Here at Cloudwards.net we’re always happy to recommend people the best VPN providers or the best cloud storage services. However, not all that glitters is gold on the Internet and we’ve decided to put together a list of the very worst free VPN services out there.
The reason we’re targeting free VPNs is because people unfamiliar with how VPNs work are most likely to be suckered in by these scams; a good example is Hola VPN, which is so bad, we had to give it its own article all to itself.
This is not to say that all free VPNs are bad: we have an article dedicated to the very best free VPNs that you can feel safe using. Nor have we included any paid services as these are usually in our VPN review database already. Most of the entries on this list are fly-by-nights or recently launched services just waiting for their next victim to click that link, though we won’t deny the possibility that some entries are here purely because the developers behind a service never got around to patching a particular hole.
Since bad VPNs can be bad for different reasons, we’ve subdivided the article up as follows:
You shouldn’t expect your free VPN to contain malware or tracking codes; however, many do. This category presents VPNs that have been shown to contain malicious software in a recent report by Australia’s Commonwealth Scientific and Industrial Research Organization.
The CSIRO study found that SuperVPN was the most malware-infected free VPN available. The CSIRO used a malware scanning tool, called VirusTotal, which combines the detection capabilities of more than 100 antivirus programs. It found 13 malware hits in the scan of SuperVPN’s programs. This includes adware, Trojans, malvertising, riskware and spyware.
Betternet ranked one place below SuperVPN in the CSIRO study, but it had the same number of malware instances at 13. The code of this VPN was also found to contain 14 different third-party tracking libraries. To make matters worse, users who bother to read the terms and conditions of Betternet find out the service has the right to sell on any or all user information that it collects.
Of the five categories of malware detected by VirusTotal, CrossVPN was found to be particularly notable for the high number of Trojans that it contained. This free VPN had a total number of 11 examples of malware detected in its code.
Archie VPN has only 10,000 downloads, but has an approval rating of 4.3 stars from those who installed it. This is fishy from the very start, since high approval ratings usually go hand in hand with a high number of downloads. The fact that it was found to contain 10 instances of malware makes it doubly suspicious.
HatVPN has only been downloaded onto 5,000 devices from the Google Android apps store. However, those users who contributed to its rating of four stars seem to have been unaware that the VPN contains malware. The VirusTotal test found 10 instances of malware in this software, which equals Archie VPN’s malware count.
One Click VPN
One Click VPN is the last in our list that were busted for malware in the CSIRO study. Its six incidences of malware that were revealed by the VirusTotal test make it the ninth-worst VPN in the world and the sixth-worst free VPN for malware. It also does not encrypt its traffic, negating its use as a security tool.
Tracking and Data Sales
Many of the free VPNs in this review actually fall into several categories of bad practices. For example, Betternet made the list of malware infested VPNs, but it is also a major offender in the tracking category.
Having your data sold is bad enough, but tracking software is even worse for VPN users as they will go about their business wrapped in a false sense of security. Your anonymity is actually worse with the following VPNs engaged than if you had no VPN installed at all.
Flash Free VPN
Flash Free VPN is notable for containing 11 third-party tracking systems. That puts it just second in the world as the VPN with the most tracked users — Betternet is the number one.
Hotspot Shield VPN
Hotspot Shield’s terms of service explicitly states that they participate in data sharing with third-parties and the collection of web browsing data.
Wifi Protector VPN
This service also uses five different tracking libraries and manipulates the display of advertising in displayed websites to ensure the visibility of advertisers that pay the service for the privilege, making you little more than another resource in their business model.
Almost impossible to find in a Google search, this VPN has more than 100,000 installs on the Android app store. Ominously, their app download page announces that they have now removed all advertising. However, they are here on our list for containing third-party tracking software.
There are a number of VPNs that aren’t actually VPNs at all. As you can read in our article comparing VPNs vs proxies, the main difference between these two security tools is that VPNs use a tunnel to encrypt your data, while a proxy does not. The following services may advertise as VPNs, but they merely redirect traffic rather than encrypt it.
Created and run by the students at University of Tsukuba, Japan, this VPN uses the private computers of volunteers to operate as its servers. The VPN managers have almost no vetting procedures for node operators, and so just about anyone could be handling your traffic.
Tigervpns also operates under the name HideMe VPN. Testers discovered unaccounted-for traffic channeling through their connections, which implies that the company uses the accounts of customers to act as servers for other users, similar to the unsafe peer-to-peer method used by Hola.
Analysis of Tigervpns’ traffic also identified calls to non-existent IP addresses, which is typical control behavior used by botnets. Researchers also discovered malware in this VPN.
Note that this is not the same service as tigerVPN, which seems to have better credentials.
Private WiFi is a little secretive about its encryption system, saying on its website only that it uses 128-bit “bank grade” encryption. VPNs offering full security typically use 256-bit key encryption and have no problem explaining to users which encryption systems they use — usually AES or Blowfish.
Opera Browser VPN
Though a spokeswoman for Opera defended the browser VPN in an email exchange, saying that after the company was divvied up by a Chinese consortium different privacy policies apply, it’s very unclear where this game of corporate shuffleboard leaves consumers. Here at Cloudwards.net we’re tempted to take the “better safe than sorry” line and avoid any SurfEasy or Opera VPN altogether.
As you can see, there are more than a few companies out there who prey on people’s worries concerning their privacy by offering substandard security solutions. Though it is rather cynical to exploit people’s fear of spying by ISPs or the NSA, that is the way some people apparently do business.
Whatever you do, avoid using any of the above VPNs, simply because if you do sign up with them, you’ll be falling exactly into the same trap you were trying to avoid in the first place. As mentioned earlier, Cloudwards.net has plenty of resources for those seeking bonafide solutions.
Have you had a bad experience with a free VPN? Leave a message in the comments section below to let others know what happened. Share this article with your friends if you hear that they are looking for a free VPN and spread the word about the potential dangers out there. Thank you for reading.