Bitdefender VPN Review

Bitdefender VPN isn’t a standalone VPN, it’s a part of the broader Bitdefender Security software. You literally cannot use the VPN without also installing the anti-virus software.

Under its current name, the Bitdefender suite of software was developed in Romania in 2001, but its predecessor – a program called Antivirus Expert – was developed under the company name Softwin in 1996.

Softwin itself was started in 1990, amid the Romanian anti-communist revolution.

Founders Florin and Măriuca Talpeș had previously worked for the Romanian government’s computer research unit, but quit to start their own business once the future of the department became less secure.

Today, Bitdefender is a large multinational organization with around 1,600 employees and offices in Europe, America, and Australia.

The company is still based in Romania, which thankfully is not a member of the Five, Nine or 14 Eyes data sharing agreements. Romania is an EU member, though, so cannot be considered a privacy haven.

Bitdefender’s jurisdiction makes the quality of its logging policy all the more important – any EU-member government might be able to get its hands on Bitdefender’s servers.

Ideally, were the company compelled to give up its server logs, they would be completely empty…

…But Bitdefender VPN’s privacy policy falls far short of ideal.

It’s bad.

Bitdefender’s privacy policy covers all home solution products, and includes just two short paragraphs about the VPN service:

Pango (formerly AnchorFree) acts as a data processor for Bitdefender. This means that while Bitdefender collects and has authority over your information, Pango processes some of it on Bitdefender’s behalf – you can see Pango’s privacy policy here.

Pango has been the subject of some controversy in the past (back when it was known as AnchorFree), although it has since made efforts to redeem itself. The complaints regarded the company’s use of data from the free version of the Hotspot Shield app.

While these issues have been resolved, we think it’s important that users know about this before they commit to a VPN product managed in some capacity by Pango.

Because Bitdefender has a very vague privacy policy, Pango’s can give some idea of how your data will be handled.

Fortunately, the company does not logo any user activity:

But this does not make it truly no logs.

Pango keeps much more than we consider necessary to maintain a VPN service. It tracks:

• Your IP address – although encrypted, and only stored for the duration of your connection
• Connection timestamps – which are stored for up to three years
• Bandwidth used in each session – again, stored for up to three years
• Device information – including unique device identifiers, browser type, operating system and wireless network information
• Aggregated website logs – at the domain level (i.e. not full URLs) and not associated with the individual
• Approximate geographic location – derived from IP information (not GPS), and used to find the nearest VPN server

The only thing Pango guarantees is that it does not collect any data which connects you to your VPN browsing activity.

Since Pango is a data processor, not a data controller, it should only be storing information Bitdefender requests. In the absence of a fleshed out logging policy from Bitdefender, though, it is difficult to say for certain what it does or doesn’t log.

Your data should be handled by as few people as possible – having a second company involved is a needless extra step (not to mention confusing).

Bitdefender is one of a few VPNs to run on Hotspot Shield’s proprietary Catapult Hydra VPN protocol.

This is because Bitdefender has outsourced its VPN infrastructure to Pango, the company that owns Hotspot Shield.

Bitdefender isn’t the only tech company to do this. McAfee also operates a white-labled version of Hotspot Shield.

Like most examples of this we’ve seen, Bitdefender VPN is both fast and basic. It achieves some impressive speeds, but doesn’t include any additional features or security measures.

We’ve had a few problems maintaining our connection over longer distances, which can be a big problem without a dedicated kill switch feature.

These are great speeds from Bitdefender. Although we’ve seen other white label Hotspot Shield VPNs perform better.

There was some pretty bad latency across the board. Ping to the UK server was 10ms, which is fast enough for online gaming. The French server had a ping of 19ms, which should be okay for gaming, too.

Every other server had a ping of at least 30ms, though. This is simply too slow for lag-free online gaming.

In Europe we made great connections to the Netherlands and France servers, but a very poor connection to the server in Germany, which had a 90% drop in download speed.

Connections to North America and Asia were both respectable, with the exception of Japan which saw a 70% drop in both download and upload speeds.

These were our speedtest results for Bitdefender VPN around the globe:

• UK: 87.09Mbps (download) & 86.9Mbps (upload)
• USA: 48.65Mbps (download) & 65.02Mbps (upload)
• Germany: 8.67Mbps (download) & 19.31Mbps (upload)
• Singapore: 42.84Mbps (download) & 49.31Mbps (upload)

The Bitdefender server list includes a reasonable 27 countries, but is largely focused on Europe.

There are five server locations in Asia:

• Hong Kong
• India
• Indonesia
• Japan
• Singapore

That’s definitely better than some other VPNs, but nothing special, either.

There are two South American server locations available, one in Argentina and the other in Brazil. This is pretty poor if you plan to connect from the region, but sadly is still a better effort than many other providers offer.

Coverage of mainland North America is good. Mexico, the US, and Canada all have their own servers. The lack of any city level choices could leave you stuck with slow speeds in these large countries, though.

The remaining 15 locations are all in Europe, offering pretty comprehensive coverage if you are connecting from the region. There is a UK server location which allows you to access BBC iPlayer.

There are no Bitdefender VPN servers in Africa, the Caribbean, or the Middle East. If you’re connecting from (or looking to connect in to) any of these areas you can expect fairly poor performance.

Bitdefender hasn’t published the number of servers or IP addresses it maintains. We can assume it operates at least 27, but it would be hard to speculate beyond that.

We’ve contacted Bitdefender to ask how many servers it has, but it hasn’t been able to give us any more information.

Bitdefender is quick to claim that its VPN can “unlock media from all over the world.” That is a lie.

We weren’t able to access Netflix from any server, including the UK and US servers.

On the flip-side, we were able to access BBC iPlayer through the UK server, which is something a lot of VPNs struggle with.

Bitdefender also allows you to access geo-blocked content on YouTube, which is a lot more common but still valuable if it’s blocked within your country, school, or place of work.

Torrenting is allowed on Bitdefender’s VPN network – great news if you want to use it for P2P file sharing.

Even better, Bitdefender’s strong speeds are ideal for getting large files downloaded quickly.

But we don’t recommend torrenting over Bitdefender VPN.

Why is this?

During our testing we discovered that Bitdefender VPN leaks your DNS information. While this information does not identify your activity on its own, it could be used to identify you.

Your ISP won’t know what you’re torrenting, but it will know when and where you are torrenting.

Because your DNS traffic will be unencrypted, you will also be left vulnerable to man-in-the-middle attacks from malicious servers which could deanonymize you, or worse. We believe it simply isn’t worth the risk.

Bitdefender VPN doesn’t operate any kind of obfuscation technology, so there’s no reason to suspect it can break through China’s Great Firewall, or the less comprehensive censorship regimes of countries like the UAE and Turkey.

In fact, Bitdefender states on its website that it restricts use of the VPN in these countries:

• Belarus
• China
• Iran
• Iraq
• Oman
• Russia
• Turkey
• UAE

We don’t recommend using Bitdefender VPN if you intend to travel to any of these countries, because it probably just won’t work.

For a better chance at evading censorship we recommend reading our lists of the best VPN for China, Russia, Turkey or UAE.

In its FAQ, Bitdefender describes its VPN as a service which “secures your online activity”:

But is it really secure?

Not as far as we’re concerned.

When we tested Bitdefender VPN we didn’t find any IPv4 or IPv6 leaks, or any WebRTC leaks. What we did find was DNS leaks on every single server we connected to.

Here is what our leak test looked like:

Our IP showed as in Denmark, but you can clearly see our UK DNS servers.

This means that while your ISP won’t be able to see what you are doing, it will be able to see and record the name of every website you visit while Bitdefender VPN is active, and prevent you from accessing any censored sites.

DNS leaks also increase your risk of falling victim to man-in-the-middle attacks.

DNS leaks are a fatal flaw for a modern VPN – particularly since the mainstream adoption of HTTPS means that your non-DNS is already end-to-end encrypted between you and the site you are visiting.

Using AES-256 encryption is a good sign; the protocol is unbroken so provided the VPN is functioning properly there should be no way for someone to brute force through the connection.

The VPN protocol behind Bitdefender VPN is Hotspot Shield’s proprietary Catapult Hydra. This protocol is capable of some serious speeds, but hasn’t had as long to prove itself as other more mainstream protocols like the open-source and industry standard OpenVPN.

In 2018 Catapult Hydra suffered a major security vulnerability, which allowed bad actors to see  users’ true location via their WiFi network name. This has since been addressed and fixed, but points to teething problems for the secretive proprietary protocol.

Some VPN apps are easy to use because of great design and others are easy to use because they have almost no features, and it would be difficult to make them hard to use.

Bitdefender VPN fits squarely in the second category.

This doesn’t mean the app design is bad – on the contrary it is very easy to use – but its limited functionality won’t be getting too much praise from us.

The mobile apps both have a simple layout. The VPN is easy to find, located within one of five tabs at the bottom of the screen.

There is a central “connect” button, and an easy to find server select button, too.

The servers are arranged alphabetically by country. Since there aren’t too many locations it’s easy to find the location you want.

There is also a connection timer, and a meter to track how much data you have left if you’re using the free version of the app.

This is the full extent of the VPN’s functionality. If you want, you can use the anti-virus and security features in the other tabs, but you won’t find any additional VPN settings.

The Mac and PC versions of the VPN require you to have Bitdefender Total Security installed. You can launch the VPN on its own, so unless you plan to use Bitdefender’s other features the Total Security app is little more than bloatware.

The VPN app itself is even more simple than the mobile version.

It has an easy to navigate server list, which we like.

The settings menu is easy to find, but there isn’t much there. The feature to automatically launch the VPN when connecting to unsecure WiFi is nice.

Many of the key features we would expect of a top level VPN just aren’t here, though. We would really like to see a kill switch option, for instance.

When we first reviewed Bitdefender VPN we found its customer support frustrating, but it’s made some definite improvements since then.

Livechat is quick and helpful (although not quite available 24/7 in our experience): perfect for customers all around the globe.

Bitdefender also provides setup guides and troubleshooting instructions for most common problems, which are well set out and should solve most issues you may encounter. The forums are pretty helpful too, although these are mostly user-operated so aren’t the most reliable source out there.

Bitdefender have a 30 day money back guarantee, which we really like. The process is easy as well, you just need to fill out an email ticket stating you want a refund.

This is perfect if you want to test out the service before properly committing.

There is also a free VPN service which comes bundled with any purchase of a Bitdefender product. Its limited – you have a 200MB data cap and cannot select server locations – but gives you a good idea of the service.

Bitdefender has been around since the 90s. Unfortunately, so have all its payment options.

You can pay using major credit cards like Visa, Mastercard, American Express, and Discover. You can also pay by direct bank transfer.

PayPal is as modern as the payment options get, but you won’t be able to find any super-private or anonymous payment methods. Ideally we’d like to see the option to pay with cryptocurrency or a prepaid credit card, or even cash.

We absolutely do not recommend choosing Bitdefender VPN unless you are already a Bitdefender customer. Even if you are, we strongly recommend looking elsewhere.

For existing Bitdefender customers, Bitdefender VPN offers some great value for the speeds it achieves. That said, it is incredibly basic, and we just don’t feel comfortable recommending a VPN which leaks information, even if it is only your true DNS servers.