Practical privacy and simple cybersecurity.
TheNewOil.org

2023 Review: The Safing Private Network (SPN)

What is SPN?

A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal.

The Safing Private Network, however, takes things a little further. Many privacy veterans know that VPNs were never designed to be privacy tools, they are a band-aid solution. VPNs were designed to create a secure connection between two networks so that remote workers could safely access company intellectual property when off-campus. It’s only in the past few decades that we’ve co-opted this tool for privacy purposes, but as a result it leaves much to be desired. SPN aims to solve these issues by essentially rethinking the concept of VPNs for privacy from the ground up with features like a multi-hop architecture (similar to Tor), giving each connection a different IP address, and more.

Why Do You Need a VPN?

You may not, to be honest. (Check out IVPN’s site “Do I Need a VPN?”). A lot of people really hype VPNs as one of those absolutely, must-have, life-changing things that will solve all your problems. Some mainstream providers even make ridiculous, outright-false claims like “it'll make you anonymous” or “it'll protect you from viruses.” In all honesty, while I do believe that VPNs are an essential piece of your privacy strategy, there are many other free or low-cost strategies that will give you significantly more protection which you should prioritize. A VPN these days pretty much only has two purposes: changing your IP address and protecting your traffic from local snoops. Changing your IP address is a valuable part of avoiding tracking, but it’s just one way and a VPN won’t protect you against those other methods like browser fingerprinting, tracking pixels, cookies, and more. Likewise, while it can be great to protect your traffic from your ISP or a local cybercriminal, from a security perspective you’re already pretty well covered so long as you enable your browser’s HTTPS-Only mode and make sure you’re using the correct sites instead of spoofed/phishing sites. Having said all that, I do still consider a VPN to be a useful and recommended part of your privacy and security posture if you can afford one. It can bypass censorship, stop your ISP from selling your browsing data, help obscure your IP address from tracking and logging, and protect your traffic from certain attacks. That said, SPN falls into a bit of a different category. Because it was actually designed with privacy in mind, SPN offers significantly more advantages over a traditional VPN, particularly the multi-hop nodes and the different IP addresses I mentioned earlier. It’s not quite to fair to lump it in with traditional VPNs as a one-to-one comparison, but for the sake of this review I’m comparing to a VPN as a point of reference (and since it’s generally touted as a VPN alternative).

Image
Courtesy of Safing.io

Why Not Tor?

Some people prefer Tor instead of VPNs. Tor is a great service of which I am a huge proponent, but it also has some issues that make it the wrong tool for certain situations. For example, many essential services – like banks – block known Tor IP addresses to prevent fraud and abuse, making those services nearly impossible with Tor. Second, Tor loses almost – if not – all of its anonymity once you login to something. If you login to your email and then your Reddit account in the same session, they’re now tied together and you’ve lost your anonymity benefit. For this reason, I recommend reputable VPNs for any services that are tied to your real identity or sites that are blocked on Tor and Tor for random searches or accounts that are not tied to your real identity.

The Good

The main reason I dove into SPN was because of a lack of content out there. There’s several recent interviews with the top brass at Safing, but there’s really nothing in terms of reviews, tutorials, or third-party content about SPN. I decided to fix that myself.

It should be noted that I've been using Portmaster – which is Safing's free device content blocking software – for quite some time. One interviewer describes Portmaster as a “reverse firewall,” running on your local device. By default, Portmaster blocks a lot of known trackers, ads, and malicious domains, but it can be configured to block more by changing the default DNS resolver or you can even get granular with it by choosing to block domains yourself in the software. It offers a lot of flexibility for controlling things like telemetry and any other connections you wish to silence on your device. SPN is built into Portmaster from the getgo, but must be unlocked by paying for a subscription (to clarify: Portmaster is free to use, SPN requires payment and will be available within Portmaster after paying). This is one way in which SPN improves on VPNs: many popular VPNs (including the three I recommend) offer some light ad, malware, and tracker blocking via their own DNS resolvers. SPN takes this to the next level with Portmaster by offering the option to customize your blocking experience to either tighten it up or relax it in any way you choose.

From the very beginning, I found the experience mostly positive. Signup was easy. My username was auto-generated and my email address was optional. I could prepay for up to 4 years in advance, or as little as 1 month. (Weirdly, prepay is in months or years, but only in increments of 1-4. So for example, I can’t prepay for 6 months or 8 months, only 4, but I can also prepay for 1, 2, 3, or 4 years. I assume this is a simply design choice that will likely be altered at a later date.) Payment options were limited to PayPal for ongoing subscriptions, but for one-time prepayments you could use credit card (including masked cards), PayPal, cash, Monero, and Bitcoin. Ethereum is currently grayed out at the time of this writing. I’m impressed by the number of privacy-friendly options they offer like masked cards, cash, and Monero.

Once I was up and running, usage was incredibly user-friendly. Long-time readers know that I like the phrase “insultingly easy.” I would extend that phrase to SPN. If you already have Portmaster (which you will need to use SPN), and you’ve taken a few minutes to get familiar with the interface, then SPN is effortless to integrate. How effortless? Just toggle it on and you’re good to go. Split-tunneling, likewise, has by far the easiest interface I’ve ever seen in any sort of VPN-like product ever. In every VPN I’ve ever used, I had to go hunt down the .exe file. Granted, that’s not always hard, but sometimes it can be, especially with services like Filezilla (which I use to put movies on my Jellyfin server), which I never seemed quite able to split-tunnel correctly in other VPNs. With SPN, simply fire up the service, find it in the list, toggle it to not use SPN, then restart the service. I’ve yet to have a single application not respond as intended with SPN’s split tunnel (including Filezilla). I cannot stress how easy they make it to split-tunnel an application.

Finally, SPN is fast. Like, really fast. Faster than any VPN I’ve ever used. I’m not normally one to care about internet speeds – quite frankly, I grew up in the dial-up days and as long as my pages are loading within a few seconds, I’m okay with the slowdown. But with SPN, I instantly noticed how much faster it was than using a traditional VPN. In most cases, it was practically the same as not using a VPN at all. For the record, I never actually ran a speedtest, but I did notice a dramatic improvement in speed and since I’m always using a VPN, it was noticeable.

The Bad

That said, SPN is not without drawbacks. Perhaps the biggest and most obvious is the device limitations: currently SPN is only available on Windows and Linux. They are working hard to bring it to other devices, but right now if you’re a Mac, iOS, or Android user, you’re gonna have to rely on a traditional VPN for the time being.

The second drawback worth noting is that when SPN crashes, it crashes hard. At one point during my testing, the team pushed out a new update which basically caused SPN to stop working after a few minutes pretty consistently. I would connect, go about my business, then after about 5-10 minutes, websites would just time out and stop connecting. I would disconnect and reconnect, and the cycle would repeat. Thankfully the team pushed out a fix pretty quickly – within a few days – but it was very frustrating, especially as a newcomer. Fortunately this sort of instability proved to be the exception rather than the rule. While I did experience a few isolated crashes that required a disconnect/reconnect once or twice, I didn’t experience a days-long outage like that again.

The final two notes are a bit nitpicky. First off, there’s currently no 2FA available for accounts. I recognize that there’s not really any personal data for an attacker to access, but I still want my accounts to be secure. I’m paying for SPN, not them, and I don’t want anyone accessing my account without my consent whether that account has literally nothing or literally everything. It’s mine, it’s the principle of the matter. Second, SPN claims that it has automatic geo-unblocking, and even explicitly suggests services like HBO, Hulu, and more in the graphic on their website. Yet, Hulu never worked for me personally. When I asked about it in the company’s Discord, I was met with (paraphrasing) “it’s hard to stay on top of that stuff cause the streaming services are so good at blocking data centers and similar services.” That’s very true, but why advertise that as a feature if you can’t reliably support it?

Finally, on the topic of Discord, it’s time to note that Safing’s privacy-focused presence is virtually nonexistent. They have a Discord, GitHub, Reddit, Twitter, and YouTube. No Mastodon, no Odysee, no Matrix. As I’ve pointed out in other posts, it’s very disheartening to see a service focus so heavily on privacy – and this one in particular seems extra privacy-community-oriented as their entire selling point is “we fix the privacy problems with VPNs,” which is a problem that mainstream users aren’t aware of and probably don’t care about – and yet make literally zero effort to connect with their audience. I can say that one of the officers at Safing does have a Matrix account, but I haven’t seen him around in quite some time. I’m not sure he’s active there anymore, if he is he must lurk.

Conclusion

Honestly, my experience with SPN has been wonderful and I’m kind of sad to have to move on to rotate to my next VPN for testing. I’ll be very excited when I can rotate back. I’ve been trying to think of a way to convince my wife to test out SPN – she usually just piggybacks off my ProtonVPN account – but I haven’t thought of one yet. Maybe I’ll just ask her to try it and see how it goes. It certainly is a massive speed improvement, but also I don’t want to be that guy who’s always telling everyone to switch services. Anyways, SPN is still very new. As mentioned, the team at Safing is trying something totally new here and are reinventing VPNs from the ground up, so if you should decide to dive in and give it a try, be prepared to encounter some bugs and missing features. That said, as noted, I found those bugs to be few and far between in my use case, and the team (and community in general) is quite responsive on Discord, so asking about missing features should get a quick reply if you’re willing to join that community.

Overall, I would still rate SPN alongside other VPNs in terms of overall privacy priorities. It does some really cool stuff, but there’s still a lot of other places you should focus first to get the most return for your work: strong passwords, encrypted communications, etc. But once you do arrive at the step where you’re ready to ask yourself if a VPN is right for you – and assuming that answer is “yes,” (which again, I personally think it would be for most people) – you should really start your search by considering SPN. Again, it’s not quite fair to call it a VPN, it’s a completely different approach, and therefore – in my opinion – deserves a first look.

You can learn more and sign up for SPN here.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...