“Why would I pay for something I can get for free?” is a perfectly valid question, which we’ll be addressing today.
Protip: when a product is free – it’s never really ‘free’. The business has to make money. The fact that you pay them no money for the service means that you are the product. Even if there’s no monetary cost, that doesn’t mean there isn’t a price to be paid.
All data is worth something to someone.
There are many implications – arguably the most imperative of these are personal privacy and the loss of control over one’s data.
When you use a VPN, the software running is able to tell what websites you’re accessing, how long for – it virtually sees all traffic that goes through your smartphone or computer (they see the same data as your ISP: which they legally sell to advertising companies).
They can tell how long you spend doing each activity, what your daily usage patterns are, what time of the day you’re more likely to do shopping, and so on. This also includes any programs/apps which use the internet (let’s be honest, offline phone apps are few and far between). It can also log your real IP address, your physical real world location, and unique identifiers associated with your device.
You can’t always trust the word of companies. Some VPN providers who have claim to keep no logs of their users most certainly do, in fact, as recently as July 2020 we’ve seen seven VPN services leaving 1.2 terabytes of private user data out on an unsecured server, completely accessible by anyone in the public. These were VPNs proudly touting a “no-logging” policy.
This server contained Personally Identifiable Information (PII) of up to 20 million users – the worst part? This wasn’t even a result of a data breach or malicious cyber-attack. The server was simply not secured. Basically, no one was bothered enough to put a proper lock on the door, despite the sensitive nature of the contents. Your data. Your contents.
What sensitive data exactly? Username and passwords. Original IP locations, actual physical location, device model, type, ID – all available to anyone with an internet connection, who knew where to look. A CSIRO study as early as 2017 found that out of 283 VPNs, 75% were tracking their users (mind you, this included paid VPNs).
But wait, there’s more!
In addition to intrusions of privacy, non-consented gathering and storage of personal information on poorly secured databases, free VPN services also come with the following limitations:
- Data limitations (e.g. Tunnelbear limiting unpaid users to 500MB/month)
- Slow connection speed & lower prioritisation of VPN connection (faster and reliable connections are prioritised to paid users over unpaid users)
- Limited server options (different VPN providers will have different amounts of servers available per country – some VPN providers will have more servers available for your country than others)
- Less than desirable encryption (high quality encryption costs the company resources, time, and investment)
- One Device Connected at a Time (Paid services will allow simultaneous VPN connections across different devices, while free VPNs will often limit it to one device at a time)
- Lackluster support (I mean, paid customer support I receive with my ISP is dismal as it is, you don’t need me to tell you that companies don’t care about unpaid users)
The bottom line is if you’re looking to use a VPN to increase your privacy and protect yourself online, using a free VPN will often times open you up to even more risks. Just don’t do it. It’s not worth it.
I decided to publish this as a post separate to the upcoming guide to choosing paid VPN services, which is still scheduled to be posted next week.
Using a Free VPN service opens you to an entirely new host of concerns and risks, and is decidedly important enough to warrant a whole post by itself.