Most VPNs make little effort to tell you about the company behind the service, usually because there’s not much to say. Cloak is very different. It’s been developing its own technology, iOS and Mac clients since 2011, and attracted so much interest that it was acquired by big-name cybersecurity startup StackPath in 2016.
Cloak’s main focus is on simplicity. It watches your activities and automatically protects your connection whenever you access an insecure network. You’ll barely know the app is there: it just works. But the ‘Cloak Transporter’ can also give you a new location, when necessary. Right now it supports eleven countries: Australia, Canada, France, Germany, Hong Kong, Japan, Mexico, Netherlands, Norway, Poland, Sweden, United Kingdom, and ten locations in the United States.
If you’re a VPN expert and would like to know more about the underlying technology, Cloak has everything you need to know on its website. Even if you don’t fully understand the detail, it’s an impressive illustration of the company’s knowledge and transparency.
The service doesn’t support torrents, but that’s not necessarily a bad thing. It means less users hogging large amounts of bandwidth for themselves, and maybe there will be more left for you.
CloakVPN doesn’t give you wide platform support. The main two clients cover iOS and macOS, and there’s an Android beta. There’s nothing for Windows yet, although a beta is planned, and there’s no support for setting the service up on routers or anywhere else.
Prices are relatively high for individuals at $8.33 (£6.50) a month paid annually. This covers as many devices as you need for your own personal use, though, and Cloak’s Family Plan secures up to five family members for a monthly $13 (£10). That could be good value if you’ve four or five users to protect.
The company explains that although it doesn’t log where you’re going online, a record is maintained of your last 16 days of session data: the incoming IP address, the virtual IP, the bytes sent and received, the time you’re connected, and the source port of each outgoing connection, with start and end times. (The last one records the existence of a connection, but not where it’s going.)
Why? The company says it allows them to respond to complaints. If someone’s used Cloak to send spam and hack a system, having session records enable them to find the offender, pass along the complaint to them, or maybe take some further action (not ‘call the police’, more like ‘terminate the account’) if the offence is serious.
The real-world privacy impact of this is relatively small. If you are doing something dubious, and someone detects that, and they can get a legally enforceable court order demanding records, and that’s delivered to Cloak in the 16-day window before the data is deleted, they may be able to link the original connection to your account (this will still only show that you accessed an internet resource, and not any detail of what you did). Otherwise it’s business as usual.
This isn’t an ideal situation. More records are never a good thing, and a few VPNs say they don’t keep session data at all (for example Mullvad, IVPN). But it’s unlikely to affect many people, and we have to applaud Cloak’s transparency in explaining what they’re doing and why (get the full story in this blog post). We suspect many providers do something very similar, too – they just don’t tell you about it.
Getting started with Cloak is unusually easy. There’s a generous 14-day trial with no credit card details required, and all you need to do is provide an email address, choose a password and install the app. Even the ‘Subscribe to Cloak’s email newsletter’ option is turned off by default.
By default Cloak runs in the background, monitoring your network activity. If you connect to Ethernet or password-protected Wi-Fi networks, it does nothing. Access an insecure Wi-Fi system, though, and Cloak kicks in immediately. We really do mean immediately, too: an ‘OverCloak’ system blocks all internet activity until the VPN connection is made, ensuring that nothing leaks from your system.
This is very configurable. If you want the VPN to protect you on all networks, clear a few checkboxes and that’s exactly what it will do. You can also create a whitelist of trusted networks where Cloak won’t be required. Whatever rules you create will then be followed automatically.
Cloak normally connects to the fastest server for your location, but you can also select a specific default location in a couple of clicks. Desktop notifications then let you know when you connect and disconnect.
Speeds were below average: 20-25Mbps at the very best, below 20Mbps from the UK to Europe, and often as little as 10Mbps to the US. That’s enough for browsing, and Cloak isn’t trying to appeal to heavy downloaders anyway, but it’s still a little disappointing.
Even so, our leak tests showed that while the underlying network might not be quite up to scratch, Cloak’s software does an excellent privacy-preserving job. There were no DNS or WebRTC leaks to compromise our identity, and our browsing was protected at all times.
Cloak is an easy-to-use VPN which excels at its main function: automatically encrypting your connection whenever you access unprotected networks. But issues over performance, logging and the lack of a Windows client make it difficult to fully recommend.
*Our testing included evaluating general performance (browsing, streaming video). We also used speedtest.net to measure latency, upload and download speeds, and then tested immediately again with the VPN turned off, to check for any difference (over several rounds of testing). We then compared these results to other VPN services we’ve reviewed. Of course, do note that VPN performance is difficult to measure as there are so many variables.