Free is never really free, everything costs something

As a VPN review site, we get asked quite a bit wither or not it’s safe to use a free VPN. And we try to be honest: we’re highly skeptical. We feel this way for a number of reasons, which we’ll detail for you below. But if you’re just skimming and were hoping for a quick, direct answer: usually not.

fee vs paid vpn - are free vpn safe

The thing is that running a VPN is actually pretty expensive. You need to be able to afford servers and IP addresses. You need to be able to afford the skills and labor to set them up and manage them. And this all needs to scale as you grow. And that’s just a cursory look at what it costs on the technical side. There may also be marketing and financial departments to staff, and if you’re going to be doing things internationally you’d be wise to have a legal mind consult (at the very least). The point is, to do this right it costs quite a bit of money.

And while the internet is full of many things, philanthropists and altruists are not one of them. You can assume whoever’s running this “free” VPN isn’t running it at a loss for the good of mankind.

So when you see the word “free” it’s either substituting for the word $#!&ty or that VPN is making money in some hidden way. And while some free VPNs may admit this upfront, most of the ways “free” VPNs make money are privacy-averse so the majority of the time how the money gets made never comes up.

While there are all kinds of “free” VPNs, let’s focus on Android OS VPN clients, because that’s where most research has been done.

But first, let’s talk about the notorious lack of regulation with regard to Android apps. Actually, I guess there’s not much more to discuss – that’s it. There’s a notorious lack of regulation with regard to apps on Android OS. Not just with the non-sanctioned apps, people install from third-parties. But in the Google Play store itself.

Just because something says it’s a VPN doesn’t mean that someone checked to make sure it is.

The Australian Commonwealth Scientific and Industrial Research Organization (CSIRO) conducted a recent study of free VPNs and suffice it to say it didn’t return promising results. Among the findings, of the 283 “free” Android VPN apps they tried:

%

Used third-party tracking libraries

Z

%

of the apps required permissions to sensitive resources

s

%

had malware

%

handle IPv6 traffic outside of the encrypted tunnel

%

handle DNS requests outside of the encrypted tunnel

%

implement tunneling protocols that don’t even use encryption

Now let’s talk about what all that means. Spoiler: none of it’s good.

Some Free VPN track and sell your data

Chances are, the entire reason you’re using a VPN in the first place is so that you’re not tracked. So, it would undermine everything if that was happening anyway. And it would be especially cruel if it was the VPN itself that was doing the tracking – and then the selling – of said data. Your VPN is the only one that can see what you’re doing when you’re using it. That works great if you can trust your VPN not to log your activity or request access to other resources on your phone that hold sensitive data and harvest it. Then sell it. But it would also be profitable for the VPN. And as we discussed, these VPNs have to make money somehow. As we discussed earlier, 82% of VPNs request those permissions. And 75% track you. And they’re not doing those things NOT to sell it.

You get the point.

Some Free VPN give you malware

The cybercriminals that develop and deploy malware are always looking for new and exciting ways to transmit it to you. The vast majority of it gets transmitted via email. But what if you could get someone to willingly download it on their phone and execute it? That would save you so much time and aggravation. Possibly even money. What if I told you there is a way to do that! Just create an app with your malware, then put “Free VPN” in the title and wait for the downloads to start rolling in. You could even design a convincing enough clean variant, try to get it on the Play Store, and then add the malware in an update later. The possibilities are endless.

It’s a good thing nobody actually thinks that way…

Some Free VPN steal your bandwidth

Your device’s processing power and bandwidth are commodities you didn’t even realize you had. But a lot of VPNs realize it. And they’re happy to sell it right out from under you if you aren’t careful. It’s happened before, one Israeli VPN was discovered stealing bandwidth from its users and selling it via its sister company. Without going into an hour-long discussion on networking and frequencies, let’s just put it this way: that’s basically like selling your phone’s internet connection to someone else. Someone else is using YOUR phone. Not cool.

Some Free VPN cryptojack you

The other way a VPN can sell your own resources right out from under you comes in the form of Cryptojacking. At this point in 2019 pretty much everyone is at least aware of the word bitcoin, possibly even cryptocurrency. Well, the way bitcoin is created is by “mining.” Miners use all of the processing power at their disposal to try and solve a prohibitively difficult math problem and do it first. When they can, they are allowed to add a “block” with all of the recent Bitcoin transactions to its blockchain. The reward for using all this processing power to solve for the block is a set quantity of Bitcoin (the currency itself). And Bitcoin is VALUABLE (somehow) so the stakes are high.

But it’s tough to find enough processing power to solve the equation, especially first. That’s why a lot of miners pool their resources and try to solve it together, then split the reward. The problem is, sometimes those resources are being pooled without their owners’ consent. This is called Cryptojacking. And one of the best ways to do it is with a “free VPN.”

Some Free VPNs hijack your browser

What if your phone’s browser grew a mind of its own and started redirecting you to a bunch of places you didn’t want to go? That’d be annoying, right? But it would also be a great way to make money through affiliate ads, or to funnel users to phishing sites or watering holes. There have been plenty of examples of “free” VPNs taking over users’ browsers and sending them to all range of places that the user didn’t intend to go to. Recently, HotspotShield was caught redirecting its users to its partner networks.

“AnchorFree’s VPN app HotspotShield performs redirection of e-commerce traffic to partnering domains. When a client connects through the VPN to access specific web domains, the app leverages a proxy that intercepts and redirects the HTTP requests to partner websites.”

Are there any Free VPN that ARE safe?

Here’s a good rule of thumb: look for transparency. Try to understand how the VPN takes care of its operating costs. Your best bet is to use a free VPN client from a VPN service that also offers paid plans.

Granted, you likely won’t be able to use all of the VPN’s feature (you have to pay for that), but you know that the company is more likely to be reputable, and you are going to get a better performing product. They also have more to lose if they get caught doing any of the deceptive BS usually associated with free VPNs.

Difference between Free VPN vs Paid VPN

Features Free VPN Paid VPN
Best For Short Term use Long Term Use
Privacy No 100% Privacy
No-log or Zero log Policy No Yes
Blocks Bandwidth Yes Never
HTTPS Browsing Bans Often 100% HTTPS Browsing
the 256-bit strong AES encryption
Server/Location Single or Limited Multiple
Internet Speed Low As high as Possible
Data Coverage Limited (up to 500 MB per day) Unlimited
Device Connection Restricted to 1 device Covers Multiple Devices
Unblocks Netflix No Yes
Unblocks Hulu No Yes
Unblocks Live Streaming No Yes
Sells Data to Advertisers Yes No
Customer Support No Yes (24×7)
Premium Services No Yes
Advertisements Hassle Yes No Hassle
Cryptojack Activities Yes No Hassle
Get Free VPN Get Premium VPN