Are free VPNs safe?

Can you count on a free VPN to keep your data safe? Or are free services simply a dicey proposition when it comes to virtual private networks?

are free VPNs safe?
(Image credit: Shutterstock)

There’s no such thing as a free lunch, so they say – but there’s definitely such a thing as a free VPN. However, you may have heard that these freebies can be something of a risky proposition, and that they may lack on the security front compared to the paid-for best VPNs out there. You might even have read about free  virtual private networks not being safe to use at all. Let’s explore whether there’s any truth to these accusations.

Data and monetization

One thing that a VPN service is expected to do is protect your privacy online. When using a VPN, your data is encrypted and kept safe from the prying eyes of ISPs or other third-parties who might otherwise be able to see where you’re browsing online and benefit from that in ways which amount to an invasion of privacy - such as forming an overall picture of your likes or hobbies, and targeting adverts based on that profile.

Ensuring that their data is safe and private is a big piece of the puzzle for many people using a VPN, for sure, but the thing that folks don’t realize is that while their ISP may no longer be able to see their data when running a VPN, the VPN provider itself can – and that could potentially lead to issues.

Now, every VPN out there inevitably has a privacy policy which assures the user that it doesn’t abuse their data, or indeed keep any ‘logs’ of the user’s online activity (except perhaps very basic session logs – and even those should be declared). NordVPN for example, one of the very biggest names in VPN, now has its no-logging policy audited annually by PricewaterhouseCooper.

However, just because the VPN says that it doesn’t keep logs does not necessarily mean that it isn’t actually doing so in reality, and the operation may run very differently behind-the-scenes. How would you know if this was the case, after all? There’s simply no way of finding out the truth of the matter for yourself.

The point we’re getting to here is that free providers may not charge, but still need to monetize their service somehow, so the method in which they make cash may involve leveraging user data, perhaps sneakily without that user’s knowledge. Whereas the most trusted paid VPNs get their money, clearly enough, from subscriptions only.

In short, there may be worries about exactly how safe your data is in the hands of a less reputable VPN.

Reputation is everything

Reputation is the other major point worth highlighting here – if you only look at signing up with reputable companies, you are, naturally, much less likely to come unstuck when it comes to the scenarios we’ve just discussed.

And although we’ve just observed that there’s no way of finding out the truth behind a VPN’s privacy policy yourself, some providers do perform independent audits of their systems and policies, making the results publicly available (hopefully in detail). These can provide assurance that any promises about logs – and indeed other aspects of privacy and security – are actually kept by the VPN service in question.

Many of the top VPNs have gone through the process of having their systems audited like so, and on a regular basis too, giving them an obvious major advantage in the trust department.

Stick to VPNs with a solid reputation for security

(Image credit: Shutterstock)

Shady operations

In many ways, the question of whether any given VPN might be safe boils down to whether or not the company can be trusted, and as we just said, the best bet for choosing a recommended free provider is to stick to one of the reputable providers (as highlighted in our best free VPN roundup). In other words, the trustworthy operations prepared to go to lengths like third-party auditing.

Steer clear of unheard of or obscurely branded VPNs simply because they are more likely to be operations that are thrown together just to try to make a quick profit - usually off of user data, as we’ve already discussed, in the case of a free service.

As well as blatantly disregarding their users’ privacy, this kind of VPN probably has holes all over the place: it may be using outdated encryption, or indeed not even encrypting your internet traffic at all. It may also suffer from IP leaks, DNS leaks, or other problems due to incompetence (or plain not caring) that could compromise your anonymity or security online.

At worst, a shady VPN operation may even produce a malicious VPN client, one that could even be laden with malware. Android apps have historically been problematic in this area – so tread very carefully when it comes to free mobile VPNs.

Hola controversy

We shouldn’t forget that some free-to-download  VPNs have been caught up in controversial activities, the most obvious example being Hola which was mired in all sorts of accusations of selling its users’ bandwidth - the service works on a peer-to-peer model. Hola subsequently admitted it made mistakes, but denied that its service wasn’t safe.

However, these kind of headlines obviously don’t help when it comes to the overall perception of security and safety of free virtual private networks. And although that one may be going back a few years, there's undoubtedly still a risk when it comes to using these free services.

Safety concerns do come into play with some free VPNs

(Image credit: Lilly Roadstones / Getty)

Are free VPNs safe?

As we’ve seen, there are definite points of concern here, but it’s equally clear that safety worries only really come into play when you’re looking at the more obscure VPN providers out there (particularly with mobile apps), away from the big reputable players.

That is, of course, generally speaking – any free provider needs to monetize itself in some way, and there may always be worries on the fringes about that. The overall message here is that you do need to be careful about which free VPN service you choose – because there are genuine concerns and dangers around safety – so stick to the top providers, those with a reliable reputation, preferably backed with an independent audit on their systems.