PrivateVPN Features
Rating:3.5/5
Price:$2.00 – $9.90 per month
Refund period: 30 days
Based in which country: Sweden
# devices per license: 10
# servers: 200
Server locations:85 locations 63 countries including the USA, Canada, the UK, Japan, and France
Streaming sites unblocked: Netflix, ITV, BBC iPlayer, and NBC
Supports torrenting: Yes
Does VPN keep logs:No
24/7 customer support: No
Website: https://privatevpn.com/

PrivateVPN has been in operation since 2012. Some people confuse this virtual private network (VPN) system with Private Internet Access (PIA), however, they are two different VPN providers. The VPN service is owned and run by Privat Kommunikation Sverige AB, based in Sollentuna, an outer suburb of Stockholm, Sweden.

PrivateVPN offers a competent service with almost no technical glitches and a self-installing VPN app. However, there is no app for Linux – you have to set the system up manually. The same is true for routers and Blackberry phones.

PrivateVPN hasn’t matched the leading VPN services by providing a browser extension, and some important features, such as double-hop VPN connections or split tunneling just aren’t there.

PrivateVPN doesn’t offer many of the nice privacy extras that the leading VPNs include for free, such as ad and tracker blocking, antivirus, or hacker detection.

As its name suggests, PrivacyVPN is all about privacy protection. This service is accomplished through a range of measures. Factors that enforce privacy include:

  • Legal obligations
  • Procedural protection
  • Internet connection encryption
  • Logging policy
  • IP address masking

We examine how PrivateVPN operates in these categories to protect the privacy of the VPN’s users.

Legal domicile

A VPN provider has to comply with the laws in every location where it has servers operating. However, the headquarters of a VPN service is particularly important. This is because companies have more of their assets at their home office location than in overseas branches. Very often, the servers that VPN providers use in different countries are actually rented cloud server space. Therefore, VPN businesses have almost nothing to lose in most of the locations where they operate.

Governments can threaten VPN providers with fines or imprisonment in order to make them comply with requests to spy on customers. So, the location of the senior staff and the owners is important. Different countries have different rules about operating a VPN service. The strictest are places such as China and Cuba, where operating a VPN service is illegal. Other counties, such as Russia and India, place legal obligations on VPN providers to log all of the activities of their customers.

PrivateVPN is based in Sweden. Since 2019 data retention laws in Sweden require internet service providers (ISPs) to retain internet activity records for 10 months. This isn’t a problem, however, because these rules don’t extend to VPNs. In fact, VPNs can confound the work of ISPs to track the online activities of their customers and Private VPN performs that task well.

PrivateVPN procedures

A VPN connects a remote device to a network by using the medium of the internet. The connection between that device and the network is kept secured by encryption. The intention of this work is to create a level of privacy for the internet connection that is equal to the privacy that computers connected to a network in an office building enjoy. This is how a “virtual private network” gets its name.

The secrecy created by the encryption creates a session that is termed a “tunnel.” This is because it is like someone getting from one place to another in secrecy by traveling through a tunnel, so no one knows where that person will emerge.

Data travels over the internet in sections. There is a structure called a packet that carries the data. The packet has a header on it that contains the source and destination IP address of the packet. Routers need to read that destination IP address, so they know where to send the packet. However, this is also the information that ISPs record, laying records of every website and internet service that you visit.

Like all VPN services, PrivateVPN encrypts the entire packet, including the header. This prevents your ISP from recording the destination of the connection. Unfortunately, that encryption also prevents all of the routers on the internet from reading the packet header, so the packet can’t go anywhere. To enable the fully encrypted packet to travel, it is put inside the payload of another packet.

The VPN addresses the outer packet to its own server, so when it is sent, the ISP records a connection from your computer to the VPN server. Consumer VPN services, such as PrivateVPN operate VPN servers all over the world. When you subscribe to the PrivateVPN service, you need to download an app – this is the VPN client. You access a list of server locations within the app and select one.

When you turn the PrivateVPN service on, the app, which is known as the client, negotiates an encryption system with the chosen client and establishes a tunnel. Until you turn off the VPN service, all the internet traffic generated by your device travels down the tunnel. That means each packet is encrypted and put inside another packet addressed to the VPN server.

Your Web browser didn’t want to contact the VPN server. For example, if you type in the address for Google, your browser needs to contact the Web server for that site and puts the IP address of that Web server on its request packet. That address isn’t rubbed out. When the VPN server receives the packet, it extracts the original packet, decrypts it, and then sends it on its way. All replies go to the VPN server, which encrypts those packets, packages in a packet addressed to your computer, and sends it. The VPN app on your computer receives that reply, unbundles it, and forwards it to your Web browser.

So, the software on your device doesn’t know that PrivateVPN is diverting all its packets through a different location. It doesn’t matter that the traffic is diverted through another location because a reply comes in anyway.

PrivateVPN protocols

The procedures that PrivateVPN follows to create a tunnel are laid out in protocols. A protocol is a set of guidelines to follow. These are published and available for free to anyone. Companies that follow a protocol make their software compatible with the products of any other company anywhere in the world that create system following the same protocols.

There are a number of VPN protocols in circulation and PrivateVPN implements five of them. These are:

  • OpenVPN
  • IPsec
  • IKEv2
  • L2TP
  • PPTP

OpenVPN is the best option, and it is very widely used in the world. IPsec is a very efficient VPN protocol because it operates right down at the level of processes that form packets. However, networking and internet systems operate in “layers of abstraction,” which means that types of tasks are split up. A lower payer provides services to the layer above. The upper layer has no idea how the lower layer does what it does, and the lower layer isn’t concerned with the work of a higher layer. IPsec is at too low a level to deal with session management.

IPsec has to work alongside another VPN protocol, which provides encryption key negotiation services — these are known as “Transport Layer” tasks. PrivateVPN provides two options for this higher layer of VPN protocol: L2TP and IKEv2. So, the user selects L2TP/IPsec or IKEv2/IPsec.

One more protocol that the ProtonVPN app uses is PPTP, which is a very old standard. PPTP isn’t very good and you shouldn’t use it if you can use one of the better VPN protocols. ProtonVPN says it provides PPTP for people who experience difficulty with other protocols and only need to switch their apparent location without needing strong security.

Transport Layer protocols manage connection negotiations between two devices connecting over a network or the internet. There are two main options in this category: the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). TCP is a connection-oriented protocol. This is a full-service system – it ensures packets are retransmitted if they are lost. It will also put packets in the right order if they arrive out of sequence. UDP does none of that – it is a connectionless system. Within the VPN app, you get a choice of whether to use OpenVPN with TCP or UDP. The other VPN protocol options all run over UDP.

TCP gives you more reliable connections, but UDP is faster. UDP is better for interactive applications, such as online gaming, internet telephony, and video chats. One lost packet represents just a blip in a voice or video stream. Missing that little moment isn’t always noticeable, but waiting for that slice to be retransmitted would leave a gap.

Not all VPN protocols are available in all apps. The app for each operating system is a little different. However, all of the apps offer OpenVPN, which is the best option. It is also possible to set up the PrivateVPN system manually within the networking system of your device’s operating system.

PrivateVPN encryption

PrivateVPN doesn’t detail its encryption system for all of the VPN protocol options, but we do know the encryption used for OpenVPN implementations.

Encryption ciphers transform the characters of a text so that the text is a meaningless jumble. The transformation has to be performed in such a way that the intended recipient of the text can decode it, but no one else can.

Only a few ciphers are regularly used in VPNs. These ciphers are like a mathematical formula, which is generally known. What makes the cipher secure is that one of the elements in the formula is a variable. Changes to that value completely alter the outcome of the transformation, so you need that missing element in order to decrypt a text. That variable is called the key.

Snoopers can crack an encryption cipher just by guessing the key. There are computer programs available that zip through every possible combination very quickly – this is known as a brute force attack. Longer encryption keys take more time to deduce by trial and error. Therefore, the security of an encryption system relies on the length of the key that the implementation uses.

PrivateVPN uses two encryption systems. Tunneling encryption is performed by the Advanced Encryption Standard, and PrivateVPN uses it with a 256-bit key (AES-256). Session establishment is implemented with Diffie Hellman, using a 2048-bit key (DH-2048).

AES-256 is the strongest encryption cipher available in the world today. It is uncrackable, and it is the system that banks and secret services use to protect their data stores and internet transmissions.

AES is a symmetric cipher – the same key is used for encryption and decryption. This creates a security weakness – one side needs to pass the key to the other. Until the encryption key has been shared, it can’t be used, so the transmission of the key has no protection, and anyone that captures the key can decrypt all messages.

Diffie-Hellman solves the problem of AES key exchange. This is a public key system. In public key cryptography, there is a key pair – one key for encryption and another to decrypt the text encrypted by the associated encryption key. The two keys are linked, but you can’t guess the decryption key from the encryption key, and you can’t use the decryption key of another pair. It is also not possible to decrypt a text with the encryption key.

It is safe to publish the encryption key – this is called the public key. The decryption key needs to be kept secret – it is the private key. With Diffie-Hellman, both the server and the client have a key pair. These are combined in an encryption process and also in the decryption mechanism. So, each side in a connection can decrypt messages using its own private key and the public key of the other side.

Outsiders can’t break into the encryption because they don’t have the private key of either side. They could guess, but that takes time. Reissuing keys periodically and using new keys for each session make brute force attacks even harder.

PrivateVPN’s 2048-bit key sounds like it must be very strong when compared to the 256-bit key of AES. However, public key systems need much longer keys than symmetric ciphers in order to be secure. The “effective security” of a 2048-bit key is not so great. The public key equivalent of a 256-bit key is a 4098-bit key.

ExpressVPN, NordVPN, and CyberGhost use a 4096-bit key for their public key encryption. Other VPN services that use a 2048-bit key include Surfshark, Private Internet Access, and IPVanish. So, PrivateVPN isn’t offering the strongest encryption in the business. However, the VPN is in good company.

PrivateVPN server functionality

A VPN is a type of proxy service. In law, a proxy is a stand-in and represents someone else. A proxy server does the same thing in the world of computers. The purpose of a VPN is to enable a remote computer to join an office network as though it actually sits in that office building.

When you use a computer on an office network, your internet connections go out through that network’s internet gateway. Your communications on the internet have that gateway’s IP address in the source IP address field of the packet headers. So, as far as the outside world is concerned, you are in that location. You aren’t – the proxy server is representing you.

You might have noticed that you can watch your favorite TV stations online and even get a catchup service on the website. Imagine if you went to live abroad, you could still watch TV from home over the internet. No, you can’t – those TV channel websites block your access from outside the country. All IP addresses are registered, and that gives them a geographical location record.

Streaming services, such as Amazon Prime Video and Netflix, let you carry on accessing the service even if you travel outside the country to which you subscribe. However, you get the video library of the country that you are in and not the country that you are from, so those new dramas that your friends are talking about might not be available where you are.

When you use the PrivateVPN app, you choose a server location before turning the VPN on. The functionality of the VPN system then makes all of the Web servers that you contact think that you are in that location.

The PrivateVPN servers practice network address translation (NAT). Each server maintains a pool of IP addresses and one of those gets allocated to a customer when a VPN session is established. Packets coming in from that customer get decrypted, but before it sends the inner packet on to its intended destination, the VPN server puts that allocated IP address into the source address field of the packet.

The recipient of that packet reads the source address, checks on its location, and then sends a reply back to that address, which routers forward to the VPN server. The VPN server then encrypts and encapsulates that packet in an outer packet addressed to the customer that sent out the original request.

The VPN server knows which customer is represented by which substituted IP address because it maintains a cross-reference called a NAT table. When the customer ends the connection, the allocation record gets deleted from the NAT table and the allocated IP address gets returned to the pool for use by another customer. By this method, no customer is permanently associated with a specific IP address. PrivateVPN calls this system a “public dynamic dedicated IP address.”

PrivateVPN activity logging policy

The IP address masking service of a VPN is completely undermined if the provider also keeps records of who was represented by which IP address and when. This is known as an activity log.

PrivateVPN has built its unique selling point on providing strong privacy. So, you would expect that it would have a no-logs policy, and it does. An activity log is created if the VPN archives the NAT table record when a user logs out. There isn’t any logical reason to implement activity logging – it ends up taking up a lot of server space, and the only purpose of storing this data would be to search it, which requires analysis software at more expense.

PrivateVPN logging policy can’t be what the company says it is in Russia and India. Both these countries have legal requirements for VPNs to log user activity. The Indian government requires those logs to be stored for five years. Most VPN services shut down their servers in those countries when government controls took effect.

Other VPN providers that still offer servers in Russia and India operate them as “virtual locations.” These are created by taking a pool of IP addresses that can be traced to one country but allocating them to a server in another place. So, for example, a VPN server might be in Singapore but allocate IP addresses that are registered in India.

PrivateVPN doesn’t explain how it deals with Russian and Indian laws. In fact, the company names the locations of its Indian servers as Mumbai and Bangalore, and it states that its Russian servers are in Krasnoyarsk and Moscow. So, the VPN servers in India must be logging activity. In the case of the Russian servers, they will be logging activity and controlling access to a list of banned websites.

PrivateVPN IP leak and DNS leak protection

The VPN tunnel that runs from a device to a VPN server is intended to block the user’s ISP from seeing and recording actual Web activities. The ISP can also use its position as the gateway to the internet to block access to websites.

An IP leak occurs when the ISP can read a real destination IP address. This isn’t possible if the tunnel has strong encryption, which is the case with PrivateVPN. The only possible cause of an IP leak is if the VPN turns off without the user knowing.

A VPN connection can break while the underlying connection keeps active because of UDP and TCP. In TCP, the server periodically sends a “keep alive” packet if it doesn’t get any input from a client. UDP doesn’t do that. So, if there is no traffic, the server will shut down the encrypted session, but the TCP activity of the underlying internet connection keeps that service going. So, the browser keeps active, sending requests over the unprotected connection with all the real destination IP addresses visible to the ISP.

Some VPN services prevent IP leaks from happening by a utility in the VPN app called a kill switch. This blocks all internet access if there is no active tunnel, which draws the user’s attention.

The VPN app has to be open in order for this function to work, and so these apps also have a setting that will make the VPN app start up with the operating system. PrivateVPN has a kill switch in its Windows, macOS, and Android apps. However, it isn’t included in the app for iOS, and those systems that require manual setup, including Linux and routers, have no kill switch option.

The Domain Name System (DNS) provides a translation of the Web address that you type into your browser to the IP address of the server that your browser has to go to for the requested page. So, before every page gets shown in your browser, there will be a DNS query. This query is usually dealt with by your ISP’s DNS resolver.

For most references, the resolver looks elsewhere, but it maintains its own records for some websites. If your ISP wants to silently ban a website, it just writes a fake DNS record that either returns a broken IP address or the address of a page owned by the ISP that says, “Don’t go there!” Your ISP is currently blocking hundreds or even thousands of websites.

Once the PrivateVPN tunnel is in place, your DNS queries should go down the tunnel. PrivateVPN provides its own DNS resolver, so when you use the service, those websites that disappeared a while ago will be unblocked and available.

We ran some tests on geo-restricted video services, switching between the server countries in the PrivateVPN app, and these are the results:

ServiceTest
NetflixTested for the USA, the UK, France, and Japan, and the VPN worked for all
Disney+Tested for the USA, the UK, France, and Japan, and the VPN worked for all
BBC iPlayerYes
ITV HubYes
Channel 4Yes
ABCYes
NBCYes

This performance is impressive. Few VPNs can get past the proxy detection systems of all of these streaming services – Disney+, Channel 4, and ABC are particularly adept at blocking cross-border access and the activities of VPNs.

PrivateVPN has one package that is available in three subscription periods. The length of your subscription influences the price you pay per month. The prices are:

  • One-month plan: $9.90 per month
  • Three-month plan: $17.99 ($6.00 per month)
  • Three-year plan: $72.00 ($2.00 per month)

All plans get a 30-day money-back guarantee for the first subscription period. You can pay for a subscription with a credit card, PayPal, Google Pay, Apple Pay, or Bitcoin.

1. Go to the PrivateVPN Pricing page. Select a plan, enter your email address and make up a password. Enter your payment details and then press the Pay Now button.

When the payment goes through, you will be taken to the Getting Started page, which includes links to app downloads.

2. Click on the View Guide button for the app in the section of the screen that relates to your operating system.

3. Click on the download link in Step 1 of the guide and wait for the download to complete.

Note: If you have any other VPNs installed on your computer, remove these before installing PrivateVPN because the existence of these services will prevent the full PrivateVPN system from installing and the app won’t work.

4. Click on the downloaded file to open the PrivateVPN installer. After the installation completes, you need to log into the app with the email address and password that you entered on the payment page.

5. Skip through the usage guide to get to the main screen of the VPN app.

6. The most important settings that you need to adjust before turning the VPN on are in the Advanced View page. Here you can choose the VPN protocol in the Connection Type field and then decide on the length of the encryption key in the OpenVPN Encryption field.

7. Back on the main screen of the app. Click on the Change link in the location field to get to the server selection list. Server locations are listed by country name. The list also shows the current return trip time to each location.

8. Double-click on a location, and the server list will close, leaving the chosen location in the server field. The connection will begin.

PrivateVPN app for Android

1. To get the PrivateVPN app for an Android mobile device, go to the Google Play store and search for PrivateVPN. This will present you with the app. Click on the Install button. Click on the Open button in Google Play or go to your Home screen, where the PrivateVPN icon will appear, and click on that.

2. You will then be presented with a request to allow the app to get access to the networking functions of your phone. Click on Allow. You are now able to use the app.

3. Click on the Hamburger menu symbol at the top left of the app to get to the settings. You only have the option of OpenVPN over TCP or UDP, which you can select in the VPN Protocol line of the settings. Choose the encryption key size in the OpenVPN Encryption line.

PrivateVPN app for iOS

1. Get the PrivateVPN app for iOS from the Apple App Store.

2. Search for PrivateVPN.

3. And then install the app.

We tested the PrivateVPN system, with the VPN protocol set to OpenVPN over UDP, using AES with a 256-bit key. The tests were carried out over the Three network in the UK. Each test was performed three times, with the middle result taken for the report.

First, to establish a performance baseline, we tested a connection to a nearby server without the VPN turned on:

The download speed shown was 11.64 Mbps, and the upload speed was 6.75 Mbps. Using the United Kingdom VPN server of PrivateVPN, we performed the speed test, connecting to a test server in the UK. The results were:

At 10.76 Mbps, the download speed on the PrivateVPN connection was close to the mean connection speed without the VPN. The upload speed was slightly lower at 6.09 Mbps. Some VPNs slow down connection speeds drastically, particularly when using AES encryption with a 256-bit key – a 128-bit key is quicker to process.

Long-distance connections across the internet are slower because packets have further to travel and pass through more routers. We tested a connection to a test server in Sydney, Australia, and found unusual results:

The download speed of 9.95 Mbps and the upload speed of 5.40 Mbps was faster than on the local connection. This wasn’t an anomaly because we performed another three-test cycle later in the day and found that download speed results were consistently around the 15 Mbps mark.

Turning on the PrivateVPN service, using the UK VPN server, we connected to the same test server in Sydney again.

This time, the VPN slowed the connection considerably, with a mean download speed of 8.20 Mbps and a mean upload speed, which was 5.54 Mbps.

These results compare favorably to rival VPN services. The speed impact on local connections was negligible. While PrivateVPN dropped the speed on a long-distance connection considerably, this is not unusual for a VPN.

Is PrivateVPN a firewall?

PrivateVPN servers operate network address translation. This mechanism is often also implemented in wireless hubs for home internet systems. With home internet services, the network address translation feature is often referred to as a NAT firewall. This is because the representation of a device on the internet with a substituted IP address makes it impossible for outsiders to get a direct connection to a device behind the NAT system. However, PrivateVPN doesn’t examine the contents of packets, so it won’t filter out malware.

Does PrivateVPN work in China?

There are varying opinions on the ability of PrivateVPN to evade detection in China. The company advises users in China that they get the best results when using the L2TP protocol in the app – this protocol option is not offered in mobile apps.

Is PrivateVPN a fast VPN?

Tests show that PrivateVPN offers respectable speeds. It is not the fastest VPN on the market, but it won’t slow your internet speed down to the point where video streams start to buffer.

Is there a PrivateVPN 7-day free trial?

PrivateVPN advertises a 7-day free trial and even has a page about it on its website. However, this trial is no longer available.

Can I use PrivateVPN for torrenting?

PrivateVPN is very supportive of torrenting. So, it is OK to use the service when downloading files from P2P systems. The company recommends that torrenters use their VPN servers in Sweden.

To sum it up

PrivateVPN has a very respectable performance. It doesn’t slow down connections too much, and our tests show that it can get cross-border access to just about any online video streaming service. These are probably the main considerations that a typical consumer would look for when choosing a VPN.

On the technical side, the VPN apps don’t offer as many extra utilities, such as ad and tracker blocking, as the leading VPN services. Other detractions are that there is no PrivateVPN app for Linux or routers and no browser extension.

If you want to connect to one of PrivateVPN’s servers in India or Russia, you should probably be a little cautious about your activities because there is a strong possibility that the VPN is logging your activities.

This is certainly a VPN that you should put on your shortlist of systems to consider.