The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
- CAR INSURANCE
- CAR INSURANCE
- TOOLS
- PROVIDERS
- GUIDES
- BROADBAND
- HOME SERVICES
- VPN
- HEALTH
Is there such a thing as a free VPN? This article explores the steep potential price hidden behind the mask of zero cost
Using a free Virtual Private Network (VPN) has become commonplace for many internet users. It promises to bring all privacy and security benefits of a VPN at no cost. Do they really deliver on this promise? How do free VPNs make money?
A ProPrivacy survey established that out of more than 1.25 billion downloads of consumer VPNs on the Google Play Store alone, a staggering 81.4 million were linked to potentially risky apps. Moreover, the number of users leaking information was estimated at an alarming 39 million.
It’s critical to understand the allure of ‘free’ VPNs. In the world of VPNs , they might sometimes come with a steep hidden price tag and considerable hazards. We’ll explore the shortcomings and risks you face when opting for such solutions.
In general, VPNs collect two types of user data: connection logs and usage logs. While the former are required for troubleshooting and service improvement, the latter give additional information about the user’s activities online, such as visited sites, downloaded information, online interactions, and locations.
Feeless as they may claim to be, free VPNs can largely profit from the information they collect. Let’s look at the various monetisation strategies some free services employ.
Free VPNs often utilise various data-tracking technologies such as cookies, web beacons, and tracking pixels to monitor your online activity. These digital footprints, coupled with the personal information you provide during registration (your name, address and email), are frequently repackaged and sold to advertisers or data brokers. In fact, the above-mentioned ProPrivacy research reports 40 per cent of free VPNs on the Google Play Store can leak personally identifiable data.
Far from acting as guardians of your privacy, such free VPNs could potentially auction off intricate details of your life and preferences to the highest bidder. Selling user data may extend to sharing your email with third-party businesses, opening the floodgates to an influx of spam and unwanted emails. The ramifications go beyond a cluttered inbox – you’re also left vulnerable to phishing emails and other malicious activities, adding significant risk to the perceived convenience of free VPNs.
Despite being disturbing and unethical, these practices are legal if disclosed in the VPN’s privacy policy and agreed to by the user. The discrepancies between the privacy claims and the privacy policy of free VPNs actually gave rise to a complaint against HotSpot Shield Free VPN filed with the Federal Trade Commission in the US. Although it hasn’t been settled yet, this case highlights the importance of careful consideration of the agreements users enter into.
By nature of their business model, free VPNs often need to compensate for the lack of user subscription fees. One common method is leveraging the vast data they gather for advertising purposes.
They may directly use your data for marketing. Anytime you log in or search for something online that piques your interest, the VPN takes note. This data then informs the types of ads they present to you and how they can do so most efficiently. Touch VPN, for example, offers only free services, and its revenue is generated by in-app ads and purchases only.
Advertisers pay to feature ads within VPN apps, leading to users being flooded with pop-up ads. These ads are often personalised, which suggests the VPN has shared your data with the advertisers, potentially including the browsing history you intended to safeguard. This unfortunate paradox illustrates how the tool you trusted to maintain your privacy could instead be violating it for profit.
Contrary to the promise of anonymity, many free VPNs track users’ online activities, using connection and usage logs to profile user habits and interests.
As mentioned above, browser cookies, web beacons, and tracking pixels are common tools for monitoring online behaviour. While these tools keep tabs on your online activities, they’re often invisible.
As a result, even though you may believe you’re navigating the web anonymously, your online activities could be continually monitored, with some free VPNs even selling this data to third parties. This practice fundamentally undermines the intended purpose of a VPN – to protect your online privacy.
Using a free VPN could also lead to legal implications if it is based in one of the Five, Nine, or 14 Eyes alliance countries, obliging them to share user data with government agencies upon request. Therefore, while free VPNs might seem tempting, they often come with hidden costs to your privacy and potentially even your legal standing.
While free VPN services can offer a useful starting point, many employ upselling tactics to encourage users to switch to their paid plans. These methods often limit the free service, intending to make the premium offering more appealing. Upselling tactics could include:
Ultimately, all these upselling tactics aim to guide you towards paying for premium services by emphasising the potential benefits of paid VPN services.
Alarmingly, some free VPNs jeopardise the security of your device by covertly unloading malware, including spyware or ransomware, onto your computer, tablet, or smartphone, potentially causing significant damage.
Using malware, VPNs may gain complete control over your device, enabling unrestricted access to your stored data. From your device’s information and location data to more personal details such as emails, messages, and phone numbers, all data stored in your device can be extracted, edited, modified, and deleted.
A stark example of fraudulent tactics to make profits is the case of Hola, a VPN service known to utilise malware to transform its free users’ devices into exit nodes or VPN servers. As a peer-to-peer proxy service, Hola utilised users’ bandwidths and IP addresses to cater to its paying customers without knowledge or consent.
Sometimes, free VPNs encourage their users to advertise their services on social media. They might offer perks like extra data or faster connection speeds if you post about them on sites like Facebook, Twitter, or Instagram.
Here’s how it usually works: the free VPN asks you to mention their service on your social media, perhaps with a good review or a recommendation to your friends. In return, you get some benefits from the service.
This might seem like a fair swap, but keep in mind that you’re essentially providing the VPN with free advertising. It’s important to think about what you’re doing. Promoting a free VPN service could encourage others to use a service that might put their online privacy or safety at risk. Always read the small print and consider the potential impact before you agree to promote any service.
Like Hola, which we discussed above, some free VPNs can use your internet connection to benefit their paying customers. This is particularly relevant when a VPN offers both a free and a paid version. While you, as a free user, can connect to the internet without any obvious limitations, the VPN could be using your connection in unexpected ways.
An example of this tactic is when a VPN takes your unused internet capacity, essentially your “bandwidth”, and passes it to their paying customers. In simpler terms, the VPN uses your internet resources to improve the service for those who pay, creating a profit from this exchange.
To avoid this, consider switching to the VPN’s paid version if they have one. However, not all VPNs openly admit to this practice, which means you may not be aware if your device’s connection is being used to enhance someone else’s browsing experience.
A botnet is a cluster of interconnected computers synchronised to carry out harmful actions. Individual machines within this network, called “bots”, are manipulated by a third party to circulate malware, launch attacks, or distribute spam. The control often infiltrates the machines through viruses or worms, converting them into “zombies” to serve malicious intents.
In addition to utilising their users’ bandwidths, Hola permitted free users’ devices to become part of a large botnet used for anonymous malware attacks. Not only does this misuse place your device at risk, but it can also get you involved in potentially harmful online activities stemming from the supposed safety of a free VPN service.
Despite the publicity of this incident, some free VPNs continue these practices unchecked, posing a substantial risk to their users.
In comparing free and paid VPN services, it’s important to consider several crucial factors, such as data limits, the number of servers, and the number of locations. Let’s look at two popular providers: Windscribe’s free version and Surfshark’s paid service.
| Feature | Windscribe free | Surfshark paid |
|---|---|---|
| Data limit | 2 – 15GB/month: 2GB/month standard; up to 10GB/month if registered with an email; plus 5GB/month if the user tweets about Windscribe | Unlimited |
| Number of servers | 11 | 3,200 |
| Number of locations | 11 | 100 |
Unlike the Surfshark paid service offering an unlimited data allowance enabling you to stream, download, and surf as much as you like, Windscribe’s free VPN service offers a monthly data limit of 2GB. Even if you have registered with your email, tweeted about Windscribe, and are therefore provided with the maximum data allowance of 15GB per month, it could be a constraint for a heavy user.
In terms of server options, you can connect to 11 different servers across 11 locations with Windscribe’s free version. While this might seem adequate for casual browsing, it can be limiting if you require more extensive access. On the other hand, with a subscription to Surfshark’s paid VPN service, you have access to more than 3,000 servers located in more than 100 locations worldwide, offering a much more extensive network and freedom to its users.
A free VPN works by masking your actual IP address, letting you access the internet via a server managed by the VPN service. It encrypts your data, ensuring your online activity remains private. However, you should be cautious, as some free VPNs may monetise their services by selling your data or offering slower, less reliable connections.
The most secure VPN in our recent comprehensive tests for 2023 is NordVPN, which also happens to take the top spot on our list of the best VPNs. It stands out for its superior privacy protection, making it the safest option available. As a well-established provider in the VPN market, NordVPN offers advanced security features, including double VPN encryption for added privacy and private DNS protection to prevent hijacking. It has adopted a strict no-logs policy – which has been independently audited – to ensure your online activities remain private. Plus, it offers impressive performance with 5,731 servers in 60 countries.
Free VPNs may seem appealing, but they often sacrifice security and privacy due to limited resources. These services might sell your data or flood you with relentless ads. They also have a reputation for questionable data-sharing practices, typically masked by unclear policies.
The usage of outdated or weak encryption protocols further exposes you to potential online threats. Therefore, the risks associated with free VPNs significantly outweigh the benefits, making paid, reputable VPN services a far safer choice for maintaining online privacy and security.
While free VPNs may seem enticing, the risks associated with their use are significant. From compromising user privacy through the sale of data to third parties to the potential for targeted advertising and even serious security breaches, the dangers outweigh the benefits.
A paid VPN, on the other hand, offers robust security, reliable performance, and dedicated support, all without jeopardising your data. So, investing in a reputable paid VPN is undoubtedly worth the money, giving you peace of mind and a safer, more secure online experience.
