SuperVPN is an online privacy service based in Wilmington, Delaware. Despite the broken-English promises on the service's website, this Virtual Private Network (VPN) has a few problems. It doesn't quite meet the high standards of the top tier of VPN providers. Better services, such as CyberGhost, NordVPN, VPNArea, or ibVPN, offer way more features than SuperVPN at much lower prices. If you're still interested in finding out more about this VPN, read on to discover its strengths and weaknesses.
- ProPrivacy.com SpeedTest (average) 16 Mbps
- Jurisdiction US
- Countries 48 pcs
- Simultaneous connections 3
The SuperVPN website promises a free version. However, exploring this option will reveal one of the glitches in the coding of this service's site. That button just reloads the homepage. We investigated the remaining options of SuperVPN and assessed whether the service is worth paying for.
Pros of SuperVPN
- Range of plans
- Choice of Point-to-Point Tunneling Protocol (PPTP) or OpenVPN
- Choice of one, three, or five simultaneous connections
- Third-party OpenVPN app for Windows, Mac OS X, macOS, Linux, iOS, and Android
- Specific account for peer-to-peer (P2P)
- Very expensive
- Manual payment processing
- Could contain malware
- No kill switch
- No WiFi protection
- Unknown encryption method
- Repeat billing
- Customer support argumentative and slow to respond
- Need to fight for a refund
Pricing and Plans
The prices of the different plans are high when compared to competitors' prices. Each plan offers a different set of services with a progressively larger price tag. The top package is incredibly expensive. It's 250% higher than the monthly price offered by ExpressVPN, which is the industry leader. Furthermore, most VPN companies, including ExpressVPN, offer longer-term subscription periods that give customers a lower rate per month.
The company offers a 15-day money-back guarantee. However, it then explains at length on several pages of its site that it probably won't give you a refund. On the FAQ page, the stated refund period is seven days. The FAQ page says that you are entitled to your money back if the service doesn't work or if you're not satisfied. However, it also shows suspicion of anyone who might ask for a refund: "there are many customers who try to use our services couple days and then try to refund money and do the same with next VPN provider."
This is another warning sign that this VPN isn't interested in keeping up with the standards offered by its competitors - particularly as the remonstration is badly written.
A third-party company, called SWREG, processes the payments. SWREG is owned by Digital River and operates through the website plimus.com. Payment types accepted for a subscription are Visa, Mastercard, bank transfer, check, and PayPal. However, you can only pay directly on the website with a credit card. If you want to pay with PayPal, you need to contact the help desk, who will email you a link for a PayPal invoice.
There is one more surprise at the end of the payment process. If you have a bank account or a PayPal account in an EU country, the VAT rate of that country will be added on to the prices that you see on the site.
Be aware that the payment processor will set up a recurring payment order on your account. Be sure to cancel that if you want to end your subscription. Payment processing is performed manually, so the app software is not immediately available after payment.
The packages that SuperVPN offers come with different levels of service and different types of encryption.
The features of the main package include:
- Possible 15-day money-back guarantee (under strict conditions)
- Unlimited data throughput, except for on the top package
- Port forwarding
- Third party app for Secure Sockets Layer (SSL) connections
- Manual setup for PPTP
SuperVPN runs servers in six cities in the United States. The cheapest plan offers PPTP protection through servers in 22 countries. The cheapest plan that includes OpenVPN protection works through servers in 26 countries. The higher priced OpenVPN plan gives access to servers in 28 countries and allows three simultaneous connections. The most expensive plan gives access to servers in 36 countries, although the website homepage claims that it operates servers in 48 countries.
The cheapest SuperVPN plan uses the Point-to-Point Tunneling Protocol. This is the oldest commercial VPN system around. It is not considered very secure. There is no explanation on the site as to which encryption method this VPN service uses. The customer support operator could only tell me that it uses 128-bit Generic Routing Encapsulation (GRE). However, the GRE protocol definition doesn't include any encryption methodology, so that can't be correct.
PPTP usually employs a method of encryption called Microsoft Point-to-Point Encryption (MPPE). Microsoft invented MPPE for this protocol (which is also a Microsoft invention). However, you can use the GRE protocol without encryption. As nobody at SuperVPN could tell me which encryption cipher is used for the PPTP implementation, there is a possibility that there is no encryption involved at all.
All remaining plans use OpenVPN, which the SuperVPN website refers to as SSL. This is because OpenVPN employs a library of security features called OpenSSL. This actually implements Transport Layer Security (TLS), the successor to SSL.
TLS uses an asymmetrical encryption system called RSA for session establishment and key distribution. Under TLS, the client first refers to a certificate that is held on a third-party server to check the server's identity. This certificate contains the encryption key of the server. The client encrypts a message to the server with RSA, using the public key of the server that was stated on the security certificate. The server should be able to decrypt this message and prove that it is actually the computer referred to on the security certificate. The server also checks on the certificate for the client and sends an encrypted message back. The client proves its identity by its ability to decrypt that message.
An explanation of this connection phase is important because it is central to TLS security. It prevents hackers from posing as the intended server. Connection logs show that SuperVPN's connections do not check the certificate of the server, so it is difficult to work out how the two sides in the connection can exchange keys.
The customer support team doesn't consider this security failure to be sufficient grounds for a refund.
The website pricing page explains that the VPN uses 4096-bit encryption. The plan attributes table doesn't explain which encryption system this is used for. However, the size of 4096 bits is typical of RSA encryption. Despite this, the website FAQ page says in one place that the encryption key is 1024 bits in length. Elsewhere on the same page, it states that the key length is 2048 bits.
When I asked the technical support operator what length of key the system uses, he first told me 2048 bits. Later, he told me 1024 bits. When I pointed out that the Prices page states that the key was 4096 bits in length, he said that was correct. He claimed the user can choose the length of key. However, there's no option in the settings of the OpenVPN GUI program used as the app for this VPN service that enables the user to define the length of key used for session establishment.
There is no mention on the website of the cipher used to encrypt data passed through the VPN tunnel. The customer support operator insisted that the RSA system was used for this encryption. When I explained to him that wasn't possible and sent him a link to a definition of the OpenSSL system, which listed the data encryption options, he just shut down.
Many VPN services use the OpenVPN GUI interface. As such, I've become accustomed to reading through the configuration files and log files for this system. The cipher that should be used to encrypt data in the VPN is stated in a line in the configuration file. The log file usually also shows which encryption cipher is in use during the connection. These lines do not appear in the configuration files of SuperVPN. Nor is there any record of a cipher reported in the log files sessions run by the VPN.
The Commonwealth Scientific and Industrial Research Organization in Australia published research into the VPNs available on Google Play. The report made headlines in early 2017. SuperVPN gains a position of distinction in this study. Researchers discovered that this was the third worst VPN available for Android in terms of viruses. The study put each of the 283 VPNs under consideration through an online checker, called VirusTotal. This aggregates the malware detection systems of more than 100 antivirus tools.
13 of the VirusTotal antivirus members detected malware in SuperVPN. Only OKVPN and Easy VPN performed worse than SuperVPN. Both of those have since been withdrawn from the market.
The app has no kill switch, network block, firewall, or automatic WiFi protection.
The company states that it doesn't track users' activities, but it does keep connection logs. It stores these records for five days after you close the connection. This is a problem, because copyright lawyers could use the information on your true IP address and connection times to trace your downloading activities through this VPN company and your ISP. This could lead to them obtaining your name and address. This exposes you to prosecution for downloading copyrighted material.
The fact that SuperVPN is registered in the USA is also a worry. That is the country where copyright holders are the most active in their pursuit of downloaders. The company states that it wouldn't hand over connection logs without a court order. However, this is not a real measure of protection because any copyright lawyer could easily get a court order for this information.
Your best chance to get a quick answer to your questions is to contact the support team through live chat. You access the chat system through a button at the top right of the website.
The chat button has a comment on it with the hours that the system is manned. However, I didn't get through to a support agent despite trying during the stated hours. Instead, it forwarded me to a webmail page.
After sending the form, I received a failure notice in my Yahoo Mail inbox. Apparently, the SuperVPN email system blocks Yahoo email addresses. I resubmitted the form using a Hotmail address.
The SuperVPN "About Us" page states:
"Our Technical Support Team is among the best in web hosting, IT and VPN industry. We are among few companies that solve almost any major technical issue in less than 15 minutes. Super VPN chooses its employees among the most talented computer and IT specialists."
Unfortunately, I didn't get an answer within 15 minutes.
I did catch the support technician on another day.
You first have to select whether you want to speak to someone from the Customer Service department or the Technical Support department. Regardless of which department you select, you get the same guy: Ian.
Ian wasn't able to give me any meaningful information about the encryption that SuperVPN uses. I asked him to check that information and email me the facts. Sadly, all he could tell me in the email was that the PPTP implementation uses 128-bit GRE encryption. This isn't plausible because GRE isn't an encryption cipher. He didn't seem to know much about how the service works or anything about VPNs in general.
The company doesn't offer a free trial. It even lists that fact on its pricing page:
Thus you may be wondering why there is a Free VPN button on the homepage. The writer of the FAQ page couldn't quite work that out either, so covered all bases with the following two answers:
That link to the free trial just takes you back to the homepage, so if you really want to try SuperVPN, you have to pay.
You can't pay on the website for the service if you want to pay with PayPal. If you intend to pay with a credit card, you're also better off not paying on the site. That's because you get a lower price if you go by the route offered to PayPal users.
You have to tell the customer support operator (Ian) which plan you want to sign up for. He will send you a link to an invoice. You can choose to pay the invoice with a credit card, so PayPal isn't your only choice. I asked for the Deluxe SSL plan, which is priced at $15 on the site. However, it was listed at $14 on the invoice. Thus I saved a dollar by getting the manual invoice instead of paying through the site. Further down in this screen are fields that allow you to pay with a credit card instead.
An extra, unasked-for item will be added to your bill. This is an Extended Download Service, which says it will preserve the software you're about to download in the Cloud for two years if you pay $3.95. You can read more about this offer by clicking on the "What is this?" link.
You can get rid of this line item by clicking on the trash can icon. You don't have to pay the $14 price because when you click on the PayPal button to pay, the site thinks you're leaving the page without buying and gives you a discount offer.
Click on the button in the pop-up to recalculate your bill.
Click on the PayPal Checkout button to proceed. You'll have to log into PayPal, from which the billing system will extract your home address. The VAT of the country where you have your PayPal account will be added to the invoice.
After you press the "Buy Now" button, you will be shown a receipt as proof of purchase.
Look to your inbox for a 'welcome' email from Superb VPN (spot the name change). This contains links to an installation guide and downloads for the OpenVPN GUI software.
The SuperVPN Windows VPN Client
If you've tried other VPN services, you might already have the OpenVPN GUI system on your computer. In that case, simply move the SuperVPN configuration files into the config directory for OpenVPN in order to connect.
When you start up the interface, you won't see an app appear on your screen. Instead, look to your desktop system tray. The app appears as an icon depicting a computer screen with a padlock on it.
Right-click on the icon to access the VPN menu, which lists all available servers. Hover over a server location name to access a commands sub-menu.
When you click on Connect, a window will open with a login overlay. Fortunately, the username and password for this VPN aren't generated, but are memorable terms. You'll need to enter your username and password every time you log in to a server.
Once the VPN is connected, the OpenVPN icon in your system tray will turn green.
Performance (Speed, DNS, WebRTC, and IPv6 Tests)
I tested SuperVPN's connections using testmy.net. I performed tests on connections to the testmy.net Miami and London servers. The Miami tests first ran without any VPN engaged. This established a baseline for performance assessments. IPLocation.net reported the location of the SuperVPN US server as Wilmington, Delaware. The Canadian server was found to be in Montreal, and the UK server in London.
My local internet service isn't great. These are the kinds of conditions you could face when you travel abroad on vacation and need a VPN to connect to home TV services. Although the SuperVPN service slowed down the connections in North America, the UK server's performance was comparable to speeds on the unprotected line. In all cases, SuperVPN's download performance was good enough for HD video streaming.
I tested for IP leaks with ipleak.net while connected to the SuperVPN US server. This site detected my location as being in the US, but couldn't work out the precise location. All Domain Name System (DNS) calls were made to servers in California and Iowa. There were no indications of my true location, which was in the Dominican Republic. The Web Real-Time Communication (WebRTC) report didn't disclose my real location.
doileak.net came up with similar results. It placed me in the US but couldn't pinpoint a city. There were no DNS leaks and the WebRTC report didn't indicate where I really was.
My internet provider doesn't use Internet Protocol version 6 (IPv6) addressing, so I was unable to test for IPv6 leaks.
I connected to the SuperVPN US server and tested the VPN's aptitude at getting into a number of US-based video streaming servers. Netflix spotted the VPN and prevented me from watching videos. ABC.com also blocked access. I was able to watch a video at NBC.com.
While connected to the SuperVPN UK server, I tested UK TV channel websites and also tried Netflix again. Netflix UK wouldn't let me watch videos and neither would BBC iPlayer. The ITV Hub and Channel 4 both let me watch their content.
You can install the OpenVPN GUI for use with SuperVPN on Windows, Android, Mac OS X, macOS, and iOS devices. You can also install the SuperVPN OpenVPN implementation on Linux Ubuntu.
Getting a Refund
The SuperVPN website makes it pretty clear that you're going to have a fight on your hands if you want a refund.
Given that the VPN doesn't seem to include any encryption, you shouldn't sign up for the service in the first place. However, if you do make that mistake, here is what you can expect when you ask for a refund.
I asked for a refund through the contact form in the SuperVPN website, but that just got me a reply that the account was working fine, which wasn't what I had asked for.
I paid for the service through PayPal, and I recommend you do the same. The subscription process sets up a repeat billing agreement on your account, so the first thing you need to do is stop that.
Log into PayPal and click on Profile in the top right of the screen. Select Profile and Settings from the drop-down Profile menu. This gets you to the My Profile page.
Click on My money in the left-hand menu, then on Update in the "My pre-approved payments" section. You will get a list of repeat billing agreements.
Click on the name MyCommerce Inc - this is the billing agreement you have for SuperVPN.
In the Billing Details screen, click on Cancel in the Status line.
Once you've canceled the agreement, SuperVPN will know you mean business. The website declares that the company only has to give you a refund if the service doesn't work. This statement is enforced by the information that the "no refund" policy is agreed upon by the payment processor, SWREG. As such, give up on trying to get your money out of SuperVPN and go for SWREG.
Email [email protected], giving your Customer Order ID from the PDF receipt that the company sent you. Just state: "I wish to cancel my account and get a refund because the service is not as advertised."
SWREG will send an email to SuperVPN and copy you in. The subject line of this message will be SWREG 1ST Refund request. SuperVPN will send you a couple of emails trying to get you to install the software again. Ignore them. Leave it a few days and then send anther email to SWREG, saying "I asked for a refund, where is it?" You should receive a full refund within about four hours.
SuperVPN Review: Conclusion
SuperVPN has a lot of suspicious aspects to it that made me uncomfortable. The VPN service has an address and telephone number in Wilmington, Delaware, but the customer support staff work on Central European Time. On its invoices, the company places itself in Ireland.
The service is called SuperVPN all over the website, but in its support emails, the signature line refers to Superb VPN. This shifting identity seems a little dodgy.
The fact that no one at the company has any idea what encryption methods the VPN uses is decidedly odd. The config files for the OpenVPN GUI interface are lacking in the code lines that standard OpenVPN implementations include. Additionally, the log files for connections show no record of any encryption.
The client connection software doesn't verify the certificates of the servers it connects to, thus laying all connections open to man-in-the-middle attacks. This is a huge oversight for a company that is operating an internet security and privacy service.
The company is open about keeping connection logs for five days. That factor makes this VPN a bad choice for those who want identity protection when downloading with torrents. The inability of the service to get into many video streaming services means that much cheaper VPNs, such as NordVPN or VPNArea, would offer a much better deal.
- Multilingual app
- Generic OpenVPN interface
- Bundled config files
- Up to five simultaneous connections allowed, depending on plan
- Good speeds
I wasn’t so sure about:
- Staff with no knowledge of VPN protocols
- Connection log retention
- Reported malware content
- Doubtful encryption
- Lack of server certificate validation
- Confused corporate identity
- No kill switch
- No automatic WiFi protection
This is just about the most expensive VPN in the business. However, you wouldn't want to use it for P2P downloading, video streaming, identity protection, hacker prevention, or WiFi protection. It is probable that the customers that this VPN gains don't know any better. It's difficult to imagine anyone who had been to a site such as ProPrivacy.com, and clicked through to the recommended VPNs, would then chose to take out a SuperVPN subscription.
Look at ExpressVPN and then look at SuperVPN. Which would you choose?