Ivacy is a no-logs VPN provider based in Singapore. Although it’s been around for years, Ivacy has recently and quite dramatically reinvented itself to become one of the most spectacular “new” players in an industry that is becoming increasingly professional.
- Simultaneous connections 5
- Countries 50
- ProPrivacy.com SpeedTest (average) 83.91Mbit/s
- Jurisdiction Singapore
- 30-day refund plus 7-day free trial
- Split tunneling (not Mac)
- P2P allowed
- No logs
- Blazing fast speed performance
Alternative VPN Choices for You
|From $2.99 / month||
ProPrivacy.com Score 10 out of 10
|Visit Site Read Review|
|From $6.67 / month||
ProPrivacy.com Score 9.1 out of 10
|Visit Site Read Review|
|From $2.75 / month||
ProPrivacy.com Score 10 out of 10
|Visit Site Read Review|
Ivacy offers a simple basic plan. The monthly cost is fairly high, but this drops sharply if you buy an annual or longer subscription. Indeed, it is fair to say that if you buy a long-term plan, Ivacy is a very low-cost service.
Dedicated IPs are not included in the basic plan, and cost an additional $1.99 USD per month per IP. A NAT firewall with port forwarding also costs an additional $1.00 per month.
Payment can be made via card, PayPal, AliPay, Perfect Money, and Paymentwall. You can also pay in Bitcoin via BitPay, and in a variety of cryptocurrencies via CoinPayments.
Do please note that it is possible to use Bitcoin and some other cryptocurrencies to pay for a VPN service such as Ivacy anonymously, but always remember that the VPN service knows your real IP address and can see what you get up to on the internet.
Most subscriptions come with a 30-day money back guarantee, although payment in crypto-currencies is understandably non-refundable. Monthly subscriptions come with a 7-day guarantee instead.
Ivacy is currently offering a free 1 year Sticky Password Premium subscription worth $29.99 with all subscriptions. Sickly Password is a good password manager which offers excellent browser integration, although we prefer free and open source solutions such as KeePass and Bitwarden.
Customers can connect up to five devices simultaneously per account. This is fast becoming the industry average, which is good as this should be more than enough for the vast majority of users.
Ivacy offers 100+ server locations in over 50 countries. It is worth noting here that Ivacy was once a white-label reseller for PureVPN and leveraged the PureVPN server network. The process is not yet complete, but Ivacy has shown us evidence that it is migrating away from using PureVPN servers to servers owned and operated entirely by itself.
Not, it should be said, that we have any problem with Ivacy being a reseller anyway. Especially now that PureVPN has gone 100% no logs.
Servers are a mix of secure bare metal servers and insecure VPN instances. We are pleased to note, however, that unlike many other VPN services, Ivacy was happy to provide a list of which ones are which when we asked. This makes it possible to choose to only connect to bare metal servers.
Ivacy allows P2P torrenting and even offers P2P servers optimized for improved filesharing speeds.
This bolt-on feature gives users a static IP address in one of seven countries, which belongs only to themselves. This means it is unlikely to be blacklisted by sites such as Netflix and is less likely to trigger CAPTCHA verification tests.
Because a dedicated IP is directly linked to a single user, using one is not as good for privacy as using an IP which is shared among many users. There is nothing stopping you from using it only when needed, though, and using a regular shared IP when you want privacy.
NAT firewall + port forwarding
A VPN NAT firewall blocks new incoming connections in order to prevent hackers from exploiting open ports. Many VPN services implement a NAT firewall by default, but this creates problems as some users need to be able to accept new incoming connections.
This includes p2P downloaders and anyone who wants access games and media servers, plus LAN resources such as printers and hard drives, on networks protected by a VPN using a NAT firewall. The solution is to offer port forwarding, which opens selected ports in the NAT firewall to allow new incoming connections through.
Ivacy does not offer a NAT firewall by default, but one can be added as a bolt-on extra. If you do pay extra for one, then Ivacy also allows port forwarding through it should this be needed.
The lack of a NAT firewall by default does not really bother us much, but the risk is hard to quantify. Please see our VPN Port Forwarding Guide for more information on this subject.
Netflix and iPlayer Unblocking
In our tests, Ivacy successfully unblocked both the full US Netflix catalog and BBC iPlayer flawlessly. Ivacy claims to unblock a great many additional services. We haven’t tested them all but can confirm that it unblocks Amazon Prime US.
If you do encounter any problems with these or other streaming services, then Ivacy’s dedicated IP feature should provide you with an IP address that hasn’t been blacklisted.
Speed and Performance
|ProPrivacy.com SpeedTest (max/burst)||228.09|
|ProPrivacy.com SpeedTest (average)||83.91|
|IPv4 leak detected?|
|WebRTC leak detected?|
In our 2019 ProPrivacy.com Awards Ivacy won best the Best Speed Award. And for good reason! In our rigorous speed tests, Ivacy is consistently ahead of the competition.
We are pleased to say that we detected no IP leaks of any kind in Windows and macOS when using just the Ivacy app. This includes IPv4 and IPv6 DNS leaks, and IPv4 and IPv6 WebRTC leaks. No IP leaks were detected in Android or iOS either, although we can currently only test mobile devices for leaks using an IPv4-only connection.
This is great, although only browser-based solutions can 100% guarantee against WebRTC leaks. It is therefore great that Ivacy offers browser add-ons for Firefox and Chrome which include full WebRTC leak protection.
IP leak tests
We ran DNS and WebRTC leak tests using Ivacy’s Windows and macOS clients (we would love to also test for leaks in mobile apps, but for various technical reasons this is not possible at the present time).
Ivacy told us that to ensure IP addresses are not leaked via the WebRTC browser “feature,” users should use its Chrome or Firefox browser add-on in addition to its client software.
We would normally criticize Ivacy for not warning users more clearly about this, but in our tests, we detected no leaks anyway. This includes any regular IPv4 and IPv6 DNS leaks, but also WebRTC (tested with IPv6) leaks even when not using a browser add-on.
For more information about the danger posed by IP leaks, please check out A Complete Guide to IP Leaks.
Ease of use
Ivacy has custom apps for Windows, macOS, Android, and iOS. It also has browser add-ons for Firefox and Chrome. In theory, Ivacy offers an OpenELEC VPN add-on for Kodi. This is pretty cool, except that we were unable to connect to the Source URL.
Manual setup guides are provided for various other platforms, including Linux (Debian/PPTP and Mint/PPTP and SSTP), Android-based smart TV’s (PPTP and L2TP), DD-WRT routers (PPTP) and games consoles (via VPN sharing).
The Windows Client
The Windows VPN app looks the business and has an easy-to-navigate interface. To auto-connect to a nearby server just hit the big “on” button. The client uses IKEv2 by default but also supports OpenVPN (UPD and TCP), and L2TP/IPsec.
Although IKEv2 is not as proven as OpenVPN when it comes to security, it is very secure in theory and is usually faster than OpenVPN. We presume OpenVPN TCP uses port 443 in order to provide some limited anticensorship capabilities.
The Windows app offers a number of bonus features that are available on all other platforms. Split tunneling lets you choose which programs and apps use the VPN tunnel, and to exclude the rest. Split tunneling is therefore very useful if you only need the VPN for certain reasons.
Secure downloading is an unusual feature which automatically scans all downloads with “advanced server level virus and malware protection.” How effective this might be is anyone’s guess, but while we would certainly not recommend throwing away your current antimalware protection, it can’t do any harm to have an additional layer of protection.
The app comes with a kill switch, although this is not enabled by default. This leverages the Windows system firewall to prevent internet connections outside the VPN interface – even when the client itself crashes.
In simulated tests using Wireshark, we could see that at no point was our real IP address exposed when the internet connection was disrupted, or when it was re-established and the VPN client reconnected.
The macOS client
The Mac VPN app is in most ways very similar to the Windows client. It is IKEv2-only, however, and does not support split tunneling, a kill switch, or dedicated IPs. Mac users who have purchased the dedicated IP add-on must instead manually configure their system settings to use it.
The lack of a kill switch, in particular, is disappointing, but the macOS client does support secure downloading and all streaming options.
Like its desktop siblings, the OpenVPN (UDP and TCP) Android app features an attractive and functional user interface. It is also very fully-featured, with a kill switch, split tunneling, secure downloading, and streaming channel-select, all present and correct.
It also offers Multiport, a feature which auto-scans ports to find ones which are not blocked or throttled. This can be useful for overcoming censorship when regular VPN ports are blocked by a firewall.
As with the macOS app, though, you will need to manually configure Android in order to use a dedicated IP address.
The iOS VPN app looks much like the Android app but uses either the IKEv2 or L2TP/IPsec VPN protocols. There is no kill switch, multiport feature, support for split tunneling, or secure downloading. There is, however, in-app support for dedicated IPs.
Although a number of other platforms are supported, we are a little disappointed that setup guides are primarily for the wildly insecure PPTP only.
Good news is that Ivacy also publishes generic OpenVPN configuration files, allowing you to setup Ivacy on any device which can run an OpenVPN app. Many third-party guides are available for doing this on different platforms, including many hosted on this site.
In addition to apps for the major platforms, Ivacy offers browser add-ons for Firefox and Chrome. These provide a SOCKS5 proxy connection which is encrypted using HTTPS. It should provide robust privacy and security benefits (within the browser only, of course).
|Live chat support|
Customer support is primarily by 24/7 Live Chat. We found responses on this to be quick and knowledgeable, making contacting support by email rather redundant. We did so anyway, and although responses took a little longer the quality of the responses was high.
There is also a database and FAQ on the websites. These are by no means comprehensive but do contain lots of useful information despite many articles referring to outdated versions of Ivacy’s software.
Protocols and Encryption
Ivacy claims to keep no logs at all, but it does keep “minimal reports and statistics required for quality customer support and services rendered.
The data collected does not contain any identifiable information or user data DNS requests, traffic details or IP addresses. The only thing known is the countries where users are originating from. We monitor crash reports and conduct diagnostics to evaluate our software to provide smooth functionality of our extensions, client software, and apps.
Since this minimal level of logging poses no credible threat to its users’ privacy, we are happy to label Ivacy a no logs VPN
Ivacy is based in Singapore, which is a fairly popular location for VPN servers. Singapore suffers from a repressive political atmosphere, but ISPs (and presumably VPN providers) are not legally required to log users’ internet activity.
Protocols and Encryption
The Windows client uses IKEv2 by default but also supports OpenVPN and L2TP/IPsec. The macOS client uses IKEv2 only, and the Android VPN app OpenVPN. The iOS app uses IKEv2 by default but also supports L2TP/IPsec.
For the full lowdown on VPN protocols please see our Ultimate Guide to VPN Encryption. For the purpose of like-for-like comparison with other VPN services, and because we believe the care service takes over its OpenVPN encryption is indicative of its overall attitude to VPN security, we always take a closer look at the OpenVPN settings used:
Data channel: an AES-256-CBC cipher with HMAC SHA256 hash authentication
Control channel: AES-256-GCM cipher with DH-4096 handshake encryption and HMAC SHA256 hash authentication. Perfect forward secrecy is provided by the Diffie-Hellman handshake encryption.
This is a highly secure setup. Using a Diffie-Hellman key exchange without RSA to secure the TLS handshake can be problematic thanks to its susceptibility to the logjam attack (a result of its re-use of a limited set of prime numbers). The large 4096-bit key size used for this, however, effectively mitigates this issue.
Other privacy and security considerations
Ivacy uses a mix of bare metal and shared virtual server instances, but is happy to provide a list of which ones are which so that customers can make an informed choice about which servers they want to use. All DNS queries are handled in-house by Ivacy’s own DNS servers.
Not so rosy is the extensive tracking performed by the Ivacy website (including the use of Google Analytics), although this does not have any effect on the privacy of VPN sessions.
The only obfuscation technology offered by Ivacy is OpenVPN port selection in Windows and Android. We presume the TCP setting uses port 443 to emulate regular HTTPS traffic. This form of obfuscation is quite easily defeated, but can nevertheless be effective in many situations.
As already noted, we discovered no IP leaks whatsoever when using any of Ivacy’s software.
Ivacy has been around for years but has only recently broken out of PureVPN’s shadow to not only become very much its own service, but also one of the most impressive VPN services on the market. It’s fast, secure, privacy-friendly, cheap (if you buy an annual subscription or longer), offers great 24/7 support, and has a 30-day no-quibble guarantee.
We would prefer to see less website tracking, but other than that, there is little bad we can say about this service.