cryptostorm logo

The VPN service provider for the truly paranoid

This website is also available as a Tor hidden service at
and the I2P eepsite at cs.i2p

secret   privacy
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." - Edward Snowden

Bare metal servers

dedicated servers only

No logs

Our VPN servers never save data that can be used to identify a customer.

Chaining supported

Don't trust that we're not logging?
Use multihop to connect to another VPN (or Tor) before you connect to us.

Open source

no proprietary code

All server-side configs are public

Available for review here.

Security through transparency

(too many) details on how the network operates available on our blog and on our
privacy policy page.

Token-based network access

anonymous authentication

Hashed tokens

Access tokens are hashed before connecting. Compromised/confiscated servers can't be used to identify clients.

Decentralized organization

roots in Iceland, entities worldwide

Financials in several regions

No central office, anywhere.

lock   security

Someone wearing a tin-foil hat might say we're too paranoid


Ed25519, Ed448, and secp521r1 instances
  • 521-bit EC (~15360-bit RSA)
  • TLSv1.3 supported
  • AEAD authentication
  • 256-bit AES or ChaCha20-Poly1305
  • Resistant to quantum attacks

    OpenVPN RSA

    Our least secure option is stronger than most VPN providers' strongest option
  • 8192-bit RSA server certificate
  • 521-bit EC (~15360-bit RSA) CA
  • 8192-bit DH params
  • 256-bit AES or ChaCha20-Poly1305
  • Safe from padding oracle attacks


  • ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction
  • Curve25519 for ECDH
  • BLAKE2s for hashing and keyed hashing, described in RFC7693
  • SipHash24 for hashtable keys
  • HKDF for key derivation, as described in RFC5869
  • Customized systems

  • grsecurity linux-hardened kernels
  • Principle of least privilege practiced
  • Integrity verified
  • Disposable servers
  • users   benefits

    Features you won't find anywhere else

    DeepDNS system

    protecting clients before they connect

    encrypted DNS servers

    Chain DNS traffic with Anonymized DNS

    DNSCrypt v2

    Public DNSCrypt servers for encrypting your DNS traffic before you connect

    Transparent .onion/.i2p access

    Direct access to darknets

    Anti-leak protection

    keeping your real IP safe

    DNS-based ad/tracker blocking

    Prevents malicious trackers from working

    Kill switch included

    Many different killswitches available to prevents leaks if disconnected

    Flexible connection options

    bypass restrictive firewalls

    SSH/HTTPS tunneling

    Make your traffic look like SSH or HTTPS

    Connect on any port

    UDP or TCP (1-29999)

    BitTorrent allowed

    Port forwarding supported
    Safe from the Port Fail vulnerability

    Unlimited bandwidth

    unrestricted access

    No data caps, no throttling

    Redundant load balancing

    Minimizes downtime

    new IPs added often

    Currently: 389 available IPs

    globe   server locations
     for the detailed list

    server map
    gem   buy now
    The "devices" number below would be the maximum number of devices allowed to connect at the same time.
    If you need to connect more devices, buy more tokens, or buy ones that allow more devices, or setup your router to use cryptostorm.

    credit card ☇ PayPal

    friendly pricing, quick access

    recurring subscriptions USD

    single order USD (non-recurring)

    credit card ☇ CCBill

    supports most prepaid cards

    recurring subscriptions USD

    single order USD (non-recurring)

    Monero / XMR

    no 3rd parties, no email or JS required

    instructional video here

    crypto ☇ NOWPayments

    ~200 cryptocurrencies supported
    (no email or JS needed here either)

    crypto ☇ BitPay

    BTC, ETH, or any other cryptocurrency supported by BitPay

    cogs   connect to cryptostorm

    We use OpenVPN, so if they support your OS, then so do we. We also support WireGuard.


    Be sure to also check out our blog

    SHA-512 hash calculator
    heart   social media

    envelope      email






    sitemap | live chat | token verify | warrant canary