Can I let you in on a little secret?
When it comes to protecting your privacy, most VPNs fail.
Many popular, highly-rated VPN services will leak your IP address, infect your computer with malware, install hidden tracking on your devices, steal your private information, leave your data exposed to third parties, and even steal your bandwidth.
As you will see below, many of the popular VPNs are not safe to use – especially if you are using a VPN to protect your privacy online.
VPNs can look perfect on the surface and be an absolute privacy and security disaster when you take a closer look.
To combat the growing confusion and deception in the VPN market, I decided to create the VPN Warning List (which is a work in progress). This warning list contains information that I personally find to be troubling with various VPNs and the overall VPN market.
Disclaimer: This list does not necessarily reflect the latest information on every VPN service and/or app. Everything on this list is based on information that is well sourced and freely available online.
VPN WARNING List
5 Eyes countries – Always consider the legal jurisdiction of your VPN provider. The following five countries are working together in an alliance to collect, share, and analyze mass surveillance data: United States, United Kingdom, Australia, Canada, and New Zealand.
14 Eyes countries – In addition to the five countries above, the following countries are also working together to collect and analyze mass surveillance data: (5 eyes countries), France, Denmark, Netherlands, Norway, Italy, Germany, Belgium, Spain, and Sweden. (Note: Israel should also be included with the 14 countries above. According to many sources, Israel is a close partner with the NSA and other spying regimes.)
Apps for Android and iOS – In general, you should be cautious when downloading any VPN app on your mobile device. A study of Android VPN apps found that 84% will leak your IP address, 82% will attempt to access your sensitive data, 75% utilize third-party tracking, 38% contain malware, and 18% don’t even encrypt your data (leaving you completely exposed). But this is no surprise. Over the years all kinds of apps have proven to be a security and privacy nightmare, for both Android and iOS. If you want to secure your mobile devices (without adding more apps) see here: Android guide and also iOS guide.
Archie VPN – Archie VPN was listed as #6 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
Betternet – In reviewing and testing Betternet, I found a number of alarming items, such as Betternet giving third parties access to your data that’s collected through their VPN. An academic research paper listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps. They were also busted for embedding 14 different third-party tracking libraries into their Android VPN app, while promising users “privacy and security”… [Read Betternet Review…]
CM Data Manager – CM Data Manager was identified in an academic paper because its Android VPN app is considered “malicious or intrusive.”
CrossVPN – CrossVPN was listed as #5 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
DNSet – DNSet was identified in an academic paper because its Android VPN app is considered “malicious or intrusive.”
Easy VPN – Easy VPN was listed as #2 on the Top 10 most malware-infected Android VPN apps. (Note: the app developer behind Easy VPN was also responsible for “ok VPN” which was the most malware-infested VPN app in the Google Play store – but has since been removed.) Easy VPN incorporates adware on its source code and requests the SYSTEM_ALERT_WINDOW permission to draw window alerts, such as unwanted ads, on top of any other active app. (See here for more info.)
Fake VPNs – With the growing interest in VPNs, there are even fake VPNs services popping up. When I say “fake” what I mean is that there are no servers, no software, and no VPN – instead it’s just someone trying to steal your money while pretending to be a VPN. One example of this was MySafeVPN, which was sending out scam emails and defrauding customers who paid money, expecting there to be an actual VPN service.
Fast Secure Payment – Fast Secure Payment was listed as #10 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
Flash Free VPN – Flash Free VPN was caught embedding 11 different third-party tracking libraries into its Android VPN app. This seriously affects the privacy and security of the user. (See here for more info.)
Free VPNs – (This refers to all the free VPNs currently flooding the market.) Free VPN services have proven to be a privacy and security disaster. Free VPNs make money by recording and selling your data, hitting you with ads, and/or redirecting your browser to e-commerce and third-party websites. Many of the most popular free VPNs in the Google and Apple stores are loaded with malware. As the saying goes, “If something is free, then you are the product.” (See the Free VPNs guide for a discussion on the dangers and risks of free VPNs.)
Globus VPN – Globus VPN was identified in an academic paper because its Android VPN app is considered “malicious or intrusive.”
HatVPN – HatVPN was listed as #7 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
Hide My Ass – Hide My Ass (HMA) is a based in the United Kingdom – which is a bad location for privacy due to mandatory data retention and mass surveillance. Making matters worse, HMA has a troubling history of turning over customer data to law enforcement agencies around the world.
Hola – Hola is an Israel-based VPN service that has been caught stealing user bandwidth and fraudulently reselling it through their sister company Luminati. Hola users act as endpoints for the entire network. This means other people are using your bandwidth and IP address when you use Hola, and you can be busted for their activities. (Also discussed in the Free VPNs guide.)
Hotspot Shield VPN – Hotspot Shield VPN was directly identified in an academic paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. Furthermore, analysis of Hotspot Shield VPN’s source code revealed they “actively use more than 5 different third-party tracking libraries.” They were also exposed for redirecting user traffic to e-commerce domains, such as alibaba.com and eBay.com through partner networks (See study here.). Users also complain about fraudulent activity after purchasing their paid VPN service. Also troubling is their Privacy and Security Policy which includes: third-party data sharing, IP address sharing, tracking, web browsing data collection, and geographical information.
Update: Hotspot Shield has also been in the news recently because their VPN was found to leave users vulnerable to having their location exposed. Hotspot said they are working on a fix. See additional information here.
Ip-shield VPN – Ip-shield VPN was found to be embedding third-party tracking libraries into their Android VPN app. These tracking libraries (such as NativeX and Appflood) are used to hit users with targeted ads, thereby monetizing the “free” app. (See here for more info.)
Ivacy VPN – Ivacy is a Hong Kong VPN provider that has some troubling issues. Their refund policy limits you to 500 MB of bandwidth and 30 sessions. Certain bloggers have also accused Ivacy of falsifying their VPN server locations, meaning that you’re not getting the locations you paid for. Many people believe that Ivacy and PureVPN are under the same company and using the same network infrastructure.
“No Logs” VPNs – There are countless VPNs claiming to be a “no logs” VPN service, and then burying their logging activities in their Privacy Policies. Instead of saying the word “log” they may refer to data that is “kept” or “stored” or “collected” by the VPN provider. Examples of this include Betternet and PureVPN. While connection logs aren’t necessarily bad (see here), lying about logging policies and making contradictory claims is a growing problem.
One Click VPN – One Click VPN was listed as #9 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
Opera “Free VPN” – Opera’s browser now includes what it calls a “free VPN” which they say is “better for online privacy” (see here). First, this is not a VPN at all. Security experts have shown that this is just a web proxy, which uses API requests. Second, Opera’s privacy policies include statements about data collection (including usage data) and how this is shared with third parties (see here). If you’re still thinking about using Opera’s “free VPN” – read this first.
PureVPN – My PureVPN review uncovered many problems. My testing identified continuous IPv6 leaks, IPv4 leaks, and DNS leaks with their VPN applications. Even more problematic, all of these leaks were detected with PureVPN’s leak protection “features” enabled, and the VPN client informing me that my “real IP address is hidden.” PureVPN was also caught handing over customer data to the FBI (US authorities) despite claiming to have a “zero log policy”.
Rocket VPN – Rocket VPN was identified in an academic paper because its Android VPN app is considered “malicious or intrusive” and it also tested positive for malware by VirustTotal.
SuperVPN – SuperVPN was listed as #3 on the Top 10 most malware-infected Android VPN apps. Different forms of malware identified in the study included: adware, Trojan, malvertising, riskware, and spyware (see here for more info).
Surfeasy – Surfeasy was found to be embedding third-party tracking libraries into their Android VPN app. These tracking libraries (such as NativeX and Appflood) are used to hit users with targeted ads, thereby monetizing the “free” app. Additionally, the Surfeasy privacy policy explains how they are collecting “usage data” – see here.
Spotflux VPN – Spotflux VPN was identified in an academic paper because its Android VPN app is considered “malicious or intrusive.”
Tigervpns – Tigervpns was identified in an academic paper because its Android VPN app is considered “malicious or intrusive” and it also tested positive for malware by VirustTotal.
VPN Free – VPN Free was identified in an academic paper because its Android VPN app is considered “malicious or intrusive” and it also tested positive for malware by VirustTotal.
VPN Master – There are many free VPNs offered in the Google Play or Apple stores using variations of the “VPN Master” name. Through testing I have found that these VPN Master apps are full of dangerous malware, despite having high ratings and millions of users. I even found that one of these free VPN apps called “VPN Master Free unlimed proxy” (sic) is owned and operated by a Chinese data collection company called TalkingData. [Read More…]
VPNSecure – VPNSecure is based in Australia – a 5 eyes country that is not good for privacy. VPNSecure was also identified in an academic paper for leaking IPv6 and DNS requests, which leaves its users exposed to “surveillance and malicious agents.” The same paper also noted that VPNSecure has a number of egress points in residential ISPs. This suggests that users are unknowingly being used as endpoints in a P2P-like bandwidth network – i.e. user bandwidth is being stolen (although the paper could not confirm this). (See here for more info.)
Wifi Protector VPN – Wifi Protector VPN was directly identified in an academic paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app.
Conclusion
This list illustrates one fact that’s often repeated on this site: using no VPN is better than using a bad VPN.
Even if you didn’t find your VPN on this Warning List, be careful. Many popular and highly-rated VPNs have problems, such as IP leaks and non-working features.
Free VPN services are even more dangerous, because most contain malware, tracking or other privacy problems.
That’s why it’s a good idea to regularly test your VPN to make sure it’s working correctly.
Are you tired of reading about bad VPNs? Then check out the best VPN list for some recommendations, which have all passed rigorous testing and are located in good privacy jurisdictions.
Stay safe!
Last Updated: February 12, 2018 (Added update to Hotspot Shield VPN.)
Ufo vpn and many others leaked data. Write it down here
is SkyVPN safe? (SkyVPN is available for Windows, Mac OS, iOS and Android)
im using it on Windows
“The “no logs” claim is for the VPN service itself, to include all infrastructure (VPN servers, DNS Servers, …). A few VPNs have undergone audits that verified these claims, as discussed here.”
OK, its clear in case of those audited services. What about those which don’t have own DNS servers, like that Swedish VPN which is using an US registered company DNS server…..?
> like that Swedish VPN which is using an US registered company DNS server
I’m not sure what you are talking about here. What Swedish VPN? Reputable VPNs have their own DNS servers (that do not log).
Hello,
Is ZenMate Free VPN, safe to add to chrome extension and use it for banking purpose ?
Probably not a good idea. ZenMate was purchased by a company that has a history of producing malware. More background info here.
During last year or so 99,9% of VPN providers started to claim that they are not logging at all, but how log free are their DNS servers? Seems that nobody exactly knows when the DNS request is made. It is made with the original IP address before the IP is switched in the VPN server or after the switch??? If the first alternative is true, the VPN providers can log absolutely everything on DNS without lying to customers as no logs are kept on VPN servers.
The “no logs” claim is for the VPN service itself, to include all infrastructure (VPN servers, DNS Servers, …). A few VPNs have undergone audits that verified these claims, as discussed here.
Https? I find your cited sources of “an academic paper” leaving a little to be desired. Of course the government can and will spy on people. That’s not even something they deny. It’s a f’d up world and it takes things most people can’t stomach to keep this country free. I believe in privacy but I am a realist. There are factions domestic and abroad that seek to end your life let alone your internet. It’s a scumbag business practice to sell off data to deceptively make a dollar. It’s real life to gather intelligence against threats to our lives and freedom. Look tin foil hat guy, do you really think a room full of trained killers gives a shit you ordered a mushroom spore kit and looked at some bootleg star wars crap. I got a half a brick of bam bam in my desk right now. Ain’t nobody giving that a second thought. Well a few maybe on night ops wishing they had a pick me up. And who are the ISP snoop dogs that nobody ever names or has a case in point. I don’t think att cares I watch pornhub nor will use that to extort my hundreds of dollars in fortune. If someone is watching childpornhub your goddamn right I will infringe on you or anyone else to save exploited children. I’m not going to remember you for 20 seconds because you are not important. I dont care if you have 2lbs of weed, torrent every song on earth and have a hidden time machine. For the love if god do you even know how we scan for Arabic threats.. We use a language syntax technique we learned from dolphins. We dont speak Arabic but learn what a pissed off one sounds like and that’s the whole concept of chatter. Look the real real is, you cannot stop our military and Intel organizations even if you want. Never.. the recruit the smartest people on the planet, have unlimited resources, and can make you accidentally kill yourself. Rest easy birchenstock fan. The whatever the dumbass name is watching eye 17 or whatever are not interested in you. And are probably the ones that invented your elusive vpn scrambler. Let’s see yep..the us navy and DARPA’s thing about onions. Omm. Tor network. Yeah we made that. These people die to keep pacifist douchebags alive that do nothing but talk shit. You might just suck it up because you aren’t gonna like Communist rule are Muslum Law much. Change your perspective and realize that you a blessed to live in a Country this great.
P.S I like the blue shutters better than the green you looked at online. Bwahhhaaahaaa (ftw)
First off I’m a computer”Idiot”. The free VPN I’ve used or all on your list, and so are the paid VPN I’ve used. Using Windscribe VPN monthly service now. Got anything on them, definitely like to read. Is there a VPN service that you would refer(and I don’t care if they pay you as long as its trustworthy) to someone that only use it for Android phone and basically website surfing like YouTube, video apps, reading articles and using Mint browser and downloader? And to Mr.Sven for the articles and reader’s for theirs questions. Complete RESPECT to y’all!
Hi Adder, Windscribe is a pretty decent VPN service compared to the ones on the list. Here’s the Windscribe review.
Does any one know any good VPN’s?
Here you go.
Hello. Sorry i little confused about vpn. Vpn using encryption connection right? And many of the VPN services use 256 encryption. So isn’t the VPN service unable to see what we are doing on the internet?
Sorry i really confused. Make me understand.
Thank you very much.
The VPN server is the endpoint of the encrypted tunnel. This means that people snooping traffic between your computer and the VPN server could not read anything. However, the VPN could snoop traffic going through their servers, which is why it’s important to use a trustworthy VPN.
I don’t know how vpns work, but if I downloaded a vpn app then deleted it immediately, will I be alright? Could any of my info have been taken
There are hundreds of free VPNs out there, sorry, but I have no idea what it did on your phone. Yes, it could have been malicious and affected your data.
Can you tell me which VPN is safest to use and doesn’t sell our data…
Thank you.
The top recommendations that I have tested and used are on the Best VPN List here.
Hi Sven,
You’re a great resource on the internet. Thank you for your contribution.
Hey, I’ve got an easy question. Let’s assume that my PC and router were updated to super secure Linux OS and that the system is leakproof. I get it, nothing is leakproof but work with me, OK? My router is still using OpenVPN to connect directly to my VPN.
BUT in between my router and the VPN is a cable modem supplied by my ISP. Now, what if that cable modem was leaking info to a third party, like my ISP. What would the ISP see? Raw data or the encrypted stuff from my router?
About that cable modem. They’ve totally made it a true black box. It doesn’t even show up on ipconfig but I pinged an address totally by mistake when my 9 key got stuck so instead of 192.168.0.1, I pinged 12.168.0.2 and there is it is. That address doesn’t work in the browser but nmaps shows all kinds of ports, including an open 443 TCP port. Just sayin…
Looking forward to your answer.
Hi Robert, if your router is properly encrypting your traffic, without leaks, I wouldn’t think the modem would be an issue. And if you’re extra worried, you can also physically chain routers for double, triple… encryption.
Hi Sven, you give me an idea. If I had 2 routers connected in series and one was connected via OpenVPN to say, ExpressVPN and the other one was connected to NordVPN, also with OpenVPN, would that setup actually work? What about emails are they protected? Thanks for your insight…
Yes, that definitely works. It’s a method to “chain” VPNs and it offers many benefits:
– more privacy and security
– distributes trust across VPN providers
– no single VPN gets the full picture of your activities
Performance can take somewhat of a hit, however, especially since most routers don’t handle encryption as well as a computer, but there are a few exceptions (discussed in the VPN router guide).
I once had a pop up about 4 weeks ago saying my Samsung galaxy s6 is infected with a virus it told me to download an app called global vpn which is apparently free and secure 3 week later Google play store play protect sent me a warning saying that global vpn was committing fraudulent advertising and may be harmful I have since deleted the app I also found there were many apps with the same name the logo of the one which I had downloaded was a blue and white shield is the particular app I’m talking about fraudulent and if so which global vpn s are legitimate
This sounds exactly like all of the malware-laden “VPN Master” apps I examined a while back. Your best bet is to completely avoid free VPNs. If the VPN is free, then how do they pay the bills? By monetizing the user (you) – see the free VPN guide for more explanation of the risks.
Hi, I’m seriously confused about VPNs, TOR and the NSA. Some sites say that the NSA can’t crack VPNs, TOR gets you added to the “Persons of Interest” list and so on.
Does anyone know the truth?
Let’s assume that I’m a “Person of Interest”, for the sake of argument OK? Maybe I use TOR, maybe I blogged 911 was an inside job, etc. So now the NSA monitors every bit of data going through my ISP, which is a cable modem FWIW. The router is an Asus AC-3200 which connects with OpenVPN to my VPN, which is ExpressVPN. It uses RSA 2048 bit encryption and SHA256 key sizes. BUT the NSA would have been there while I created my account and would have recorded any keys, passwords, etc. Then I connect to the router with a laptop which is booted from a TAILS usb, which has TOR pre-installed as part of TAILS.
Dnsleaktests show no leaks at all.
So, can the NSA listen in to everything I’m doing or not? Please, let’s set the record straight.
Thanks, Rob
Hi Robert, yes, there is lots of misinformation floating around, but with many things there are also not perfectly clear answers, especially when it comes to the NSA and its capabilities.
Tor: There are lots of red flags with Tor, and the further down the “rabbit hole” you go, the stranger things get. Check out my main Tor guide for an overview of my research. I would personally not use Tor, but I also do not recommend against using it.
Your privacy setup sounds very good. You have successfully incorporated strong VPN encryption at the router level, plus Tor on your computer. This is way above and beyond most people using VPNs, let alone the general population. Good job.
Even if a third party was monitoring you while you created a VPN account, that does not compromise your VPN’s encryption, handshakes, keys, etc. Your VPN credentials (username and password) are not keys to decrypt everything. If stolen, it simply means someone else could use the VPN service for free. OpenVPN with 256-bit AES encryption (as ExpressVPN uses) is very secure and considered unbreakable. The RSA 2048-bit handshake encryption allows for new keys to be generated between your device and the VPN server with every session.
According to various sources, the NSA has made progress cracking the PPTP and IPSec VPN protocols. OpenVPN remains very secure and has been audited for vulnerabilities, but there’s no way to know the capabilities of the NSA and targeted monitoring. Nonetheless, using encryption and privacy tools makes the job of the NSA much more difficult, especially with decrypting bulk data from all internet users. Even with super computers and unlimited resources, the OpenVPN protocol with strong encryption is still considered unbreakable by current standards (but who knows for sure).
Rather than using Tor, you could also incorporate VPN provider #1 on your router + VPN provider #2 on your device, thereby double-encrypting all traffic via the OpenVPN protocol and strong AES 256-bit encryption. That may offer more peace of mind (if necessary) while also providing better performance than Tor.
Good luck!
Hi Sven,
This is exactly the kind of clear, concise answer that I was looking for. How can I donate without Bitcoin?
Thanks, Rob
Great, Rob, happy to help. You would need to setup a bitcoin wallet, (I like Electrum) and then donate to my Bitcoin address. I know that’s a hassle for many people, so I’m looking into other options, hopefully sometime in the future. No worries.
Whatsupp Sven, thanksfor your clear post. I was looking and searching for a post like this, cause i didnt feel confortable just downloading a VPN without being 100% certain, government aint watching with me, or hackers/phisers, checking my steps and watching my passwords/bankloggs/account details. Im from the Netherlands and i found a dutch VPN company named GOOSEvpn. Please check it out and reply me if this is one is ok or not… awaiting your reply. And keep up your good work👍🏻 thanks!
Hi, I have not had time to test it, but it looks OK. You can always test it yourself – see the VPN test guide.
What about whoer vpn?
Sven,
and to whom this can apply to,
I’ve been using SECURE VPN by “HOTSPOT VPN”, X-VPN and also LANTERN which claims “Better than a Vpn” whatever that means, for a few months, speed for these are exceptionally fast but I’m worried about their privacy policies and if any information anyone can add on these further … thx.. 🙂 any info dug up is appreciated, thx
It seems like FastestVPN(.com) is also affiliated with PureVPN/Ivacy:
https://support.fastestvpn.com/vpn-servers
PureVPN: hostname.pointtoserver.com
Ivacy: hostname.dns2use.com
FastestVPN: hostname.jumptoserver.com
Hi Sven, thanks for the helpful post. I wanted to ask a couple questions tho. Do you think that investing in a vpn service that you would have to pay for is worth it if you could just find a legit free vpn service instead? Also, have you ever heard or tried Thunder VPN? If so, what do you think of it? Thanks again for looking out for us.
Sven what about Aloha browser’s VPN. i cant find its review but i did find this claim on this webpage:
According to the developer, Aloha doesn’t log user’s browsing activities
[http://bestappsguru.com/aloha-browser-review/]
Avoid.
What about Turbo VPN ? Is it safe to use ?
Nope.
what about cvpn.com, are they ok? (spying on costumers, hard to say yes or no to that probably) are they ok enough, thx
Please to cover Hexatech free VPN app too that betternet has put out as a replacement.
Usually i ignore spam but the subject line contained an actual password for an inactive affiliate account.
As i use completely different passwords for everything, it was very easy to identify which account was compromised.
The login data was for my TorrentPrivacy VPN affiliate account which is not longer in use. In the past i had an affiliate account at TorrentPrivacy where i earned commission for referred customers.
No harm is done as i don’t use TorrentPrivacy’s VPN service and the login data is only valid for an expired TorrentPrivacy affiliate account. But others that don’t use different passwords for different services may not be so lucky.
It makes me wonder:
Was TorrentPrivacy hacked by an external party?
Did a TorrentPrivacy employee/contractor leak/sell the data?
Other scenarios?
The message is an obvious attempt to extort the recipient through fake threaths. A copy of the message can be read underneath this post.
Copy of the message (actual email addresses, passwords and BTC wallets redacted):
[https://vpnservice.nl/blog/torrentprivacy-vpn-datalek/]
Doesn’t matter, if it goes through your isp’s backbone you can mask, hide and play chicken all you want. Unless you practically own the internet grid as a whole and can say with 99% certainty no one is looking over your shoulder, chances are your being spied on. The FBI can crack down on dark web users no matter how annonymous Tor allows you to be. Let that sink in a little now imagine the garuntees issued by VPN’s, even if the service can garuntee a one to one no logs kept policy. It says little to nothing about the services they use, the isp’s they get their connection from. A VPN is not a silver bullet, it can mask your real ip from other idiots on the web. Nothing else, a national state has full access to what and who is going in and out of the system. Realise that to any agency the task of hide and seek is a game they invented, they have been in that game a lot longer than we have. That also translates to they have access to tools and secrets not found in the public domain. In 1990 US was illegally tapping its own citizens and we discover this fifteen years down the road only because someone Snowden made it public, now imagine what you think you know about VPN’s and what any state wouldn’t want you to know.
Is unblockr from the uk safe?
what about hidester.com? as they’re based in hongkong. Could you please check? Thanks
Another brand new VPN that appears to be a from a team in Pakistan. I’d avoid.
Like hide.me, OctaneVPN has been around a long time but no review. Granted, they don’t have a high commission or affiliate base like the VPN providers you promote, but they’re quite popular and claim to have no logs whatsoever. We would like to see reviews of them. Thank you.
It’s tough given that there are over 300 VPNs… Just keeping the existing reviews somewhat up to date to reflect changes with the VPN is quite time consuming, but I’ll keep these in mind.
What happened to VPNArea? It used to be on your recommended list. I was considering switching because it’s cheaper than Perfect Privacy and I need port forwarding.
Hi Al, VPNArea is still a solid choice. They’re going to be releasing new apps soon, at which point I will test them, update the VPNArea review, and then consider adding them back to the best VPN list.
Have you tested or have any information regarding the KASPERSKY VPN? Thank you for looking out for us poor lost souls in cyber space.
Hi Elithe, no I have not tested it out, but I do have a VPN test guide that explains the procedures.
Hi, could you test if Hi VPN by Hi Security Labs is safe?
Hi Reesa, well there is very little information about “Hi Security Lab” – other than a pre-packaged website with some stock photos, and links to their free apps. So that’s a big red flag. You could run it through these VPN leak tests to check for issues, but I’m of the opinion that if something is free, then you are the product.
Have you tested Avira Phanthom VPN? It offers 500MB of free data, so that’s better than the unlimited bandwidth free VPN.
No not yet.
is VPN 360 safe? can you please test it? im really worried
Yes I hope to review and test it in the coming months. In the meantime, you could also test the VPN.
What about F-Secure Freedome vpn ?
Hi Mari, I have not yet tested that VPN.
What about orbot?
Well, this looks like it uses the Tor network, which probably means it is slow. I have not tested it, however.
Melon seems to have good reviews 4.8 and passed all leak protocols but cannot confirm if it passes malware , viruses and thirdparty stuff can you confirm.
its a freeapp
I do see a VPN Melon in the Play store, but I’ve never tested it. These free VPN Android apps are popping up every week. Given that the study mentioned in the article found that 84% of these apps will leak your IP address and 38% contain malware, I would recommend deleting it from your Android device.
Check out the free VPN guide for more information.
TLDR: when something is free, you are the product.
Much appreciated, i deleted it and went with your advise. i also been getting lots of fraud phone calls since i dloaded Melon. i deleted it and coincidently the calls stoped?? Thank you i am subscribing to your blogs A+.
Thanks for the great article .. How about nord vpn / tunnel bear/turbo vpn … And i think melon vpn and inf vpn also malware but they are super fast …. I personally using tunnel bear and Kaspersky vpn …
Hi Sa, I haven’t tested all the VPNs you mentioned, but I do have reviews up for NordVPN (review) and TunnelBear (review).
I just started using NordVPN which was on a “trusted” list. Any experience with that?
The NordVPN review is here.
Hi
how about Windscribe VPN? is that Good?
and I am using Double Hop
thx
Hi Nev, see the Windscribe review.
whats your take on vpn360 ?
Hi s8r, I have not yet tested it, but will probably do so in the coming months.
Hi, Thank you for the informative article.
Could you tell us anything about Digibit VPN please? Much appreciated.
Hi Dan, sorry I’m not familiar with Digibit VPN.
It’s this one.
https://digibitdesign.com/vpn/
Hotspot Shield VPN
Last time I checked(3 years or so) Hotspot Shield leaked my real IP.
I found this issue and reported it to Anchorfree about 10 years ago but they had never responded and never seemed to have addressed it.
I am not a very techies person, but I observed that it installed some ad injection proxy and the Tap adapter behaved strangely. I went to HTTPS IF check site like https://www.whatismyip.com/ and it revealed my real IP. (It was OK at http://www.whatismyip.com/, though.)
I tested the ad-free Elite version, but the result was the same. Plus, it didn’t allow my own anti IP/DNS leak script and firewall protection!
Since I had this issue on different PCs and OSes(XP, 8, and 10), I am sure I shouldn’t be the only one who had this issue.
Could you tell me more about turbo vpn. Is it secure and safe? New to vpns need to know if its a good idea to keep it.
Hi Ryan, I have not yet tested TurboVPN, but doing a quick search I see nearly ten different “turbo VPN” variations on the google play store for Android. Many of these free VPNs are malicious and will collect and sell your data. See for example the VPN Master article when I tested a few of the different “VPN Master” apps from the Google play store.
Thank you for all the hard work, giving us a place to find honest up to date information. I would like to know your opinion on hide.me vpn, its free but you can buy the paid version. If you could suggest a good “budget friendly” vpn, if there is such a thing! Thanks.
Hi ABradford, unfortunately I have not yet gotten to Hide.me for a review – but hopefully in the coming months. However, I just took a quick look and with the free plan you only get 2 GB, which anyone would burn through pretty quickly. Then you are back to the drawing board with a paid VPN. The yearly rate of Hide.me is $4.99 per month. Here are a few VPNs that are cheaper:
VPNArea (review) – $4.92 per month
VPN.ac (review) – $4.80 per month
VyprVPN (review) – $3.75 per month
What is your opinion on airvpn?
I tried it out a few years ago – seems to be a decent service.
Ciao Jones mi fai una recensione su IVPN grazie
On my windows I use freevpn.me, does that have any viruses, also what is a good vpn for mac (preferably free) because every vpn I was looking at is on this list
Hi Rose, I haven’t tested that one yet. See the VPNs for Mac OS guide for more info.
I’ll have to agree and say thanks for posting this list. Although after trying and testing what is probably 200 or so VPN’s at this point I’d say there are a few free ones that I and many others have yet to see any real faults in. TunnelBear, Windscribe, and of course good ole OpenVPN. Currently I’m also testing TurboVPN on an Android device. There is logging however I’m not sure how deep yet. The apps don’t require any permissions at all but I’ve got my suspicions. What do you think?
Hi MPH, I’m not sure about TurboVPN as I have not tested it. Regarding Windscribe and TunnelBear – I would agree. They use the “freemium” business model. In other words, they give you a free sample with limited bandwidth, in the hopes that you upgrade to a paid plan. This is different from the unlimited free VPNs that typically collect and sell user data. I hope to have reviews of both Windscribe and Tunnelbear done in the coming months. Thanks for the feedback.
I would wait for teh windscribe review. Thanks
Windscribe is the next VPN on the list. I should be done with a review in the next week or so.
I use Windscribe and can you that it’s very throttled. Curious about the safetey of the service as well. They give me 15 gigs a month free, and I wonder after reading this article if they can be trusted.
Just released: Windscribe Review. Overall, it’s not too bad for a free VPN (limited to 10 GB per month), but also not great when compared to other paid VPNs.
Thank you for those information Sir! How about the Psiphon? 🙂
What about the free: https://saveyourprivacy.net/vpn-service ? They just offer the .ovpn file to be used with any OpenVPN application.
(well, they do accept donations but no extra benefits, and if the information is correct they just received 20 euros since 2015 plus one offer of co-location of their hosting company in 2015).
I would generally avoid free VPNs due to all of the known risks.
I agree, they even use the same server for a ONION exit server!
That means that all web sites that use any sort of protection will flag that traffic as being dangerous (I’m talking to you Cloudflare). Some sites don’t work at all (Yahoo is an example).
I contact them and they say that is on purpose, because they don’t maintain logs but the ISP could be force to give police the logs… this way not even the ISP can know if it was from the VPN or from the Onion network that the request came from.
They can be lying but at least seems a good model for some honest provider to be able to really protect their users.
AVG Secure VPN (only for PC’s) not on either of your list (as you said to many coming out to keep up with) but what’s scary I read today they took over HMA and they on your Warning list.
Hi Eden, yes that is correct, AVG bought out HMA in 2015.
I installed Cyberghost app and have used it for premium plus. When I scanned the app by Virustotal app today, malicious contents were not founded in the Cyberghost app.
How about VPN Robot?
https://play.google.com/store/apps/details?id=free.vpn.unblock.proxy.freenetvpn
I would personally consider any free VPN as dangerous and possibly malicious. But I have not tested it – there are so many VPN apps coming out, it’s impossible to stay on top of it all.
Excellent article sir! I was navigating the world of VPN’s, and selected ExpressVPN
(of course, on your ‘bad list’) and it totally SUCKED and so did the support, which was even worse with their “cue card responses” (those drive me absolutely NUTS!). At any rate, found this to be extremely eye opening and informative, thank you very much for such an insightful article. (And looking out for our collective asses! :))
Hi Christopher, thanks for the feedback! I too have been very critical of ExpressVPN in the past, but they have recently made some major changes to their website, including being more transparent about their policies (no more contradictory claims about logs) and servers (clarified the exact location of every server). So it does appear they are moving in the right direct 🙂
Would like to know if F-Secure Freedome vpn is safe or not?
Have you tried it?!
Cheers
https://campaigns.f-secure.com/freedome/sem/en_US/ls/
Hi Jones, not yet – it’s on the ever-expanding to-do list 🙂
As Jones I would like to know your opinion/test about F-secure freedome.
You are doing an incredible job, thank you very much for all the knowledge. Your web is amazing Sven.
hey can you tell me something about riseup VPN , is that safe or not ?
Hi Truff, seems like a good project (email) but I haven’t tried the VPN.
yes Sven , i too , but now I’m trying to use their VPN cuz they are providing it for free , also in their privacy policy they state that they don’t sell or use the info stored for profit , can you please have a look at their VPN services , you might be able to tell me better , i.e , to which extent its good . also I’m using Proton mail VPN , i think its better than all the other free available in market , I’ll be more thankful if you don’t mind sharing your views on this too .
Hi truff, Overall ProtonVPN did not do too well in testing. Here is the ProtonVPN review.
Hey , Thank you Sven , i too had same issues while using proton VPN , Thanks a lot now i know more about services , also can you review my other querry about Riseup VPN , it will be of great help .
check this
https://www.joesandbox.com/analysis/205848/0/html
Hey Sven. I know that the google triangle app (https://play.google.com/store/apps/details?id=com.google.android.apps.freighter&hl=en) connects you to a vpn whenever you’re on data. Is that secure?
Hi Ofek, in general free VPN apps are dangerous to use because they often collect and sell your data. That’s the business model – offer a free product and monetize the user.
As the saying goes, if it’s free, then you are the product. See the free VPNs guide for more info on this topic.
Thanks sir. It was really informative.
Okay, you state: But what’s even worse, when you go online to find the “best VPN” or “top VPNs” or “VPN comparisons” you’ll end up even more confused. That’s because there are armies of paid shills who are making lots of money promoting low-quality VPNs..
But then at the top of this page you have your own “Best VPNs..” list. Why is yours different? Are you a paid shill?
Good point Ray. I clarify these points in the Mission statement. But to answer your question, absolutely not – we don’t do any “shilling” around here: no paid ads, no paid reviews, no paid rankings. See the mission statement for more details.
hello.I have read the list.
and I have a question.Cyberghost app is a malcious in this article.
Cyberghost is also not good on windowsOS ?
Hi, CyberGhost may have fixed these issues. I will be reviewing their service in the next month or so and running new tests.
Is the iTunes app X-VPN a scam proxy & wifi security protection
I’ve never heard of it, but if it’s free, they are most likely collecting and selling your data.
I caught HMA red handed
https://m.facebook.com/HMA-BSVPN-127045444580873
Hi, thank you very much for all your work. I know you must be getting lots of requests but could you review ProtonVPN? I am especially interested as they also have a free-tier for their services and could potentially be an option for everyone who cannot really afford paying for a VPN at the moment.
However, as you mentioned, I am very cautious of any free providers…
360:turbo VPN from 360 total security a free VPN with the security program For Windows only have you done tests on this VPN
Hi John, it looks like the parent company is Qiho 360, which is based out of Hong Kong. When you read their Privacy Policy you find that they are collecting all of the websites you visit, device information, and personal information as well. So from a privacy perspective, I would avoid all of the products from Qiho 360.
What about Tunnelbear VPN!
Hi, I have not yet reviewed or tested Tunnelbear, so I don’t have anything to say on their services. Too many VPNs, not enough time.
My top recommendation is Perfect Privacy.
Regarding VPNSecure, the word “mass” is not in the research paper. You need to adjust your qoute slightly (or at least remove that word). The actual qoute is “IPv6 and
DNS leaks can ease user monitoring and censorship. Consequently,
VPN apps like HideMyAss and VPNSecure which
claim to provide security and anonymity are not effective
against surveillance and malicious agents.”
Hi, thanks for that information – the quote has now been updated.
Brilliant article – many thanks. Finally a VPN review site that I can trust instead of all those ones created by VPN providers that are just baitware.
I recently signed up with VPNArea which I’m glad wasn’t mentioned above – they seem to be very good so far with great speeds, no leaks and a “kill switch” that actually works. I dumped PureVPN (after two years) after recently getting the same issues as you report above: poor speeds, unable to connect to many (sometimes *any*) servers and massive DNS leaks. This has only started recently so something has changed for the worse somewhere. I think they have too many members now and have not kept up with adding new servers or capacity as they used to be really good (DNS leaks aside).
Btw, I only use Firefox when browsing risky, banned or P2P sites as it supposedly does not have WebRTC at all. Chrome is the worst as even turning it off doesn’t work and with IE you can’t turn it off at all.
Hi Mike, thanks, I definitely agree with your suspicion about PureVPN and overloaded servers.
Regarding Firefox, it does utilize WebRTC. But you can disable it in Firefox, see here. Another option is to utilize the Tor browser (which is a hardened version of Firefox) with Tor disabled. This will also help protect you from browser fingerprinting, tracking, and other threats. See steps 10 and 11 here.
hello sven can you please tellme what you think about IPvanish:
https://www.ipvanish.com/
It’s a decent provider. They are running a Black Friday / Cyber Monday sale for the next few days I believe.
what about 1.1.1.1 dns app says i am connected to VPN
or dashlane has vpn can you do a review for dashlane vpn?
Read about browser fingeprinting: https://kameleo.io/learn-more-about-kameleo/
The solution is not to block it but is to “wear a mask”. You will understand it more.
If you need more information or interested drop me a message
Good list. You should also look into Total VPN. They should probably be here too. thanks for the info