Can I let you in on a little secret?
When it comes to protecting your privacy, most VPNs fail.
Many popular, highly-rated VPN services will leak your IP address or DNS requests, thereby exposing your data to third parties. But there are even bigger problems. Some VPNs will infect your computer with malware, install hidden tracking libraries on your devices, steal your private information, leave your data exposed to third parties, and even steal your bandwidth.
As you will see below, many of the popular VPNs are not safe to use – especially if you are using a VPN to protect your privacy online.
VPNs can look perfect on the surface, yet still be an absolute privacy and security disaster when you take a closer look.
To combat the growing confusion and deception in the VPN market, we created the VPN Warning List (which is a work in progress). This warning list contains information that I personally find to be troubling with various VPNs and the overall VPN market.
Disclaimer: This list does not necessarily reflect the latest information on every VPN service and/or app. VPNs are constantly updating their software, however, a history of bad practices may be a sign of trouble. You can decide for yourself. Everything on this list is based on information that is well sourced and freely available online.
VPN Warning List
VPNs located in 5 Eyes countries
Always consider the legal jurisdiction of your VPN provider. The following five countries are working together in an alliance to collect, share, and analyze mass surveillance data: United States, United Kingdom, Australia, Canada, and New Zealand.
Betternet
In reviewing and testing Betternet, I found a number of alarming items, such as Betternet giving third parties access to your data that’s collected through their VPN. An academic research paper listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps. They were also busted for embedding 14 different third-party tracking libraries into their Android VPN app, while promising users “privacy and security”. We have all the details in our Betternet review.
Fake VPNs
With the growing interest in VPNs, there are even fake VPNs services popping up. When I say “fake” what I mean is that there are no servers, no software, and no VPN – instead it’s just someone trying to steal your money while pretending to be a VPN. One example of this was MySafeVPN, which was sending out scam emails and defrauding customers who paid money, expecting there to be an actual VPN service.
Free VPN Apps for Android and iOS
In general, you should be cautious when downloading any VPN app on your mobile device. A study of Android VPN apps found that 84% will leak your IP address, 82% will attempt to access your sensitive data, 75% utilize third-party tracking, 38% contain malware, and 18% don’t even encrypt your data (leaving you completely exposed). But this is no surprise. Over the years all kinds of apps have proven to be a security and privacy nightmare, for both Android and iOS. We also have a guide on how to secure your Android device.
Free VPNs in general
Free VPN services have proven to be a privacy and security disaster. Free VPNs make money by recording and selling your data, hitting you with ads, and/or redirecting your browser to e-commerce and third-party websites. Many of the most popular free VPNs in the Google and Apple stores are loaded with malware. As the saying goes, “If something is free, then you are the product.” (See the Free VPNs guide for a discussion on the dangers and risks of free VPNs.)
Hide My Ass (HMA VPN)
Hide My Ass (HMA VPN) is a based in the United Kingdom – which is a bad location for privacy due to mandatory data retention and mass surveillance. Making matters worse, HMA has a troubling history of turning over customer data to law enforcement agencies around the world. (We cover this more in the HideMyAss HMA VPN review.)
Hola VPN
Hola VPN was caught stealing user bandwidth and fraudulently reselling it through their sister company Luminati. Hola users act as endpoints for the entire network. This means other people are using your bandwidth and IP address when you use Hola, and you can be busted for their activities. (This is also discussed in the Free VPNs guide.)
Hotspot Shield VPN
Hotspot Shield VPN was directly identified in an academic paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. Furthermore, analysis of Hotspot Shield VPN’s source code revealed they “actively use more than 5 different third-party tracking libraries.” They were also found to be redirecting user traffic to e-commerce domains, such as alibaba.com and eBay.com through partner networks – see the details here.
Additionally, Hotspot Shield has also been in the news because their VPN was found to leave users vulnerable to having their location exposed. Hotspot said they are working on a fix. See our Hotspot Shield VPN review for more info.
Ivacy VPN
Ivacy is a Hong Kong VPN provider that has some troubling issues. Their refund policy previously limited you to 500 MB of bandwidth and 30 sessions. Some bloggers have also accused Ivacy of falsifying their VPN server locations, meaning that you’re not getting the locations you paid for. Many people believe that Ivacy and PureVPN are under the same company and using the same network infrastructure.
Opera “Free VPN”
Opera’s browser now includes what it calls a “free VPN” which they say is “better for online privacy” (see here). First, this is not a VPN at all. Security experts have shown that this is just a web proxy, which uses API requests. Second, Opera’s privacy policies include statements about data collection (including usage data) and how this is shared with third parties (see here). Check out our Opera VPN review for more info.
PureVPN
Our PureVPN review uncovered many problems. In previous testing, we have identified IPv6 leaks, IPv4 leaks, and DNS leaks with their VPN applications. PureVPN was also caught handing over customer data to the FBI (US authorities) despite claiming to have a “zero log policy”.
VPN Master
There are many free VPNs offered in the Google Play or Apple stores using variations of the “VPN Master” name. Through testing I have found that these VPN Master apps are full of dangerous malware, despite having high ratings and millions of users. I even found that one of these free VPN apps called “VPN Master Free unlimed proxy” (sic) is owned and operated by a Chinese data collection company called TalkingData.
VPNSecure
VPNSecure is based in Australia – a 5 eyes country that is not good for privacy. VPNSecure was also identified in an academic paper for leaking IPv6 and DNS requests, which leaves its users exposed to “surveillance and malicious agents.” The same paper also noted that VPNSecure has a number of egress points in residential ISPs. This suggests that users are unknowingly being used as endpoints in a P2P-like bandwidth network – i.e. user bandwidth is being stolen (although the paper could not confirm this). (See here for more info.)
Windscribe
Windscribe is a new addition to this list. It was found to be leaving overseas servers completely unencrypted, which is a very foolish practice that leaves Windscribe users exposed. In July 2021, news broke that Ukrainian authorities seized Windscribe servers, which were left unencrypted. This gave the police Windscribe’s private key, which could potentially allow them to decrypt VPN traffic.
Windscribe admitted that it was not following “industry best practices” and vowed to correct the situation and properly secure their servers. But the damage has been done. See our article on the Windscribe security incident for details.
Conclusion: Use a safe and reliable VPN service
This list illustrates one fact that’s often repeated on this site: using no VPN is better than using a bad VPN.
Even if you didn’t find your VPN on this Warning List, be careful. Many popular and highly-rated VPNs have problems, such as IP leaks and non-working features. That’s why we recommend testing your VPN regularly for any leaks or problems. In fact, we have a VPN test guide to help you do just that.
It’s also worth noting that some VPNs may not work in certain areas. For example, in both China and the United Arab Emirates, the internet is heavily restricted and censored, while most VPNs are also blocked. There are certain VPNs that can get around these blocks, however, by using obfuscation techniques. We discuss this more in our guide on the best VPNs for UAE and Dubai.
The best VPN services
We also have a guide on the best VPN services here.
These are the VPNs that performed well in all of our tests, and are located is safe jurisdictions (outside of the 5 Eyes). Below is a table that includes our top picks.
Note: The top two recommended VPNs in the table below (NordVPN and Surfshark) also offer VPN ad blocking features. This will allow you to easily block advertisements and trackers directly in the VPN app. Check out the link to the website or read our VPN reviews linked below for additional info and test results.
Stay safe and secure online.
I dont see any mention of Mullvad on your site unless i missed it, would love to see a Nord Vs Mullvad comparison especially now mozilla are rolling out with Mullvad.
We recommend Mullvad in our WireGuard VPN guide, but have not tested it for a full review. But from what we have seen, it’s a good service.
Thanks ;
I think no VPN is safe , Linux system + Tor browser is the best choice.
Any opinion on Cyber Ghost ? Free or paid version.
Not recommended. See the CyberGhost review here.
Thanks for the warning. You confirmed my suspicions.
What’s your guidance on “watchnewslive.tv/vpn”?
What about VPNs that promise to unblock “any site or app” (mostly to get free TV streaming which block other VPNs), like VPN Epple? I was bemoaning my wish that BBC would allow us to pay for legit streaming of iplayer (internationally) and a stranger recommended the above but just the name makes me think it’s a scam app.
Yes you will find that even high-quality paid VPNs can have troubles unblocking some websites. So the claim to unblock “any site or app” is a false promise and you are correct.
I have Nord for my VPN. I feel it is good. Question: Why do I still get hammered with ads on various website? Shouldn’t my VPN stop this???
A VPN is usually a separate tool from an ad blocker. But with NordVPN, they do have a feature called CyberSec that will block ads and trackers. Simply go into the NordVPN settings on your app and click to enable CyberSec.
There is more information on NordVPN and the CyberSec feature on their website.
Does nord vpn work in the uae
Is a AVG’s VPN any good?
Here is the AVG VPN review.
i use PIA (Private Internet Access) VPN and since using it i was recently hacked woke up with apps open all over my desktop and my vpns log file settings open. . now since then ive been getting a lot of *your card was used in store, but declined for your protection* or scam emails from family. even worse stuff.
i never have been hacked in my life since im a network engineer and when it comes to VPN’s they are all on the suspicion list bo matter who they are. you just never know.
I have a question, do you know if FineVPN is safe?
Is Psiphon is safe?
I didn’t see AdGuard APK in the list, because as you AdGuard is an ad blocker plus a built-in VPN, its very popular app for it’s functionality.
Therefore i am wondering how come you didn’t mention it, i have the full version so what’s your suggestions,, keep ir not?
Thank you
is hide.me VPN safe? I didn’t found any article about hide.me on your website
We have not yet reviewed Hide.me, but may do so in the future.
If you get back to VPN’s, I would be intererested in Hide.me, as well. I switched from Windscribe to Hide.me after finding info similar to what you mention here. Now, I’m getting a suspicious sense about Hide.me, mostly because of a somewhat disorganized-seeming dashboard/backend, and many support info. links from said dashboard to Hide.me web pages that haven’t been updated in three or more years. Thanks very much for all the work you do!!
Ufo vpn and many others leaked data. Write it down here
is SkyVPN safe? (SkyVPN is available for Windows, Mac OS, iOS and Android)
im using it on Windows
Even though it is based in Hong Kong (which is good for privacy) SkyVPN’s privacy policy and ToU state that the VPN collects logs and bans torrenting and file sharing on American, British, Canadian, and French servers. It also collects data for advertising.
“The “no logs” claim is for the VPN service itself, to include all infrastructure (VPN servers, DNS Servers, …). A few VPNs have undergone audits that verified these claims, as discussed here.”
OK, its clear in case of those audited services. What about those which don’t have own DNS servers, like that Swedish VPN which is using an US registered company DNS server…..?
> like that Swedish VPN which is using an US registered company DNS server
I’m not sure what you are talking about here. What Swedish VPN? Reputable VPNs have their own DNS servers (that do not log).
Hello,
Is ZenMate Free VPN, safe to add to chrome extension and use it for banking purpose ?
Probably not a good idea. ZenMate was purchased by a company that has a history of producing malware. More background info here.
During last year or so 99,9% of VPN providers started to claim that they are not logging at all, but how log free are their DNS servers? Seems that nobody exactly knows when the DNS request is made. It is made with the original IP address before the IP is switched in the VPN server or after the switch??? If the first alternative is true, the VPN providers can log absolutely everything on DNS without lying to customers as no logs are kept on VPN servers.
The “no logs” claim is for the VPN service itself, to include all infrastructure (VPN servers, DNS Servers, …). A few VPNs have undergone audits that verified these claims, as discussed here.
Hey what do know about Gaurdian VPN? Are they reliable?
Https? I find your cited sources of “an academic paper” leaving a little to be desired. Of course the government can and will spy on people. That’s not even something they deny. It’s a f’d up world and it takes things most people can’t stomach to keep this country free. I believe in privacy but I am a realist. There are factions domestic and abroad that seek to end your life let alone your internet. It’s a scumbag business practice to sell off data to deceptively make a dollar. It’s real life to gather intelligence against threats to our lives and freedom. Look tin foil hat guy, do you really think a room full of trained killers gives a shit you ordered a mushroom spore kit and looked at some bootleg star wars crap. I got a half a brick of bam bam in my desk right now. Ain’t nobody giving that a second thought. Well a few maybe on night ops wishing they had a pick me up. And who are the ISP snoop dogs that nobody ever names or has a case in point. I don’t think att cares I watch pornhub nor will use that to extort my hundreds of dollars in fortune. If someone is watching childpornhub your goddamn right I will infringe on you or anyone else to save exploited children. I’m not going to remember you for 20 seconds because you are not important. I dont care if you have 2lbs of weed, torrent every song on earth and have a hidden time machine. For the love if god do you even know how we scan for Arabic threats.. We use a language syntax technique we learned from dolphins. We dont speak Arabic but learn what a pissed off one sounds like and that’s the whole concept of chatter. Look the real real is, you cannot stop our military and Intel organizations even if you want. Never.. the recruit the smartest people on the planet, have unlimited resources, and can make you accidentally kill yourself. Rest easy birchenstock fan. The whatever the dumbass name is watching eye 17 or whatever are not interested in you. And are probably the ones that invented your elusive vpn scrambler. Let’s see yep..the us navy and DARPA’s thing about onions. Omm. Tor network. Yeah we made that. These people die to keep pacifist douchebags alive that do nothing but talk shit. You might just suck it up because you aren’t gonna like Communist rule are Muslum Law much. Change your perspective and realize that you a blessed to live in a Country this great.
P.S I like the blue shutters better than the green you looked at online. Bwahhhaaahaaa (ftw)
First off I’m a computer”Idiot”. The free VPN I’ve used or all on your list, and so are the paid VPN I’ve used. Using Windscribe VPN monthly service now. Got anything on them, definitely like to read. Is there a VPN service that you would refer(and I don’t care if they pay you as long as its trustworthy) to someone that only use it for Android phone and basically website surfing like YouTube, video apps, reading articles and using Mint browser and downloader? And to Mr.Sven for the articles and reader’s for theirs questions. Complete RESPECT to y’all!
Hi Adder, Windscribe is a pretty decent VPN service compared to the ones on the list. Here’s the Windscribe review.