Jurisdiction
Negative scores are not necessarily reflective of the companies or their polciies, only the countries they’re based in.
Fourteen Eyes Countries:
More information on FEC’s here.
“Owned” means a country/location isn’t a Five-eyes country itself, but is a territory or commonwealth of one.
Second tier “Cooperative” countries are determined by Privacy International
Enemy of the Internet:
Based on Reporters without Borders’, 2014 “Enemies of the Internet” Report.
Logging
These metrics are collected from the official websites and other reputable sources. This section takes each company at their word. It’s up to the user to decide who is trustworthy.
The term “logging” is referring to LONG TERM storage of this information, and not REAL TIME “monitoring”.
Again – just because a company may not log, this does NOT mean that you can’t be monitored in real time by the service.
Bandwidth Logging
Some services limit the bandwidth of the user. When a company’s privacy policy explicitly states no bandwidth usage logging, you can be more sure they’re serious and don’t have an invisible, unadvertised cap.
Anonymous Payment Method
Service offers at least one payment method that does not require personal information.
“Email” in this field is considered better than a No, since it may or may not be tethered to an individuals identity.
This does NOT count companies that claim that you can just falsify personal info and technically be anonymous. It’s to highlight companies that don’t ask for it in the first place.
Gives back to Privacy Causes
A given service supports (typically by way of donations) organizations and worthy causes important to privacy. Examples could be donations to the EFF, FSF, OSTIF, and other organizations, FOSS audits, etc.
Meets PrivacyTools IO Criteria
- Does not log traffic.
- Operating outside the USA or other Five Eyes countries.
- Has OpenVPN software support.
- Accepts Bitcoin, cash, debit cards or cash cards as a payment method.
- No personal information is required to create an account. Only username, password and Email.
More info at privacytools.io
Blocks SMTP (Authent.)
A “Some” in this field means that the companies’ support team may be willing to whitelist your E-Mail providers SMTP server upon request. Another possibility is the company supports some workaround method.
Blocks P2P
Services marked as blocking “Some” P2P, usually only blocks it on servers dedicated for streaming. Other possibilities are that P2P user is throttled – or worse banned. The user is responsible for researching further based on their needs.
# of Connections:
A 25 in this field actually indicates no advertised limit for simultaneous connections. (Done this way for conditional formatting purposes only)
Obfuscation:
Sometimes it’s useful to obfuscate the fact that your traffic is generated by a VPN. For example, if your ISP or Network Administrator is blocking certain VPN protocls for some reason. These fields represent different methods of obfuscating VPN traffic so that it’s not as easily detected and blocked.
Speed
Speed Tests are run in the course of performing reviews (methodology and test setup can be found here). Averages are used for this figure. International speeds are averaged from all international tests run in a given review. A “0.00” in this field does NOT mean no speed, just that there isn’t data to populate the field.
# of Countries
Note that some companies report physical server locations, and some use tricks to make a server endpoint appear to be in another country when it really isn’t. Note, that in many cases where the number of countries is unusually high, THIS IS THE CASE. Do your own research on a case by case basis if this is an important metric for you.
# of Servers
Note that some companies report physical server count, and some report virtual server count (to inflate the numbers).
Do your own research on a case by case basis if this is an important metric for you.
Linux Support (Manual)
This field is a “yes” if .ovpn files are available and ready to use in Linux Network Manager, not CLI. If some tweaking is needed, or if the support team of a given service has to specially make and email these, this field will be “partial”. If no files are readily available, this field will be “no”.
# of Persistent Cookies
Using webcookies.org – persistent cookies
# of External Trackers
Using webcookies.org – third party cookies
# of Proprietary APIs
This field is derived from a urlquery scan of each service’s website.
Not all services are of equal concern (or even concern at all). This is a loose indication of how committed to free software a company is.
Server SSL Rating
Run using Qualys SSL Labs – SSL Server Test Tool
Pricing
Pricing is based off of normal rates, and doesn’t take into consideration promotions, coupons, or sales.
Refund Window
Often, payments made by cash or bitcoin CANNOT be refunded. User should research as needed. As this field only allows a numerical value, services that show -1 are indicating a free service.
Contradictory Logging Policies:
This field indicates a company who advertises a zero logs or absolutely no logs policy in their marketing, but upon further inspection do keep logs to some extent.
This does NOT mean that the company in question has provided details about their logging policy in their terms or privacy policies, only that they have not claimed “no logging”, then immediately disproved it.
Falsely Claims Service is 100% Effective
No security or privacy setup truly offers 100% protection or is a bulletproof solution.
When a company uses hyperbole or otherwise claims 100% effectiveness for anonymity, privacy, security, or generally gives this impression – it misleads potential customers that don’t know better and can harm the user who expects it to be true.
Some claims are more blatant than others, but any claim that could be construed as a surefire way to be anonymous is counted.
Incentivizes Social Media Spam
These companies offer rewards such as extra data allowances or free service time to users posting about their service on social media. This clogs up research channels and pads the number of likes (and therefore attention) a given service or feature has that it might not otherwise.
This also includes affiliates who post “deals” on behalf of the company to bring in traffic.
This in turn could mislead the honest customer.
Forbids Spam
Email or comment spam (by affiliates)
Ethical Copy
Companies that expect their affiliates to use ethically acceptable copy (keywords, terms, metatags, descriptions and webdesigns) in their advertising campaigns. Ethically acceptable copy is considered copy that is in no way deceptive, nor imposes upon the trademarks, copyrights or intellectual property of another product, company or entity. Purchasing advertisements on search engines with the names of the represented companies is strictly prohibited.
Requires Full Disclosure
This includes, but is not limited to, Federal Trade Commission 16 CFR Part 255 (or equivalent): Guides Concerning the Use of Endorsements and Testimonials in Advertising, which requires, among other criteria, that material connections between advertisers and endorsers be disclosed. This means that directories, review/rating sites, blogs and other websites, email or collateral that purport to provide an endorsement or assessment of an advertiser must prominently disclose the fact financial or inkind compensation is provided from the advertiser.
Affiliates
Affiliates are free agents bound to the terms of the companies they represent and given commissions or incentives to funnel traffic and referrals to the company’s site via affiliate links.
While companies are not directly responsible for their affiliates actions, they have a responsibility to keep affiliates and resellers operating within the terms of their partnership.
Ideally this means not spamming, breaking copyright, and providing full disclosure.