Hide.me is a no-logs VPN based in Malaysia. It is rather expensive for what you get, so I had hoped to find a VPN that justified the cost. And in many ways Hide.me is indeed, good. It uses extremely strong encryption, is quite fully-featured, and has a great regard for privacy. I detected an IP leak, however, and speed performance is very unexciting.
Pricing and Plans
Hide.me offers three basic pricing plans – Plus and Premium. The Plus plan starts at USD $9.95 per month if paid monthly, but drops to $4.99 per month if paid annually. The Premium Plan costs USD $19.95 per month if paid monthly, but this drops to $9.99 per month if paid annually.
It has to be said that this makes Hide.me one of the most expensive VPN services on the market.
Hide.me offers a 14-day money back guarantee, but this is only valid if bandwidth usage is not more than a rather low 500MB.
Payment can be made via PayPal, credit/debit card, iDeal or Wire transfer. Hide.me also accepts payment via a range of cryptocurrencies.
This potentially allows you to pay for the service anonymously, but please remember that no matter how anonymously you pay, a VPN will always know your real internet (IP) address.
The features on offer vary depending on which plan you choose.
35 servers in 28 countries worldwide. This includes a few more unusual locations, such as Brazil, Mexico, India, and Morocco
75 GB data (Plus plan) or unlimited data (Premium plan)
1 connection (Plus plan) or 5 simultaneous connections (Premium plan)
PPTP, L2TP/IPsec, IKEv2, OpenVPN, SoftEther and SSTP VPN protocols
Apps for Windows, Mac OS X, Android, and iOS
Automatic WiFi protection
P2P on selected servers.
Static IP (optional)
This is a decent feature list, but most VPNs offer unlimited data and multiple simultaneous connections for a half or less the price of Hide.me’s Premium Plan.
Note that the full range of VPN protocols are only supported in Windows, including SoftEther. Most other apps primarily use IKEv2, although as this is a secure and fast protocol this is not a major issue.
Automatic WiFi protection
This automatically detects when your device connects to an unsecured WiFi network and offers to enable the VPN for you. I have not tested this feature, but it could be useful protecting you from hackers when using public WiFi hotspots.
Hide.me is notable for supporting the SoftEther VPN protocol, an open source alternative VPN platform that is also referred to as SSL-VPN. This is because it is based on HTTPS and therefore uses SSL/TLS encryption and TCP port 443.
Much like running OpenVPN over TCP port 443, this makes SoftEther VPN traffic look similar to regular secure HTTPS traffic. This makes it difficult for firewalls to block.
The SoftEther SSL-VPN protocol is therefore great for overcoming VPN blocks, and I have heard reports of it being effective at defeating VPN censorship in China and Egypt. As already noted, please be aware that SoftEther is supported on Windows systems only.
Logs and Legal
One of Hide.me’s strongest points is that it keeps very few logs. “Non-persistent” connection logs are “securely erased every few hours,” but even these do not record your real IP address or timestamp.
Again, this is not connected to your real IP address. It almost goes without saying, of course, that Hide.me does not monitor your internet activity (it keeps no usage logs).
So other than keeping track of bandwidth, I think Hide.me’s claim to have a “0% Log Policy” is fair. It can do this because Hide.me is based in Malaysia. The internet in Malaysia is quite censored but this does not appear to affect VPNs, who are not required to keep logs. Which is great.
Payments are processed by Paymentwall Inc. and Cleverbridge AG. In many ways this is good, as it means that Hide.me does not know your payment details. It does mean, however, that some payments are processed by a US company, which might worry the more NSA-phobic out there.
It is also worth noting that neither of these companies is known for protecting customers’ privacy.
The Hide.me website uses only a single Google Analytics tracker, and “to enhance your anonymity, hide.me have opted to only allow Google to collect only a portion of the IP address. Google Analytics may also store a web cookie to facilitate the identification of users who revisit the site.”
This is, of course, not as good as using no trackers at all, but is nevertheless quite non-invasive.
The SOCKS5 proxy offered by Hide.me is itself unencrypted, as it is intended to be used with the VPN which secure encryption. The primary advantage doing this is that if the VPN connection is interrupted, then the proxy will lose the connection.
This means the SOCKS proxy can act as a per-app kill switch for any app that supports the SOCKS5 protocol. Which includes almost all browsers and P2P torrent clients.
Hide.me also claims that running P2P torrent traffic through the SOCKS proxy with the VPN running will optimize traffic, resulting in “much higher transfer rates with P2P-Applications.” I have never heard of this before, so cannot comment on how true this claim is.
You can assign each device a static IP if you wish. These may be shared with other users, so although they are static IPs, they are not dedicated IPs.
This is good for privacy, but not so useful for evading website VPN blocks. It is handy for bypassing NAT firewalls, however, including the one used by Hide.me. Universal Plug and Play (UPnP) is fully supported.
The real test of a VPN provider’s technical security is in the details of the OpenVPN encryption it uses. By default, Hide.me uses the following settings:
Data hash auth
Control hash auth
Logs & Legal
Control channel: an AES-256-GCM cipher with RSA-8192 handshake encryption. Additional authentication is not required with GCM, but HMAC SHA384 hash authentication is also specified in the encryption suite. Perfect Forward Secrecy is ” is enabled by default.” I will assume this means a standard Diffie-Hellman Exchange (DHE) is used, but it may be higher.
Data channel: an AES-256-CBC cipher with HMA SHA-256 hash authentication.
This is a great setup and is extremely secure. In fact, it is the first time I have ever encountered ultra-strong 8192-bit RSA keys. I asked Hide.me about this;
“I can positively confirm that we are using 8192 bit RSA key. You can verify that by connecting to our OpenVPN server. At hide.me, we know that might be an overkill, but we want to make sure that even the most security-conscious user gets what he or she wants. “
As we shall see, however, other security aspects are much more worrying. The desktop clients have a kill switch, but they will not survive if clients crash. I also detected a WebRTC IPv6 DNS leak, even when the Windows DNS leak protection option was enabled. This is not good.
The Hide.me website is has a stylish design. It is somewhat short on technical details but does feature a battery of well-written setup guides for a host of platforms.
It is also good to see strong multi-lingual support, with English, Hindi, Bahasa Indonesian, German, Spanish, French, Dutch, Polish, Portuguese and Russian versions of the website available.
The online console is very user-friendly. Here we can see lots of dandy server information clearly presented.
Other than the setup guides, support is primarily via 24/7 live chat, although a ticketed email option is also available. I initially found the live chat staff to be friendly and knowledgeable, but this experience soured somewhat as time went on.
As expected, when I asked a highly technical question I was asked to submit a ticket to the tech department. Again, initial imprisons were undermined by poor responses later. It was only when, rather annoyed, I told support that I was reviewing Hide.me for BestVPN.com that I regained their full attention.
I would, therefore, characterize the quality of support as rather uneven.
Signing-up for Hide.me is very easy. A valid email address is required, but there nothing to prevent this from being a disposable one. If paying in a conventional way the payment processor will know your payment details, but not Hide.me.
The Windows Client
You must have the Windows .Net framework 4.6.1+ installed to run the client. If not then you will be prompted to install it, which may require restarting Windows. When you first start the client another window opens which gives a quick run-through on how to use the software. This is a nice touch.
The client itself looks good and has a simple “one-click connect” interface.
If using OpenVPN you can choose between UDP and TCP and select port number.
The Windows client features a kill switch. I ran a couple of tests to ensure the kill switch works correctly. The client was running inside a Virtual Machine (VM). Disconnecting then reconnecting the host machine’s internet connection is a good way to simulate a standard VPN drop-out.
In this test the internet cut out, and I was offered the option to reconnect to either the VPN or just the internet. Unfortunately, clicking “Reconnect to the VPN” simply enabled the internet, and I had to re-enable the VPN manually after.
Had I been using a BitTorrent client or similar, then for a short while my true IP would have been exposed for all the world to see. This can be fixed simply by killing all such programs before enabling the internet, but it can easily catch you off-guard.
I also tested to see if the kill switch would survive a software crash. This is done by force-closing the VPN client and seeing if an internet connection is still available. Worryingly, the internet did not cut out and my true IP was revealed.
There is a DNS leak protection option and the client should disable IPv6. Even when DNS leak protection was enabled, however, I detected a WebRTC IPv6 DNS leak. See below for more details.
A good selection of VPN protocols is on offer, with IKEv2 being the default.
“Fallback configuration” allows you to select one or more alternative VPN protocols to automatically fall back on if your first choice is somehow blocked. It only saves you from manually disconnecting and reconnecting using a different protocol, but is nevertheless quite nice.
I would prefer a kill switch that can survive software crash, but the Hide.me Windows client is otherwise easy to use and fully featured.
The Mac OSX client
Unlike the newer but cut-down Apple Store macOS app (see below), Hide.me’s full desktop (OSX) client does not feature the same styling found in most of its other apps. It supports IKEv1 (Cisco) and IKEv2, although I must admit that I can think of very little reason to use IKEv1.
As with the Windows client, the Mac client opens a guide window when you first start the app.
The client features a kill switch, DNS leak protection and fallback protocol options. Note that these options are disabled (and IKEv1 is used) by default. You will therefore probably want to change these settings before first using the client.
As with the Windows client, the kill switch worked well when I simulated a VPN dropout but provides no protection in the event of a crash.
Performance (Speed, DNS, WebRTC, and IPv6 Tests)
BestVPN.com has recently introduced a groovy new speed test system that provides a scientific and objective way to measure and compare VPN speed performance. Please see here for more details.
Average global download speed results are our baseline measure for how fast a VPN is. It must be said that Hide.me’s results here are not amazing. Even when connected to a nearby server people with fast internet connections will likely be disappointed to find speeds capped at a little over 50 Mbits/s.
DNS lookup time is a good measure of how fast users perceive their connection to be as it affects web page loading times. Faster lookup time= faster web page loading (i.e. lower is better). Although not the fastest we have recorded, Hide.me’s DNS lookup times are pretty good.
VPN connection time measures long it takes between hitting the “connect” button in your VPN client, and the VPN connection to be established. It is probably the least important of these speed measurements, but no-one enjoys hanging around.
IP leak tests
We run basic test IP leak tests by visiting ipleak.net. These include IPv4 and IPv6 DNS leak tests and Ipv4 and IPv6 WebRTC leak tests.
Please see A Complete Guide to IP Leaks for a full discussion of what all this means. Basically, though, if we can see our real IP address or an IP address belonging to our real ISP when using the VPN, then fail.
That UK IPv6 WebRTC address in this Windows test belongs to our ISP (BT Broadband). Oops. Fail. Note that the test was performed with the “Prevent DNS leaks” setting enabled.
Hide.me offers custom apps for Windows, macOS, Android, iOS, and Windows 10 Mobile.
Somewhat confusingly, in addition to full desktop clients for Windows and Mac, Hide.me offers cut-down apps for Windows 10 Store and macOS App Store.
Hide.me also provides detailed manual setup guides using various VPN protocols for Windows, macOS, Linux (Ubuntu and Fedora), iOS, Android, Windows Phone, Blackberry 10, a selection of routers, Kodi, and more.
The Android App
The Android app has a similar look and feel to its desktop cousins.
Settings options, however, are very basic. The internet did cut off until a VPN connection was re-established upon a regular disconnect so it can be said to have a kill switch, but this did not survive a force-closing of the Hide.me app.
There is no explicit DNS leak protection option, but I did not detect any IP leaks. Overall, the app is simple works well.
The Windows and macOS Store apps
Hide.me tells me that new features are slowly being added to these apps, although at present they are fairly basic. The Windows app supports IKEv2 and PPTP, while the macOS app supports IKEv2 with IKEv1 as fallback. They otherwise appear to be identical.
I found the Windows app to be very buggy – it crashed every time I tried to change location away from ”default” – but the macOS app worked well.
Neither app features a kill switch per se., but both apps cut my internet connection when I simulated a disconnect. Interestingly, they also maintained my connection to the VPN server even when I force-closed the apps.
This must be because they leverage Windows’ and macOS’ built-in VPN functionality, which act independently of the apps.
Hide.me Free Plan
Users are limited to three sever locations (Canada, Netherlands and Singapore), 2 GB data transfer per month, and 1 connection (although I can see no reason why different accounts cannot be used on as many different devices as you like).
Windows users do not have access to the OpenVPN and SoftEther VPN protocols, although this is not a major problem as IKEv2 is very good.
The pricing page says that bandwidth is also severely limited for free users, although it promises a minimum of 3 Mbits/s.
A quick non-scientific test on speedtest.net produced the following results:
The first result is without a VPN, the others to the nearest VPN server from my UK location.
These results are not bad for a free VPN service and are likely the result of busy servers rather than any deliberate throttling.
The plan must be renewed every 14 days but, it is still a good service. Overall, the plan is fine for checking your email and web surfing, but the 2 GB per month restriction limits its usefulness.
Very strong OpenVPN encryption
35 servers 28 countries
Apps for Windows, Mac OS X, Android, and iOS
Automatic WiFi protection
Kill switch (but will not work if the app crashes)
P2P on most servers
Static IP (optional)
Minimal website tracking
Good cross-platform support
I wasn’t so sure about:
Netflix and BBC iPlayer blocked
Speed results are meh
IP leak detected
There is much to like about Hide.me. It offers a no logs VPN service with a decent feature list and 24/7 live chat support. Unfortunately, I found the quality of that support to be rather uneven and was disappointed by Hide.me’s speed test results.
And the fact that my real IP was exposed via a WebRTC IPv6 DNS leak when using the service is very worrying!
The elephant in the room, however, is Hide.me’s pricing. For $10 per month (base price) I expect a hell of a lot more than a measly 1 connection and 75 GB data limit. And $20 per month (base price) for 5 connections and unlimited bandwidth is insanely expensive!
It is said that you get what you pay for, but Hide.me does not live up to this promise.