Cypherpunk: A VPN review

Those of you who know me know that I am a major advocate of VPNs. I think they're great security tools for keeping your public IP address less public. They're similar to a PO box in the sense that you give out that address instead of your actual home address, ideally making it less likely someone unwanted will show up at your front door.

VPNs have many practical security applications. First and foremost they protect your information from prying eyes when you're using public Wi-Fi, but a lot of them also provide added features like DNS adblocking, Malware domain blocking, and IPv6 prevention.

For this review, I'll be comparing the Cypherpunk to an industry standard Private Internet Access (PIA). 
Right off the bat, you can see that Cypherpunk is very stylized. It certainly goes for the look of cyber. It's a simple button press to activate the VPN. Then you get this stylized graphic showing ciphertext moving across the screen.




There are 35 servers in 20 countries, including Russia. I bring this up because in 2016 the Russian government passed a law requiring all ISPs to retain logs for one year. Immediately following this PIA shut down all of their Russian servers. While I don't imagine most of us ever want to connect to a Russian server I would still recommend checking who you connect to if you use the autocorrect option.



Cypherpunk contains a fairly standard gambit of options. Malware block, Adblock, Killswitch, DNS leak, etc. One neat feature of Cypherpunk is the ability to auto connect on untrusted networks. This is a great feature and something I've previously had to set up scripts to do with PIA. Unfortunately, it appears that cypherpunk uses SSID instead of BSSID to determine if it's a trusted network or not. This means that a rogue access point using your network SSID will still authentic as "trusted". It seems this way to me because I run a Mesh network with multiple access points. Each access point has a different BSSID but on Cypherpunk, it only shows the one SSID. 



Cypherpunk has four encryption settings ranging from no encryption to the industry standard AES256/RSA4096. A noticeable difference with cypherpunk punk is in their Max Stealth setting. It uses AES128 with a XOR to obfuscate the connection. This is interesting because theoretically, it should bypass internet censorship that blocks VPNs; however, depending on the complexity of the XOR it could be unxored and therefore inefficient. They'd need to rotate the XOR cipher frequently to prevent ISPs from blocking connections with a specific XOR. While I doubt an ISP would do that because it'd cost too much in resources once the XOR is reversed the stealth goes away.
Unfortunately, Cypherpunk doesn't allow mix and match encryption, which is a shame because I would like to test how Max encryption plus XOR effects network speeds.



I'm going to preface this by stating that I have Gigabit internet through AT&T. I have set both PIA and Cypherpunk to max encryption (AES256/RSA4096/SHA256) and run a speed test on both using the Texas server. I ran the test three times back to back with each VPN and took the highest speed as this would represent the highest theoretical speed. I also averaged the three tests to come up with a consistent. Based on the results of those tests we can infer that Cypherpunk had both the higher theoretical speed and the higher average speed.



Cypherpunk performs admirably on the DNS leak test. There is no leaking.



Cypherpunk also performs admirably here with no leaking of IPv6 addresses.
There is one more point I'd like to draw attention to; logging. Cypherpunk claims they have a rigorously enforced zero logging policy but without having access to their servers its hard to prove that claim. PIA also has a zero logging policy which has been proven when the FBI subpoenaed their server logs in a criminal case. In the FBI's statement "the logs provided no useful information." Only time will tell if Cypherpunk's servers are the same. Cypherpunk does has a WarrantCanery though and is not bound by Gag orders under Icelandic laws.

Cypherpunk is a very stylish VPN that performs admirably. It contains a number of unique features that are good steps forward for VPN privacy. I am currently using a trial version of Cypherpunk but will strongly consider paying for a full version when the prices are announced. From initial testing, it seems to be at or above the level of PIA but as Cypherpunk acquires more users we'll see how it affects their speeds.

Comments

  1. Ameen KhatriMonday, 23 April, 2018

    I would also motivate just about every person to save this web page for any favorite assistance to assist posted the appearance. nordvpn review

    ReplyDelete
  2. LoraMonday, 09 July, 2018

    Hey, and when it comes to VPN, will it still be the same?

    ReplyDelete

Post a Comment

Popular posts from this blog

Fingbox Review: Simply not worth it.

Image
I'd like to open an honest public discourse on the Fingbox. First off I'd like to say that this isn't meant to be an attack on the product or the company. I actually really like the Fingbox but the marketing advertises a Corvette when the product is more of a Honda. I've been doing Network security and Forensics for a little over 7 years so the idea of a device like the Fingbox excited me; however, after having a Fingbox for a little while I'm ultimately disappointed. The bottom line up front: spend your $150 on an Asus RT-86U instead. You'll get 99% of the features and a powerful router with a Network intrusion prevention system built in. Devices Tab I'm going to go in order of the app when discussion its features. So up first is the network scan. I actually really like this scan and subsequent list in the app. It's clean, it's easy to read and search. Clicking on devices allows you to see some basic information about
Read more

Simple Security: Moderate Difficulty Setup

A few days ago I posted Simple Security: The basics  to cover a few easy and cheap ways to ways to help secure your Windows environment. Today I am planning on going a step further and covering some more advanced techniques to help secure your environment. Given that this is a moderate set up I am going to be trying to keep things as cheap as possible.  On my advanced guide I will be talking about expensive high-quality security solutions like Cisco ASA, SonicWall, Pallo Alto, ESXI, Domain Controllers, enterprise level malware protection like SideWinder, VM servers, and Splunk. In today's guide I will be discussing how to set up tools like Host Level Intrusion Detection Systems (HIDS), Network Level IDS (NIDS),  System Information and Event Management servers, and Smart Firewalls.  I'll also talk about ways to automatically aggregate data from opensource intelligence (OSINT) and using that to feed the analysis systems that will be helping to protect your network. First, l
Read more