Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #104 (at the time of the roll, SecureVPN.to)
Written Oct 1, 2016
Signing up for the service: When first visiting SecureVPN.to’s website, one may be shocked at how plain looking it is. On the front page is a small selection of plans from which to choose and their associated price (in Euros). Unfortunately, SecureVPN.to doesn’t accept PayPal or Credit cards, which may limit the accessibility of the service That said, for die hard privacy advocates, paying in Bitcoin or another form of cryptocurrency is probably not a concern – as was the case with me. Paying with Bitcoin was easy and quick. No personal information is required to register for the service, INCLUDING email address (which is fantastic for privacy). They also provide one of the most clear no logging policies I’ve seen (on every aspect on the comparison chart – including connection metadata). For these reasons, SecureVPN.to earns the very first “Privacy” badge I’ve given out in a review.
Configuring the service: As mentioned, the website was very simple, but rich in actual important information. The Servers list is quite useful as it showed network capacity (100Mbps vs 1Gbit) by server, as well as if they are virtual/dedicated. A button next to each server which shows the Ports and Protocols available on it. There are also “long term customer” servers reserved for those who subscribe to the longer (1 or 2 year) plans, which is kind of an interesting idea to reward loyal customers.
Config files were easily found on the website and came bundled in Desktop and Mobile packages, which was nice. The configs were a bit complicated to set up, as certs needed to be broken out manually in order to use Network Manager on Linux (manual configuration). That said, they utilized every security mechanism OpenVPN offers. It’s clear that the maintainers of the service know what they’re doing and want to run a sophisticated and hardened VPN service.
Speed & Stability tests: VPN services that are transparent with the network capacity information from above fare better on average in this section because I can use the supposed fastest servers for my tests – in other words, I’m not forced to randomly guess which might be best to try.
|Speed Tests – SecureVPN.to – Desktop|
|No VPN||Trial 1||8||ms||97.98||mbps||12.19||mbps|
|Comp to Bench||+85||ms||58.96%||76.87%|
|Comp to Bench||+304||ms||14.24%||31.98%|
|Comp to Bench||+351||ms||8.29%||18.30%|
|Comp to Bench||+170||ms||19.24%||31.26%|
|Speed Tests – SecureVPN.to – Mobile|
|No VPN||Trial 1||11||ms||74.82||mbps||14.40||mbps|
|Comp to Bench||+86||ms||8.12%||75.47%|
|Comp to Bench||+304||ms||1.08%||61.80%|
|Comp to Bench||+370||ms||1.07%||40.98%|
|Comp to Bench||+171||ms||6.60%||72.71%|
All tests were run with UDP and AES-256 (which is very strong encryption, but it also takes its toll on the device hardware to handle the on-the-fly encryption). This can be seen especially in the mobile test where the hardware is an obvious limitation. Regardless, these speeds ranged from fair to good (not bad but also not the best I’ve seen) on Desktop and pretty “meh” on Mobile. Not the best I’ve seen, but also not the worst.
Getting support: I contacted support with some basic troubleshooting questions a user might experience and received a reply in a reasonable amount of time (by the next morning). Support is handled strictly in the website’s user portal, and is kept very basic, but also very functional. When you have a question, you enter it into the textbox provided – where it then shows up underneath, in a trail of support messages and responses. When you want to see if your question has been answered, you must log into the site to follow up. This is a little inconvenient for most users, but for those who wish to keep things private, it’s a reasonable trade-off for the peace of mind that there would in theory be fewer attack vectors to access this information.
Getting a refund: SecureVPN.to has no stated refund policy anywhere on their site, and given that they don’t accept PayPal or Credit Cards, I didn’t expect that I would be granted a refund when I asked. Unfortunately, this was the care – they rigidly abide by a “no refunds” policy when requested. Not the most consumer friendly policy. It might not have been so bad if the service hada shorter subscription (3-7 days) or a trial period of some kind.
Final thoughts: SecureVPN.to does a lot right – but there is still some low hanging fruit on their end if they wanted to score points with me, for instance providing a PGP key (which MIGHT be excusable since they have all communication flowing through their website), but especially using 1st party DNS servers and perhaps offering a trial period or short term subscription for those interested in testing the service. Their configs were very strong and secure, but also a little annoying to set up using manual methods (which is my personal preference) as they make you do the legwork to break out certs and keys from each server’s ovpn file. Speeds ranged pretty drastically depending on where I was connecting, and there was only one (somewhat centrally located) US based server.
In the end, despite a strictly enforced no refund policy and payment method, it’s clear the SecureVPN.to team give a care about your privacy (which is shockingly rare in this industry). I appreciated their simple and practical website as well. Overall, I get the feeling that if you are concerned with privacy and want a service you can trust to maintain their servers and service, you could do a lot worse than SecureVPN.to.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)|
|Fourteen Eyes?||Not Disclosed|
|Enemy of the Internet||Not Disclosed|
|Logs DNS Requests||No|
|Logs IP Address||No|
|ACTIVISM||Anonymous Payment Method||Yes|
|PGP Key Available||No|
|Meets PrivacyTools IO Criteria||Yes|
|LEAK PROTECTION||1st Party DNS Servers||No|
|IPv6 Supported / Blocked||Yes|
|Supports TCP Port 443|
|Supports SSL Tunnel||Yes|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP|
|SPEEDS||US Server Average %||58.96|
|Int’l Server Average %||13.92|
|SERVERS||Dedicated or Virtual||Mixed|
|SECURITY||Default Data Encryption||AES-256|
|Strongest Data Encryption||AES-256|
|Weakest Handshake Encryption||RSA-4096|
|Strongest Handshake Encryption||RSA-4096|
|AVAILABILITY||# of Connections||25|
|# of Countries||23|
|# of Servers||34|
|Linux Support (Manual)||Yes|
|WEBSITE||# of Persistent Cookies||1|
|# of External Trackers||0|
|# of Proprietary APIs||0|
|Server SSL Rating||A+|
|SSL Cert issued to||Self|
|PRICING||$ / Month (Annual Pricing)||6.84|
|$ / Connection / Month||0.27|
|Refund Period (Days)||0|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective|
|Incentivizes Social Media Spam|
|Requires Ethical Copy|
|Requires Full Disclosure|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.