Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #24 (at the time of the roll, CrypticVPN)
Last Updated Oct 20, 2016
Signing up for the service: Signing up for the service was quick and easy. CrypticVPN requires you to provide an email address upon sign-up, which is the most I’m ever comfortable providing when doing so. Prices were quite reasonable, with a month of service starting for $2.50. Their website is very simple and provides you the bare minimum amount of information to use the service, which is fine by me. The simpler the better – assuming you can quickly and easily find the information and files you need on site, which was the case. Getting the manual config files was a snap.
Configuring the service: While getting the files for CrypticVPN was easy, one minor annoyance was the need to break the certs out of the ovpn files. It kind of bugs me when this happens as I think it shows some short-sightedness on the part of the service. I may be in the minority when it comes to manually configuring my VPN, but enough services out there support it, that I always raise an eyebrow when others don’t. Regardless, I was able to get the service up and running with minimal issue.
This occurred in the last review as well, but after connecting, I looked through the log and found: “WARNING: No server certificate verification method has been enabled”. The server configs were not set up to verify the server certificate (to know for certain it’s connecting to the actual server and not one in disguise). The cause of which, was that the files contained no lines to accomplish this task, which typically appears in one of the the following forms. This is insecure, and they denied any problem or wrongdoing further down as you will see. ns-cert-type server or remote-cert-tls server
Speed & Stability tests: At the start of the tests, the speeds I was getting were quite respectable, but towards the end of the tests, I got a miss here and there with two of their international upload tests (UK, Desktop, Trial 3 and Hong Kong, Desktop, Trial 1), and then a whole messed up server (South Africa). CrypticVPN’s website has a server status page, which did not indicate an outage for any of these servers. All tests were run using UDP.
|Speed Tests – CrypticVPN – Desktop|
|No VPN||Trial 1||9||ms||96.02||mbps||11.97||mbps|
|US West||Trial 1||64||ms||76.03||mbps||11.64||mbps|
|Comp to Bench||+53||ms||83.96%||97.48%|
|Comp to Bench||+293||ms||15.88%||22.19%|
|Hong Kong||Trial 1||412||ms||11.59||mbps||0.00||mbps|
|Comp to Bench||+400||ms||10.77%||7.50%|
|South Africa||Trial 1||635||ms||0.00||mbps||0.00||mbps|
|Comp to Bench||+623||ms||0.00%||0.00%|
|Speed Tests – CrypticVPN – Mobile|
|No VPN||Trial 1||11||ms||69.06||mbps||14.12||mbps|
|US West||Trial 1||65||ms||23.03||mbps||13.47||mbps|
|Comp to Bench||+53||ms||32.69%||94.42%|
|Comp to Bench||+292||ms||6.33%||76.32%|
|Hong Kong||Trial 1||421||ms||2.35||mbps||7.03||mbps|
|Comp to Bench||+414||ms||4.31%||39.01%|
|South Africa||Trial 1||626||ms||1.99||mbps||4.36||mbps|
|Comp to Bench||+617||ms||2.21%||29.54%|
Getting support: As mentioned, the website was quite simple. There was a support desk tab in the sidebar of the main control panel. At the bottom of the site was a “contact” link, however when clicked, a plain white page appeared indicating that the “Contact Form [is] coming soon.“, which felt a little unprofessional. I sent a message using the form provided
– however, after filling it out and submitting it, I got an error, saying “Title must not exceed 35 characters. Details must not exceed 255 characters.” This erased my message that I had just been writing and wouldn’t let me change and resubmit, I had to rewrite the entire thing. Very annoying and inconvenient.
I got a response back telling me to not submit the same ticket more than once (so, they were being submitted regardless of the warnings) and they closed the support ticket without responding. This is a joke.
Getting a refund: I followed up on the closed ticket with a refund request. When I tried to go back to see the status of the ticket, my login credentials no longer worked and they provide no password reset option. What company doesn’t provide a password recovery option? This is unacceptable and useless…
The materials on CrypticVPN.com’s web site are provided “as is”. CrypticVPN.com makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, CrypticVPN.com does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.
Make your VPN purchasing decisions accordingly, people.
The materials appearing on CrypticVPN.com’s web site could include technical, typographical, or photographic errors. CrypticVPN.com does not warrant that any of the materials on its web site are accurate, complete, or current. Does that mean that there’s a chance that this statement was made in error? If that’s the case, does that mean it’s not true? And if that’s so, does that mean-…
Final thoughts: Like so many services, CrypticVPN strikes me as another dime-a-dozen bore. They offer nothing that 75% of the other services on the comparison chart don’t. A website being simple is fine, however so was their server config, to the detriment of the actual security of the user. Being bare bones is okay when the core service is intact, and it WAS NOT in this case. Their service department and tech setup was a joke that is clearly not taking their responsibility to their customers seriously. I can’t really recommend CrypticVPN for anything other than it’s price. Bottom line: There are much better VPN solutions on the market than CrypticVPN, including those that have heard of customer support.
Update (10-20-2016): CrypticVPN have reached out to me with the following updates. I have not verified any of the following.
- Server configs have been updated to enforce certs and no auth caching
- Support ticket system has been updated – titles and content can now be a more reasonable length
- Provider of the South Africa server has been dropped due to poor support.
- Term declaring that CrypticVPN does not warrant the accuracy of any content on their site has been removed.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||USA|
|Enemy of the Internet||Yes|
|Logs DNS Requests|
|Logs IP Address||No|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||No|
|Meets PrivacyTools IO Criteria||No|
|LEAK PROTECTION||1st Party DNS Servers||No|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443||Yes|
|Supports SSL Tunnel|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP|
|SPEEDS||US Server Average %||83.96|
|Int’l Server Average %||8.88|
|SERVERS||Dedicated or Virtual|
|SECURITY||Default Data Encryption|
|Strongest Data Encryption|
|Weakest Handshake Encryption|
|Strongest Handshake Encryption|
|AVAILABILITY||# of Connections||1|
|# of Countries||15|
|# of Servers||18|
|Linux Support (Manual)||Yes|
|WEBSITE||# of Persistent Cookies||0|
|# of External Trackers||0|
|# of Proprietary APIs||2|
|Server SSL Rating||A|
|SSL Cert issued to||CloudFlare|
|PRICING||$ / Month (Annual Pricing)||2.09|
|$ / Connection / Month||2.09|
|Refund Period (Days)||0|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective||Yes|
|Incentivizes Social Media Spam|
|Requires Ethical Copy|
|Requires Full Disclosure|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.