Jump to content
Not connected, Your IP: 44.200.40.97
usefulvid

VPN comparison

Recommended Posts

I created this list which compares several VPN providers:

https://docs.google.com/spreadsheets/d/1V1MFJJqwAtn9O_WgynUMXRbXLhsY2SAViADYsLZy63U/edit#gid=0

As you can see airvpn is one of the leading ones with a good price

 

I asked some other providers if and how they protect against the webrtc leak. 12vpn told me that they block stun ports on their server.

Can anybody confirm that this is a reliable way to block this leak?

 

idlcoak told me something similiar: "we block request from webrtc APIs."

 

Can anyone who has more knowledge than my comment this? 

Share this post


Link to post

the whole webRTC thing needs to just die.  it's not up to a VPN provider to protect you from a web browser function.

 

In my opinion you shouldn't consider webRTC blockage in your review.  users should instead just disable it in their browser if they don't want it.

Share this post


Link to post

the whole webRTC thing needs to just die.  it's not up to a VPN provider to protect you from a web browser function.

 

In my opinion you shouldn't consider webRTC blockage in your review.  users should instead just disable it in their browser if they don't want it.

 

To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. 

 

One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually).

Share this post


Link to post

 

the whole webRTC thing needs to just die.  it's not up to a VPN provider to protect you from a web browser function.

 

In my opinion you shouldn't consider webRTC blockage in your review.  users should instead just disable it in their browser if they don't want it.

 

To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. 

 

One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually).

 

why should the VPN provider be the one to provide a workaround?  why shouldn't the user just change browsers?

Share this post


Link to post

 

 

the whole webRTC thing needs to just die.  it's not up to a VPN provider to protect you from a web browser function.

 

In my opinion you shouldn't consider webRTC blockage in your review.  users should instead just disable it in their browser if they don't want it.

 

To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. 

 

One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually).

 

why should the VPN provider be the one to provide a workaround?  why shouldn't the user just change browsers?

 

Why should VPN providers give leak protection, IPv6 disablement, or any other feature? It's just nice to have. Since WebRTC leaks are a VPN specific issue, I only mean it makes sense for VPN providers to address it. I didn't say they had to provide a 'fix', I said and/or information about it. AirVPN happen to offer both, which is nice. Not everyone wants to use Firefox, for example I hate how laggy it is on big websites even with 8 CPU cores and 16GB of RAM. It's a great browser all round though, and I do still keep it installed. It's also my default on Linux (where it seems to perform better). 

Share this post


Link to post

the whole webRTC thing needs to just die.  it's not up to a VPN provider to protect you from a web browser function.

 

In my opinion you shouldn't consider webRTC blockage in your review.  users should instead just disable it in their browser if they don't want it.

 

To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. 

 

One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually).

 

why should the VPN provider be the one to provide a workaround?  why shouldn't the user just change browsers?

If you already use Firefox-which I recommend for Privacy reasons-there is an easy solution for this:

GoTo  https://www.privacytools.io/  and search for "WebRTC IP Leak Test".

Besides the webrc you are presented with the sollution to the problem.

Btw this website you may find a lot of interesting things!

 

Have a good Day

Share this post


Link to post

I asked some other providers if and how they protect against the webrtc leak. 12vpn told me that they block stun ports on their server.

Can anybody confirm that this is a reliable way to block this leak?

 

 

This is a reliable way indeed, but it should not be up to the VPN provider to decide whether to block it or not.

I don't plan to use it on my network so I blocked it globally, but every user should decide on his own.

Those leaks sometimes bypass the entire VPN network entirely, so their work will not be enough.

 

I wonder what such providers will do in order to prevent DNS leaks. Block the entire udp/53 port on all servers?

This is not a good approach.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Thanks a lot for your anwsers. I also agree that the vpn service should provide a solution against the webrtc leak. For chrome I have to install a new plugin which I have to trust. The approach with the windows firewall which blocks everything which goes around the  vpn is great. perhaps there are other software using a similiar mechanism to webrtc they will also be blocked.

Share this post


Link to post

Why should a VPN provider do this and why should they do that? I've been researching which, and what type of VPN to get for close to three weeks now and have already dumped three due to horrendous tech support and  "why" VPNs should do those kind of things is, believe it or not, not everyone knows as much as you guys when it comes to UA spoofing, SSL/SSH, routing, masking, obfuscating, porting forward and the other things to stay ahead of attackers but it's easy enough to follow a forum like this to determine if a VPN doesn't address such issues, coupled with my NOT knowing how to achieve those configurations resulting in my data being at risk would make my buying service from them pointless so I'm thinking they should do AT LEAST that AND give customers step-by-step tutorials with any necessary links to achieve something to that end.

Knowledge is power and I can't see any reason power like that shouldn't be shared.

The last two days of my "shopping" have finally gotten me to multi-hopping VPNs which pisses me off that general searches kept leading me to the same crap VPNs over and over.

Thing is you've got to PLEASE remember that a huge portion of the population is completely ignorant to the how, what and why when it comes to all this- we just want to PAY for a highly effective VPN that's constantly evolving thus making their best effort in staying on the cutting edge of keeping my data secure that we can feel good about giving our hard-earned money to... keywords here are "ignorant" (the "why" you asked about), the second being "pay" which is the reason the VPN gets to pay for continued R and D, buy servers and equipment, pay their employees, stay in business and turn a profit so we are kinda important when all's said and done.

Now I'm just searching for a VPN that will take a freakin moment out to help me put together the appropriate package for my needs. I see the lists of what they offer, I just can't implement them effectively...

Sorry to interrupt - Carry on

Share this post


Link to post

Why should a VPN provider do this and why should they do that? I've been researching which, and what type of VPN to get for close to three weeks now and have already dumped three due to horrendous tech support and...The last two days of my "shopping" have finally gotten me to multi-hopping VPNs which pisses me off that general searches kept leading me to the same crap VPNs over and over....Now I'm just searching for a VPN that will take a freakin moment out to help me put together the appropriate package for my needs. I see the lists of what they offer, I just can't implement them effectively...

Sorry to interrupt - Carry on

So, em, who did you find/choose?

Share this post


Link to post

I had to decrease AirVPNs rating due to unsolved DNS issues. Feel free to inform me if these issues are solved.

 

Instead of spreading wrong information, did you try to check the routes page for the allegedly failing domain here?

https://airvpn.org/routes/

 

This page should also check in realtime the DNS resolution and report any errors.

 

Or you decided to take 2 (completely unrelated) issues from that thread and conclude there is a global problem?


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

If you allow me some important things are missing in your list

​for example

​What OS are allowed ?

​Is there a software client for each os ?

Killswitch ?

​Is peer to peer allowed ? (For exemple oVpn.to doesn't allow torrenting)

Share this post


Link to post

Instead of spreading wrong information, did you try to check the routes page for the allegedly failing domain here?

Which information is wrong?  I will check routing next time the issue appears. This hint should come from the airvpn support

Or you decided to take 2 (completely unrelated) issues from that thread and conclude there is a global problem?

I personally have this issues and opened up a ticket and the users in the thread also report this issue. DNS fails for some minutes and just for specific domains.

 

 

​Is peer to peer allowed ? (For exemple oVpn.to doesn't allow torrenting)

This is mentioned in the comment section. At the time I started the list I thought P2P is natuarlly allowed but I discovered it is often blocked. Where do you get you information that ovpn is not allowing p2p? They only state in the ToS that ILLEGAL Filesharing is forbidden. 

Share this post


Link to post

Difference is subtile

If peer to Peer is "allowed", torrenting is not :

"Illegal sharing of copyright protected materials is prohibited" says their TOS

 

Is it not the proof than a "full green" VPN could be a very uncomplete one

+ they don't have a linux soft client with killswitch like AirVpn .

 

As I said in the previous message important items are missing in your list .

Most of based country are missing too, and there is no colours to say if they appart to 5eyes , 9eyes ot 14 eyes country .

 

Godd job anyway

 

 

Share this post


Link to post

You are again concluding that the issue you are having is the same with other users while it's not.

 

 

I found something out:

It seems that sometimes dns requests are sended to my router instead of using the airvpn dns. Airvpn dns is working fine but does not receive dns requests.

The dns requests to my router are blocked by dns leak protection so I get no result. after some minutes waiting it worked again. I changed nothing in the meanwhile...

This is a case of a simple DNS leak. The solution to this should be the same as fixing DNS leaks on Windows - making sure the DNS servers in all adapters are set to automatic when using Eddie.

 

If there were issues with the DNS servers, there would be much more threads and reports about it than 2 users in 2 months making assumptions.

You can still verify it with the following simple method:

1) Get a list of Alexa Top 1000 most visited websites. This should be enough for testing reliability. We cut 1000 from 1m.

curl -s -O http://s3.amazonaws.com/alexa-static/top-1m.csv.zip ; unzip -q -o top-1m.csv.zip top-1m.csv ; head -1000 top-1m.csv | cut -d, -f2 | cut -d/ -f1 > topsites.txt

2) Make a small command to get the first A record from each host and write results to a file. We can use dig +short for that:

 

dig a -f topsites.txt +noall +answer | awk '{print $1}' | sort | uniq | nl

 

3) Check results, should be exactly the same number as the hosts you defined in the test.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

3) I got 1005 results instead of 1000

I tried it with 30 -> I got 30 results

I increased to 40 and got 41 results

 

 

root@ubuntu:/home/usefulvid# dig a -f topsites.txt +noall +answer | awk '{print $1}' | sort | uniq | nl
     1	360.cn.
     2	amazon.com.
     3	baidu.com.
     4	bing.com.
     5	detail.tmall.com.
     6	detail.tmall.com.danuoyi.tbcache.com.
     7	ebay.com.
     8	facebook.com.
     9	google.co.in.
    10	google.co.jp.
    11	google.com.
    12	google.com.br.
    13	google.com.hk.
    14	google.co.uk.
    15	google.de.
    16	google.es.
    17	google.fr.
    18	google.it.
    19	google.ru.
    20	hao123.com.
    21	instagram.com.
    22	jd.com.
    23	linkedin.com.
    24	live.com.
    25	msn.com.
    26	qq.com.
    27	reddit.com.
    28	sina.com.cn.
    29	sohu.com.
    30	taobao.com.
    31	t.co.
    32	tmall.com.
    33	twitter.com.
    34	vk.com.
    35	weibo.com.
    36	wikipedia.org.
    37	wordpress.com.
    38	yahoo.co.jp.
    39	yahoo.com.
    40	yandex.ru.
    41	youtube.com. 
root@ubuntu:/home/usefulvid# cat topsites.txt | wc -l
40
root@ubuntu:/home/usefulvid# 

I did this while the issue did NOT appear

Share this post


Link to post

detail.tmall.com.danuoyi.tbcache.com thats the extra one that returns CNAME as well as A.

So yes few more results than in your file is a good outcome as well.

But you have to test it when you claim to have issues, while obviously connected to that server.

 

I specifically made it for *nix where no DNS leaks occur, so you can know that your setup is correct

and there are no requests sent over other interfaces and other devices, just a test of the 10.x.0.1 Air DNS.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...