- No logs
- 78 servers in 45 locations in 32 counties
- 2 or 7 simultaneous connections (depending on Plan)
- Ad and tracker blocking
- Multihop VPN (Pro only)
- Port forwarding (Pro only)
- WireGuard in all apps
- P2P permitted on all servers
- Wi-Fi HotSpot Protection
- Obfsproxy anti-censorship tech
- All apps are open source
- Android app available on F-Droid
- Full systems audit
- Strong ethical stance
- Independent VPN service
Ad and tracker blocking
Dubbed “AntiTracker” by IVPN, this feature is increasingly common in modern VPN apps. It's basically just a DNS blocklist of domains known to belong to advertisers, trackers, and malware merchants. We can’t really comment on how effective it is, but the principle is sound.
We like the fact that IVPN’s AntiTracker includes a “Hardcore Mode” that blocks Google and Facebook, although we suspect it may break some sites.
Multihop VPN allows you to proxy your connection through not just one, but two VPN servers.
As we argue here, we are not entirely convinced about the benefits of multihop VPN (at least if a single VPN provider runs both servers), but it can be useful for preventing end-to-end timing attacks.
IVPNs implementation of multihop is as good as it gets, allowing you to pick both the entry and exit points from any location on IVPN’s server list. You should be aware, though, that using multihop VPN will slow down your internet connection quite considerably.
VPN port forwarding is a very useful feature that allows incoming connections through a NAT firewall. It can improve P2P transfer rates and allows you to access games or media servers located behind the VPN.
Port forwarding is enabled on your account page. Please check out our Ultimate Guide to VPN Port Forwarding for a detailed look at this subject.
WireGuard on all apps
WireGuard is a new open source VPN protocol that is generating a great deal of excitement in the VPN world because it is very lightweight (and therefore fast), while (in theory) also being cryptographically highly secure.
Which is great (and we love the fact that IVPN has included the option to try it out in all of its apps), but the “in theory” bit is important. WireGuard shows great promise, but it is still experimental and should be treated as such.
WireGuard exited beta with version 1.0 for Linux at the time of writing, but on all other platforms is still a beta project. For real privacy you should stick with the tried and tested OpenVPN protocol. At least for now.
Obfsproxy is a bridging technology developed for the Tor network and designed to evade censorship blocks on known Tor nodes. It also works for VPNs and is an effective way of evading VPN censorship.
Although not as effective as obfsproxy, we’ll also note here that IVPN supports routing OpenVPN connections over TCP port 443 (among others) in order to emulate regular HTTPS traffic. Although easily defeated by even fairly basic deep packet inspection techniques, this tactic can be surprisingly effective.
Audited open source apps
Here at ProPrivacy we are big fans of open source, to the point that when it comes to privacy and security software we usually strongly recommend only using open source options.
When it comes to VPN apps, though, we are a little more relaxed - simply because a VPN service knows what you get up to online anyway, so worrying about whether the app is open source or not seems to us rather akin to shutting the stable door after the horse has bolted.
That said, the community aspect of open source is always to be applauded, and being open source allows anyone qualified to audit the code for weaknesses. We therefore love the fact that IVPN has open sourced all its apps. We are also extremely pleased to note that IVPN is the first provider we know of to make its app available on F-Droid, which is great news for those who want as little of Google as possible in their lives.
Full systems audit
In late 2019 IVPN was audited by independent security firm Cure53 for vulnerabilities. The scope of the audit included its “public VPN service infrastructure, our internal backend servers supporting our VPN service and penetration testing of our public web servers.”
Some issues were found, and IVPN is to be commended for being open about them. Indeed, unlike some other VPN providers, it has taken the brave step of publically publishing results of the audit (with a few sensitive details redacted).
This is great, although the scope of the audit does not appear to cover its logging systems, which is something we would like to see. We presume that since the audit was performed, IVPN has been busy fixing the issues it found.
Any audit can only provide a snapshot of what is going on behind the scenes, but IVPN says that it will perform routine audits in the future.
Strong ethical stance
IVPN makes no attempt to hide who it is, uses no third-party trackers on its websites, and refuses to work with affiliates. Even though this website makes money from affiliate marketing (which does not affect our impartially), we admire this stance.
Wi-Fi HotSpot Protection
This is another feature we are seeing more and more in VPN apps. It automatically secures your connection with a VPN when you connect to unknown networks (such as public WiFi hotspots).
We haven’t tested this feature, but see no reason to think it doesn’t work as advertised.
IVPN offers two pricing plans, each with a 17% (approx.) discount for annual purchases.
The Standard plan allows you to connect up to two devices at once and does not include IVPN’s port forwarding and multihop features. The Pro plan allows you to connect up to seven devices at once and provides full access to all IVPN's features.
There is a 3-day free trial. You must provide payment details, but will not be charged if you cancel before the 3 days is up. In addition to this, IVPN offers a 7-day money-back guarantee.
Payment can be made by card or PayPal, but IVPN also accepts Bitcoin and even cash for those who wish to pay anonymously. This is great, but as always, do please remember that a VPN provider can see your real IP address no matter how anonymously you pay.
Payment in cash is for annual subscriptions only and may take up to three weeks to process (although usually much faster, depending on your postal system). Card payments are processed by Braintree, and Bitcoin payments are processed by BTCPay.
At the time of writing IVPN has a raw average speed of 39.7 Mbit/s and a max burst speed of 770 Mbit/s resulting in a weighted average of 38.21 Bit/s.
Does IVPN Unblock Netflix?
We received an error message when connecting to US Netflix on IVPN's New Jersey server, but all other servers we tested successfully unblocked the US version of Netflix. Neither UK server unblocked BBC iPlayer, however.
Privacy & Security
IVPN is based in Gibraltar, a British Overseas Territory (BOT) with no mandatory data retention laws. Gibraltar enjoys a great deal of independence from the UK, but at the end of the day, it is a sovereign possession of the British Crown.
We therefore suspect that whatever the grey-area niceties might be, the UK government can put considerable pressure to bear on Gibraltar should it feel the need to. Gibraltar is currently subject to GDPR, although presumably this will end when the UK leaves the EU in the near future.
- No traffic logging
- No DNS request logging
- No connection timestamp or connection duration
- No logging of user bandwidth
- No IP address logging
- No logging of any account activity except total simultaneous connections”
As already noted, IVPN uses no third party tracking on its website. User interaction with the website is instead tracked in-house using the Piwik web analytics software.
The care a VPN provider takes over its OpenVPN settings can tell us a lot about how seriously it takes security and provides a handy like-for-like way to measure security across providers. IVPN uses the following OpenVPN settings:
Data channel: an AES-256-GCM cipher. Data authentication is handled by GCM.
Control channel: an AES-256 with RSA-4096 TLSv1.2 handshake encryption and HMAC SHA1 hash authentication. Perfect forward secrecy is provided by a DHE-(key size unknown) Diffie-Hellman exchange.
The default TLS 1.2 HMAC SHA1 authentication on the control channel could be stronger, but this is a cryptographically secure setup. For more information on this subject, please check out our Ultimate Guide to VPN Encryption.
We detected no IPv6, WebRTC (IPv4 or IPv6), or DNS (IPv4 or IPv6) leaks in macOS and Android. During the current Coronavirus emergency we are unable to test for IPv6 WebRTC leaks in Windows, but detected no IPv6, WebRTC (IPv4 only), or DNS (IPv4 or IPv6) leaks on that platform.
We cannot test for IP leaks in iOS over an IPv6 connection at the present time, but detected no leaks of any kind on an IPv4 connection.
To learn more about this subject, please see our Complete Guide to IP Leak Protection.
IVPN uses 100% bare metal servers, and as previously noted, its systems have recently undergone a detailed third-party audit.
The website has a Help section with detailed setup guides, as well as some excellent general privacy guides. If you still have questions, then you can email them in or contact IPVN’s Live Chat support.
Live Chat is not manned 24/7, but email responses typically take around half an hour to arrive (in our experience). We are pleased to say the support answered our questions accurately and knowledgeably.
Ease of use
IVPN offers custom apps for Windows, macOS, iOS, and Android (plus a beta CLI client for Linux). It also provides good OpenVPN, WireGuard, and IKEv2 manual setup guides for most platforms - including Linux and a selection of popular routers and NAS drives.
The desktop clients
The Windows and macOS apps look all but identical and offer an identical feature-set. But use OpenVPN by default, but also offer the chance for danger-loving nerds to experiment with WireGuard.
One feature we haven’t seen before is the ability to pause your VPN connection for a specified period. We’re not quite sure how useful this might be, but it's a nice idea.
Both apps feature a firewall kill switch that can either be set to on-demand or always-on. The on-demand firewall will not survive if the VPN client crashes, but the Always-on firewall changes system-level firewall rules, and so will always be active.
The mobile Apps
The Android and iOS apps look similar. The Android app (below) uses OpenVPN by default, but also supports the experimental WireGuard protocol. As with the desktop app, you can opt to use a number of OpenVPN UDP and TCP ports.
WiFi (“Network”) protection., multihop VPN, and a kill switch come as standard. A nice bonus feature is split-tunneling, that allows you to decide which apps will use the VPN tunnel.
The iOS app (iPadOS version shown above) uses iOS’s built-in IKEv2 client by default, but also supports OpenVPN and WireGuard.
Multihop VPN, network protection, and antitracker are also all present and correct. The kill switch is not a user-selectable option in iOS, but it is there in always "on-demand" mode by default.
The Linux client (beta)
This command-line app is still at the testing phase, although all being well, a full GUI version is promised in the following months.
You can connect to OpenVPN or WireGuard servers, and DNS leak protection and a kill switch (“firewall management”) are built-in. The app is available as a DEB or RPM package or can be compiled from source via its GitHub page.
We’re impressed. IVPN offers a service with a strong focus on privacy - both in terms of its clearly worded logging policy, its and in the robust privacy-improving features offered by its open source apps.
How useful multihop VPN is open to debate, and WireGuard is too experimental to really recommend using in serious situations. But we love the fact that IVPN is willing to implement cutting-edge technologies.
Speed performance could be better, and IVPN is no use if you want to watch BBC iPlayer, but there are really just quibbles over what is overall an excellent VPN service.
It offers rock-solid technical security, support is great, and bells and whistles such as port forwarding, obfsproxy obfuscation, and a highly flexible kill switch are bang on the mark. And it unblocks US Netflix.