented, but BestVPN would be very happy to support such an initiative.

      With refernece to Perfect Privacy, could you please explain this statement and provide references? Thanks. Edit. ah… this. Ouch, not nice. Thanks for bringing it to my atention.

      1. K dice:

        Yes, this is a very distressing accusation against Perfect Privacy. And I wouldn’t say it if there weren’t definitive proof. In this case I will take a conviction by German courts as definitive. Below are two links to publications detailing the German court case against three neo-Nazis, and their relationship to PP. The third link is Wikipedia about one of those convicted. No doubt some further drilling down would reveal many additional connections.

        https://linksunten.indymedia.org/en/node/61004

        http://www.constantinereport.com/austria-home-mozart-liszt-strauss-hitler-neo-nazisvpn-provider-perfect-privacy-run-neo-nazis/

        https://en.wikipedia.org/wiki/Gottfried_K%C3%BCssel

        In 2012 a reference to the above arrests and trial appeared in the Perfect Privacy forums, but very quickly disappeared. I imagine a large percentage of PP users do not know that their (rather high) subscription fees go toward supporting people who advocate this kind of hateful and disgraced ideology. I seem to remember that I stumbled on some web references connecting the convicted neo-Nazis above and Stormfront, one of the largest American and European neo-Nazi groups. But I would encourage anyone interested to verify this independently.

        Re: web of trust for vpns, in the next few days, I’ll try contacting some of the privacy advocacy organizations listed here, https://epic.org/privacy/privacy_resources_faq.html, to see if they can offer some advice on how to go about creating a web of trust for vpns. I’d be happy to collaborate with you and some small group on such a project. Perhaps we can build a critical momentum to make this happen :). Feel free to contact me at my email below. Cheers.

        1. Douglas Crawford dice:

          Hi K,

          Thanks for tipping us off about this, we have now updated our Perfect Privacy review to include mention of the issue. It is entirely possible that Perfect Privacy was always unaffiliated with the vile political views of some of its staff, or even if it was, that this may no longer be true. We do, however, feel it an issue customers should be aware of, as many would be horrified to think thier subscription fees might contribute to propagating such extremist views. I have emailed you about your web of trust ideas.

        2. NG dice:

          One of the best comments on the site. I would try AirVPN but I’m afraid it’s too expensive. I’m sticking to PIA now that they’re offering a discount after my account expired 🙁

  35. Dave dice:

    How much processing power would you recommend for the additional layer of SSL?

    I was thinking of buying the Netgear R7000 Nighthawk DD-WRT FlashRouter with 1 GHz.

    1. Douglas Crawford dice:

      Hi Dave,

      I’m afraid that I can’t give you a definitive answer on this one, but when Peter reviewed this router he encountered no slowdown when using it for regular VPN. I would guess that it is powerful enough to deal with the extra layer of SSL, but it might be a good idea to ask AirVPN’s own forums just to be sure.

  36. K dice:

    Hi, Douglas
    I have to agree with all the previous posters that your review is excellent and IMHO, spot on! I’ve been using Air for about a year, it’s the 5th vpn I’ve used in the last 15 years. The functionality is superb and, as you said, it’s actually very easy (and reliable) to use.

    But, as again you put very nicely, the sort of icy ubertech can be at times frustrating. And I’m pretty tech savvy. At the moment I’m felling frustrated that some forum posts there were blocked because they weren’t sufficiently tech focused. God forbid you should talk about the political environment of privacy. Well, with Air it seems warm n fuzzy isn’t an option, you have to be satisfied with technical expertise par excellence. Which is what I’ve chosen by re-upping. As a future improvement to their service I would really like to see them add selectable multihop to Eddie. But they don’t seem well disposed to considering suggestions. Perhaps it’s just as well that they remain a smaller niche provider…increasing size often deteriorates quality. It does worry me that the group and all its severs (but one) are located in 15 Eyes countries. It would be comforting to be able to multihop (easily) through non-cooperating political jurisdictions. Cheers.

    1. Douglas Crawford dice:

      Hi K,

      Thanks! I will just note that I am dubious about the value of mulit-hop connections. The VPN still routes the signal, and so a) adversaries will be easily able to trace a user to the the VPN provider, and b) the provider still does the routing, so knows exactly who is connected to what. I am happy, however, for someone to explain why I’m wrong about this.

      1. K dice:

        Hi, Douglas

        What you have said is correct if you assume that the vpn provider is compromised, i.e. giving your information to some government organization. If they are protecting your information as they have promised, then it seems it would be much harder for lets say, the NSA to do backtracking traffic analysis through Russia to China to its originator in i.e. Venezuela. If the vpn is compromised, then 1 or 100 hops is irrelevant. But the same holds true for Tor or any vpn service, if it’s compromised, game over. If the vpn is not compromised, just multi-hopping itself makes traffic analysis exponentially harder with each hop, i.e 100 users on hop one X 100 users on hop two X 100 users on hop three…now you have to sort through 1 million sources for the source of the signal, not 100.

        Also not having the cooperation of the governments where the servers are located would seem to make the problem even harder than having that cooperation which might allow for example physical access to the servers.

        1. Douglas Crawford dice:

          Hi K,

          Interesting points, thanks. This only seems to be true, however, if you locate double-hop servers in countries where your primary adversary (say the NSA for argument’s sake) has no reach, which is itself problematic. Russia, for example, is hardly a place where I would want servers protecting my privacy to be located, and China actively tries to block VPN traffic. If we are going to assume the VPN provider is not compromised, then use of shared IPs and Perfect Forward Privacy should thwart all but the most advanced traffic analysis (and if someone capable of this e.g. the NSA is targeting you in this way, then you are probably in big trouble anyway).

          I also think that “the same holds true for Tor” seems wrong, as Tor connections are routed through at least 3 random nodes, and are re-encrypted each time. This makes it all but impossible to trace the route from beginning to end (a very powerful adversary such as the NSA, if it was willing to throw insane resources at pwning enough Tor nodes across the world, might be able to pull this off, but even then, it would be a long shot).

          1. K dice:

            I agree with most of your first paragraph. Actually the reach of 5 Eyes within Russia or China is probably only known to 5 Eyes. But it seems at least a bit comforting to think about triple hopping through non-cooperating jurisdictions. But it would depend on who you thought the threat was from; a Russian or Chinese dissident obviously wouldn’t want to use servers in their own countries. Also it would seem logical that a foreign government would be less invested in determining one’s political views, for example.

            As I understand Perfect Forward Secrecy, it wouldn’t really impact on traffic analysis as it only changes keys frequently, but traffic patterns wouldn’t change. But multihopping gives exponential improvements in defeating traffic analysis.

            There are several vpns that offer multihop. Do you know if it’s a sort of common practice to re-encrypt at each hop?

            A real weakness in TOR is that some percent (sometimes a very large percent) of volunteer nodes are controlled by government or hacker groups (sometimes a large percent, especially exit nodes). Also compromising a small number of administrative nodes could give a TOR attacker control over the routing of all TOR traffic. As far as I know this is not known to have happened, but is a theoretical weakness.

            Regards

          2. Douglas Crawford dice:

            Hi K,

            1) I think you do have a good point. If the double-hop server is located in a country hostile to your adversary, then it might be useful (but if it is located anywhere else, then I don’t think it is).
            2) True, PFS won’t prevent traffic analysis per se, but it does make it pretty much impossible to compromise an OpenVPN connection (my bad for being unclear).
            3) I know that NordVPN does encrypt data each time it leaves a double-hop server, but then most of its double-hop servers are located in countries friendly to the NSA and most international police forces…
            4) To effetely deanonymise someone on the Tor network the NSA would need to run a lot of those nodes… as I noted earlier, this might be possible, but would require a very large effort.

  37. AirVPN dice:

    Hi Douglas,

    very nice review, thanks.

    I would just like to point out a bad mistake in it that you might like to fix. You write: “As we can see on the table, AirVPN uses very strong encryption, although it is probably about time to move away from SHA1 data authentication to something stronger (SHA1 is still considered secure, but may not be for long)”

    The main problem is that you assume that SHA1 is the cipher for packets authentication, either on the Data or the Control Channel. But that was never the case, the cipher is HMAC SHA1 in the Data Channel (or HMAC SHA384 in the Control Channel).

    Let’s assume that collision methods against SHA can be routinely performed: even if that were true, that would not allow an attacker not knowing the HMAC key to make an undetected change in a packet (and therefore inject packets in the flow surreptitiously).

    To bring on the collision attacks on SHA-1 you need to know the state of the SHA-1 chaining variable. The key enters both extremities of the iteration of rounds in which the message (the packet, in our case) stands in HMAC. A much deeper break of SHA-1’s round function would be needed to break HMAC and then starting SHA1 collisions attempts.

    For a mathematical proof that HMAC (and NMAC) provide security without needing collision resistance of the underlying hash algorithm please see this very important paper:
    https://cseweb.ucsd.edu/~mihir/papers/hmac-new.html

    “This paper proves that HMAC is a PRF under the sole assumption that the compression function is a PRF. This recovers a proof based guarantee since no known attacks compromise the pseudorandomness of the compression function, and it also helps explain the resistance-to-attack that HMAC has shown even when implemented with hash functions whose (weak) collision resistance is compromised. We also show that an even weaker-than-PRF condition on the compression function, namely that it is a privacy-preserving MAC, suffices to establish HMAC is a secure MAC as long as the hash function meets the very weak requirement of being computationally almost universal, where again the value lies in the fact that known attacks do not invalidate the assumptions made. ”

    Kind regards and thank you again for the great review.

    Paolo
    AirVPN

  38. Sebastian dice:

    Hi Douglas

    Very nice review, it stands apart from many other VPN reviews i have read.
    I’am a Air-VPN user for the 4’th year now and love there service.
    Not long ago i renewed it for the next to years.
    I can agree to your “heavy tech focus” when discribing the language and the forum, but there are many nice people writing how to’s and torturials.
    The three simultaneous connections come very handy when you try to utilize all your broadband bandwidth. I use them in a simultaneous loadbalancing setup with opnsense firewall.
    Keep up the good work!

    Regards
    Sebastian

  39. sangy dice:

    AirVPN is surely the best VPN I’ve ever used. The speeds are damn good, it never felt like I was using a VPN. The only problem I faced was with the client. The client often crashed while minimizing the tab. But when it comes to privacy, this is the best

  40. Max dice:

    Hi Douglas, one quesiton,

    I see airvpn has servers in Canada. Is safest to download/p2p from them? I read this

    “Canada has enacted mandatory data logging and monitoring by Internet Providers and VPN service providers based in Canada”.

    Don’t know if this apply to all vpn providers located in Canada, or to all servers no matter where the vpn provider is located (i understand airvpn headquarters are in italy)

    Thanks!

    1. Douglas Crawford dice:

      Hi Max,

      If AirVPN says it’s safe to download then it will be safe. I think the mandatory logging situation in Canada is very “grey” at the moment, and no-one is really sure what is going on (including providers).

      1. Max dice:

        Hi Douglas, thanks for your answer.
        Anyone has a good coupon to use (20% o 35% off) for 1 year with airvpn?
        Thanks!

      2. Max dice:

        Hi Douglas, one more question about AirVpn, do you know if protect us from protected copyright holders just in case?
        Thanks!

        1. Douglas Crawford dice:

          Hi Max,

          Yes it will. Not only is it dedicated to protecting users’ privacy, but it uses shared IPs and keeps no logs, so it would be almost impossible to hand over users’ details, even somehow if forced to. Note that pretty much all VPN services who permit P2P also protect their customers in the same way.

  41. Mark Stubbs dice:

    Hi Douglas,

    Excellent review. I was quite surprised at the low renewal stats that you mentioned. Perhaps as a somewhat regular contributor on the AirVPN forum I/we could perhaps be a little more aware that newbies could be treated with a little more due care and attention. I for one can tend to be a little terse and impatient with what I deem to be ‘daft’ questions or comments from some.

    However, the general feeling is that we point or nudge people to look up stuff for themselves and therefore learn more about the subject by doing so. Need to be somewhere in the middle I guess!

    Best Regards

  42. Artur dice:

    Douglas

    As I happy AirVPN user I mostly agree with Your review. Mostly except, Air DNS double-hop. It’s at best patchy. For example BBC iPlayer just doesn’t work on most server locations outside UK. I’m currently on Netherlands servers and can’t connect to iPlayer. This is important, because some people may have false expectations that they can connect to fast, nearby server and stream content from all over the world. This just not work. However You may, as with any other VPN provider connect to given country and bypass geo-blocking.

    Another important information is that with their subscription You may have up to three simultaneous connections.

    Just my $0,02.

    1. Douglas Crawford dice:

      Hi Artur,

      I totally meant to include info about simultaneous connections, but simply forgot. I generally find that the “double-hop routing! works well, but you are right that it is not perfect. Thanks for your input, and I have updated the article accordingly.

  43. Guy Haiar dice:

    What part of Airvpn is the most confusing for people who sign up for it?

    1. Douglas Crawford dice:

      Hi Guy,

      TBH I don’t find anything that difficult (just download and install the software as per normal), but based on reader’s comments and our market analytics, many potential users seem to be put off by AirVPN very techy and jargon heavy focus.

  44. Rick dice:

    Nice Review Douglas and as always I learned something new. So who are some other VPN providers that provide ‘ Perfect Forward Secrecy’?
    I just finished a 1 year sub with PIA and sign-up with NordVPN. Nord’s servers are noticeably slower and do drop-out quite often. In your opinion which provider has better security features? Do either of them offer Perfect Forward Secrecy? it’s not mentioned anywhere on their website, I assume it’s something their marketing departments would splash on their website. Thanks.

    1. Douglas Crawford dice:

      Hi Rick,

      Thanks! To be honest, I don’t know which other services use PFS, but will include this information in any future reviews I do. As for PIA and NordVPN, it is probably best to ask them – I suspect they don’t implement PFS (or as you say, they would shout about it), but asking may encourage them (and other providers) top pull their socks up in this regard!

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

¿Quieres añadir una clasificación de estrellas a tu comentario? haga clic aquí
Precio
Caracteristicas
Confiabilidad
Velocidad
Servicio al cliente