When you aren’t so sure about the benefits of using a VPN, a free VPN seems like an extremely tempting offer. Who knows, if you enjoyed the free service, you’ll dish out for a premium one. Unfortunately, things are never that simple – choosing any old VPN just because it’s “free” might end up costing you exponentially more than a month’s fee. Here’s why.
1. Free VPNs Can Sell Your Data
One of the primary uses for VPNs is to encrypt (i.e. obfuscate) your data to keep it from falling into the hands of greedy ISPs, government surveillance, or just your regular hacker. And then you find out that a lot of free VPN providers sell your data to third-parties instead. Some of the bigger names include Hola and Betternet with 152 million and 38 million users, respectively.
But “selling your data” sounds kind of nebulous, doesn’t it? Well, just to clear things up, here’s the kind of data that’s being sold:
- Your browsing history
- What apps you use (especially if they’re “always online” games, have auto-updates enabled, or anything else that involves network data)
- Since your provider most likely logs your IP address, they also have your location data
As Avira points out, this practice isn’t even illegal, as free VPN providers (usually) specify when they collect and share your data with their “affiliates.” Never mind that these affiliates are not specifically named most of the time. By using their services, you basically agree to their privacy policy – so always check the fine print of what you’re agreeing to.
2. Aggressive Advertising Practices
“Time is money” as they say, and ads already waste enough of your time (unless you use a good ad-blocker, that is) without adding more to the fray. VPNs, like any service, require money to operate – maintaining servers, paying employees, and so on.
Free VPNs just so happen to share your valuable data or use advertising to pay for those costs. The problem, as specified in the previous point, is that you never know who these advertisers that track your data are. Betternet is one of the more egregious examples – with 14 tracking libraries discovered in their Android app by a CSIRO study.
Moreover, it’s in these providers’ and advertisers’ best interest for you to look at their ads as much as possible, preferably click them as well. So it’s not uncommon for your network speed to suffer just so the ads can load faster - another time-waster and we still haven’t gotten to the worst parts yet.
3. Free VPNS Can Contain Malware
The same CSIRO study that identified the multiple ad tracking libraries in various VPN clients also determined that 38% of free VPNs on the Google Play Store had at least one type of malware embedded in their code.
Apple didn’t seem to do much better. They promised to strengthen the App Store Review Guidelines in June 2019, and indeed removed some of the offending apps. Still, Entrepreneur reports that 80% of the top 20 free VPNs on the App Store still don’t follow Apple’s guidelines. Neither Google nor Apple has commented on the issue affecting their stores, and in fact some of these VPNs appear to have increased in popularity.
But let’s return to malware. While there are nearly a billion strains out there with varying behaviors, the top 3 malware signatures found by CSIRO correspond to:
- Adware (43%)
- Trojans (29%)
- Malvertising (17%)
Now adware (ad-supported software) is not always harmful and can return a false positive in an anti-malware scan. But as shown in the previous point, alerts were probably triggered because adware tends to send local data to unknown third parties. This is definitely the case for Trojans, some of which can even take full control of your device and steal your sensitive info (e.g. payment data, logins, passwords).
As for malvertising (malicious scripts that can hide in adverts), just look at how it affected users of the BBC, New York Times, and others in 2016. For reference, the ads didn’t even need to be clicked; yet entire hard drives were still locked behind a ransom.
4. Become Part of a Botnet
A botnet is a series of “slave” computers and other devices that are connected to one “master” computer, usually for malicious purposes, such as:
- DDoS attacks
- Sending spam emails
- Monitoring and stealing network traffic
Devices that are part of a botnet are usually infected with malware, though botnets can also take other forms. Take the case of the Hola free VPN, that also sold its users’ bandwidth for up to $20/ GB through its undisclosed “Luminati” service.
The other issue with Hola is that it was a “peer-to-peer” VPN which basically means users browsed the Internet through someone else’s connection. This could pose serious issues if your “counterpart(s)” was involved in any illegal online activity, as all of it would be traced back to you.
Are All Free VPNs Bad?
While the majority of free VPNs are – well, you’ve seen what they’re capable of doing – there are some outliers who just want to run a respectable business. Take ProtonVPN, for example; a creation from the providers of Swiss encrypted email service ProtonMail.
Not only does it not run any ads (meaning no hidden ad tracking libraries to worry about), but it doesn’t encumber its users with data caps either. Obviously, the free service will be limited in scope (only several servers available vs. the many on the paid plan, meaning much slower speeds and location options for free users).
Of course, there are several others that have made a name for themselves in this less than stellar business venture. According to ProPrivacy, these free VPNs are ones you can rely on to not compromise your data, blast you with intrusive advertising, and so on. Though remember: the limitations of these services (small data caps especially) mean they are only useful for light browsing.