Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I intend to conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #138 (currently VPN.cc)
Written Jun 13, 2016
I’m going to stop counting these at this point as we seem to be well into the series of reviews! Let’s get to it!
Signing up for the service: The VPN.cc website was pretty straightforward and sign up was pretty easy. I had the option to choose between 1, 3, 6, and 12 months of service (pretty normal), from which I picked 1. Sign up required an email address, which is the most I’d personally feel comfortable providing from a privacy standpoint (however, as you’ll see in their terms, they potentially have plans for much much more).
Configuring the service: The downloads section of the website had the official clients for Windows, Mac, and uncommonly, a dedicated client for Linux. I still prefer a manual configuration, but to my disappointment, there were no .ovpn files to download. I reached out to support, which I’ll outline in more detail below (It didn’t go well).
Speed & Stability tests: I was not able to get a response from support regarding manual config files, therefore no connection could be made and no speed tests could be performed.
Getting support: As the downloads page of the website didn’t have any .ovpn files, I was left to contact support in the hopes that they could send me a zip containing what I needed to get started. I created a ticket using the site’s “already a customer” web form and logged in. I was still required, however, to provide a name, email address. I got an automated response quickly with a ticket number and receipt confirmation. After approx 3 days of waiting (what I consider to be a reasonable amount of time to get at least a ” sorry we’re slow, but we’re working on it,” response, I had not received any response whatsoever (other than the initial “we received your support request” email).
Getting a refund: After around 3 days of waiting for support (I consider this to be a reasonable amount of time for at least something to be sent back), I submitted a refund request. After another full day of waiting, I still hadn’t even heard back on the initial support request. Had this been a close review, I might have waited another day to give them the benefit of the doubt, but I feel it’s pretty clear what I’m dealing with here unfortunately.
These terms and conditions might just rival some of the worst I’ve seen. Can we not cover all our bases in a page or two? Must we endure an unending saga of what is and isn’t the responsibility of the service?
“The Provider will optionally provide the Customer with a client software to easily establish VPN connections.”
This is a little strange, and I could possibly be reading too much into this, but my concern lies with the combination of this line existing, and nothing being written about providing the customer with manual configuration files or alternative methods to connect.
“With Registration for the Service, the Customer is obligated to provide some or all of the following personal data completely and correctly: surname, first name, address and telephone number, valid e-mail address and payment information according to the selected payment method…”
I always find it odd when a company has this in its terms, but doesn’t require it during registration. It’s like they want to squat on the rights to collect your personal information in case they ever decide they need it. Regardless, the fact that this is included in their terms tells me they aren’t serious about privacy.
“The Customer shall be obligated to provide evidence of suitable power of attorney.”
“For the security of the Customer and the Provider, the Provider shall save the IP address of the Internet access at the time of Registration.”
I’m afraid this is relatively common, if not by the VPN service, by the payment vendor. Choosing to do it from the VPN company side again tells me they aren’t serious about your privacy.
“Prior to conclusion of the contract, the Customer must define with the Provider, the type of account he wishes to use. Desktop Accounts work for desktop devices (PCs, Notebooks, Netbooks) AND mobile devices like Smartphones or Tablets. Mobile accounts only work for mobile devices such as Smartphones and Tables. However, they can be upgraded to a desktop account at any time (incurring an upgrade fee). Downgrading a desktop account to a mobile account is not possible.”
These “tiers” of service didn’t appear when signing up for service. I don’t know if that was the case at some point, but it’s a silly policy and even more silly if they discontinued it and left it in their terms.
“If the Customer should only choose to use a test period with his Registration, the contractual term will begin at the start of the test period.”
As far as I can tell, a test period isn’t even a standard option.
“For all changes to personal data used for the Registration or payment details, the Customer is obligated to either amend his profile in the customer section of the Website or notify the Provider of the changes using the support form or by e-mail.”
Privacy violation, it really shouldn’t be any of their business.
“We collect information from you when you register on our site, place an order or subscribe to our newsletter. When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number, credit card information or bank account information.”
Huge privacy violation. Avoid this nonsense.
“You may, however, visit our site anonymously.”
“After a transaction, your private information (credit cards, social security numbers, financials, etc.) will be kept on file for more than 60 days in order to process further payments.”
Another red flag – “More than 60 days”… so… forever?
Final thoughts: Signing up for service was painless, but getting the manual config files was not possible given the complete and utter lack of support I received. As mentioned, getting a refund was not as quick as I’d hoped – waiting another full day and getting no response other than the automated reply with a support ticket number. They might as well have told me to get lost in that email. Even though it wouldn’t help, at least they’d be direct about their attitude towards their customers.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||Malta|
|Logs DNS Requests|
|Logs IP Address|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||No|
|Meets PrivacyTools IO Criteria||No|
|LEAK PROTECTION||1st Party DNS Servers||No|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443|
|Supports SSL Tunnel|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP|
|SECURITY||Weakest Data Encryption|
|Strongest Data Encryption|
|Weakest Handshake Encryption|
|Strongest Handshake Encryption|
|AVAILABILITY||# of Connections||2|
|# of Countries||59|
|# of Servers||903|
|WEBSITE||# of Persistent Cookies||0|
|# of External Trackers||0|
|# of Proprietary APIs||11|
|Server SSL Rating||B|
|SSL Cert issued to||No SSL Cert|
|PRICING||$ / Month (Annual Pricing)||$6.99|
|$ / Connection / Month||$3.50|
|Refund Period (Days)||14|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective|
|Incentivizes Social Media Spam|
|Requires Ethical Copy|
|Requires Full Disclosure|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.