VPN Servers Explained: A Guide to Virtual Servers, Fake Locations & Rental Agreements

When you use a virtual private network (VPN) you’ll usually choose between a list of server locations in different countries.

Once you’ve connected to one and requested a website in your browser, the VPN software on your device encrypts your connection and routes it via your chosen server on its way to the internet.

At the most basic level, VPN servers are simply standard computers designed to host and deliver encrypted tunneling services. When you access a website, the server decrypts your traffic and sends it onto its intended destination.

If your VPN is working effectively, the websites and services you access will see the IP address of the VPN server you’re connected to, rather than your personal IP address.

When these websites send information back to you, the data is again routed through the VPN server which encrypts and transmits it back to your device. The VPN software on your device then decrypts it so it can be loaded in your web browser.

This process establishes a secure communication channel between your device and the VPN server, known as a VPN tunnel.

VPN servers can be either physical or virtual, and VPN providers can either rent or own the servers they use.

In the next section, we’ll discuss the issue of server ownership. Alternatively, you can skip straight to our chapters on virtual servers or fake locations.

Generally speaking, VPN providers have the choice between renting or owning the servers in their network. Users should know whether their chosen service rents its servers because this can have important consequences for privacy, security, and performance.

Unfortunately, server ownership can often be a closely-guarded secret. Many VPN services are reluctant to disclose when they are using rented servers.

In this section we’ll introduce the different ownership options available to commercial VPN providers as well as the advantages and disadvantages of each.

We’ll now discuss each of these ownership options in greater detail. Alternatively, you can skip straight to our verdict on how VPN server ownership affects users.

On-Site Ownership

From a privacy and security perspective, the ideal VPN provider owns its entire server network and stores it on-site. This way, the provider knows everything about the hardware they use and also owns the surrounding network infrastructure.

This means that no one could physically access the VPN servers other than the provider’s employees. There is no hidden data center or mysterious third party with physical access to the servers.

More importantly, it also prevents other third parties from logging server activity. VPN logging policies apply only to the VPN company and not to any other parties they might work with. A “zero-logs” policy means very little to users if there is a data center monitoring server activity and collecting logs.

For this reason, first-party on-site ownership is the gold standard for VPN server networks when it comes to privacy. It is the only way to ensure that there is absolutely no third-party involvement beyond the company that users have explicitly chosen to place their trust in.

Unfortunately, in practical terms it is just not viable for a commercial VPN provider to run a server network that is entirely owned on-site.

Though great for security, on-site ownership simply isn’t a practical option for a commercial VPN company operating an international server network. Here’s why:

• Huge up-front costs: The VPN provider would need to fund a network of servers, data center-grade power, bandwidth and cooling facilities, back-up hardware in case of failures, and a team of highly-skilled administrators. These costs can be enormous and would need to be multiplied for every additional location the provider wants to host a server in. It is far cheaper to host in a data center.

• Weakened connection speeds: Data centers tend to be much closer to an internet exchange — in terms of network hops — than on-site servers. This can result in slower speeds and higher latency for users as their connections will have further to travel.

• Small server networks: A key feature of any top-tier VPN is a large network of servers in a wide range of locations. However, on-site ownership restricts a provider’s ability to physically expand their network. To avoid using data centers, the company would have to own land in every location they want to place a physical server.

If a VPN provider wants the security benefit of owning its VPN servers without the practical implications of storing them on-site, its best bet is a co-location agreement with a trustworthy data center.

In the next section, we’ll compare co-locating with renting VPN servers, and assess whether you should avoid using VPN providers that rent their server network.

Co-Location Agreements vs. Rented Servers

In practical terms, most VPN companies have to make the choice between owning their servers through co-location or renting them from a data center.

This section will compare these two options from the perspectives of privacy and performance.

Privacy & Security

Co-located servers are purchased by the VPN company and hosted in a third-party data center. Usually, the server is locked in a cabinet where only members of the VPN provider’s staff are able to physically access it.

In contrast, rented servers are controlled remotely by the VPN company while the data center owns and manages the hardware.

As with on-site ownership, co-location gives VPN providers the benefit of knowing exactly what has gone into their server’s hardware. The ability to physically inspect and audit this hardware is often not possible when servers are rented.

By contrast, rented VPN servers are usually installed, monitored, and maintained by data center employees. In theory, this carries the possibility that a third party — unknown to the VPN user — has the ability to tamper with the server’s hardware.

In practice, however, renting VPN servers is often not the privacy concern it is reported to be.

Most modern servers are equipped with a Remote System Management Card. Combined with real-time system logging, this means that VPN providers are able to remotely monitor almost everything about a server’s operation, including any modifications made to its hardware.

This applies to both rented and co-located servers. If anything suspicious happens, the company is able to investigate it and shut down operations accordingly.

This largely protects rented VPN servers from the dangers posed by physical tampering. Yes, third parties have increased physical access to a rented server than they do a co-located server in a locked rack — meaning the possibility of tampering is higher. But a good VPN provider can put in place a remote monitoring system that alerts it to any changes made to the server’s hardware, rented or otherwise. The risks of physical tampering are therefore mitigated as providers are capable of remotely identifying any unexpected hardware modifications and acting appropriately.

The extent to which these risks are mitigated, however, depends entirely on how diligent the provider is in its remote monitoring. When a NordVPN server was hacked in 2018, it was widely highlighted as evidence of the dangers of renting VPN servers. The attacker exploited an unsecured hardware card, which NordVPN claimed the data center had put there without telling them.

While it is true that physical access to the server may have brought the hardware card to the company’s attention, NordVPN technicians could’ve also seen the card’s presence via their remote access to the server’s installed hardware. Ultimately, the breach wasn’t really to do with the server being rented – with greater due diligence on the part of NordVPN, the vulnerability could’ve been avoided.

While the ability to physically audit server hardware is perhaps a slight advantage for co-located servers, it should not be necessary if the server is being remotely monitored effectively. This makes the issue of renting VPN servers significantly less concerning.

For the most part, a rented VPN server is no more at risk from physical tampering than a co-located server.

A privacy issue that both co-located and rented VPN servers face is the status of the networking environment around them.

Any server in a data center — whether it is owned or rented — is connected to that data center’s network. As we have seen, this gets VPN servers far closer to an internet exchange than they could’ve been otherwise, which helps improve connection speeds.

However, it also means that providers have very little knowledge of the network infrastructure that is upstream of their servers — and they certainly have no control over it.

This can pose a risk for VPN users because the service provider can never be completely sure that their server isn’t being monitored. Attackers and intelligence agencies are able to use the upstream network switch to record (and then mirror) all of the activity going in and out of a targeted server.

This is particularly relevant to data centers in countries with invasive data privacy laws. Local authorities could monitor upstream traffic or even compel the data center to store information locally and share it with them. This effectively amounts to logging on behalf of the data center without the VPN provider’s knowledge.

In the case of VPN traffic, the activity should be encrypted. However, traffic correlation attacks are still a possibility and attackers can still get access to certain metadata, like the user’s originating IP address.

Speed & Performance

In terms of connection speeds, both rented and co-located VPN servers share the benefits of being in a data center. This allows them to be close to (and sometimes even peer directly with) an internet exchange, which greatly improves performance.

VPN providers who rent their server network are afforded a degree of flexibility that is harder to come by with co-location. Rental agreements can be scaled up or scaled down to match user demand, while co-location agreements keep providers tied-down to the hardware they have purchased and installed.

This flexibility can be beneficial in situations where authorities attempt to compel VPN providers to censor user activity or retain logs. It’s easier to cease operations in a country when all you’ve committed to is a monthly rental fee, as opposed to owning a large piece of hardware that’s physically located in that country.

Renting is also better suited to having a large number of servers in a wide range of locations. When providers don’t have to worry about maintaining their servers or keeping them within commuting distance for staff, they have greater freedom to expand their network globally.

Not only does a larger server network provide users with a more diverse array of IP addresses, it should also facilitate faster connection speeds. This is because, in a lot of cases, it will reduce the geographic distance between a given user and the closest VPN server.

Which VPN Providers Rent Their Servers?

The majority of commercial VPN server networks combine both rented and co-located servers. While many refuse to openly disclose this information, here is a list of VPN providers that are honest and transparent about renting at least some of their servers:

• CactusVPN
• F-Secure Freedome
• HideMyAss! (HMA)
• NordVPN
• Private Internet Access (PIA)
• PrivateVPN
• ProtonVPN
• Windscribe
• X-VPN

A number of these providers go to great lengths to emphasize how careful they are when selecting a data center to rent from:

PIA, for example, claims to have a “stringent vetting process” when assessing potential third parties.

This highlights an important point: in general, rented VPN servers aren’t a danger to users as long as the data center is vetted and considered to be trustworthy. It is impossible for the average user to know exactly which third parties are being entrusted with their data, so we have to trust our VPN service to choose its partners carefully.

A good VPN may rent its servers, but it will thoroughly vet the data center it is renting them from. This vetting process will include a full hardware audit and an inspection of the data center’s networking environment in order to understand any potential threats.

Unfortunately, most VPN providers keep the specifics of their vetting processes hidden. This means we can only rely on trust that their procedures are comprehensive and secure.

We urge any VPN service that uses rented servers to be more transparent about the specifics of their vetting process. Only then can we have full confidence that their servers are safe to use.

For users who would rather avoid the uncertainty associated with rented servers, there are a small number of VPN providers that advertise an entirely self-owned network. These include AzireVPN, IPVanish, and VyprVPN.

VPN servers can be either physical or virtual. So far, we’ve mostly focused on physical servers. These are the machines that are often seen on racks in data centers.

Virtual servers are virtualized environments run on physical servers. They can host VPN software and carry out tunneling services in just the same way as a bare-metal VPN server.

In short, a virtual machine behaves like a physical server in almost every aspect apart from the hardware.

Virtual VPN servers have all the same benefits as a bare-metal server, without the physical component.

Importantly, however, an individual physical server can run multiple virtual servers at once. This means you can host multiple VPN servers on one machine.

To run a virtual VPN server, you first need to create a virtualized environment. These environments are known as virtual machines (VM) and a single physical server can host several of them. The process of creating a VM is known as virtualization.

Software is used to separate the physical server from the virtual machines that are running on it. This keeps the VMs distinct from the physical server and also keeps them running independently from one another. Each VM can even run its own OS. So VM1 might run Ubuntu Linux, whilst VM2 runs Windows.

Virtual machines are entirely capable of acting as fully-functioning VPN servers. When they do, we refer to them as virtual servers.

In the next section, we’ll evaluate the differences between physical and virtual VPN servers.

If you’d rather just read our verdict on whether virtual servers are safe for VPN users, you can do so here.

Physical vs. Virtual Servers

Hosting a VPN server on a virtual machine is not inherently dangerous – it is only a security risk in certain contexts.

If a VPN provider owns or rents the underlying physical server, there is very little difference between a VPN server that is virtualized and one that is physical in terms of user privacy and security.

In fact, there are some benefits to using a virtual VPN server:

• Low Cost: Virtualization helps to maximize server utility. Normal physical servers use only a fraction of their available resources – running virtual machines on them helps to solve this inefficiency. Running multiple VMs on a single physical server can save a VPN provider huge sums of money, which can result in cheaper subscription fees for users.

• Environmentally-friendly: Data centers have large carbon footprints, which can be reduced by making physical servers more efficient.

• Easy Migration: It is possible to migrate virtual environments from one machine to another. If the underlying physical hardware starts to fail or needs updating, you can simply migrate the virtual server to another machine, reducing the VPN server’s downtime.

The main danger with virtual VPN servers comes with general-purpose cloud hosting or Virtual Private Servers (VPS). This is when providers rent virtual space on a physical server and host their VPN on there.

In this scenario, the provider does not own the virtual machine or the physical server it is hosted on. A cloud-hosting service owns the physical server and runs multiple virtual machines which are rented out to different clients, each of whom uses their virtual machine for a different purpose. Some might run websites, some might store databases, and others might host VPN servers.

Until recently, this was considered a secure way to host a VPN server. However, a series of CPU side-channel attacks – such as Spectre, Meltdown, and Zombieland – have rendered general-purpose cloud hosting a privacy red-flag for VPN users.

These side-channel attacks target the physical server’s CPU cache from within one of its virtual machines. If the attackers are successful, they are able to view what is happening on the server’s other virtual machines and sometimes even control their activity.

For this reason, it is highly recommended that VPN providers using virtual servers also own or rent the entire underlying physical machine.

If a VPN provider owns or rents the underlying hardware and not just the virtual machine, they are not at risk of CPU side-channel attacks. This is because they have complete control over what is happening on the physical server’s other virtual machines.

Physical servers can also offer better performance than their virtual counterparts. By definition, virtual servers operate with only a portion of the physical server’s total computing power – they therefore have less resources at their disposal than their physical counterparts. In theory, this can lead to reduced performance and slower speeds for VPN users.

In practice, however, the inefficiencies of physical servers are so vast that the majority of users won’t notice any loss in performance when using a virtual server over a physical one.

Which VPN Providers Use Virtual Servers?

While most VPN providers refuse to disclose whether their VPN servers are virtualized or not, there are a few services that are open and honest, including:

• CactusVPN
• F-Secure Freedome
• Hotspot Shield
• PureVPN
• SaferVPN

As discussed above, using virtual servers is not usually a risk as long as the VPN provider owns or rents the underlying physical machine.

Unfortunately, this isn’t always the case. We spoke to the CactusVPN support team who informed us that they “rent Virtual Private SSD Servers”. This is the type of server vulnerable to CPU side-channel attacks, and we would urge CactusVPN and any other provider renting VPS systems to reconsider this practice.

By contrast, some providers openly reject the use of rented virtual servers. Perfect Privacy, for example, state on their website that they “renounce virtual servers”.

We asked Perfect Privacy to elaborate on why they take such a strong stance against virtual servers. They replied with the following email, concluding that “VPS is simply unsuitable for a VPN service, and it’s fraudulent to advertise privacy”:

The support staff clarified that: “A VPN on a dedicated server (rented or owned)… is no problem. Only VM/VPS on foreign hardware [are an issue].”

This sentiment is echoed by AzireVPN whose website emphasizes that they stay away from “rented virtual servers”.

A number of providers have also made it clear to us that they do not host any of their VPN servers on virtual machines. These include:

• CyberGhost
• PrivateVPN
• Private Internet Access (PIA)
• TunnelBear

Virtual servers are often confused with fake VPN server locations. As we’ve seen, a virtual server is simply a server running on a virtualized machine on a physical server.

A fake server location, on the other hand, is when a VPN server’s physical location differs from where its IP address is registered.

ExpressVPN, for example, have VPN servers that give users a Mongolian IP address even though the server they connect to is physically located in Singapore.

VPN companies use fake locations (or ‘virtual server locations’) to expand their server networks, provide faster speeds, and test new locations. In doing so, however, they can affect user privacy and connection speeds.

In this chapter we will consider how fake server locations work and explore the pros and cons of using a VPN server with a fake location. Or skip straight to our verdict on whether fake server locations are a danger to VPN users.

How Do Fake VPN Server Locations Work?

When websites check the physical location of their visitors, they look up the connection’s IP address in a geolocation database. VPN providers spoof these databases in order to set-up VPN servers with fake locations.

To do this, VPN providers purchase blocks of IP addresses from the huge global registries that are responsible for linking individual IP addresses to physical locations.

These registries tend to be region-specific: ARIN serves much of North America; AFRINIC serves Africa; APNIC serves the Asia-Pacific region; LACNIC serves much of Central and South America; and RIPE NCC serves Europe and some parts of Asia.

The same organizations are also in charge of allocating their region’s registered IP addresses. This means that for a fee, anyone can go through a registration process and obtain an IP address for a specific location within that registry’s region.

All a VPN provider needs to do is purchase a block of IP addresses registered to New York, for example, and by making some changes to the BGP routing protocol, they can assign these IP addresses to servers physically located elsewhere.

When websites look up the VPN server’s IP address in a geolocation database, they see that the server is registered in New York and so grant the user access to US-specific content, such as the US Netflix library. Meanwhile, the VPN server is physically located in London, Moscow, or wherever.

As you can see, it is reasonably straightforward and perfectly legal for VPN providers to use fake server locations.

In the next section we explain the difference between fake locations and virtual servers. However, you can skip straight to our verdict on fake server locations, if you’d prefer.

Virtual Servers vs. Fake Server Locations

Virtual servers and fake server locations are often confused and conflated in the VPN industry. This is partly due the fact that fake locations are commonly referred to as ‘virtual server locations’, or sometimes even just ‘virtual servers’.

The two are in fact entirely different concepts and it’s important to differentiate between them. In short, a fake VPN server location has nothing to do with whether the server is virtual or physical. And a virtual server has nothing to do with the location of the IP address you are assigned.

The term ‘virtual server’ names the process of running a VPN server within a virtualized environment. If a virtual machine hosts the server, then we can say it is a virtual VPN server.

A fake location (or ‘virtual location’), on the other hand, describes instances where there is a disconnect between the VPN server’s physical location and its IP address.

Fake locations can be implemented on both physical servers and virtual servers. A server doesn’t need to be virtual to use a fake location, and a fake location is not always hosted on a virtual server.

PureVPN’s statement (above), though confused, provides a clear definition of both concepts. A virtual server “gives users the benefits of a physical server, minus the physically placed part”, while a fake location “mimics being physically hosted at a particular location, without actually being physically present at that location”.

Fake Server Locations: Advantages & Disadvantages

Using fake server locations is often reported as an unquestionably bad thing for VPN providers to do. In reality, the issue is far more complex. There are certainly some advantages to using virtual locations:

• Faster Speeds: When a VPN server is physically located in a country that is closer to the user than the country it is registered in, it will offer faster speeds. For example, an American user looking to connect to an Indian server will get faster speeds when connected to a fake server location that is actually located in Canada than if they were connected to a real server location in India.

• Poor Internet Infrastructure: Some countries do not have the network infrastructure to support a reliable and secure VPN server network. Instead, VPN companies can use fake server locations to provide users with an IP address in those countries without having to risk using unreliable data centers.

• Avoid Authoritarian Governments: A good VPN company might avoid placing physical servers in countries with authoritarian or censorious governments. Instead, they may deploy VPN servers in safer countries and utilize fake locations in order to provide IP addresses in the country they need. This is what ExpressVPN did after its server was seized by Turkish authorities.

• Test New Locations: VyprVPN uses fake locations (what they call “virtual servers”) in order to test out where they should deploy new physical servers. By assessing which locations are popular with its customers, VyprVPN are able to determine where it is worth investing the time and money to place new physical servers.

• Larger Server Networks: Fake locations allow VPN providers to increase the size of their server network. Grand marketing claims such as “1000+ VPN servers in 190+ countries” are increasingly popular in the VPN industry. While large networks can prevent congestion by providing a larger pool of IP addresses, it’s possible that a provider might focus on the number of servers in its network and ignore their quality.

There are also some legitimate concerns when it comes to using fake server locations:

• Dangerous Jurisdictions: One important factor to consider when choosing a VPN server to connect to is how privacy-friendly the authorities in that location are. Every country has different laws and practices when it comes to logging and data sharing, which we refer to as VPN jurisdictions. It becomes much harder to assess the impact of a jurisdiction on your privacy if your provider is using virtual locations.

  If you’re trying to avoid your data travelling through the US, you’d want to avoid a fake server location in Hong Kong that was actually located in America, for example.

• Slower Speeds: Some users might purposefully connect to a VPN server that is close to their real location in order to maximize connection speeds. If the server is actually physically located elsewhere, the user will likely face slower speeds than anticipated.

Which VPN Providers Use Fake Server Locations?

There are honest VPN providers that have taken a transparent approach to servers and fake locations. However, there are still many providers using fake server locations without publicly disclosing it.

We’ve spoken to a number of VPN companies that are keen to emphasize that they do not use fake server locations. This means all of their servers are physically located in the country advertised. These providers include:

• CactusVPN
• IPVanish
• NordVPN
• PrivateVPN

However, fake server locations aren’t an issue as long as the VPN provider is transparent. The following VPN providers are open about their use of virtual locations:

• CyberGhost
• ExpressVPN
• HideMyAss (HMA)
• PureVPN
• Surfshark
• VyprVPN

While we commend all of these providers for their honesty, only ExpressVPN and HMA inform users where their servers are actually located. The other providers acknowledge that their server locations are fake without stating where that server’s true location is.

Users can use that information to avoid fake server locations altogether, but it would be more beneficial if they could see where each server is physically located. That way, users can judge for themselves whether connecting to a particular server would reduce their connection speeds or involve an undesirable jurisdiction.

We urge the other providers on this list to follow ExpressVPN and HMA’s lead by publicly disclosing the true location of their VPN servers.

In this section we’ll teach you how to discover where a VPN server is really located.

Using a few online tools, you can find out whether your provider is being honest about its use of fake server locations.

These tests might seem daunting at first, but we’ll walk you through a simple step-by-step process that you can use to test your VPN server’s physical location. We’ll then present a few case studies so you can see the testing process in action.

1Find the VPN Server’s IP Address

To start, you’ll need to identify the IP address of the VPN server you want to test.

The easiest way to do this is to connect to your server of choice through the VPN application and Google ‘what is my ip’. You’ll see a number of tools that will tell you your public IP address.

Some reliable IP address checking tools include WhatIsMyIPAddress and BrowserLeaks.

2Ping the VPN Server From a Range of Locations

A ping test measures the time it takes for a request to be sent to a server and for a response to be sent back. This helps test the rough distance between two points in a network: the higher the ping, the longer the distance between the two points.

To test where your server is physically located, you need to ping it from a number of locations around the world. By finding the lowest ping rate we can hone in on the server’s real physical location.

There are a number of online tools that allow you to run a ping test on a specific server from multiple locations worldwide. Our favorite is the CA App Synthetic Monitor ping tool, but you can also use MapLatency.com.

To begin, enter the VPN server’s IP address into the search box at the top and click the start button.

The tool will ping the server from each of their monitoring stations and record how long it takes. The CA App Synthetic Monitor tool has over 50 stations located around the world.

In this tool, rtt stands for ‘round trip time’ and refers to the amount of time (ms) it takes for a signal to be sent and an acknowledgement of that signal to be received.

You can analyze the results of this ping test to see which locations have the lowest round trip time and then infer the rough physical location of the server from there. Networking complications can sometimes lead to anomalous results, so the “minimum rtt” figure is usually the most reliable number to use.

If the rough location you can infer from the shortest round trip time differs significantly from the VPN server’s advertised country, it is likely that the server is using a fake location.

3Run Traceroute Tests to Investigate the Findings

Using the traceroute tools offered by Looking Glass or CA App Synthetic Monitor, you can plot a data packet’s journey through the network from a monitoring station to your chosen VPN server.

The number of network hops, the location of the network hops, and the transmission time all help you investigate where your server is really located.

To start, run the traceroute that should be the closest to the VPN server. In other words, select a location that is as close as possible to the server’s advertised country.

Then, test the locations which had the smallest round trip times in the initial ping test.

Roughly speaking, if these locations show faster speeds and fewer network hops than the advertised location, it’s likely that your server’s location is fake.

4Verify Your Results With a Separate Ping Tool

Network variability can sometimes lead to anomalous results, so it’s worth running each of the above tests multiple times in order to ensure your results are reliable. To finish, it is also worth running a second ping test, using a different online tool.

We like to use ping.pe as it has a good range of monitoring locations.

Input your server’s IP address in the box at the top and the tool with start pinging it from a range of locations. The ping times should hopefully match your previous findings, giving an indication of your server’s true location.

With these four easy steps you should be able to get a rough idea of where your VPN server is physically located. If the country you’ve found differs significantly from the location of the server’s advertised IP address, you’ve probably found a fake VPN server location.

It’s worth noting that this is not an exact science. Ping time is an indicator of geographic location, but a number of factors can distort it. The steps described in this guide will give you a rough idea of where a server is (or is not) located, but you should be wary of using these methods to draw definitive conclusions.

In the remainder of this report, we’ll run through a few case studies to demonstrate the investigation process in action.

Case Study #1: ExpressVPN

ExpressVPN offers users a server in Vietnam, but is transparent about the fact that it is a fake location. The server is actually located in Singapore.

We can verify that this is indeed a fake location using the steps described below.

1Server’s IP address: 45.10.234.90

We can see the server’s IP address by connecting to ExpressVPN’s Vietnam server and checking browserleaks.com.

2An initial ping test strongly suggests the server is physically located in Singapore and not Vietnam.

When we pinged the VPN server from a range of global locations, the shortest ping times came from Singapore, India, and China – with Singapore being the fastest by a significant margin.

Shortest Pings:

1. Singapore — Singapore (0.945ms)
2. India — Chennai (33.227ms)
3. China — Hong Kong (37.918ms)
4. India — Bangalore (38.497ms)
5. India — Mumbai (60.718ms)

In contrast, a ping from Ho Chi Minh City – where the IP address is registered – took a minimum of 74.881ms.

The 0.945ms ping time from Singapore is significantly smaller than those from other locations. This alone is enough to infer a better idea of the server’s real location.

However, some small calculations show us that, even moving at the speed of light (300km/ms), data from the Singapore monitoring station can travel a maximum of 283km in 0.945ms. The data has to travel to and from the VPN server in this timeframe (0.945ms).

As the shortest distance between Singapore and Vietnam is 1,488km, this makes it impossible for the VPN server to be located in Vietnam.

We can therefore conclude with confidence that the ExpressVPN Vietnam server is not physically located in Vietnam. It is most likely based in Singapore, just as ExpressVPN states.

3Our findings are supported by a traceroute and a separate ping test.

When we cross-checked our results with a traceroute test and with a separate ping tool, we found very similar stories.

Although the ping.pe tool doesn’t have a monitoring station in Vietnam, the extremely low ping times recorded at the Singapore monitoring station strongly suggest this VPN server is physically located in Singapore.

Case Study #2: CyberGhost

Like ExpressVPN, CyberGhost is transparent about which of its servers use fake locations. Unfortunately, it isn’t also transparent about where these servers are actually located.

CyberGhost state that their Isle of Man servers use virtual locations.

We used the methods described in this section to investigate where these VPN servers are really located.

1Server’s IP address: 45.132.140.22

When you connect to a CyberGhost server location, the application helpfully tells you what your new IP address is. We confirmed this using several IP address checking tools.

2An initial ping test suggests the VPN server is located in Western Mainland Europe.

When we pinged the VPN server from global monitoring stations, the results indicated that it was located in mainland Europe, near the Netherlands or Belgium.

Shortest Pings:

1. Netherlands — Eemshaven (4.901ms)
2. Belgium — St. Ghislain (5.691ms)
3. Germany — Frankfurt (8.017ms)
4. UK — London (8.638ms)
5. Denmark — Copenhagen (13.007ms)

3Traceroute testing suggests the server might be located in Amsterdam, Netherlands.

We ran a traceroute on Looking Glass comparing Dublin (which is closest to the Isle of Man geographically) and Amsterdam.

The results showed an increased transmission time and several additional network hops when connecting to the server from Dublin as opposed to from Amsterdam. Also of interest was that network hop 3 in the Dublin traceroute connected it to the Amsterdam internet exchange.

This all suggests that the VPN server is not located in the Isle of Man, but is probably based somewhere closer to Amsterdam, Netherlands.

4A second ping test supports our findings that the VPN server is most likely located somewhere in the Netherlands.

We then cross-checked our findings with a ping test tool that uses a monitoring station in Amsterdam. The ping time averaged under 2ms.

With a bit of math, we can work out that the furthest possible distance our VPN server can be from Amsterdam is 177km. We get this from the speed of light (300km/ms) multiplied by the shortest ping time (1.18ms) and divided by two (because it’s a round trip).

When we plot this on map, we can see that it is highly probable the CyberGhost Isle of Man server is in fact located in the Netherlands — most likely somewhere near Amsterdam.