Last update: 10.01.2018
This one could be brilliant if it weren’t for some glaring weaknesses. We hope they’ll up their game so we can rate them higher in our next CyberGhost review!
You were halfway to clicking that torrent magnet link button, but then you glanced through the window, and the realization struck you: it looks an awful lot like that Blade Runner movie. Doubt gnawing at your mortal soul, you felt the finger slip and then there was a nervous tap-tap-tap on the table. “I should probably get a VPN,” you heard your mind say just as the voice next door went: “Do you long for having your heart – interlinked.”
As you’re scrolling through “Top 10 VPNs” lists, your eye latches onto that cute CyberGhost logo (somewhere around #3 or #5). Has your all-too-human mind betrayed you once again? Is this VPN, in fact, absolutely atrocious? That’s what we’re here to find out, and we’ll do it point-by-point. Read on for the full CyberGhost review.
CyberGhost 6 has some very solid features, making it comparable to industry leaders ExpressVPN, NordVPN, or TorGuard. However, the comparison only works on the surface. For example, in terms of security, CyberGhost also offer AES-256-CBC encryption, claim they have a no-logging policy, and also claim their service is not susceptible to DNS or IPv6 leaks. Unfortunately, CyberGhost’s “no-logging” policy doesn’t really hold up and not that long ago the VPN did have some leaking issues, not only with the notorious WebRTC bug but also with DNS queries. CyberGhost 6 offers an effective kill switch, but, sadly, you can’t toggle it. Finally, they’re registered in Romania, which is not a 14-eyes country and has no data retention laws, but they are owned by a very shady Israeli company by the name of Kape Technologies (formerly Crossrider).
Some of its other security features also fall behind NordVPN or ExpressVPN– there’s no SSTP protocol, no multihop (double VPN) function, no TCP 443 port. But CyberGhost also has some advantages in this area, such as their Romania-based Nospy servers, for example.
CyberGhost will let you do most of the things we love Nord and Express for – watch Netflix, use torrents, (barely) bypass the Great Firewall of China. It seems you’ll do it all just a little bit worse though. CyberGhost servers are less numerous those of either Nord or TorGuard, and cover less of the globe than Express. In particular, the VPN has limited presence in Asia and Africa. This means that users in these regions might get worse performance than they expect. Admittedly, for many this will not be a problem, particularly if they’re based somewhere in Europe or the US.
CyberGhost has custom apps for all main platforms – Windows, Mac, Android, iOS. They’re all fairly simple, but not necessarily user-friendly. There’s support for routers, but no custom CyberGhost router app. 7 simultaneous connections is a good number – that’s 1 more than NordVPN and more than double what ExpressVPN offers. Let’s be honest though – how many people use VPN on 7 devices at a time? (hint: it’s 7. Get it?)
The advantages of CyberGhost 6 over the best of the best are small, but some of the drawbacks are as massive as that one jungle we heard about in the ‘90s. Also, speaking of tropical rainforests – their website may as well be one. The site makes it difficult to find in-depth information about the features. ‘Kafka-esque’ may be overstating it, but only slightly. They do have a live chat function, but is it available 24/7? Is it activated when an X number of wolves howl in the moonlight? I guess we’ll find out when they hire a UI/UX professional.
The VPN has stuff going for it – a tracking-block feature, malware protection, split tunneling, a positively black client, and a 7-day CyberGhost free trial. But don’t get too excited. It’s just not the best.
So, has the Ghost led you astray? Read this CyberGhost review to find out!
Is CyberGhost safe to use?
We’re not here to judge, but security should really be the primary concern for VPN users. After all, what good is Netflix if you can’t get any pizza (‘cause you’re in jail)? If that sounds melodramatic – rejoice, lucky one. Many around the World don’t share your privilege.
The question whether CyberGhost is a secure VPN can be answered a few ways. As a matter of fact, you can do a lot better or worse when it comes to security, as our CyberGhost review will show.
CyberGhost offers the same encryption standard as most top VPNs – the data channel is protected using AES-256-CBC with SHA256 hash authentication; the control channel goes through an AES-256 cipher with an RSA-4096 certificate and SHA384 hash authentication. No, we’re not just trying to sound smart.
The point is, CyberGhost’s encryption is beyond unassailable and no crowbar will help brute force it. The number of 256-bit key combinations is only a few orders of magnitude lower than the total number of fundamental particles in the observable universe. Allegedly.
DNS/IP leaking concerns.
While researching for this CyberGhost review, we found that the tool’s issues lie elsewhere. As recently as a few months ago, the VPN had some leaking concerns to address. Users should take notice of several types of leaks when discussing VPNs. The most important of these are currently DNS leaks and WebRTC leaks.
To say nothing about their causes, DNS leaks happen when your browser uses your local DNS server to translate domain names into IP addresses. When this occurs, your computer essentially tells your ISP what sites you’re browsing. At that point, you might as well throw all that encryption out the window because all it does is it slows your connection down.
WebRTC leaks refer to a bug in the browser’s real-time communication functionality, which can leak the user’s real IP address even when connected to a VPN service. This was an issue even for some of the strongest VPNs, CyberGhost being one of them.
Late last year, comparitech.com published an article detailing results from their extensive leak tests on some of the top names in the VPN market. The results should have been very concerning for CyberGhost users: comparitech.com discovered persistent vanilla DNS and WebRTC leaks with the CyberGhost Windows client.
Allow us to translate: a persistent vanilla leak refers to a leak that occurs during regular VPN session. In other words, it’s not like something must go wrong for CyberGhost 6 to leak your DNS or IP address (the latter over WebRTC).
Since then, these issues seem to have been solved (at least we couldn’t find any when writing our CyberGhost review), but it’s still quite shocking to find that a consensus top VPN can be this vulnerable. It’s certainly a big blow to their reputation – after all, online privacy is an industry of trust. Many will think twice next time they hear CyberGhost boast about some super-safe measure they’re implementing.
As our research for this CyberGhost review shows, past technical issues are, unfortunately, not the end of this VPN’s problems with security and privacy. We must also discuss factors beyond the service. The company is registered in VPN-friendly Romania and that’s great. This is a country that has shown a commendable attitude towards online privacy and is not part of the 5-eyes, 9-eyes, or 14-eyes country groups. Sounds good so far, but it’s not all rosy: in 2017, CyberGhost VPN was purchased by an Israeli company called Crossrider (recently rebranded to Kape Technologies). Immediately, alarm bells went ringing all over the online privacy community, because Crossrider has been caught doing shady things in the past (like creating software that borders on straight-up malware).
Again, VPN is an industry of trust, and Kape Technologies is the definition of untrustworthy – their owner is actually a convicted felon whom the Panama Papers have linked to 16 offshore accounts!
Furthermore, the CyberGhost VPN no logs claim is not as bulletproof as users may hope. The program is collecting data about successful connections and connection attempts and sending it to a third party – MixPanel. Although the data is anonymous, we still have a problem with VPNs using third parties for such things. Learning to trust one company with sensitive data is hard enough, but CyberGhost VPN is spread out over several services, making their reputation worth a lot less.
There’s also a bunch of third-party exposure to be had on the CyberGhost VPN website. Their site analytics trackers include not only Google Analytics, but also MixPanel, Sift Science, and Visual Website Optimizer. For communication with its clients, CyberGhost VPN uses Zendesk and Zopim. And there’s a Facebook pixel on the site for good measure. This seems a bit much for a company that claims they’re a ferocious guardian of privacy.
If there’s one thing we hope you get from this CyberGhost Review, it’s this – there are better tools to trust with your security and privacy.
Speed & Performance
Ah, speed & performance – an area where any VPN can be simultaneously good and bad if review sites are to be trusted. It’s no wonder, really, because it takes a rigorous process to get consistent speed testing results. There are too many variables to account for. As such, it is very important to try for yourself and get an idea of the speed in your location!
Either way, we ran some tests for our CyberGhost review, and, as it turns out, despite its claims to the contrary, the VPN has nothing to brag about. The speeds are alright – functional, but far from the best. The service has around 2,800 servers in 60 countries or so. That’s a very good number – it’s actually almost doubled over a period of several months. And yet the servers still seem to have a pretty heavy load in comparison some of the other good VPNs out there. Also, most of their infrastructure is based in Europe and the Americas. Therefore, these regions are likely to suffer even worse overcrowding pains.
How to get it
You sure you want to do this? Alright…
You can get the app from their website. Once you’re on it, just click the “Get CyberGhost button”. You’ll be asked to choose one of several (very reasonable) pricing plans, enter an e-mail address, and pay using one of their several payment options. Then you can go ahead and download the app.
How to install it
We went through the process for our CyberGhost review and it couldn’t be any easier. Well, it could, but then you wouldn’t get to choose the installation directory.
Just run the installer, click “Next” when it asks you to, and you’ll be good to go. The only unusual thing you’ll be asked to do is save or print a “PUK code”. You will need it if you lose your CyberGhost login information. The extra layer of account security is nice to see on a VPN – save that PUK and keep it close to your heart!
How to use CyberGhost
You’re an official “Ghostie” now – congrats.
For our CyberGhost review, we used the Windows app and must say the interface is interesting. Some will love it and others will hate it. We are firmly in the second category.
Our main gripe with the CyberGhost app is that it tries to simplify and ends up overcomplicating things. The first screen will give you several choices based on what you want to do: surf anonymously, use torrents, stream, etc. It’s easy to interpret these as separate functions, when in fact all they do is connect you to a VPN server. The only difference between these profiles is the server CyberGhost connects you to, and the configuration it uses. To be perfectly clear, we don’t have a problem with this feature – it will be particularly useful for less tech-savvy users. The issue is those same users are more likely to be fooled into thinking that, for example, surfing anonymously and streaming Netflix are mutually exclusive.
We prefer NordVPN’s approach here: offer the choice of “Specialty servers”. That feels a lot more honest than what CyberGhost is doing.
The front screen also has a “Choose My Server” option. This menu has some tabs to help you make that choice: Fewest Users, Most Users, Fastest Servers, Nospy Server, Torrent, and Extra Features (more about this last tab later). In this menu, you can choose not just the country, but also the specific server. You will see the server’s ping as well, which should help you find the fastest ones. The “Torrent” column shows which servers you can torrent on, and the “Torrent” tab shows you only those servers. Perhaps some will disagree, but I don’t see any real use for the “Fewest users” tab. It seems irrelevant how crowded the server is if the speed is good (or bad). The “Most users” tab is great if you have a low download speed fetish but using a dial-up modem makes you feel self-conscious.
The most interesting tab on the “Choose My Server” menu is the Nospy tab. Mysterious! What’s going on there? Well, in 2014 CyberGhost ran an Indiegogo campaign to fund the creation of their own data center in Romania. The campaign was an overwhelming success, and ever since then, the VPN has been offering access to free, Nospy servers. This was done in response to Snowden’s NSA revelations and the rising concern that intelligence agencies are presenting a greater risk to privacy than ever before. CyberGhost wanted to offer servers that are in their physical presence, ensuring that no one can tamper with the hardware.
The “Extra Features” are not bad. Some of these are similar to NordVPN’s CyberSec tool – the app offers to block malicious websites, ads, and online tracking. The Automated HTTPS redirect is pretty cool – it makes your browser prefer HTTPS over HTTP whenever possible. Data compression will help you deal with bandwidth limitations by compressing the data being transferred. Finally, Extra Speed will connect you to “fast” servers. This one’s available only for paying customers and cannot be deactivated if you are one. In other words, it exists purely for show.
Then there’s the “Settings” menu. We’ll skip the boring stuff because there are some cool features to discuss.
The first one is the “Exceptions” tab. Here you can create a list of Hosts or IPs that will be accessed using your regular connection, rather than a VPN connection. This is a powerful take on the split tunneling function and we salute CyberGhost for it. The ability to add exceptions can be useful for various reasons:
- Some online resources may require your real location to function properly. Google Maps may be a good example of this,
- Many workplaces will require you to access LAN resources – this function will let you keep your anonymity online while doing this,
- VPNs can be taxing on your connection speed. You might want to increase performance by keeping those needier resources outside the VPN tunnel.
The “Proxy” tab we can take or leave. It allows you to set up a proxy connection. This is similar to VPN in the sense that it obscures the original source of the data you are transferring. It is dissimilar in that it doesn’t offer nearly the level of anonymity a good VPN does. On the one hand, it’s cool to have this sort of budget-multihop feature, but in all likelihood, most will not find it practical. It’s only good if you have a trustworthy proxy. Perhaps even more importantly though, using a proxy with a VPN will significantly decrease your connection speed.
On the “Connection” tab you can make some of the most important choices. First of all, you can choose which security protocol to use – OpenVPN, L2TP, or IKEv2. If you leave it on “Auto”, the app will try to connect using IKEv2 and switch to OpenVPN if that doesn’t work. This is a good set up – both protocols are very secure and will do the job just fine. There are a few points to be made here though:
- We’ll assume L2TP means L2TP/IPsec. If not, this would be an uncharacteristic oversight, because L2TP, by itself, is not secure at all.
- There’s no PPTP – good. More VPNs should follow CyberGhost on this and protect their users from this insecure protocol.
- There’s no SSTP – bad. SSTP is secure and can be useful in some situations. Definitely not a deal-breaker though.
If you’re using OpenVPN, you can choose whether to prefer TCP over UDP, and whether to use a random port to connect. UDP is faster but less stable, TCP is slower but more stable. It’s good to have this choice because some will have stable connections, others won’t.
Using random ports should stop your internet provider from slowing down or blocking connections. This is a tool for countries where access to VPN is restricted. Looking at you there, China.
You can force CyberGhost to use their DNS servers instead of your ISP’s DNS servers, and there’s an anti-IPv6 leak feature as well. Both of these are great to have.
The “Wi-Fi” tab will let you define the app’s behavior in relation to various networks you connect to.
“App Protection” is somewhat more interesting: you can create a list of apps you never want to run without encryption. Potentially very useful for those who don’t have the VPN on all the time.
That’s pretty much it! Notice anything missing? Where’s the kill switch? We looked for it long when writing this CyberGhost review. As it turns out, it’s on by default and cannot be deactivated. Not sure how we feel about that one, but it’s worth a mention.
Apps and Extensions
CyberGhost is well-covered and has apps for Android, Windows, Mac, and iOS. In addition, it provides full support for Linux, routers, NAS and Chromebooks. The Windows client we’ve touched upon already – not too great, not particularly terrible, somewhere in the upper “meh” range. What about the others?
The Mac app is currently almost identical to the Windows version. As a matter of fact, the CyberGhost Mac version seems to be more technologically secure. The fact that the interface is the same as the Windows one is a little unfortunate. We’re not fans of it, although perhaps that’s just, like, our opinion, man.
There’s one more thing to say about the CyberGhost Mac client. For a while, it remained at CyberGhost 5, while the Windows app was already at CyberGhost 6. This isn’t a big deal – Windows is a much wider market, after all. The only reason we mention it is we feel this says something about the efficiency of their internal processes.
CyberGhost Android (if you want to download the apk, you’ll have to find it outside their site) and CyberGhost iOS look good. The company seems to be very proud of their “mobile first” approach and the GUI seems a better fit for mobile devices. Users are less likely to engage in super sensitive activities on their phone, and as such security/privacy is of less concern. Our experience when testing the clients for this CyberGhost review leave us inclined to recommend the mobile versions to anyone who fits the profile.
CyberGhost for Netflix
With those glaring security issues, Cyberghost Netflix capabilities may just be its saving grace. Netflix US works, and users can take advantage of that VPN “Streaming” profile we’re not so fond of. It will choose a good server for you and make sure the settings are optimal.
More in-depth CyberGhost Netflix tests, however, reveal some holes in the game. For one thing, we were able to access Netflix US using only around 30% of the servers we tried. Others returned the infamous “You seem to be using a proxy” error. Furthermore, the speeds are very average – whilst connected to their US servers, the highest speeds we managed to record were still around half what we were able to reach using ExpressVPN and NordVPN.
For some users that will not be an issue – Netflix recommends 25 Mbps for Ultra HD and 5 Mbps for HD. Our tests for this CyberGhost review show that we would be able to stream in HD, but not Ultra HD.
There are many other popular streaming platforms, such as BBC iPlayer, HBO, Hulu, Amazon Prime, etc. While we haven’t tried all of them, we weren’t able to watch BBC iPlayer with any of the UK servers that we tried. Perhaps this is an unlucky coincidence, but the chances of that seem slim. Before investing, you should use the CyberGhost free trial to test the streaming service you want to watch.
CyberGhost for Torrenting
If it weren’t for P2P, most of us would still live in caves, drawing wildebeest hunts, making crude instruments out of stone. What Napster began, torrents shall continue!
The CyberGhost torrenting capabilities are decent: the tool offers enough security for P2P users, has a good distribution of servers, and doesn’t block or throttle P2P traffic. As we saw from our research for this CyberGhost review, this tool doesn’t allow torrent traffic on all servers. With that said, this is an accepted and reasonable practice for avoiding the attention of copyright enforcers. Perhaps the only real issue is one we’ve been repeating – speed. No one wants to just sit there, staring at disappointing numbers and ogling the ‘Disconnect’ button.
In short, with CyberGhost torrenting works well, but not if your regular connection is slow!
Is it good for users in China!
VPN users in China have two primary concerns – the ability to bypass government censorship and doing so securely.
Disclaimer: we can’t test how well the VPN does in China, so this section of our CyberGhost review is based on experience and various reports. CyberGhost seems to be far from the worst solution. The service has some tools against the expansive blocking capabilities VPNs struggle with in China. They provide the option of using TCP and CyberGhost DNS servers. You can also force the VPN to connect using a random port, and thus make it more difficult for the Great Firewall of China to restrict or block the service. These factors lower the risks involved in buying a long-term subscription.
However, CyberGhost VPN is also one of those providers who have no good answer for Deep Packet Inspection (DPI). China uses DPI to block encrypted OpenVPN traffic, leading some services to offer a modified version of the OpenVPN protocol, which scrambles the traffic and foils attempts to recognize it. Others have simply told their users to try L2TP instead of OpenVPN. This seems like a short-term solution for DPI-aided blocking, but there’s potentially a bigger issue with it – L2TP (L2TP/IPSec) is not a secure protocol.
To make a long story short, use CyberGhost VPN in China only if you’re not doing anything politically sensitive. You should probably use something else to browse all those hilarious Chairman Mao memes. Otherwise, your life may undergo its own little cultural revolution.
Two more things might make Chinese users think twice before subscribing – they don’t have very many servers in the far-east and they don’t have a .onion site. This means CyberGhost VPN connection speeds may be sub-par and it may be difficult to download the VPN (the regular site is blocked in China).
Fortunately, CyberGhost is pretty good in terms of customer support, especially if you compare it to the lower tier of VPN services on the market. Compared against higher-tier VPNs CyberGhost support is almost as good but lacking a bit in the self-help section.
CyberGhost offers Guides, a Troubleshooter, and an FAQ, but their website is neither very informative nor intuitive. You’ll notice that this is a recurring theme – the app also suffers from those same issues. To be fair this may just be a subjective point.
What is not subjective is the 24/7 live chat function – one more thing rooting it as a Top 10 VPN service. We tried asking some questions for this CyberGhost review and found the agents helpful, knowledgeable, and quick to reply. We’ve encountered reports of support reps telling customers to wait for an email, but this is normal with problems that require complex solutions.
We‘re at CyberGhost‘s final bastion of defense. Flags with percentage signs, coupons, and limited offers obscure the view. The loudspeakers keep repeating: “Yeah, we’re not the best, but we’ll be damned if you can afford better!”
There are 4 different pricing plans you can choose from: 1 month ($11.99), 1 year ($4.99 a month), 2 years ($3.79 a month), and 3 years ($2.75). All options offer the same features, including a 30-day money-back guarantee. This is certainly very cheap for a top-tier product offering as much as this one does. In this sense, it has a big edge over the more expensive ExpressVPN and a smaller edge over NordVPN.
There’s also a CyberGhost VPN lifetime subscription deal. Other reviewers have pointed out that this pricing model is often a red flag that the product is a scam. They illustrate this with one common-sense observation – it’s not your lifetime the subscription is for, it’s the company’s. In this case, the lifetime price is not that much bigger than the 3-year plan, so at worst this seems like a strange business decision.
The 30-day money-back guarantee apparently works very well – we had no problems with it during trials for this CyberGhost review – but there’s also a 7-day CyberGhost free trial. It has a lot of the features available to paying customers and will give you a good sense of what you’re getting into. This is a strong advantage over many premium services.
CyberGhost has a list of payment methods that covers all the main bases – credit card, PayPal, BitCoin, as well as some other location-specific options.
Bottom Line of our CyberGhost review
CyberGhost VPN is a good tool, but flawed: it’s had leaks in the past and privacy concerns in the present; it has lots of servers, but mediocre speeds; it will get you into streaming platforms, but with less success than some of the best VPNs on the market. CyberGhost VPN has a good set of features for novices – the usage profiles make everything rather straightforward, eliminating the need to choose the right server or configuration. It’s good for torrents and currently one of the cheaper tools at the top end of the market.
In short, there is a time and place for this tool. Hopefully, our CyberGhost review will answer whether it works for you.