AzireVPN, operated by Netbouncer in Sweden, was recommended to me by one of those geeky, super knowledgeable hacker types who detailed some really interesting differences between Azire and other VPN providers. And what are those differences you ask, mouth watering in anticipation?
Well, first let's get something straight regarding VPN providers: there isn't a damn one that can be fully trusted, at least none that i know of. They can tell you whatever they want about their security and privacy and no-log policies (many of them are flat out lying when they state this), but unless there's an information leak, or you discover a security or privacy issue yourself, or you personally know the people running the company, your confidence in their service will always be blind. Tor advocates like to use this ammo to suggest that Tor is far better in this regard because it's open source and uses multiple nodes and multiple layers of encryption, yada yada yada, but i find their claims of security to be less than concrete. For example a bad actor, such as your ISP, can apparently run an entire Tor network on a single machine using something like The Shadow Simulator and god knows what the intelligence community can do. Tor has other problems as well, some of them detailed in my article Tor versus a VPN - Which is right for you?.
Understand that i'm not suggesting that a VPN is necessarily superior to Tor in every case, but i think that what path is best chosen depends on what you're trying to achieve and i think that for the average user who's downloading ... things ... or wants to circumvent YouTube's idiotic geo-restrictions, a VPN may be the better option, though unlike Tor, VPNs are not free and any provider that claims this is a good one to run the hell away from at maximum velocity.
Back to Azire...
AzireVPN claims to do things very differently. Unlike every other (or mostly every other) VPN business where one can sit behind a keyboard and provision as many servers around the world as they please, Azire tells us they physically own, configure, secure, install and maintain each server they operate (if you search the images on their domain you can find some circumstantial evidence to support this). From a security/privacy viewpoint i see this as a huge advantage over other mega-VPNs like NordVPN, ExpressVPN, AirVPN, etc., who are potentially more open to hacking and government snooping.
Azire makes the following claims...
- they own and maintain the hardware
- nothing is stored physically on the servers (no hard drives) - the entire system runs in RAM (more here)
- all USB, VGA and serial ports are sealed to prevent tampering (more here).
- they support WireGuard which is apparently faster, better, easier and less bloated than the OpenVPN protocol
- no logging
- no port restrictions (torrenting, etc., is allowed)
AzireVPN was featured in TorrentFreak's article, Which VPN Providers Really Take Privacy Seriously in 2021?.
Sounds like the berries, right? There is one downside to managing your own hardware though in that they can't provision equipment as quickly as the fast-food VPNs and so Azire doesn't have a heck of a lot of servers, but the ones they do have are located in quite a few countries and they seem to be slowly expanding (see their blog for more). Azire does offer SOCKS5 proxies, however you must be connected to one of their VPN servers to use them and there is no encryption at the proxy level. Still, their SOCKS5 servers make it easy to change your location/IP in order to circumvent geo-restrictions. For those like myself who run their VPN client on their router this is a plus because, while it isn't as straight forward to swap locations, there are plenty off web browser extensions available that provide the ability to quickly switch between SOCKS proxies.
I started with AirVPN several years ago then moved to NordVPN, but being with a huge company like Nord, who seems to be less than transparent, has always bothered me and i'm glad to have found an alternative which i think is better all around. Although it wasn't an issue when i first signed up, Nord's servers have become blacklisted by quite a few sites and it started to get annoying, as did the lack of the connection stability.
Getting AzireVPN set up on my router was a bit of a pain in the ass. At first i was using the DD-WRT firmware and even after contacting Azire support i could not get OpenVPN or WireGuard working. Truth be told, their setup guides are out of date and, although they say they support OpenVPN, i'm not convinced they do, at least for some configurations which they claim to support. Azire seems to be moving away from OpenVPN in favor of WireGuard, but this is all pretty new stuff and so there can be hitches in setting up WireGuard as well. I finally got the tunnel working with WireGuard after switching to the OpenWRT firmware and a lot of fiddling around plus still more help from Azire support. Azire definitely loses points here though their support has been mostly OK (i'll get more into that in a bit). If you decide to use their app however, you can likely avoid the hassle i had and they have a healthy selection of apps for different platforms/devices.
Another big plus with AzireVPN is that you don't have to give them any personal information to open an account and you can pay with cryptocurrency, so acquiring their service can be totally anonymous if you want, especially if you use another VPN or Tor to sign up. There aren't a lot of other VPN providers that go this far to protect your privacy.
As far as the tunnel itself, all ports are open and bandwidth is unlimited. I've only been using their service a short time, but speed seems really good in tests, though this may have a lot to do with the WireGuard protocol since it has less overhead. Also i haven't yet had much trouble accessing sites which had blocked Nord's IPs. The stability of my connection has been very impressive whereas this was not the case at all with Nord.
Now, back to that support thing...
Because i couldn't get DD-WRT working with the OpenVPN protocol, a configuration which Azire claims to support, i was offered some free time without having to ask for it. I appreciated the offer and viewed it as the right thing to do, especially for a smaller company which is apparently interested in growing. Problem is, they didn't follow through and so i inquired again about their offer. Crickets. In the end i inquired four times before i got a response, and their response was to renege on the offer because i didn't help them figure out how to get DD-WRT/OpenVPN working on their tunnels, a condition which was absolutely never stated nor implied. Here's what they said, emphasis added:
We thought that our offer was pretty clear while saying the following statement:
"Whether you manage to find a solution to your issue, we will be glad to give you free time and eventually we will make a quick update to our guide."
In other words, if you were able to find a solution which we could integrate into our guide to update it, we would give you free time. I think our sentence was poorly written, but that is what we meant.
Their offer was unconditional. It did not hinge upon anything. Needless to say, their blatant twisting of their own words pissed me off and so i fired back a rather terse reply calling them out on it. Shortly after receiving my mail they did extend my service time for a month, so in the end they did what was proper and ethical, but what they should have done was not ignore three mails regarding the issue.
All in all i think AzireVPN offers some uniquely attractive and important features and they manage to do it at a very competitive price. If you decide to go with Azire please consider using my referral link which helps me out a bit.
I introduced AzireVPN in a Github repository, Lissy93 / personal-security-checklist, in issue #140, [CONTENT-CHANGE] Privacy-Respecting Software > Virtual Private Networks, and 'Lissy93' brought up several concerns, some of which i shared, and so i emailed Azire. Following is their reply to these concerns which i'm personally fairly pleased with:
Q: Client applications not open source. And their only GH repo is very stale
A: It is true that the source code of our current WireGuard applications is not released yet. It will be when we feel confident that the code is ready and mature enough so that everyone will be able to review, submit issues, and contribute with merge requests.
Our GitHub currently hosts the source code of our old OpenVPN client, which is now deprecated and not maintained anymore.
Q: Android App only available through Google Play, no F-Droid or APK
A: We are planning to, at a minimum, release our Android application on F-Droid, probably at the same time we release the source code.
Q: Unsure why the Android app needs external storage read/write permissions
A: The Android application needs external storage read/write permission to be able to write debug logs, which are available from the hamburger menu. Users can then send us the log for support inquiries.
Q: No kill switch option on client apps, and Linux app disconnected several times
A: It is planned to integrate a kill-switch in our clients on all platforms where it makes sense and can be properly implemented.
The Linux client is deprecated. Linux users can use WireGuard's wg-quick directly, or better, use systemd services, for now. They also can use NetworkManager's OpenVPN GUI applet to ease the establishment of an OpenVPN tunnel.
Q: Their only DNS servers are in Denmark, part of the 9-Eyes
A: Our static public DNS servers are located in Sweden. When connecting to our service, users will be assigned with the endpoint's local DNS servers, which should keep the DNS requests internal to the location's local network. It is therefore possible to avoid country deemed untrusted.
Our static public DNS servers are listed on this page, under the "DNS servers" section:
Q: No security audit. And no evidence to backup any of their claims
A: We are planning to make an audit of our back-end infrastructure when we feel ready to do so. For the moment, the back-end is reworked for the release of port forwarding, which should happen in the incoming months.
Q: My traffic was flowing through shared data centers, they cannot / do not physically maintain these themselves, like they made it sound like
A: We buy all our hardware (servers and switchs), seal it, and then send it to data centers around the world. It would not be feasible to own our data centers, although we have close business links with some of them, so we know they can be trusted.
More information on these pages:
Q: Relatively few locations, and expansion seems to have slowed down
A: See answer number 7. It is less easy to find trusted and quality data centers to send our hardware to, than simply leasing a server which can be terminated at any time.
During 2022, we are striving to expand our locations on the West Coast of the United States.
Q: Surprisingly small throughput compared to other providers, possibly making identifying individuals easier
A: We are not sure if "small throughput" refers to "low traffic" on some locations from our Status page, or if the speed when testing was not great. It usually depends on a lot of factors, but our locations are, for some of them, using Tier 1 providers directly (Cogent, Telia) so the speed should be there. Also, our servers are for the most part using 10 Gbit/s full duplex links.
Q: When trying it out, I found performance was quite poor, and not all their advertised servers were connectable. But this could be due to my location
A: Unless indicated otherwise on our Status page, all our locations are available for use. We have automatic ways to detect down locations on our side, so there should be no issue connecting to them unless an Internet Service Provider banned some of our locations' IP addresses.
We are open to answer other questions or clarify some points if our answers were not complete enough. Alicia can contact us directly to our support email address.