Geekflare
In VPN  |  Last updated:
Share on:
Cloudways offers managed cloud hosting for any size business to host a website or complex web applications.

The Dark Side Of (Free) VPNs Revealed

By and edited by
free-vpn-geekflare

When even some paid VPN companies fail to protect user privacy, expecting perfection from a 100% free VPN is ludicrous.

Choosing a free VPN is always an irresistible option. In fact, I use one of them (I’ll tell you about it) for general searches to check international versions of a few websites.

In this article, I will share how to select a free VPN and what are the general risks associated with such services. You will also know if there are any legitimately free VPN companies out there. Besides, I will share some real-life incidents that debunked the big-bad privacy claims made by a few VPN companies.

Ultimately, this is about VPNs in general, since the paid ones aren’t as clean as they would like us to believe.

Let’s begin!

VPNs and Privacy

vpns-and-privacy-geekflare
vpns-and-privacy-geekflare
vpns-and-privacy-geekflare

I wouldn’t call VPNs (free and paid) “privacy-focused” products.

Yes, you will have decent security, but 100% privacy becomes a myth the moment you log into the internet, including with the best “no-logs” VPNs. There are details in their privacy policies, and things hidden behind the intricate corporate structures, to the point it’s safe to say complete anonymity isn’t on the agenda.

Additionally, I don’t believe providing such internet services without logging anything is even possible.

And frankly, it’s like picking the devil of your choice. If not your internet service provider and government, you trust someone based in a foreign country whom you don’t know anything about. This might have come harsher than I wanted it to be.

But, you must realize using a VPN should be a conscious decision, fully knowing that some sort of data sharing is always there. So that the next time you look for a VPN for streaming you know what to be beware of.

However, a “standard” user, not indulging in criminal activities, has little to fear and can definitely rely on good VPNs👍.

The ideal use case for any VPN user, I would say, should be unrestricted entertainment, public WiFi security, general (and not absolute) privacy, and access to specific resources for someone based in internet-restrictive regimes.

But that was about good VPNs, most of which are paid. What about others?

free-vpn-a-good-idea-geekflare
free-vpn-a-good-idea-geekflare
free-vpn-a-good-idea-geekflare

Free VPN Services

I don’t think I can escape from the cliché “when it’s free, you’re the product” phrase.

So, let’s check how these companies can jeopardize the security and privacy of a user, the very elements they claim to protect.

One such free product is SuperVPN, which was found logging data as exposed by security researcher Jeremiah Fowler. The incident involved a data breach revealing 360 million records, including user email addresses, original IP, their device information, and the websites they visited.

In a separate research focussed on Android VPNs, it came out that 66% of such apps weren’t encrypting DNS traffic. This means the web activity was visibly similar to someone not using a VPN at all. The same research also found that 72% of free (and 35% of premium) VPN apps track users for ad revenue. What’s more, 38% of VPN apps were malware-infected!

To summarize, these can be a few not-so-great outcomes of using a (free) VPN.

  1. Shady company background: More often than not, 100% free VPN service providers won’t have any links to real people. In addition, there can be historical evidence of unethical business practices which scream “beware” to its users.
  2. Data logging and sharing: To make up for the “free service,” they might share personal details to 3rd-party agencies (most probably advertisers) or sell them on the dark web.
  3. Flawed security: How can they afford to hire skilled developers if they continue offering 100% free services to their users? This translates into sloppy user experience and sub-standard security protocols.
  4. Malware distribution: This is a possible grave side effect of using a free VPN service. In such cases, the service can indeed “feel” good, but the financial recovery process is terribly bad and hidden. This can infect your device with malware, such as spyware or ransomware, with serious future ramifications.
  5. Resource sharing: A few VPN services are also notorious for sharing the resources of their free VPN users with their paid users or 3rd-party services. These companies hide the details of such malpractice deep within their terms and conditions, which a typical user never cares to read.
  6. Ads: A free VPN service can be riddled with ads. These adverts can be there in the user interface, in the browser, or can redirect users to entirely different websites.
  7. Limited performance: This is an unavoidable consequence of legitimate free VPN services. They often provide no-cost entry-level plans to users, hoping that some of them will convert to long-term paying customers.

These were some risks of using dubious VPN services.

Now, let’s check out a few incidents that demonstrate what can go wrong with a VPN company, free or paid.

#1. IPVanish

A US-based, so-called “independently audited no-logs” VPN, IPVanish, cooperated with the US Department of Homeland Security in 2016 to provide them with a user’s personal details, including the full name, email, IP address, etc.

The case was related to the storing and distribution of child pornography, and I’m really glad the offender has been served justice.

However, the incident also proved IPVanish kept logs even when they claimed otherwise.

Following the incident, IPVanish was sold to StackPath in 2017.

#2. PureVPN

PureVPN is another one that cooperated with a law enforcement agency (FBI), which led to the arrest of one of its users.

This time, it was a cyber-stalker using its “no-logs” VPN service. However, the VPN provider was able to supply all the necessary personal information, including the actual IP address, which ultimately tied the unlawful activity to the perpetrator.

Again, kudos to the law enforcement officials to catch the criminal.

However, it raises doubt if the word “no-logs” has any significance for VPN companies other than a marketing gimmick to attract customers.

#3. HideMyAss

This time it was someone from the hacktivist group LulzSec, who thought using a VPN is a free ticket to do anything online.

Specifically, a member of LulzSec cyberattacked Sony Pictures Entertainment while using the HideMyAss (HMA) VPN service in 2011.

HMA already knew of the hacker group members using their services, thanks to an online leak somewhere else, but did nothing since they had no proof of anything illegal.

A court order changed all that, and the saga ended with the arrest of the hacker, thanks to HMA’s cooperation with the FBI.

Personally, I’m against any sort of criminal activity, online or offline, with or without any VPN connectivity. Still, the point of “few” of such mentions was to prove one thing: VPNs aren’t made to provide absolute privacy, especially from law enforcement.

Moreover, some companies can keep the personal information of their users even when their website is painted all over with the text “no-logs.”

But it would be unfair not to mention the following events, which proved there are also a few companies that are better when it comes to consumer privacy.

  1. Swedish authorities found nothing when they seized the Mullvad VPN server on April 18, 2023. It was in line with Mullvad’s privacy policy, which states their “customer data did not exist” since they keep nothing.
  2. Similarly, the Turkish confiscation of ExpressVPN servers in 2017 validated the VPN provider’s claims of keeping no user information.

You see, there isn’t any fixed guideline to define a good VPN or help distinguish them from bad ones.

risks-of-free-vpn-geekflare
risks-of-free-vpn-geekflare
risks-of-free-vpn-geekflare

Choosing a Good VPN (Free or Paid)

My two+ years of first-hand experience and research of such tools have given me some pointers to share with you all.

I would not be talking about the VPN features to look out for. Instead, it’s the general search you should do about the company if privacy matters to you more than anything else.

#1. Jurisdiction

An average user might not know, but there are surveillance alliances in the world that have countries sharing data of their citizens. The most common of such groups are the five, nine, and fourteen eyes alliance.

At the very least, a privacy-concerned user should opt for a VPN company NOT headquartered in these countries.

In addition, all buyers should try to steer clear of VPN providers based in authoritarian regimes.

#2. 100% Free?

There is a high probability of an “unprofessional” work ethic if a company only offers completely free VPN services.

As I already stated, companies provide free services in the hope you would transition to their paid plans. Plus, it helps in their mouth-to-mouth publicity.

But this does not mean all paid VPN providers are great.

If you’re interested, ProtonVPN has a forever free tier that I consider “safe.” Winscribe is another free option, but is based in Canada, a five eyes member country.

#3. Service Record

History teaches as many things, including which VPN companies to avoid.

As a user, you can make a quick Google search with search terms like ” VPN company name” + user data exposed or “VPN” + data leak. This will give you some lead to look into if anything is of concern.

Additionally, you can look up to Reddit for some “unbiased” opinions. Or better yet, ask your peers about some VPN service they might be using.

And please be informed that takeovers happen, which can signal a total overhaul of the operating policies. However, it’s up to you to trust the new owners.

#4. Founding Team

Try checking the “About” section of a VPN website and look for information relating to real people.

It’s generally a big red flag if you can’t spot the founders or people working for it. Ideally, you should see a few faces, along with their social media profiles.

The least a VPN can do is provide details about their parent company if that’s the case.

Personally, I don’t bother using any service, let alone VPNs, if there is no such information on their websites.

Try Getting a Good Paid VPN!

There is no alternative to paid VPNs for heavy users. Quality free VPNs or free tiers of premium VPNs will have some inevitable restrictions you can’t escape from.

To reiterate, 100% free VPNs mostly have some mechanism to make revenue, even if it doesn’t seem like it on the surface. It may not be with money; they might try to cover the costs by other means, including by selling your personal data, bandwidth, showing ads, installing malware on your devices, etc.

Be the user and not their product.

Signing off 🫡.

PS: Curious about your VPNs speed? Here’s how to test your VPN speed?

Share on:
  • Hitesh Sant
    Author
    Hitesh works as a senior writer at Geekflare and dabbles in cybersecurity, productivity, games, and marketing. Besides, he holds master’s in transportation engineering. His free time is mostly about playing with his son, reading, or lying…
  • Joy R Bhamre
    Editor

    Joy R Bhamre is a multifaceted professional, holding the title of Editor at Geekflare. She is a Google-certified Digital Marketing Specialist, a seasoned Editor and writer, and a Cambridge-certified English Language Trainer, boasting…

Thanks to our Sponsors

More great readings on VPN

Power Your Business

Some of the tools and services to help your business grow.
  • Murf AI

    The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Brightdata

    Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • Monday.com

    Monday.com is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder

    Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder