If you like this review, please consider making a donation to support me.

VPN providers - Which one to choose?

1. Introduction
2. Grading of VPN providers 3. Unrelated claims of VPNs
4. Summary


Using a VPN can help you to bypass geological blocks, hides your real IP address, and also hides your internet traffic from your internet service provider. However, you should always remember that it is they to encrypt your traffic and hide your IP, so if they want they can actually see your unencrypted traffic and your real IP address, and they do have a reason to do that - sell them to other advertsing platforms for profit.

If you don't want anyone to spy on you, you can always use TOR to encrypt your traffic, which is slower but more secure, as you don't need to trust them - they do encryption hop by hop and such they can't see your content. However TOR's exit nodes are public, which means websites can easily block users who access the website using TOR.

So, if you want to visit websites that blocks TOR but still want to be private, you need a VPN. That's why this review is born, to help you to get a trustworthy one. So let's start! (also check out the ratings of different providers here from the table below)

Grading of VPN providers

How the VPN providers are graded consists of different factors, which is pointed out by the list below, the highest grade I can give is A+, lowest grade is C-.
  1. Not higher than B+ if they uses trackers like google analytics.
  2. Not higher than C+ if they need your phone number, physical address or other info that is non-anonymous.
  3. Not higher than B+ if they collect usage datas (which is vague as usage data is defined by them).
  4. Not higher than B if they are cloudfared, see here for details about how it sucks.
  5. Not higher than B if they uses google reCaptcha/hCaptcha which can be used to track users.
  6. Not higher than C+ if they shares user's VPN's data to third parties.
  7. Not higher than B- if they don't accept bitcoin/cash as a paid service.
  8. Not higher than B if they don't support open standards like OpenVPN.
You may be concerned why I didn't include 'features' as the factor of rating, for users who come here because of choosing a privacy-respecting VPN, it's because it's nothing biggie and is always a disguise used by the non-privacy respecting VPN providers. If you come here to find a good streaming, then the guide is not for you. There are tons of similar reviews out there.

Providers Grading


Update 5 April 2022: Just realized that it is owned by Kape technologies, togther with PIA, ZenMate and CyberGhost. Kape technologies have a long history of distributing malware. So avoid this and other providers that is owned by Kape.

This service is paid at first. Their main page have nothing special, but seems lots of "privacy guides" recommend this one. So let's try to signup first. Signing up requires an email address, and you can pay via bitcoin too - but guess what? They uses bitpay as their third party payment processor, and here is what bitpay collects when you pay: I don't give a shit for what you use it for - hands off my browser information or and IP addresses! UPDATE 10 May 2022: After I checked this bitpay requires you to provide your ID document and solve a fucking google reCaptcha, that's why I downgraded the provider from B- to C+. But that's only the payment, if the actual VPN service is private I can possibly deal with it, but is it?

From their privacy policy, section #Anonymous App Diagnostics, they collect the followings:

And they said this can be switched off, yeah of course, but it is enabled by default, so if you are not aware, your "statistical information" will be collected, and you need to trust them how they define statistical information, well they can include what apps you use, android version or such. And look at that sentence again! They are using google to transit these datas, so google will be able to see these "statistics".

If you have checked their lower part #cookies and mobile identifiers of their privacy policy, it is even worse: So you are helping the anti-privacy google to track users and show them targeted ads? Absolutely terrible. And remember mobile identifiers are unique, so they know actually which mobile is having which "statistics" in order to track users.

So that's their privacy policy, without saying that how long will these information is stored, so assume the worse - forever.

Another terrible news about this provider is that their CEO have agreed to cooperate with the FBI, which makes ExpressVPN a honeypot for the US government to spy on you.

And so in summary, here is a provider that relies on third parties like bitpay, cooperate with google by giving them user's "statistics information" plus the user's mobile identifier, bull shit marketing with google adwords and google analytics that helps the anti-privacy google to track users and send users ads, with no information about how long these datas are stored. And their CEO have agreed to cooperate with the FBI, making room for the US government to spy on you. Always remember that they are also fucking expensive for $8/month, and if you can afford this, there are much better options, so forget about ExpressVPN.


Their whole website is cloudfared, see here for details about how it sucks. Briefly, it blocks TOR traffic and forces you to trun on JavaScript and cookies for "browser checks", and because everything submitted to the website passes through cloudfare, they held great power and it can block you easily from accessing website that is cloudfared (even the owner of the website doesn't meant to block you), and they can see everything you submitted to the website - meaning they can spy on you, just like the Great Firewall of China.

When you successfully entered the website, you will see quite a lot of website trackers is spying on you (tested with uMatrix extension), which includes but not limited to: Google, Facebook, Reddit, and Bing (which is owned by microsoft). All these big corps are notorious for big data collection to spies on its users to increase their ad revenue. While they earn big dirty money by selling your personal datas to these third parties, they are also a fucking paid service which charges you $4/month. Again, that's only the website, if the VPN provider itself actually deserves the cost, then it's all okay.

Take a moment until you checked their privacy policy, you will know why I graded this service as a C-, the lowest grade I can give. From their privacy policy: Look at that again! Billing address (your home's address), IP address, real name collection for our favourite VPN, IPVanish! And like other providers that advertises themselves as private, they don't accept anonymous bitcoin or cash payments. The lower part of this section is even worse: Now the huge collection of personal data throw this provider into privacy hell. If it's not enough - the above 'anonymous information' sending to IPVanish cannot be switched off (unlike ExpressVPN), so be ready for your data being rob out of your control. Wow, so not even you can get my personal data, you even share my information to firebase, which is owned by the spyware platform google. And now here comes the worst quote in the whole privacy policy: As far as I can see there is no such provider that says they would process your sensitive personal data, which may include all the things such as your credit card number. And 'for a legitimate purpose' is vague, which they can use bullshit excuses like 'suspect that this user is engaged in unlawful activities' and rob your personal data out of your control. Now for some false claims in their privacy policy: The above is a shameless lie. Just check out the list of cookies of IPVanish. It includes google ads which is designed to track website visitors and show them ads. And now they say it won't use the information for their advertising purpose, what the fuck?

By signing up, it requires you to enable cookies plus JavaScript otherwise the page won't even show. And that's all for their service, with no clear explaination in their privacy policy for how long the data is stored, so always assume the worse - forever. I can go on but you get the idea. There is no reason to use this service either.

Given how fucking it is, they still have audacity to claim stuff like this: Yeah sure - very reasonable I guess!


Another cloudfared website that bites the dust, see the section IPVanish about how it sucks - it acts as a patrol agent between you and the website, that means they can get everything you submitted to it, including your password and sensitive information. So, this VPN is already disqualified from my point of view as everything submitted there is not safe. But anyway, let's check the provider out whether the actual service worth the cost.

Just like IPVanish, it uses lots of fucking third parties website trackers including google analytics to spy on website visitors which is tested with the uMatrix extension. However their price is only $2.5/month compared to IPVanish's $4/month, and as well as a better (but still bad) privacy policy than IPVanish - which is the only saving grace of this service. Other issues with this service is that they try to do too much which they also have other services which requires your account such as surfshark search, antivirus... Just like what google have done - linking all your datas from different services and create a profile of you.

But anyway, let's go straight to their privacy policy. From their privacy policy: Great! Prepare your privacy being ripped away and send directly to google everytime you visit this shit website. So that's the website, how about the actual VPN service? What this 'diagnostic information' consists of, is of course not stated which means they can interpret this anytime. Can these called 'anonymous datas' be used to link to your own account? They seems to be double-speak in this issue: And in another section they says: So actually they collect the mobile device id which is unique so it can be tracked to a specific user. Why pretend otherwise then? These personal-identifiable information are also, directly sent to the advertisers (probably google, the biggest privacy violator in the web) for the fucking purpose - interest-based advertising, which pretty makes you a product for them to earn money. Okay, so here is all the personal data they store, but how long do they store the above datas? Okay, so they store your personal data after 2 years 'I stop' (anyone can explain what the hell does that mean?). Oh surfshark, what are the privacy that I got promised from your maim page?

By signing up, it requires your email address (which is pretty mild; it don't block temporary ones too). It also accepts cryptocurrency, but it use a third party payment processors - already a red flag. Do those third party proccesors collect shit like bitpay does with ExpressVPN? Let's check it out. There are 2 third party payment proccesors, and let's start from CoinGate. From it's privacy policy about what they collect: It seems this is no difference from a direct Facebook surveillance. How about another third party processor CoinPayments? Is there any better? From their privacy policy: These two payment processors doesn't even seem to care about your privacy at all, but surfshark's privacy policy tells a different story about these providers: Is my selfie, all government documents, my Google unique ID, my telephone number and all these are usual datas?

Looking at the surface, this provider is a cheap provider that is no-log and accepts bitcoin, but after we dive into their privacy policy, it tells a different story. It uses third party website trackers on their website, double-speak that they don't collect user identificable information, while storing your unique device ID for 2 years even you deleted the account, share these datas to google directly for advertising purposes, lies on the privacy policy saying that what those third party processors collect is necessary and reasonable, but those payment processor's privacy policy actually collects a lot of your information to know your real identity. This service is actually pretty cheap, but since it is violating most of the VPN's principles, avoid!


Update 20 April 2022: I do find out a reason to use this VPN though - they support a independent protocol called Chameleon, which they claim that it prevents censorship, but it's too slow that I can say it's useless.

Probably the most terrible one from a privacy standpoint.
Update 5 April 2022: After my research I found out that there are much worse providers out there, so I am changing this.

Like ExpressVPN, it's very expensive for around $8/month for yearly accounts. But let's don't judge them by the price, check out their privacy policy first. To make it clear, VyprVPN is owned by a company called Golden Frog, and the only privacy policy is from golden frog's website. From their privacy policy: Real name, phone number, physical address. Great, you are a quick start to the privacy hell already. Look at how they explain this stuff: I see, it's all for "customer support" only. I wonder why none of the other providers need this information then, VyprVPN? Let's stop that bull shit excuse. And now the lower part of thrir privacy policy: So actually what's that web analytics software? Then I tested the website with the uMatrix extention and find out it is the tracking shit Google Analytics. Wow, so even people that only visiting their website are exposed in the mass google surveillance!

Do they actually share those a bunch of datas collected to third parties? They claim that no data will be given to third parties except in criminal investigation: Read that again! They won't even tell you even you are targeted. I certainly understand that you are required by law to do this. But what they said "Switzerland has a long history of respecting privacy and has established a legal framework to protect it." - what a joke.

Except from those disadvatages, it still have 1 advantage over the others though.The users data can be erased in their privacy policy: "If you wish to be removed from our systems, please contact us at support@goldenfrog.com". So at least you can erase all the datas collected.

When you register for an account, they required you complete a fucking google ReCaptcha, which is long being criticized that it is a tool for the anti-privacy google to track and spies on users. So I have contacted them dealing with this issue - but they seemed to ignore the issue and reply to me that a captcha is needed to verify that you are not a bot. Yeah I know, but can't you develop a first party Captcha?

Another problem with this service is that they don't accept bitcoin or cash as anonymous payment method! They also uses third party payment processors to process the payment if you use credit card (in privacy policy): So actually what's the payment processor? I have asked them again and the answer is recurly. However, this recurly doesn't yet have a privacy policy for customers, so I won't even know what they actually stores. The problem of using third party payment processors is that even if you requested data deletion at vyprvpn, that recurly can still see your credit card number - and from your credit card they get your name, bank and such info...

In summary: A very expensive service for $8/month, but stores lots of things including your phone number and physical address, uses google analytics for tracking, lying about for "swiss privacy laws" while given the fact that they won't tell you that you are targeted, not accepting anonymous payment method, uses third party payment processors, and uses the fucking google reCaptcha. The only advantage here is that you can delete the datas from vyprvpn, but except the most important credit card number as it is handled by third party processors. Avoid this service!

Unrealated claims of VPNs


I haven't yet finished the whole review, but you get the point - the VPN industry is as dirty as fuck.
Don't forget to support me with a donation if you like the review!

Return to main page