Review Free VPN provider SumRando

Sumrando is a VPN provider based in South Africa, that is just a good start if you care about privacy since USA and UK based VPN providers are open to blackmail from their oversealous governments. Of course any VPN provider in the world can be forced to spy on their customers by serving them with a secret gagging order, but South African secret services do not have a long tracking record of worldwide data mining like the USA and UK governments do.

I have been using Sumrando free 10GB/month account for a couple of months, I have point out that they are a new company still testing their services, hence the free accounts, in the future Sumrandon plans on offering paid for plans already listed on their site but no available for purchase yet, those plans allow for more bandwidth allocation.

Sumrando VPN disconnected
Sumrando VPN disconnected

Sumrando VPN softare is available for Windows and Android, the Windows version I have been using is fairly easy to use, simple, but effective, no fancy maps, only a drop down menu from where to choose your preferred VPN server, the range includes India, Hong Kong, USA, Sweden and Turkey, a single server on each country, they cover all continents except Africa. Sumrando VPN client will activate a coloured green and black window around your desktop when not active and a green one when the VPN is working, if this annoys you, the banner window can be hidden, it is useful in case of disconnection, although I have suffered a couple unexpected VPN disconections and my IP was exposed on the Internet, the banner warns you if you happen to be looking at the screen when the VPN or your router accidentally disconects you but if you are not watching, like for example in file sharing, your computer IP will be left out in the open, this is something that they should improve.

When the VPN server disconnects all Internet connection should stop until the user manually reconects, I have seen other VPN clients binding your computer IP to make accidental exposure impossible, Sumrando could learn from them. On the plus side, Sumrando VPN software makes it easy to connect to the fastest server by selecting “ultrafast navigation“, but this might not correspond to the country you would like to choose.

Sumrando VPN connected to Hong Kong server
Sumrando VPN connected to Hong Kong server

Speeds were uninpressive but since they are still in testing mode I guess you should expect better performance when their real paid for service launches, I would imagine that they are overloaded with free customers, the test I carried out from Europe in their Hong Kong server gave me 0.15Mbps, this is not enough to browse the Internet, and their closest server in Sweden gave me in between 1Mbps and 4Mbps depending on day. The US server speed also varies greatly, it might not be enough to stream online video from Hulu at busy times, you need a minimum of 1Mbps to watch online video comfortably, but at least they are not blocked by the services I tried, ABC.com, CWTV, Hulu and Songza. There were also numerous days when a few of Sumrando servers were down, their website lists server status but without any indication of when they will be back up.

Sumrando privacy policy is another point that needs improvement, it is not very clear about how long for they keep connection logs, it only says that the company will not log what sites you visit but they store the number of logins and last login, that will be disclosured if required by law. There are no rules against file sharing but sinde VPN accounts hand a bandwidth cap heavy file sharers will save money choosing an unlimited bandwidth VPN provider instead, Sumrando also claims that they do not support people infringing copyright, this is fair enough, no VPN company out there will admit to support this, what they need to do is to make clear how they intend to enforce DMCA notices if they get one, there is no information about how Sumrando plans to deal with this.

My feeling is that SumRando VPN is very much work in progress, this comes down to the low speed and the constant server downtime, they are fine for the ocassional web browsing, I would not reccomend them as a free VPN to watch online TV because some days you will not have enough speed to stream online video. I was also dissapointed that they had no UK server, so you can not watch the BBC iPlayer, only US content, bu then server location can quickly change once they launch for real, right now, it is what it is, low speed and a lousy privacy policy that says nothing about how long for they keep logs, fine for low level privacy and light Internet browsing.

Visit Sumrando homepage

Update November 2013: The free plan is now only 1GB a month.

Epic privacy browser review shows data leaks

Epic browser is a Chromium based Internet browser for Windows and Mac advertised as privacy friendly. Everything has been supposedly designed from the ground up to have privacy always on by default. Users can’t tweak the browser to seriously disable privacy, the few settings you can change are allowing third party cookies and enabling ads, this is done per tab on each site and not globally. The browser blocks advertisements and scripts, each tab is a separate process, a clickable umbrella logo on the right hand side lets you modify ad blocking options but when you restart the browser the default no tracking settings should all be in place again, unless you bookmark a page, in which case URL will remain there permanently in the toolbar for anyone to see.

The browser is built using modified open source code released by Google Chrome and it will not be automatically updated with each new Chrome release until the new code has reviews by Epic browser developers to make sure that Google has not introduced any new tracking or privacy invasive techniques. The Epic browser Internet surfing only works in Incognito mode, everything you do in the browser runs in RAM memory, cookies, history, cache and other Internet browsing traces revealing what sites you have visited should vanish beyond recovery once you close the browser window.

Epic privacy browser blocked trackers
Epic privacy browser blocked trackers

Unlike manually removed Internet traces, RAM memory can not be recovered by specialist computer forensics tools like Encase. The only possible way for a skilled attacker to learn what sites you have visited, would be if your computer crashes in the middle of a session, in that case the Windows OS dump file could store RAM memory activities in the hard drive. Another way to breach Incognito browsing is if your computer has very little RAM memory, like tablets normally do. When RAM memory runs out, Windows uses the page file in your hard drive to write data and avoid crashing your browser. Anything written in your hard drive can be recovered, make sure that your computer has enough RAM memory to support Incognito mode browsing.

The downside of an always on Incognito mode is that there are times when you might want to keep cookies to stop having to manually enter usernames and passwords when you visit a forum or log into your email email account. Due to this, the Epic privacy browser is best suited as a second browser only used to visit sensitive sites, or you will spend lots of time having to reenter passwords.

The Epic browser improves Google’s Chrome privacy invasions removing Goole installation ID and getting rid of Google Chrome products shoved down your throat, like the automatic page translation and Google search, which are replaced by Epic browser’s own privacy searcher, called EpicSearch. Searches carried out with EpicSearch are proxied to stop your computer IP from being logged by search engine servers, only the last digits of your IP are passed on to give local search results.

EpicSearch is how the Epic browser intends to make money and fund future development. For security reasons you can’t install any addon in the Epic browser, so the default search engine can not be replaced, this is unfortunate because my experience has been that EpicSearch results were not very good and found myself using DuckDuckGo instead, the overall experience could be improved if they signed up a partnership with a better privacy search engine.

The best Epic browser feature, is perhaps the one click proxy, with a single click on a tiny  plug logo found in URL bar, you can hide your computer IP address and change it with an American one. Epic browser proxy service is provided by Spotflux, I have used it to watch US content restricted to US residents, like Hulu and Slacker Radio. Speed tests carried out from Europe gave me 2Mbps, enough to stream videos.

I found this browser to be theoretically more privacy paranoid than Comodo Dragon Ice, for two reasons, because it only works in Incognito mode and because it blocks all third party addons and another plus is that their website gives information about who is behind the company, naming The Washington Post as one of the Epic browser investors and disclosing that their offices are divided in between the USA and India, this shows transparency and proves that the Epic browser is not a one man show but a serious business with backing that should allow them to be around for a long time.

Epic privacy browser data leak
Epic privacy browser data leak

Now comes the bad part, I noticed that even when I am not running the Epic privacy browser there is a process in my Task manager called EpicUpdate.exe, this takes away memory resources and it really should not be there when the browser is not open. I decided to investigate a little further while the prowser was still closed and looking at the folders located in AppData/Local/EpicPrivacy Browser/User Data/Local Storage I found various files named chrome-extension_(cryptic).localstorage, one of the files was over 100Kb in size so I decided to open it up, it appears that the right way to do this is a SQL viewer but I used Notepad and inside I found a list of the websites that I had visited the day before, so much for privacy!

I have now looked at that folder again with the Epic privacy browser running and I see files being created that contain the name of the URL I visit (in the form of http_www.site.com.localstorage), these files are temporarly written to the hard drive otherwise I would not be able to see them, they are deleted afterwards but it won’t be difficult for a noisy person to uncover them again using any cheap undelete software.

What started as a good review ends up like a total disaster for the Epic privacy browser, stay away from them, if there is something worse than no security that is false security, believing you are safe when you are not. For some reason Incognito mode writes data to the hard drive, it should not happen.

Visit Epic privacy browser homepage

Review Hide My Ass VPN provider

I have been using Hide My Ass VPN for one month now, HMA is one of the biggest VPN providers in the market when it comes to number of servers and countries available, do not allow that impressive number of servers to determine your shopping decision, my experience is that, living in Europe myself, all of the Asian and Latin American servers are unusable even for browsing the Internet, the ping rate is too lengthy and it hampers the speed making you wait a few seconds before you can load  a webpage.

Some of HMA US servers identify themselves as “Anonymous Proxy” to websites and are blocked by online TV services georestricted to the US, you can be sure to find a US VPN to watch Hulu and listen to Pandora but you can’t count on all of the HMA VPN US servers to be able to do that, other servers are also blocked by Google search engine, showing a message saying that your IP could be a bot and it asks you to fill in a captcha before you can search, the only way around these problems are  finding the right server with decent speed that has not been blacklisted anywhere and stick with it.

Out of the  hundreds of VPN servers that HMA has, you will not be able to feasibly use the ones located far away from your home country, because of that, I didn’t find much point in choosing HMA VPN over a smaller VPN providers with less locations.

Hide My Ass VPN software
Hide My Ass VPN software

HMA VPN software client is pleasing to use, it allows you to easily choose your preferred VPN and change it with a single click, if the server is overloaded the software client will warn you and invite you to connect to a different VPN in the same group, advanced configuration lets you to change your computer IP at random set intervals and log IP history, kept inside a window tracking what VPN IPs where assigned to your computer.

The VPN client only allows for OpenVPN and the insecure PPTP protocols, used in mobile devices, I expected HMA VPN software to support a more secure PPTP replacement, called L2TP, you can still use L2TP manually but the option is not included with the software and it takes some time to configure having to read the instructions in the Wiki. I couldn’t see any support for Secure Socket Tunneling Protocol  (SSTP) either, a little surprising for such a big company.

Sending email through SMTP in HMA VPN is blocked you will have to manually unblock it using the Wiki instructions or use webmail, you will also notice that if you enter an incorrect URL you will be redirected to an OpenDNS search page, this is because HMA VPN servers are using OpenDNS to resolve addresses. Another concerning problem was that the VPN would sometimes disconnect me  and expose my real home IP, it is very important that if you care about privacy enable the “Secure IP Bind” in the VPN software and attach it to your browser to stop your IP from being leaked out when the VPN disconnects.

I liked that Mac and Linux are officially supported, there is a download from the control panel to install OpenVPN in your Linux computer, there is no bandwidth limit, prices aren’t cheap if you pay monthly but using the yearly discount makes it a reasonable priced VPN and there is a 30 day money back guarantee, if you are not happy during the first two weeks you should be able to claim a refund.

The deal breaker for me was HMA privacy policy stating that they keep connection logs for up to two years, this is a joke for a privacy service, even my own ISP keeps logs for much less time than that, if you rather stick with a truly no logs kept VPN you will be better off with PIA VPN, if what you want is thousands of IPs then HMA VPN is a good choice, if your main VPN motivation is to be able watch US online TV from abroad you don’t need HMA and could possibly find a smaller provider with cheaper prices, most of the times, small VPN companies can offer you personalised support while big companies outsource it, when trying to keep customer happy, nobody will treat you better than the business owner, consider that too before you sign up for any VPN service.