Are free VPNs safe and can they be trusted?

With greater concern about online privacy and cybersecurity, both individuals and small businesses have adopted them in greater usage. In fact for 2018, VPN usage is up exponentially at a rate of 165% compared to the year prior. Globally, 25% of internet users are deploying a VPN, with the most common use case scenario to access entertainment content, such as Netflix. 

A barrier to VPN entry for many is that most VPN services have a cost. This causes penny pinching folks to forgo the VPN that would provide protection from hacking attempts, and afford them a higher level of privacy online, despite the otherwise modest cost

In an effort to include these folks, over the last few years, a new category of VPN service has cropped up, specifically the free VPN service. They generally have significant downsides compared to their paid stablemates, such as low monthly limitations on data, lower throughput speeds that make video streaming downright painful, and user restrictions to a low number of devices. The service also tends to be spotty, with either intermittent outages, or essentially does not work. 

Despite these shortcomings, some folks do persist in using them, and have luck with free tier offerings from the likes of HotSpot Shield, TunnelBear, WindScribe, and the Opera browser with its integrated VPN offering (although with the last offering our experience differs). 

While the progressive Opera browser has an integrated free VPN, we have noticed that it has not been able to make the connection to initiate the encrypted tunnel over the last several months (Image Credit: TechRadar)

This raises the question of if these free VPN’s are even safe, and can they be trusted with your data? After all, if the point of using a VPN is to take control of your privacy, than why we would trust your personal information to the bottom basement, lowest bidder? Also, these companies are not generally altruistic, and they need to squeeze a profit from somewhere. This goes back to that phrase “If You're Not Paying For It, You Become The Product,” raising the concern that a free VPN will have no incentive to protect your privacy, and sell your data to the highest bidder.

Hola Free VPN is just one of many free VPNs that has gained public attention recently for being unsafe (Image Credit: Hola)

Say goodbye to Hola

A good example of this is the Hola Free VPN. Rather than building out a network of servers to host the service, Hola created a “peer to peer” VPN, with each user potentially acting as a node, with other users traffic going through your smartphone, although Hola reassured users “The amount of traffic that Hola passes through a peer on its network per day on average is less than a 20 second YouTube clip,” estimated to be about 5 MB’s.  

Hola claims that this practice keeps the cost down, but this immediately raises the concern that another Hola user’s illegal activity could be sharing your IP Address and bandwidth. In fact, subsequent research by security firm Trend Micro showed that not only were Hola users being used for Hola VPN nodes, but sneakily, were simultaneously being used as nodes for a commercial VPN, Luminati. On top of that, HolaVPN users could be incorporated by cybercriminals into a botnet attack. And yet, despite these serious issues, Hola Free VPN soldiers on for the unsuspecting, claiming over 184 million users.

The hidden free VPN secret

Now experience with one lousy VPN should not taint all free VPN’s. However, when the issue of free VPN’s, specifically for the Android platform has been studied, the results are more than concerning. Published in the Proceedings of the 2016 Internet Measurement Conference, the article “An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps brings up some serious issues. After all, a VPN service is in a unique position to inspect a user’s traffic. With researchers studying 283 VPN’s, it was found that 38% of them contain some type of malware, including adware, trojan,

malvertising, riskware and spyware. If this was not concerning enough, what is even scarier is that users are not aware of the security risk with this paper going on to point out that “Only less than 1% of the negative reviews relate to security and privacy concerns,” when going through reviews of these VPN’s on the Google Play store, suggesting that the vast majority of users are quite oblivious that they are putting themselves at such high risk.

Tuxler is a free VPN that doesn’t even try to hide the fact that it shares user data with advertisers (Image Credit: Tuxler)

Tuck Tuxler away

For yet another example, let’s look at the privacy policy of Tuxler, a free VPN. In their Privacy Policy can be seen right at the top that they are collecting user’s data to share with their advertisers to be used for ‘targeted advertising services.’ So much for that privacy that a VPN is designed to afford a user! At least Tuxler is upfront about it, and it goes on to state that data collected includes website activity, device and browser info, contact information, account information and financial information. The information that is collected about each user than gets used for this targeted advertising, with the Tuxler service providers, your service providers, and also “subsidiaries and related companies.”

In conclusion

From the examples and research provided above, yes, your data is truly being sold off to the highest bidder by these free VPN services. Therefore, a free VPN is in the category of “Free can be very expensive,” and therefore should not be used. After all, isn’t you and your family’s privacy worth a few dollars a month?

No comments yet.

Leave a Reply

in development