The Worst Free VPN Providers

obr2By Stephen Ayton — Last Updated: 25 Sep'17 2017-05-30T04:35:20+00:00

Here at Cloudwards.net we’re always happy to recommend people the best VPN providers or the best cloud storage services. However, not all that glitters is gold on the Internet and we’ve decided to put together a list of the very worst free VPN services out there.

The reason we’re targeting free VPNs is because people unfamiliar with how VPNs work are most likely to be suckered in by these scams; a good example is Hola VPN, which is so bad, we had to give it its own article all to itself.

This is not to say that all free VPNs are bad: we have an article dedicated to the very best free VPNs that you can feel safe using. Nor have we included any paid services as these are usually in our VPN review database already. Most of the entries on this list are fly-by-nights or recently launched services just waiting for their next victim to click that link, though we won’t deny the possibility that some entries are here purely because the developers behind a service never got around to patching a particular hole.

Since bad VPNs can be bad for different reasons, we’ve subdivided the article up as follows:

Malware

You shouldn’t expect your free VPN to contain malware or tracking codes; however, many do. This category presents VPNs that have been shown to contain malicious software in a recent report by Australia’s Commonwealth Scientific and Industrial Research Organization.

SuperVPN

The CSIRO study found that SuperVPN was the most malware-infected free VPN available. The CSIRO used a malware scanning tool, called VirusTotal, which combines the detection capabilities of more than 100 antivirus programs. It found 13 malware hits in the scan of SuperVPN’s programs. This includes adware, Trojans, malvertising, riskware and spyware.

Betternet

Betternet ranked one place below SuperVPN in the CSIRO study, but it had the same number of malware instances at 13. The code of this VPN was also found to contain 14 different third-party tracking libraries. To make matters worse, users who bother to read the terms and conditions of Betternet find out the service has the right to sell on any or all user information that it collects.

CrossVPN

Of the five categories of malware detected by VirusTotal, CrossVPN was found to be particularly notable for the high number of Trojans that it contained. This free VPN had a total number of 11 examples of malware detected in its code.

Archie VPN

Archie VPN has only 10,000 downloads, but has an approval rating of 4.3 stars from those who installed it. This is fishy from the very start, since high approval ratings usually go hand in hand with a high number of downloads. The fact that it was found to contain 10 instances of malware makes it doubly suspicious.

HatVPN

HatVPN has only been downloaded onto 5,000 devices from the Google Android apps store. However, those users who contributed to its rating of four stars seem to have been unaware that the VPN contains malware. The VirusTotal test found 10 instances of malware in this software, which equals Archie VPN’s malware count.

One Click VPN

One Click VPN is the last in our list that were busted for malware in the CSIRO study. Its six incidences of malware that were revealed by the VirusTotal test make it the ninth-worst VPN in the world and the sixth-worst free VPN for malware. It also does not encrypt its traffic, negating its use as a security tool.

Tracking and Data Sales

Many of the free VPNs in this review actually fall into several categories of bad practices. For example, Betternet made the list of malware infested VPNs, but it is also a major offender in the tracking category.

Having your data sold is bad enough, but tracking software is even worse for VPN users as they will go about their business wrapped in a false sense of security. Your anonymity is actually worse with the following VPNs engaged than if you had no VPN installed at all.

Flash Free VPN

Flash Free VPN is notable for containing 11 third-party tracking systems. That puts it just second in the world as the VPN with the most tracked users — Betternet is the number one.

Hotspot Shield VPN

Hotspot Shield incorporates five different third-party tracking libraries. The procedures of the service insert JavaScript code in the Web pages that it transports. The company runs an ad placement service and redirects users to Alibaba and eBay trader web pages, adding in an affiliate code to the company’s ad-placement account.1.5

Hotspot Shield’s terms of service explicitly states that they participate in data sharing with third-parties and the collection of web browsing data.

Wifi Protector VPN

This service also uses five different tracking libraries and manipulates the display of advertising in displayed websites to ensure the visibility of advertisers that pay the service for the privilege, making you little more than another resource in their business model.

ip-shield VPN

Almost impossible to find in a Google search, this VPN has more than 100,000 installs on the Android app store. Ominously, their app download page announces that they have now removed all advertising. However, they are here on our list for containing third-party tracking software.

SurfEasy

SurfEasy is another free VPN that uses tracking codes in its transfers to deliver targeted adverts to its users. The company’s terms of service gives them the right to sell on or share activity data with third parties. In a weird twist, SurfEasy and Opera Free VPN share a privacy policy, meaning that particular service should also be avoided. Do note that Opera Free VPN is not the same as Opera’s browser VPN, which we recommend against for different reasons, see below.

Security Risks

There are a number of VPNs that aren’t actually VPNs at all. As you can read in our article comparing VPNs vs proxies, the main difference between these two security tools is that VPNs use a tunnel to encrypt your data, while a proxy does not. The following services may advertise as VPNs, but they merely redirect traffic rather than encrypt it. 

VPNGate

Created and run by the students at University of Tsukuba, Japan, this VPN uses the private computers of volunteers to operate as its servers. The VPN managers have almost no vetting procedures for node operators, and so just about anyone could be handling your traffic.

Furthermore, the VPN’s privacy policy states that “analyzing VPN Connection Log is helpful to investigate the source global IP address of him. We will disclosure the VPN Connection Logs to a policeman, a prosecutor, a lawyer or a court who is authorized by applicable laws.”

Tigervpns

Tigervpns also operates under the name HideMe VPN. Testers discovered unaccounted-for traffic channeling through their connections, which implies that the company uses the accounts of customers to act as servers for other users, similar to the unsafe peer-to-peer method used by Hola.

Analysis of Tigervpns’ traffic also identified calls to non-existent IP addresses, which is typical control behavior used by botnets. Researchers also discovered malware in this VPN.

Note that this is not the same service as tigerVPN, which seems to have better credentials.

Private WiFi

Private WiFi is a little secretive about its encryption system, saying on its website only that it uses 128-bit “bank grade” encryption. VPNs offering full security typically use 256-bit key encryption and have no problem explaining to users which encryption systems they use — usually AES or Blowfish.

Opera Browser VPN

Though the free VPN that is available with the Opera browser does encrypt your outgoing data, it only does so for browser traffic, making it less than ideal for people seeking true anonymity online. Though the company defends this by openly stating that they are not a true VPN but rather a “browser VPN,” we feel there is some room for a charge of false advertising, here. On top of that, it is unclear which privacy policy (that of Opera or that of SurfEasy, above) applies to the browser VPN, making for muddled waters, indeed.

Though a spokeswoman for Opera defended the browser VPN in an email exchange, saying that after the company was divvied up by a Chinese consortium different privacy policies apply, it’s very unclear where this game of corporate shuffleboard leaves consumers. Here at Cloudwards.net we’re tempted to take the “better safe than sorry” line and avoid any SurfEasy or Opera VPN altogether.

Conclusion

As you can see, there are more than a few companies out there who prey on people’s worries concerning their privacy by offering substandard security solutions. Though it is rather cynical to exploit people’s fear of spying by ISPs or the NSA, that is the way some people apparently do business.

Whatever you do, avoid using any of the above VPNs, simply because if you do sign up with them, you’ll be falling exactly into the same trap you were trying to avoid in the first place. As mentioned earlier, Cloudwards.net has plenty of resources for those seeking bonafide solutions.

Have you had a bad experience with a free VPN? Leave a message in the comments section below to let others know what happened. Share this article with your friends if you hear that they are looking for a free VPN and spread the word about the potential dangers out there. Thank you for reading.

One thought on “The Worst Free VPN Providers”

  1. Tunnelbear is susceptible for hacking, your IP can get stolen and your email ids can get tracked or even hacked into. Then they start redirecting your searches online to disturbing and human trafficking websites even if you have a good security software.

    They can send you disgusting spam/phishing emails that are too many to count which your email provider may not block.

    DO NOT USE ANY VPN JUST BECAUSE SOMEONE SAID SO, DO THOROUGH RESEARCH REGARDING THE PRODUCTS AND SERVICES YOU WANT. THIS IS A WARNING!

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News