In this Shellfire VPN review, I look at the “traditional” software-based VPN service offered by this German provider. Please see my Shellfire Box review for a look at the portable VPN router also offered by this company. As we shall see, this German VPN service does have things to recommend it, but is let down primarily by very poor connection speeds.
BBC iPlayer and US Netflix worked (on some servers)
Good encryption with perfect forward secrecy (PremiumPlus plan)
Only one simultaneous connection allowed
Can configure for PPTP and L2TP/IPSec as well
No IP leaks
Android and iOS apps
Netflix and BBC iPlayer support
Perfect Forward Secrecy
Speed and Performance
All tests were performed using my Virgin UK 50 Mbps/3 Mbps fiber connection. My US and Netherlands tests used PremiumPlus servers.
My UK tests were performed on a “Premium” server rated at 10 Mbps max speed. The results I obtained, however, were closer to 25 Mbps. Rather worryingly, though, I also tested the UK “unlimited PremiumPlus” server, and found it considerably slower than the “Premium” server tested here. Make of that what you will. I think it fair to describe these results as disappointing.
Shellfire performed much better when it came to IP leaks. I detected none. Unfortunately, my ISP (Virgin Media) does not support IPv6 connections, so I was unable to test for IPv6 leaks.
Their DNS servers are run by Google. However, this is not the privacy nightmare it might at first seem, as all requests are proxied by Shellfire so Google does not know who made the DNS request.
Pricing and Plans
Shellfire VPN offers three pricing plans (not including the router, which I have reviewed separately). A free plan is available, but unsurprisingly is quite limited (as all such free plans are).
Free users’ bandwidth is capped at 1 Mbps, and you are limited to servers in just two countries (Germany and the US). You must also wait 25 seconds for a nag screen to close each time you connect. Shellfire states that streaming is not available to free users, but I was able to stream even from US Netflix using a free account.
The Premium plan costs $4.00 per month, or $3.20 per month if paid annually. Premium users’ bandwidth is capped at 12 Mbps, and they have access to 20 servers
The PremiumPlus plan costs $9.00 per month, or $5.60 per month if paid annually. PremiumPlus users enjoy unlimited bandwidth, and servers in 31 countries. These include some more unusual options, such as Australia, Iceland (great for privacy) and South Africa. Do note, however, that full unlimited “PremiumPlus” bandwidth is only available on some servers.
In addition to the above benefits, VPN encryption improves with each upgrade in plan (more on this below). Disappointingly, all Shellfire users are limited to a single concurrent connection.
This review is for the PremiumPlus plan.
Privacy and Security
Shellfire states that “we don't log any connection data.” But then again, it also states that “you're surfing absolutely securely and anonymously!” I really wish VPN providers would stop saying this.
Shellfire knows exactly who you are via your IP address, and could keep logs any time it chooses to. So you are not in any way anonymous when using the service.
“Connection and usage data (for example file transfers, connection times) are only collected if they are required as means of accounting. This is not the case for flat rate tariffs.”
Given that all its VPN plans use flat rate tariffs, it does seem that Shellfire is a genuine no logs service. Yay!
Shellfire is based in Germany, which has among the strongest privacy laws in the world. New surveillance and mandatory data retention laws, however, are chipping away at this. Many fear the situation will get worse.
As I understand things, though, the new mandatory data retention laws do not currently apply to VPN providers.
In addition to the above issue, the German intelligence service (BND) actively monitors German citizens, and cooperates closely with GCHQ and the NSA.
Germany is therefore usually regarded as not being an ideal location to base a privacy-focused VPN service. However, there is some debate over the issue thanks to the reputation of its privacy laws.
P2P is permitted by Shellfire, but on the Finland server only.
Shellfire uses shared IP addresses.
“We use OpenVPN with AES-256-CBC as our cipher for Premium Plus, AES-192-CBC for Premium and AES-128-CBC for our Free accounts. We use 2048 bit RSA keys and certificates. DHE is used for forward secrecy.”
Handshake is unspecified in the .ovpn config files, so I will assume that it is the standard HMAC SHA-1, which is absolutely fine.
These encryption settings are nothing to get very excited about. PremiumPlus encryption matches our minimum recommendation for a “secure” VPN connection, which should be resistant against any known form of attack for the foreseeable future.
And the encryption used for other plans should be plenty good enough for most purposes.
Shellfire’s VPN service offers almost no bells and whistles. But it keeps no logs at all, uses decent encryption, and I detected no IP leaks at any time while using it. These are not things to be sniffed at.
The fact that I was able to stream US Netflix using even the free plan makes this provider worthy of consideration by those struggling to find a VPN service that isn’t blocked. Only one concurrent device is surprisingly miserly, however (many rivals allow five or more!), and those speed results are very off-putting.