If You’re Using a Free VPN, You’re Being Farmed For Data

If You’re Using a Free VPN, You’re Being Farmed For Data

Back in February, we called out Facebook’s “free” VPN service, Onavo Protect, for literally being the opposite of a VPN. While it claims to cloak your traffic from prying eyes elsewhere, Onavo’s terms of service are straightforward about the fact that the company gathers data on everything you do and hands all of it over to Facebook. This was enough to disqualify the service as any kind of privacy option anyone should use.

Now Techopedia has gone a bit farther and rounded up data on the major free VPN services. Spoiler alert: They’re all pretty much as bad as Onavo, and some are arguably much worse. The cliché “If you aren’t paying for the product you are the product” really isn’t true these days, given how many companies now hoover your private data whether you sign up for a paying service or not, but it’s absolutely true that “free” VPNs are little more than scams.

If You’re Using a Free VPN, You’re Being Farmed For Data

The “Who’s Who” doesn’t read well. Hotspot Shield has been accused of sharing and selling user data along with ad injection and transmitting data over insecure connections. Hola sells your bandwidth and was caught back in 2015 fueling a massive botnet. A report from the Australian agency CSIRO found that Betternet deploys more third-party user tracking libraries than any other VPN service. Also, the same paper notes that “over 38 percent of them [the analyzed VPN services available on Google Play] contain some malware presence according to VirusTotal.” If you’re looking for a VPN client, simply surfing Google Play seems a bad way to get one.

Then, of course, there’s Onavo Protect, which we’ve covered previously. These are far from the only free VPN services available, but users should always keep this in mind. First, VPNs cost money. A company like Facebook could make the service available for free without monetizing it, simply providing the capability because they view it as important to do — but nobody has done so. That means every VPN service is being supported in one way or another. Worst-case, you’ve signed up for the equivalent of a man-in-the-middle attack in which no real VPN service is being provided but your data is still being run through someone else’s server for whatever nefarious reasons they dream up. Having your data hijacked in exchange for an effective service is slightly better — but not by much.

In this case, we’re going to say that users concerned with security are best off avoiding free VPNs altogether. One day, it may be possible to use a free service with some assurances about security and privacy. Right now, that doesn’t seem to be true. As always, we recommend performing due diligence and researching any VPN service before buying access to it.

Continue reading

Nvidia’s Purchase of ARM Is Being Investigated by UK Watchdog
Nvidia’s Purchase of ARM Is Being Investigated by UK Watchdog

The ARM - Nvidia deal is receiving close scrutiny from UK regulators who want to make sure the deal won't break the underlying business model that has made ARM a worldwide force to be reckoned with.

Plex Media Servers Being Used to Amplify DDoS Attacks
Plex Media Servers Being Used to Amplify DDoS Attacks

The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There's not much Plex users can do about it right now, either.

PlayStation 5 Scalpers Think They’re Being Demonized Unfairly
PlayStation 5 Scalpers Think They’re Being Demonized Unfairly

Console scalpers don't think they get enough credit for the valuable service they provide. Wouldn't you agree?

NASA’s Parker Solar Probe Is Being Pelted by Tiny Plasma Explosions
NASA’s Parker Solar Probe Is Being Pelted by Tiny Plasma Explosions

NASA now says the hypervelocity dust impacts cause tiny plasma explosions that are detectable via the probe's sensors. But don't worry—it's probably going to be just fine.