Taking advantage of a free three day trial for prospective customers that I found in Reddit self-edit, I decided to look into IAPS Security Services (intl-alliance) VPN provider. I was really looking forward to see for myself if IAPS claims of being able to provide VPN servers in places as unique and paradoxical as the Vatican Holy City and Mecca in Saudia Arabia were for real.
To start with, IAPS intl-alliance website could do with a redesign, you will find it confusing, not mobile friendly and messy, but what matters most is the quality of their services, so let’s not judge them for that alone. IAPS intl-alliance VPN monthly prices aren’t cheap but annual subscriptions work out at a reasonable rate if they really provided the over 140 worldwide countries and more than 190 VPN servers they say they have. IAPS also has dedicated packages to watch USA or Canadian TV from abroad and packages to be able to play poker with a VPN.
After signing up I quickly received a friendly email from Jared Twyler, IAPS Chief Executive Officer whose LinkedIn page lists education in the highly regarded Massachusetts Institute of Technology. I had previously informed Jared that I would be reviewing their VPN services on hacker10 blog and he was confident enough to say that “I’ve been a vpn supplier since 2007 and have been judged since then. Seeing another site pass judgement isn’t anything new.”
The welcome email contained a username and password with 192 links to VPN servers in locations that no other VPN provider can give you. Iraq, Falkland Islands, Palestinian Territory, Qatar, Bhutan, Uganda, Uzbekistan, Algeria, Kuwait, nearly all European countries and at least a dozen USA servers. IAPS intl-alliance does not have any propietary VPN client, you are given a link to the official OpenVPN client, this makes it a little difficult to manage all of the over 190 servers but not a big deal. When you click on any of the links on the email an .ovpn certificate will be automatically downloaded to the OpenVPN folder and permanently added, it was very easy to set it up.
I decided to start the VPN testing with the server in Saudi Arabia, the first thing I noticed is that there was very little lagging and the speed was excellent. I checked my location using ip-score.com and a couple of other sites that check your computer IP online, sure enough they identified my computer as being in Saudi Arabia (Mecca), however Google advertisements were being shown in my local language. I then decided to visit an Israeli website, knowing that all Israeli pages are blocked by Saudi Arabia Internet filtering, I expected not to be able to access it but I had no trouble viewing the page. I decided to visit a porn website to see if it was blocked, and again, I had no problem looking at online porn with what it supposedly was a Saudi VPN in Mecca.
This was puzzling, I carried out similar testing with other servers, all with similar results, the whatismyip websites would indicate that I was in the location IAPS intl-alliance said the VPN was, and extraordinarily, my VPN connection did not have any kind of lagging or speed cutback while connected to far away countries like Bhutan or South Sudan.
I suspected something wasn’t right when I found no ping or speed differences in between the VPN in Italy and China. I also noticed that virtually all computer IPs assigned by the VPN started with 46.36.*.*.*, it just happenned that Saudi Arabia and the VPN in the Vatican had both assigned me computers IPs in the same range. After a few traceroutes and whois lookups I realised that IAPS was always listed as an Internet Service Provider in the whois and the contact address was always listed as a local address.
That is how I believe they fool the websites about your geolocation, by IAPS listing the network operator address as being in Mecca, the websites checking your location assume that your ISP is also in Mecca since that is where the network is theoretically being operated from. IAPS owns the 46.35.*.*.* IP range and they assign it as they see fit only changing the local address of the network operator to fool websites into believing the visitor comes from that particular country.
IAPS intl-alliance server provider is listed in the “mnt-by” records of the whois is IP as RackSRV, a United Kingdom based company selling VPS and dedicated servers, I am inclined to believe that Jared Twyler, listed as the server administrator based in the United States, has rented one or more servers with RackSRV and is masking them as being located in all of those exotic locations he is selling VPN services for when in reality he does not own any server in any of those countries.
I tried IAPS intl-alliance servers in the USA and they can fool Hulu and Pandora, if you wish to watch USA TV it will work, nothing wrong with that, but I am calling this company a scam because they are advertising their services as having physical servers in over 190 countries and in all likehood they only have a single server in the United Kingdom.
I gave IAPS Intl-alliance the opportunity to prove me wrong, I asked IAPS Chief Officer Jared to name me the datacentre he is using in the Vatican city and in Saudi Arabia and his one line reply was “They are all private networks owned by IAPS.” I emailed back enquiring if IAPS really owned a VPN server in the Vatican and in Saudi Arabia and Jared’s response was a single word with a period “Multiple.” Fantastic explanation!
I don’t think it is wrong providing VPN servers the way they do except that they are lying to customers about how many servers they own and how they manage to achieve a Saudi computer IP without having any server in Saudi Arabia, and I would not feel confidence in trusting my valuable privacy to a lying and cheating company.
UPDATE: I sent a link about this post to IAPS Chief Officer Jared, mentioning that he is welcome to reply in the comments sections. It appears that IAPS does not wish to make any comment.