If you are a VPN user it is time to come out from the myth that every VPN is here to secure your privacy.
Internet censorship is on the rise, and data from Freedom on the Net, based on an annual assessment of the situation of Internet freedom in 65 countries, reveals that not only has Internet censorship been on the rise for seven straight years now but developed nations are not exempt.
Thanks to recent policy changes such as the US government legalizing the ability of ISPs to sell user data without user permission, the repeal of net neutrality, and the metadata retention scheme in Australia, VPN usage is on the rise –, particularly in the West. According to a particular source, VPN usage rose 170 percent in the US in reaction to net neutrality repeal, 470 percent in Australia, and 89 percent in Turkey in reaction to similar attempts to curtail Internet freedom.
Hotspot Shield, which is perhaps the biggest VPN service in the world today, reported having over 100 million downloads in 2017 alone (more than it has ever had in any given year) — a sign of increasing interest in VPN usage thanks to growing censorship. What’s more interesting, however, is the percentage of this growth that came from the US: while Hotspot Shield was mostly used outside the US before 2017 (with about 80 percent of people using it internationally), that all changed in 2017.
AnchorFree, the company behind Hotspot Shield, credits recent policy changes and events in the US for this growth: Hotspot Shield noticed its first big spike in usage from the US in March 2017 when Congress voted to allow internet service providers to sell user data without permission from the user, it noticed another spike after the massive Equifax hack that exposed data of over 140 million users, then it noticed an even bigger spike thanks to the repeal of net neutrality.
In the face of growing censorship, free VPNs, in particular, have an allure: for one, privacy is expected to be a basic human right, and the vast majority of people in censorship-ridden countries — such as Eritrea, Syria, or Ethiopia — cannot afford to pay a monthly fee to use a VPN service on top of the cost of their monthly Internet service subscription.
Unfortunately, free isn’t always good. Using free VPNs, in particular, is like having a fox guard the henhouse.
Despise the Free Launch
In the classic The 48 Laws of Power by Robert Green, the 40th law states, “What is offered for free is dangerous – it usually involves either a trick or a hidden obligation. What has worth is worth paying for.”
As far as free VPNs are concerned, this couldn’t be truer!
While many people turn to VPNs to prevent ISPs from selling their data, to prevent ISPs from controlling what kind of content they have access to, or to prevent prying eyes from seeing what they are up to when they go online, in reality, they are only contributing to a goldmine of data for advertisers and the highest bidders.
While many VPN service providers would want you to believe that they have charitable aims in offering VPN access for free, the reality is that most free VPN services are glorified data farms. I will know because I specialize in testing and reviewing VPNs. In a recent study my organization conducted, analyzing the most popular free VPN services, we discovered that pretty much every popular free VPN service is a glorified data farm or abuse access to user’s data and resources in some form. Hotspot Shield, in particular, is a major culprit.
While Hotspot Shield boasts over 600 million users, an increasing percentage of these in the U.S., very few of these users know that Hotspot Shield intentionally allows third parties to gather data from users of their VPN service. Here’s it straight from their privacy policy page: “Our ad partners may also receive information independently from you or your device.” Data Hotspot Shield’s “ad partners” are allowed to gather may include your device’s advertising ID, IMEI, MAC address, and wireless carrier information. So much for privacy protection!
It gets worse
A petition to the FTC by the Center for Democracy & Technology reveals greater abuse of Hotspot Shield’s access to users’ computers. According to the petition, besides sharing user data with third parties, Hotspot Shield hijacks and redirects user traffic from top e-commerce websites to that of its affiliate partners and also uses more than five different third-party tracking libraries to enable it serve targeted ads to its users (contrary to its claims of completely private and anonymous web browsing).
There’s also Hola, another popular free VPN service that has managed to position itself as a free VPN service that helps users unblock and stream restricted content on streaming websites such as Netflix and Hulu. Hola boasts over 160 million users on its homepage at the time of this writing, yet it has been accused of abusing its access to user’s computers — including turning them to botnets.
A team of researchers even set up a website to expose some of the flaws in Hola — including serving as an exit node and allowing code to be executed on computers using the Hola software. Hola fixed some of these flaws and denied the existence of others. The group of researchers maintains that some of the vulnerabilities are still present, though.
Mobile Free VPNs are No Better!
Betternet, a free VPN service for mobile users, is another notable example: established in 2014 and boasting over 38 million users, Betternet is one of those VPN services that come out of nowhere and quickly became the talk of the town. Like many of its forerunners, however, Betternet has to make money. It’s just not feasible to offer reliable VPN service to 38 million users at no cost.
Yet, like many of its forerunners also, Betternet does this by allowing its advertisers the kind of access that makes it possible for them to gather data from devices of their users — in fact, according to a research paper [PDF] by the Commonwealth Scientific and Industrial Research Organization (CSIRO), an independent Australian federal government agency responsible for scientific research, that analyzed 283 mobile VPNs on the Google Play store, Betternet has the most third-party tracking libraries of any mobile VPN service (a whopping 14 tracking libraries!). Advertisers are practically given carte blanche access to farm user data! In fact, the CSIRO research paper makes it clear that practically all free mobile VPN services are guilty.
Our research at TheBestVPN revealed that for most free VPN services, user data is a business model. In fact, VPN services have been set up solely for the purpose of acquiring and trading with user data. How else would you explain the fact that a big data company, Talking Data, is behind some of the popular VPN apps in the Google Play store: including GO VPN and Eagle VPN (over 600,000+ combined installs). These VPN apps, like almost every other “free” VPN app on the Google Play store, promise free “unlimited” VPN data. It’s through apps like these that Talking Data is able to boast of having data from over 700 million monthly active devices to offer to their clients.
In essence, farming user data isn’t only a common practice in the free VPN industry — how else do you provide unlimited data to millions of users without charging a fee? — but organizations are intentionally setting up free VPNs as a way to gather user data.
People are rushing to VPNs (especially free ones) in droves in an attempt to escape the prying eyes of the government and their ISPs. Unknown to them, however, these free VPNs are much worse: not only do they have less of a reputation to protect (many free Android VPN apps are a one-man operation) but my investigation revealed that many actually have a business model of gathering user data and selling to advertisers. Those who do not gather these data directly give advertisers freewill to do it in order to deflect responsibility, but that is much worse. Even worse, some of the data gathered are transmitted over insecure data connections, compromising user privacy — and some users have indeed complained about being victims of credit card fraud [PDF] as a result.
The Way Forward
Avoid free VPNs altogether — while many claim to be offering their services with charitable intent, that is far away from the truth. Pretty much every real free VPN service has an agenda: to gather and sell your data. In other words, they are glorified data farms.
