Comparison and Flaws of Common Free VPNs

[Deactivated] on 05/03/2016 - 06:50
Last edited 05/03/2016 - 07:21

I thought it might be interesting to share the results of some VPN testing I've just done.
Note: this is just a quick note. And I am not an expert.

I tested the following on a laptop and on a desktop, both running XP SP3, used telstra and amaysim 3G isps, and used two network sniffers to test easy to recognise text-based streaming sharemarket data.

I think this is a solid test, so be warned some VPN's just aren't worth using at all.

I also want to test how reliable their IP replacement is, but don't have the time at the moment.

The first three Vpn's have very disapponting results. So not useful for WIFI protection.

                             -VPN's - System Wide -

  • Cyberghost -
    Found that sometimes it runs in the background without program being started. Found this out because my internet traffic was being encrypted without any reason.
    Cyberghost always leaks non-encrypted data (in my tests), along with most being encrypted.
    The program placed free users in a long queuethen often fails to connect to three of its servers, and places you back in the queue to start over.
    The waitng is long, and disconnections can be frequent, or not at all.

  • Steganos -
    Won't work on my laptop so only tested on desktop.
    Steganos either fully encrypts your data, or doesn't do it at all. No encryption means wifi spies may see your clear-text passwords, emails etc.

  • Pegasus -
    Very quick, easiest to use and useless to me.
    Pegasus never encrypts your data. I tested most servers on both computers.
    Don't bother.

  • Anchorfree Hotspot Shield - <May be the best Free VPN if adverts are ok>
    See https://www.hotspotshield.com/lp/pages/privacy.html
    It says: AnchorFree does not collect any personally identifiable information on Hotspot Shield
    And: Hotspot Shield encrypts every page visited by our Users,

    They have annoying adverts.
    My limited testing showed that no non-encrypted data was leaked (The only private vpn tunnel so far).
    First time connection delivered their ads fine. I could get nothing from internet. Second time connection worked well, it seems generally secure, but personally I don't like using it.

  • OpenVpn -
    Note I used dozens of these services for years and they were at best just fast enough to barely manage to get anything done.
    Good example is VpnBook.com, haven't tested yet, but worth considering.
    Also http://freevpnsoftware.net/ and many others using Openvpn.
    Will post results here when I do test these.

                         - Browser Based protection -

  • TOR -
    Sponsored partly by the NSA, so no one trusts it entirely (possible backdoors).
    Has known minor security flaws. Runs very well, faster than JondoFox.
    If security is not critical, I think this is the best. It can be daisychained many ways for secondary protection, if it is breached.
    Data was always encrypted during tests. With one odd unimportant line unencrypted once in a while. Just a generic header line perhaps.

  • Jap/Jondo -
    This is probably the best all round for privacy, security and anonymity, particularly if daisychained with a solid vpn, proxy or other system.
    No non-encrypted data seen during tests, with the same occaional header line as seen in TOR. A couple of experts have said it's the best, it never seems to fail. Runs slow but hey it's always been free.

Unfortunately I don't have more time for this right now. But would like any high level info you guys can add.

Internet VPN

Comments

  • poolroom on 05/03/2016 - 08:42

    I'm surprised some aren't encrypting at all - i.e. the "P" in VPN. Could this come down to XP not supporting a particular encryption protocol or cipher? Without digging up the detail I know we had issues towards the end of life of XP machines at work because a vendor upgraded a cipher and XP was out in the cold.

    But either way, they should warn you or terminate the connection if the VPN setup failed in anyway.

    Also - I use OpenVPN a fair bit on servers that I manage and it performs well. But it is a CPU hungry best at speed, let alone the bandwidth requirements. So I'm not surprised that it gets sluggish on a shared, free host.

    • [Deactivated] on 05/03/2016 - 09:30

      Odd that two vpns mentioned above randomly encrypt. On/off/partly. Probably not XP in that case.

      Anyway for most people such as at wifi hotspots they are getting false security.
      Which has been my case at home.

      Hope to get some good ideas through this post. And tonight will try my Win 8.1 tablet regarding vpn data enryption.

  • geek001 on 05/03/2016 - 10:04

    Interesting read. I think this should be stickied somewhere…

  • Colombian on 05/03/2016 - 11:41

    I thought you were going to talk about VPN services. Goot thread anyway.

    Question: Do we really need a software to use VPN service? I just make the configuration through network settings in Windows.

    • [Deactivated] on 05/03/2016 - 15:40

      I'm not sure about this but here goes anyway….
      If you are talking about pptp configuration, it's easy, but it's cracked I think.
      Eg. Your ISP can pay a fee to have a sample of your data unencrypted. I saw the fee was on offer for $25 once. Don't use pptp for serious privacy.

      If you install Openvpn, then you can just run any vpn's .ovpn configuration file in Openvpn. Is that what you're referring to?

      • Colombian on 05/03/2016 - 15:44

        I don't use PPTP for my VPN connections, I use L2TP and my speed is still good for what I use.
        I'm still failing to see the need of a software to make VPN connections, if someone would care to explain to me the advantages I would be grateful.

        I hope my post doesn't sound too rude.

        • kipps on 06/03/2016 - 11:39

          L2TP is generally considered secured, but there have been recent suggestions that the feds have been able to decrypt L2TP traffic in an unknown way:

          https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

          PPTP is widely known to be easily broken.

          This leaves OpenVPN as the generally recommended protocol for VPN.

  • kipps on 05/03/2016 - 18:36

    You think TOR is "partly sponsored" by NSA? you think "OpenVPN" is a service?

    This has to be a troll.

    • [Deactivated] on 06/03/2016 - 01:15

      Rubbish, you are just trolling.
      "Note I used dozens of these services for years" is referring to the services that use Openvpn dumb dumb!
      Us government sponsorship of TOR has been an issue which TOR has acknowledged. It seems they have removed the top level US government sponsor from their past/current sponsor list. hmmm. I wrote this note quickly and stated it was just that. The point was made.

      • kipps on 06/03/2016 - 11:27
        +1

        Your comments are ill-informed rubbish.

        First, you fail to distinguish between actual service providers and the underlying software/protocols with any degree of precision.

        If you want to attack these services then at least offer some sensible, informed criticism.

        In all your commentary of TOR, you completely fail to note the recent scandal involving Carnegie Mellon University and TOR, where the University's researchers compromised nodes in the TOR network and passed those details to the Feds. (See https://blog.torproject.org/blog/did-fbi-pay-university-atta… and others).

        The fact that the US Government extended funding to TOR IS NOT cause to believe it has been compromised. To suggest otherwise means you are suggesting that the operators of TOR can be bought by the US Government. If TOR was already compromised by the Feds then why would they need to pay $1 Million to university researchers to compromise it?

        OpenVPN is an open source protocol (and associated open source server/client software) for VPNs to operate. Your "review" of the OpenVPN "service" is absurd, given it is merely a protocol offered by third party providers. If there were issues with this software then it would be determined quickly.

        Your comment about OpenVPN being "just fast enough to barely manage to get anything done" demonstrates just how bad your understanding of OpenVPN is, particularly once you realise that OpenVPN is merely software.

        And for the avoidance of doubt, I use PIA with OpenVPN just fine on a 100mbps connection, and am able to achieve 70mbps easily. Contrary to your misinformed opinions, OpenVPN is one of the best VPN protocols (noting that PPTP is known to be insecure).

        Further, you claim to be concerned about privacy/security, yet comment that you're running Windows XP SP3, an OS which no longer has support from Microsoft.

        Your entire post is a joke. You must be trolling.

        • [Deactivated] on 06/03/2016 - 12:23

          No probs kipps. I jotted this post down in case it was of benefit to anyone.

          You seem to be missing the point of the post, which in a few words is this.

          Don't rely on vpn's encrypting your data. I tested a few of them and found very poor results.

          Example: pegasusvpn.com state on their webpage:
          "All your data is encrypted while using our VPN service."
          But it is not encrypted at all on my computers.

          So I thought I would point this out to people. I had no interest in arguing about what I did wrong that could be picked over but wasn't the point.

          Oh well.

Login or Join to leave a comment
Login Join