How Safe Is A Free VPN?

VPNs allow you to keep your online activities anonymous and as private as is possible. But they also cost money, so sometimes people look to free VPNs as a solution.

Free VPNs are not safe to use, for a number of reasons. The first is that they’re usually thinly-disguised data mining tools, and the second is that they typically do not offer actual VPN functions – you just think you’re protected.

are being adopted by the average consumer faster than never before.

Once Edward Snowden blew the lid off Project Prism everyone on the planet wanted a VPN (Virtual Private Network).

Governments all over the world are becoming more Orwellian in their approach to what you can say and do online.

Which drives people to sign up for the first VPN service they come across.

Or in the case where they can’t afford a paid VPN – they use a free VPN instead.

But something my father once told me has stuck with me my entire life:

“If something sounds like it’s too good to be true, then it is too good to be true”.

Like when a company tells you they’re offering a 100% free VPN…that’s just as good as a VPN that costs $5 per month.

So, the question we’re going to tackle today is “How safe is a free VPN?”

The short answer to this is, “They’re incredibly unsafe to use”.

But it’s actually far, far worse than free VPNs being unsafe.

And we’re going to dig into why that’s the case in a lot more detail in this article.

Things cost money

Paid VPNs use a vast global network of computers to route your traffic safely from point A to point B in a safe manner, while also masking your IP address.

Like from your laptop in London to a remove computer in Colombia.

But running large networks of computers is expensive.

So that means if you’re not being charged for the use of that network, the VPN provider has to make up those costs in some other way.

Basically, somebody has to pay the bill.

We cover exactly how free VPNs do that a little further on.

You’re not going to believe some of the crap these free services pull on their unwitting “customers”.

Where’s your data stored?

Here’s the first problem – you have absolutely no idea where the information you send over a free VPN is being temporarily or permanently stored.

And there is every chance it’s being stored permanently on the servers of these free services.

This is especially true of any obviously off-shore VPN provider i.e. it’s hosted in a country where the rule of law is optional.

Or the government is actively involved in corruption perpetrated by private companies and/or third parties.

Because you don’t run into problems like that with VPNs hosted in the United States or other Western countries.

Free VPNs can contain malware

This is the kind of information that makes you want to reach for a stiff drink or strong coffee when you read it.

Or bang your head against a wall.

75% of free VPNs were found to contain malware.

Which basically means your free VPN installs one or more viruses on your computer or other device.

In many cases this is just adware, but there’s nothing to stop them from installing something far more serious like ransomware.

75% of free virtual private network companies doing this means it’s not an accident.

It’s deliberate, and therefore it’s malicious in intent.

And it’s also most likely a collaborative effort between multiple free VPN companies.

A lot of the free virtual private networks you see advertised are actually run by a handful of companies.

Selling your data

As I said at the start of this article, running a VPN costs a lot of money.

So they have to make up for that somehow.

Like by selling your data to a third party – literally anyone with the money can get their hands on it.

These other parties then relentlessly spam you with their products or services based on your personal user data.

Or they integrate your data into “marketing tools” that are then sold to subscribers.

And yes, that really does happen.

But some of the free VPN services are even more blatant than that.

There’s been multiple recorded cases of free VPNs redirecting users to third party affiliate partners.

So, they make money from selling your data wholesale to unscrupulous companies and by trying to earn affiliate commissions from you.

Which will no doubt involve routing your device to the absolute worst kinds of companies.

Free VPNs are data farms

One of the key features you should look for in a paid VPN is that they don’t store logs of your online activity.

Ever.

Some are better than this than others.

But the vast majority of free VPN services absolutely do keep logs of what you did online.

How can you be certain?

Because they’re already selling your information to advertisers, and have been caught out doing that.

In fact, Hack Read estimates that 90% of free VPNs are nothing more than data farms:

And I’d be inclined to agree with them.

I actually think they’re being pretty lenient here because I’d estimate the figure is closer to 95%.

Or maybe a few percent higher…

VPNs are meant to protect your user data – not just hand it over to a third party with the deepest pockets.

But that’s the risk involved with using any type of free software these days.

Selling your computer

When your computer is idle you can set it up to do some pretty cool stuff.

Like search for alien life, or even participate in virus and cancer research.

But some free VPN providers do the exact same thing with your computer’s “free” time.

Except they never ask your permission.

And even worse is that it could result in your computer being part of what’s called a botnet .

These are used for criminal or illegal activities in pretty much 100% of cases.

Like sending spam from your PC, but you wouldn’t have any indication that was happening.

And this happens all the time with free VPNs – and most other types of “free” software too, to be fair.

Regular data breaches

Free VPNs are typically run by people who are more interested in cash than helping preserve your privacy.

So that usually means their internal security measures are less than useless.

This is backed up by the fact that they suffer from regular and massive data breaches.

HotSpot shield was one of the first free VPNs to get caught up in a major breach – that one made the headlines.

Which means they’re not only incapable of protecting your online privacy, but that their internal databases are wide open to outside attack.

The hilarious thing is how they deal with these breaches, “We didn’t find any problems, so there’s nothing to fix.”

Their PR departments rely on complete denial in a way that would make a politician blush with shame.

And what happens to the information stolen during a breach?

It’s sold on the Dark Web.

Rampant DNS leaks

68% of all free VPNs experienced serious and ongoing issues with DNS leaks.

A DNS leak, in plain English, is that you think you’re connecting to a VPN in say Turkey, but anyone looking at your traffic can see exactly where you’re from.

Including your originating IP address.

Which they could then reverse engineer if they chose to, revealing your physical location.

And it also means your personal identity isn’t masked or encrypted.

DNS leaks can happen even with paid VPN providers, but they’re pretty rare.

But you’re almost guaranteed to have this problem with the vast majority of free VPNs.

This one flaw renders any free VPN service I can think of completely pointless for use online.

No data encryption

This was a tough one to get my head around, but the numbers don’t lie.

82% of all tested free VPNs offer no encryption of user data…even though they advertise that your traffic will be encrypted when using their service.

What this means is that your ISP can see data leaving your PC, track it wherever you go online, and then what comes back to your PC.

One of the most basic functions of a good VPN is that it encrypts your data so that your ISP can only see that you’re connected to the Internet but not where your connection ends.

Some of this is accidental on the part of the free VPN providers.

But most of it is because they simply won’t invest in the technology to stop this from happening.

You get ZERO anonymity

A paid VPN specifically tries to mask your online activities as much as possible.

The better paid VPNs sometimes going as far as sending your Internet traffic through multi-hop connections.

Free VPNs on the other hand do the exact opposite to this.

Because 75% of them install tracking software of some kind on your computer or device.

Why?

Because that provides them with even more data to sell and/or opportunities to spam you with ads.

Things are changing…

The problem with free VPNs, and their blatantly illegal shenanigans, got so serious that even Big Tech companies were forced to pay attention.

Google and Apple promptly removed dozens of free VPN apps from their online stores, including Chrome browser extensions.

It was just a storm of bad press for them so they swept the worst offenders under the rug.

With that said, I absolutely would not – and I mean under any circumstances – use a free VPN app or browser extension.

Not from any company that doesn’t expressly offer a paid service.

And even then, I’d be careful.

Because, as I said earlier, there’s no such thing as a free lunch, folks.

Never has been.

Never will be.

Wrapping things up

As you can see, the free VPN industry has one goal – to rip you off.

I learned this the hard way from using a free VPN about a decade ago.

It started a cascading effect where my personal details were exposed in one database breach after another.

I’m still paying for that mistake today.

If you’re still on the fence about whether or not free VPNs are safe to use, let me put it this way.

You’d be less at risk connected to a random public Wi-Fi hotspot with your AV software disabled…and your password printed on the back of your head.

Using free VPNs is the equivalent of literally begging for your personal information to be stolen and sold on the black market.

And if you can’t afford the $5 it costs for a paid VPN then maybe you’re not really concerned about keeping the government and advertisers away from your private life.

Believe me, there’s no comparison between a free VPN service and a paid VPN provider.

None.

Can You Be Tracked If You Use a VPN?

When you sign up for a VPN, paying your monthly subscription, you expect that your online activities will remain anonymous thanks to the Virtual Private Network you’re using.

While paid VPNs are just part of an overall security system every computer should use, they do stop you from being tracked while you’re online, masking your IP address and the sites you access.

“No, you can’t be tracked if you use a VPN!”

The problem with that statement is that it’s not quite that straightforward – we need to consider the word “tracked” in two different contexts.

“Tracked”, for some people, simply means, “Can I browse the Internet anonymously?”

Whereas for others it means, “I don’t want anyone knowing I’m online or that I use a VPN server.”

There are a few subtle differences to where people stand on the goal of online privacy and protecting their personal information.

Not all VPN’s are created equal.

And there are some knowledge gaps here you might not have considered until you read them.

So let’s take a look at what it takes to avoid being “tracked” while using a VPN (Virtual Private Network).

Covering The Basics

Your VPN encrypts your data as it heads out over your Internet connection to the public Internet, as well as masking your IP address.

It does this by sending your data through a “tunnel” and allowing you to connect to any of thousands of servers in hundreds of countries.

Your ISP (Internet Service Provider) will be able to tell you’re using a VPN (if they go looking) but they will not be able to view your personal data.

Your ISP will however know your actual IP address, as will your VPN provider.

If you’re in any doubt as to how safe a good VPN can be, then you need only look at what happened recently in China.

Even with an entire government trying to censor information coming out, Chinese citizens were still able to use VPNs to successfully get around these controls.

Long story short, a good VPN server can be very difficult for entire governments to get around.

Don’t Use Free VPNs

You’re pretty much guaranteed that not only will all your data be logged but it will be resold again and again by the companies that run free VPNs.

That’s the entire business model – they don’t give a hot damn about your privacy or keeping your data secure.

And that’s without worrying about how many of them have suffered serious data breaches but never disclosed that.

Also, based on testing, free VPNs basically broadcast personal IP addresses loud and clear – there’s no real masking involved.

We put together a whole article covering the “How safe is a VPN?” topic.

Use A Secure Browser

Don’t use the same browser you use for everything else.

It’s stuffed full of cookies and thousands of other pieces of digital clutter that would easily be used to identify you.

And I don’t mean use a ‘Private’ tab in your current browser.

I mean install a completely different browser, and anything other than Firefox or Chrome.

Both of those are basically designed to track your online activities while assuring you that they don’t.

It’s total horseshit.

Instead, install something like Brave. Yes, it’s a Chromium browser, but with all the spyware turned off.

Use A Multi-hop VPN

What’s better than having your data encrypted and sent through a remote VPN server?

Encrypting it twice and having it pass through two servers before being decrypted.

That’s how multi-hop routing works.

And it’s becoming a popular option for people who are really concerned about their privacy.

So even if somebody was able to intercept your data on the first server, they’d just find an additional layer of encryption.

That makes tracking you more trouble than it’s worth, unless maybe an intelligence agency is involved.

The only downside to using a VPN with multi-hop is that it can be a lot slower than a regular VPN.

DNS Leaks

Now here’s a problem that is a problem for Windows users, although Mac and Linux users apparently aren’t safe from it either.

A DNS leak happens when using a VPN…but it screws up and routes your Internet traffic through your ISP’s DNS instead of the DNS of your VPN provider.

That means that although your VPN is connected and everything looks fine, everything you do online passes through your ISP’s servers, completely unencrypted.

So you can be tracked very easily.

How can you check if your VPN has DNS leaks?

Open a Google search box and look in bottom left corner to see what country it thinks you’re connecting from.

Or you can use a site like DNS Leak Test instead.

Is there any VPN service that has never, ever had a DNS leak?

None that I’m aware of, but some are better than others.

VPN Logging

Connecting to VPN servers means those servers can log where you go and what you do.

So what you’re looking for in a VPN is one that advertisers, and implements, a “no logging” policy.

But there’s a slight problem with this “promise.”

Only VPN companies located in specific countries can avoid handing over their logs to the authorities if forced to do so.

That’s why many VPN providers try to locate their businesses offshore and away from nosey governments.

Payment

Nobody really thinks about this, but paying for a VPN with your credit or debit card is raises a red flag that you’re trying to surf anonymously.

Doing this in a safe and free democracy is one thing – nobody will really give a shit.

But signing up for a VPN in some countries could see you attracting the attention of the authorities.

All you have to do to get around this problem is sign up for your VPN with either a cryptocurrency, or find one that accepts something like Amazon gift cards as payment.

Source: https://tails.boum.org

True Web Anonymity

So…is there anything you can do to make sure you can’t be tracked when using a VPN?

Of course!

There are actually two choices here – the first of these is to use TOR over a VPN.

Basically, you connect to your VPN, and then connect to TOR.

You get a VPN within a VPN, which effectively make your online activities untraceable.

If you wanted to take things a step further do all of this on a public Wi-Fi hotspot.

The second method is to use something called Tails.

This is a portable operating system designed specifically to help protect your privacy and get around censorship.

Basically, you can boot your computer from a USB key containing Tails.

You can then connect to your VPN of choice and/or TOR along with that.

And when you shut the computer down there are no traces of what you were doing online or on the computer itself.

Very neat, and Tails is completely free.

Summing It Up

So, as you can see, asking whether or not you can be tracked while using a VPN requires a bit more explaining than just saying, “Nah, you’ll be fine”.

Remaining anonymous online is entirely doable, but you’ll have to put some effort into achieving that goal.

It’s not as simple as using whatever VPN is being recommended by YouTubers right now and hoping for the best.

But at least now you know what you need to do.