.svg)
What is Windscribe?
Windscribe is a virtual private network provider (VPN) based in Canada. It was founded in 2015 by owner Yegor Sak. In addition to its VPN service, it blocks ads, malware, explicit content, and other phishing sites.
Windscribe has VPN servers in 63 countries, supports six VPN protocols, and allows you to set up a SOCKS5 proxy (more on that below). It has VPN apps and clients that are available for Windows, macOS, Linux, Android, iOS, and Windows phones. It works with Amazon Fire TV as well as a range of other connected devices.
Windscribe offers a free VPN service, paid accounts, browser extensions, and intelligent server-side blocking software that provides additional control and security.
Features
1. R.O.B.E.R.T.
A distinctive feature of Windscribe VPN, R.O.B.E.R.T. (Remote Omnidirectional Badware Eliminating Robotic Tool), allows users to customize the list of domains and IP addresses they want to block, but that's not all.
This advanced security feature allows you to choose which sites to block, including, but not limited to, entire lists of websites that are known to distribute malware, sites that bombard you with ads and trackers, social networks, gambling, and porn sites. These lists are selected by Windscribe employees to not include false positives.
Note that R.O.B.E.R.T. is limited to free users. It only provides access to the malware list and a maximum of three user-defined rules.
2. Unlimited parallel connections
Another thing that a lot of Windscribe reviewers admit that sets it apart from the VPN crowd — the unlimited simultaneous connections. That doesn't mean everyone in your neighborhood can benefit from your Windscribe VPN subscription. No, sir.
Bandwidth is monitored algorithmically, so if a user shows up on their radar, a real person decides whether you were nice or not. Acceptable to them are members of the subscriber's immediate family who use the software, i.e. spouse, children, and siblings. In-laws? I'm guessing yes, if you get along with them.
3. Protocols and ports
Windscribe VPN uses the following VPN protocols: IKEv2 (default), OpenVPN (both UDP and TCP), Stealth, and Websocket Stealth.
The WireGuard protocol was also available in the free Windscribe PC client that I installed, but it may be just that.
To increase your chances of successfully connecting in the world of port restricted networks, Windscribe supports a multitude of ports, namely: 21, 22, 53, 80, 143, 443, 587, 1194, 3306, 587, 1194, 3306, 587, 1194, 3306, 8080, 8443, 54783, 65142.
4. Configuration generators
Knowledgeable users who do not want Windscribe VPN applications on their devices or whose devices are not supported by Windscribe have the option of generating configuration files and profiles so that they can continue browsing safely and confidentially.
Supported protocols for this are OpenVPN, IKEv2, WireGuard, and SOCKS5. Note that a Pro account subscription is required before embarking on DIY solutions.
5. Servers and server locations
While they can reduce their bragging attitude by saying what they have to offer, Windscribe VPN includes a fairly large number of servers — over 63 countries and 110 cities.
They point out that no virtual server locations are used - all of their servers are where they're supposed to be, unlike CyberGhost, for example.
One thing to keep in mind - free Windscribe VPN subscriptions offer servers in only 10 of the 63 countries. Those that are not available will be marked with a star, and you will not be able to bookmark them.
6. Firewall
The Windscribe VPN firewall - what does it do? Not exactly the same as what a kill switch does in CyberGhost, ExpressVPN and SurfShark, often considered to be the best VPN services.
The firewall leaves no room for data leaks that could occur in the time window between the VPN connection being broken and the system finding that the breach has occurred, as it forces all Internet traffic to pass through the encrypted tunnel. The feature is enabled by default in Windscribe but can be adjusted to suit your specific needs.
7. Port transfer
Port forwarding allows you to remotely access services on your computer or home network through a connection to Windscribe. The benefits are a multi-protected connection, a disguised external IP, and desirable download speeds, even when Torrenting. This feature will cost you either a subscription to a Windscribe VPN premium account or the price of a static IP which is also offered.
For those planning to venture into VPNs jointly, Windscribe offers an option for creating team accounts called ScribeForce. It gives you the ability to manage the accounts of the entire group from a single device. The monthly cost is $3 (£2.53) per member.
8. Autopilot
Windscribe VPN browser extensions offer the useful auto-pilot feature. This determines the optimal server to connect to in order to maximize the speed of your VPN. It also bypasses geo-restricted content by connecting to a server that allows you to stream what you want. The key thing here is that it's automatic - you don't have to do anything.
9. Double Hop
An added benefit of using Windscribe VPN is the Double Hop feature. If you use the desktop app while browsing with the Windscribe VPN extension added to the browser (and enabled, for that matter), you're effectively doubling your encryption efforts.
This may slow down your connection even further. When I tested the comparison, using the desktop app only reduced download speed by 40%, and double-jumping doubled the loss - my download speed was reduced by 80%. The decision about whether the loss of speed is worth the extra security is entirely up to you and the purpose of your VPN.
10. Torrenting
With the firewall still active and the fact that you only activate your torrent client after activating Windscribe VPN, there is no chance for your ISP to see what you are doing. Now you can safely enjoy the joys of P2P file sharing.
Privacy and security
Privacy and security are the strengths of the Windscribe application. The VPN provider has invested a lot in developing its security features.
Legal protection
Canada is part of the “Five Eyes,” a group of English-speaking countries (United States, United Kingdom, Canada, Australia, and New Zealand) that share intelligence information. The Five Eyes secret services circumvent national laws that prevent them from spying on their own population by allowing each other to spy within their borders and then transmit information.
Internet service providers (ISPs) in Canada are supposed to keep all data relating to the activity of their customers for six months, which can be extended to 12 months by court order. These obligations do not extend to VPNs. However, a court order may require a VPN to collect and deliver data as part of an investigation.
Copyright attorneys, including those in the United States, are authorized to sue individuals for illegal downloading and torrenting under copyright infringement laws. The compensation that can be claimed under the Copyright Modernization Act is capped at $5,000 per violation.
The location of Windscribe's head office means that the activities of its users are subject to Canadian laws even if they never go there. However, the circumstances surrounding data retention requirements for VPNs make it unlikely that a Windscribe customer will ever be caught in copyright infringement.
Logging policy
The question of whether a VPN service keeps logs is very important. In the case of Windscribe, the short answer is that it doesn't keep any activity logs. This answer needs to be changed in the long version as the company records some information about its users' VPN connections.
The main requirements for this data retention relate to billing rather than torrenting. Since free VPN users have a data rate limit each month, the system needs to record how much data has passed through each account. This cumulative number is returned every month. The system also records the timestamp of the last active period of an account. Both of these data would be of no use to copyright lawyers or law enforcement agencies.
Windscribe's privacy policy states that live connections are managed in memory on the VPN server. This means that there are never records written to a hard drive on the VPN server.
A VPN replaces its client's IP address with one of its own IP addresses for the duration of a VPN session. The Windscribe website doesn't explain exactly how they implement this. However, the service seems to handle this mapping, with what's called network address translation (NAT) in memory. There is no need to keep this information after the session is over.
Each computer connected to the Internet must have an address that is unique throughout the world. This is called the IP address. So, an IP address is assigned to your computer, and every website you visit has an IP address. When your browser sends a request to a web server to get a page, your ISP records that you have accessed this website and keeps this record for 6 months (in Canada) - in other countries, this period may be longer.
A VPN masks the traffic between your computer and its server. It's called a tunnel, and it encrypts all traffic so your ISP can't see what web server you're actually connecting to. It only sees the VPN server address.
Your traffic goes through the VPN server, and when it does, the VPN service removes your IP address from the source address field and adds its own to it. When the web server receives a request, it sees who it came from, and it's not you. The server returns a response. It is sent to the return address, which belongs to the VPN. The VPN server looks at its NAT table, sees that this address represents you, replaces it with your real address, and then sends it to you through the protected tunnel.
So no one records your activities in both directions.
Copyright lawyers can get their hands on ISP logs, but they won't see that you've downloaded movies without paying because all of your connections are directed to a Winscribe server. Getting a court order to force Windscribe to start tracking your activities would be a bit more difficult than simply entering existing records. Copyright lawyers and law enforcement agencies will need to have proof of your illegal activities before getting this order. They can't use the procedure to look for evidence.
Since registering your activities would require Windscribe to create new programs and work practices, you can bet you'll hear about such events if they ever happen. The fact that Windscribe does not have these facilities in place shows that they were never served.
VPN protocols
Internet and network activities are governed by protocols. These are guidelines and sets of standards that describe how software and equipment provided by different companies can connect to each other. They coordinate procedures. There are a number of VPN protocols available, and Windscribe uses three of them:
- OpenVPN - It is an open source system, and it is the most used VPN protocol on the market. The service is listed as TCP and UDP in VPN applications.
- WireGuard - This is a new VPN protocol that is quickly being adopted by most VPN providers because it does much the same thing as OpenVPN, but with a lot less code, making it faster to use. However, it is less tested by use, and could therefore present a security weakness that no one has yet discovered.
- IKEv2/IPsec - This is a well-established combination of two protocols, which is faster and lighter than OpenVPN and WireGuard. It is generally preferred in mobile devices because it uses less of the device's battery. Windscribe makes it the default protocol in all its applications.
Windscribe offers two other options, which are Stealth and WSTunnel. These are both envelopes around OpenVPN connections. Some authorities, such as the Chinese Internet system, are looking for identifiers of VPN activity. Stealth mode makes the connection look like an HTTPS tunnel. The Chinese authorities would never intervene in this type of traffic because it is the core of e-commerce, which they do not want to disrupt. WSTunnel uses WebSocket for protection instead of HTTPS.
OpenVPN's UDP and TCP options refer to some fundamental network protocols that are as old as the Internet protocol. TCP is the transmission control protocol. It organizes the traffic in a connection to ensure that lost packets are retransmitted and that packets are arranged in the correct order in a buffer if they arrive out of sequence.
For decades, TCP was the only transport layer protocol used on networks and the Internet. However, when video streaming and IP telephony emerged, TCP slowed traffic to the point where it became a problem. The manufacturers of these systems therefore opted for the neglected alternative of TCP, UDP. The User Datagram Protocol (UDP) does not provide any guarantee of transmission. Basically, TCP is said to be “connection-oriented”, and UDP is said to be “connection-oriented”, and UDP is said to be “connection-oriented”.
The Windscribe browser extension does not offer the VPN protocol option. Reading between the lines of the Windscribe website, it seems that the browser version is not a real VPN but rather a “secure proxy.”
Windscribe encryption
Whichever VPN protocol you choose in Windscribe, you get the same encryption systems. The VPN uses 4096-bit RSA for session establishment and AES-256 for main tunnel encryption.
The Advanced Encryption Standard (AES) is symmetric encryption. This means that the same key is used for both encryption and decryption. It is the best encryption system available today. It was commissioned by the U.S. government to be used by its own agencies, including the CIA and the U.S. Army. The strength of an encryption increases with the length of its key. The 256-bit key that Windscribe uses for AES is the longest available and is tamper-proof.
A big problem with symmetric encryption systems is that one side has to generate it and send it to the other side. Until the key has been shared, the connection cannot be encrypted using AES. Windscribe therefore uses a different cipher to protect the transmission of the key.
Windscribe uses a public key encryption system called RSA to establish sessions. With public key systems, the encryption key and the decryption key are different but complementary. You can't guess the decryption key if you know the encryption key, and you can decrypt text with the key that encrypted it. It is therefore prudent to publish the encryption key, which is called the public key. The decryption key is kept private.
Both the client and the server have a pair of keys, which they use to securely identify each other and then to transmit the AES key. As with all encryption, a longer key makes the encryption harder to crack. Windscribe uses a 4096-bit key for its RSA algorithm, which is impossible to crack.
To get an idea of how the combination of 4096-bit RSA and 256-bit AES compares to the main rival VPNs that compete with Windscribe, ExpressVPN and NordVPN use exactly the same combination. IPVanish uses AES-256 but only a 2048-bit key for its RSA implementation.
The browser extension is a bit different from mobile and desktop apps. It uses a different method to protect key exchange, and its tunnel is created with 128-bit AES encryption.
DNS leak protection
The Domain Name System (DNS) is a global cross-reference that maps website addresses to Internet addresses. A web address is called a URL, and its essential part is the domain, that is, the.com part. The web browser must find the server that hosts this site, and the DNS returns the Internet address for a given domain. The Internet address is called an IP address.
You can specify a particular DNS server in your computer's network settings. However, most people don't. By default, your ISP defines which DNS server to use.
A VPN masks destination IP addresses at the front of data segments, called packets, that leave your computer. This prevents the ISP from recording the actual destination of the connection. However, the DNS query can tell the ISP the actual destination of these packets.
When the VPN application installed on your computer establishes a connection with one of the many servers listed in the application interface, encryption keys are agreed upon and all communications between the two computers are then encrypted. This includes DNS queries.
The Windscribe service includes a private DNS server, and all DNS requests from your computer are directed to it instead of going to your ISP's DNS system. The local DNS packet is called a resolver. It does not own the IP addresses of every website in the world. Instead, it will look for addresses in more remote DNS servers. It keeps the most recently requested addresses locally in case they are requested again. This record will eventually age for sites that are rarely visited, but websites that are still in high demand, such as google.com or facebook.com, will still be retained.
The DNS consultation process gives your ISP another opportunity. It can use its DNS resolver to make websites disappear. If an ISP doesn't want their customers to access a particular site, they're simply creating a blank slate or an error for the given domain. So any browser that looks for the address of the blocked site will receive an error in return, such as blocked by child safety checks or an SSL certificate error. As soon as you activate the Windscribe service, all these disappeared sites suddenly become available again.
Windscribe automatically blocks WebRTC and IPv6 traffic.
IP leak protection
An IP leak occurs when the actual destination IP address of a connection is revealed to an ISP. This event is nearly impossible as long as the VPN is activated.
The most common cause of IP leaks is a brief loss of Internet service. The connection management processes in the TCP protocol try to re-establish the connection for a few minutes before stopping. So, if the connection is only lost for a short period of time, the user simply gets the impression that loading a web page is very slow.
An interruption in the connection, however brief it may be, causes the VPN connection to fall. This means that, if the Internet connection resumes often, the VPN protection does not resume. Since nothing seems out of the ordinary, the user continues without checking the VPN, and all traffic is exposed.
Many VPN providers prevent the IP leak scenario from happening by ensuring that no traffic can come out onto the Internet if the VPN is not active. It's called a kill switch, and it's only a partial solution because it only works if the VPN app is open. So, if the user closes the VPN app completely, there will be no kill switch.
Windscribe calls its kill switch the Firewall in the desktop application, the Smokewall in the browser extension, and the Always On VPN in the mobile application. When this service is activated, the VPN application controls the network interface as soon as the application is opened. Traffic can only reach the network card through the VPN connection, so if no VPN connection is active, no traffic goes through. In this case, the user gets the impression that the Internet connection is closed.
The power of the kill switch can be improved by setting the service to open at startup, so you never have an Internet connection on your computer without the VPN active. It is also possible to specify a default VPN server and an automatic connection, so that the VPN application automatically starts and establishes a VPN connection, allowing you to connect to the Internet immediately.
Split tunneling
It is possible to configure the VPN application so that it does not apply to all traffic. This is called “split tunneling,” and Windscribe implements the system in two ways - split-include and split-exclude. With the first, the VPN only protects traffic from applications and IP addresses that you put on the list. In exclusive mode, the VPN protects all traffic except the apps and addresses you've listed.
Another way to implement split tunneling is to use only the browser extension. This will protect all browser traffic while leaving Internet traffic from other software on your device unprotected.
Double hop VPN
A number of VPN services, including NordVPN, have invested in application functionality that provides a dual VPN route. This sends all traffic through a VPN server and onto another VPN server before it reaches its destination. This system has questionable additional security, because if the VPN was safe in the beginning, what's the point in doubling the protection? Safety is safety, and that's enough. The downside of a double-hop VPN is that it really slows traffic down. However, it's one of the favorite features of the VPN industry.
With Windscribe, you use the desktop application and connect to a VPN server. You then open the browser extension and connect to another VPN server. This means that browser traffic goes through two VPN servers and encrypts packets of that traffic, putting them into an external packet, encrypting them, and putting that encrypted packet into another packet.
During this time, all Internet traffic from other applications on your computer will pass through the Windscribe server named in the desktop application but not through the server used in the browser extension. If you have also implemented split tunneling, all applications that you have specified to exclude from protection will travel directly to the host of the service being accessed. So, you can have three levels of protection - double, single, and none - happening simultaneously.
Blocking websites
One of the main reasons people subscribe to VPN services is to unblock geo-restricted websites and streaming services. In this case, a web server first checks the location of the computer requesting the content. This is possible because all IP addresses can be located in a real physical location. When connecting to the Windscribe VPN system, it's important to choose the right VPN server location. That's why VPN servers are listed according to the country and city where they're located. When the VPN server receives a packet from a client through a tunnel, it replaces that client's IP address in the packet source address field with one of its own.
When the streaming service receives an access request, it reads the source IP address, refers it to a location, which is that of the VPN server, and then accesses the request if the VPN server is in the right location.
The content is sent back to the return address, which is the VPN server. The server looks at the address at which it received the packets, searches its reference table for the IP address of the associated client, encrypts and packages the packets, and then sends them back to the client.
Windscribe admits on its support pages that it cannot pass the BBC iPlayer proxy detection system or allow subscribers to access the video library in another country with their Amazon Prime Video account. Customers who want to change countries on Netflix need to subscribe to a special server called Winflix. However, by simply using standard UK VPN servers (London Crumpets), I got these results:
- Netflix: I went in with the desktop app and the browser extension.
- Disney+: Entry with desktop app and browser extension
- BBC iPlayer: I signed in with the desktop app and browser extension.
- ITV Hub: I signed in with the desktop app and the browser extension.
- Channel 4: Unable to connect with any of the VPN protocol options in the desktop application, but it is possible to connect with the browser extension.
By accessing Chicago Cub's Windscribe server in the United States, I got the following results:
- Netflix: I went in with the desktop app.
- Disney+: Entry with desktop app and browser extension
- ABC: I managed to get in with the desktop app and the browser extension.
- NBC: I managed to get in with the desktop app and the browser extension.
Windscribe does a lot better than its support pages think
Customer support
If you're having problems using Windscribe VPN, or if you just want to know more before downloading the service, you can check out the help center on the official Windscribe website.
Here you can consult the installation guides, the knowledge base, and the FAQ section. Also, you can check out the Windscribe subreddit, which is quite active.
You can also try talking to Garry, a friendly robot that can answer most questions about Windscribe VPN (and a few other topics).
If you can't find an answer using the methods mentioned above, try submitting a ticket. A customer service agent should be able to answer your questions within a few hours or a day.
Pricing
Windscribe offers three plans: Free, Pro, and Build a Plan.
Free
You can use the Windscribe system anonymously, and you get a maximum speed of 2 GB per month. The speed, bandwidth, and all the services offered by Windscribe are the same for the free version as for Windscribe Pro. An exception to this statement is that only 10 of the 110 slots are available for Windscribe Pro. You can see the others, but you can't use them.
You can increase your monthly data allowance to 10GB by adding an email address to your account. It should be a real address that you have access to as the service will send you a verification email. You can gain additional data by tweeting about the service or by recommending Windscribe to your friends.
Pro
You get unlimited data rates with Windscribe's paid option. You can pay for Windscribe Pro by the month or by the year. The monthly rate is cheaper with the annual plan than with the monthly subscription. These rates are as follows:
- Monthly plan: $9 per month
- Yearly plan: $69 per year ($5.75 per month)
Windscribe only offers a 3-day money-back guarantee. You can pay with a credit card (Mastercard or Visa), PayPal, cryptocurrency, or online payment processors. Cryptocurrency payments are processed by CoinPayments, and a long list of cryptocurrencies are accepted, including Bitcoin, Ethereum, and Litecoin. The online payment system option is provided by Paymentwall, and this provides access to Alipay, FasterPay, and Mint.
It is possible to add a static IP to your Pro account for a fee.
Custom
The Build A Plan option allows you to add Pro servers to your Windscribe Free account. You're increasing your data rate limit by 10GB for each server group you add - you're adding countries rather than individual locations.
You need to choose a minimum of three groups, and each group costs $1 per month. For an additional $1, you can get unlimited data. That means for $4, you're adding three countries and have no data limits. However, the annual plan only costs $5.50 per month, which is an additional $1.50 per month. So you need to determine which option will give you the best value for money.
FAQs
How much does Windscribe cost?
Windscribe is a fairly cheap VPN service if you consider its annual plan. It will cost you $4.08 per month, with no limit on simultaneous connections.
Can Windscribe be be trusted?
Yes. Windscribe VPN offers military-grade encryption and numerous secure tunneling protocols to protect your data. Also, it does not keep any logs or other personal information.
Does Windscribe VPN work in China?
Windscribe could work in China because it supports two tunneling protocols, WSTunnel and StealthVPN, which are sometimes capable of bypassing the Great Firewall of China. See also our list of the best VPNs for China.
Can I use Windscribe for free?
Yes. Windscribe VPN has a great free version that gives you 2GB of data per month. However, if you sign up with your email address, you get 10GB of data in total.
