Why free VPNs aren't always safe to use

Posted:
in iOS

A VPN is meant to protect you and your data, but that's not always the case when it comes to free services. Here's why you should be wary of no-cost VPN services.

Smartphone with a yellow shield displaying 'VPN' in bold, set against a background of green and yellow blurred binary code.
VPNs are available for the iPhone and other hardware



Paying for a Virtual Private Network (VPN) service offers users many benefits, including encrypting their online web traffic. Keeping your sensitive data private is its primary function, and in the vast majority of cases, that's how they operate.

However, alongside the trustworthy paid-for services, people who want to use a VPN without signing up for a subscription have another option. They can instead use a free VPN service.

This doesn't necessarily sound like a bad deal for users. It's seemingly all of the benefits of a VPN, including tunneling through nodes in other countries to get past geo-limitations on content.

However, while free is a great price, it certainly doesn't mean that you'll get a good service. In some cases, it actually does more harm than good, and for multiple reasons.

Weak encryption



Many of the top subscription VPNs boast about having high standards for their encryption. Using top-tier encryption that regularly gets checked and tested, paid services do a lot to assure clients that their data is safe.

However, the better the encryption, the more expensive it is to implement and to run. For a free VPN which doesn't necessarily have the cash reserves to do this, they simply cannot.

Instead, the free VPNs end up using older protocols. A common one is PPTP (Point-to-Point Tunneling Protocol), which isn't exactly the most secure method to use online anymore.

Weak protocols are more easily broken by a determined attacker, which means your traffic is at risk.

Data logging



Another reason not to use free VPN services is due to the way they can earn revenue. To offset your use of their services, they have to use whatever data they collect to recoup the cost.

This typically means that your activity is logged. While your actual connection could be private from prying eyes, the service could be collecting your browsing history and other personal information that it can detect.

This data is then sold off to data brokers, which is then used to build profiles that online marketers can use to target advertising to you. It's even collected and used by government agencies.

This is pretty much how Google earns revenue while providing many free online services, and practically everyone is aware that this happens. The difference is that you wouldn't expect a service like a VPN to actively collect and share your data when it's meant to keep your online browsing private.

As usual, if you're using a free service online, you are often the real product.

Paid VPN services often point out that they do not collect data on their users in this way. Not just because they don't work with data brokers, but because of privacy risks.

If a VPN collected data on your browsing habits and stored it, that data cache becomes a potential target for hackers.

Page insertions and ad hijinks



A VPN service with lesser-quality encryption and data logging capabilities could go one stage further to recoup its revenue. They could interfere with the web traffic itself.

This doesn't mean large-scale tampering with web search results and the website content you want to view. Really, a free VPN may slip in some extra elements to pages, or as popups, so that you can be served advertising.

These ads would earn revenue for the free VPN service itself, not the website that the ad has been inserted into. It's also plausible that the real advertising on a website could be replaced when using some unscrupulous free VPN services.

In the latter case, this would be denying the website you're reading some advertising revenue.

This is actually a bigger problem than you may think, beyond being served more ads. It's possible for those ads to be serving malware directly to the browser, since they're being added through lesser ad networks that are less safe and secure than traditional ones.

Malicious VPN apps



The worst problem with free VPNs is if you pick one that is actively malicious. Accessing a free VPN is a big carrot a hacker could dangle to catch unsuspecting victims who are all too willing to install the VPN app.

That app could contain malware, hidden away so that it can be installed without your knowledge. That malware could, at its worst, collect and send off your data or infect the system it's installed on.

Well-known and paid-for VPNs obviously don't have that problem, since it would severely harm their reputation. A barely-heard-of free VPN doesn't have that to lose.

Not all VPNs



The issues outlined above are common problems for free VPN services, but not all of them have these issues. Aside from paid services with better security and encryption levels, you can still find some free services out there that are safe to use.

Some free services are actually freemium, referring to paid services that offer free tiers of usage. While limited in various ways, such as in server selection or speed, they often offer the same sort of security as the paid version.

One considerable exception in the free VPN world is ProtonVPN, the service from the same people who made ProtonMail. While the free options limit what servers you can use, it does still use excellent encryption and has a strict no-logs policy.

If you only need a VPN for occasional tasks and you're not quite ready to pay for a full-blown VPN, ProtonVPN is a decent option for free protection. You can also find discounted prices on paid VPN services with Black Friday VPN deals.



Read on AppleInsider

dewme

Comments

  • Reply 1 of 4
    anonymouseanonymouse Posts: 6,975member
    I don't think any public VPNs should be considered "safe". Not if you mean "safe" as protecting your data and privacy better than not using a VPN. VPNs weren't developed for that purpose, and they don't really serve it.

    Edit: And to clarify, by "public" I mean meant to "serve" the general public — i.e., not internal organizational VPNs.
    edited November 5 apple_badgerForumPostwatto_cobra
  • Reply 2 of 4
    Depending on what you are using it for hosting your own back to your network with teleport or similar maybe the best option 
    watto_cobra
  • Reply 3 of 4
    I don't think any public VPNs should be considered "safe". Not if you mean "safe" as protecting your data and privacy better than not using a VPN. VPNs weren't developed for that purpose, and they don't really serve it.

    Edit: And to clarify, by "public" I mean meant to "serve" the general public — i.e., not internal organizational VPNs.
    Very enthusiastically seconding this. The solution for moving data across untrusted (that is all) networks, is TLS. VPNs serve different purposes. The fear mongering that public VPN providers use in their ads is so very misleading. If it's not safe to do over public WiFi or the open Internet without a VPN then it's not safe to do it with one either. 
    watto_cobra
  • Reply 4 of 4
    chasmchasm Posts: 3,598member
    Other than ProtonVPN, which I was very happy to see mentioned in this article as a worthy option, there’s no way I would trust any “free” VPN.

    As Google has proven: if the product/service is free, YOU and your data are the product.
Sign In or Register to comment.