Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. Readers can learn more about how I intend to conduct my reviews, my methodology, etc – here. More information on review badges here.

Last Updated Aug 16, 2017

Welcome back to the next in the series of my VPN reviews. I had a little extra time this weekend, so I decided to spend it making a review – a week early! This time around, we’re looking at, as per my “roll” on random.org (#96 at the time of the roll) – SaferVPN.

Signing up for the service: Signing up for SaferVPN was thankfully, simple and streamlined. Their website has a clean look and things worked the way they were supposed to. I was able to choose between 1 month, 6 months, or 12 months of service, which is all fairly standard. One thing that was kind of annoying, but not a huge deal: by the end of sign up, I had received something like 4 emails about the whole ordeal. These included a receipt email, welcome email, invoice email, and activation email (which is redundant with the normal sign up process step of choosing a password). Again, not a big deal, just a little annoying and feels like that could all be put into one big welcome email or left out altogether.

Sign-up also requires an email address, which in my opinion, is the most one should expect when looking for a service for privacy purposes. As always: I did not sign up for the service using my TOPG email account so as to hopefully blend in with the other users and avoid any special treatment.

Configuring the service: SaferVPN’s website download area was tailored more to the layman, providing your usual array of Windows and OSX installers, Android, iOS, and Chrome links, etc. As per my review methodology page, I’m testing what these services are like for more advanced users concerned with the finer points of privacy configurations (Linux, AOSP Android, etc). In this regard, I was a little disappointed to see that the only link to the manual configuration page wasn’t to be found on the main download page, but on the welcome pop-up splash panel (would probably be hard to find the next time I visited the site). When clicked, the link took me to a support board with some manual configuration instructions and download links for .ovpn zips. The setup instructions were competent, but for Linux, they required using terminal commands to download their ca certs – an actual link to just download through the site would have been nice to have too. The way they currently instruct the user to configure service on Linux requires the user to reference their server list and manually configure the connection. This really should have been boiled down to a zip package download link for convenience in my opinion… because the Android manual configuration page HAS download links for .ovpn files, so why not duplicate them for another platform (they’re fairly interchangeable). Despite the Android page having these files, they were available to download only one at a time for individual servers, which is a little clunky. Many other services I’ve tried have a place to download everything you need in one go – config files, cert files, etc. This makes things easy to transfer to other devices and know you won’t overlook or be missing something important for setup.

I downloaded four .ovpn files from the Android manual config direct link page – and 2 of the four did not have the proper file extension (.ovpn) which was a little odd. Linux gets confused by this and wouldn’t even set up an OpenVPN connection with them, but Android seemed to be okay with it either way. After renaming the 2 properly, I was able to establish a connection with both devices.

After connection, I looked through the log and found:

“WARNING: No server certificate verification method has been enabled”.

It appeared that, like the last review with ProXPN, the config files I downloaded were not set up to verify the server certificate (to know for certain it’s connecting to the actual server and not one in disguise). The cause of which, was that the files contained no lines to accomplish this task, which typically appears in one of the the following forms:

ns-cert-type server

or

remote-cert-tls server

SaferVPN’s default encryption is Blowfish-128, which is known to have weaknesses as well. This can be changed to Blowfish-256 manually, however, just concerning for privacy/security purposes if someone didn’t know better.

Speed & Stability tests: After finally getting the service up and running, I ran a series of speed tests, see below – all tests performed at non-peak times using speedtest.net, the speedtest.net app, test server was Phoenix NAP AZ Data Center for all trials. Connecting using UDP, Blowfish-128 encryption (the default).

Speed Tests – SaferVPN – Desktop Latency Download Upload No VPN Trial 1 10 ms 97.01 mbps 12.86 mbps Trial 2 10 ms 96.42 mbps 12.86 mbps Trial 3 9 ms 96.72 mbps 12.94 mbps Average 10 ms 96.72 mbps 12.89 mbps US West Trial 1 39 ms 92.03 mbps 11.85 mbps Trial 2 40 ms 88.05 mbps 11.89 mbps Trial 3 38 ms 91.07 mbps 11.76 mbps Average 39 ms 90.38 mbps 11.83 mbps Comp to Bench +29 ms 93.45% 91.83% Sweden Trial 1 401 ms 8.39 mbps 1.52 mbps Trial 2 388 ms 7.03 mbps 1.49 mbps Trial 3 375 ms 8.88 mbps 1.27 mbps Average 388 ms 8.10 mbps 1.43 mbps Comp to Bench +378 ms 8.37% 11.07% Australia Trial 1 355 ms 11.47 mbps 5.25 mbps Trial 2 357 ms 10.35 mbps 4.81 mbps Trial 3 355 ms 12.89 mbps 5.19 mbps Average 356 ms 11.57 mbps 5.08 mbps Comp to Bench +346 ms 11.96% 39.45% Hong Kong Trial 1 346 ms 11.58 mbps 6.66 mbps Trial 2 348 ms 10.78 mbps 5.85 mbps Trial 3 352 ms 11.77 mbps 7.57 mbps Average 349 ms 11.38 mbps 6.69 mbps Comp to Bench +339 ms 11.76% 51.94%

Speed Tests – SaferVPN – Mobile Latency Download Upload No VPN Trial 1 11 ms 74.33 mbps 14.44 mbps Trial 2 12 ms 74.26 mbps 14.48 mbps Trial 3 11 ms 75.09 mbps 14.23 mbps Average 11 ms 74.56 mbps 14.38 mbps US West Trial 1 36 ms 21.37 mbps 13.89 mbps Trial 2 36 ms 21.97 mbps 13.90 mbps Trial 3 37 ms 20.52 mbps 13.85 mbps Average 36 ms 21.29 mbps 13.88 mbps Comp to Bench +25 ms 28.55% 96.50% Sweden Trial 1 418 ms 1.97 mbps 3.69 mbps Trial 2 413 ms 7.52 mbps 6.48 mbps Trial 3 403 ms 2.42 mbps 3.68 mbps Average 411 ms 3.97 mbps 4.62 mbps Comp to Bench +400 ms 5.32% 32.10% Australia Trial 1 409 ms 1.67 mbps 5.37 mbps Trial 2 407 ms 3.56 mbps 5.09 mbps Trial 3 409 ms 1.61 mbps 3.61 mbps Average 408 ms 2.28 mbps 4.69 mbps Comp to Bench +397 ms 3.06% 32.61% Hong Kong Trial 1 360 ms 3.04 mbps 3.02 mbps Trial 2 360 ms 3.34 mbps 3.20 mbps Trial 3 359 ms 2.08 mbps 1.71 mbps Average 360 ms 2.82 mbps 2.64 mbps Comp to Bench +348 ms 3.78% 18.38%

The US West server speeds held up quite well on desktop, but the international servers I tried were pretty slow all around. Some slowdown is expected of course given proximity, but any downloading or streaming using these servers would be pretty painful I’d imagine.

I forced the mobile connection to jump from Wi-Fi to LTE several times and the VPN was able to reconnect each time without any trouble (some I’ve used in the past struggle with keeping a stable connection when roaming and switching networks), so that was a good sign for stability at least.

Getting support: I sent an email asking some questions about the .ovpn configuration and while waiting for a response, started a live chat session with “Mary”. When I asked some questions about the info above and general .ovpn configuration, I got responses asking me which problem/error I was having. Note that it’s highly likely that their live chat is farmed out to a third party with a scripted flowchart for simple, tier 1 issues (a lot of companies do this, but I’ve used others with more knowledgeable live chat too). When I re-emphasized that the questions I had were not related to a specific error necessarily, or rather that “the script” would probably not be of use, she terminated the chat session early. I tried reopening the page for live chat, but the prompt to begin chatting didn’t appear for some reason. I disconnected from the (non SaferVPN) VPN I’d been using, wondering if she actually blocked me – and sure enough, it came right up. I spoke to Mary again and asked if they had any tier 2 support via live chat, she notified me that she had escalated the ticket, that it would take a couple of hours to get back to me, then terminated the session again. Not too impressed.

I tried reconnecting to my VPN to recreate the issue with the live chat prompt not appearing on the support page and I WAS able to. Again, not sure what the root cause of that is, I can’t prove she actually did something to prevent me from asking further uncomfortable questions. Maybe there’s an IP based limit to how often a user can contact support via live chat or something. I wouldn’t even be mentioning it if I couldn’t duplicate the results, but… I can, and… it’s weird… food for thought.

I looked at the contact page and saw there was also a support phone number, which I tried to call. It went straight to voicemail and said (paraphrasing) “You have reached SaferVPN, please visit our website or use our live chat or email for support.” I’ve seen this kind of straight-to-voicemail pointer to the real support tools, but it always bugs me. Why have a phone number if it’s basically good for nothing? (other than solely to say you have one).

I got an email back from “Jeervan” who, in response to my question linked an about page on the site talking generally about encryption protocols the service uses, but failed to address my specific questions.

Getting a refund: There was no place on the website that I could find to cancel service and initiate a refund, so I responded to Jeervan with a refund request. “Robert” responded (paraphrasing) “We could indeed grant your request for a refund… but first, let’s try some troubleshooting!” I get why companies want to do this, sometimes they mean well and just want to help, but more often than not they want to keep you locked in or hold you to terms requiring a round of support before a refund is granted. As SaferVPN has a 14-day no hassle refund policy, I replied that I just wanted a refund, and a few minutes later they granted it.

Concerns in Terms & Conditions / Privacy Policy:

SaferVPN’s terms contained page after page of typical nothing-is-ever-our-fault-seriously-never-ever-our-fault boilerplate terms (the things I’ll suffer through for you guys). Just a few standouts:

“When You set up Your Safer VPN Account, we ask You to provide certain information, such as Your name, email address” and “You agree to provide the Company with accurate and truthful registration information, including, but not limited to, Your name and email addressto [sic] keep Your registration information current during the Service Period as defined above”

I wasn’t asked for my name during registration, but I was asked for my email address. Those concerned with keeping their personal info confidential may wish to look elsewhere. It always bugs me when they not only ask for that information but then follow it up with a clause in the terms requiring a real name and so forth. It’s unlikely they’d know if you gave a fake name (if they ever decided to request it), but the fact that they wrote that in there shows a lack of respect for privacy in my opinion.

“A subscription plan is an automatic payment recurring based on the service plan.”

I hate opt-out auto-renewal. I think it takes advantage of someone forgetting to cancel service. Unfortunately, it’s more or less the norm for some payment methods.

“Information We Collect (And Don’t) From You, Why We Need It, And How We Use It

What Safer Social Ltd. Retains From SaferVPN sessions:

– a time stamp when you connect and disconnect to our VPN service;

– the amount of data transmitted (upload and download) during your session;

– the IP address used by you to connect to our VPN;

– the IP address of the individual VPN server used by you.”

All connection metadata appears to be logged, no good.

Your privacy is important to the Company. When Youset [sic] up a Safer VPN Account the Company collects information from You as described in the Privacy Policy.



So… which is it, our privacy is important or you want to keep logging our connection metadata?

We do not store your name, home address (unless you entered them) but this data may be stored by the third party payment provider handling the transaction and may be accessible by us.

As good as, then?

Final thoughts: SaferVPN is easy to sign up with but a little rocky to get connected. The international servers I tried were very slow on both desktop and mobile, but if you only need US based connections on more powerful desktop-based hardware, it might be suitable for you. They could be a lot better where privacy is concerned when it comes to the info required during sign up, default encryption, and their logging policy. Their obtuse “we’re-absolved-of-everything-wrong-with-the-world” terms could be cut in half for the sake of the user. It’s hard to recommend for privacy enthusiasts, or even someone who just needs something simple for geo-unblocking as the high price tag is in the top third of services on the Comparison Chart.

Update (8-16-2017): SaferVPN has reached out and presented several improvements to their site and service. They appear to have made a good faith effort, including the following changes. While not perfect, it’s certainly a step in the right direction:

I have not verified this, but I’m told VPN configs were fixed to address the concerns I had from above – I have gone ahead and rescinded the “Broken” stamp.

Several of their terms have been revised, such as requiring a name and enforcing its accuracy via the terms, their logging policy has been revised to collect less meta data.

Some other tweaks, such as a correction on the country they are based in (Israel vs US).

Default encryption upgraded to AES-256.

Raising the number of simultaneous connections.

Clarifying that privacy causes are supported by the company.

FROM THE VPN COMPARISON CHART CATEGORY VPN SERVICE SaferVPN JURISDICTION Based In (Country) Israel Fourteen Eyes? No Enemy of the Internet No LOGGING Logs Traffic No Logs DNS Requests Logs Timestamps Yes Logs Bandwidth Yes Logs IP Address No ACTIVISM Anonymous Payment Method Email Accepts Bitcoin Yes PGP Key Available No Gives back to Privacy Causes Yes Meets PrivacyTools IO Criteria No LEAK PROTECTION 1st Party DNS Servers No IPv6 Supported / Blocked No Offers OpenVPN Yes OBFUSCATION Supports Multihop Supports TCP Port 443 Supports Obfsproxy Supports SOCKS Supports SSL Tunnel Supports SSH Tunnel Other Proprietary Protocols PORT BLOCKING Auth SMTP P2P SPEEDS US Server Average % 93.45 Int’l Server Average % 10.7 SERVERS Dedicated or Virtual SECURITY Default Data Encryption AES-256 Strongest Data Encryption AES-256 Weakest Handshake Encryption Strongest Handshake Encryption AVAILABILITY # of Connections 3 # of Countries 24 # of Servers 150 Linux Support (Manual) Partial WEBSITE # of Persistent Cookies 11 # of External Trackers 2 # of Proprietary APIs 14 Server SSL Rating A SSL Cert issued to Self PRICING $ / Month (Annual Pricing) $5.99 $ / Connection / Month $2.00 Free Trial Yes Refund Period (Days) 14 ETHICS Contradictory Logging Policies Yes Falsely Claims 100% Effective Incentivizes Social Media Spam POLICIES Forbids Spam Yes Requires Ethical Copy Yes Requires Full Disclosure Yes AFFILIATES Practice Ethical Copy No Give Full Disclosure No

If you like the project and find my work useful, please consider donating – your generous contributions help pay for the hosting, tools, and time I need to do my research and keep the data fresh.