Free / Cheap VPN? Probably Sharing Your Data With Criminals

Your Free or Cheap VPN Service May Be Spying On You

For years cybersecurity professionals have been directing people to start using a VPN for added security when using public WiFi.  This guidance may have been dangerously sending multitudes of users into the digital arms of hostile cyber actors.  Cybersecurity researcher Simon Migliano published a report that found over half of the top free VPN apps either had Chinese ownership or have their equipment based in China.  To add to this, the majority of free VPN providers have few or no actual privacy protections and no user support.

Key Findings

  • 59% of apps have links to China (17 apps)
  • Some of the apps returned positive matches when scanned for potential viruses or malware (27 apps)
  • 86% of apps had unacceptable privacy policies, issues include:
    • Lack of important detail around logging policies that could lull people into a false sense of security
    • Generic policies with no VPN-specific terms
    • No policy at all
    • Tracking user activity or sharing with third parties
    • Several privacy policies explicitly stated that they share data with China
  • 55% of privacy policies were hosted in an amateur fashion
    • Free WordPress sites with ads
    • Plain text files on Pastebin
    • Text files on Amazon servers
    • Text files on raw URLs, such as IP addresses
  • 64% of apps had no dedicated website – several had no online presence beyond app store listings.
  • Majority of companies make it very difficult to find out where they are based and who is involved – for a minority it was impossible to track down the provider.
  • Over half (52%) of customer support emails were personal accounts, ie Gmail, Hotmail, Yahoo etc
  • 83% of app customer support email requests for assistance were ignored

How to Choose a Quality VPN Provider

The best answer is you need to do some homework.  Free or low-cost VPN providers often have data caps, block certain services you may need, or do not provide help and support.  A few technical considerations are no or minimal log policy (for the privacy-minded user), ease of use, and advanced security options like the ability to hide your device’s network address or use of the right security standards (i.e. AES-256 or better encryption)

Consider this checklist when researching what personal VPN service is right for you:

  • Is there a logging policy
    • If you are worried about your privacy a minimal or no logging policy is what you are looking for.  This means the VPN provider doesn’t keep usage logs that could be purchased for advertising or shared with any other third party
  • Will it work on all your devices
    • Make sure you choose a VPN provider that you can use on your smartphone, tablet, laptop, etc and not have to purchase an account for each device
  • Can you stream media or download files
    • If you don’t want a third party to know what you are doing on Netflix you will need to make sure your VPN provider allows streaming or large downloads
  • Does it have local access points
    • If the service doesn’t have access points (VPN Servers) near where you live you might have slow connections or loose connection often
  • Data Caps?
    • Most free /low-cost services have data caps.  If you plan on using it a lot make sure the VPN provider you choose doesn’t cut you off after only a 1GB or so.
  • Ad Blocking
    • If you are going to be limited on a free VPN blocking ads and clickbait saves your bandwidth for what you want to do

What do the Pros Recommend?

The following list of paid VPN services has good features, solid reviews, a fair price, and to date have not been found to be owned by a hostile cyber actor.

  1. PIA Private Internet Access
  2. NordVPN
  3. IPVanish VPN
  4. TunnelBear VPN

Final Pro tip – Check the reviews from multiple sites before you make your VPN choice!

Post by Remote Process