Windscribe
Our favourite free VPN, but middling performance and a recent security scare leaves room for improvement
SCORE
PRICE Free; £6.71 per month, £36.54 per year from windscribe.com
Windscribe has long provided one of the best free VPN subscriptions, alongside a very respectable paid subscription. Recently it hasn’t matched the blazing speeds we’ve seen from its endpoints in the past, with disappointing speed test results this month despite repeat testing from our test account, but it’s speedy enough for day-today browsing and streaming.
It gave us well below average speeds of 71Mbits/sec via the UK, 35Mbits/sec via the Netherlands, and 33Mbits/sec via New York. The inherent variability of VPN testing is illustrated by the better performance of its free endpoints, which managed 174Mbits/sec, 96Mbits/sec and 49Mbits/sec respectively.
Testing via our paid-for account, we were able to watch regionexclusive content on BBC iPlayer when connected to a UK endpoint and Disney+ from a US endpoint, but Netflix hasn’t been working reliably with Windscribe for several months.
Windscribe’s standard subscription costs are very reasonable, and special offers on three-year subscriptions are sometimes available, but lifetime subs appear to be a thing of the past. Free users get 10GB of data to use as they please every month, with access to endpoints in 11 countries out of the total of 63 that paying users have access to. These free endpoints frequently work for streaming as well.
That’s a significant advantage over rivals such as ProtonVPN, whose three free endpoints have no data cap, but don’t work for streaming and are often congested, and TunnelBear, which provides just 500MB of data a month.
Windscribe defaults to the IKEv2 protocol on Windows but also supports OpenVPN, WireGuard and SOCKS5. Paying users can use any of the supported protocols on devices that lack native clients.
Other features include R.O.B.E.R.T., a highly granular content filtering and tracker blocking tool, split tunnelling, obfuscated modes to disguise the fact that you’re using a VPN, web proxying browser extensions, and more. Paying users also get to connect an unlimited number of devices simultaneously, allowing you to put your entire family behind a VPN or connect every device you own independently, even if you don’t want to set up your router to use Windscribe at all times.
Windscribe is based in Canada, which has somewhat ambiguous rules that require ISPs to log peer-to-peer traffic for copyright violations, but in practice appear to be less than clear about whether VPNs count as such. The service allows torrenting and provides instructions on how to do so.
Windscribe takes both security and transparency seriously, with an actively updated warrant canary/ transparency report and a convincing policy of keeping no identifying logs. However, the company recently revealed that not all of its locations had been following industry best practice for security.
In July 2021, a pair of Windscribe’s servers were seized from a data centre in Ukraine, which Windscribe says failed to inform them of an investigation a year previously. The company promptly alerted users, saying that no user data was there to extract as no identifying logs are kept, but also admitting that these particular servers were unencrypted, allowing OpenVPN server certificates and private keys that could, in principle, have been used by the authorities to decrypt some user traffic.
Windscribe has been impressively open regarding the seizure, and there’s every indication that its no-logging status is solid. However, privacy-focused users will be troubled by the firm’s use of unencrypted servers that allowed the certificates to be lost and its poor communication with the data centre that led to the incident occurring in the first place.
The company rapidly revoked the certificates, switched to a new certificate authority that now “follows industry best practices” and no longer stores private keys on-disk. It has also made commitments to improve security, including the implementation of in-memory (RAMdisk) servers. Unfortunately, Windscribe couldn’t resist the opportunity to take a dig at some rivals in its security update blogs, which reads like a wildly inappropriate effort at deflection.
Windscribe’s honesty about its mistakes is a credit to the company, and server seizures in which no data is lost are one of the few ways of emphatically proving a no-logging policy. We still recommend Windscribe, particularly for free users.
However, users for whom security is a priority may wish to see how Windscribe’s full deployment of new security measures pans out. For everyone else, it’s a very useful free service, but the paid-for version currently fails to match the performance of key rivals.