A client running the Microsoft Windows XP or Windows Server 2003 operating systems uses a DHCPINFORM message after the connection to request the DHCP Classless Static Routes option. This DHCP option contains a set of routes that are automatically added to the routing table of the requesting client. This additional information is available only if the Windows Server 2003 DHCP server has been configured to provide the DHCP Classless Static Routes option and if the VPN server has the DHCP Relay Agent routing protocol component configured with the IP address of the DHCP server.
Many companies proudly display “warrant canaries” on their websites. These are digitally signed notices that say something to the effect of “We have never been served a warrant for traffic logs or turned over customer information.” Law enforcement can prohibit a company from discussing an investigation, but in theory, it can’t compel a company to actively lie. So the theory goes that when the warrant canary dies—that is, the notice disappears from the website because it’s no longer truthful—so does privacy. The EFF supports this legal position, though other highly regarded companies and organizations think warrant canaries are helpful only for informing you after the damage has been done. Such notices may provide a nice sense of security, and they are important to some people, but we didn’t consider them essential.
The router could be running outdated and compromised firmware. The router could actually be malicious and actively sniffing packets and logging your data. The router could be improperly configured and other users on the network could be sniffing your data or probing your laptop or mobile device. You never have any guarantee whatsoever that an unknown Wi-Fi hotspot isn’t, either through malice or poor configuration, exposing your data. (A password doesn’t indicate a network is secure, either–even if you have to enter a password, you could be subject to any of these problems.)
Final Verdict – IVPN is an expensive VPN service with a pretty small server network. However, it does offer some unique features such as multi-hop technology and warrant canary that add to the security of the users. If you do not need a wide number of servers and are primarily focused on obtaining rock-solid security online, IVPN should be your choice.
We're not cryptography experts, so we can't verify all of the encryption claims providers make. Instead, we focus on the features provided. Bonus features like ad blocking, firewalls, and kill switches that disconnect you from the web if your VPN connection drops, go a long way toward keeping you safe. We also prefer providers that support OpenVPN, since it's a standard that's known for its speed and reliability. It's also, as the name implies, open source, meaning it benefits from many developers' eyes looking for potential problems.
However, you've got no choice but to run TunnelBear's client software (unless you use Linux), which may concern some privacy-minded users, and there's no option to set up TunnelBear connections on routers or other devices. Last but not least, this tiny Canadian firm is now owned by U.S. antivirus giant McAfee, which may mean TunnelBear is subject to U.S. search warrants.
Our runner-up is Hotspot Shield, which offers 500MB free per day, amounting to roughly 15GB per month. Like Windscribe, it didn't slow down our connections much. But Hotspot Shield admits that it partners with advertising networks and collects some user data. It also shows ads in the Android app, although the company says it no longer injects ads into websites displayed in a desktop web browser.