If You’re Using a Free VPN, You’re Being Farmed For Data

If You’re Using a Free VPN, You’re Being Farmed For Data

Back in February, we called out Facebook’s “free” VPN service, Onavo Protect, for literally being the opposite of a VPN. While it claims to cloak your traffic from prying eyes elsewhere, Onavo’s terms of service are straightforward about the fact that the company gathers data on everything you do and hands all of it over to Facebook. This was enough to disqualify the service as any kind of privacy option anyone should use.

Now Techopedia has gone a bit farther and rounded up data on the major free VPN services. Spoiler alert: They’re all pretty much as bad as Onavo, and some are arguably much worse. The cliché “If you aren’t paying for the product you are the product” really isn’t true these days, given how many companies now hoover your private data whether you sign up for a paying service or not, but it’s absolutely true that “free” VPNs are little more than scams.

If You’re Using a Free VPN, You’re Being Farmed For Data

The “Who’s Who” doesn’t read well. Hotspot Shield has been accused of sharing and selling user data along with ad injection and transmitting data over insecure connections. Hola sells your bandwidth and was caught back in 2015 fueling a massive botnet. A report from the Australian agency CSIRO found that Betternet deploys more third-party user tracking libraries than any other VPN service. Also, the same paper notes that “over 38 percent of them [the analyzed VPN services available on Google Play] contain some malware presence according to VirusTotal.” If you’re looking for a VPN client, simply surfing Google Play seems a bad way to get one.

Then, of course, there’s Onavo Protect, which we’ve covered previously. These are far from the only free VPN services available, but users should always keep this in mind. First, VPNs cost money. A company like Facebook could make the service available for free without monetizing it, simply providing the capability because they view it as important to do — but nobody has done so. That means every VPN service is being supported in one way or another. Worst-case, you’ve signed up for the equivalent of a man-in-the-middle attack in which no real VPN service is being provided but your data is still being run through someone else’s server for whatever nefarious reasons they dream up. Having your data hijacked in exchange for an effective service is slightly better — but not by much.

In this case, we’re going to say that users concerned with security are best off avoiding free VPNs altogether. One day, it may be possible to use a free service with some assurances about security and privacy. Right now, that doesn’t seem to be true. As always, we recommend performing due diligence and researching any VPN service before buying access to it.

Continue reading

Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive
Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive

Microsoft's Tim Stuart doesn't think the company will try to cut PS5 gamers out of future Bethesda titles. The company wants Xbox to be the best destination for its games, but not the only one.

Sony Is Refusing Refunds for Cyberpunk 2077
Sony Is Refusing Refunds for Cyberpunk 2077

The Cyberpunk 2077 team at CD Projekt Red has told gamers to seek refunds, but at least some PlayStation 4 players are being denied.

Microsoft Picks Up Ark II as an Xbox Exclusive
Microsoft Picks Up Ark II as an Xbox Exclusive

Microsoft has added another exclusive to its own stable of games. Ark II, the sequel to the hottest bug simulator of the 2010s and starring Vin Diesel, will apparently debut as an Xbox exclusive, though it’s probably time-limited as opposed to permanently locked away from the platform.The interesting thing about Microsoft choosing to snag Ark…

Fusion Reactor Sets Record By Running for 20 Seconds
Fusion Reactor Sets Record By Running for 20 Seconds

A team from South Korea just made a major advancement — the Korea Superconducting Tokamak Advanced Research (KSTAR) device recently ran for 20 seconds. That might not sound impressive, but it doubles the previous record.