Practical privacy and simple cybersecurity.
TheNewOil.org

2023 Review: IVPN

Disclosure: The New Oil is sponsored by IVPN. Per the terms of this agreement, IVPN does not have any input on our review, but we want to disclose any possible conflicts of interest up front. You can read all of our guidelines for sponsorships here.

What is IVPN?

A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. IVPN is one such service.

Why Do You Need a VPN?

You may not, to be honest. (Interestingly, IVPN openly shares this opinion. Check out their site “Do I Need a VPN?”). A lot of people really hype VPNs as one of those absolutely, must-have, life-changing things that will solve all your problems. Some mainstream providers even make ridiculous, outright-false claims like “it'll make you anonymous” or “it'll protect you from viruses.” In all honesty, while I do believe that VPNs are an essential piece of your privacy strategy, there are many other free or low-cost strategies that will give you significantly more protection. A VPN these days pretty much only has two purposes: changing your IP address and protecting your traffic from local snoops. Changing your IP address is a valuable part of avoiding tracking, but it’s just one way and a VPN won’t protect you against those other methods like browser fingerprinting, tracking pixels, cookies, and more. Likewise, while it can be great to protect your traffic from your ISP or a local cybercriminal, from a security perspective you’re already pretty well covered so long as you enable your browser’s HTTPS-Only mode and make sure you’re using the correct sites instead of spoofed/phishing sites. Having said all that, I do still consider a VPN to be a useful and recommended part of your privacy and security posture if you can afford one. It can bypass censorship, stop your ISP from selling your browsing data, help obscure your IP address from tracking and logging, and protect your traffic from certain attacks.

Image

Why Not Tor?

Some people prefer Tor over VPNs. Tor is a great service, but it also has some issues that make it the wrong tool for certain situations. For example, many essential services – like banks – block known Tor IP addresses to prevent fraud and abuse, making those services nearly impossible with Tor. Second, Tor loses almost – if not – all of its anonymity once you login to something. If you login to your email and then your Reddit account in the same session, they’re now tied together and you’ve lost your anonymity benefit. For this reason, I recommend reputable VPNs for any services that are tied to your real identity or sensitive and Tor for random searches or accounts that are not tied to your real identity.

The Good

IVPN has some really impressive positive aspects. For one, they are committed to ethical marketing. Their site talks about how they don’t believe in paying for reviews or unethical ads, their commitment to transparency, and as I linked above they even have a website that aims to dispel many of the myths surrounding VPNs and what they can and can’t do – even if it costs them potential customers. They’d rather lose an educated customer who knows that IVPN won’t solve their problems than dupe a paying customer who won’t get the protection they really need.

IVPN’s security is also top notch. We have covered numerous stories on Surveillance Report about vulnerabilities in widespread VPN protocols or infrastructure, and nearly every one has noted “IVPN is not vulnerable to this,” usually because they patched their systems months ago or have some other mitigation in place that just so happens to protect against the vulnerability in question. (Of course, IVPN is not the only one immune to these bugs, but out of the three we endorse on The New Oil they’re the only one that is consistently ahead of the curve). I was also pleased to see that Wireguard was their default protocol – which is a recently-developed VPN protocol that’s considered to be faster, lighter, and because the code is so small it’s more easily auditable, which hopefully in the long run will mean less vulnerabilities. Though of course, the other protocols listed above are still available for those who want something a bit more time-tested or have a different need. Finally, IVPN offers a built-in firewall that blocks known trackers, ads, and malicious domains. For the record, all three of the VPNs The New Oil currently recommends offers the same feature under various names, but regardless that's always a plus worth pointing out.

The information required at signup is none. Seriously. You can click “generate an IVPN account” on their homepage and it just does. They also accept Monero directly without a third-party exchange being involved as well as cash, which means that if done right, IVPN is easily 100% anonymous. Of course, you can add an email if you feel so inclined, and you can pay with a card (including a privacy.com card), Bitcoin, or PayPal, but at no point do they require any of this from you. It’s totally voluntary. Finally, they offer TOTP to protect your account, which is wonderful. While there wouldn't really be any information for an attacker to gain if they did manage to compromise your account, basic account protections are always appreciated.

Finally, their country of origin – Gibraltar – offers some redeeming aspects. Gibraltar is legally a UK territory (which I will discuss next), but they are given a long leash by the government and operate mostly as an autonomous region. This turned out to be a good thing when post-Brexit, Gibraltar decided to legally adopt GDPR for themselves. From what I understand, it was largely untouched except for a few legal definitions to clarify that it was being applied to Gibraltar specifically.

A few other neat things I noticed in my time testing them out:

Oh, and for those who saw my System 76 video, I would like to note that the DaVinci bug no longer seems to be an issue. I'm not sure who's side it was fixed on, but either way I no longer have to disable or adjust my IVPN client when video editing. I just wanted to report that.

Image

The Bad

IVPN does have a few drawbacks, but they’re very few and far between. The most noticeable one, in my opinion, is the low server selection. They offer only 81 servers in 34 countries (up slightly from last year). I personally didn’t find this to be an issue at all, but when going up against other providers who offer hundreds of servers in well over fifty countries, it may be an issue for some users. IVPN also makes no promises of working on streaming services. In the past I’ve reported issues with HBO Max and Spotify. I truthfully gave up trying to use IVPN with video streaming so I can’t confirm or deny those issues still exist (most likely do) but I can confirm Spotify sometimes doesn’t want to load. Unfortunately a simple reboot of the VPN doesn’t always work, which I reported did in the past. Fortunately this issue is rare overall. I can probably count on one hand how many times it happened in the last few months of using it.

Since the last time I reviewed IVPN, I really cracked down on my commitment to using double-hop VPNs. I have mixed opinions on IVPN’s double-hop implementation from a user-perspective. While I appreciate being able to pick my exit city – unlike Proton where you can only pick exit countries and even then only certain ones – I’m sad I can’t simply pick “fastest” should I not care, and the “sort by: latency” option doesn’t always work well, particularly on the Windows app. On that note, I have frequently noticed another bug in which IVPN claims to be connected despite the fact that I’m currently in Airplane Mode on Windows. I should really report this, it simply keeps slipping my mind. It’s a small bug, but it does make me wonder at other times if my connection is still solid. Of course, I can always quickly and easily verify this with a quick “what's my IP address?” search.

Perhaps the biggest drawback lies in their home country. As I said before, Gibraltar operates largely autonomously and did go out of their way to legally apply GDPR to themselves after Brexit. However, they are still a UK territory. Hong Kong used to be mostly independent, too, until they weren’t. The reason we list a country of origin as a pro or con based on their Eyes affiliation is because it sets a tone. If a country is part of the Eyes, it shows that they have a lower regard for the privacy of their citizens and they are willing to share data and violate privacy. Likewise, while Gibraltar may value privacy, they belong to a country that clearly does not, and if the UK decides to crack down on their anti-privacy stance in Gibraltar, this could be very damaging to IVPN. Keep in mind: this is pure speculation. There is no evidence at this time that the UK is pressuring Gibraltar or IVPN or what forms that kind of pressure might take if it did come to pass. I also have zero doubt that Gibraltar and IVPN would push back against these unethical requests. However, at the end of the day, they fall under UK jurisdiction, and if they lose these battles, it could be a problem. Again, I cannot stress enough that this purely a “what if” scenario, but given the UK’s open and outright hostility against privacy, it’s worth having this concern on your radar.

Conclusion

My last few months on IVPN has been overall very pleasant. Aside from the two bugs noted earlier, everything was smooth and fast (except in areas with low cell signal, but that should be expected). Signup was shockingly smooth, apps were easy to find and install, and settings were explained well and straightforward. If you a VPN with a high ethical standard, a great track record of security, and no-personal-information-required, you'd be doing yourself a disservice not to check into IVPN.

You can learn more and sign up for IVPN here. No affiliate link.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...