Many people who are new to VPN services start out by looking for a free VPN in order to save money, rather than searching for the best VPN that will keep their data safe.
This is a bad idea. Free VPN services have become notorious for making money off their users in a variety of insidious ways. Before we get into how and why this is happening, let’s start with a basic question: what is a free VPN?
A free VPN is a service that gives you access to a VPN server network, along with the necessary software, without having to pay anything.
Of course, nothing is truly free, since hosting a network of VPN servers incurs monthly expenses, along with app development and support. Given the high recurring costs of running a VPN service, why are there so many free VPNs?
The truth is that these free VPN services are actually cashing in on their user base – usually by collecting user data and then selling it to the highest bidder. When you route your traffic through a free VPN app on your device, the VPN can easily collect your online activity and sell this to third parties and advertising networks.
In short, free VPNs are both dangerous and invasive.
Types of free VPN services
Free VPN services can be broken down into two distinct categories: unlimited free VPNs and premium VPNS.
Unlimited free VPNs
These VPNs give you unlimited access to the free VPN server network. Extensive testing and research have generally found this category to be dangerous (read malicious) and should be avoided. We’ll examine the dangers of unlimited free VPNs further below.
Who pays? The VPN service in this case is usually monetizing the user in some way. This is mostly done by collecting user data and selling it to third parties. So basically, you are still paying for the free VPN with your private data, which is being sold for profit.
These VPNs are basically giving you a small “free sample” in the hopes that you upgrade to a paid VPN account. This generally means that the VPN will offer a limited amount of bandwidth over a given period of time. We will discuss a few examples further below.
Who pays? With freemium VPNs, the paying VPN customers will be left covering the costs for all the free VPN users. This is a drawback if you are a paying customer, since you will be footing the bill for all the free-riders and sharing network resources that you pay for. Additionally, the server network and speeds may also be put under strain by the free users.
As you can see above, there are problems with both of the free VPN business models.
Let us now examine seven different reasons why free VPN services are dangerous and should be avoided.
1. Free VPN malware
“Over 38% of [free VPN apps] contain some malware presence…” —CSIRO study
Malware can come in many different forms – but at the end of the day, it’s all about making money off you and your data. Malware hidden inside VPNs can steal your data, which can then be used to:
- hit you with targeted ads and spam emails
- hijack your online accounts
- steal your money (via bank and credit card details)
- steal your digital goods or products
- lock or encrypt your devices in exchange for a payout (ransomware)
The number of free VPNs containing malware is truly frightening. The CSIRO study found that 38% of free Android VPNs contain malware. Even worse, many of the most dangerous free VPNs are highly rated and are being used right now by millions of people.
Here is one such example I found for the VPN Master article.
This free VPN app is called “VPN Master – Free VPN Proxy” and is officially listed in the Google Play store. Notice that it has a high rating (4.5) and about 100,000 downloads.
Unfortunately, the “VPN Master – Free VPN Proxy” app had eight positive hits for malware.
Below are the test results from VirusTotal when I uploaded the APK file for analysis:
Note: The ratings you see in the Google Play and Apple stores are basically worthless. This is a clear example of a malicious, dangerous, and invasive app that is highly-rated and used by many people.
#2 Free VPN tracking
“We identified the presence of at least one tracking library in 75% of the free VPN apps claiming to protect users’ privacy.” —CSIRO study
Just like with malware, hidden tracking aims to collect your private data.
The CSIRO study analyzed 283 VPNs and found that 75% of free VPN apps contained tracking embedded in the source code. These tracking libraries are a way for free VPNs to collect user data, which can be valuable for advertising and analytics.
Let’s take a quick look at just one example with Betternet, a free VPN service based in Canada. The CSIRO study found that Betternet’s free VPN app for Android contained 14 different tracking libraries. It was also found to have a high malware presence.
This is ironic given that Betternet markets its free VPN as a “security and privacy” solution.
This is especially alarming when you consider that there are millions of free VPN users who believe these apps are truly offering privacy and security – but nothing could be further from the truth.
These VPNs are spyware masquerading as privacy and security solutions.
#3 Third party access to your data
Once your data is collected by the free VPN, it can then be sold or transferred to third parties, for profit.
Let’s examine how some of the largest free VPN providers explicitly state how your data is collected and shared with third parties.
Opera free VPN (in browser)
Opera is a very popular browser, now owned by a Chinese consortium, that offers a “free, unlimited VPN service” directly through the browser. If you take a close look, however, you see that this is just another free VPN ploy to collect and share user data.
Now we’ll take a look at a few more popular free VPNs and how they give third parties access to your data:
Tuxler (free VPN)
We also share technical data that we collect about your browsing habits and your device (such as data relating to our cookies, tracking pixels and similar technologies) with other advertising companies in the digital advertising ecosystem. This enables them and us to better target ads to you.
GO VPN (free VPN)
We also cooperate with a third party in various ways to utilize the data collected processed and handled through TalkingData DMP, which include but not limited to cooperate with advertiser, advertising alliance or advertise agency to optimize advertisement launch and improve marketing effect.
And speaking of Facebook, they are also cashing in on the free VPN scam. Facebook was caught collecting user data through a free VPN app called Onavo Protect. According to some reports, this free VPN has been downloaded by 24 million users and collects data on people’s apps and online browsing habits.
#4 Stolen bandwidth
Some businesses are also using free VPNs to steal user bandwidth and reselling it to third parties.
One example of this is the Israel-based Hola VPN service. Hola was found to be stealing user bandwidth and then fraudulently reselling it through its sister company Luminati – see this article for more information.
Here you can see the Hola free VPN website at the top of the graphic below. Directly under the red line is the Luminati site, which sells bandwidth for a “business proxy network”.
This put Hola’s free VPN users at risk while other people used their bandwidth for their own activities (similar to a P2P network).
- Hola may share user data with third parties… “for additional purposes, including marketing, research, and analytics purposes.”
- “We may share your email address (if we have collected it) with our marketing partners and we may use it ourselves for the purpose of providing you news and marketing offers.”
Their Terms of Service also explicitly state how “you may be a peer on the Luminati network.”
As many have pointed out, this comes with major security risks and leaves Hola VPN users vulnerable to hacking and other threats.
#5 Browser hijacking
Another way that free VPN services can make money off their users is through browser hijacking. This is when the VPN hijacks and redirects your browser to partnership websites without your permission.
Let’s take a closer look at one such example with Hotspot Shield VPN – one of the most popular free VPNs with hundreds of millions of users.
Hotspot Shield was found to be redirecting HTTP requests to e-commerce sites, such as Alibaba and eBay, through its partner networks. The partner networks in this example were Conversant Media and Viglink – two online advertising companies.
From the CSIRO study we learn more about Hotspot Shield:
In 2017 Hotspot Shield was formally cited in a report filed before the Federal Trade Commission for egregious privacy violations.
#6 Free VPN data leaks
A good VPN should secure and encrypt all of the traffic between your device and the VPN server.
Unfortunately, in testing numerous VPN services (both free and paid), I have found that many VPNs leak data, thereby leaving the user exposed. These leaks can come in the form of IP address leaks and DNS leaks – a common problem with free VPNs.
Here is an example I found when testing Betternet’s free VPN for Windows (see the Betternet review).
In addition to the IPv4 leaks, I also identified IPv6 leaks and DNS leaks with the Betternet free VPN for Windows app.
In testing over 280 different free VPNs, the CSIRO study found:
- 84% of free VPNs expose the user’s real, globally-unique IPv6 address
- 66% of free VPNs leak DNS requests, thereby exposing the user’s browsing history and location
These leaks essentially render the free VPN useless.
#7 Free VPN fraud
Using a free VPN may put you in a dangerous position, simply due to the tracking, malware, and data sharing with third parties. As we have seen with Betternet, some VPNs give third parties direct access to user data and then relinquish all responsibility if something bad happens, such as identity theft or financial fraud.
The business model of free VPN services makes them inherently risky.
Now that we have covered the seven hidden dangers of free VPN services, let’s take a look at some other alternatives.
What is the best free VPN?
Given all the risks and dangers of free VPNs, I’m not going to recommend or name any as the best free VPN. That being said, recall from above, there are basically two types of free VPNs:
- Unlimited free VPNs – These generally monetize the user in some way and have been found to be quite dangerous, even if they are highly rated and recommended on various websites. The vast majority leak the user’s IP address, collect and share data with third parties, and many are also infected with malware and tracking libraries. (I’d recommend avoiding all unlimited free VPNs.)
- Freemium VPNs – These free VPN services basically use the “free sample” business model in the form of either a limited amount of free data or a risk-free trial.
If you are intent on trying out a free VPN, then I would recommend the second category – the freemium VPNs.
There are three different freemium VPNs I’ve tested that offer a limited amount of free data and appear to be reputable:
- TunnelBear – TunnelBear is a VPN service based in Canada that offers 500 MB of free data, which will not last very long. Paid plans start at $5.00/month. I upgraded to the paid plan and tested out TunnelBear’s apps and speeds throughout their server network. Unfortunately, TunnelBear did not perform very well and it did not earn a recommendation.
- Trust.Zone – Trust.Zone is a VPN service based in Seychelles and offers a 3 GB / 3 day free trial, whichever limit is reached first. Paid plans start at $3.33 per month. I found Trust.Zone to do alright in testing, but they only offer a dedicated VPN app for Windows, which is a drawback.
- Windscribe – Windscribe is a Canadian VPN service that offers 10 GB of data for the free VPN, with paid plans starting at $4.08/month. It is a decent VPN but it also has speed and reliability issues I noticed when testing various Windscribe servers.
But even among these, there are still a few problems that must be pointed out:
- Limited free trial – You will quickly burn through either the free data or come to the end of the trial day period. Usually this does not give you enough time to adequately test the service to see if it’s a good fit for your needs.
- No refunds – If you use the free trial and then purchase a subscription, you will not get any refund, which can be a headache if the VPN gives you problems after the trial has expired.
- Free riders – Paying customers subsidize all the “free” users. If you are a paying customer, then your subscription costs are also helping to pay for the resources and bandwidth used up by the free VPN users (the free riders).
It is for this reason that I recommend going with a risk-free VPN trial instead.
Risk-free VPN trial
At the end of the day, if you want a safe, secure, and fast VPN service, you will need to pay for it.
Even with the free trial VPN services, you will quickly burn through the free data, which forces you to stop using a VPN or pay for the service. In other words, you still end up at the same point: using a paid VPN service.
With that in mind, the best option, in my opinion, is to go with a VPN that offers a long, risk-free trial period, thereby allowing you to cancel your service and get a refund if you find the VPN does not meet your needs.
Below are the top two VPNs that offer a 30 day risk-free trial. With this option you pay up front for your subscription, but if you find any issues or concerns within the first 30 days, simply cancel for a full 100% refund. (Note: 30 days is the best refund window you will find anywhere in the VPN industry.)
ExpressVPN (30 day risk-free trial period)
British Virgin Islands
ExpressVPN currently holds the top spot in the best VPN service report with excellent speeds and secure, leak-proof VPN apps. In terms of security, ExpressVPN is as good as it gets with AES 256-bit encryption and advanced leak protection settings with the Network Lock feature. They are based in the British Virgin Islands, which is a great privacy jurisdiction, and are a proven no logs VPN service. ExpressVPN is a top choice for both privacy and security, as well as torrenting and accessing Netflix and other streaming services.
Drawbacks: The main drawback with ExpressVPN is that the price is slightly above average, but they are offering a discount with the coupon below.
See the ExpressVPN review for more details.
NordVPN (30 day risk-free trial period)
NordVPN is another great VPN service that is also very affordable at approximately $2.99 per month with the discount below. It is based in Panama and also has a strict no logs policy to protect customer privacy. NordVPN offers a great lineup of secure and reliable applications for all major platforms. For a budget VPN service, NordVPN also has some good features, including double-VPN servers, Tor-over-VPN servers, and a CyberSec ad blocking feature.
Drawbacks: The main drawback with NordVPN is that speeds can be somewhat variable with different servers in the network.
See the NordVPN review for more details.
Conclusion on free VPN services
Unfortunately, the free VPN scam does not show any signs of letting up. More people are turning to VPN services in response to censorship, content blocks, and concerns over privacy and security – and free VPNs are taking advantage of this trend.
While awareness about these risks continues to grow, the Google Play and Apple stores are still loaded with hundreds of malicious and invasive free VPN apps – many of them with excellent ratings from naive users. Even worse, many of these VPNs are operating from dubious overseas jurisdictions, particularly China, which do not recognize Western privacy laws and regulations.
Basically this leaves you with only one good option: a safe and secure paid VPN service.
Last updated March 19, 2019.