Back in February, we called out Facebook’s “free” VPN service, Onavo Protect, for literally being the opposite of a VPN. While it claims to cloak your traffic from prying eyes elsewhere, Onavo’s terms of service are straightforward about the fact that the company gathers data on everything you do and hands all of it over to Facebook. This was enough to disqualify the service as any kind of privacy option anyone should use.
Now Techopedia has gone a bit farther and rounded up data on the major free VPN services. Spoiler alert: They’re all pretty much as bad as Onavo, and some are arguably much worse. The cliché “If you aren’t paying for the product you are the product” really isn’t true these days, given how many companies now hoover your private data whether you sign up for a paying service or not, but it’s absolutely true that “free” VPNs are little more than scams.
The “Who’s Who” doesn’t read well. Hotspot Shield has been accused of sharing and selling user data along with ad injection and transmitting data over insecure connections. Hola sells your bandwidth and was caught back in 2015 fueling a massive botnet. A report from the Australian agency CSIRO found that Betternet deploys more third-party user tracking libraries than any other VPN service. Also, the same paper notes that “over 38 percent of them [the analyzed VPN services available on Google Play] contain some malware presence according to VirusTotal.” If you’re looking for a VPN client, simply surfing Google Play seems a bad way to get one.
Then, of course, there’s Onavo Protect, which we’ve covered previously. These are far from the only free VPN services available, but users should always keep this in mind. First, VPNs cost money. A company like Facebook could make the service available for free without monetizing it, simply providing the capability because they view it as important to do — but nobody has done so. That means every VPN service is being supported in one way or another. Worst-case, you’ve signed up for the equivalent of a man-in-the-middle attack in which no real VPN service is being provided but your data is still being run through someone else’s server for whatever nefarious reasons they dream up. Having your data hijacked in exchange for an effective service is slightly better — but not by much.
In this case, we’re going to say that users concerned with security are best off avoiding free VPNs altogether. One day, it may be possible to use a free service with some assurances about security and privacy. Right now, that doesn’t seem to be true. As always, we recommend performing due diligence and researching any VPN service before buying access to it.