AirVPN not only has a fantastic attitude to privacy, but has the technical know-how to back it up. Not only is genuine privacy possible thanks to support for VPN through Tor, but in terms of speed and reliability no other provider really touches AirVPN.
When it comes to privacy, AirVPN is one of the most respected names in the VPN industry. Based in Italy, AirVPN tells us that it started at a Pirate festival in Rome as a project by:
“A very small group of activists, hacktivists, hackers in 2010, with the invaluable (and totally free) help of two fantastic lawyers and financing from a company interested in the project and operated by the very same people.”
With credentials like that, it is hard not to immediately warm to the company, but what really impresses about AirVPN is that it really does seem to put its money where its mouth is by paying close attention to the nuts and bolts of keeping its customers private and secure, while at the same time providing a fast, reliable, and “transparent” service.
AirVPN now offers only one “Premium” plan, starting at €7 (approx. $9 USD) per month, with discounts available for bulk purchases (up to 35% off if purchased annually). A 3-day-trial account is also available for a modest €1. All charges are made in Euros, but the website will convert these into USD or Bitcoins to help make things easier for non-European customers. There are cheaper services out there, but AirVPN does offer a lot of bang for its users’ bucks:
- No logs
- Shared IP addresses
- Support for OpenVPN only ( AirVPN eschews PPTP or L2TP support on the grounds that it is too insecure, an attitude we find highly commendable)
- Excellent encryption and Perfect Forward Secrecy
- Support for Tor, OpenVPN over SSH, and OpenVPN over SSL
- Port forwarding (on ports 80 TCP / UDP, 443 TCP / UDP and 53 TCP / UDP)
- “Transparent” server status and bandwidth reports
- Access 60+ servers in 14 countries
- Up to 3 simultaneous connections
Privacy is obviously AirVPN’s “big thing”, and it is something that it does very well indeed. As AirVPN explained to TorrentFreak,
“We don’t keep any log that might be exploited to reveal customers’ personal data during connections, including real IP address. For example OpenVPN logs are sent to /dev/null (Air is based on OpenVPN)… On top of that our VPN servers do not maintain any account database.”
“[We] are compliant to the standards and requirements set by Directives 95/46/EC (“Data Protection”), 2002/58/EC (“privacy on electronic communications”) and the best practices recommended by the EU Art. 29 Working Party and the EDPS (European Data Protection Supervisor).”
AirVPN is based in Italy, which is a country that never applied local implementation of the EU-wide Data Retention Directive (DRD) to VPN providers (the DRD was ruled invalid by the European Court of Justice (ECJ) in May 2014 on human rights grounds, but not a single country has removed local implementation of the laws from their statue books).
Italy is however known for aggressive copyright enforcement, and for being a willing partner to NSA spying on its own communications systems, which might explain why AirVPN does not offer servers located in Italy itself.
Each server has a specific IP address, and all users on that server share that IP. This makes identifying any user with any specific internet behavior very difficult.
It almost goes without saying that AirVPN accepts payment via Bitcoin (using Coinbase), which when combined with the ability to connect to its service via Tor (see below) means it is possible to use the service without AirVPN having a direct connection to any user, thus providing a very high level of true anonymity.
To buy a plan, users must register with an email address, but there is nothing to stop them using a disposable email account to do this. Other than that, no personally identifiable information is requested. Of course, if users wish to keep all their details private, they should signup via Bitcoin.
AirVPN matches its superb privacy policies with some of the best encryption offered by any VPN company: 256-bit AES-CBC encryption, with 4096-bit RSA key encryption. We do feel that the SHA1 hash authentication could be a little more robust (SHA256 anyone?), but overall this is excellent.
Also excellent is the use Perfect Forward Secrecy, whereby a new and unique (with no additional keys derived from it) Diffie-Hellman key is generated for each session. This means that even if one session is somehow compromised, all others remain secure. To be honest, why every website and service on the internet does not use PFS is both a mystery and a disgrace, so well done AirVPN.
AirVPN is almost unique in supporting a number of technologies that go above and beyond what we might consider the call of a VPN provider’s duty to protect its customers’ privacy and security (should they need it).
For a start, AirVPN supports connecting to its service through the Tor anonymity network. This means that AirVPN cannot ‘see’ a users’ real IP address, only the IP of whichever Tor node the user is connecting from.
On its own, this provides a very strong extra layer of privacy, but when combined with an account paid for as anonymously as possible using Bitcoin, it means that even if AirVPN wanted (or was somehow forced) to, it would have no way of identifying an individual. This setup provides arguably one of the most anonymous ways possible to access the internet.
A secondary benefit is that it evades any censorship of Tor exit nodes (a common tactic used by restrictive governments and the like, as a list of public exit nodes is openly published). By routing a Tor connection through AirVPN, the Tor user ‘exits’ to the internet via an AirVPN IP address.
AirVPN also supports connecting to the internet through both SSL and SSH tunnelling. This wraps the OpenVPN encryption in an SSL or SSH encrypted tunnel, hiding the fact that VPN is being used from any deep-packet inspection attempts (i.e. hiding the fact that OpenVPN is being used at all).
SSL traffic looks identical to standard secure HTTPS traffic (the standard security technology used on the internet for establishing an encrypted link between a web server and a browser), and to block it would effectively break the internet. This makes SSL tunnelling ideal for evading censorship in places such as China and Iran.
The SSH protocol is less commonly used, but it is always nice to have additional anti-censorship options. It should be noted that both SSL and SSH tunnelling involve computational overheads, and their use is therefore likely to slow down an internet connection.
Finally, AirVPN supports dynamic port forwarding on ports 80 TCP / UDP, 443 TCP / UDP and 53 TCP / UDP. Of these, forwarding on port TCP port 443 is probably the most useful, as this is the same port used by SSL traffic, and therefore makes OpenVPN traffic look like regular SSL traffic.
This is not as resilient to deep packet inspection as using an SSL tunnel, but will fool most systems, while being much easier to implement, and does not come with the performance overhead that comes with tunnelling.
AirVPN is very proud of the way in which it allows anyone to access detailed server information, allowing them to see at a glance how busy a server is, how many users it has at any given time, ping rate and route used (updated every 60 seconds).
AirVPN promises that every user has a minimum guaranteed allocated bandwidth of 4 Mbit/s download, and 4 Mbit/s upload, which it is easy to verify by checking out the server stats (simply divide the total bandwidth on a given server by the number of people using it).
We love this network “transparency”, as it makes choosing a suitable server very easy, and demonstrates that AirVPN is providing exactly the service it is paid for.
AirVPn provides its own custom client, a free and open source OpenVPN wrapper codenamed Eddie (a Hitchhiker’s Guide to the Galaxy reference) for Windows, Mac OSX and Linux (various). It also provides manual OpenVPN setup guides for a variety of platforms, including Android, iOS, and routers.
AirVPN is proud of the fact that it does not support less secure protocols such as PPTP and L2TP, and while we understand how useful these can be for configuring legacy devices, we admire this principled decision.
“Eddie” sports the following features:
- Dynamic server selection with ping and load info
- Built-in speed testing
- Detailed stats
- VPN kill switch (Settings -> Advanced -> Network lock)
It’s great to have this much information when choosing a server.
We are unclear about whether any DNS leak protection is built in to the client, but certainly did not encounter any DNS leaks.
We tested speed performance using the HTML5-based Testmy.net tests using its UK server on our 20MB/s UK connection.
We were intrigued to find that our IP appeared to originate in Germany rather than the UK. We assume this is something to do with the ‘double-hop’ servers mentioned on AirVPN’s server status page.
We checked to ensure that we could still access the BBC iPlayer (UK only), but encountered no problems at all.
Looks and style are not, to be honest, AirVPN’s forte (although the server stats are beautiful), but the website is perfectly functional. The AirVPN website is clearly not aimed at beginners, and those new to VPN might struggle a little to understand the terminology used (although there is an active forum to help out users).
On the other hand, the website provides lots of detailed information about things such as encryption used and other technical stuff, which is a godsend to those wanting more ‘meat’ than many providers offer.
Also very funky is that the website includes web-based access to detailed personal stats…
… and provides detailed speed test results that are hosted directly on the VPN server to which a user is connected.
Customer support comes in the form of the above mentioned forum, and via a ticket system. It took around an hour for support to answer our questions, but they seem to work European office hours only.
The replies were friendly and very knowledgeable (but perhaps a little too much, as they were highly technical. This kind of response is great for experienced users, but may leave the less technically inclined somewhat baffled.)
AirVPN loses a few points on presentation and newbie friendliness, but easily makes them back by having a fantastic regard for users’ privacy, excellent encryption, a wealth of unusual ways defeat censorship and achieve the closest thing to anonymity possible on the web (compatibility with Tor, port forwarding, and SSL and SSH tunnelling), and while at the same providing extremely good speed performance results, making it undoubtedly one of the most impressive VPN providers we have reviewed to date.