For the past two months, I had the opportunity to use and evaluate one of the best VPN providers out there, Cyberghost VPN. Cyberghost is one of the best VPNs I have used. At the same time, Cyberghost was generous enough to provide me with a 6-month subscription to evaluate the service, so expect more updates to this review in the future.
I wanted to review CyberGhost because based on what I had read from other reviewers and affiliate marketers it was a premium VPN service offered at a very low cost.
After reviewing it, I don't think CyberGhost is a premium VPN service. It may market itself as one, and it may end up being one, but at the moment, it is not. That is a consequence of corners cut by the service to make it more affordable and the lack of transparency in the past. This is exactly what I hate to see from VPN providers.
Past practices will always haunt VPN services in my reviews as they show a culture within an organization that will try to take shortcuts when it sees an opportunity.
Overall though, I believe CyberGhost is a decent choice as a Stream-unblocking VPN provider.
I will start my CyberGhost review by discussing some key features and VPN protocol support. The rest of this review is organized as follows:
CyberGhost offers a plethora of features, some of them unique to only the most premium VPN providers:
|Number of countries (includes virtual servers)||91|
|Number of servers||7147|
|Log Policy||No logs|
|Dedicated IP||Yes (extra)|
|Obfuscated Servers||Yes (extra)|
|Number of devices per license||7|
|Money-back guarantee||45 days|
|Tor/Onion over VPN||Yes (no extra features)|
|Headquarters Location||Romania (UK-based parent company)|
|Average Download Speed Dropoff||27.54%|
|Average Upload Speed Dropoff||12.18%|
VPN Protocol Support
Cyberghost supports all the popular and the most secure VPN protocols while having dropped the unsafe ones. It also supports a unique one and can automatically select the best VPN protocol for your network.
|Windows||Yes||Yes||Yes (Cyberghost version 8 onwards)|
A Note on CyberGhost Using WireGuard
WireGuard is a top-performing next-gen protocol, but it isn't safe to use without additional protection measures because it assigns your static IP addresses instead of a dynamic IP. That means you're assigned the same IP every time you connect and WireGuard needs to store your IP and time stamps so it knows when to connect and disconnect you from the VPN.
However, CyberGhost uses additional measures to protect you from this WireGuard deficiency. The technical details: it combines WireGuard with a RESTful API protected by an RSA certificate, plus a daemon that can dynamically assign IP addresses where WireGuard can't.
CyberGhost uses additional features to guarantee that your IP address and usage data are never logged and that your activity cannot be traced back to you.
Keep in mind that WireGuard is still not 100% polished and while using it there was one instance when the Adobe CC app could not connect to the Internet. Switching to another protocol fixed the issue.
As already mentioned, Cyberghost supports 91, however, keep in mind that 31/91 are supported by virtual server locations. Still, the vast majority of Cyberghost VPN servers are physical ones. Less than 2% of the total servers are virtual.
You can find the full list of CyberGhost server locations on its website.
CyberGhost Location and Privacy
CyberGhost's HQ is located in Romania, a privacy-friendly country. Romania is not part of the 5/9/14 Eyes Alliance, so CyberGhost has no obligation to share your information with any government.
Romania also made a name for itself within the European Union for upholding privacy-friendly values.
In 2006, the Romanian Constitutional Court refused to adopt the EU Data Retention Directive, calling it unconstitutional. In 2011, the Romanian Senate unanimously rejected the new draft law on data retention.
According to Romanian law, Cyberghost is not obligated to keep track of user activity, allowing CyberGhost to enforce a strict no-log policy.
CyberGhost can preserve your private data and information even if it receives a legal request from any government agency. Meanwhile, the no-log policy and in-memory server mean that CyberGhost does not have any data other than your CyberGhost account information. This is great for any user that aims toward privacy.
CyberGhost's Parent Company – Kape – Raises Questions
Kape Technologies, a cybersecurity and digital protection investment company based in London, owns CyberGhost.
Kape Technologies was previously known as Crossrider, offering a developer SDK for browser integration. It seems that the developer SDK allowed (not necessarily intentionally) shady developers to perform adware injection to your browser.
Since then, Kape has moved to VPNs (it owns Private Internet Access, ZenMate, and CyberGhost). This is an interesting point because the same company owns a US-based VPN service, a Germany-based VPN service, and a Romania-based VPN service. I'm not too fond of companies owning multiple VPN services because they run different business models.
In this case, I would say PIA is the premium service, and CyberGhost along with Zenmate are the types of services that offer affordable but lower-quality services.
My point here is that we all end users, and we cannot verify the integrity of VPN providers. That is why I advocate for VPN providers to pass external audits constantly. Granted, external audits are not a panacea but a step towards transparency.
This brings me to the next point.
Security Breaches and Independent Audits
In 2019, Typeform (a company CyberGhost uses to create user experience surveys) leaked 14 CyberGhost accounts' usernames, but no passwords were revealed. There have been no reported breaches since. Still, this is not something you want to see.
CyberGhost hasn't been independently audited recently, but in the past, it has had independent testing carried out on its safety processes. However, past behavior does not guarantee present or future behavior (just like in the case of Kape). I'd like to see CyberGhost take steps to perform external audits, especially of its no-logs policy and server security standards so we have a clearer picture of how it operates.
I don't know how costly external audits are, but personally, it would be one of the first steps I would take to convince potential clients that my VPN can be trusted.
CyberGhost releases quarterly transparency reports which provide information about DMCA complaints, malware activity flags, police requests, key statistics about its infrastructure, and the people behind CyberGhost.
This is very commendable and encouraged of course as all these complaints and requests end at CyberGhost and indicate that the company upholds its part of the privacy deal.
|Year||DMCA Complaints||Malware Activity Flags||Police Requests|
This honesty is great, but read about what CyberGhost may be doing internally with your data.
I tested CyberGhost on Windows, macOS, and Linux using the browser extensions and Android. I had no issues with CyberGhost on any device.
You can add protected apps to your list on your desktop, and CyberGhost will automatically launch and connect when you open them. I tried it with Netflix, and it worked flawlessly.
It automatically connected me to a US server, allowing me to head straight to Netflix US without any other manual configuration. It is quite a useful feature. It also means that if you're using a risky app like a torrenting client you don't need to worry about compromising your security if you accidentally forget to connect.
CyberGhost offers split tunneling, but only on its mobile and desktop apps. Split tunneling lets you decide which apps go through the VPN and which you access with your regular IP. This is useful for online banking and watching domestic streaming sites because you can lose access to them when you connect to a VPN.
Remember, when you use split tunneling, anything you leave outside the VPN is not encrypted. Don't leave out any apps that require privacy (like a BitTorrent client) or need to bypass geoblocks.
The question to answer here is simple:
Is Cyberghost fast
The simple and honest answer is, “Yes, it is fast enough.” I used Ookla's speed test to evaluate my baseline speed without a VPN in Athens, Greece, and the result was the following:
The next table contains key European locations and long-distance ones, like the US, Canada, and Australia. I want to pinpoint another key feature here.
Contrary to other VPNs I have used, Cyberghost changes the smart connect location depending on current conditions. For instance, it switched between Romania Bucharest, and Spain, Barcelona for me.
|Location||Ping [ms]||Download Speed [Mbps]||Download Speed Dropoff||Upload Speed [Mbps]||Upload Speed Dropoff|
|Baseline – Athens, Greece, no VPN||15||65.25||N/A||9.70||N/A|
|Greece – Athens||18||62.80||3.4%||9.28||4.4%|
|Romania – Bucharest||34||24.39||62.62%||8.26||14.84%|
|Span – Barcelona||92||52.49||19.5%||8.66||10.72%|
|France – Strasbourg||60||6.89||89.44%||8.50||12.37%|
|UK – London||302||50.37||22.8%||8.47||12.68%|
|Netherlands – Amsterdam||58||56.89||12.81%||8.23||15.15%|
|Germany – Nuremberg||54||57.82||11.38%||8.70||10.30%|
|USA – New York||129||50.89||22%||8.93||7.93%|
|USA – Los Angeles||239||48.13||26.23%||8.30||14.43%|
|Canada – Toronto||140||52.67||19.27%||7.48||22.88%|
|Australia – Melbourne||302||47.62||27.01%||8.89||8.35%|
Cyberghost Encryption and Leak Protection
Cyberghost is outstanding in terms of encryption standards, privacy, and security.
Cyberghost uses the highest encryption standard to keep your data private and secure. By default, its apps use AES-256-bit encryption in combination with the OpenVPN protocol, a 4096-bit RSA key, and SHA-512 HMAC authentication, which is the level of encryption recommended by governments and security experts to protect classified information. This is not an extra point for any VPN in 2021.
It's exactly what is expected from a VPN service in 2021.
Leak Tests and Leak Protection
A VPN does not necessarily guarantee that there won't be any DNS, IP, WebRTC, or IPv6 leaks. If your IP leaks, your location and privacy have been compromised, while a DNS leak means that your online activity is visible to your ISP and third parties.
A reliable VPN protects you against DNS leaks and guarantees your privacy and anonymity. I tested several countries, including the US, Canada, UK, Romania, Spain, external IP, DNS, WebRTC tools, and ExpessVPN's tools, and I did not observe leaks of any kind.
It is worth noting that checking your VPN for leaks is not a one-time thing, it should be a constant check, but I have not found a better way to do this.
I do not recommend using CyberGhost with Tor. It works just fine, but as I explained, CyberGhost VPN servers do not offer the same level of protection on every occasion. Using Tor over a VPN when it's easy for websites and third parties to discover that I'm using a VPN is a bad idea for me.
Cyberghost has one of the most comprehensive privacy policies from any VPN provider, entirely committed to protecting your data and privacy.
As already mentioned, Cyberghost's headquarters are located outside the 5/9/14 Eyes Alliance jurisdiction, meaning it is not under constant government pressure to access your in-memory data.
However, I found a fascinating side of this on CNET related to Kape being located in the UK and having a subsidiary in the US (and Germany):
I don't know how this is accurate, but I don't expect the author would leave it there if it weren't.
Another concern about CyberGhost tracking user activity is also part of the CNET review. According to a CyberGhost spokesperson in August 2019 CyberGhost
“The only way to do it is if that user is still in the system and if the law enforcement knows the IP and could also provide a warrant to track that IP,” the spokesperson said. “We can activate a special feature like a logging feature for that IP, but we have that ability to prevent malicious actions when using our service. But only if that user is still active and we have proof of what exactly is wrong, what IP he is using, etc. So we've got to bring that to activate that to ensure we don't activate it on a regular user. Otherwise, we can not help any law enforcement company.”CNET
Does CyberGhost Keep Activity Logs
CyberGhost's policy states that it keeps no logs of any activity or connection logs, including all of your online traffic, websites visited, data content, and DNS queries.
CyberGhost Streaming and Geo-unblocking
As a reviewer, Cyberghost's main attraction is affordability and fast enough unblocking for streaming services. CyberGhost does not promise much, but it seems to do exactly that. And to be fair, you won't need much more.
CyberGhost offers dedicated, streaming-optimized, and torrenting-optimized servers for many locations.
CyberGhost promises to unblock a handful of Netflix libraries, and it indeed does. In the CyberGhost app, you can select “For Streaming” and search for “Netflix” to see all the available servers.
I want to mention a caveat here, though. The “streaming-optimized” servers CyberGhost uses are not an upgrade over regular servers you find in providers like ExpressVPN or NordVPN.
The reality is that CyberGhost's regular servers are a downgrade compared to the streaming-optimized ones, and if you try to access a streaming service like Netflix with one, it will most likely detect that you use a VPN.
|Netflix US||Netflix UK||Netflix Germany||Netflix France||Netflix Italy||Netflix Japan|
CyberGhost promises to unblock just three Disney+ locations – The US, Italy, and India – and it indeed does. Of course, the main attraction is Disney+ US here unless you are interested in accessing your own country's library while abroad.
|Disney+ US||Disney+ Italy||Disney+ India|
Amazon Prime Video
|Amazon Prime Video US||Amazon Prime Video UK||Amazon Prime Video France||Amazon Prime Video Italy|
I found CyberGhost to unlock plenty more streaming services, including:
- HBO Now & Max
- CBS & CBS Sports
- BBC iPlayer
Ad Blocking Performance and Trustworthiness
CyberGhost offers a built-in ad blocker, but there is another very shady catch here.
CyberGhost still uses a method of ad-blocking that's considered at best ineffective and at worst insecure. Most VPNs block ads by filtering out requests from websites identified as suspicious. Not CyberGhost. The company instead uses a method that inspects and modifies — rather than filters out — those requests. The method is twice as risky and only half effective since it only works on sites with an HTTP URL, not HTTPS.
CyberGhost has quite a long list of shady practices employed in the past and I sincerely recommend that you read its CNET review.
Does CyberGhost work in China
CyberGhost does not work in China, as it is on the list of VPN services blocked by the Chinese government.
I do not have much to say about support; 24/7 chat support is pretty solid, to be honest. Add to that the fact that most of what you will need is so intuitive and everything is so well-documented; you can guess that the support is excellent.
CyberGhost Website Tracking
I did not find CyberGhost using excessive trackers, a practice it was a culprit of in the past. This time, I did not find much difference between CyberGhost's and ExpressVPN's website trackers.
As an affiliate marketer and blogger, I don't hold VPN services against using trackers, they are businesses after all. But there goes your anonymity.
CyberGhost offers three standard subscription plans. Subscriptions cost $12.99 per month for a one-month plan, $7.99 per month for a six-month plan, and $2.79 per month for a 12-month plan.
To compare, ExpressVPN offers three standard subscription plans. Subscriptions cost $12.95 per month for a one-month plan, $9.99 per month for a six-month plan, and $8.32 per month for a 12-month plan.
That's a huge difference in the long run and you can see why CyberGhost is a ludicrous choice in terms of pricing.
|Metric||One Month||Six Months||Eighteen months|
|Total Amount Billed||$12.99||$47.94||$49.50|
Each subscription comes with a 45-day money-back guarantee to try the service risk-free.
There is nothing I want more as a reviewer than to praise a service or product for its high quality. CyberGhost has so many red flags that I am not willing to put it on the top tier of my VPN service preferences. I will not recommend a product I wouldn't be using myself.