Douglas Crawford

Douglas Crawford

April 23, 2018

What is PureVPN?

This Hong-Kong based VPN offers a fast service with servers just about everywhere. Its feature-set is also something of a VPN bucket list, which is particularly impressive given cheap it can be if a long-term subscription is purchased.

Not all features work as advertised, however, and the connection logs PureVPN keeps should concern hard-core privacy advocates.

Pricing and Plans

As long as you buy a long-term subscription, PureVPN is a remarkably cheap VPN service. Indeed, a three-year subscription works out at just $1.49 USD per month ($69.84 up-front). If paid monthly, PureVPN is $9.95 per month.

No free trial is available, but PureVPN does offer a seven-day money back guarantee. This, however, should be approached with extreme caution. If you look through the comments below this review, you’ll see a host of complaints from people who haven’t received a refund they feel entitled to.

In addition to this, many customers complain about being double-charged, about money disappearing from bank accounts, and suchlike.

Alternatively, a three-day trial is available for a non-refundable cost of $2.50.

Payment can be made via credit/debit card, PayPal, AliPay, CashU, and a variety of gift cards. PureVPN also accepts a selection of cryptocurrencies via a partnership with PaymentWall.

Paying with gift cards or a cryptocurrency can allow you to pay for the service anonymously. Please be aware, however, that PureVPN will still know your real IP address (as will any VPN). It is also worth noting that payment using (potentially) anonymous payment methods is non-refundable if there is a problem.

Features

PureVPN offers the following features:

  • 750+ servers in 141 countries
  • Five simultaneous connections
  • Support for OpenVPN, Layer 2 Tunneling Protocol (L2TP)/Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Secure Socket Tunneling Protocol (SSTP), and Internet Key Exchange version 2 (IKEv2) VPN protocols
  • WiFi security
  • Dedicated IP addresses
  • NAT firewall
  • Distributed Denial of Service (DDoS) protection
  • Internet security suite
  • 24/7 live chat support
  • Advanced port forwarding
  • P2P torrenting is permitted on many (but not all) servers
  • Apps for all major platforms, including Amazon Fire Stick, Kodi & Android TV

Other than HideMyAss, PureVPN offers more server locations than any other VPN provider I know of. For those who need access to lots of servers, or to servers in exotic locations, this could be a killer feature.

The fact that you can connect up to five devices to service at once is also nice. Please see my VPN Encryption Guide for a discussion on the different VPN protocols (tl:dr version – just use OpenVPN).

PureVPN WiFi Security

This a feature that I am seeing offered by an increasing number of VPN services. It automatically detects when your device connects to an unsecured WiFi network and offers to enable the VPN for you. I have not tested this feature, but it could be useful in protecting you from hackers when using public WiFi hotspots.

Dedicated IP addresses

PureVPN, in fact, offers two kinds of “dedicated IPs.” Traditional dedicated IPs can be had for $1.99 per month. These give you a unique Internet Protocol (IP) address that belongs only to you.

This is great for accessing services such as BBC iPlayer and Netflix, which block any IPs known to belong to VPN services. This works because the dedicated IP is unique, and should therefore not be associated with a VPN service.

A unique IP is also useful for improving online security, as it allows you to access bank websites, internet-connected security cameras, remote servers, and other secure online services via that IP only.

PureVPN also offers “dedicated IPs” for specific sporting events and online services. These are basically temporary IPs bought up for the specific purpose of accessing certain events (so they are “dedicated” in that way). This kind of IP is not unique but can be very handy for getting round VPN blocks.

In order to find out if any special IPs are available for a service or event you want to watch, contact support via 24/7 live chat.

Advanced port forwarding

Port forwarding is very useful when you or others wish to remote-access your computer with the VPN running. With port forwarding, for example, the VPN will not get in the way if you run your own mail or games server.

Internet Security Suite

This is comprised of PureVPN’s “Ozone” and “Gravity” features, which I look at in detail when discussing PureVPN’s Windows client later in this review. I will just note here that some of the features I was able to test did not work correctly. This does cast doubt on how effective the suite is overall.

Visit PureVPN »

PureVPN Video Review

Here is a video review of PureVPN made by the BestVPN.com team.

Privacy

Jurisdiction

PureVPN is based in Hong Kong, which is a great location for a VPN company to be based. VPNs in Hong Kong are not required to keep any logs and are comfortably outside the reach of the NSA and its ilk. There is, after all, a reason that Edward Snowden fled to Hong Kong when his whistleblowing documents fist went public!

Logs

PureVPN does not any keep usage logs, but unfortunately, and despite not being required to do so, it does keep extensive connection (metadata) logs. Like every other VPN on the market, it does not log which websites you visit or what you do on the internet.

We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers.

It does, however, log information such as when you connect to the service:

Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a “connection” and the total bandwidth used during this connection is called “bandwidth”. Connection and bandwidth are kept in record to maintain the quality of our service.

Um, this is a long way from “we do not keep any logs!” This will not be a major concern to most people, but it does open up the possibility of an end to end timing (traffic correlation) attack on users…

Controversy

A PureVPN customer was, in fact, recently identified and arrested using the connection logs that PureVPN keeps.

This is particularity surprising since PureVPN voluntarily handed over its logs to the FBI, which has no jurisdiction over the Hong Kong-based service. Yes, the guy in question was a scumbag. But many view this as a clear betrayal of trust from a service that claims to protect users’ privacy.

Indeed, PureVPN at the time loudly proclaimed on its Homepage that kept no logs (now removed). It therefore it came as something of a surprise when someone was arrested based on these allegedly non-existent logs!

Note that its privacy policy always qualified the “no logs” claim (see quote above), but many feel PureVPN was nevertheless being very dishonest.

Security

OpenVPN encryption is generally a good indicator of encryption standards across the board, and allows easy comparison between services. PureVPN uses the following OpenVPN settings in Security/Privacy mode:

OpenVPN Encryption
Cipher
AES-256-CBC
Data hash auth
HMAC SHA1
Control hash auth
HMAC SHA384
Handshake
RSA-2048
Forward Secrecy
DHE
Logs & Legal
Connection
many
Traffic
None
Country
Hong Kong

Control channel: an AES-256-CBC cipher with RSA-2048 handshake encryption and HMAC SHA384 hash authentication. Perfect forward secrecy is provided via a Diffie-Helman (DE) key exchange

Data channel: an AES-256-CBC cipher with HMAC SHA1 hash authentication.

This is a secure setup, although it is only strong as its weakest point. The HMAC SHA1 hash authentication used on the data channel is nevertheless secure.

Other “modes” will almost certainly feature less strong encryption, but if you care about privacy and security you should be using OpenVPN in Security/Privacy mode anyway. Note that by default the desktop clients use IKEv2. This is widely regarded as secure, but not as secure as OpenVPN.

Want to know more? Please check out my VPN Encryption Guide.

The Website

The PureVPN website looks smart, and does a good job of listing the features on offer. It is rather light on details, however. A Support section is available, which includes FAQs and an extensive knowledgebase.

PureVPN Support

Other than the Support section on its website, customer support is primarily via 24/7 live chat. It is also possible to request a support ticket.

I had a better experience with support this time around than I have in the past. Live chat responded quickly and was fine when I asked simple questions about the service.

I do not expect frontline live chat support staff to have deep technical knowledge, but would have preferred that the staff member pass my questions onto somewhat more knowledgeable rather than trying to answer them (incorrectly) himself.

I think most people, however, will be happy with the level of support offered via live chat.

The Process

Signing up is easy. You have to provide a name and an email address, but these don’t need to be verified in order to register for the service. PureVPN may be able to obtain additional information via your payment method, but it supports various “anonymous” payment methods.

When you sign up, PureVPN invites you to download the software. A confirmation email with your account details is sent to the email address you provided.

The PureVPN Windows VPN Client

The Windows client looks smart and is packed with useful features.

PureVPN does not explain in detail what difference each “mode” makes to your connection settings, so I’ll just assume they are correctly optimized for the advertised tasks.

One of PureVPN’s big strengths is the huge number of servers it operates just about everywhere.

“Ozone” is an advanced firewall with some neat tricks up its sleeve (at least in theory). The “Antivirus” feature does not scan your files for malware, but blocks any attempt by malware that has got onto your system to access the internet. Intrusion blocks potentially malicious incoming connections.

URL and app filtering options are configured via a web interface. I am rather uneasy, however, over the broadness of the app filter categories. How does PureVPN determine if a game is a puzzle game? Note also that you can only filter a predefined list of apps.

Website filters are defined in broader terms, and make somewhat more sense to me. They could be very handy, however, for creating custom child-lock filters.

Overall, Ozone looks useful, but it is difficult to fully assess how comprehensive and effective its filters are. I did, however, try filtering websites categories such as “Peer To Peer” and “Pornography sexually Explicit.” Most sexually explicit websites were indeed blocked, but I was still able to connect to The Pirate Bay…

“Gravity” appears to be an extension of the Ozone firewall, and is also configured via a web interface.

It includes an ad-blocker and a safe search feature which filters out explicit results from a selection of popular engine searches. This is great if you do not wish to be exposed to such results, but tech-savvy kids will just use less popular search engines.

You can specify which search engine results to filter using the same website filters found in Ozone.

You can also blacklist or whitelist specific websites to be filtered.

Again, however, filtering “Peer To Peer” still resulted in The Pirate Bay and its proxies appearing on my Google and Bing search results.  So fail. At least, unlike with Ozone, Gravity’s features are clearly marked “Beta!”

By default, the Windows client uses the IKEv2 VPN protocol. I consider OpenVPN to be a better option, but IKEv2 is still good. Please see my VPN Encryption Guide for a discussion on this issue. You can also opt to use the PPTP, L2TP, and STTP protocols. But why would you?

I am not sure why “256 bit encryption” is an option, particularly as I would have thought it is a setting that might change depending on which “mode” you run the client in. It does seem to be enabled by default though.

I am even less sure why IPv6 leak protection is both optional and is not enabled by default. Given that the setting is hidden deep within the client’s Advanced Options menu, there is a very good chance that most users will simply be unaware of it.

This means IPv6 users will very likely expose their real IP to websites without their knowledge.

The client includes a firewall-based kill switch. This is the better kind of kill switch, as it prevents any traffic entering or exiting your PC outside the VPN tunnel. Note that using this feature requires granting the app admin rights.

I ran a couple of tests to ensure the kill switch works correctly. The client was running inside a Virtual Machine (VM). Disconnecting then reconnecting the host machine’s internet connection is a good way to simulate a standard VPN drop-out.

In this test the internet did not cut out, but the client did immediately reconnect to the VPN server. As no IP leaks appears to have occurred, this is fine.

I also tested to see if it is a firewall-based kill by simulating a software crash. This is easily done by force-closing the VPN client and seeing if an internet connection is still available.

Worryingly, the internet did not cut out and my true IP was revealed. This strongly suggests that PureVPN is not being honest when it describes its kill switch as being firewall-based. It also means the kill switch is not nearly as effective as it should be.

You can manually change port number or automatically scan ports to find ones that are open. This is great for avoiding firewall conflicts and bypassing firewall-based censorship.  You can also switch between UDP or TCP.

It’s possible to use your Windows device as a VPN hotspot. This means that other devices can connect through it to the internet while benefiting from VPN protection. This is a cool feature, although I was unable to test it as my USB WiFi stick doesn’t support Windows 10’s mobile hotspot feature.

Split tunneling allows you to exempt selected apps from the VPN, and is a very handy feature. It does not allow you to exempt specific websites, however.

The PureVPN Windows client looks good and is ridiculously well-featured. It really does have just about everything except the kitchen sink! Unfortunately, not all these features work as advertised. I also wish IPv6 leak protection was either enabled by default, or at least was not so hidden away.

The macOS VPN Client

The Mac client is essentially the same as the Windows client.

It features Ozone, Gravity, and a kill switch. It does not, however, include the port scanning/selection, VPN hotspot or split-tunneling features found in the Windows client.

Also missing is IPv6 leak protection.  When I contacted support I was given a link to instructions for disabling IPv6 in macOS. I do feel, however, that this issue should be better flagged-up for macOS users as most will not be aware there is a problem that needs fixing in the first place.

Performance (Speed, DNS, WebRTC, and IPv6 Tests)

All tests were performed on my Virgin Media UK fiber connection, using the OpenVPN User Datagram Protocol (UDP). I also ran a few quick tests using the default IVEv2 protocol, and the results were similar.

Speed tests

BestVPN.com has recently introduced a groovy new speed test system that provides a scientific and objective way to measure and compare VPN speed performance. Please see here for more details.

At the time of writing PureVPN has the fastest average download speed test results of all VPNs we test  and the sixth fastest Max Speed/Burst Result.

DNS lookup time is a good measure of how fast users perceive their connection to be. Faster lookup time = faster web page loading. PureVPN’s average lookup times are er… average, but it’s maximum lookup time is pretty good (remember that lower is better in the chart below).

PureVPN’s connection time results are pretty much average (lower is better).

PureVPN puts in a strong showing in these tests. Average download speed test results are excellent, and all other results are average or better.

IP leak tests

I ran basic test IP leak tests by visiting ipleak.net. These include IPv4 and IPv6 DNS leak tests and IPv4 and IPv6 WebRTC leak tests.

These tests are performed in private/incognito mode to prevent caching issues confusing the results. They were also performed in an unmodified browser that supports WebRTC, so that we can test for WebRTC leaks (Chrome, in this case).

That IPv4 DNS address belongs to our ISP. Fail! I will note, though, that we did test on a number of machines and this issue only occurred on one of them. But a DNS leak is a DNS leak.

In theory, our main test machine is IPv6 enabled, but I am not confident IPv6 was working when we ran our tests. I will, therefore, retest in a couple of weeks, when we have should a new IPv6 testing setup in place.

When no DNS leaks are happening, PureVPN uses Google DNS and OpenDNS servers to resolve DNS requests. These requests are proxied through PureVPNs servers, however, and so this does not constitute a privacy risk.

Please see A Complete Guide to IP Leaks for a full discussion of what all this means. Basically, though, if we can see your real IP address or an IP address belonging to your real ISP when using the VPN, then not good.

I also checked to see whether US Netflix and BBC iPlayer work with PureVPN. Both services are unavailable using the regular desktop client (and on mobile devices). They were successfully unblocked, however, using the Chrome and Firefox browser add-ons.

Other Platforms

PureVPN offers custom apps for Windows, macOS, Android, and iOS. In addition to regular Android, PureVPN offers custom apps for the Amazon Fire Stick and Android TV. In addition to this, PureVPN has browser extensions for Chrome and Firefox, and custom Kodi VPN app and DD-WRT. Phew!

Good manual setup guides are available for a bewildering combination of platforms and VPN protocols. This includes Linux (many distros) and a variety of routers.

The Android app

The app looks smart, and uses OpenVPN.

It is also surprisingly fully featured for a mobile app. “Gravity,” port scanning/selection, split tunneling, a kill switch, and secure WiFi are all present and correct.

P2P protection seems to be a simplified version of Ozone, without the ability to manually set the filters.

PureVPN Browser add-ons

In addition or instead of the main VPN clients, desktop users can install browser add-ons for Firefox and Chrome. These can be very convenient for spoofing your location within the browser, but if you are after privacy and security then you should use the main client.

The Browser add-ons provide WebRTC leak protection. I did not detect any WebRTC leaks when using just the main client, but using as browser add-on is by far the surest way to prevent WebRTC leaks. It is therefore probably a good idea to install theses add-ons, even if you prefer to use the main client to protect your privacy and proxy your location.


The add-ons also allow you to proxy your location from within the browser. In addition to choosing a proxy server by location, you can select which streaming service you would like to access. All services I tested worked, including US Netflix and BBC iPlayer.

Conclusion

I liked:

  • Fully featured software (both desktop and mobile)
  • Servers in 141 countries
  • Great speed performance
  • Five simultaneous connections
  • Secure encryption
  • Split tunneling
  • Kill switch
  • Accepts anonymous payment methods
  • Dedicated IP (optional)
  • 24/7 live chat support
  • Advanced port forwarding
  • P2P torrenting allowed on many servers
  • NAT firewall
  • Seven-day money back guarantee
  • Works with US Netflix and BBC iPlayer (browser add-on only)
  • P2P: yes (on selected servers)
  • No usage logs, but…

I wasn’t so sure about:

  • Lots of connection logs (which were recently used to identify and arrest a customer).
  • Content filtering features do not work very well. This also puts into question how well other “ozone” gestures such malware blocking and port intrusion detection work.
  • IPv6 leak protection option is hidden away (Windows) or not present (macOS)

I hated:

  • DNS leak
  • Huge number of complaints that BestVPN.com has received about the service

There is no doubt that with PureVPN you get a lot of VPN for your money. And if you buy a subscription, it can be a very small amount of money indeed. PureVPN’s feature list is very impressive. It also has servers just about everywhere, is blazing fast, and seems able to unblock just about every streaming service and sporting event.

Many users will therefore undoubtedly find that PureVPN does everything they want out of a VPN for a very low price. Not all features appear to work as well as I would like, but given the wealth of features available, and that these are probably only used by a small percentage of users, this is unlikely to be a major concern for most.

The recent high-profile case involving the arrest of a PureVPN customer did also show that, broadly speaking, PureVPN does a good job at protecting its users’ privacy. For me, however, it also showed why not building a VPN to be “no-knowledge” by design is dangerous.

No matter how justified it was in its actions, PureVPN simply should not have been able to assist the FBI in its investigations after saying on its home page that it kept no logs. Those with a strong commitment to privacy should therefore give PureVPN a wide berth.

The DNS leak we detected is also concerning, although it did seem something of an anomaly. Finally, we get to the huge list of complaints BestVPN.com has received about this service. These alone make it very difficult to recommend PureVPN.

Visit PureVPN »