CyberGhost VPN review: Promising improvements but its parent company concerns me

In CNET’s previous coverage of virtual private networks, we’ve praised CyberGhost for its roster of competitive features. Our in-depth review of CyberGhost last year included speed testing, security verification and an analysis of its full suite of privacy tools. Since then, CyberGhost has increased its number of servers and is prepared to roll out a new suite of privacy tools, all while remaining one of the cheapest VPNs we’ve reviewed — at $2.75 per month for a three-year plan. 

As we’ve bolstered our approach to VPN ($13 at CyberGhost) reviews in recent months, however, CyberGhost has raised some red flags. Its parent company’s history warrants skepticism, our previous tests have shown it to expose your VPN use to your internet service provider, its website and app trackers are a more numerous than warranted and its ad-blocker uses an untrustworthy method of traffic-manipulation no VPN should even think about. Its low price previously made it worth considering if you needed to change the appearance of your location online, but not if you wanted best-in-class security. 

While CyberGhost’s speeds and security appear to be improving, I don’t currently recommend using CyberGhost if you are in a country where VPNs are illegal. I also recommend anyone in the US reviews CyberGhost’s parent company before deciding whether to pay for a subscription.

Read more: How we review VPNs

Speed

• Average speed loss: 49% 
• Number of servers: 7,100 
• Number of server locations: Over 89 countries
• Number of IP addresses: Unknown, static IPs available

I ran speed tests using CyberGhost over three days with dynamic IP addresses, in two locations, using both wireless and ethernet connections — one location offered slower broadband speeds, and the other offered higher speeds via fiber-optic internet. Internet speeds in the US vary by state and provider. And with any speed test, results are going to rely on your local infrastructure. Hyperfast internet service will yield higher test speed results. 

That’s one reason I’m more interested in testing the amount of speed lost (which for most VPNs is typically half or more) across both high-speed and slower connection types, and in using tools such as speedtest.net to even out the playing field. In the case of CyberGhost, nearly 49% of average internet speed was lost. 

While CyberGhost outperformed competitor Norton Secure VPN’s speed loss of 57%, it struggled to catch up to NordVPN’s 32% speed loss. Catching up to other speed-intensive VPNs such as Surfshark and ExpressVPN (which experienced losses of just 27% and less than 2%, respectively) could be an even bigger problem for CyberGhost. But performance improvements following the addition of more than 2,000 servers to its fleet over the past year suggest CyberGhost may be in the midst of a continued upswing in speed. 

CyberGhost ran fastest on Australian servers, with an average of 144 megabits per second. But it reached peak speed on Paris servers, at 327 Mbps during a testing round with a 182 Mbps average. Non-VPN speeds in the same round averaged about 217 Mbps. French servers ranked fastest among those tested in Europe, but German servers underperformed compared to competitor VPNs. UK speeds came in second place for overall highest average at 142 Mbps. 

US servers in New York struggled to catch up at 55 Mbps, topping out at 165 Mbps and falling behind CyberGhost’s Singapore servers, which averaged 65 Mbps. Inconsistency marked Singapore’s scores which also included the lowest recorded speed, a crawling 3 Mbps. 

Interestingly, CyberGhost’s Windows client routinely failed to achieve the same speeds as its MacOS client. To rule out machine-based issues, the speeds were tested on multiple Windows machines with processing power comparable to the MacOS testing machine, and tests were performed within 10 minutes of each other to eliminate time-sensitive traffic spike variables. 

While our Windows testing machines routinely achieve connection speeds at a marginally slower rate than our MacOS machines, the speed gap was far larger while testing CyberGhost than that seen during other VPN tests. CyberGhost’s server labelled New York-S403-i48, for instance, produced a top speed of 86 Mbps on the Windows machines. Using the MacOS machine during the same round, speeds maxed out at a blazing 344 Mbps. 

Read more: NordVPN review: Still the best value for security and speed

Security and Privacy

• Jurisdiction: Romania, with UK parent company
• Encryption: AES-256
• Leaks: None detected in most recent tests
• Includes kill switch

While no IP address, DNS or other potentially user-identifying data leaks were detected during our testing, CyberGhost didn’t hide the fact that I was using a VPN, so I recommend some caution here. In March 2019, a CNET reviewer likewise found that CyberGhost failed one of our data leak tests, which allowed internet traffic to be seen by an internet service provider. 

Its lack of obfuscation technology means the service isn’t safe to use for privacy and anonymity in countries where VPNs are outlawed, which include China, Turkey and the United Arab Emirates. 

CyberGhost’s encryption is standard AES-256, and it supports Perfect Forward Secrecy, which means it frequently changes encryption keys to avoid security compromises. The company offers a useful kill switch feature, which prevents network data from leaking outside of their secure VPN tunnel in the event the VPN connection fails. While CyberGhost doesn’t offer a multi-hop option, it does offer split-tunneling in its Windows client so you can pick which of your computer’s connections you want to encrypt. 

Past security concerns 

A 2016 joint study between Australia’s national science research foundation and UC Berkeley classified the previously available free version of the CyberGhost VPN app as malicious after it appeared to test positive for malware and requested a higher-than-average number of user permissions. CyberGhost no longer offers a free version of its app. 

Asked about the study, CyberGhost CTO Timo Beyel called the study’s finding a “false positive” which he said was triggered by the app’s use of a popular framework. The framework allowed users to access a help request screen by physically shaking their phones.

“But this framework also allows you to add an attachment to record voice messages, like a messenger app, and that added additional permissions which actually are not required,” Beyel said.

Beyel told CNET that the app was subsequently updated, and now restricts the permissions it asks for and the possibility for a user to add a voice message is disabled by default.

Even with the restriction of permission requests, I’m not entirely comfortable with the app’s list of Google trackers.

Ideally, the VPN you choose should also have undergone — and published the results of — an independent third-party audit of its operations, including its use of activity logs. While CyberGhost was given a surface-level comparison to its peers by AV-Test in 2019 (which received average marks), it doesn’t appear to have undergone any independent audits since 2012. CyberGhost previously told CNET that it plans to have its data privacy practices audited by an outside organization “in the future,” but it provided no timeline.

CyberGhost does publish its own yearly transparency report which includes information on any subpoena requests it receives, and also provides quarterly updates on its site.

For maximum privacy, we look for VPN providers with a jurisdiction outside of Five Eyes and other international intelligence-sharing agreements — that is, one headquartered out of the US, UK, Australia, New Zealand and Canada. So it initially seems like a positive sign that, while CyberGhost has offices in Germany, it is headquartered in Romania. German entrepreneur Robert Knapp says he founded the $114,000 startup on the back of low-wage Bucharest labor then flipped it for $10.5 million in 2017. 

CyberGhost’s parent company has faced many privacy issues, which we investigated in another analysis. What you need to know when considering whether or not to purchase this VPN is that, although CyberGhost’s business jurisdiction is in Romania, even a cautious interpretation of its privacy policy suggests that CyberGhost could potentially share your personal data with not only its UK-based parent company, but also its US-based sibling company. 

Data collection

Like almost every VPN, CyberGhost does collect some maintenance-related data, but it claims to not log your server location choices, your total amount of data transferred nor your connection timestamps. As with any VPN, it’s nearly impossible to independently verify the company’s no-logs claim. Even so, CyberGhost does log certain user hardware data in what is likely a bid to enforce the company’s limit of seven simultaneous connections per account. 

According to the spokesperson CNET spoke to in August of 2019, CyberGhost does have the ability to help law enforcement by activating a limited user-tracking feature.  

“The only way to do it is if that user is still in the system and if the law enforcement knows the IP and could provide also a warrant to track that IP,” the spokesperson said. “We can activate a special feature like a logging feature for that IP, but we have that ability to prevent malicious actions when using our service. But only if that user is still active and we have proof of what exactly is wrong, what IP he is using, and so on. So we’ve got to bring that in order to activate that, to be sure we don’t activate it on a regular user. Otherwise, we can not help any law enforcement company.” 

In 2016, however, CyberGhost was called to the carpet by ProPrivacy when the company was discovered to be quietly requesting potentially dangerous, root-level access to customers’ computers — a function the software hasn’t included for about three years now. The service was also caught logging the unique identifiers of each of its user’s computers. Similarly, other reviewers have also expressed wariness after CyberGhost appeared to remove some threads from its forum which may have detailed a critical 2016 malfunction and potentially revealed log-keeping practices within its free proxy service.

Speaking of revelations, in March 2019, CyberGhost took a small hit when the customer-survey company it contracted, Typeform, was breached. The company said 120 email addresses and 14 CyberGhost usernames — but no passwords — were included in the two forms involved in the compromised data. 

The bigger concern for me is that CyberGhost still uses a method of ad-blocking that’s considered at best ineffective and at worst insecure. Most VPNs block ads by filtering out requests from websites identified as suspicious. Not CyberGhost. The company instead uses a method which inspects and modifies — rather than filters out — those requests. The method is twice as risky and only half effective since it only works on sites with an HTTP URL and not those with HTTPS. 

CNET asked Beyel in June this year about this method of ad-blocking and the criticism it’s received. 

“We know this is not very effective. That’s why we’re already working on a better solution which is working on the process,” he said. “We need to completely move this kind of technology on the client side because in the browser you can, of course, do that.” 

In its suite of features, however, CyberGhost does offer an option (enabled by default in its MacOS client) which forces your browser to redirect away from sites not secured by HTTPS. 

Beyel also said that CyberGhost will be releasing a new suite of privacy modules in the coming weeks which go beyond its VPN to include tools for optimizing your computer and preventing vulnerable apps from affecting your privacy.

Cost 

• Usability: Better interface on Android, better usability on MacOS
• Platforms: Windows, Android, Android TV, MacOS, iOS, Linux, Amazon Fire ($40 at eBay) Stick, FireTV
• Price: $2.75 per month, or $99, for a three-year plan
• Number of simultaneous connections: seven

While running CyberGhost, I had no issues accessing Netflix or other video streaming sites, and no issues using torrenting clients. CyberGhosts servers are neatly organized into four categories which aim to improve your experience based on what you’re trying to do: NoSpy servers, servers geared for torrenting, servers best for streaming and servers best for use with a static IP address. CyberGhost imposes no data caps and allows unlimited server switching.

CyberGhost’s mobile app had a few quirks when I set it up on a freshly unboxed iPhone SE. While I eventually got CyberGhost working, a few random network issues seemed to crop up and it didn’t seem to like my Wi-Fi. On a Samsung S10 Plus, though, it was smooth sailing. 

The imbalance in features was similar: There were several options available in the Android app which simply weren’t there in iOS. On both mobile and desktop, city selection is limited to just eight countries, but I like that you can easily see how busy each server is and select one that’s less burdened by traffic. 

CyberGhost’s best price plan is $2.75 per month for a three-year subscription, billed in a lump sum of $99. Its annual subscription is $71.88, or you can go for the more expensive monthly plan at $12.99 a month. That offer stands up easily to NordVPN’s two-year plan at $5 a month ($120 in total), and IPVanish’s one-year plan at $4 a month ($48 a year), but it still falls short of Surfshark’s aggressively discounted two-year $2 monthly subscription. 

Along with credit or debit, you can pay via PayPal, Bitcoin or even cash in certain countries. If you purchase a subscription for more than a year, it comes with a 45-day money-back guarantee. All other subscriptions are limited to a 14-day guarantee but the site offers 24/7 chat support, and a healthy amount of support articles and tutorials in its knowledge base.