Last update: 05.28.2018
CyberGhost is the brilliant renegade of the Top 3. It shows great potential and offers strong features along with some glaring weaknesses. The sky is the limit If these are fixed!
You were halfway to clicking that torrent magnet link button, but then you glanced through the window, and the realization struck you: it looks an awful lot like that Blade Runner movie. Doubt gnawing at your mortal soul, you felt the finger slip and then there was a nervous tap-tap-tap on the table. “I should probably get a VPN,” you heard your mind say just as the voice next door went: “Do you long for having your heart – interlinked.”
You’re scrolling top 10 VPNs lists now: there’s the one with the mountains, and the other one with the sort of flying “V” – both a bit dull for your stimuli-spoiled taste. You’re hoping something will leap off the screen like a… Ghost?! You’ve played Pac-Man a few times. You remember the good-natured smile of Casper as he tries yet again to be spooky. It’s only natural that your eye latches onto that cute CyberGhost logo at #3.
Has your all-too-human mind betrayed you once again? Is CyberGhost, in fact, absolutely atrocious? That’s what we’re here to find out, and we’ll do it point-by-point. Read on for the full CyberGhost review.
CyberGhost has very solid features, making it comparable to industry leaders NordVPN or ExpressVPN. For example, on the security and privacy front, CyberGhost also offers AES-256-CBC encryption, has a believable no-logging policy, and claims not to be susceptible to DNS or IPv6 leaks. Notice we said “claims” – yeah, that doesn’t bode well. CyberGhost offers an effective kill switch, which until very recently was better than the NordVPN equivalent.
Some of its other security features fall behind NordVPN or ExpressVPN– there’s no SSTP protocol, no multihop (double VPN) function, no TCP 443 port. But CyberGhost also has some advantages in this area, such as their Romania-based Nospy servers, for example.
CyberGhost will let you do most of the things we love Nord and Express for – watch Netflix, use torrents, bypass the Great Firewall of China. It seems you’ll do it all just a little bit worse though. CyberGhost has fewer servers than either Top 2 competitor, and covers less of the globe. In particular, they have a limited presence in Asia and Africa. This means that users in these regions might get worse performance than they expect. Admittedly, for many this will not be a problem, particularly if they’re based somewhere in Europe or the US.
CyberGhost has custom apps for all main platforms – Windows, Mac, Android, iOS. They’re all fairly simple, but not necessarily user-friendly. Unlike ExpressVPN, CyberGhost has no custom router app. Also unlike ExpressVPN, they need every edge they can get. 7 supported devices is a good number – that’s 1 more than NordVPN and more than double what ExpressVPN offers. Let’s be honest though – how many people use VPN on 7 devices at a time? (hint: it’s 7. Get it?)
The advantages of CyberGhost over the top 2 are small, but some of the drawbacks are as massive as that one jungle we heard about in the ‘90s. Also, speaking of tropical rainforests – their website may as well be one. CyberGhost makes it difficult to find in-depth information about their features. Kafka-esque may be overstating it… you get the point. They do have a live chat function, but is it available 24/7? Is it activated when an X number of wolves howls in the moonlight? I guess we’ll find out when they hire a UI/UX professional.
CyberGhost has stuff going for it – a tracking-block feature, malware protection, split tunneling, a positively black client, and a 7-day free trial. But don’t get excited just yet. All that bling and affordability is good only if security is no object. CyberGhost has serious vulnerabilities they need to address.
So, has the Ghost led you astray? Of course it has – it’s a ghost, duh!
Is CyberGhost safe to use?
Speed & Performance
How to install it
How to use CyberGhost
Apps and Extensions
CyberGhost for Netflix
CyberGhost for Torrenting
It Works in China!
Is CyberGhost safe to use?
We’re not here to judge, but security should really be the primary concern for VPN users. After all, what good is Netflix if you can’t get any pizza (‘cause you’re in jail)? If that sounds melodramatic – rejoice, lucky one. Many around the World don’t share that privilege.
You can do a lot better or worse than CyberGhost when it comes to security.
CyberGhost offers the same encryption standard as most top VPNs – the data channel is protected using AES-256-CBC with SHA256 hash authentication; the control channel goes through an AES-256 cipher with an RSA-4096 certificate and SHA384 hash authentication. No, we’re not just trying to sound smart.
The point is, CyberGhost’s encryption is beyond unassailable and no crowbar will help brute force it. The number of 256-bit key combinations is only a few orders of magnitude lower than the total number of fundamental particles in the observable universe. Allegedly.
CyberGhost’s issues lie elsewhere. As we’ve alluded to in the introduction, there are leaking concerns to address. Users should take notice of several types of leaks when discussing VPNs. The most important of these can be divided into two categories: DNS leaks and IP leaks.
To say nothing about their causes, DNS leaks happen when your browser uses your local DNS server to translate domain names into IP addresses. When this occurs, your computer essentially tells your ISP what sites you’re browsing. At that point you might as well throw all that encryption out the window, because all it does is slow your connection down.
IP leaks are even more dangerous in the sense that they give your physical location away. They’re also particularly dangerous because it’s not necessarily easy to track them down.
Recently, comparitech.com published an article detailing results from their extensive leak tests on some of the top names in the VPN market. The results should be very concerning for CyberGhost users: comparitech.com discovered persistent vanilla DNS and WebRTC leaks with the CyberGhost Windows client.
Allow us to translate: a persistent vanilla leak refers to a leak that occurs during regular VPN session. In other words, it’s not like something must go wrong for CyberGhost to leak your DNS or IP address (the latter over WebRTC).
The Mac client happens to be a bit safer, but it too has been shown to leak.
Frankly, it’s quite shocking to find that a consensus top 3 VPN is this vulnerable. Even if this situation doesn’t continue (which we’re sure it won’t), that’s a big blow to CyberGhost’s reputation. After all, online privacy is an industry of trust. Many will think twice next time they hear CyberGhost boast about some super-safe measure they’re implementing.
It’s also a shame because CyberGhost has strong security features beyond encryption. It can block malicious websites, ads, and online tracking, for example. It has a rather legitimate no-logging policy as well, meaning they don’t collect any activity logs and only collect non-personally-identifiable data for statistical/performance purposes. This last point is also granted credence by the fact that they are registered in Romania – a country with no data retention laws and outside the 14 eyes country group.
Speed & Performance
Ah, speed & performance – an area where any VPN can be simultaneously good and bad if review sites are to be trusted. It’s no wonder, really, because it takes a rigorous process to get consistent speed testing results. There are too many variables to account for. As such, it is very important to try for yourself and get an idea of the speed in your location!
We ran some of our own tests and as it turns out, despite its claims to the contrary, CyberGhost has nothing to brag about. The speeds are alright – functional, but far from the best. Perhaps this is to be expected with a mediocre server/location count and quite the number of users. CyberGhost has around 1,300 servers in 60 countries or so. That’s not bad, but
most of their infrastructure is based in Europe and the Americas. It, therefore, stands to reason that speeds would suffer due to overcrowding.
How to get it
You sure you want to do this? Alright…
You can get CyberGhost from their website. Once you’re on it, just click the “Get CyberGhost button”. You’ll be asked to choose one of several (very reasonable) pricing plans, enter an e-mail address, and pay using one of their several payment options. Then you can go ahead and download the app.
How to install it
It couldn’t be any easier. Well, it could, but then you wouldn’t get to choose the installation directory.
Just run the installer, click “Next” when it asks you to, and you’ll be good to go. The only unusual thing CyberGhost will ask you to do is save or print a “PUK code”. You will need it if you lose your login information. The extra layer of account security is nice to see on a VPN – save that PUK and keep it close to your heart!
How to use CyberGhost
You’re an official “Ghostie” now, what are you going to do about it?
CyberGhost’s interface is interesting. Some will love it and others will hate it. I am firmly in the second category.
My main gripe with the CyberGhost app is that it tries to simplify and ends up overcomplicating things. The first screen will give you several choices based on what you want to do: surf anonymously, use torrents, stream, etc. It’s easy to interpret these as separate functions, when in fact all they do is connect you to a VPN server. The only difference between these profiles are the server CyberGhost connects you to, and the configuration it uses. To be perfectly clear, we don’t have a problem with this feature – it will be particularly useful for less tech-savvy users. The issue is those same users are more likely to be fooled into thinking that, for example, surfing anonymously and streaming Netflix are mutually exclusive.
We prefer NordVPN’s approach here: offer the choice of “Specialty servers”. That feels a lot more honest than what CyberGhost is doing.
The front screen also has a “Choose My Server” option. This menu has some tabs to help you make that choice: Fewest Users, Most Users, Fastest Servers, Nospy Server, Torrent, and Extra Features (more about this last tab later). In this menu, you can choose not just the country, but also the specific server. You will see the server’s ping as well, which should help you find the fastest ones. The “Torrent” column shows which servers you can torrent on, and the “Torrent” tab shows you only those servers. Perhaps some will disagree, but I don’t see any real use for the “Fewest users” tab. It seems irrelevant how crowded the server is if the speed is good (or bad). The “Most users” tab is great if you have a low download speed fetish but using a dial-up modem makes you feel self-conscious.
The most interesting tab on the “Choose My Server” menu is the Nospy tab. Mysterious! What’s going on there? Well, in 2014 CyberGhost ran an Indiegogo campaign to fund the creation of their own data center in Romania. The campaign was an overwhelming success, and ever since then, CyberGhost has been offering access to their very own free servers. This was done in response to Snowden’s NSA revelations and the rising concern that intelligence agencies are presenting a greater risk to privacy than ever before. CyberGhost wanted to offer servers that are in their physical presence, ensuring that no one can tamper with the hardware.
The “Extra Features” are not bad. Some of these are similar to NordVPN’s CyberSec tool – CyberGhost offers to block malicious websites, ads, and online tracking. The Automated HTTPS redirect is pretty cool – it makes your browser prefer HTTPS over HTTP whenever possible. Data compression will help you deal with bandwidth limitations by compressing the data being transferred. Finally, Extra Speed will make CyberGhost connect you to “fast” servers. This one’s available only for paying customers and cannot be deactivated if you are one. In other words, it exists purely for show.
Then there’s the “Settings” menu. We’ll skip the boring stuff because there are some cool features to discuss.
The first one is the “Exceptions” tab. Here you can create a list of Hosts or IPs that will be accessed using your regular connection, rather than a VPN connection. This is a powerful take on the split tunneling function and we salute CyberGhost for it. The ability to add exceptions can be useful for various reasons:
- Some online resources may require your real location to function properly. Google Maps may be a good example of this,
- Many workplaces will require you to access LAN resources – this function will let you keep your anonymity online while doing this,
- VPNs can be taxing on your connection speed. You might want to increase performance by keeping those needier resources outside the VPN tunnel.
The “Proxy” tab we can take or leave. It allows you to set up a proxy connection. This is similar to VPN in the sense that it obscures the original source of the data you are transferring. It is dissimilar in that it doesn’t offer nearly the level of anonymity a good VPN does. On the one hand, it’s cool to have this sort of budget-multihop feature, but in all likelihood, most will not find it practical. It’s only good if you have a trustworthy proxy. Perhaps even more importantly though, using a proxy with a VPN will significantly decrease your connection speed.
On the “Connection” tab you can make some of the most important choices. First of all, you can choose which security protocol to use – OpenVPN, L2TP, or IKEv2. If you leave it on “Auto”, CyberGhost will try to connect using IKEv2 and switch to OpenVPN if that doesn’t work. This is a good set up – both protocols are very secure and will do the job just fine. There are a few points to be made here though:
- We’ll assume L2TP means L2TP/IPsec. If not, this would be an uncharacteristic oversight, because L2TP, by itself, is not secure at all.
- There’s no PPTP – good. More VPNs should follow CyberGhost on this and protect their users from this insecure protocol.
- There’s no SSTP – bad. SSTP is secure and can be useful in some situations. Definitely not a deal-breaker though.
If you’re using OpenVPN, you can choose whether to prefer TCP over UDP, and whether to use a random port to connect. UDP is faster but less stable, TCP is slower but more stable. It’s good to have this choice because some will have stable connections, others won’t.
Using random ports will stop your internet provider from slowing down or blocking CyberGhost connections. This is great for countries where access to VPN is restricted. Looking at you there, China.
You can force CyberGhost to use their DNS servers instead of your ISP’s DNS servers. Sounds good, only there are reports to the contrary. The same goes for disabling IPv6 leaks outside VPN. They say the road to hell is paved with good intentions…
The “Wi-Fi” tab will let you define CyberGhost’s behavior in relation to various networks you connect to.
“App Protection” is somewhat more interesting: you can create a list of apps you never want to run without encryption. Potentially very useful for those who don’t have CyberGhost on all the time.
Apps and Extensions
CyberGhost is well-covered and has apps for Android, Windows, Mac and iOS. In addition, it provides full support for Linux, routers, NAS and Chromebooks (here’s a Let Me Google That For You link for those last two). The Windows client we’ve touched upon already – not too great, not particularly terrible, somewhere in the upper “meh” range. What about the others?
The Mac app is currently almost identical to the Windows version. As a matter of fact, it seems to be less susceptible to the most severe DNS/IP leaks. We might even be tempted to recommend the Mac version of CyberGhost – it has some very compelling selling points. The fact that the interface is the same as the Windows one is a little unfortunate. We’re not fans of it, although perhaps that’s just, like, our opinion, man.
There’s one more thing to say about CyberGhost’s Mac client. For a while, CyberGhost remained at version 5, while the Windows app was already at version 6. This isn’t a big deal – Windows is a much wider market, after all. Ultimately though this is sub-par and says something about the efficiency of their internal processes.
CyberGhost for Netflix
With those glaring security issues, Netflix may just be CyberGhost’s saving grace. It works, and users can take advantage of that “Streaming” profile we’re not so fond of. It will choose a good server for you and make sure the settings are optimal.
It’s a little unfortunate that CyberGhost just isn’t the fastest VPN out there, but they do have a good number of servers in the US and Europe. This means you can do worse for Netflix, but you can probably do better as well.
CyberGhost for Torrenting
If it weren’t for P2P, most of us would still live in caves, drawing wildebeest hunts, making crude instruments out of stone. What Napster began, torrents shall continue!
We will follow CyberGhost’s security situation and update the review in accordance, but as it stands you should probably go for something else. Security is of primary importance for torrent users. The list of countries prosecuting people for downloading something through torrents is quickly growing. Currently it includes a number of Western European countries, such as Germany or the UK.
It Works in China!
VPN users in China have two primary concerns – the ability to bypass geo-blocking measures and security.
CyberGhost is very good at bypassing geo-blocking measures and has enough servers to make the experience decent. They provide the option to use TCP and CyberGhost DNS servers. You can also force the VPN to connect using a random port, and thus make it more difficult for Chinese authorities to restrict or block the service. All of this lowers the risks involved in buying a long-term subscription.
Security is an entirely different matter. While CyberGhost’s encryption standard and security features seem very strong on paper, the leaking issue is dangerous. The Windows version of CyberGhost has been shown by comparitech.com to have DNS/IP leaks. Even worse, these leaks occur during regular VPN sessions, leaving you very vulnerable. In short, you should probably use something else to browse all those hilarious Chairman Mao memes. Otherwise your life may undergo its own little cultural revolution.
The Mac version of CyberGhost is safer, but also far from the ideal choice.
One more thing that might make Chinese users think twice before buying CyberGhost is the fact that they don’t have very many servers in the far-east. We are unable to check whether that has a big impact on speed, but it seems likely.
Good support won’t help with your crippling legal issues, but at least you’ll have been comfortable up to that point. Fortunately, CyberGhost is pretty good in that regard, especially if you compare it to the lower tier of VPN services on the market. Compared against higher-tier VPNs CyberGhost’s support is almost as good but lacking a bit in the self-help section.
CyberGhost offers Guides, a Troubleshooter, and an FAQ, but their website is neither very informative, nor intuitive. You’ll notice that this is a recurring theme – the app also suffers from those same issues. To be fair this may just be a subjective point.
What is not subjective is the 24/7 live chat function – one more thing rooting it firmly in the VPN Top 3. The agents were helpful, knowledgeable, and quick to reply. We’ve encountered reports of CyberGhost support reps telling customers to wait for an email, but this doesn’t appear to be a prevalent issue.
We‘re at CyberGhost‘s final bastion of defense. The view is obscured by flags with percentage signs, coupons, limited offers. The loudspeakers keep repeating: “Yeah, we’re not the best, but we’ll be damned if you can afford better!”
There are 4 different pricing plans you can choose from: 1 month ($11.99), 1 year ($4.99 a month), 2 years ($3.79 a month), and 3 years ($2.75). All options offer the same features, including a 30-day money-back guarantee. This is certainly very cheap for a top-tier product offering as much as CyberGhost does. In this sense it has a big edge over the more expensive ExpressVPN, but not over NordVPN. The latter boasts features that are equal to or better than CyberGhost yet costs almost the same.
The 30-day money-back guarantee apparently works very well, but CyberGhost also has a 7-day free trial. It has a lot of the features available to paying customers and will give you a good sense of what you’re getting into. In this area CyberGhost also has a strong advantage over ExpressVPN (and a slightly weaker advantage over NordVPN).
We’re struggling with CyberGhost and we run the risk of sounding like victims of an abusive relationship -“CyberGhost can change – if only we give it a chance…”
In all honesty, we feel this is the right approach. CyberGhost is a good company that offers a good tool with some really strong features. They have the right ethos for online privacy and are always trying to improve their product. CyberGhost’s security fundamentals are some of the best and the VPN’s performance is also decent. We really do believe CyberGhost has your best interest at heart.
With that said, we can’t ignore that currently CyberGhost has some serious vulnerabilities and can expose your DNS/IP to the world. That’s just not good enough!
Hopefully these issues will be solved and we can revise this CyberGhost review.