CyberGhost VPN review: Competitive features, but its parent company gives me the creeps

CyberGhost In CNET’s preceding protection of digital private networks, we’ve praised CyberGhost for its roster


In CNET’s preceding protection of digital private networks, we’ve praised CyberGhost for its roster of competitive characteristics. Our in-depth evaluate of CyberGhost very last calendar year included velocity screening, protection verification and an examination of its whole suite of privateness tools. Given that then, CyberGhost has improved its number of servers and is geared up to roll out a new suite of privateness tools, all though remaining just one of the most inexpensive VPNs we’ve reviewed — at $two.75 per month for an 18-month program.


  • Gives break up tunnelling
  • Speedy-growing server community
  • No leaks detected in most up-to-date tests

You should not Like

  • Father or mother enterprise with a shady past
  • Ineffective advertisement blocker
  • No obfuscation

As we’ve bolstered our strategy to VPN ($13 at CyberGhost) evaluations in modern months, however, CyberGhost has raised some crimson flags. Its guardian firm’s background warrants skepticism, our preceding tests have demonstrated it to expose your VPN use to your web support service provider, its web site and application trackers are a more quite a few than warranted and its advertisement-blocker utilizes an untrustworthy system of targeted traffic-manipulation no VPN must even feel about. Its small price earlier manufactured it truly worth contemplating if you wanted to transform the visual appearance of your locale on the web, but not if you preferred ideal-in-class protection. 

Whilst CyberGhost’s speeds and protection seem to be improving, I do not presently advocate working with CyberGhost if you are in a place where VPNs are illegal. I also advocate everyone in the US evaluations CyberGhost’s guardian enterprise before determining whether to pay for a membership.

Browse more: How we evaluate VPNs


  • Ordinary velocity decline: 49% 
  • Quantity of servers: six,200 
  • Quantity of server locations: 90 nations around the world
  • Quantity of IP addresses: Unfamiliar, static IPs obtainable

I ran velocity tests working with CyberGhost over 3 days with dynamic IP addresses, in two locations, working with equally wi-fi and ethernet connections — just one locale provided slower broadband speeds, and the other provided increased speeds by means of fiber-optic web. Online speeds in the US vary by point out and service provider. And with any velocity examination, outcomes are going to count on your nearby infrastructure. Hyperfast web support will generate increased examination velocity outcomes. 

Which is just one explanation I’m more intrigued in screening the sum of velocity shed (which for most VPNs is commonly half or more) across equally significant-velocity and slower relationship varieties, and in working with tools these kinds of as speedtest.internet to even out the taking part in field. In the situation of CyberGhost, practically 49% of normal web velocity was shed. 

Whilst CyberGhost outperformed competitor Norton Secure VPN’s velocity decline of 57%, it struggled to catch up to NordVPN’s 32% velocity decline. Catching up to other velocity-intensive VPNs these kinds of as Surfshark and ExpressVPN (which seasoned losses of just 27% and less than two%, respectively) could be an even greater trouble for CyberGhost. But functionality improvements pursuing the addition of more than two,000 servers to its fleet over the past calendar year advise CyberGhost may be in the midst of a continued upswing in velocity. 

CyberGhost ran swiftest on Australian servers, with an normal of one hundred forty four megabits per next. But it arrived at peak velocity on Paris servers, at 327 Mbps all through a screening round with a 182 Mbps normal. Non-VPN speeds in the exact round averaged about 217 Mbps. French servers rated swiftest among those people examined in Europe, but German servers underperformed in contrast to competitor VPNs. Uk speeds arrived in next area for all round optimum normal at 142 Mbps. 

US servers in New York struggled to catch up at fifty five Mbps, topping out at 165 Mbps and falling at the rear of CyberGhost’s Singapore servers, which averaged 65 Mbps. Inconsistency marked Singapore’s scores which also included the lowest recorded velocity, a crawling three Mbps. 

Curiously, CyberGhost’s Windows customer routinely failed to obtain the exact speeds as its MacOS customer. To rule out machine-based problems, the speeds had been examined on a number of Windows equipment with processing energy equivalent to the MacOS screening machine, and tests had been done within ten minutes of each individual other to get rid of time-sensitive targeted traffic spike variables. 

Whilst our Windows screening equipment routinely obtain relationship speeds at a marginally slower rate than our MacOS equipment, the velocity hole was far greater though screening CyberGhost than that observed all through other VPN tests. CyberGhost’s server labelled New York-S403-i48, for occasion, generated a leading velocity of 86 Mbps on the Windows equipment. Making use of the MacOS machine all through the exact round, speeds maxed out at a blazing 344 Mbps. 

Browse more: NordVPN evaluate: Still the ideal price for protection and velocity

Security and Privateness

  • Jurisdiction: Romania, with Uk guardian enterprise
  • Encryption: AES-256
  • Leaks: None detected in most modern tests
  • Incorporates kill change

Whilst no IP address, DNS or other most likely user-figuring out facts leaks had been detected all through our screening, CyberGhost failed to cover the truth that I was working with a VPN, so I advocate some caution here. In March 2019, a CNET reviewer also observed that CyberGhost failed just one of our facts leak tests, which authorized web targeted traffic to be observed by an web support service provider. 

Its absence of obfuscation technological innovation suggests the support isn’t really risk-free to use for privateness and anonymity in nations around the world where VPNs are outlawed, which incorporate China, Turkey and the United Arab Emirates. 

CyberGhost’s encryption is regular AES-256, and it supports Ideal Ahead Secrecy, which suggests it frequently improvements encryption keys to avoid protection compromises. The enterprise gives a valuable kill change aspect, which helps prevent community facts from leaking outside of their protected VPN tunnel in the event the VPN relationship fails. Whilst CyberGhost would not present a multi-hop choice, it does present break up-tunneling in its Windows customer so you can select which of your computer’s connections you want to encrypt. 

Earlier protection concerns 

A 2016 joint analyze amongst Australia’s national science investigation basis and UC Berkeley categorized the earlier obtainable absolutely free model of the CyberGhost VPN application as destructive following it appeared to examination optimistic for malware and asked for a increased-than-normal number of user permissions. CyberGhost no longer gives a absolutely free model of its application. 

Questioned about the analyze, CyberGhost CTO Timo Beyel named the study’s acquiring a “false optimistic” which he stated was activated by the app’s use of a preferred framework. The framework authorized consumers to accessibility a assist request screen by bodily shaking their telephones.

“But this framework also makes it possible for you to incorporate an attachment to report voice messages, like a messenger application, and that included supplemental permissions which basically are not essential,” Beyel stated.

Beyel instructed CNET that the application was subsequently updated, and now restricts the permissions it asks for and the probability for a user to incorporate a voice information is disabled by default.

Even with the restriction of permission requests, I’m not fully at ease with the app’s record of Google trackers.

Ideally, the VPN you pick out must also have undergone — and revealed the outcomes of — an independent 3rd-celebration audit of its operations, including its use of activity logs. Whilst CyberGhost was specified a floor-stage comparison to its peers by AV-Examination in 2019 (which received normal marks), it would not seem to have undergone any independent audits because 2012. CyberGhost earlier instructed CNET that it options to have its facts privateness practices audited by an outside corporation “in the potential,” but it furnished no timeline.

CyberGhost does publish its have annually transparency report which consists of data on any subpoena requests it receives, and also gives quarterly updates on its web site.

For maximum privateness, we glimpse for VPN vendors with a jurisdiction outside of 5 Eyes and other international intelligence-sharing agreements — that is, just one headquartered out of the US, Uk, Australia, New Zealand and Canada. So it to begin with looks like a optimistic indication that, though CyberGhost has offices in Germany, it is headquartered in Romania. German entrepreneur Robert Knapp suggests he started the $114,000 startup on the back again of small-wage Bucharest labor then flipped it for $ten.five million in 2017. 

CyberGhost’s guardian enterprise has faced quite a few privateness problems, which we investigated in one more examination. What you will need to know when contemplating whether or not to order this VPN is that, even though CyberGhost’s organization jurisdiction is in Romania, even a cautious interpretation of its privateness coverage suggests that CyberGhost could most likely share your personal facts with not only its Uk-based guardian enterprise, but also its US-based sibling enterprise. 

Info selection

Like practically each and every VPN, CyberGhost does gather some routine maintenance-similar facts, but it claims to not log your server locale alternatives, your complete sum of facts transferred nor your relationship timestamps. As with any VPN, it really is practically unattainable to independently confirm the firm’s no-logs assert. Even so, CyberGhost does log particular user hardware facts in what is probably a bid to enforce the firm’s restrict of 7 simultaneous connections per account. 

According to the spokesperson CNET spoke to in August of 2019, CyberGhost does have the skill to assist law enforcement by activating a restricted user-tracking aspect.  

“The only way to do it is if that user is continue to in the process and if the law enforcement is aware of the IP and could offer also a warrant to monitor that IP,” the spokesperson stated. “We can activate a unique aspect like a logging aspect for that IP, but we have that skill to avoid destructive actions when working with our support. But only if that user is continue to energetic and we have evidence of what just is erroneous, what IP he is working with, and so on. So we’ve acquired to carry that in purchase to activate that, to be certain we do not activate it on a normal user. If not, we can not assist any law enforcement enterprise.” 

In 2016, however, CyberGhost was named to the carpet by ProPrivacy when the enterprise was uncovered to be quietly requesting most likely hazardous, root-stage accessibility to customers’ computer systems — a operate the program has not included for about 3 decades now. The support was also caught logging the distinctive identifiers of each individual of its user’s computer systems. In the same way, other reviewers have also expressed wariness following CyberGhost appeared to get rid of some threads from its discussion board which may have in-depth a crucial 2016 malfunction and most likely discovered log-retaining practices within its absolutely free proxy support.

Speaking of revelations, in March 2019, CyberGhost took a tiny hit when the customer-study enterprise it contracted, Typeform, was breached. The enterprise stated a hundred and twenty email addresses and fourteen CyberGhost usernames — but no passwords — had been included in the two sorts involved in the compromised facts. 

The greater concern for me is that CyberGhost continue to utilizes a system of advertisement-blocking which is regarded as at ideal ineffective and at worst insecure. Most VPNs block adverts by filtering out requests from websites identified as suspicious. Not CyberGhost. The enterprise in its place utilizes a system which inspects and modifies — instead than filters out — those people requests. The system is two times as dangerous and only half productive because it only operates on internet sites with an HTTP URL and not those people with HTTPS. 

CNET requested Beyel in June this calendar year about this system of advertisement-blocking and the criticism it really is received. 

“We know this is not quite productive. Which is why we’re now working on a far better remedy which is working on the method,” he stated. “We will need to fully shift this form of technological innovation on the customer facet simply because in the browser you can, of class, do that.” 

In its suite of characteristics, however, CyberGhost does present an choice (enabled by default in its MacOS customer) which forces your browser to redirect absent from internet sites not secured by HTTPS. 

Beyel also stated that CyberGhost will be releasing a new suite of privateness modules in the coming months which go further than its VPN to incorporate tools for optimizing your laptop and stopping susceptible apps from affecting your privateness.


  • Usability: Better interface on Android, far better usability on MacOS
  • Platforms: Windows, Android, Android Tv, MacOS, iOS, Linux, Amazon Fire ($40 at eBay) Stick, FireTV
  • Cost: $two.75 per month, or $49.fifty, for an 18-month program
  • Quantity of simultaneous connections: 7

Whilst running CyberGhost, I had no problems accessing Netflix or other online video streaming internet sites, and no problems working with torrenting clientele. CyberGhosts servers are neatly structured into four groups which intention to enhance your working experience based on what you might be attempting to do: NoSpy servers, servers geared for torrenting, servers ideal for streaming and servers ideal for use with a static IP address. CyberGhost imposes no facts caps and makes it possible for endless server switching.

CyberGhost’s cell application had a couple of quirks when I established it up on a freshly unboxed Iphone SE. Whilst I eventually acquired CyberGhost working, a couple of random community problems appeared to crop up and it failed to seem to like my Wi-Fi. On a Samsung S10 In addition, however, it was smooth sailing. 

The imbalance in characteristics was comparable: There had been many alternatives obtainable in the Android application which simply just were not there in iOS. On equally cell and desktop, town range is restricted to just eight nations around the world, but I like that you can effortlessly see how fast paced each individual server is and decide on just one which is less burdened by targeted traffic. 

CyberGhost’s ideal price program is $two.75 per month for an 18-month membership, billed in a lump sum of $49.fifty. It also gives a six-month membership for $7.99 a month, or you can go for the more highly-priced regular program at $12.99 a month. That present stands up effortlessly to NordVPN’s two-calendar year program at $three.seventy one a month ($89 in complete), and IPVanish’s just one-calendar year program at $six.49 a month ($78 a calendar year), but it continue to falls a bit short of Surfshark’s aggressively discounted two-calendar year $two.49 regular membership. 

Alongside with credit score or debit, you can pay by means of PayPal, Bitcoin or even cash in particular nations around the world. If you order a membership for more than a calendar year, it comes with a 45-working day funds-back again promise. All other subscriptions are restricted to a fourteen-working day promise but the web site gives 24/7 chat guidance, and a balanced sum of guidance content and tutorials in its expertise foundation.