CyberGhost VPN is well-known for the freemium campaign they ran for quite a while. The software is great, they have a good number of locations available and good speed test results. However the sensational claims and the poor customer support really diminish the experience. We expect improvement in these areas along with the outdated security implementation.
We reviewed CyberGhost VPN in the past, but back then it was their free service that we tested. Now, it’s time to take a closer look at their premium features and see if it’s worth investing in this service.
Cyberghost is a Romanian-based VPN service that is growing constantly and according to their website, they have over 4 million people who used their service. It’s not clear whether those are paying or free customers, but given the figure we tend to believe that it includes both types.
The CyberGhost team consist of various members with different backgrounds and skills and they are showed on an About page.
CyberGhost offers access to over 500 VPN servers all over the world. According to their policies and claims, they don’t keep any logs to protect the identity of their users.
The service is available for all major platforms, including Windows, OSX, iOS, Android and Linux. Setting up the service is fast and easy even for a non technical user.
- Unlike the free version, the premium version of CyberGhost allows users to acces their account from different devices, be it desktops or mobile, as there are no restrictions as long as you
- in into your account.
- The user’s IP is changed within seconds, which helps unlock content from restricted websites and protect the privacy on the internet.
- Data is encrypted with 256-AES bit cipher. CyberGhost also offers unlimited bandwidth and live server update, so the user can check the status of their servers at all times.
- Premium users don’t have to wait to establish connections and have priority to support.
- It’s easy to set up an account and all you need is to choose an username and password.
- Payments are available via credit card, PayPal, bitcoin or, in some countries, the software can be bought in selected retail stores.
- Support for tunneling protocols include OpenVPN, PPTP and L2TP/IPSec.
CyberGhost VPN has a server status page where you can find detailed information about server locations and current usage.
An unique feature is their Accelerator program, available to people/small companies who require an investment of up to €25.000 into their privacy-related projects.
Encryption details can be seen in the connection log, if you double click on the CyberGhost’s logo. We also downloaded the OpenVPN connection profiles from their site to setup OpenVPN manually, to make sure that they are using the same encryption parameters.
The encryption details are: 256-bit AES-CBC cipher for data channel, RSA-2047 certificates generated using a RSA 1024-bit CA (bad!) and MD5 for HMAC authentication (bad gain!). Those are some weak encryption parameters as the CA and HMAC authentication strength are obviously the weakest links in the chain, making the strong AES-256 cipher for data channel quite irrelevant. At least they are using client-based certificates for authentication, and even though they are generated using RSA-2048, it is the CA strength that matters most and we mentioned earlier it is only 1024-bit and was generated in 2007:
Yet the security of Cyberghost VPN is advertised as “military grade encryption” which takes “300.000.000.000.000.000.000.000.” (continues with some more 0s) years to break. CyberGhost should be aware that things don’t really work that way, and this is an example of a marketing gimmick.
The software is easy to install and it takes only a few moments to be able to use it. Users just need to select the desired software for their platform and the setup and configuration is made automatically. During the installation process on Windows, Microsoft .NET Framework 3.5 is downloaded and installed if you don’t have it already on your PC. The license code provided upon singing up for their premium VPN service has to be added in the software to benefit from the premium features.
The software provides an easy way to switch across VPN locations, called “Simulated Countries” and “Simulated IP addresses” for individual server selection in a specific country location. A notice is displayed at the bottom when selecting a location where P2P is blocked, notifying the user that such traffic is blocked on the selected location. The software displays some other useful information such as the total number of users connected globally or to each one of their servers and the total number of servers in each of their locations.
Connecting and disconnecting is as easy as pushing an ON/OFF button, literally.
In the software settings, there are some useful features:
- Automatic start during system startup and automatic connection after starting the software
- Language selection
- Install beta updates
The software also displays subscription information such as the username and remaining subscription time until the account expires.
In the Advanced options, the user can add IP/hostname exceptions to by-pass the VPN tunnel. More advanced settings include:
- Proxy setup, if you want to connect to the VPN through a proxy/SOCKS5 server
- Forcing Cyberghost DNS servers: useful in solving DNS leaking issues
- Use TCP instead of UDP for the VPN connection.
- Disable IPv6
- Adjust fragment size of packets
One interesting feature that we discovered in their software is in the Privacy Control tab, where it is possible to enable some settings to cloak the browser fingerprints and to block requests to tracking websites.
The settings can be enabled for HTTPS traffic, too, but we found that it requires the user to use a Certificate Authority of CyberGhost and trust it, so their proxy service will generate SSL certificates for all websites on the fly, as you can see in the screenshot:
Using forged certificates is a dangerous and irresponsible practice. Also, the forged CA and its generated certificates aren’t removed when the software is uninstalled. This is how the “privacy” hijacking looks like:
CyberGhost VPN is currently offering the following packages:
Free package, available for Windows, Mac and Android.
Their premium package comes the following features: usable on 1 device at a time, ad-free, more than 500 servers from 31 countries, apps for Android and iOS included. The price is $6.99 monthly or $5.83 monthly for an annual subscription.
Premium Plus package contains all the premium features, but the service it can be used on 5 devices simultaneously. The price is $10.99 monthly or $9.16 monthly for an annual subscription when paid in advance.
Payment methods include the most popular: Credit Card, PayPal, Bitcoin, Wire Transfer and also cash if you buy the service from a retail store where it is available.
Logging and Privacy
It is worth noting that data retention directive has been declared unconstitutional in Romania, the country where CyberGhost VPN is incorporated.
A transparency report is available on their website, where they publish the total number of requests (DMCA notices, police requests etc) for each server location. The transparency report is not up to date: the last update was made on September 2014.
Speed and reliability
Speed was good in most of our testing and the connection was running smooth for over 3 days (no packet loss or unexpected disconnecting problems).
Testing speed using bittorrent downloads we had consistent results in the range of 40 to 80 Mbps and that’s very good.
According to their Support page, the support schedule is 08:00 AM to 05:00 PM during business days and the response time is 48 hours, though they are likely responding much quicker. Users can contact the company through email, online ticket support or live chat. There’s also a very comprehensive FAQ section that offers responses to the most common questions and also a forum. We contacted them via email over the weekend and we haven’t received any reply until Monday, when their online chat support was online. The online chat support representative was quick and helpful.
- No personal data requested when signing up.
- Bitcoin accepted.
- Large number of servers and locations to choose from.
- Available as a free service to test them out before paying, or just use the service regularly if you are not a power user.
- P2P allowed in some locations.
- Software is easy to use and has quite a few useful features.
- Good speed.
- Outdated security in OpenVPN implementation.
- The way their software is handling HTTPS traffic is just bad. The good thing is that they don’t force this “privacy feature”.
- There’s more marketing than facts.
- Limited support availability.
CyberGhost VPN is a large provider that has become very popular by running a freemium model. It currently offers most of the features found with other competitors for a good price: many locations, good speed, clean software packed with useful features, focus on privacy – all for a good price and even free, with limitations. We were disappointed with the security implementation of OpenVPN and forging of SSL certificates to use with one of their software features, and we hope that they will put some effort in solving these problems. We rate CyberGhost VPN at 6.5/10.