Worst VPN Warning List: Free VPN Scams in 2023

The last time we wrote the worst VPN guide, we tested numerous VPNs and combed through their privacy policies to spot their weaknesses. Some of the services we highlighted as virtual private network (VPN) scams, like Onavo Protect, have ceased operation, while others such as Archie VPN have changed for the better. 

However, the rot in the free VPN market is getting worse, making it difficult for you to distinguish trustworthy free VPN services. Thankfully, we thoroughly searched through the market to pinpoint the worst free VPN providers that either track your sensitive information, unload malware onto your device, or simply don’t work.

Key Takeaways:

• It’s important to read a VPN’s privacy policy to know what kind of data or logs the provider keeps. Stay away from VPN services that track you, such as Hotspot Shield, TouchVPN and Betternet VPN. 
• Always check whether your preferred provider has been in the news lately for doing something that might compromise your online privacy or security. Keep an eye out for the worst free VPN services that infect your network or device with spyware or malware, such as Hola and SuperVPN. 
• Some VPNs are scams that don’t work at all. They have websites or even flaunt VPN clients that don’t do the simplest of VPN tasks: changing your IP and encrypting your traffic. 

• What Is a VPN and What Does It Do?

  A virtual private network (VPN) is an application that encrypts your internet traffic and spoofs your location to keep you safe and anonymous online.

• Which Are the Safest VPNs?

  The safest VPNs use robust encryption algorithms, modern VPN protocols and unique security features, like a kill switch, double encryption and multihop servers. ExpressVPN, NordVPN and Surfshark are examples of VPNs that tick these boxes.

• Is NordVPN a Scam?

  No, NordVPN is a reliable VPN and one of the best VPN services on the market right now.

• Is ExpressVPN a Scam?

  No, ExpressVPN isn’t a scam. It’s the best VPN in the industry right now, boasting unmatched connection speeds, an unrivaled ability to bypass geoblocks and solid online security and privacy.

ReviewVisit ExpressVPN 30-days money-back guarantee

The Worst VPN Services: Why Some VPNs Are Bad

To understand where some VPNs go wrong, you must first wrap your head around how the software works. You can read our VPN guide for the details, but for the purposes of this article, all you need to know is that a virtual private network (VPN) plays a critical part in your internet connection.

When using a VPN, your signal travels to a VPN server, then from there to the website you’re trying to visit. However, this time, your signal gets encrypted by the VPN software before it ever leaves your device. Your personal information in that connection is anonymized and you’re sent out to the internet as if you were in another location. All of that sounds great, but a lot can go wrong.

How the Worst Free VPN Services Operate

First, there’s the connection to the VPN server. The purpose of VPNs, at least in this context, is to hide your personal data from your internet service provider, government agencies and network snoopers. The VPN provider can still see your information if it wants to, though. VPNs are just middlemen, so untrustworthy providers can snoop on your traffic and sell your data.

Plus, your connection may use a vulnerable encryption algorithm or, worse, no encryption. Despite marketing themselves as VPNs, many companies provide proxy services instead. You can learn about the difference in our VPN vs proxy vs Tor guide.

Additionally, some VPN providers are shameless and include malware in the installer. In many cases, phony VPNs try to lock you out of your computer with ransomware or hog system resources as part of a botnet.

It’s standard practice for VPN providers to offer a no-logs policy. However, verifying if a VPN adheres to it can be difficult. A trustworthy VPN like ExpressVPN or NordVPN go all out — including shutting down servers in intrusive countries — to strictly abide by their privacy guarantees. They are the best VPNs for privacy.  

Look for news articles about the service you plan to use before downloading it to see if it has breached its policies in the past. 

VPNs That Track You

The purpose of VPNs is to protect you from intrusive agencies, such as your internet service provider and the U.S. National Security Agency. That said, you’re still putting your personal information in the hands of the VPN provider. Our first batch of dishonorable mentions will focus on the VPNs that log your data and sell it for profit.

1. Hotspot Shield

Hotspot Shield is a notable name in the VPN industry — claiming to be the fastest VPN out there — but we’ve always considered it a privacy-unfriendly service. The VPN is one of Pango’s products and in our previous worst free VPN review, we noted that the VPN tracks mobile users when they open the app, not just after they connect. 

This time around we found another issue that diminishes the provider’s privacy profile. Pango is now part of the Aura group. This means that the VPN now handles your connection and data per Aura’s privacy policy. When we combed through this policy we were not overly impressed.

Hotspot Shield’s Porous Privacy

As per the privacy policy, the VPN collects your IP address and stores it in encrypted form for the duration of your session, and deletes it afterward. Though that’s a nice thing to say, it seems Hotspot Shield has missed the point. Using a VPN is about keeping that data out of anyone’s hands, no matter how it is handled.

Another thing we took note of is the “don’t sell my personal information” option on the Hotspot Shield website. Our attention was drawn to the line that states: “Aura does not sell your personal information except in the context of some free versions of our VPN products that are supported by personalized advertising.”

Does the no-logs policy hold only for paid services? If the fine print in this document is anything to go by, the Hotspot Shield free version could be engaging in some underhanded dealings with third-party ad networks.

Mobile App Vulnerabilities

What’s worse, Hotspot Shield’s mobile apps are not true VPN apps. They reroute your DNS requests through their servers and change your location, but they don’t encrypt your traffic, making them similar to proxies. This leaves your data exposed and vulnerable, while you believe you’re safe under the protection of a VPN.

We’re not sure if Hotspot Shield is malicious or just incompetent, but we wouldn’t recommend it. You can read about our experience with the service in our Hotspot Shield review.

2. Betternet VPN

Betternet VPN is another free VPN, available on Windows, Mac, iOS, Android and Chrome. According to data from Google, the VPN has racked up more than 50 million downloads on the Google Play Store alone. Besides that, it has a 4.2-star rating, which is quite remarkable given that there are over one million reviews.

Betternet has many of the hallmarks of a reliable service, but it’s affiliation with Aura puts a damper on its privacy profile. Like Hotspot Shield, Betternet VPN adheres to the Aura company group privacy policy. That means it collects your data (IP addresses and other identifiable information), and since it’s a free VPN, it may sell that data to third-party ad networks.

3. TouchVPN

TouchVPN is one of many free VPNs available in the Chrome and Google Play stores. It’s one of the most popular too, with over 800,000 reviews and 10 million downloads on Google Play. What’s strange is that it has a 4.3-star rating, meaning that most of the users are happy with the free VPN service.

We dug around the one- and two-star rating reviews and none seem to acknowledge the full scale of the underlying danger of using TouchVPN. Most of these reviews rant about some technical flaws, with no one commenting about the porous privacy profile.

TouchVPN was previously owned by NorthGhost — we noted that the company had an empty website in our previous worst VPN review. Things have changed for the better: The provider has a homepage, and it’s now part of the Aura group of companies. (Noticing a trend?)

This can only mean one thing. TouchVPN suffers the same privacy problems as Hotspot Shield and Betternet VPN since they all handle your connection in accordance with the Aura privacy policy.

TouchVPN is only available as a free app, with in-app purchases and ads pestering you constantly. Like many of the free VPNs plaguing the Google Play Store, TouchVPN is simply a data-gathering engine that deserves to be on our worst VPN list.

VPNs Infected With Malware

Part of a VPN’s job is to shield you against malware-infected websites and platforms. However, the VPN service you think is holding your shield could be secretly unloading malware to your device. That’s the case with these three VPN scams.

1. Hola VPN

The latest feud involving Derry and Colin Shribman has spilled the beans about Hola’s unscrupulous tactics to make a profit. Colin — who once served as Hola’s vice president — has sued his brother, Derry (one of Hola’s founders) in what has been a messy and noisy lawsuit.

According to Colin, the VPN provider plants a “trojan horse” on users’ devices. Once every week, the company uses the trojan horse to log, save and process user data such as IP addresses on its servers. Read our guide to learn what someone can do with your IP address.

Another of Colin’s most chilling revelations was that NSO Group Technologies was one of Hola’s clients. If you aren’t familiar with NSO, it’s an Israeli technology company famous for its proprietary spyware, Pegasus. Luminati — Hola’s parent company — affirms NSO was one of its customers, but denied that the popular Israeli firm used Hola for its espionage operations.

Keep in mind that Hola logs your information. The privacy policy makes it clear that Hola logs and retains data including name and email address, IP address, web pages you visit, time spent on those pages, access times and dates. What’s alarming is that Hola says it may disclose “minimal personal information to its trusted partners and third parties.”

Not to mention that, by using Hola VPN, you’re consenting to being a drone computer in a botnet. That means anyone can purchase access to your device if they can afford the 50 cents or so it costs to rent an IP address. You can read our write-up on Hola VPN for the details.

Just know that this is consumer manipulation at its finest and reeks of ill intent; don’t use it. Instead, pick one of Hola’s alternatives.

2. SuperVPN

If you search for “VPN” on the Google Play Store, SuperVPN is one of the first results that pops up. However, according to surveillance expert Zak Doffman, SuperVPN is a potential honeypot for hackers and malicious web snoopers. A study published in 2017 revealed that malware was detected in its installation files.

Even if we assume that the service has removed the malware from the app, that’s far from the only issue SuperVPN has had. As recently as 2021, it was removed from the Google Play store due to a vulnerability that allowed hackers to gather sensitive user data, including credit card information.

3. Psiphon VPN

Another dangerous VPN is Psiphon VPN. The app is popular among Android users, with more than 50 million downloads on Google Play. While its 4.4-star rating after over 600,000 reviews depicts a reliable Android VPN, in reality this is one of the worst free VPN apps. 

Bitdefender reported that attackers repackaged Psiphon VPN with Triout malware. The attackers hid the malware behind the app’s installation file available through third-party sources — not the one found on Google Play.

According to Bitdefender, the Triout malware can conceal its existence on your device. What’s worse is that the malware can manipulate your device to take photos, record videos, collect your GPS coordinates, log inbound text messages and record calls. 

VPNs That Don’t Work

In our final category, we’ll look at VPNs that simply don’t work. Providers in this class aren’t free, but they’re still VPN scams, so steer clear. In our previous review, the VPN scam list under this category included VikingVPN, which has luckily since ceased operation, but more VPN scams have cropped up.

1. Touch VPN

Touch VPN and TouchVPN are two different VPN services. Lucky for you they are both on our bad-VPN list. While TouchVPN is a product of Aura Group, Touch VPN is owned by The Tool Tech company. The latter has more than 10 million downloads on the Google Play Store and is no longer available on Apple’s app store.

The VPN service has a 4.5-star rating after over 52,000 reviews on Google Play. Most of these reviews are positive, but a look into the one- and two-star ratings reveals the Android app’s flip side. One user claimed to have connected to a server in England from New Zealand. When they looked up their location on Google, it showed their actual physical location.

There are a lot of negative comments that indicate Touch VPN is either bug-infested or has a poor-quality encryption algorithm and VPN servers. When it comes to protecting your online security and privacy, you wouldn’t want to use a VPN that connects and disconnects every few minutes, which is why we recommend shoving Touch VPN aside.

2. UnoTelly

UnoTelly looks good on the surface. There’s a lot to the VPN service, but it focused so much on creating an attractive package that it forgot to include a VPN. We were able to sign up for an account — after multiple attempts, mind you — but we were never able to try the service.

Our journey is documented in our UnoTelly review. After multiple attempts and many unanswered messages, we’re left believing that there simply isn’t a client. No matter where we went on the website, we were met with the same error message over and over again.

3. EarthVPN

EarthVPN has a colorful website, with nothing more than an orange “get VPN” button. You’d think the website is legit and functional, until you click the button. The button has a broken link and doesn’t take you to the billing page. Actually, the only active pages on this website are the “about” and “privacy policy” pages.

EarthVPN no longer displays the details about the features of the VPN service as it did in our previous review. It only states that the service is totally free, has global server locations (with no link to the server page) and unlimited data. It seems that the provider forgot to give users a way to download the service. You don’t need it anyway because it’s one of the worst free VPN services.

Why You Should Pay for a VPN

Think of it this way: VPN providers need money to maintain themselves, add server locations, upgrade infrastructure, pay support agents and fix issues with their clients. Beyond all operation costs, they need to turn a profit. The money has to come from somewhere.

Trustworthy VPNs use their subscriptions to keep operations sailing along. If a VPN service is offering a “complete” service for free, that usually means they’re doing something else to make money. The provider is either tracking you and selling your data to third parties or is a honeypot for hackers and snoopers.

Anything that’s good isn’t free, and that’s especially true with VPN services. While we showcased a few dishonorable mentions above, there are many more malicious VPN services lurking around. So much so that we struggled to find even five options for our best free VPN guide.

If you’re serious about protecting your privacy, torrenting securely and streaming without interruptions, then it’s worth the small price of a paid VPN subscription.

Ditch Free VPNs for a Premium VPN Service

The good news is that the VPN industry has many options and you don’t have to spend a premium to get a reliable service. Though our favorite VPN, ExpressVPN, is expensive, there are cheaper options. You should still read our ExpressVPN review to see why it’s worth the price, though. If you’re looking for the best desktop, smart TV, router, Android or iPhone VPN, look no further.

NordVPN is comparable to ExpressVPN, but it’s more affordable (read our NordVPN review). The two most inexpensive VPN services right now are Surfshark and Private Internet Access (PIA).

Surfshark has an expensive monthly rate, but its two-year plan is dirt cheap. It has an impressive list of features too, including CleanWeb, multihop servers and unlimited simultaneous connections. Read our Surfshark review to learn more.

PIA isn’t as robust, but it’s much cheaper. At just over $2 per month for the two-year plan, it offers the best value on the VPN market. It has some issues with usability, which you can read about in our PIA review, but it’s not bad for the price.

If you’re hard up for money, though, there’s Windscribe — the best free VPN for PC. It’s one of the few free VPNs we recommend. You’re limited to 10GB of data transfer per month, which isn’t much, but you can purchase additional server locations or unlimited data for $1 per month. You can learn more about the pricing structure in our Windscribe review.

Final Thoughts: Avoid VPN Scam Services

There’s little reason not to pay for a VPN. For your online security and privacy, VPNs are worth the small asking price, not to mention the utility they serve as tools to unlock streaming platforms and protect you while torrenting.

As mentioned above, Surfshark and PIA are two budget options that deliver excellent service. They aren’t the only ones, though. If you’re looking for a VPN service that won’t log your activity or unload malware onto your device, read our best VPN guide. You can also check out our VPN statistics piece for some insight on VPNs as a whole.

Have you ever used a free VPN that later turned out to be from a rogue provider? Which other service do you think deserves to be on our VPN warning list? Let us know in the comments below and, as always, thanks for reading.