Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I conduct my reviews, my methodology, etc – here. More information on review badges here.

This review’s roll was #16 (at the time of the roll, BolehVPN)

Last Updated Mar 20, 2017

Signing up for the service: While signing up for BolehVPN service, I was pleased to see a healthy number of options available for service duration. The selection included a 1 day free trial, a paid 7 day trial, 1, 2, 6, and 12 months of service. The 1 day free trial is unfortunately only available upon request after providing a description of your intended use of the service. This is silly and I can’t think of any other service that asks for this information. The website it self felt fairly typical – fairly noisy with lots of features listed briefly throughout. Sign-up required providing user’s full name, email address, and a phone number. This is unacceptable from the standpoint of privacy. BolehVPN’s system requires you to manually activate your account after submitting payment, but after doing both, the user portal still indicated that my account was unpaid and not activated. I refreshed the page and the payment status showed properly, but I had to “activate” my account a second time by clicking a button next to the payment status indicator. It worked the second time, but I thought it was strange and worth a mention.



Configuring the service: The user panel on the site felt just a little bit cluttered, but I was able to find the download link for config files fairly quickly still. There were two links for downloading ovpn files, one with separate certs and key files, the other with them inline. This saved me from having to break them out or combine them manually for the Android tests, which was nice. It was no config file generator, but it was in the realm of “good enough”. To BolehVPN’s credit, the config files were descriptively named according to their primary function (streaming, proxying, etc). There were no US-based “Fully Routed” (BolehVPN’s term, aka what you and I would think of as a security/privacy use servers). I sent an email to support with further questioning on why this is the case. Config files were also not consistent, with some having LZO compression enabled by default and others not. Additional configuration of this and levels of encryption were required.

Speed & Stability tests: All tests were run using UDP AES-256. 3 of the 4 servers repeatedly failed speed tests on desktop. Had Switzerland not connected, I would have assumed there was something more generally wrong, but as it did, I have to believe it lies on BolehVPN’s end or with their broken out configs. There’s always a chance the problem lies in some strange conflict between the speed test and VPN server, but for 3 of the 4 servers tested to fail was not a good sign.



Speed Tests – BolehVPN – Desktop Latency Download Upload No VPN Trial 1 21 ms 89.11 mbps 7.01 mbps Trial 2 21 ms 89.90 mbps 7.52 mbps Trial 3 22 ms 83.59 mbps 6.88 mbps Average 21 ms 87.53 mbps 7.14 mbps Canada Trial 1 0 ms 0.00 mbps 0.00 mbps Trial 2 0 ms 0.00 mbps 0.00 mbps Trial 3 0 ms 0.00 mbps 0.00 mbps Average 0 ms 0.00 mbps 0.00 mbps Comp to Bench -21 ms 0.00% 0.00% UK Trial 1 0 ms 0.00 mbps 0.00 mbps Trial 2 0 ms 0.00 mbps 0.00 mbps Trial 3 0 ms 0.00 mbps 0.00 mbps Average 0 ms 0.00 mbps 0.00 mbps Comp to Bench -21 ms 0.00% 0.00% Switzerland Trial 1 318 ms 43.41 mbps 0.72 mbps Trial 2 320 ms 31.46 mbps 0.78 mbps Trial 3 318 ms 18.45 mbps 0.88 mbps Average 319 ms 31.11 mbps 0.79 mbps Comp to Bench +297 ms 35.54% 11.12% Germany Trial 1 0 ms 0.00 mbps 0.00 mbps Trial 2 0 ms 0.00 mbps 0.00 mbps Trial 3 0 ms 0.00 mbps 0.00 mbps Average 0 ms 0.00 mbps 0.00 mbps Comp to Bench -21 ms 0.00% 0.00%

Speed Tests – BolehVPN – Mobile Latency Download Upload No VPN Trial 1 23 ms 64.71 mbps 7.38 mbps Trial 2 23 ms 68.35 mbps 6.97 mbps Trial 3 22 ms 70.83 mbps 7.24 mbps Average 23 ms 67.96 mbps 7.20 mbps Canada Trial 1 149 ms 11.75 mbps 1.45 mbps Trial 2 150 ms 7.89 mbps 1.70 mbps Trial 3 151 ms 8.17 mbps 1.60 mbps Average 150 ms 9.27 mbps 1.58 mbps Comp to Bench +127 ms 13.64% 22.00% UK Trial 1 276 ms 5.49 mbps 0.86 mbps Trial 2 284 ms 8.13 mbps 1.59 mbps Trial 3 338 ms 4.08 mbps 1.16 mbps Average 299 ms 5.90 mbps 1.20 mbps Comp to Bench +277 ms 8.68% 16.72% Switzerland Trial 1 318 ms 6.98 mbps 0.70 mbps Trial 2 322 ms 10.25 mbps 1.07 mbps Trial 3 322 ms 10.26 mbps 1.01 mbps Average 321 ms 9.16 mbps 0.93 mbps Comp to Bench +298 ms 13.48% 12.88% Germany Trial 1 332 ms 9.58 mbps 0.65 mbps Trial 2 317 ms 14.88 mbps 0.95 mbps Trial 3 322 ms 15.38 mbps 1.37 mbps Average 324 ms 13.28 mbps 0.99 mbps Comp to Bench +301 ms 19.54% 13.76%

Getting support: BolehVPN appeared to have a live chat tool on the website, but it was unavailable (“Leave a message”) when I checked. I sent an email to support questioning their lack of US based servers for “Fully Routed” configurations. I received a response not long after indicating that I should use a streaming server if I need an exit node in the US as abuse of P2P gets BolehVPN servers taken down. I don’t see this as being a good solution to the problem as there are many legitimate uses for P2P ports. Having to only use a foreign server for general use isn’t reasonable in my opinion. While it might still be a challenge, many other VPN companies manage to keep this under control and make it available to their users in the States.



Getting a refund: After hearing back from support, I requested a refund of the service, which was granted very quickly and without any questions.



Concerns in Terms & Conditions / Privacy Policy: BolehVPN’s terms were in the middle of the elegant/obtuse spectrum, which is to say, still fairly long.



We at BolehVPN value your privacy and therefore have a detailed privacy policy in place… We take your privacy seriously and will take all reasonable measures to protect your personal information.



After scraping 169 VPN services’ ToS, I can’t even tell you how sick of hearing this I am. Tell me this BY your terms, not IN your terms. I swear, if I had a dollar for every time a VPN company told me they valued my privacy and then trampled their own statement…

Depending on the payment method, all that is required is a valid e-mail address and you are free to use placeholder names and nicknames when signing up.

Asking for my name is still asking for my name. If it’s okay to provide a fake one, why bother?

We may use analytics on our website to help us to understand where our customers are coming from however no personally identifiable information is captured (such as a name, email address or billing information).

Why would it be a big deal to capture my name, email address, and billing info here if you don’t mind capturing it elsewhere?

However, please note that although we do not log… if you have used a non-anonymous payment method… details being recorded by the payment processor… may be made available in the event if required by law…

Above: your privacy being valued.

Although we do not impose strict bandwidth or speed limits on our servers, this is subject to fair use and shall be within reasonable bandwidth limits of normal residential/light commercial use. We reserve the right to suspend users and inquire if we note any excessive bandwidth usage especially if continuous use. Without limiting the generality of the foregoing as a rule of thumb, anything below 1TB (up and down) per month is reasonable as long as max speed usage is not sustained over days on end.

But bandwidth is supposedly not logged. Big contradiction here.

Final thoughts: While BolehVPN has specific requirements of their affiliates to provide full and prominent disclosure, they all but ignore this term. When a company has such terms for their resellers but has no interest in enforcing them, it shows me that they want credit for an outside show of good faith, but the contradiction tells me a lot more about their intentions and business practices. This shows that they are deeply involved with an affiliate business model.

BolehVPN strikes me as being just below average, which in the VPN industry means certainly nothing to write home about. The degree of respect a company does or does not have for your privacy should be said with actions and enforced policies, not merely words and contradictions. Requesting personal info and hinting at logging despite stating otherwise raises an eyebrow to me. Several servers reliably not connecting also make me quite nervous. Not having the kinds of servers I’m interested in available in the US is just unacceptable with almost every other VPN service manages to.

On the flipside, support was quick to respond (even if I didn’t like what they had to say). I also give them points for quickly granting a refund without any hassle. Overall, I can’t really recommend BolehVPN to anyone. I’ve definitely seen worse, but there are so many better services out there that take the world of privacy seriously.

Update (2-2-2017): BolehVPN reached out with several updates to their service, which are listed below:

CloudFlare is no longer being used on the website.

No more personal details needed, an email address is all that is needed to register unless paying with Crypto (in which case this can be done anonymously) – Exposed stamp removed.

Streamlined subscription activation (I have not confirmed this).

OVPN files tested in order to make sure they work – Broken stamp removed.

Terms of Service and Privacy Policy updated.

Affiliates given an ultimatum to comply with terms in 30 days or have their accounts deactivated. (This is a big one and I’m anxious to see the results).

These changed have been noted on the appropriate charts! Kudos for taking the initiative and taking steps to improve your service, BolehVPN!

Update (2-3-2017): BolehVPN reached out with a few more updates.

Clarified the number of countries and servers

Raised the number of simultaneous connections from 2 to 3.

Clarified handshake encryption (RSA-4096)

Update (3-20-2017): BolehVPN has again reached out with some more changes.

IPv6 is now supported on their servers

Their affiliate program has been overhauled, enforcing their existing policies and terminating the accounts of those who do not follow them. I will be occasionally checking to make sure this is being practiced.

As per BolehVPN, here is the timeline of events where these changes are concerned:

3 February: Affiliates e-mailed the compliance notice, with a deadline to reply before 5 March.

27 February: Affiliates with non-functional/dead sites were suspended.

10 March: Compliance deadline.

15 March: Suspension of non-compliant affiliates.

As of the time of this writing:

39 affiliates were suspended for not meeting the compliance deadline

21 complied with the affiliate disclosure policy

5 were unsuspended after meeting the disclosure policy. They were suspended on 15 March

33 were suspended earlier due to non-functional URLs

I have removed the “Shady” stamp as a result of their efforts.

FROM THE VPN COMPARISON CHART CATEGORY VPN SERVICE BolehVPN JURISDICTION Based In (Country) Seychelles Fourteen Eyes? No Enemy of the Internet No LOGGING Logs Traffic No Logs DNS Requests No Logs Timestamps No Logs Bandwidth No Logs IP Address No ACTIVISM Anonymous Payment Method Yes Accepts Bitcoin Yes PGP Key Available Yes Gives back to Privacy Causes Yes Meets PrivacyTools IO Criteria Yes LEAK PROTECTION 1st Party DNS Servers Yes IPv6 Supported / Blocked Yes Offers OpenVPN Yes OBFUSCATION Supports Multihop Supports TCP Port 443 Yes Supports Obfsproxy Supports SOCKS Yes Supports SSL Tunnel Supports SSH Tunnel Other Proprietary Protocols Yes PORT BLOCKING Auth SMTP P2P Some SPEEDS US Server Average % 0 Int’l Server Average % 7.78 SERVERS Dedicated or Virtual SECURITY Default Data Encryption AES-128 Strongest Data Encryption AES-256 Weakest Handshake Encryption RSA-4096 Strongest Handshake Encryption RSA-4096 AVAILABILITY # of Connections 3 # of Countries 13 # of Servers 35 Linux Support (Manual) Yes WEBSITE # of Persistent Cookies 6 # of External Trackers 2 # of Proprietary APIs 7 Server SSL Rating A SSL Cert issued to Self PRICING $ / Month (Annual Pricing) $6.67 $ / Connection / Month $2.22 Free Trial Yes Refund Period (Days) 14 ETHICS Contradictory Logging Policies Falsely Claims 100% Effective Incentivizes Social Media Spam POLICIES Forbids Spam Yes Requires Ethical Copy Yes Requires Full Disclosure Yes AFFILIATES Practice Ethical Copy Give Full Disclosure

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.