The Dangers of Using a Free VPNVirtual private networks, or VPNs, are great tools for protecting your privacy online. They can secure your Internet connection when you’re on public Wi-Fi networks and give your online activity an added level of privacy. You can sign up for a VPN service for only a few dollars per month, but some of the most popular VPNs in the world – such as Hotspot Shield and Hola, for example – are available for free. While it’s hard to pass up free software, when it comes to VPNs, you probably should. We’re outlining the reasons why you should think twice before you download a free VPN – or, if you already have one, consider getting rid of it – as well as providing tips for how to choose a service that will help make your Internet connection private and secure without selling you short.

Why are free VPNs dangerous to use?

Your data may be used or sold without your permission

If you’re wondering how a company can offer unlimited VPN services for free, it’s often because the VPN service often isn’t really the company’s product; its product is actually you, the user. The methods free VPN companies employ to make money off of their users range from relatively harmless, like showing you advertisements when you open the program, to incredibly invasive, such as collecting and giving away your personal information. To make matters worse, these companies do not always make their business practices clear. For instance, in August, the nonprofit Center for Democracy and Technology filed a complaint with the Federal Trade Commission against Hotspot Shield, accusing the company of not disclosing its data sharing and traffic redirection activities to its users. Hotspot Shield’s advertising claims that its VPN doesn’t track or keep logs of your activity, but Hotspot Shield’s privacy policy states that the company does actually record information from your web browser, and it may also transfer that information to other companies.

In an even more invasive example, Hola’s free version of its browser extension turns your computer into a VPN service provider. When you sign up for Hola’s free service and step away from your computer, Hola will harness your idle device to route VPN traffic for its other free users. While Hola openly admits and advertises the peer-to-peer network aspect of its service on the front page of its website, what that front page doesn’t acknowledge is that Hola’s sister business, Luminati, also harnesses those free user devices to operate a proxy service for paid private clients. In 2015, a hacker bought Hola user bandwidth from Luminati, then used that bandwidth to carry out a DDoS attack against a website. Hola users didn’t know that by downloading the extension, they were signing their computers up to be part of a botnet – not likely something anyone would be too pleased to discover. Bottom line, unless you read the service agreement line-by-line, you could wind up giving up more than you bargained for by using a free VPN – and sometimes even doing that isn’t enough to protect your privacy completely.

Your free VPN may be useless, or worse, malicious

So, let’s say you don’t care about companies selling your data or using your bandwidth. Even if you don’t have those privacy concerns, you should still be wary of free VPNs because a sizable number of them aren’t secure. A 2015 study published by the Commonwealth Scientific and Industrial Research Organization, the government agency for scientific research in Australia, analyzed 283 free VPN apps from the Google Play store. In its analysis, it found that 84% of the apps leaked user IP addresses, 66% leaked user web traffic and 18% didn’t encrypt traffic at all, which is the basic job of a VPN. If you connected to a public Wi-Fi network that is secretly controlled by a hacker, those flawed VPN apps could let the hacker monitor your activity while giving you the illusion of protection.

To make matters worse, the study also found that 38% of the analyzed VPN apps contained malicious code such as adware and spyware. Once installed, the apps would let developers serve its users ads or comb through their device data. Two of the apps, OkVPN and EasyVPN (created by the same developer), even had the ability to request system alert windows permission, which could be used to deceive users by disguising advertisements and malicious links as important phone updates. What’s even more alarming is that many of the apps containing malicious code had high user reviews on the Google Play store. Thousands of people rated these apps with 4 or 5 stars, completely unaware that their phones or other mobile devices were infected with malware. The last thing any of us want is for the apps or services we use to invade our privacy or expose us to malware, but unfortunately, it’s all-too-possible for “free” to come at a price.

How can I find a trustworthy VPN?

Unfortunately, with user reviews of VPNs so uninformed, there’s no quick and easy way to find a VPN you can trust. In general, paid VPNs are much more secure than free ones, and since you’re paying for the service, there isn’t as much of an incentive for the VPN provider to make money by selling your data. Ideally, it’s better to sign up with an older company that has been providing VPN services for at least five years, as fake VPN services have been popping up recently due to increased interest. If you do a search for VPN services, chances are you’ll be inundated with all kinds of results which may be difficult to parse. To help you choose a trustworthy service, you may want to use a review site, like That One Privacy Site, which has an extensive comparison chart of VPNs that is updated regularly. Before you make a choice, though, be sure to read the privacy policies of the companies you’re considering, and pay specific attention to what they define as personal information for their customers — as well as how they treat it.

Once you’ve picked a service and have signed up for it, test it for IP address leakage. You can do so by going to an IP address lookup site like WhatIsMyIPAddress.com with your VPN turned off, jotting down the IP address that shows up and then turning your VPN on and checking your IP address again. If the service is working, the IP address displayed with the VPN turned on should be different. If you opt to download a VPN app to your smartphone or other mobile device, be careful of the permissions it asks you for when you install it. For example, your VPN asking for access to your contacts, messages, camera and etc. is a red flag that the app will snoop through your data.

Sorting through VPN services can be overwhelming, but once you find an honest one that works for you, you will have much more protection from many of the cybersecurity threats out there. For more information on how to keep your digital life private, follow our privacy blog.