Not only do VPN users have to be weary of shady VPN providers not being as secure or private as they boast, but now you also have be careful that your popular and well-reviewed VPN provider isn’t pulling a fast one on you as well!
For a while now the VPN market has been saturated with crappy VPN providers just trying to rake in the cash during the current heightened levels of internet privacy and security hype thanks to recent events such as the leakers and whistle-blowers like Snowden and Manning, the privacy impeding laws threatening net-neutrality with U.S. ISPs, as well as the data breaches effectively putting millions of peoples’ private information up for grabs that are happening more often and on larger scales each time.
Mobile device app markets, especially the Google Play Store, are plagued with dozens of VPNs promising privacy, security, and anonymity, but users often get more than just those features – if even those features at all. Research done by Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) and the University of South Wales and UC Berkley found malware in 38% of the 283 VPN apps on Google Play Store: 66% tracked users via spyware, 38% implemented some sort of adware or malvertising (malicious advertising) campaign, 80% requested access to a user’s private information stored on the device, 84% leaked traffic usage, and 18% flat-out did not encrypt traffic.
However, now it seems there is a new problems with VPNs to watch out for – “Virtual Locations”.
VPN Virtual Locations Explained
Apparently VPN providers wanting to provide VPN access to certain countries or locations that for one reason or another can’t have a server in that specific location have been using a workaround. Instead of getting a physical server in the desired country, what the VPN provider will do is reserve IP addresses in the desired location and then forward traffic to them somehow, perhaps via some sort of 3rd party proxy service. So, “Virtual Locations” is basically a fancy way of saying “Fake Locations” or “Pseudo Locations”.
RestorePrivacy, a website dedicated to giving internet users the info to restore privacy and remain secure while online, recently put three of the top VPN providers under the microscope to find out exactly what is up with these “Virtual Locations” that seem to be popping up. The lucky candidates to be scrutinized were ExpressVPN, PureVPN, and HideMyAss.
Examining the Biggest Three Offenders of Virtual Locations
Although some of these bigger VPN providers actually make note of some of their servers being “Virtual Locations”, RestorePrivacy took a closer look at just how they work and how honest the VPN Providers were actually being. RestorePrivacy put a large portion of VPN servers from all three providers through a some-what rigorous and daunting series of tests to further examine their means of operation – both regular locations and virtual locations were tested. Here’s a simple break-down of what he did:
- Used CA App Synthetic Monitor ping test to Ping the Servers from 90 different Worldwide Locations.
- Used CA App Synthetic Monitor traceroute to Traceroute the Servers from multiple Worldwide Locations.
- Used Ping.pe to Ping Servers from 24 different Worldwide Locations.
The first ping test helped get a starting location of the server being tested by pinging it from 90 different locations around the world to triangulate where it us by looking at the countries with the lowest ping time. The second test used multiple locations around the world to traceroute how long it takes to reach a specific server similarly to a ping test but a bit different – traceroute tests how long it takes for a ping to reach it’s final destination after hitting the first server in it’s line of server hops. The third test was a combined ping/traceroute that was basically just used to back up the locations that the first two tests pointed to.
Here’s the basic results of what RestorePrivacy’s tests revealed about HideMyAss, PureVPN, and ExpressVPN:
HideMyAss – The VPN with the Largest Global Spread
HideMyAss is actually pretty transparent about their use fake locations, calling them “Virtual locations“, and even has a knowledge base article in their support area about their use of virtual locations. Their VPN client also clearly labels all virtual locations. For this reason, RestorePrivacy didn’t dig too much deeper into HMA and their big claims of VPN servers in 190+ countries. A few of HideMyAss’ “Virtual Locations” are North Korea, Zimbabwe, and Somalia.
PureVPN – One of the VPN Provider World’s “Biggest Contenders”
PureVPN also makes their use of fake locations apparent in a support post, instead calling them “Virtual Servers“. Virtual servers are also labeled in PureVPN’s server list – virtual servers located in the Unites States have a “vlus” prefix and European virtual servers have a “vleu” prefix. RestorePrivacy also found that a few servers, which PureVPN boasts are spread across 141 countries, that were not labeled as virtual servers even though they were indeed fake/virtual locations upon further testing. Some of PureVPN’s “Virtual Servers” are Papua New Guinea, Sri Lanka, and Senegal.
ExpressVPN – The Best Streaming VPN, Very Expensive
ExpressVPN was different than HideMyAss and PureVPN because they did not disclose or label their fake locations in any way. RestorePrivacy was told via chat by an ExpressVPN representative that all of their locations were real. RestorePrivacy was still curious, though, and rather quickly identified 11 fake locations when testing a random selection from ExpressVPN’s 94 claimed countries. A few of ExpressVPN’s fake locations were found to be Pakistan, Laos, and Philippines.
However, six days after RestorePrivacy published their article, ExpressVPN followed suit and posted a support article on their website going over their “Virtual Server Locations” which number 29 in total.
The Problem with Fake Locations and VPN Virtual Servers
With the current VPN marketing trend of location-quantity winning versus location-quality, it may be hard to see the real problems fake VPN locations could present. Here are a few ways that “virtual Locations” could give you a headache, or even get you in trouble:
- VPN Performance and Ping from Virtual Locations will be less than expected from a true VPN server. (Gaming, Forex, etc.)
- VPN Servers in countries with restricted content will also affect the content of Virtual Locations. (News, Streaming, etc.)
- VPN Virtual Locations will be subject to the laws of the actual VPN server as well as the fake location IP address. (Torrents, Activism, etc.)
For these reasons, among many other reasons, RestorePrivacy recommends choosing a VPN provider that puts an emphasis on the quality of their VPN server network rather than marketing gimmicks and high number counts. I reached out to all of the VPN providers covered here on GetFastVPN, plus a few others, regarding their use of “Virtual Locations”. Here are the results of my questions so far:
VPN Providers’ Answers Regarding Virtual Location Usage:
Click a Column Headers to sort!
Tap Row Headers to Sort on Mobile – Table Scrolls Left/Right.
|VPN Provider||Contacted Via||Vitual Locations||Extra Info||Notes|
|BananaVPN||Contact Form||(Awaiting Reply)||(Awaiting Reply)||(Awaiting Reply)|
|ExpressVPN||n/a||Yes||Support Article||Covered in Article|
|HideMyAss||n/a||Yes||Support Article||Covered in Article|
|Hotspot Shield||Yes||Support Article||20 Virtual Locations|
|IVPN.net||Support||No||VPN Location Verify Guide|
|NordVPN||No||Some servers rented, all are non-virtual.|
|OverPlay.net||Support||Yes||ALL servers are virtual locations|
|PerfectVPN.net||Support||Failed to Answer* (Assume Yes)||Didn't answer question, told me to use trial|
|PrivateInternetAccess||Support||No||All physical, left Russia because of Log Laws|
|PrivateVPN||Support||Yes||Only Japan virtual until Oct. 2017|
|PureVPN||n/a||Yes||Support Article||Covered in Article|
|SpyOFF||Support||No||(Awaiting Reply)||(Awaiting Reply)|
|TotalVPN||Support||(Awaiting Reply)||(Awaiting Reply)||(Awaiting Reply)|
|VersaVPN||Support||(Awaiting Reply)||(Awaiting Reply)||(Awaiting Reply)|
|VPN.asia||Support||(Awaiting Reply)||(Awaiting Reply)||(Awaiting Reply)|
|WindScribe||Support||No||All physical, even free servers|
Keep in mind, some of these providers could be lying even though it’s unlikely. To be 100% certain, do your own VPN server tests – it’s your security and privacy at stake.
It’s worth noting that some of these VPN Providers felt the need to point out that RestorePrivacy is a third-party using third-party testing tools and that the legitimacy of their article and it’s results could be questioned. However, GetFastVPN is also a third-party affiliate marketing website, similar to RestorePrivacy, and for GFV to mention and link to a competitor’s article – the the findings must be pretty darn convincing. (Good job RestorePrivacy!)