VPN services typically promote themselves for online security and anonymity, and access to geo-blocked content. And they typically brag about not keeping logs, high download speed, and diversity of server locations. Location diversity isn’t just a bragging point. That is, to maximize speed, one picks the nearest server that isn’t geo-blocked. So with lots of locations, there’s a better chance that some random user will find a nearby fast server.
Sometimes, though, the nearest server that isn’t geo-blocked is still on another continent. With that in mind, to provide better performance, some VPN services also offer virtual locations. That is, servers that aren’t located where they seem (more about that below). For example, a server may have a US IP address, and so provide access to US-only content. But it’s actually located near the user, or in some intermediate location, with good connectivity to both user and content server.
There are other reasons to care about where VPN servers are located. For example, some don’t want to use servers that are located in dangerous countries, fearing that they might be compromised. And so they would prefer virtual locations, that provide desired IP addresses without physical exposure. Also, with virtual locations, physical server locations are somewhat obscured.
However, different users have different ideas of which countries are dangerous. Some users consider the US and its close allies to be dangerous (see Five Eyes), having seen NSA stuff that Snowden released. But others prefer US servers, because there’s no legal requirement to retain logs.
Another obvious issue is money. For serving a given user base, it arguably costs less overall to run high-capacity servers in a few locations instead of low-capacity servers (or even VPS) in many locations. Although high-capacity servers do cost more than low-capacity servers, capacity vs price doesn’t scale linearly. One issue is fixed OS overhead. Another is fixed hosting overhead, which affects pricing.
There’s also the fact that using virtual locations allows VPN services to appear larger and more popular than they actually are. Even leasing the lowest-capacity servers that data centers offer, it’s unlikely that small VPN services could afford hundreds of them. But by using virtual locations, they can fake it. And that works both for new VPN services that are growing, and for established ones that are contracting.
Bottom line, there are pros and cons to virtual locations. For both VPN services and users. But the key point is that users deserve to know where VPN servers are located. And if there are virtual locations, they should be accurately disclosed.
More generally, trust is a huge concern in using VPN services, notably, with log retention. Users can measure download speed, they can verify access to geo-blocked content, but they have no insight into log retention – except when VPN users get busted. And it either comes out that logs were produced or that there were none to produce.
While both HideMyAss and VyprVPN disclose their use of virtual locations, there’s still a serious lack of transparency. I found that locations for over half of HideMyAss and VyprVPN IPv4 addresses are almost certainly virtual, and neither substantively discloses the number or identity of virtual locations.
And it’s not just that virtual locations aren’t disclosed. It also appears that many of them share a few actual locations. For example, I find that 30% of VyprVPN’s IPv4 addresses are in or near Nuland, NL. And that 11% of them are in or near Singapore, SG. None of them are disclosed as virtual locations.
That’s also the case for HideMyAss. I find that 12% of its IPv4 that aren’t disclosed as virtual locations are in or near Nuland, NL. Also that 13% of them are in or near Prague, CZ; and that 9% are in or near Vancouver, CA.
Colocation is also an issue for disclosed virtual locations. For example, 59% of IPv4 for Surfshark’s disclosed virtual locations are in or near Nuland, NL. Also, 23% of IPv4 for PureVPN’s disclosed virtual locations are in or near Nuland, NL; and 22% are in or near Los Angeles, US. The key difference, though, is that Surfshark and PureVPN have disclosed these virtual locations, so users can choose.
As they say, “Lie to me once, shame on you. Lie to me twice, shame on me.”
If VPNs aren’t being honest about their servers, what else are they lying about?
Discovering Server Locations
One might think that it’s simple to discover server locations. There’s public data about server ownership (whois) and about supposed geographical locations of IP addresses (various databases, available through “what’s my IP?” sites). However, it turns out that those published geographical locations don’t necessarily correspond to actual server locations. Indeed, they aren’t actually used for anything! I’ll say more about that below.
So no, it’s not simple. However, using services intended primarily for monitoring web server reachability, we can ping VPN servers from probes in numerous locations. The ping utility measures the delay (round-trip latency) between sending test packets to another device through the network, and receiving replies. It reports simple statistics (latest value, minimum, maximum and average) and packet loss. Intermittent transmission delays can increase latency, so the minimum round-trip time (“minrtt”) is the most reliable measure of round-trip latency.
In doing this project, I collected over 250,000 ping measurements. That was necessary in order to find a ping probe for each server IPv4 address with minrtt under 100 msec, and ideally under 10 msec. But more about that later.
One might think that the probe with the smallest minrtt is closest to the server. However, there’s considerable uncertainty, because many factors affect site-to-site latency, and geographic distance is not necessarily the major one. In particular, the number of routers involved matters more than distance. And so triangulating locations using ping minrtt is entirely unworkable.
Even though we can’t reliably discover exactly where servers are located, we can test whether claimed locations are physically plausible.That’s because ping minrtt can be no less than twice the product of the great circle distance between probe and server, and the speed of light. All other factors that affect round-trip latency can only increase it. None of them can reduce it, for a given geographic distance. So if the calculated maximum signal transmission speed is faster than the speed of light, there must be an error in the location of the server, the location of the probe, or both.
How Virtual Server Locations Are Possible
The details are complicated, and outside the scope of this post. But basically, there are three levels of information about servers, and where they’re located. And they’re handled by different organizations, which don’t enforce consistency.
The bottom line is that a VPN provider can exploit lack of coordination among Internet organizations to hide the true locations of its servers. That is, a VPN provider can lease IP addresses owned by numerous ISPs, nominally located around the world. But it can announce them through the ISPs that actually provide Internet access for its servers. So traffic goes directly to them, regardless of the nominal locations of those IP addresses.
Autonomous systems (mostly ISPs) obtain IP addresses from Regional Internet Registries (RIRs). And the registrations do specify geographical locations. When firms configure their servers, they setup accounts with one or more ISPs, and lease IP addresses from them.
Independently, firms register domain names with various domain name registries. They provide organizational and contact information. And they also specify name servers, which map their domain names to IP addresses that their ISPs have delegated to them. The Domain Name System (DNS) hierarchy collects that information from name servers, and makes it generally available.
OK, so your machine discovers the IP address for some domain name, and initiates a connection. So then your ISP needs to know how to reach it. Its nominal geographical location doesn’t help. The ISP needs to know the best path, from router to router, across the Internet. It starts by discovering the autonomous system number (ASN) of the ISP that handles traffic for that IP address. Then it asks that ISP for directions, and gets a border gateway protocol (BGP) advertisement, which specifies the shortest router-to-router path.
But here’s the catch. When a firm arranges Internet connectivity with its local ISP, it can announce IP addresses that it’s leased from other ISPs, if those other ISPs agree. And then its ISP advertises the shortest router-to-router paths to the firm’s servers. So the ISPs that actually own the IP addresses aren’t involved in routing traffic.
Scope and Key Findings
I looked at OpenVPN servers for eight of the most popular VPN services, some of which claim thousands of servers, in hundreds of locations.
- ExpressVPN: “3,000+ VPN servers”, “160 locations”, “94 countries”
- HideMyAss: “We’ve got 1000+ VPN servers in 280+ locations covering 190+ countries around the world”
- NordVPN: “Choose from over 5,100 NordVPN servers in 59 countries and enjoy the fastest VPN experience.”
- Perfect Privacy: “… in 26 countries”, “Cascading of multiple VPN servers”, “No traffic limit”
- PureVPN: “Our global network of 2,000+ strategically placed servers helps you overcome any restriction.”
- Surfshark: “1,040+ servers in 61+ countries. … Strict no-logs policy”
- VPN.ac: “Affordable”, “Very fast and reliable”, “Multiple countries: 21 (VPN) …”
- VyprVPN: “more than 70 countries around the globe”, “over 200,000 IP addresses”
I relied only on location information provided by VPN services, on their websites and in OpenVPN configuration files. Six of the eight VPN services disclose locations at city level for 98%-100% of server IPv4 addresses. But ExpressVPN discloses city-level locations for just 65.0% of server IPv4, and NordVPN discloses no city-level locations.
Four of the eight VPN services disclose at least some virtual locations: ExpressVPN, HideMyAss, PureVPN and Surfshark. Although those disclosures seem accurate, as far as they go, this post will focus on server IPv4 that are not disclosed as virtual locations. While VyprVPN discloses that it uses virtual locations, it does not say which locations are virtual.
It appears that five of the eight VPN services have disclosed all or nearly all of their virtual locations:
- Perfect Privacy
Three of those (NordVPN, Perfect Privacy and VPN.ac) disclose no virtual locations, and I see no substantial evidence for any. For all five VPN services, location plausibility (share of server IPv4 addresses with apparent ping velocity under 80% lightspeed) is greater than 95% for reportedly non-virtual locations. In other words, these five VPN services have disclosed all or nearly all virtual locations.
However, location plausibility for PureVPN is only 81% for locations not disclosed as virtual. But it’s at least arguable that the errors are inadvertent.
Conversely, VyprVPN and HideMyAss are in another league entirely. For them, less than half of reportedly non-virtual locations are physically plausible. Using 80% to 100% lightspeed as the ping velocity cutoff, just 48%-51% of HideMyAss IPv4 are physically plausible. And just 41%-48% of VyprVPN IPv4 are physically plausible.
That’s summarized in the following table. It shows: 1) total IPv4 addresses that I found for each VPN service; 2) percentage disclosed as virtual locations; and 3) percentage of locations not disclosed as virtual with apparent ping velocity greater than 80% of the speed of light (which makes them physically implausible).
Histograms of ping velocity relative to the speed of light show these differences more quantitatively.
Sensitivity to Cutoff for Ping Velocity
We know that ping velocity can’t be greater than the speed of light in a vacuum. And we know that radio links through air are almost as fast, and that the limit in wire and fiber is on the order of 70 percent lightspeed. Although we don’t know the mix of link types, it’s arguably mostly fiber for long distances, microwave for intermediate distances, and fiber or wire for short distances.
As a sensitivity test, I looked at how the choice of ping velocity cutoff affects location plausibility assessments. In the chart below, you can see that the key results are not affected by the choice of ping velocity cutoff. The eight VPN services fall into three groups: accurate about virtual locations (ExpressVPN, NordVPN, Perfect Privacy, Surfshark and VPN.ac); less accurate (PureVPN); and inaccurate (HideMyAss and VyprVPN).
Sensitivity to Accuracy of Location Disclosure
Although virtually all NordVPN locations are physically plausible, none of them are disclosed at city level. For large countries, that’s not at all accurate. When the lowest minrtt probe is in the same country as the VPN server, one must assume that it’s in the same city, so the distance is zero. And otherwise, one must estimate distance from the probe to the nearest border of the VPN-server country. That’s also an issue for 35% of ExpressVPN server IPv4 addresses.
However, differences in location accuracy don’t substantively affect the key results.
I explored the issue in two ways. First, I simply ignored city information provided for VPN servers. And second, I used location information from Regional Internet Registries (RIRs) to supplement provided city information. Using city information from RIRs decreased location plausibility to 94% for NordVPN, but had little effect for ExpressVPN. Conversely, ignoring city information increased location plausibility to 100% for Surfshark, Perfect Privacy and VPN.ac, but had little effect for ExpressVPN. For PureVPN, ignoring city information increased location plausibility from 81% to 88%.
Virtual Locations Appear Clustered
Disclosed virtual locations and physically implausible locations (which are arguably undisclosed virtual locations) are apparently often colocated. This is easiest to see in scatter plots of reported probe-server distance vs observed minrtt. IPv4 for physically plausible locations fall under a line at 80% lightspeed, and generally in the 30%-50% lightspeed range. In these scatter plots, I use log (minrtt) as the X axis in order to spread out the low range, which is most interesting. And so the lightspeed curves show up as exponential, rather than as linear.
It’s not surprising that virtual locations are clustered, because there aren’t that many data centers (DCs) with connectivity to Internet Exchange Points (IXPs) and so to multiple networks. Also, IXPs themselves are often clustered, and are associated with a few nearby DCs and colocation facilities.
For PureVPN locations not disclosed as virtual, most of the physically implausible IPv4 are apparently colocated with disclosed virtual locations. That is, they fall in columns near particular minrtt values, with wide ranges of reported probe-server distance. Each column comprises data for just one probe location.
Analogous columns are evident in the Surfshark data, for disclosed virtual locations.
As with virtual locations disclosed by PureVPN and Surfshark, most physically implausible HideMyAss IPv4 also fall in columns near particular minrtt values, with each column comprising data for just one probe location.
Analogous columns are evident for physically implausible VyprVPN locations.
It’s not always so obvious in the charts how many IPv4 appear in each apparent cluster. Because there’s lots of overlap. I identified ten apparent clusters, with hundreds to thousands of IPv4 each.
For the other six VPN services, there are few IPv4 above the 50% lightspeed line, and no such columns are evident. For ExpressVPN, there are a few physically implausible IPv4, but they’re not in columns.
Similarly for NordVPN.
There are no physically implausible IPv4 for Perfect Privacy.
And just a few for VPN.ac, with none in columns.
For example, I find these apparent clusters for virtual locations disclosed by PureVPN and Surfshark. The “Actual Location” column corresponds to the ping probe with the lowest minrtt. The “Share” column shows the share of disclosed virtual locations.
I also find apparent clusters for locations not disclosed as virtual by HideMyAss and VyprVPN. Here, the “Share” column shows the percent share of all locations.
Perfect Privacy connects to its servers by IPv4 address. But the other seven use hostnames. For them, I performed DNS lookups, using the Linux “host” utility, to get corresponding IPv4 addresses. Many hostnames resolve to multiple IPv4 addresses, and those might represent different servers, located in different data centers. And so, to ensure consistency, I collected ping data by IPv4, rather than by hostname.
This table summarizes information about IPv4 addresses. The “Textual claim” column is based on the website quotes at the beginning of the section “Scope and Key Findings”. Most VPN services don’t list numbers of server IP addresses. Given that, the IPv4 counts here assume at least one IPv4 address per server or location.
The two columns under “From server data” are based on server lists, names of OpenVPN configuration files, and/or server hostnames. The “Virtual” column shows IPv4 for locations disclosed as virtual, and the “Other” column shows the rest.
However, there may be multiple servers behind each IPv4 for load balancing. Therefore discrepancies between these numbers and quotes from VPN websites aren’t necessarily problematic.
The “Plausible” column under “From ping data” shows the percentage of IPv4 for reportedly non-virtual locations that are physically plausible, based on the ping data that I’ve collected, using 80%-90% lightspeed as the ping velocity cutoff.
For HideMyAss, NordVPN, Perfect Privacy, and VPN.ac, I find numbers of IPv4 addresses and locations that are more or less consistent with claims on their websites. For Surfshark, I find substantially fewer IPv4 addresses than expected, if each server has at least one IPv4 address.
But for ExpressVPN and PureVPN, I find only 13% of expected IPv4 addresses. And for VyprVPN, just 0.04% of expected IPv4 addresses. Using published hostnames, I did multiple DNS lookups for all three, over the course of a week or so. I also did that for HideMyAss. That yielded a slowly shifting set of IPv4 addresses for ExpressVPN, PureVPN and HideMyAss, but no substantive change in the address counts. And for VyprVPN, I consistently got the same 73 IPv4 addresses.
However, this is not the focus here. I mention it only to be as clear as possible about what IP addresses I’m reporting results on. Because I obviously can’t say anything about IP addresses that I didn’t test.
There are many reasons why I wouldn’t have detected and tested some IP addresses. I’m using an IPv4-only uplink, and so I can’t see IPv6 addresses. Also, there could be numerous servers behind each public IPv4 address for load balancing. And there may be numerous IP addresses that users can’t see, because they’re used indirectly as exits, to evade censorship and access geo-restricted content.
For each VPN server IPv4, I made an effort to find a probe with minrtt under 100 msec, and where possible under 10 msec. I used three ping-testing services: Ping.pe, CA App Synthetic Monitor (CASM), and MapLatency. Initially, I used headless Chrome to collect data from Ping.pe for each IPv4. That typically yielded data for 20-25 probes for each IPv4, depending on which probes were up, and which could reach the IPv4 being tested. Most IPv4 were unreachable from the 13 Ping.pe probes in mainland China.
I analyzed the Ping.pe data, and selected IPv4 where the lowest minrtt was greater than 10 msec. I then collected data for those IPv4 from CASM and MapLatency, accessing their APIs using headless Chrome. Over 60 “monitoring stations” are available through the CASM API. The MapLatency API provides access to thousands of probes, running on PCs, Android mobile devices, and DD-WRT routers worldwide. Given that, pinging each IPv4 from each probe would have been expensive and time-consuming. And also unnecessary. So for each IPv4, I selected nearby probes.
In selecting which ping probes to use, I relied on both claimed locations (from VPN service websites, names of OpenVPN configuration files, and server hostnames) and RIPE data reported in the Ping.pe tests. On average, I collected about 30 ping measurements overall for each IPv4. For those IPv4 where the initial Ping.pe run yielded a minrtt under 10 msec, there were as few as 20 measurements. And for those IPv4 with no low minrtt in the Ping.pe data, which were typically not in major cities, there were as many as 50 measurements. I identified probes with minrtt under 10 msec for 74%-96% of the IPv4 in the various VPN service datasets.
To check for mislocated ping probes, I extracted all ping data for probes that indicated an implausible location for any IPv4 in my analysis of minimum minrtt data for ExpressVPN, HideMyAss, NordVPN and PureVPN. Charting server-probe distance vs minrtt, much of the data lies well above the 50% lightspeed line.
However, if I drop the IPv4 with implausible locations, the data mostly falls under the 50% lightspeed line. So the probes that I’m relying on to identify implausible IPv4 locations don’t themselves have implausible locations.
More Evidence for Clustering of Virtual Locations
In scatter plots of reported distance vs observed minimum minrtt, most physically implausible IPv4 fall in columns near particular minrtt values, with each column comprising data for just one probe location. That’s also true for virtual locations disclosed by PureVPN and Surfshark. If the IPv4 in each column are actually colocated, they should also be clustered for other probes, and not just for the one with minimum minrtt.
I looked at four apparent clusters with minimum minrtt for probes in Nuland, NL: HideMyAss and VyprVPN clusters in non-disclosed virtual locations, and PureVPN and Surfshark clusters in disclosed virtual locations. I pulled data for each set of IPv4 from the full ping minrtt dataset, and charted server-probe distance vs minrtt.
For PureVPN, the same IPv4 cluster is more or less evident for probes in numerous cities, in Europe, North America, Asia and Australia. Scatter increases for more distant probes in Europe, but then is less for most probes in North America. Tokyo and Sydney are so far away from the virtual locations that the cluster collapses.
The result for Surfshark is similar, but there’s less scatter in Europe, and less cluster collapse in Tokyo and Sydney.
That’s also the case for HideMyAss undisclosed virtual locations. While there are many more of them, the cluster remains more generally well defined.
The results for VyprVPN undisclosed virtual locations looks a lot like that for PureVPN virtual locations, but with far greater distance shift.
It does appear that the IPv4 in each apparent cluster are actually colocated. Although there’s some scatter, many different probes show the same sets of IPv4 in columns. And the minrtt for each cluster generally increases with distance.
Assuming that each of those four apparent clusters are actually colocated in Nuland, I get a much simpler plot of server-probe distance vs minrtt.
Results for probes in the various regions are segregated. For Europe, there’s a group spanning 1-30 msec: Nuland, NL; Bochum, DE; Paris, FR; Nuremberg, DE; and Milan, IT. Then there’s a gap across the Atlantic, with apparently much faster transmission. I’m guessing that trans-Atlantic cables don’t have many routers. Next there are groups for eastern and western North America, with faster transmission than Europe, but slower than across the Atlantic. That probably also reflects router density. Last, there are jumps to Asia and Australia.
The fact that distances for Asia are only a little greater than those for western North America is at first surprising. Because the width of the Pacific Ocean is well over 10,000 km. But the minimum great circle distance between Nuland and Asia is only 6,000-8,000 km, heading eastward from Nuland. Even so, ping traffic, for whatever reason, clearly headed westward from Nuland, and across North America.
To wrap things up, here is an overview of my work for this article and the general findings.
- I collected over 250,000 ping measurements for OpenVPN servers from eight of the most popular VPN services.
- There are pros and cons to virtual locations. But even so, users deserve to know where VPN servers are located. And if there are virtual locations, they should be accurately disclosed.
- VPN providers can exploit lack of coordination among Internet organizations to hide true locations of their servers.
- While it’s nontrivial to reliably geolocate servers, we can test whether claimed locations are physically plausible. That is, if the calculated maximum signal transmission speed is faster than the speed of light, and locations of ping probes are known accurately, there must be an error in the location of the server. And server locations that aren’t physically plausible must be incorrect. Or in other words, virtual.
- Three of those VPNs (NordVPN, Perfect Privacy and VPN.ac) disclose no virtual locations, and I find no substantial evidence for any.
- Four of the eight VPN services (ExpressVPN, HideMyAss, PureVPN and Surfshark) disclose at least some virtual locations.
- VyprVPN vaguely discloses that it uses virtual locations (in a 2017 blog post), but says nothing about their number or identity
- Virtual locations seem to actually be clustered in a few cities.
- Overall, five of the eight VPN services (ExpressVPN, NordVPN, Perfect Privacy, Surfshark and VPN.ac) have apparently disclosed all or nearly all of their virtual locations.
- Over (59%) of Surfshark’s disclosed virtual locations seem to be in or near Nuland, NL.
- While PureVPN discloses that 49% of its locations are virtual, another 10% are arguably virtual.
- Almost half (45%) of PureVPN’s disclosed virtual locations seem to be in or near two cities (Los Angeles, US and Nuland, NL).
- HideMyAss discloses that 5% of its locations are virtual, but another 48% are apparently virtual.
- VyprVPN specifically discloses no virtual locations, but 59% are apparently virtual.
- Most of VyprVPN’s undisclosesd virtual locations (41% out of 59%) seem to be in or near two cities (Nuland, NL and Singapore, SG).
Just want to add something about virtual servers in Surfshark. It seems that they mixed virtual servers and real servers in their South Korea nodes, many times I got a South Korea IP but the physical location of the server is in Hong Kong….
Although I am totally fine with virtual servers, still a bit disappointed about the fact that they mixed virtual servers with real servers which made it like playing the lottery.
Just wonderinh which vpn service you use
I use primarily NordVPN, Perfect Privacy, and Surfshark on various devices.
I’ll agree it’s not wise to rush into something new and for tweaking things that appear to work, as so with their working on your site for now. I’ve witnessed in parts, of your sites time-line as the changes that have taken place here over it’s and my time together.
Yes Sir ~ I appreciate the RestorePrivacy.com for it’s promise…
“Giving you the tools and information you need to restore your privacy, secure your devices, and stay safe online.”
The articles covering a Company/Business – – An ‘Official Response Area’ of your article posts are still in need as to giving a fuller rounded out experience for your readers. – – (‘ORA’) could ensure that of your sites promise.
[Not as a square slotted peg themed (bashing /or/ review 4 profit site) we’ve seen in of the others, that’s where they fit all commented ideas in as for one negative/positive view – as no expansion being given for any geometric characteristics to ideas being sought out for display.] Reddit comes to mind.
Then, I don’t wish we would ever see this again of RP being seen viewed as in this light. [https://restoreprivacy.com/startpage-system1-privacy-one-group/#comment-60520]
Last time, I’ll bring this suggestion forth to show an empty Official Reply box (ORA) before your readers comment section with a (cross-angled) OFFICIAL REPLY pasted there – till an official word has been given to you.
As so, either it’s seen first by the readers or shows the actual concern level of a company to your review or as news where it’s Co has been named and you’ve called out for our attentions to things not so as it’s advertised…
For now, a more appropriate route might be to make a draft of an outline for the site’s future look as the roadmap in 2021 becomes realized.
* It’s so human nature to find fault and displeasure in things and voice up against it. Let do we give the same weights in our practice – to any fulfilled pleasures we’d had experienced in with it. NO !
In nature it takes the destruction route (fire-flood) for new growth and live to come on the scene. Maybe enough (bashing sites) can change a companies bottom line enough for a change within to it’s survive.
*I prefer an much open healthier platform as my route to hearing of the facts and in the discussions of any changes within these privacy centric businesses.
As always here to help you out – Sir ; )
Thanks – I will answer but not present this again………….
@the reply button broken apparently.
First to J.M. the help from you I only meant as your doing so now basically.
[Take an interest of a topic, do research some on it and offer your factual helpful input.]
There is a benefit to everyone seen by the RP site in sharing what one can find out, on top of then known facts as relayed by the site.
Sven, I remember it (your link) – as well enjoyed that avenue opening up – for a short while there.
That’s one route for sure – as we need more avenues to hear from these privacy centric companies.
My suggestions would be show to these companies and businesses that your fair and want only the truth of facts represented on the Restore Privacy site.
That their officially stamped input could set the record and discussions to a fuller sense than to having it without them or no official response given.
1st step would be the page layout should offer a box for an official company/business response area of any reviews or articles which are given on the RP site.
2nd step would be to stimulate a response of the company/business in the points you’ll focus on for their official word or stance in/on the matter.
*You may need some volunteers to contact said company(s) to help incite their interests to deliver an official word.
This all prior to the publicly posting of your work.
Very young – I found out if my step brother told his dad on me it was worst than if I told his dad personally that I’d screwed up.
In other words, your story by your own words is more personal than hearsay in the matter. Thanks gentlemen…
Thank you Sir. I did not and do not expect more or demand any special access or treatment. As far as what I do now, it isn’t much and I am no expert by far 😃.
Well sure J.M. – same here.
I find that in someone’s problem or a topic here that interests me enough to study it. I learn too.
This takes hours sometimes in research – to hit close to answer for them if not a solution.
Topics I’ll play catch up to understand what’s seen elsewhere on the web about it.
These traits if nothing else tunes and hone’s my skills. I don’t think everyone knows everything, but each may hold a piece needed. Then different views of people helps to find right perspectives to solutions.
[Had to use mobile side 4 direct reply here – DT reply = none]
Redacted – please forgive:
“It would be a very interesting feature on this RP website to host a,
“Meet the Tech” portion. Where it’s possible in reaching out to a CEO or someone in their Co. relations for engagement with questions and comments in a segmented section where an official response given can be found.”
Excellent ideal J.M. and to somewhat controlling the reply’s controversy from becoming to lopped sided and uneven as being in a VPN Co. roasting party – than just a hard look under the surface at understanding it’s VPN blueprint of their business.
Yes, Open Up the conversation (by invite – if need be) for the VPN providers (in this case) as to their own response(s) in the matter… Sven could give any company a heads-up of an article that’s posting on the RP site for an official Co. response.
That could simply be an email to their support or sales staff for an articles clarification or rebuttal, prior to it’s posting, or a link if it’s afterwards.
Sven’s effort would put the ball in their courts then to respond officially.
If we’d see an official response to Sven’s posted Topics, we may be answered as well directly to our own raised questions we’ll surely have.
Flashback – “I know the discussion has been that you can unlock other materials by using a VPN but when I log on in other countries, it all looks the same to me”. (Ha Ha ya got me rollin – think outside our US box to see it clearly).
Basically my understanding – it’s associated to the worlds geo-locations VPN’s are offering users too.
VPN’s can present you with an in-country presence, even if the server is physically located elsewhere. Think streaming services, repressive regimes as but two types of users a VPN attracts for geo-location purposes.
*The Internet as a key, wherein our physical drawn country borders are intangible by any network arguments or if you will – impalpable, abstruse shadows made possible by a VPN service server tunnels.
EX: A user in China, may not normally be able to access a controversial local and/or world newspaper, but apply the online web with a VPN, that physical drawn border that keeps the NEWs in the newspapers out of China – – does not really exist now.
Same China user now wishes to stream US or Brit audio/video contents – which a VPN allows unlocking other materials worldwide by using a different VPN server to the geo-location where the materials being locked behind.
Possible now – as the chosen server location is appropriate to that geo-region.
So as you see, you can unlock material in a country that’s restricted to you by just living there, or (flip the coin) unlock material from a country that you live no where close too.
They say the same concept applies to networks. Hence, the gray area has risen as we’ve know in virtual servers that VPN’s use.
A network need not be in a country if it can directly connect with that country’s networks effectively. Hum ! ! !
*Raises the questions of many – specifically of ‘configuring systems and peering with who’s networks’ – applying to the Virtual Server which appears to be housed in that location VERSUS a physical bare metal server housed in that location.
All sounds like outsourcing of its server infrastructure to other companies – – in a fashion importantly leading to NOT One company’s access in your data… but many being possibly involved.
Great Stuff to know about in forking over money for a privacy service.
Good points. I see what you are saying in regards to the closed internet, so thank you for clearing that up for me.
I wonder if @ Sven has seen this suggestion? It may put a lot more work on him though and he is already strapped for time, so this may be something he has another helper run, I don’t know. But what you said is key. The only way to have a deeper understanding from these companies is to allow the company and the consumer speak in a way that builds. There are many, and even on this site, that live to attack or put down that which is not their favorite or what they think. Although I do believe that this is greatly curtailed here but there have been a few comments that there are baseless claims with no evidence to back it up.
Good thoughts, HardSell.
Yep, it’s an interesting proposition and I’ll see if I can make something like that happen.
Sounds good. But please do not put yourself out as you have a lot going on right now.
Yep – lets go then.
I’m sure J.M. is interested to help out as well – so just let us know what we can do. Anyone else got an interest and a little bit of time ?
When your not in the conversation especially when it’s about you, is not the best policy for a review site to offer it’s readers. Though in any companies review here, the Co personnel are free to leave their comments here just like anyone has done – their not just anyone though.
But pictured in the spot light under the microscope very often.
Even should they don’t respond, the page layout should offer a box for an official reply area anyways – like after your Conclusion of an article and before the first comments area.
Too, invite these Co spoke persons to hangout for a month or two in giving future follow up reply’s on newer comments made.
@HardSell and @Sven,
I would be interested in helping. It depends on a lot, namely time, commitment required, and what will be needed to do a good job.
As it is, there is a lot happening on my end and I would hate to take something and not be able to fulfill my end.
I guess just let me know and we can start from there.
Well we kind of did this before with Matthias Pfau, co-found of Tutanota, when he wrote a blog post for us on PGP and was available to answer questions in the comments (for about a week). See here:
The issue IS the virtual servers.
Question, if the company will either lie or twist the truth about their servers, are they honest?
Question, if they are not honest, can they be trusted when they say your location is masked?
There is the issue. While I love seeing new articles and updates, I want to also know the facts. A company may say you are hidden, all the while laughing as they are selling your identity and location.
Why pay then? Just go without. However, the fact that VyperVPN and others brag about their infastructure, yet it is mainly smoke and mirrors, what am I trusting anyway?
I’m biased of VyprVPN (they have my money), been a pretty fair service so far! (Mid-West US) using it’s local servers 600-1500 radius.
You say- ‘However, the fact that VyprVPN and others brag about their infastructure, yet it is mainly smoke and mirrors, what am I trusting anyway?’
Let me say – VyprVPN’s Virtual Server Locations are different than the rest of the VPN providers (this list or another) as they’ve stated the facts with all their servers-
Our approach is unique in the VPN industry – we own, engineer and manage our VPN servers so we can deliver fast and reliable connections. Other VPN providers use 3rd-party companies to host their VPN servers. We don’t. We are the only company who handles your data so your privacy and security are protected from end-to-end.
We own and operate 100% of our VPN server infrastructure to deliver fast and reliable connections.
No 3rd Parties, as we own and operate 100% of our VPN server infrastructure to deliver fast and reliable connections.
Sir @ That assures me I’m dealing with one company’s access in my data. Though their Virtual Server Locations may be in a different location than the stated, their not relying on any outside hosting companies for servers or network services.
Which allows them 100% control over their infrastructure so I can feel protect and maintain my users’ privacy.
VPN.ac is the only other provide I think to own and control 100% of their infrastructure. Thanks
In one way, I stand corrected based on what you said.
What I said was not an attack on you or your preferences.
I had planned on a longer response but because it could have been miss-interpreted, I will just say that my opinion is that a VPN should be forthright in what, if any, number of their servers are virtual.
It is not a challenge on their service or quality. So of that was what was thought, that is not it. Just the secrecy behind quietness.
No, I didn’t see your reply as an attack in anyway – a discussion is all it was of a tender area in some VPN provider companies that’s offered up today in 2020.
We are good as I see it, and both as (treading lite), in being right of (experienced) VPN users in our own perspectives of the co’s used.
It may interest anyone using a Swiss based VPN to know a law in 2017 makes Switzerland a “cooperative” jurisdiction. This law, according to http://www.swissinfo.ch/eng/secret-service/42465282 allows the FIS to indulge in targeted surveillance, bugging of private properties, phone lines, and wiretapping computers, which were previously disallowed.
This article missed many other vital facts of these VPN providers ‘server areas’ in the companies looked at. Those details were not importantly being weighted up against the whole out come of this review to a VPN Virtual Server Locations. So seemed it’s an aim to evil and mistrust in purpose – not a deep understanding of why.
The Virtual Server Locations are needed for a global VPN service’s network reach, but we needed the why facts shown as in how each VPN provider looks at it’s virtual servers being deployed.
Well as being given knowledge of their own Co employment to (owned-leased) standards for doing so…of any server(s) tied to a VPN company’s business in 2020.
[We’ve seen how the “NordVPN Hack” having Nord and a data center pointing fingers at each other in a botched configuration on it’s third-party datacenter that they had leased a server from].
As this look into gives us, are Virtual servers even half as secure as bare-metal ones as they just deflect your VPN IPs, not to hosting them. VPN gateways on VPS/cloud instances are less expensive for huge VPN providers listing 1.000’s of servers – but at what security risks?
So, according to this thought any VPN’s virtual servers are dicey and will not gain our trust fully.
* Then is it possible today to get a VPN provider that writes it’s own code and host their own servers and DNS that doesn’t do any outsourcing of its server infrastructure to other companies ???
I am sorry but I am not sure if you are supporting, or not, virtual servers.
I will state just one part of my long response as we are discussing the merits of Virtual servers or not.
While virtual servers have its major benifits, from what I have seen, it also has major vulnerablilities.
As such, the notion that because a server is virtual, it is more secure is not necessarily true.
As far as the agreements of sharing info, all companies are required to comply by law. Just because there are bare servers, or virtual, doesn’t matter.
The other notion of Virtual servers is that it is running on a designated server set up as a VM. if hacked, the VM, by its nature can and will lead to other details of the host computer and the system itself.
Then we deal with the management of said servers. Both have their ups and downs, bit this article really captures some of the concern…security and privacy.
The issue is how the virtual server was set up, is it done correctly and what about having immediate staff to respond?
Again, this is just a quick note from my longer response and it is not an attack. Are there places and times a Virtual Server is more advantageous? Maybe. But the risks outweigh the benefits to me. YMMV of course. But a physical server also is worth its own weight in gold in other cases.
Forgot to add. As always appreciate the thoughts you have.
I know it’s an gray AREA (virtual servers) than can be abused.
I’m not supporting any virtual servers use, but they remain – so why not a deeply understanding given as to why a provider uses them and how many are being offered by each VPN service. Open the conversation up (by invite) for the VPN providers own response in the matter…
A necessary evil as it is then for that global reach of the VPN providers as their services are offered to all the worlds customers.
Better would be if they (VPN) offered specific choices in continent / region in their server subscriptions plans – instead of a world-wide choice of servers as one plan in general.
Take myself – I’m never (generally) going to surf from outside the US, so all I need is my real IP address hidden with another US IP address as a choice given to me – for a North America subscription plan.
VPN’s restricting it’s plan users to the regional subscriptions, I could see a growth in the demand of bare-metal servers coverage spreading as more choices per a city as per their demand is really realized in being offered.
Compared to Europe, Asia, Africa, South America, Australia, and Antarctica that benefits me not in a servers choice as explained above. If the regional subscription plans don’t deliver lower costs for users then the bare-metal servers per cities must be multiply by a VPN service.
I see your somewhat like I am – Ex- take the color purple, many people except it for purple as it was passed on or learnt by them.
That doesn’t mean they understand it to accept it in it’s full depth.
Just a general perception as the crowds norm to accept something.
We (you and I) look at purple broken down to see what makes the final item and the term of purple. Many don’t go beyond the surface of something… So gray areas are hard to unite in norms.
I gotcha. I couldn’t tell if you were saying the Virtual Server is better or not than the bare metal.
I do agree with you that the major downside to having physical bare metal servers is the cost. It is expensive! There is a computer store near me that has a server bank (just the shell) and they are wanting $250 for that alone. I could only imagine the cost of equipping it to do its purpose.
As far as localizing a service for subscribers is a very unique idea that I have not heard of before. I know the discussion has been that you can unlock other materials by using a VPN but when I log on in other countries, it all looks the same to me :). Then again, I have been known to be hard on technology (fried my wife’s computer four times and have gone through three laptops and two desktops along with about 5 phones, LOL!) so I may not be the best to ask about going too technical to begin with. Maybe the provider can offer a customizable plan and have a tier leveling depending on the number of servers and the locations. This would give the end user a lot of control over where their IP is spread and over how many. Then again, I may be dreaming.
I do believe you and I are alike in this regard and I agree with you. I like the illustration of purple.
Your comment as well, I think it would be a very interesting portion on this website to host a, “Meet the Tech”, section. Reach out to a CEO or someone in relations and have a segment here on this page where they can engage with and be engaged with questions and comments.
@Sven, I am not sure if that is doable, but it is just a thought that I think HardSell may be on to something. I would definitely set you apart for sure.
Thanks again for the thoughts, HardSell.
Boy, one can tell whom’s been visiting the site over time – this chap devotes negatives to stimuli the same…
Saying- “We just want the VPN to work” – – pay your money and take their word / if it’s a lazy way and factual lies you don’t wish to know any more truth in than with the VPN industry as a whole. That’s a real big VPN scheme and to the truth scandals as I see it of the players industry wise.