Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I intend to conduct my reviews, my methodology, etc – here. More information on review badges here.
This review’s roll was #158 (currently ZorroVPN).
Written Jun 8, 2016
This is now the third in this series of reviews I’ve put together. I’m finding these reviews quite fun, albeit a little time consuming. Hopefully you guys are finding them useful, or at least potentially so once more and more come out. If I can get them done faster than one review every 1-2 weeks, I’ll try to do so!
Signing up for the service: The first thing I noticed about ZorroVPN is that it looked like a smaller operation based on the simplicity of the site and relatively little on the main page in the way of links or information. This worked in its favor however, as finding the order page was very easy. From this page I was able to choose between 1, 2, 3, 6, and 12 months of service, quite a few different options. I signed up for 1 month of service and in just a minute or two, I was up and running.
Sign-up does require an email address, which is the most I’d be comfortable offering if purchasing service for privacy reasons.
Configuring the service: In the past, I’d used one other particular service with a dynamic config file generator. This is an amazing feature I wish more services had. I was pleased (and a little surprised) to see that ZorroVPN, being a smaller company, had this feature as well. To those unaware, this feature allows you basically set up your .ovpn files before you even download them – by selecting your desired protocols, ports and even more advanced features like MTU and the option to embed all certs inline (for ease of setup on some platforms such as Android). This made downloading the entire array of .ovpn files a snap and in no time I was off and running. I can’t stress enough how useful this feature is.
I didn’t need to reference them, but they had a sidebar here too, with installation instructions covering most platforms from Windows, OSX, iOS, Linux, Android, and even some more rare ones like FOSS router firmware (Tomato and DD-WRT). The instructions included the methods to connect manually on all of these platforms – which is all I ever wanted. The .ovpn files worked properly first try.
The VPN management section also had some offerings in the way of chaining VPN servers and port forwarding. (I don’t personally use these features, but I know that some people would find them useful, so I’ll give them a mention here).
It wouldn’t be a problem for me or another advanced user, but it’s worth noting that they ONLY have manual configurations (which I’m fine with for reasons explained in my methodology page), but for a beginner, it might be a bit of a struggle to get setup with no official app, but again, I’m assuming if you’re reading my reviews, you’re probably okay to setup OpenVPN without too much trouble.
Their network status page was fine, but only had an “OK” badge to indicate the server was working properly at a given time. Many other services will include some kind of indicator in the form of a bar as to the current load on the server, which is convenient. It’s not a big deal, but it would be nice to have here too.
Speed & Stability tests: All tests performed at non-peak times using speedtest.net, the speedtest.net app, test server was Phoenix NAP AZ Data Center for all trials. Connecting using UDP, AES-256 encryption (the default).
|Speed Tests – ZorroVPN – Desktop|
|No VPN||Trial 1||10||ms||97.32||mbps||12.86||mbps|
|US West||Trial 1||59||ms||56.92||mbps||11.69||mbps|
|Comp to Bench||+51||ms||55.89%||89.71%|
|Comp to Bench||+334||ms||11.26%||52.98%|
|Comp to Bench||+360||ms||8.25%||16.61%|
|Hong Kong||Trial 1||346||ms||16.11||mbps||7.45||mbps|
|Comp to Bench||+337||ms||14.00%||43.26%|
|Speed Tests – ZorroVPN – Mobile|
|No VPN||Trial 1||11||ms||74.86||mbps||14.48||mbps|
|US West||Trial 1||87||ms||10.16||mbps||13.23||mbps|
|Comp to Bench||+79||ms||14.17%||90.78%|
|Comp to Bench||+323||ms||7.88%||61.47%|
|Comp to Bench||+359||ms||6.31%||58.41%|
|Hong Kong||Trial 1||351||ms||7.02||mbps||7.85||mbps|
|Comp to Bench||+347||ms||10.40%||62.39%|
The US West servers seemed like the only ones tested that met broadband speeds. It’s worth noting that AES-256 was the encryption being used. AES-256 is strong encryption, however, it has higher overhead than some others. This could make the speeds seem slower than other tests for that reason – especially on a mobile device because the processors in such units typically have a hard time keeping up with the on-the-fly encryption. If you’re downloading or streaming, your selection of fast servers may be a bit limited due to the slower connections I was experiencing.
The connection seemed to struggle a bit during stability tests as it would hang on “authenticating” for almost a full minute when switching from Wi-Fi to LTE, but the connection did remain stable afterwards and was quick to reconnect when jumping back to Wi-Fi. This could be more of a Carrier thing than a VPN thing, but it’s worth a mention.
Getting support: There were a ton of options to choose from their support page; a support text window that you could submit your question on the site from, Email (with a PGP key), XMPP (chat), ICQ, Skype, and Twitter.
Typically when getting to this point in my review, I’ll have a lot of questions for support regarding why their configurations are screwy and so forth, but I had to strain to think of a question to ask them to really present a good challenge. So far, we’ve seen some slow speeds on international servers, so that’s what I decided to ask them about. I used both the site’s form and even decided to test the chat option to see how long it might take to get a response.
To my surprise, only 5 minutes after I sent the chat message I got a response (I was planning to leave it on overnight to see when they actually replied). The individual responding gave knowledgeable answers about why the servers might be slow (typical reasons I expected were brought up, ranging from simple proximity to them, to the protocol used to connect (UDP is faster than TCP for example). The support rep seemed to be reasonably knowledgeable.
As far as my support ticket I had sent by email, during the course of the conversation in chat, I had a response arrive with a playful, “it’s answered in jabber” (in chat). Fine with me!
I went on asking a few more general questions, and they were all answered quickly and professionally.
Getting a refund: I waited until the next morning to submit a refund request using the website support form. I received a reply a few hours later, asking if there was anything wrong with the service, but not necessarily being pushy. I responded that I was just trying out a few different services and that I’d just like a refund. I waited most of the day until evening and then created a follow up chat session and sent a follow up email. I got a response about an hour later with my refund. Support seemed to be most responsive either morning or evening time in the western US and slower during the day.
“We guarantee no logging any user’s activity.”
Ideally, we’d see more about their logging policy with regards to DNS requests and connection logs (timestamps, IP addresses, and bandwidth) to be comfortable that their policy was that truly nothing was being logged.
Thankfully, their terms and policies are quite simple, spanning only a page or so. Clear and reasonable almost all the way around, a welcome change from SaferVPN’s novel-length pact with the devil.
Final thoughts: I was pleased to find a smaller VPN company that seems to be on the ball in a lot of important areas. Installation and configuration is expertly handled and surprisingly simple and flexible (other companies take note, I can’t stress enough how much I want to see more dynamic .ovpn file generators!). Support was speedy and helpful, and their terms weren’t insulting or overly complicated. My only real concerns were some slower international servers which could make downloading and streaming kind of a drag, and the relatively high price tag. I’ve used a lot of VPNs in the last 6 months alone that serve as good points of reference. Based on its fairly responsive support (in the mornings/evenings in western US), elegant site design, and file config generator, ZorroVPN shows some promise and might be worth at least trying out through their refund period if you think your use case and threat model are compatible. Bottom line – I’ve used better, but I’ve also used much worse.
|FROM THE VPN COMPARISON CHART|
|JURISDICTION||Based In (Country)||Seychelles|
|Freedom Status||Partly Free|
|Logs DNS Requests|
|Logs IP Address|
|ACTIVISM||Anonymous Payment Method|
|PGP Key Available||Yes|
|Meets PrivacyTools IO Criteria||No|
|LEAK PROTECTION||1st Party DNS Servers||Yes|
|IPv6 Supported / Blocked||No|
|Supports TCP Port 443||Yes|
|Supports SSL Tunnel|
|Supports SSH Tunnel|
|Other Proprietary Protocols|
|PORT BLOCKING||Auth SMTP|
|SECURITY||Weakest Data Encryption||AES-256|
|Strongest Data Encryption||AES-256|
|Weakest Handshake Encryption||RSA-4096|
|Strongest Handshake Encryption||RSA-4096|
|AVAILABILITY||# of Connections||3|
|# of Countries||49|
|# of Servers|
|WEBSITE||# of Persistent Cookies||0|
|# of External Trackers||0|
|# of Proprietary APIs||0|
|Server SSL Rating||A|
|SSL Cert issued to||CloudFlare|
|PRICING||$ / Month (Annual Pricing)||$10.00|
|$ / Connection / Month||$3.33|
|Refund Period (Days)||7|
|ETHICS||Contradictory Logging Policies|
|Falsely Claims 100% Effective||Yes|
|Incentivizes Social Media Spam|
|Requires Ethical Copy||No|
|Requires Full Disclosure||No|
|AFFILIATES||Practice Ethical Copy|
|Give Full Disclosure||No|
If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.