Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #136 (at the time of the roll, VikingVPN)
Written Sep 27, 2016
When one explores VikingVPN’s blog pages, they will quickly discover the attitude of the company towards unethical marketing – that is to say, they are vehemently opposed to some well-documented business practices perpetuated by many (if not most) of VPN services on the market and their resellers. As many of you who read my writings frequently will be able to attest – VikingVPN is a company after my own heart in this regard. I have been aware of this for some time, and on /r/vpn and other subs I moderate on Reddit, I have linked to and used one particular page of VikingVPN, as the author says very plainly what we think and want others to be aware of there. VikingVPN’s /u/Youknowimtheman also contributes regularly to /r/vpn and usually has choice words for the shills that rear their heads there.
It’s clear VikingVPN’s heart is in the right place and that they are on the lookout for the same shenanigans as I am in this industry. For this reason, they have earned the first ever “Ethics” badge I have given out in a review.
Signing up for the service: Signing up for service through VikingVPN was easy, but there were a few minor concerns. VikingVPN does not use Paypal, (which won’t be as big a deal for the most ardent privacy advocates among us, but could be an inconvenience for the more casual VPN customer). Bitcoin transactions are only allowed for 6 or 12 month plans, which again is a bit of an inconvenience, but this time, for that more privacy-conscious group I mentioned. This applies specifically if people want to try the service for a short amount of time, but don’t want to commit to 6 or 12 months of service (even if there is a 14 day refund policy in place, that’s a lot of BTC to deposit for what amounts to a trial period). The service is also relatively expensive, especially if paying month to month ($10/month if you sign up for a year’s worth of service, and $15/month if you sign up for only one month).
VikingVPN’s welcome email was helpful and succinct – it included links to connection guides, getting support. etc. Unlike so many other services who bombard you wish 5-7 welcome emails/receipts – VikingVPN has discovered the long-lost secret of how to tell you everything you need to know as a new customer in 3 sentences of 1 email. I shouldn’t be impressed since that should be a normal thing for every company with a brain, but it isn’t typical, so yes, I am actually impressed. The website itself is fairly simple (although, I’m not one to talk!), and I think it could be better about indicating that I’m logged in as it appeared the only indication is at the bottom of the post login page, which said “Sign Out” instead of “Sign In” when logged in.
Configuring the service: The Profile page was easy to find, as it was linked to from the Connection tutorial and was also quite visible from the main page as well. For Linux, there were no Network Manager connection instructions, only command line interface. This may be because all certs and keys were written inline in each config file (Network Manager won’t accept them without some additional tweaking). This means that I had to manually extract them to set it up using my preferred method, which is always a bit inconvenient, and probably would be prohibitive if a customer wished to connect with this method, but hadn’t done it a hundred times. Setting up Android didn’t work right away, so I contacted support to resolve the issue, you can see more about the interaction below.
Speed & Stability tests: Tests were not super consistent, but even at their worst were very respectable. Definitely some of the stronger speed tests I’ve seen to date. Although there were only two international servers to connect to, they were easily the fastest ones I’ve tried so far (on average).
|Speed Tests – VikingVPN – Desktop|
|No VPN||Trial 1||9||ms||97.23||mbps||11.97||mbps|
|Comp to Bench||+59||ms||82.84%||91.45%|
|New York City||Trial 1||100||ms||58.55||mbps||7.46||mbps|
|Comp to Bench||+91||ms||71.78%||75.63%|
|Comp to Bench||+272||ms||16.90%||28.66%|
|Comp to Bench||+91||ms||45.89%||68.48%|
|Speed Tests – VikingVPN – Mobile|
|No VPN||Trial 1||11||ms||75.33||mbps||14.49||mbps|
|Comp to Bench||+59||ms||37.73%||89.01%|
|New York City||Trial 1||103||ms||18.89||mbps||13.35||mbps|
|Comp to Bench||+92||ms||22.99%||89.59%|
|Comp to Bench||+315||ms||9.61%||58.32%|
|Comp to Bench||+386||ms||6.86%||41.22%|
All tests performed using AES-256 over UDP (and all things considered, speeds held up well using such strong encryption).
Getting support: I sent an email to get help getting the issue mentioned above resolved (in Android). I received the following:
We have recently implemented a feature that has caused issues in
the Android apps. The feature is to fix DNS leaks in
Windows. I’m attaching the specific instructions for the fix below.
You’ll want to modify all of the configs you’re going to use for
either app this way, and import them normally after they are modified.
Let me know if you continue to have problems or any of these steps are unclear.
Open your desired config file in a text editor. (TextEdit is the name
of the free app built in to OSX, WordPad is for Windows, and Vim is
for most builds of Linux)
You’ll see a list of commands.
Look for the line “block-outside-dns” and remove it.
Save and exit.
Import the modified file like you normally would into OpenVPN Connect as normal.
It should fix the issue.
This feature doesn’t actually do anything in OSX, Android, iOS or
Linux so there are no security, performance or stability implications
to removing it.
In a nutshell, an extra instruction in their config file helps it run correctly in Windows, but prevents it from working with Android. You have to go in and manually remove the line of code in order to resolve the issue. I imagine there will be an update at some point, but this is highly inconvenient for the less-tech savvy. Regardless, this did fix the issue. The support representative gave a detailed explanation for why this is in place, and I don’t doubt their claims (namely unified config files for all platforms and preventing DNS leaks, etc). Even though this may be the case, the reality is that many of their competitors have figured out ways around such measures and have something that works out of the box for these platforms while accomplishing the same goals. It isn’t the worst thing in the world, but it doesn’t seem like a turnkey solution to me for someone that requires ease of use on such platforms.
Getting a refund: I asked for a refund, which was granted after briefly explaining why I wanted one. The support team’s response was also accompanied by a long explanation of why their service uses the configuration it does (as explained briefly above). I appreciate the personal attention and willingness to explain such things in such detail, even if I think there are things that could be done to prevent the need. Overall, perfectly reasonable, above average customer attention.
The only term I wasn’t fond of:
Google Analytics data is used to create a better customer experience on our website.
While you can opt-out of Google Analytics, I prefer a FOSS alternative that can be configured to respect privacy with no action needed from a visitor, to be used for web analytics. One example is Piwik. It’s not the end of the world, but if I had to nitpick, this would be what I’d latch onto in their terms and policies.
Final thoughts: VikingVPN is an above average service with some very attractive highlights. Things were a little rocky at the beginning (getting set up on Android, not officially supporting Linux Network Manager in their tutorials, etc). I was also somewhat close to awarding the Privacy award, if it weren’t for a couple of very small points (Relative inaccessibility of short-term and anonymous payment methods, Google Analytics, transparency about DNS servers used or DNS request logging – which isn’t specified either way). These are all minor, but they add up to me in this regard. However, the core service, once configured was very fast and solid. From a company standpoint, VikingVPN makes no bones about not tolerating unethical affiliate promotion or shady marketing tactics by other companies in the industry. They are so on-point in this regard, I have quoted them directly on both my site and on the subs I moderate on Reddit. Their blog and other articles are very good and make it obvious that they take their customer’s privacy seriously. They are a rare breed in this regard and should absolutely be commended. Their service is also personal and quick to respond to questions. Bottom line: Although fairly expensive, VikingVPN is a solid option, presuming that they meet your needs and threat model and you don’t mind spending a little extra time to get things working at the start.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||USA|
|Enemy of the Internet||Yes|
|Logs DNS Requests|
|Logs IP Address||No|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||Yes|
|Meets PrivacyTools IO Criteria||No|
|LEAK PROTECTION||1st Party DNS Servers||No|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443|
|Supports SSL Tunnel|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP||No|
|SPEEDS||US Server Average %||77.09|
|Int’l Server Average %||31.4|
|SERVERS||Dedicated or Virtual||Dedicated|
|SECURITY||Default Data Encryption||AES-256|
|Strongest Data Encryption||AES-256|
|Weakest Handshake Encryption||RSA-4096|
|Strongest Handshake Encryption||RSA-4096|
|AVAILABILITY||# of Connections||8|
|# of Countries||3|
|# of Servers||56|
|Linux Support (Manual)||Yes|
|WEBSITE||# of Persistent Cookies||1|
|# of External Trackers||0|
|# of Proprietary APIs||0|
|Server SSL Rating||A|
|SSL Cert issued to||Self|
|PRICING||$ / Month (Annual Pricing)||9.99|
|$ / Connection / Month||1.25|
|Refund Period (Days)||14|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective|
|Incentivizes Social Media Spam|
|Requires Ethical Copy|
|Requires Full Disclosure|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.