A Defensive Computing Checklist    by Michael Horowitz
HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

VPNs - My Experiences

The experience of using a VPN varies drastically, not only from company to company, but also from operating system to operating system with the same VPN provider. With that in mind, this haphazard section offers some insight into my experiences using a handful of VPN providers on assorted operating systems.

This is a companion page to main VPN topic on this site.

Topics below: IVPN   Mullvad   Proton VPN   OVPN   Windscribe  

IVPN

IVPN offers both ad and tracker blocking in their AntiTracker feature. AntiTracker is included in all their plans and it works on every device supported by the service. An AntiTracker configuration option called Hardcore Mode blocks domains belonging to Facebook and Google. AntiTracker is not included in their Google Play Store Android app because they assume that Google will ban it. However, Android users can download the .apk file from the IVPN website, or install via Accrescent or F-Droid. A nifty trick enables the AntiTracker feature even when using a router as the VPN client. See also their AntiTracker FAQ.

One annoying thing about IVPN, that applies to any operating system they support: You logon to their app with an account number. They give it to you with upper case letters, but you can enter it with lower case letters. They don't tell you this. The account number includes dashes. The dashes have to be entered. Again, you are not told this. It takes so little effort to explain this, but no.

Regardless of the operating system your device is using, you can always check how busy the IVPN servers are on their Server Status page. FYI: on this page "LOAD" refers to bandwidth usage, not to CPU usage.

Device Limits: There is an introduction to this on the main VPN page. As of December 2023, the IVPN Standard plan allows for 2 devices, their Pro plan allows for 7. This screen shot shows what it looks like on Windows when you are using all your REGISTERED devices when you try to connect to IVPN from a new device. And, also on Windows, this screen shot shows what happens to a previously REGISTERED device after it has been DE-REGISTERED to allow the new device to connect to the VPN.

IVPN on Windows 10
VPN client version 3.10.14, 3.10.15, 3.10.23 and 3.12.0 during 2023

IVPN on Android 12 and 13
Initial testing with app version 2.10.3   January 2023

IVPN on Android 10 (OS has bug fixes as of June 2022)
VPN client version 2.8.4 which was released January 15, 2023
Tested January 2023

IVPN on ChromeOS
Android app version 2.8.4 from Jan 15, 2023
My guess is that the experience on ChromeOS is 99 percent the same as on Android, but just in case, I list it separately.

IVPN on iOS
Initial testing was on iOS 17.2 in January 2024 with IPVN app version 2.11.1 (7). Some testing was also done on iOS 17.3.
See their iOS app setup instructions. You are not required to use their iOS app, they provide manual setup instructions for WireGuard, OpenVPN Connect and IPSec with IKEv2.

My initial observations:

IVPN Tech Support

March 2023: IVPN allows VPN connections from a Synology NAS device. One configuration option for this is an on/off checkbox called "Allow other network devices to connect through this Synology server's Internet connection". IVPN says to enable this option. So, I asked them what needs to be done on a LAN resident device to make it connect through the Synology NAS box. They don't know. At first, they avoided the question. Then when asked again, their response was full of maybes. They did point to the Synology documentation on this: VPN Connection. It too, however, says nothing about using the option. In fairness this is a Synology gripe, but IVPN failed in recommending the use of an option they don't understand and then in not coming clean about not knowing. Also, their Synology NAS setup instructions are poor. For one thing, there are no dates (neither created nor last reviewed), it is for DSM version 6 when version 7 is current and it does not link to the Synology documentation.

The Contact Us page on their website uses PGP keys for secure email. This is as ancient as Fred Flintstone. They should have email addresses at both ProtonMail and Tutanota for secure email. Or something else a bit more up to date.

In general, tech support has been very good. All questions/problems have been responded to by someone who understood the issue and made reasonable suggestions. In my experience, their support has been far better than other VPN providers.

IVPN Billing

April 2023: After paying for some months on a month by month basis, I tried to extend my account for a full year. Their system rejected a MasterCard, a Visa card and an American Express card. The Visa card was a debit card and had been used previously to pay for a month of service. I later learned they do not accept American Express. Their site does not say this while making a payment, it is buried in a KB article that you don't see while signing up. The error message from their payment processor also does not this. In the end, I had to go to Amazon, buy a paper voucher, pay sales tax and wait for it to be delivered before I could extend the time on my account. All three times I was trying to extend an existing account. I probably should have created a new account after the first couple failures. Creating a new account is trivially easy to do as IVPN collects no information from their customers at all, other than what is needed for billing.

IVPN Vouchers
What IVPN calls a "voucher" is a piece of cardboard that you can buy from Amazon in the US. The downside is that you pay sales tax. The upside, is that IVPN never sees your credit card information. They also don't know who purchased any particular card. The card contains an activation code that you have to scratch off using a coin. The instructions fail to mention that you have to scratch anything off, it just says to tear the card. The activation code is 12 characters consisting of numbers and letters. All the letters are upper case, but you can enter them on the IVPN website in lower case. It fails to tell you this too. More here: Voucher cards FAQ (undated). FYI: Mullvad also sells paper scratch-off vouchers.


 

MULLVAD

Note: Both IVPN and Mullvad offer assorted blocking (ads, trackers, malware, etc) in their Windows apps, but not in their Android apps. I was told by one of them that Google is advertising driven and would block their Android app if they offered ad-blocking. IVPN offers their Android app with ad blocking as both an APK and in the F-Droid store.

New User Experience

December 2022: The new user experience starts out great. Mullvad only knows you by an account number, you do not need to provide an email address to sign up. When you run their Windows software the first time, this is what you see. However, things go downhill very fast.

When I started a new subscription, I installed the software on iOS and Android devices where it only supports WireGuard (their desktop software supports OpenVPN). The first five devices went well.

On the 6th device (Windows 10), there was an error about "Too many devices". What the heck? That's not explained. Usually with a VPN, the limit is the number of concurrent devices that can be connected to the VPN service. That was not the case here as none of the first five devices were connected to the VPN.

Mullvad has introduced new concepts, new terminology, new limits and they offer no explanation for this.

As to specifics, here is a screen shot of the error from version 2023.5 of their Windows software. The user is instructed to logout of another device. But

  1. What does it mean for a device to login and logout? What is the concept here?
  2. How is logging in/out different from being connected to the VPN?
  3. If you click the X next to one of the devices, it is logged out. But which device? You can not tell. Mullvad gives devices a random name consisting of two words. You have to go to each device with their software on it and review the VPN software settings to see the name they gave to that device. You can not set a name like "Mikeys iPad"

In the Help section of their website, I searched for "Too many devices" and the results are shown here. I found this useless.

When you try to use a device that has been kicked out of the system, you get a "Device inactive" error as shown here (from Windows).

The Mullvad tech support page Using the Mullvad VPN app has click here/type this instructions for dealing with this, but does not explain the concept.

So, devices can be logged in or logged out. They can be active or inactive. What do these terms mean? My best guess is

  1. There is no limit on the number of devices that you can install their software on
  2. There are two different limits and they do not have useful terminology to distinguish between them.
  3. One limit is the number of devices that can be concurrently connected to the VPN. If anyone from Mullvad reads this, you should refer to this as the concurrent limit.
  4. Another limit is the number of devices that can be "registered" with Mullvad. "Registered" is my term, not theirs. A "registered" device is one that is allowed to connect to the VPN. You can install their software on 26 of your devices, but only the 5 "Registered" ones can actually make a VPN connection.
  5. When a device that had been "Registered" but was booted out by another device, tries to use the VPN, this is the error message (from an iPad). In my terminology, this means the device was de-registered. But, Mullvad refers to this condition as "inactive", "revoked" and logged off. Miserable user interface.

So, if you install their software on 5 devices and use it, at least once, on all 5, then you are in trouble. All 5 devices are now in a "registered" status, and they are allowed to connect to the VPN. The 6th device that you try to use will fail with the "Too many devices" error. Even if none of the first 5 registered devices are connected to the VPN, the 6th device will still suffer this error because it refers to their being too many registered devices, not too many concurrently connected devices.

This is far from the worst thing in the world, but their description of what's going on is disgraceful.

I suspect that having a limit on registered (again, my term) devices is a WireGuard thing as it says here that you can only have five Wireguard keys. What a key is, is apparently none of my business. Also, I have used Mullvad in the past and this was not an issue back when they used open source OpenVPN client software on mobile devices. If it is a WireGuard thing, then the Windows software should have asked if I wanted to use OpenVPN instead of de-registering (or whatever its called) another of my devices. It did not.

As thing stand, Mullvad is not appropriate for a general non-techie audience. It is only for someone willing to dive into this rabbit hole, or, someone with no more than five devices. This is a shame, as Mullvad does so much right.

Connection Status/Information

One thing Mullvad does not believe in is providing detailed information about the VPN connection or their servers. Up front, their VPN client software does not provide any indication of how busy any of the available servers are. There is a server status page on their website, but it does not show any information about how busy a particular server is. In contrast, Windscribe provides both the Ping time to their servers and an indication of its current load in their client software.

While connected, Mullvad software does not provide data on how fast the connection is, how long it has been active or how much data has been transmitted in either direction.

On the upside, Mullvad provides both an input and output public IP address for the VPN connection. I have seen this on both Windows and Android. For the input IP address, they also display the port number and the server name. The input IP is what your router sees. I have not seen any other VPN client software that provides two different public IP addresses. That said, sometimes with a VPN, the input and output IP address are the same, so this is not always needed.

Mullvad on Windows 10
VPN client version 2022.5 December 2022 - January 2023

Mullvad on Android

Mullvad on iOS

The Mullvad app version 2024.3 (introduced in May 2024) finally introduced a feature that I wanted for a while - Custom Lists. These are lists of your favorite VPN server locations. Your lists appear over the master list of all server locations, which is huge and sorted alphabetically. Prior to this feature, I had to scroll through the long master list, to find servers in the United States and the United Kingdom. Anyone living in Australia or Belgium had no problem :-).

The below is as of iOS 17.2 and Mullvad app version 2023.8, both were current in January 2024.

Mullvad on ChromeOS

February 2023: I have the Mullvad Android software (v2022.3) installed on a Chromebook that I often use horizontally (landscape mode). The software can't handle that. Every time it runs, the screen is rotated sideways because the software can only run in portrait/vertical mode. It's getting pretty annoying.


PROTON VPN

ProtonVPN on Windows 10
Software version 1.26.0 March 2022

--The software update process is excellent. You are notified that a new version is available but you are not forced to update. You are told about the new features before doing the update. The update process is painless, just click on a link and, if running as a restricted user, enter the password for an admin user.

--There is a quick connect button that connects you to a fast server that is chosen for you. You can also configure profiles to connect to specific servers. You can not have a profile connect to a specific US state, only to an individual server in the state. That is, you have to pick server TX#34 or TX#35 rather than Texas. The profile also lets you chose the type of VPN: WireGuard, OpenVPN with TCP, OpenVPN with UDP or Smart, which lets them chose for you. Smart is what they suggest. Before you connect, there is a list of your profiles. For each profile, it shows you how busy that specific server is, both as a graph and as a percent. A percent of what? It does not say. Maybe CPU usage, maybe bandwidth, maybe both. Dunno.

--While connected, you can see the pubic IP address of the VPN server you are connected to, the data transmission rate, the total amount of data sent/received (referred to as "Volume"), how long you have been connected and the type of VPN. Some of this information is only shown on the map which makes no sense. What is really nifty is that it shows the current load on the server (again, load of what?). So, the server you are connected to may have been lightly used when you first connected, but now it could be very heavily used so you may want to connect elsewhere. It is very rare to see current server load information in real time.

--Navigation within the app is annoyingly inconsistent. There are two tabs, Countries and Profiles. Fine. But all the other stuff is scattered. Some of the other options exist as small buttons in the Countries tab. The rest are accessed with the three horizontal lines in the top left corner, then clicking on Settings. It is as if one group created the app, then it was turned over to a different group to maintain it and they had different ideas on navigation. One small button in the Countries tab is an on/off for the Secure Core feature. Another is for NetShield which can be set to block nothing, block only malware or block everything: ads, trackers and malware. The last button configures the Kill Switch which can be On, Off, or Permanently On.

--There is a custom DNS option but it only takes an IPv4 address for input. It claims to support Private DNS but all private DNS providers give you a host/server name, no one uses IP addresses This seems half baked.

--A big part of the user interface is a map of the world that struck me as useless and lame. While I was connected to the West coast of the US, the map showed me in Kansas. You can get rid of it (look for a tiny arrow pointing to the left).

ProtonVPN on ChromeOS (Chromebook)
Android app version version 4.3.52.0 | ChromeOS version 105 | November 2022

--Problem connecting: I installed a new copy of the ProtonVPN app on a Chromebook and logged in. The Internet connection was working fine, but the app would not connect to any VPN server. Worse, it would fail repeatedly. I tried both a VPN profile and the Quick Connect option. I changed the system wide DNS to a different provider. Still failed. There is an option in the app to display the log file, but the log text was too small to read and it was not possible to copy the log text anywhere. I reported the problem through the app and the problem report included the log. However, when ProtonVPN responded, it was clear that the log did not provide nearly enough information to understand the problem. They asked for my location, the servers I tried to connect with and more. Rebooting the operating system fixed the problem. However, it was not a one time fluke, because the same thing happened shortly after the reboot. My guess is that it has something to do with the Chromebook waking up from a sleep state.

--Smart Protocol is stupid: The above problem pointed up another problem with the Android app. I did some more debugging and found that OpenVPN and IKEv2 worked fine. Whatever the problem was, was limited to WireGuard and their home-grown Stealth protocol. All my initial tests were done with the default ProtonVPN "Smart" connection. This is supposed to mean that the app chooses among the many supported VPN protocols. My experience shows that the app is not smart enough to try making an OpenVPN connection or an IKEv2 connection when an initial WireGuard connection fails. Adding on more stupidity, it keeps trying to make a WireGuard connection over and over and over. It did not stop until I told it to stop.

--Problem handling is amateurish: After some emails back and forth it turns out that there is a known bug with ChromeOS after it wakes up from sleeping. Fine. No one expects everything to be perfect. But, then what? There should be a public web page where I can go and check on the status of the problem. There is not. Proton should keep track that I am one of the people who experienced the problem and they should email me when its fixed. They do not do this.

ProtonVPN on Android
Initial testing: Android app version version 4.3.52.0 | November 2022

ProtonVPN on iOS version 15.5
Software version 3.1.3 May 2022

--User Interface: There are five buttons along the bottom. The easiest is Quick Connect which connects to whatever VPN server the software thinks is best. Countries is self-explanatory, which you click on a country you see the list of all their servers in that country. For each server you see the city it is in and a percentage, which I have to assume is how busy the server is. Click on a server to connect to it. The Map button strikes me as useless.

--Profiles: The Profiles button presents a list of profiles. You are not shown the type of VPN used by any of the profiles. Profiles that connect to a specific server, only show the country and the server number. They do not show the city where the server is. Even when editing the profile, the city is not shown. You can make up for some of this missing information in the name of the profile. Instead of one specific server, a profile can also connect to the Fastest server in a country or a random one. After not using the app for a while, I could not figure out how to edit a profile. There is an edit button tucked away in the corner of the screen.

--Features: The app supports WireGuard, IKEv2, OpenVPN with UDP and OpenVPN with TCP. The default is "Smart", which means the app chooses the protocol for you. The NetShield feature can block either malware alone or malware, ads and trackers (great). There is a Kill Switch and an option to Allow LAN connections (I did not test it). Debugging is built into the app. In the Settings section, it can show three different logs: Application, OpenVPN and WireGuard.

--While connected: a green stripe (good color choice) confirms the VPN is connected. You see the public IP address of the server, the city it is in, its number, the protocl being used and how long the VPN has been connected in what seems to be HH:MM:SS format. Again, nothing is explained. The Quick Connect button changes to a Disconnect button while the VPN is connected.

--Problems: The Always-on VPN option is not an option. Its always on. I don't like this on a conceptual level. Also, I suspect it may not interact well with the Airplane Mode feature. Worse is that in testing I did in May 2022, the VPN seems to have leaked. In fairness, I suspect this is an iOS problem not a ProtonVPN problem. However, their tech support has been less than ideal. The details are here.

ProtonVPN on an Android Fire Tablet
VPN app version version 4.4.73.0   November 2022

The software on FireOS is drastically different from both the Android and iOS apps.No fancy features at all. There are flag buttons for the available countries and you connect by clicking/pressing on a flag. That's about it. See a screen shot of what it looks like when not connected. You can see how busy each server is before connecting or just click on a country. There is no choice as to the type of VPN and it does not even tell you what type of VPN connection it has made (OpenVPN? WireGuard?). This is what it looks like when connected.

ProtonVPN Cancel an Account
December 2022

My ProtonVPN account is configured to automatically renew when it expires. Disabling the automatic renewal seems to be impossible. There is nowhere in the website Dashboard to stop the automatic renewal. I tried to delete the credit card on file, but it would not allow this. I went to the Payment Options page in their tech support section and struck out there too. I tried to do a Chat from the website Dashboard but no one was available. So, I had to submit my How To question as a tech support ticket. Waiting to hear back. This just confirms my decision not to renew.

Proton responded very quickly and said "Kindly note that all Proton plans are renewed automatically unless the subscription is canceled prior to the renewal date. If you'd like to avoid an auto-renewal the next time around, you'll need to cancel the subscription in the Dashboard tab of your account ... However, please note that all plan changes are immediate and irreversible, therefore we advise you to cancel the subscription near/on the expiration date of your current plan. If you'd like, we can also remove the payment method on our end. In that scenario, the subscription will still renew if not canceled on time, however, you won't be charged automatically for the renewal." What does it mean to renew and not be charged? I don't care any more.


OVPN

OVPN on Windows
Software version 2.0.0 and 2.1.0 April/May 2022

--Installation: There is a huge installation problem. Now that their software includes WireGuard, it MUST be installed while logged on to Windows as an administrator. It can not be installed if the currently logged on Windows user is restricted/standard. In and of itself, this is not a huge big deal, but two decisions by OVPN make it much worse. The first is that they don't tell you this. You have to complain to tech support that the installation failed, provide them with debugging information (which you have to do on your own, unlike when the app is running) only to find out later the real cause of the problem. Both the software and their website should warn people about this, neither does. Adding insult to injury, when the software detects a new version, it will not let you continue to use the old version. This is no way to run things.

--Features: The interface for picking servers manually is great, it shows both how busy each server is and the ping time to the server (screen shot). On the other hand, the scrollbar for scrolling through the list of servers is much too narrow. It can also chose the best server in a country of your choice, or just chose the best server, period. Once connected, there is no indication of how busy the server is. Usually you can pick individual servers to connect to, but on one computer, it only let me connect to the best server in a specified country, not sure why. There is a question mark next to every configuration option that takes you to a dedicated web page with an explanation of what that option is. Great. (screen shot). There is a Support feature that lets you describe a problem and report it to them, optionally with logs and diagnostic data. Nice touch. There is also a button to show the log files. The software keeps two different types of logs on your computer. The Kill Switch is on by default (good). IPV6 is off by default (good). Launch on boot is on by default (not my preference). The software supports OpenVPN and WireGuard. OpenVPN is the default and it can run with either UDP or TCP which is pretty standard. Only a single port is supported for OpenVPN (but they are different for UDP and TCP). While connected, the app has two different graphs of bandwidth usage. There is an icon in the system tray. When connected, it is green, when disconnected it is yellow. Good choice of colors. When connected with OpenVPN, you can not access devices on your LAN. Tech support was great when I asked about this, they said that with the WireGuard software from WireGuard, you can connect with LAN devices. I did not try it.

--Wireguard: Wireguard is a constant problem with OVPN. Very often it fails to connect due to key management. Other VPN providers do not seem to have this problem and I do not fully understand it. To fix it, you have to logon to the OVPN website and expire old keys. The error handling for this is not the best. For example, the first time I tried to connect with Wireguard on a Windows machine, it just ignored me. There was no error message and no VPN connection either.

OVPN on Android version 12
App software version 0.8.0 released Feb. 10, 2022. Observations from May 2022

Originally OVPN relied on open source OpenVPN software on Android. Now, they now have their own app (it was first released in 2020). The app only supports WireGuard and has relatively few features. That said, it does have two features that I consider important: it can block ads and trackers (always does both) and it can hide you on the LAN. On the other hand, I did not like how it handles WireGuard keys. While you can install the OVPN software on an unlimited number of devices, there can only be six active WireGuard keys and I often maxed out. When this happened, the app failed to connect and the error message was useless. More than once I had to logon to their website and delete one of the active WireGuard keys before I could connect.

--Connecting: VPN servers can be chosen for you automatically, or you can pick your own manually. The automatic approach requires you to first choose a country, then the software will pick a server in the country for you. Each country is identified with a "ms" number. What the number is, they don't say. It is probably the ping time to a server in the country. To pick a favorite server (it does not keep a list of your favorites) manually you first select a country, then it shows all the cities in the country with, again, a ms number. When you select a city, it shows all the servers in that city along with a percentage, which I assume is the server load. Based on using their Windows software, their servers are never very busy, which is great.

--While connected: it shows the city, country and IP address of the VPN server (screen shot). It also shows how many minutes you have been connected. Nothing else. There is no speed or bandwidth information. It is annoying that the blue circle rotates all the time. On Windows, a similar blue circle only rotates when making a connection, then it stops once connected.

--Configuration: There is a toggle option to Block ads and trackers. There is another toggle option to "Communicate with LAN devices". i did not test this.

OVPN on iOS version 15.5
App software version 0.5.0 dated Feb. 2022. Observations from May 2022

The user interface on iOS is, by and large, a duplicate of the user interface on Android (see above). Here too, only WireGuard is supported. As on Android, there is an option to block ads and trackers (only does both). However, it does not have the an option for blocking LAN side communication. Maybe this is unnecessary as a recent addition to iOS was the ability to block LAN side communication? I am not sure.


WINDSCRIBE

Account types

December 2022: Windscribe offers three types of accounts: free, full service and half service. The "half" option deserves an explanation. For $2/month you can access their servers in only two countries. You pick the countries and you can change them later. In each country, you get access to all their servers. If want to use 3 countries, it costs $3/month, 4 countries is $4. At some point it makes more sense to use their full service. The "half" option is limited to 30 gigabytes of data per month. The main window of the app tells you the amount of data left in the current billing period. It is also limited in its use of the R.O.B.E.R.T. DNS feature (which is a great feature, by the way). A "half" account is allowed to use R.O.B.E.R.T. to block malware, ads and trackers, but that's it. A full account has access to about 7 other categories of R.O.B.E.R.T. blocking. A full account can also block 1,000 specific DNS names (domain or sub-domain) A "half" account can only block 3 DNS names. If nothing else, a "half" account is a very cheap way to kick the tires on the Windscribe software and service.

Needless to say, they don't call it a "half" account. In their Android app, they call it a "30 GB/Month" plan and on their website, they call it a "Custom plan".

Windscribe on Windows 10
Software version 2.3.16 April 2022

It does not display workload information for individual VPN servers (their Android app does). There is a link to download the software at windscribe.com/download but there is no link to any installation instructions. That said, the installation process is painless. On Windows 7, there is no way to get an icon for the software in the system tray. You either see the software on the task bar or you see nothing at all. And, while the taskbar entry does change to indicate the connected status, the change is very subtle and easily missed. On Windows 10, there is a system tray icon. Some setup options are in the section with the list of servers, other options are in different sections you find in the hamburger menu. So, inconsistent. The index of sections in the hamburger menu is icons rather than words which I find a constant annoyance. The list of countries to connect to seems haphazard and is a lot to scroll through. The software can be installed by a restricted/standard user and yet it includes Wireguard. This is different and much better than OVPN (above). The app is ugly. The app does not have a standard Windows title bar which makes it hard to move it around the screen. It is hard to scroll in the app because the scrollbar is far too narrow. Tip: make the app window taller to avoid vertical scrolling.

--Features: There is a MAC spoofing option, which is unusual and might be a good thing, but there is no explanation of it in the app. There are five different VPN protocols to chose from. It is confusing however that OpenVPN with UDP is called UDP (same for TCP) in the app, so unless you do some homework, no idea it is OpenVPN. Dumb design. Two off-the-beaten-path types of VPN it supports are WStunnel and Stealth. WireGuard and OpenVPN are supported on five different (fixed) ports, which is great. IKEv2 has to use port 500, such is the protocol. Before connecting it does not tell you how busy each server is, but it does show the ping time. This is not all that helpful in finding a city/server close to you. There are no profiles. There is an option to Kill TCP sockets after connection. This is rare and a very good thing. It insures that existing connections between Windows and the Internet are terminated when the VPN is activated, so that everything is forced to use the VPN tunnel when communicating with the Internet.

--DNS: You can use a custom DNS while connected to the VPN which is nice. Their normal DNS service, ROBERT, blocks many ads and trackers. When I need to do something that ROBERT blocks, there is no need to update the ROBERT rules (but you can). Instead, I specify another DNS service in the "DNS While Connected" field. This requires disconnecting and re-connecting before it takes effect, which you are not told.

--While connected: The software tells you very little about the current connection. It does not tell you how long you have been connected, the total data uploaded/downloaded, the current speed or how busy the server is. It does tell you the public IP of the VPN server, the type of VPN (IKEv2 seems to be the default) and the port number. When you disconnect, it tells you how long you were connected and some other bandwidth number. Not sure about what that number is because it is displayed for only a second, literally. Update: By accident, I discovered that if you hover the mouse over the type of VPN or the port number, there is a pop-up telling you how long you have been connected (with no label as to hours or minutes, just a string of numbers) and the amount of data transferred. In which direction(s) was this data transferred? Don't say.

--Firewall: The kill switch is called a firewall, a constant annoyance. There is a toggle for it in the main part of the app. One way the indicator is white/black, the other way it is white/blue. Which is on and which is off is not obvious at all. Elsewhere in the app, ON is indicated by green/black, so inconsistent.

--There is a toggle option to Allow LAN traffic but there is no documentation on it. I searched their Knowledge Base for the option and came up empty. Seems to not work. With it set to OFF, I was able to get to the web interface of my router. I was also able to run a LAN scanning program and see other devices on my LAN. Worse, a LAN scanning program on another device was still able to see my VPN connected PC. This is bad. Tech support at Windscribe said "The logs ... show that you did disable the Allow LAN Traffic option but, the firewall was turned off ... Therefore, despite having the Allow LAN traffic option disabled, when the firewall is deactivated, you will still be able to access your LAN resources" Again, when they say "firewall", they mean Kill Switch. So, somehow the Kill Switch needs to be on for LAN traffic to be blocked. Again, there is no documentation on this which is disgraceful. With the Kill Switch on, some things were blocked, others were not. Ongoing....

--Un-install: An un-install of the app leaves information behind. I used it for a bit, uninstalled it for a while, then when I re-installed the software, there was no need to provide my Windscribe userid/password. It was still on the computer.

--Log file: You can view the log file in a font that is readable. You can also export the log file, so all good.

--Upgrade: I upgraded to version 2.4.10 in November 2022 and lost my favorite servers. Not the first time that upgrading has wiped out the favorite servers. Turns out this was even worse. The next day, after re-booting Windows, my just-recreated list of favorite servers was gone again. Surely a bug.

--December 2022: software version 2.5.14 on Windows 10

Windscribe is starting to add links in the app to web pages that describe some of the options. Not all, just some. Here is the link to the Firewall feature and the Connection mode feature. Sadly, both are bad. What they call a firewall is a kill switch. If they want to argue that their kill switch is better than others, fine. But don't call it a firewall. The link to the Firewall explanation is only in the Settings section, not on the main window for the app, where you see the Firewall status. And the status is either blue or black. Which is on? Which is off? Its not obvious to me. They use ON/OFF to indicate the VPN connection status and they should the same for the Firewall/Kill Switch status. In the app, there is an option for Connection Mode and its an important one. But the web page describing this calls it Flexible Connectivity. One name is enough for any particular feature.

The display of the software version is still hidden at the bottom of the General section rather than being in the About section where all other software puts it. There is an App Skin option (I can not explain where it is as the different sections in the Settings make no sense to me) that can be set to either Alpha or Van Gogh or classic or earless. Yes, there are four names for two options. And no explanation for any of it. What miserable UI design. I suggest Van Gogh.

As for debugging, Help -> View debug log works well. It shows the log in a font that I can read and lets me easily copy the log data and/or save the log file. But, the log records are timestamped in a date format that makes no sense. And, the time on the log records is not in my local time zone, so I could not, at first, figure out either the date or time that the log records are from. To figure out this puzzle, I had to save the log file. It turns out the Log file display is quite different from the underlying log file data. The underlying file has data from multiple days which made the date format obvious. It had log records going back a couple weeks. The format is DDMMYY. The log also has a record with "App start time" that displays the date/time in an obvious format using the time zone of the computer.

A nice feature of the software is that when your subscription is a few days away from expiring, there is a notice on the main display telling you how many days are left in your subscription (screen shot). Of course, there is also a button for Renewing.

The software also handles the notification of a newly released version well. It puts up a notice about the new version on the main display (screen shot). It is not in your face and you are not forced to update immediately. It is just an FYI.

FYI: Changelog for the Windscribe Windows software: windscribe.com/changelog/windows

Windscribe on iOS version 15
App software version 3.0.0 (262) April 2022

The lack of explanation is a huge issue. Before connecting, some servers have a number next to their name which I assume is the ping time. I have to assume because there is no column heading in the display. Some servers have no number, what that means is a mystery. When I connect to a VPN there is a huge warning "This network is unsecured". What that means, I have no idea. It is not even clear if the message refers to the local Wi-Fi network or the VPN server it is about to connect to. The expanded explanation under this message is: "Unknown is unsecured, meaning you don't wish to use Windscribe while on this network" WTF? After a few times, the "unknown" was replaced with the SSID in my home, so its not complaining about the VPN server. What does it think is wrong with my home network? No idea. Its WPA2 Personal and, trust me, quite secure. While connected to the VPN, the app provides no information at all. For assorted toggle switches, the app uses black/white to indicate OFF and green/black to indicate ON.

--Features: The option to "Show Location Load" is off by default. When enabled, the app shows a green line of varying length under each section of a country (i.e. Canada West) and a green line under each server. What is the green line? Is a longer line better than a shorter one? None of our business, there is no explanation. The app supports three types of VPN: IKEv2, WireGuard and OpenVPN (on either UDP or TCP). With both WireGuard and OpenVPN, six different connection ports are available, a nice defense from blocking.

Windscribe on Android version 12
App software version 3.1.887 May 2022

--Compared to their Windows software, the Android app has a better user interface. See a screen shot of the app. When you first login, there is an option to display the password as you enter it. This is helpful for those of us with long passwords.

--DNS: You can configure R.O.B.E.R.T categories (their DNS system that blocks ads/trackers and more) in the app. To configure specific DNS allow/deny exceptions, the app takes you to their web site. Fine. However, the use of R.O.B.E.R.T is mandatory, there is no Custom DNS option. (verified Oct. 2023 with app version 3.74.1243 on Android 14). R.O.B.E.R.T is a great DNS system but if you already have customized NextDNS profiles, this is not for you. Also, R.O.B.E.R.T has no logging, which NextDNS does offer.

--It takes some tweaking, but the app can show both the load and the ping time for each VPN server. The big down side is that there is no easy-to-find documentation on the configuration options. There is a Help section in the app but that links to general help that is not focused on the options in the Android app. OVPN was much better at documenting each configuration option. That said, the version number of the software is in the General section (scroll to the bottom) rather than the fairly standard About section. Also, it does not do landscape mode.

--Configuration General options: I always change the "Display Latency" from Bars (the default) to Ms. This takes effect immediately if you are currently connected to a VPN server. One one Android device the Ms did not display at all. Another device was fine. I did not investigate. The "Show Location Load" option is OFF by default. Turn it on. It adds a green line underneath each displayed VPN server. The problem, however, is exactly what does the green line indicate? Is a long line (more green) better or worse than a short green line? If green is good, then more green is better? Or, is it showing the load on the server, in which case a shorter line is better and they should not have chosen a bright green color. This change also takes effect immediately, even if the VPN is active. The option for Haptic feedback is ON by default, I always turn it off. There is a toggle option for "Notification stats" that does not seem to do anything.
Speaking of toggle options, they are too hard to toggle. The slider is much too small. The list of servers is presented in geographic sequence by default, which I find sub-optimal. I suggest changing the sort order to Latency so that countries near you sort to the top. That said, this sequencing is far from perfect. Eventually the sorting sequence won't matter to you as you can set Favorite VPN servers that display in their own section of the app. That said, I have lost my favorite VPN servers many times, the last time a password reset wiped them out.

--Configuration Connection options: Connection Mode is perhaps the most important option in this section. It defaults to "Auto" which, in turn, defaults to IKEv2 and port 500. If you opt for Manual, you can chose other types of VPN connections (such as WireGuard) and also pick from a small list of allowable port numbers.

--While connected: It says "ON" which is good. It also shows the type of VPN connection (such as WireGuard or IKEv2), the port number and the public IP address of the VPN server. There is no bandwidth information while connected.

--Location Load: Windscribe has a comprehensive status page at windscribe.com/status. I mention it because it too has green lines underneath each VPN server. It also shows the load on the server as a number which makes it obvious that shorter green lines mean a lesser load.

--LAN traffic: Tested Nov. 2022 using app version 3.3.1003 on an Android version 10 tablet with Android patches as of June 2022. With the VPN off, I was able to see many devices on my LAN and I was able to communicate with my NAS. Then I connected the VPN which was configured with "Allow LAN traffic" OFF. It seemed to work, a scan of my LAN now showed only the router, the other devices did not appear. I was also not able to ping the NAS. But, that is only half the story. A device on my LAN was able to see the VPN-connected Android tablet when doing a LAN scan. It was also able to ping the Android tablet. So, FYI, this option works for data going out, but not for data coming in.

Windscribe on an Android Fire Tablet
VPN app software version 3.4.1085 November 2022

The VPN client on FireOS has pretty much the same user interface as their Android software.

April 2023: My router blocks some IP addresses and logs all attempts to connect to them. Without the Windscribe app running, the router detected that the Fire Tablet frequently tried to make outbound connections to some IP addresses on my banned list. It would both Ping the IP address and try to make a TCP connection to port 443. It did this often enough that it flooded the log in my router and I had to un-install the Windscribe app. I could have just stopped logging anything from the Fire Tablet, but I don't like that it was phoning home when the app was not even running. The IPs that the tablet tried to contact all belonged to Windscribe, this was not anything like Facebook pixel spying. Still, the app was not running.

 

 This page: 9 views per day (over 200 days)   Total views: 1,739   Created: November 12, 2023
This Page
Last Updated

May 26, 2024
Site Page
Views TOTAL

 910,900
Site Page
Views TODAY

  793
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2024