CyberGhost VPN Review (2024)

Features

CyberGhost Features
Rating:	4/5
Price:	$2.29 – $12.99 per month
Refund period:	45 days (14 days for the one-month plan)
Based in which country:	Romania
# devices per license:	7
# servers:	8,867
Server locations:	115 locations in 91 countries, including the USA, UK, Canada, Australia, India, Japan, China, and Hong Kong
Streaming sites unblocked:	Netflix, Hulu, Disney+, BBC iPlayer, Amazon Prime
Supports torrenting:	Yes, on specific servers
Does VPN keep logs:	No
24/7 customer support:	Yes
Website:	https://www.cyberghostvpn.com

CyberGhost was founded in 2011 and is based in Bucharest, Romania, with a development center in the German city of Ubach-Palenberg. The company was bought by Kape Technologies in 2017. From the outset, CyberGhost has presented a strong brand image, with ghost-related terms for its apps and features.

Three important features of the CyberGhost exceed much of the competition. These are an allowance of seven simultaneous connections, a long money-back guarantee, and a very large server network.

The system is particularly good for streaming, and the VPN service can be set up on TV boxes, such as Apple TV, Android TV, Amazon Firestick (Fire TV), and smart TV sets. It is one of the top VPNs for Netflix users because it can unblock location restrictions, dodging the streaming service’s VPN detection methods. The BBC iPlayer, Hulu, and Amazon Prime are also accessible across borders with the CyberGhost VPN service.

The traffic protection system offered by CyberGhost obscures the true destination of your internet connections, making the access blocks and selective bandwidth throttling practiced by most internet service providers impossible.

CyberGhost is now moving into security protection. All subscriptions get an ad blocker and free identity theft protection with a Dark Web scanner add-on service that will notify you if any of your account details for any online activity are being circulated for sale on hacker websites. The company also offers a password manager for an extra fee and the CyberGhost Security Suite for Windows, which provides an antivirus system and a vulnerability scanner, which adds extra protection against malware and hackers – also for an extra fee.

Privacy and security

CyberGhost offers very strong protection, which not only means its VPN service cannot be broken into, but it also cannot be detected – this is why CyberGhost is a good choice for Chinese users. Not only does the system enable users in China to access the Web outside the country, but its server in China enables those outside of the country to access Chinese websites and TV streaming services that are normally only available within the country.

CyberGhost location

CyberGhost’s operating base in Romania is an excellent jurisdiction for internet privacy; while EU directives compelled other EU nations to direct internet service providers to put activity trackers into their systems, the Romanian High Court judged that these logging steps broke the Romanian citizen’s right to privacy. So, not only is activity logging never going to be required of VPNs based in Romania, even the country’s ISPs would be breaking the law if they tracked their customers’ online activities.

This makes Romania very rare and the ideal location for a VPN service. This is because copyright lawyers can’t prosecute anyone for illegal downloads if they can’t present evidence that it happened. Your own internet service provider is probably forced by law in your country to record all of the IP addresses and, therefore, websites and Web services that you connect to. However, if you use CyberGhost, they will only see repeated connections to CyberGhost servers. If they go to Romania to try to force CyberGhost to hand over activity logs, they will be out of luck.

VPN activities

A VPN operates by cloaking internet traffic. Data moves across networks and the internet in segments. These segments are carried in a structure called a packet. The packet has a header on it that includes the source and destination IP address and other information that enables the receiving computer to reassemble the stream of data that has been broken into chunks for transmission.

The core action in any VPN is the application of encryption. Many internet connections are made secure through encryption. However, connection security involves encrypting the packet data payload. The privacy offered by VPNs, such as CyberGhost, is provided by encrypting the headers as well. It is the source and destination address that enables your ISP to block access to certain websites, and it is also this information that enables Web services such as streaming systems to work out where in the world you are, and so selectively block access.

The destination IP address in a packet header is particularly important to routers – they need to know where the packet is headed to work out where to send it. So, packet headers are usually written in plain text. When the VPN encrypts the header for privacy, the routers on the internet will not be able to read the destination address and send the packet. Therefore, the VPN places the full, encrypted packet in the data payload of another packet. The destination address of this packet is the VPN server.

VPN protocols

For the receiving computer to know how to unpick the packaging that the sending computer has created, internet transmissions are guided by protocols. A protocol is a set of rules; usually, these guidelines are published and made publicly available. VPN protocols explain how data has been transformed to protect it during transmission.

There are now many VPN protocols available, and CyberGhost supports four of these, which are:

• OpenVPN
• WireGuard
• IKEv2 / IPSec

You can switch the protocol used by your connection within the CyberGhost app.

OpenVPN is the default VPN protocol used in the CyberGhost app. It is particularly strong in security and is used by most VPN services worldwide. Although the full implementation, using the Transmission Control Protocol (TCP) can slow down connections. You can opt to use OpenVPN with the User Datagram Protocol (UDP) to speed things up, but this version is less reliable because it doesn’t check for missing or out-of-sequence packets.

WireGuard is a new VPN protocol, and it offers faster connections than OpenVPN. CyberGhost offers this service but cautions that the system is not as well tested by use as OpenVPN and so could have some as-yet-undetected security flaws. CyberGhost recommends this system for playing online games, streaming, or downloading.

IKEv2 / IPSec performs fewer transformations on data, which is a big advantage on mobile devices because less work uses less battery power. Therefore, use this protocol in the CyberGhost mobile app for iOS – it isn’t available in the Android app. This system only uses UDP, so you might experience missed blips in video and voice transmissions.

CyberGhost encryption

CyberGhost offers very strong encryption in its connection services. All packets are encrypted with AES-256. The AES part of that name stands for the Advanced Encryption Standard. This system was commissioned by the US government to protect its own traffic – they ran a competition, and AES won.

Not only does this system protect US government internet connections, but it is also used to protect data at rest. All government services use it, including, the CIA and the US military. So, you can expect that this is a very good service.

The modern encryption cipher is very complicated and works through a series of transformations. The heart of the system is an initial formula that has a variable in it. If you change the variable’s value, you change the result of the encryption. This means that the encryption methodology can be published because knowing how the cipher works won’t do a hacker any good – it is also necessary to guess that variable value.

The variable is called the key, and an encryption key can be guessed through trial and error – this is called a “brute force attack.” A longer key takes longer to guess because there are more permutations of bits that are possible – encryption key lengths are measured in bits.

CyberGhost uses a 256-bit key, which is where the 256 part of AES-256 comes from. This is the longest key length available with AES, and it is impossible to crack through brute force because there are too many possible values.

Attempts to crack the AES key are made even more futile by CyberGhost, which renews its keys every 30 minutes. That means any hacker or government secret service that was running through every possible permutation will have to start the whole process again after 30 minutes.

Protected key exchange

AES is very strong however, the statement above that the cipher is uncrackable has to be qualified. You can certainly decrypt everything if you have the encryption key. AES is what is known as a “symmetric key” encryption system. That means that you need the encryption key to decrypt a text. That simple fact poses a problem.

Both sides need the same key to encrypt and decrypt messages. Complicating matters further, CyberGhost changes that key every 30 minutes. So, how do both sides end up with the same key? One side needs to generate the key and then send it to the other side. Any hacker wanting to read all of the encrypted messages just needs to grab that key as it passes over the internet.

One possibility is to encrypt the next key with the current key in use. However, if the hacker grabs the first key sent for transmission, all subsequent keys would be accessible.

The solution to this problem is a public key encryption system. The specific cipher used by CyberGhost in this category is called RSA. A public key encryption system uses two keys – one to encrypt and one to decrypt. The two keys complement each other. However, you cannot derive the decryption key if you know the encryption key, so it is safe for a server to publish its encryption key. Thus, the encryption key is public, and the decryption key is private.

CyberGhost uses RSA as an initial encryption system to protect the transmission of the AES key. The effective security of public key systems is weaker than that of symmetric key systems, so they require much longer keys.

CyberGhost uses a 4096-bit RSA key, which is the longest key available with the system. However, AES is still better, so as soon as the AES key has been sent, this is used to encrypt the packets in the VPN tunnel.

Server authentication and man-in-the-middle attacks

The RSA cipher is used as part of a system called SSL, which stands for Secure Socket Layer. Confusingly, SSL has been replaced by Transport Layer Security (TLS), but everyone kept using the name SSL. SSL is the system that makes HTTPS secure, so you wouldn’t safely send your credit card details through a Web page without it.

The public key for RSA is held on a security certificate that is stored by a certificate authority. So, when making a connection, the client doesn’t need to rely on its correspondent being the server it thought it was contacting. Once it has the RSA key, the client encrypts a challenge message and sends it to the server. The server proves its identity by sending back a reply.

Any interloper intercepting transmissions and hoping to masquerade as the server can access the SSL certificate and intercept the challenge message. However, only the holder of the corresponding private decryption key can actually decrypt the message and send back an appropriate response.

CyberGhost DNS

The Domain Name System (DNS) is a cross-reference service between web addresses and internet addresses. The Web addresses (URLs) that you type into a Web browser, such as bestvpn.org, don’t mean anything to internet routers. Only the IP address can be used on the internet. So, before your Web browser can send a request for the page you typed the address for, it needs to go and find out the IP address to which it should send that request.

The DNS service works by proximity. There are many very big address cross-reference tables out on the internet, but your computer also has a DNS server for hostnames on your local network. Your browser will try the closest available DNS server, and it won’t find what it is looking for on your computer, so it next checks with your ISP.

A DNS query presents the ISP with an opportunity to block access to a website. It just writes a record in its DNS server for that Web address pointing to one of its own IP addresses instead of the real one. It then stores a warning page at that address. This is a hacker technique called DNS spoofing, but it is widely used by internet service providers. For example, Sky, the second largest internet service provider in the UK, blocks access to the CyberGhost website in this way.

CyberGhost runs its own private DNS server, and once your VPN connection is established, all DNS query traffic goes to that server and is protected by encryption. This is important because, without that DNS protection, your ISP could work out your activity by recording every DNS transaction. You won’t experience a DNS leak with CyberGhost as long as you keep the VPN turned on.

DNS access is also closely tied to a system called WebRTC, which is a browser system for accessing audio and video communications. Leak tests show that you don’t get any WebRTC leaks when you have the CyberGhost VPN turned on.

IP leaks

A VPN service needs to be able to assure that it doesn’t allow any IP leaks. This term refers to the real IP address slipping out from the protected connection so an ISP can log it. With CyberGhost, you won’t get an IP leak as long as the VPN is turned on; if it is turned off, all of the IP addresses you visit will be available for tracking by your ISP.

The biggest risk of an IP leak occurs when your VPN gets turned off without you knowing. This can happen if your Internet connection drops for a short spell. In this scenario, the VPN link gets broken as soon as the connection is lost. However, your computer will try to recover the Internet connection. Some technical problems cause momentary breaks, so the Internet connection will resume, but your VPN will need to be turned on again. If you didn’t notice the connection drop, you won’t know to check your VPN.

The CyberGhost app provides IP leak protection through a mechanism called a kill switch. In the app’s settings, this is actually called Automatic Kill Switch.

A kill switch is a system block. This will prevent traffic from leaving your computer if the VPN is not active. This means if the internet drops briefly and your VPN is disconnected, your internet connection won’t work again until you turn the VPN back on.

Split Tunneling

An IP leak is an accidental disclosure of activity. It is possible to set up intentional disclosures for certain apps or websites. This is set up in the app through a system called Smart Rules. The term “tunnel” is often applied to the methodology of VPNs. It refers to the fact that traffic is hidden for a stretch of its journey, as though it passed through a tunnel. A VPN session is referred to as a tunnel.

The Smart Rules utility is a way to set up customized operations for the service. The Exceptions tab in this tool lets you name connections that should not pass through the tunnel. This is a permanent setting and is stored in the app, so the systems you name as exceptions will never be protected by the VPN unless you remove the rule.

There is one other way of implementing split tunneling with CyberGhost. That is to use the CyberGhost browser extension instead of the app. The browser extension is available for Chrome and Firefox. If you turn the VPN on in the browser extension, only Web traffic from the browser will be protected by the VPN. The internet traffic from other software that is running on your computer will not be protected by the VPN tunnel.

Wi-Fi protection

Another security option within the app lets CyberGhost know how you want it to behave if your device detects a nearby Wi-Fi network. You can set the service to notify you to turn on the VPN to protect your traffic over Wi-Fi systems. This is particularly important in public spaces where hackers can create fake Wi-Fi hotspots, generate the security protection key, and then decrypt all traffic between all of the devices in the space and a local Wi-Fi access point.

The Wi-Fi protection system can also be set up to act like a kill switch, blocking all Wi-Fi access if the VPN is not turned on. The VPN applies encryption end-to-end, adding an extra layer of protection. That means if you are tricked into connecting to a fake Wi-Fi hotspot, the hacker will only be able to break through the Wi-Fi network encryption, only to find the packets are still encrypted beneath that by the VPN encryption.

CyberGhost activity logs

The final element in the CyberGhost privacy system is its no-logs policy. Payments for CyberGhost are processed by another company, and the only information the CyberGhost system holds on its customers is an ID number.

VPN servers operate a network address translation (NAT) system to allocate a VPN server IP address to a customer and then de-reference responses replacing the Substitute IP address with the customer’s real IP address so those replies can be sent back to the customer’s computer.

CyberGhost’s servers hold this cross-reference information in memory (RAM). The link between customers and their fake IP addresses is deleted when the VPN session is closed. So there is no log left over that any copyright layer could seize with a court order. However, remember that the retention of activity logs has been judged to be unconstitutional in Romania.

Dedicated IP addresses

CyberGhost offers an extra addressing service for a fee. This is a dedicated IP address, which is also known as a static IP address. This service is useful if you run your own Web server for a small business website or a games server to which you like to invite friends.

The VPN service masks your identity on the internet by allocating a substitute IP address to your Internet traffic. This IP address will change each time you access the VPN service. If you expect others to connect to your computer, you will need to advertise an IP address they should access. This can’t change otherwise, your invitees won’t be able to find your computer. In this scenario, you will need a dedicated IP address. This address is allocated to you and no other customer of CyberGhost. You own that address, and CyberGhost just acquires it on your behalf.

If you use a dedicated IP address, you can still use the shared server system as well. For example, you can set up an always-on VPN with your dedicated IP address for one of your computers at home and then use your remaining allowance of six simultaneous connections to access the shared service with other devices simultaneously.

You are allowed to install the VPN app on as many devices as you like, but only seven can be connected to the VPN service at any moment.

Website blocking

The CyberGhost app presents you with a list of VPN server locations. You select a location and then turn the VPN on. This is an important factor, and you must choose your server carefully.

While ISPs look at the destination IP addresses in your internet traffic, some websites look at the source IP address. This lets them work out where you are, and they will alter the content that the site presents accordingly. This is called geoblocking or geo-location tracking.

In some cases, geo-location tracking means you see different things depending on where you are located when you access a site. For example, international job sites will alter the vacancies they show according to your location, and news websites will show you different news stories depending on your location.

Streaming services will either block you from watching any videos or present a different list of videos if you are outside their usual home country. Some sites will offer the same shows and movies but with different editing, according to your location.

The VPN protects your traffic from snoopers on the connection between your device and the VPN server. The server strips off that protection and sends the traffic on its way to its final destination. However, before it does, it removes your device’s address as the source of packets and places its own in there. Thus, if you are in France but choose a VPN server in the USA, all of the sites you visit will think that you are in the USA.

The location switch is particularly useful for cross-border access to streaming services. Here is a list of the streaming services you can switch locations for with the CyberGhost VPN.

Service	Test
Netflix	Tests confirmed for access to the USA and France from the UK
Disney+	Only with the VPN server optimized for the BBC iPlayer
BBC iPlayer	Only with the VPN server optimized for the BBC iPlayer
ITV Hub	Only with the VPN server optimized for ITV
Channel 4	Tests confirmed, accessing the UK from the USA
NBC	Tests confirmed, accessing from the UK

Other major streaming services that CyberGhost gets cross-border access to include ESPN +, Amazon Prime, HBO, and Hulu.

It is only possible to access these major streaming services by choosing a VPN server that is specifically tuned to that service, general VPN servers won’t work.

Pricing

CyberGhost offers one plan that is offered at different subscription periods. These are:

• One-month plan: $12.99 per month
• One-year plan: $51.48 per year (equivalent to $4.29 per month)
• Two-year plan: $78 every two years (equivalent to $3.25 per month)
• Three-year plan: $89.31 every three years with three months extra (equivalent to $2.29 per month)

·These are good prices and compare favorably to the main rivals of CyberGhost. Some other VPNs offer a discount for the first payment. On the face of it, that seems great, but it means that when the service automatically renews, you pay a much higher fee than you expected. This doesn’t happen with CyberGhost, and its prices are even lower than the discounted fees of its rivals.

The price per month for the three-year plan will increase on renewal even though the price for the entire period stays the same. This is because you get three months extra with your first subscription, so it is for 39 months instead of 36.

You can pay for your subscription by credit card, through PayPal, or with Bitcoin.

All subscriptions get a 45-day money-back guarantee, except for the one-month plan, which has a 14-day money-back guarantee.

Speed tests

We tested the performance of CyberGhost in the UK on public Wi-Fi hotspots provided by Sky UK’s The Cloud. This service is owned by Comcast, which operates the same technology in the USA as the Xfinity Hub network. Tests were carried out using the Ookla system at speedtest.net.

First, we tested a connection to a nearby server without the VPN turned on:

The download speed shown was 13.20 Mbps, and the Upload speed was 0.92 Mbps. As can be seen below, turning on the VPN, set within the UK, in the same city as the Speedtest server, made a big difference to performance with a download speed of 7.12 Mbps and an upload speed of 0.67 Mbps.

Long-distance connections with this ISP do not do very well. – this test went to Sydney, Australia:

This shows that routing across the world does slow down the delivery of websites and video streams. The download speed fell to 1.90 Mbps, but the upload speed of 0.89 Mbps was not much slower than that on a local connection without the VPN.

Channeling through the CyberGhost Manchester server improved download speeds:

The download speed improved to 3.51 Mbps, and the upload speed was 0.72 Mbps.

International connections also showed an improvement. Connecting to Sydney through a VPN server in New York, USA, gave a download speed of 2.71 Mbps and an upload speed of 0.81 Mbps. Connecting to Sydney while channeling traffic through the CyberGhost server in Hong Kong gave a download speed of 2.95 Mbps and an upload speed of 0.65 Mbps.

As you can see, the VPN improved speeds on long-distance connections. However, not by much, and the general slowing of connections is more pronounced with CyberGhost than with NordVPN or ExpressVPN.

How to install

You can download and use the CyberGhost VPN app before paying for the service. The VPN provider offers a 24-hour free trial.

1. Go to the Free Trial page and click on the big Start your free trial button. This downloads an installer.
2. Click on the file to run it. After telling Windows to let this application run, click through to let the installer create the app.
3. You will also be asked if you want a supporting service. Click yes to this.
4. The app looks almost exactly the same in desktop and mobile app versions. In the image below, the desktop app for Windows is on the left, and the mobile app for Android is on the right.
5. To get the Android app, go to Google Play and to get the iOS version for iPhones and iPads, go to the Apple App Store.
6. To set up an account and start using the VPN service, click on the account creation link at the bottom of the app’s screen. You can set up an account within the app.
7. Type in an email address, make up a password, and type it in twice. The email address you enter needs to be a real account to which you have access because CyberGhost will email you for confirmation to activate your new account.
8. Click on the Activate Trial button in the CyberGhost email. This opens up the CyberGhost website with a message that tells you that the free trial has started. You can now use the app.
9. You will notice that the screen in the app has changed. Click on the Start trial button to access the VPN service.

FAQs

To sum it up

The outstanding features of the CyberGhost VPN system are its great-looking user-friendly app, its 45-day money-back guarantee, its allowance of seven simultaneous connections, and its ability to avoid detection and geo blocking at many streaming services, including Netflix, Hulu, BBC iPlayer, and Disney+. The one disappointment with CyberGhost is that it didn’t perform as well in speed tests as ExpressVPN or NordVPN.

Get CyberGhost