Port Forwarding, Static IPs and Lies
Technical Announcements Opinions

Port Forwarding, Static IPs and Lies

Yegor Sak
Yegor Sak

Port Forwarding has been one of the most requested features, and we’re happy to say that we finally released it. Let’s discuss this feature in detail, as well as look at the deceptive practices of several VPN providers pertaining to dedicated IPs (which we do not offer).

What is Port Forwarding?

Port forwarding feature allows you to access services on your computer or home network remotely, while connected to Windscribe. This can include things like:

  • Plex server
  • Home security cam
  • NAS
  • Torrent client web GUI
  • Web server

This has multiple advantages:

  1. Your connection is protected — you can remain connected in our clients and gain all the benefits.
  2. Your external IP is not exposed — you no longer need to use your ISP assigned IP to access the resource. These IPs change all the time. A static IP will not.
  3. Free DDoS protection — if you get DDoSed, our servers will shield you from any attack.
  4. Torrent seeding — To get optimal upload speeds, port forwarding is required.

All Pro users have access to Ephemeral port forwarding, meaning you can reserve a single port for 24 hours. If you need it on more permanent basis, or require multiple ports, you need to purchase a Static IP address.

What are Static IPs?

Static IPs are regular IPs, no different than the ones offered on our standard servers. The only difference is that you will be assigned the same external IP every time you connect to the Static IP servers which we currently have in 13 locations. Static IPs can be useful in several situations, here are a couple:

  1. Reduced chance of blacklisting — When an IP is shared by thousands of people, there is a greater likelihood of someone doing something bad from that IP address, and getting it blacklisted by some 3rd party service or website. With a handful of people on each IP (usually less than 10), the likelihood of that happening is significantly smaller.
  2. Access control — You can block access to critical resources for all IPs but your static one. That way you can protect access to a secure resource.

Why not dedicated?

We do not offer dedicated IPs for privacy reasons as it’s not possible to provide a logless VPN service while using dedicated IPs. If we receive a request for subscriber information and a dedicated IP address is used, legally we cannot say we don’t know who the user is, since the IP would belong to a single Windscribe account. Saying otherwise would be illegal in every jurisdiction as you’re effectively lying to law enforcement.

As the IP can only be used by 1 account, this effectively creates a “connection log”, just not in a traditional sense. VPN providers that keep connection logs will store the IP you were assigned when you connect, along with a timestamp of the connection as well as when you disconnect. When a legal subpoena is received, it usually includes an IP address + timestamp of the alleged criminal activity. The VPN provider can then refer to the connection logs and see who was using that IP address at the time.

With a dedicated IP, you don’t have to keep connection logs, since the billing/operational records (which are kept by all providers) tell the story. The provider must have a record in their database that links the dedicated IP to a specific account that purchased it, so when the dedicated IP is not renewed, it can be removed from the user’s account. There are ways to avoid this link, but they are not user friendly.

In order to avoid these potential privacy violations, we allocate a single IP address to a handful of customers, so your activity can still be “lost in the crowd” and you retain the privacy advantages of dynamically allocated IPs.

“But other VPNs offer dedicated IPs with zero logging!”

First, let’s define what “no logging” actually means. The only goal of a no logging policy is to protect the user from a 3rd party that may want to deanonymize them. This is typically done by sending a request through legal channels, usually local or international law enforcement agencies. These requests usually have 3 components:

  1. Crime that was allegedly committed
  2. IP used along with the timestamp of the activity
  3. Request for all data associated with the account that used the IP at the time

Providers that keep connection logs refer to these logs, track down the account, and provide all the details associated with the account which can include:

  • Email address
  • Billing information (Paypal account, credit card #, etc)
  • IP addresses used to connect to the VPN service
  • Any other account metadata

As mentioned before, with a dedicated IP, the provider does not need to keep connection logs, IP timestamps, or anything of that sort, however that’s all a moot point, as the billing/operational record for the purchased IP tells the tale. When a subpoena is received, the provider knows the exact account that uses that IP and would have no choice but to provide this information, unless they want to risk going to jail themselves. We assure you, nobody is going to jail for a $5–10/month subscription.


Now let’s analyze these “no logging” claims made by other providers in the context of dedicated IPs.

We went undercover and posed as potential clients of 3 VPN providers that offer dedicated IPs. We inquired if their dedicated IPs are bound by the same “no logging” polices as the dynamic IPs on regular servers. The question we asked was as follows:

Hi,I’m interested in purchasing a dedicated IP with my subscription. Does the same no logging policy apply to these IPs? If someone requests subscriber information from you, will you be able to identify my account?

The responses were mindbogglingly nonsensical. This demonstrates that either these providers are utterly clueless about such basic concepts, or they’re straight up lying. We’ll leave it up to you to decide.

NordVPN



The support is clearly clueless and lacks common sense. That’s what happens when you outsource your tech support.

TorGuard

“IPs are assigned into the connection engines”….. cooooool. If only that made sense. “Jordan” couldn’t give a clear answer and just parroted the script — “We don’t have any logs!!111!!!!”.

VPN Area

We had a live chat conversation with one of their support agents and they were smart enough to say “I don’t have this information, let me get you someone who does”. Kudos!

Unfortunately the person who allegedly has this information was equally clueless as the ones above. After several back and forth emails, they referred me to the director of the company which gave a response we were hoping for:

What he said is all true, and we’re glad to see a company being transparent (when explicitly asked and after going through 2 support agents). What they should have done is made this information publicly accessible so people are not misguided into thinking that their privacy is unaffected by using a dedicated IP, which is obviously false.


Yegor Sak
Yegor Sak