Why You Should Stay Away From Free VPNs
by Dave Westbrook,
21-Sep-2021
The VPN industry has experienced tremendous growth in the past few years, with VPN services slowly replacing proxies as the tool of choice for both tech-savvy businesses and privacy-focused users.
What is a VPN?
VPN stand for for 'virtual private network'. VPNs sit between your hardware—computers, smartphones, smart TVs, etc—and the internet, and encrypt the data passing over your connection to the web, allowing you to use secure, encrypted tunnels to access the internet. By giving you more anonymity when online and encrypting your internet use they help shield data and communications against man-in-the-middle attacks, data profiling, hostile traffic, etc.
It's worth remembering that a networks which include a VPN service can be let down by a weak link in the rest of your infrastructure. So if devices on your network are already compromised, such as with malware, the VPN alone won't stop you from being spied upon.
Also, VPNs aren't all created equal—especially free services—with many falling prey to at least one of three major problems: unauthorised logging, selling data, and IP leaks.
Lets dig deeper into what these terms mean...
Unauthorised Logging
VPNs that retain some or any browsing logs are the main culprits when it comes to your online security and safety. If VPN service providers keep logs on their users activities while they use the Internet through their servers, even if it's only session logs (logging dates, times, servers used and bandwidth), then free VPN providers are definitely not for you! The VPN provider has access to your online activities which can include data that identifies you. For this reason it's vital to choose a VPN service that doesn't store any logs of users' activity nor session logs.
Selling Data
Another problem is VPN services selling user data. Most VPN providers claim they don't sell customers' browsing habits or information to third parties but there have been cases where VPNs were discovered logging data and selling it.
IP Leaks
Lastly, many VPN applications leak the user's original IP address due to faulty privacy features, DNS leaks, kill switches not working properly, etc. This leaves VPN users exposed.
Unauthorised logging, selling data and IP leaks can leave businesses using a VPN service exposed which puts them in a vulnerable position, exposing their identities and allowing cyber criminals to commit fraud, or help facilitate data breaches. In addition to putting VPN users at risk of being hacked, VPN services that monitor user activity via session logs put VPN providers at legal risk by compromising their anonymity. There have been many cases where VPNs were inappropriately monitoring customer's internet use and then selling the collected personal information to third parties. So if a VPN provider sets out to monitor you without first getting your permission it could be illegal. For example, VPN providers offering services in the EU are bound by strict laws on data privacy and consumer protection such as GDPR.
So if you really care about your security and privacy, stay away from free VPNs!
If not free, then what?
The VPN industry is constantly growing and evolving, with new VPN services emerging all the time. As such, choosing a VPN service can be difficult as it's hard to find one that delivers high levels of privacy and security at an affordable price.
Arguably the biggest name in commercial VPNs is NordVPN—their marketing is pretty ubiquitous—and you may also have heard of ExpressVPN or Surfshark. All these options offer advanced security and data privacy solutions at reasonable prices. Their servers are secured with high-grade encryption and the latest VPN protocols, so protect your online use against unauthorised access and cybercrime.
While not immune to controversy, paid services are more reliable and their revenue streams are not reliant on other sources of income such as advertising or worse, selling user data. Using a commercial service will also mean things like having no cap on data use, or other usage or feature limits.
Choosing the right VPN
There are several factors to consider, but these are Datamango's top tips for choosing a VPN service:
1. Check the number of simultaneous connections per user.
Two simultaneous connection per business user should be a bare minimum, assuming each has a laptop or desktop computer and a smartphone. Be wary though—fair usage policies are designed to prevent shared accounts—letting two members of staff with only a single device each could land you in trouble.
2. Check the connection protocols the VPN providers offer.
IKeV2 and OpenVPN are decent choices as they're relatively secure and stable. There are also different protocol options available, such as TCP and UDP for OpenVPN. More choice enables you to select the most reliable or fastest connection.
3. Check data collection policies.
Even if a VPN advertises that it does not log what you do online, it inevitably collects some data, even if it is anonymised. Some log the day your account was activated and the amount of data consumed, then delete it when your users close their browser. Other providers save the incoming IP address and the connection server, sometimes even for years. Check Terms and Conditions to find out exactly what is collected.
4. Consider the functionality available to enterprise clients
Check the app which takes care of your users' connections—some display the load on each server load, or allow favouriting specific servers. Also, access to specific network settings will help your IT departments fine-tune your deployment of a organisation-wide VPN solution.
Summing Up
VPNs provide your business with a way to access the internet in a secure and private manner, helping to protect your data from being monitored by malicious actors. Some VPNs, particularly free options, don't encrypt all incoming and outgoing traffic on your devices, and some actively collect and sell usage data.
Use of VPNs is growing as an important tool to help protect against cybercrime when combined with other security measures. Commercial-grade VPNs use strong encryption standards to ensure their service is robust enough to withstand any attempts at decryption of communications passing through their servers by third parties—but free VPN services usually won't! So stay away from free VPNs—they just don't deliver what you need for real privacy protection.