Why Shouldn’t I use a Free VPN?

“Why would I pay for something I can get for free?” is a perfectly valid question, which we’ll be addressing today.

Protip: when a product is free – it’s never really ‘free’. The business has to make money. The fact that you pay them no money for the service means that you are the product. Even if there’s no monetary cost, that doesn’t mean there isn’t a price to be paid.

But trust me. You are paying for it – with your data.

A rare athletic data broker spotted in the wild. Source: Medium

All data is worth something to someone.

There are many implications – arguably the most imperative of these are personal privacy and the loss of control over one’s data.

When you use a VPN, the software running is able to tell what websites you’re accessing, how long for – it virtually sees all traffic that goes through your smartphone or computer (they see the same data as your ISP: which they legally sell to advertising companies).

They can tell how long you spend doing each activity, what your daily usage patterns are, what time of the day you’re more likely to do shopping, and so on. This also includes any programs/apps which use the internet (let’s be honest, offline phone apps are few and far between). It can also log your real IP address, your physical real world location, and unique identifiers associated with your device.

Source: Shutterstock

You can’t always trust the word of companies. Some VPN providers who have claim to keep no logs of their users most certainly do, in fact, as recently as July 2020 we’ve seen seven VPN services leaving 1.2 terabytes of private user data out on an unsecured server, completely accessible by anyone in the public. These were VPNs proudly touting a “no-logging” policy.

This was discovered by a research team headed by Noam Rotem vpnMentor. These VPNs included UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN.

SuperVPN, 1 of 7 VPNs identified as part of the security blunder. Source: SuperVPN

This server contained Personally Identifiable Information (PII) of up to 20 million users – the worst part? This wasn’t even a result of a data breach or malicious cyber-attack. The server was simply not secured. Basically, no one was bothered enough to put a proper lock on the door, despite the sensitive nature of the contents. Your data. Your contents.

Friendly cyber-criminal saying hi to the $$$ they’ll be making off your data. Credit: @Octoptimist

What sensitive data exactly? Username and passwords. Original IP locations, actual physical location, device model, type, ID – all available to anyone with an internet connection, who knew where to look. A CSIRO study as early as 2017 found that out of 283 VPNs, 75% were tracking their users (mind you, this included paid VPNs).

But wait, there’s more!

In addition to intrusions of privacy, non-consented gathering and storage of personal information on poorly secured databases, free VPN services also come with the following limitations:

  • Data limitations (e.g. Tunnelbear limiting unpaid users to 500MB/month)
  • Slow connection speed & lower prioritisation of VPN connection (faster and reliable connections are prioritised to paid users over unpaid users)
  • Limited server options (different VPN providers will have different amounts of servers available per country – some VPN providers will have more servers available for your country than others)
  • Less than desirable encryption (high quality encryption costs the company resources, time, and investment)
  • One Device Connected at a Time (Paid services will allow simultaneous VPN connections across different devices, while free VPNs will often limit it to one device at a time)
  • Lackluster support (I mean, paid customer support I receive with my ISP is dismal as it is, you don’t need me to tell you that companies don’t care about unpaid users)

The bottom line is if you’re looking to use a VPN to increase your privacy and protect yourself online, using a free VPN will often times open you up to even more risks. Just don’t do it. It’s not worth it.

I decided to publish this as a post separate to the upcoming guide to choosing paid VPN services, which is still scheduled to be posted next week.

Using a Free VPN service opens you to an entirely new host of concerns and risks, and is decidedly important enough to warrant a whole post by itself.

As always, feel free to drop any questions down below in comments, directly to my inbox (nick@technecknick.com) or via my socials.


Published by Tech Neck Nick

I'm a cybersecurity major postgrad student from Sydney, Australia. Support my fight against Writer's Block.

One thought on “Why Shouldn’t I use a Free VPN?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: