Is using Free VPN services really safe?

I get this question a lot! Does using VPN really make your browsing habits private and anonymous? Are they safe? The questions arise because of the data breach epidemic which is engulfing the cyberworld. After the infamous Cambridge Analytica – Facebook data breach, now MyFitnessPal App has announced that nearly 150 million of its users’ data was leaked through a data breach.

Would use a VPN service have saved you from the CA-Facebook or other data breaches? The answer is a yes and no. VPNs or Virtual Private Networks are service providers who offer a layer of safety to their users. They are used to overcome geographical obstruction, to access a remote network securely, overcome censorship, dictatorial edicts, and other different purposes. They are extensively used by journalists and activists to overcome censorship which certain regimes throughout the world practice. Sometimes, users take the VPN services to gain access to torrent and porn websites as they are blocked in their geographical area.

Due to the anonymity and privacy they provide, VPNs have gained widespread usage in bypassing country restrictions to access blocked services. As soon as any government announces curbs on internet freedom, users search for ways to bypass website restrictions. VPNs are often the best bet to get around an ISP level block.

Most users have the inclination to opt for free VPN services mainly because the paid VPN services are costly and most of the users can’t afford them. But are the free VPN services safe and anonymous as they claim to be? In this article, we find out whether VPNs are safe to use.

Is A Free VPN Safe To Use?

In a recent study by The Commonwealth Scientific and Industrial Research Organisation(CSIRO), researchers analyzed 283 Android VPN apps to study their impact on user’s privacy and security. They found out that 75% of the tested apps used third-party tracking libraries, and hence, they can’t be trusted. 82% of the apps required permissions to access sensitive resources such as user accounts and text messages.

The study confirmed the worst fears. Most of these free VPN apps on Google Play had some sort of malware, adware, bloatware or spyware. The study found that the most popular of these VPNs such as VPN Free, Tigervpns, Rocket VPN, Cyberghost and EasyOvpn are found to be malicious in nature and have been downloaded more than a million times.

“18% of the VPN apps implement tunneling protocols without encryption despite promising online anonymity and security to their users. In fact, approximately 84% and 66% of the analyzed VPN apps do not tunnel IPv6 and DNS traffic through the tunnel interface respectively due to lack of IPv6 support, misconfigurations or developer-induced errors.”

That brings us back to our original question – Are free VPN services safe?

No. As they say, there are no shortcuts in life and nothing is for free. If you use a free VPN service you will find that particular App leaking your data. Every App released on Google Play Store has some sort of revenue stream going for it. Most of them rely on Google’s AdSense for revenue but many Apps rely on stealing your data and selling it to the highest bidder. In short, no VPN provider will offer their services free for an unlimited amount of time unless they have a malicious intent. Even Facebook was found stealing iPhone users data when it launched its very own Onavo VPN service. Here are some of the common ways through which free VPN providers steal your data for the malicious purpose.

1. Tracking your data

VPN encrypts and tunnels your data so your ISP cannot see what you are doing online. This means ISPs can’t keep track of you, but the VPN provider can. Free VPNs collect user data through tracking libraries and sell them to highest bidders. The CSIRO’s study found that Betternet’s free VPN app contained 14 different tracking libraries to steal user information.

2. Malware

Other than stealing data, injecting malware is the most common threat that free VPN services have. Once infected the malware-laden Android smartphone or iPhone can steal sensitive information from your device. The cybercriminals can also use the free VPN services to honeytrap you into downloading a ransomware.

3. Stealing of Bandwidth

Free VPN services are also found to steal your bandwidth and sell it for profit. Israel-based Hola was found to be stealing bandwidth from users and then reselling it through its sister company Luminati. You can read this article to know about how Hola duped its customers.

4. Browser Hijacking

Adware or redirecting you to an unwanted URL is often the easiest and preferred revenue stream for VPN providers. They will keep on leading and redirecting your browser to websites without your permission. These redirected websites offer the VPN providers money for sending you to them. HotspotShield free VPN promises its users shielded connections, security, privacy enhancement and ad-free browsing. However, the CSIRO study found that HotspotShield redirects user traffic to alibaba and ebay through its partner networks Conversant Media and Viglink, respectively.

“AnchorFree’s VPN app HotspotShield performs redirection of e-commerce traffic to partnering domains. When a client connects through the VPN to access specific web domains, the app leverages a proxy that intercepts and redirects the HTTP requests to partner websites.”

Many times, these free VPN providers will lead you to survey websites which often glean your personal information without you being aware of it.

Which free VPNs are safe to use?

CSIRO study found out that there are some free VPN Apps which are indeed safe and anonymous but these often have limited time periods. These VPN services offer you their services for free for a limited time so you can be aware of their features and continue to use them as a paid App once your trial period is over.

However, the rule of the thumb is that free VPNs are not safe and you should opt for a paid VPN service which does not log your usage.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief