Key Takeaways: Here are the most common problems with poor VPNs

1. Logging and sharing sensitive user information with third parties
2. Infecting user devices with malware and viruses 
3. Suffering from DNS and IP leaks
4. No apps and unresponsive websites
5. Difficulty with installation and inability to connect to servers
6. Not honoring money-back guarantees or taking a long time to do so
7. A history of massive data breaches revealing sensitive user data

What to know about the worst virtual private networks (VPNs):

• The worst VPNs might come bundled with malware, log sensitive user data, run painfully slowly or fail to work at all.
• Most poor VPNs use free plans as bait, so be careful about downloading free VPN services. Your best bet is to choose a paid VPN service or a free plan supported by paid subscriptions. 
• ExpressVPN is the best VPN, with solid security and privacy features, fast speeds and reliable unblocking. If ExpressVPN’s prices are outside your budget, consider NordVPN or Surfshark. 

The Best and Safest Overall VPN

www.expressvpn.com

$6.66 / month

(save 48%) (All Plans)

Visit ExpressVPNReview

A bad VPN service could sell your private information to advertisers. Worse still, a bad VPN might infect your device with malware, or you might not even be able to get it to work. Unfortunately, these types of VPNs have swamped the VPN market. We put our detective hats on and dug out examples of the worst VPNs you should avoid. 

Note that there are many excellent VPNs that can help you browse safely and anonymously. We explain the features and benefits those VPNs offer in our article on the best VPN providers. However, it’s worth educating yourself on which VPNs you shouldn’t subscribe to or download. In this article, we’ve organized some examples of common VPN weaknesses. 

The Worst VPN Services: Why Some VPNs Are Bad

The worst VPNs compromise your privacy and security, while others simply perform poorly. Below is a list of the most common problems with bad VPNs. Note that many VPNs have two or more of these red flags. 

• Logging and tracking: The worst VPNs collect data on you to share with or sell to third parties. 
• Infected with malware: Some VPNs are conveyor belts for all kinds of malware and viruses. Once you download them, your device is vulnerable to cyberattacks.
• Failure to encrypt your connection: The right encryption scrambles your traffic to look like gibberish to any snooper. Without encryption, your data will be exposed. 
• IP address leaks: A bad VPN might be able to change your virtual location, but it could expose your original IP address to your internet service provider and other third parties.
• Cooperation with law enforcement: Beware of VPN companies that have a history of sharing user information with law enforcement. They log sensitive information and are willing to share it.
• Major data breaches: Be wary of VPNs that have suffered massive data breaches and haven’t handled them well.
• Not honoring money-back guarantees: Stay away from VPNs that refuse to return your money when you request a refund based on money-back guarantees. Some simply ignore your request. 
• Shady background: Be cautious of VPNs owned by companies with a checkered history or that attempt to hide their real owners. 
• Extremely slow: Every VPN will reduce your speeds to an extent, but the worst ones leave you with lags and buffering wheels while you browse. 
• Hard to set up and use: Some VPNs make installing their apps and using various settings seem like rocket science. 

VPNs That Log Data & Track You

VPNs are built to hide your identity online and help you browse privately, but some VPNs do the opposite. Some log personally identifiable information about you and sell it to third parties. This section shows examples of VPN services you can’t trust with your information. 

Example: Hotspot Shield

Hotspot Shield is a big-name VPN mainly because of its free service and good speeds, but it has many shortcomings. According to its privacy policy, Hotspot Shield collects sensitive information, including your IP address, session logs, server locations and device details.

This means that if Hotspot Shield ever suffers a breach, hackers can use that information to trace you. Hotspot Shield also doesn’t specify how long it keeps logs, so your information is vulnerable for an indefinite period of time.

Hotspot Shield’s willingness to share information with third parties is concerning. The Hotspot Shield privacy policy states that it might share your information with vendors, advertisers or law enforcement authorities. Worryingly, Hotspot Shield also shares your data across services in the Aura group of companies, so you never know where your information might end up.

Security Vulnerabilities

In 2017, a researcher discovered a security vulnerability that exposed Hotspot Shield user data — notably, user locations and WiFi network names. Hotspot Shield acknowledged this flaw and fixed the issue within a week of the media becoming aware of it. 

However, the fact that Hotspot Shield had such details about users proves that it collects sensitive user data. Security flaws with a VPN with bad privacy are much more serious — not only is your personal information being logged, but it’s also being kept where hackers can find it.

If Hotspot Shield wants to gain user confidence, it has to change its logging policy and allow an independent auditor to review its logging practices. Hotspot Shield’s last audit was in 2018. To put that in context, the best VPNs invite independent audits every two to three years. 

Other VPNs That Log Your Data & Track You

Besides Hotspot Shield, some other VPNs keep logs. For instance, Flow VPN keeps IP addresses, postal addresses, names and email addresses. Thunder VPN also keeps logs of your ISP and connection timestamps. Betternet VPN and Touch VPN also log and share user data.

Before subscribing to a VPN, we recommend reviewing its privacy policy. Note that some VPNs have long-winded privacy policies that can confuse someone unfamiliar with VPN terms and legalese. Your best bet is to look at the points under a heading like “information we collect.” For a privacy-friendly VPN, check out our verified list of the best VPNs for privacy.

VPNs Infected With Malware

Some VPN services can infect your device with malware, allowing shady persons or groups to access your device and personal information. Some other VPNs don’t inject malware directly but provide a gateway for hackers to access your device and plant their own malware. One example is Hola VPN.

Example: Hola VPN

If Hola VPN has popped up in your VPN search, you might be better off avoiding it. Instead of running a server network like most VPNs, Hola VPN runs a peer-to-peer model, where all of its servers are devices belonging to other users. You browse the internet with another Hola user’s IP address, while someone else browses with yours.

This model allows third parties to gain remote access to the device, including for illegal purposes. Hola only allows user IP addresses to connect to an approved list of sites, but there’s nothing to stop another user from using your identity to upload abusive or illegal content to a site on the list (Facebook or Instagram, e.g.).

What’s worse, there’s a strong possibility that Hola can be used as a malware vector. In 2015, the creators of the website Adios, Hola! warned of several exploits that could force programs to run on any device in the peer-to-peer network. Hola closed one loophole, but left others open.

According to a 2019 lawsuit filed in Israel by Hola’s former CTO Colin Shribman, Hola’s side business Luminati (now called Bright Data) sells residential proxies — in other words, its users’ IP addresses — to businesses that want to bypass their rivals’ firewalls. That means you’re the product on Hola, not the user.

Spyware on Your Device

The lawsuit also accused Hola of planting malware on devices to gather personally identifiable user information. According to Shribman, Hola VPN is a trojan horse designed to hide a program that logs and saves user data. 

Shribman alleges that Hola spies on its users to steal business secrets from its competitors, harvest illegitimate ad revenue from Google and even sell information to espionage firms. The lawsuit appears to still be underway, so these allegations remain unproven — but as they come from an insider, they provide a very good reason to be cautious of Hola.

Logs Sensitive User Data

We combed through Hola VPN’s privacy policy and were concerned about the information it collects: IP address, operating system, browser type, web pages you visit, time spent on those pages, and access times and dates. Especially in light of Colin Shribman’s allegations, the privacy policy suggests that Hola is not a safe caretaker of your browsing activity.

Other VPNs That Could Carry Malware

Some researchers have pointed fingers at several VPNs as malware vectors, including SuperVPN, Betternet, iProVPN, EasyVPN and OkVpn. BitDefender also previously identified Psiphon VPN, which we’ll examine in the next section, as a malware-ridden VPN. We noticed that most of the accusations centered around the VPN’s Android apps. 

VPNs That Leak Your Data

A VPN might promise to hide your IP address but leave your location visible to various parties. That will be an issue if you are trying to bypass geoblocks for streaming. Plus, hackers could use that information to track you.

Example: Psiphon VPN

If you’re interested in avoiding detection on the internet, you should not use Psiphon VPN. We ran DNS leak tests and the results showed our real IP address, proving that Psiphon VPN had exposed us. 

Moreover, Psiphon VPN doesn’t have a kill switch. A kill switch severs your internet connection if your VPN connection falters. This is a vital failsafe to protect your data if your VPN disconnects. Many of our premium VPNs, like ExpressVPN, have permanent kill switches that disable your internet when the VPN is not active. 

Slow Speeds

Psiphon VPN limits users on the free plan to a speed of 2 Mbps. As a result, Psiphon VPN is a nonstarter if you want a free VPN for streaming Netflix in HD or 4K or for streaming live sports. To remove Psiphon VPN’s speed limits, you’ll have to pay extra for a speed boost. What’s worse, the speed boost doesn’t make much of a difference. 

Other VPNs That Leak Data

Based on our checks, VPNSecure and VeePN are other VPNs that suffer from IP and DNS leaks. Before purchasing a VPN, you can use a free plan (if available) or a money-back guarantee to run leak tests to determine whether the VPN is safe. We have an extensive guide on DNS leaks that provides a step-by-step guide on how to conduct a DNS leak test. 

VPNs That Don’t Work

Next, we turn the spotlight on VPNs that have serious functionality issues. You’ll be wasting your time if you visit their websites or download their apps because many buttons usually don’t work. 

Example: EarthVPN 

Don’t bother looking for an EarthVPN app to download. We checked for apps on the Google Play Store and the Apple App Store to no avail. The “about” page on EarthVPN’s website mentions a Chrome extension, but we saw no option to download it. There were no download links for apps for any major operating systems, either. The EarthVPN privacy statement link works, though. 

EarthVPN’s website is colorful and enticing, but all the important buttons on the site are unresponsive. For example, the “get VPN” button to help you purchase a subscription doesn’t open another page. EarthVPN claims to have a global server network, but there’s no information about the locations of the servers on the website. 

Other VPNs That Don’t Work

Hoxx VPN doesn’t install on Windows or Mac, and you can’t even get an app for UnoTelly. In our experience, such VPNs have poor customer service, so you also won’t get the help you need. Before downloading a VPN you’re unsure of, read reviews to see what other VPN users say about it, especially on Reddit. 

VPNs That Are Hard to Use

Some VPNs work, but major functionality issues render their apps barely usable. Others are overly complicated to set up. Let’s illustrate this with an example: VPNBook, one of the most difficult VPNs to install and use. 

Example: VPNBook

Though most VPNs have dedicated apps for various operating systems, VPNBook requires you to download OpenVPN Connect and the corresponding certification bundles. Knowing which bundles to download can be confusing, and we had to turn to VPNBook’s help center for clarification.

VPNBook has no apps, so you’re left with the OpenVPN client. That also means you can’t change your VPN protocol. If you want to switch to a different VPNBook server, you’ll need to download its certificate bundle. VPNBook doesn’t have any advanced manual configurations to benefit power users, so there’s no good reason for its complicated setup process. 

Almost Nonexistent Speeds

Even if you are able to set up VPNBook, you’ll be faced with another problem: It is agonizingly slow. We ran VPNBook speed tests using Ookla, but VPNBook’s speeds didn’t even register. It seems VPNBook is so slow that Oookla couldn’t even test it. Unsurprisingly, we experienced slow-loading pages and buffering wheels while browsing with VPNBook. 

Other VPNs That Are Hard to Use

There are many VPNs with major functionality issues. For instance, iProVPN’s servers don’t connect when you use the Windows client. Touch VPN’s servers disconnect every few minutes. In our experience, many malfunctioning VPNs have bad websites that haven’t been updated in a long time. 

VPNs That Might Not Honor Their Money-Back Guarantees

We have been testing VPNs for years, and most of them honor their money-back guarantees, even if it takes some of them a while. You can read reviews of the VPN to find out whether it is slow to honor money-back guarantees. VPNs with poor customer service might delay refunding your money. 

Example: HideMyAss

HideMyAss offers a 30-day money-back guarantee, but you can’t bank on it. Multiple people on our team over the past year have had issues with getting refunds. For example, while writing our HideMyAss review, we requested a refund within 30 days of our initial purchase. However, we didn’t receive a response, even after multiple follow-up emails. We thought we had lost our money and only got it back from HMA after three long months. 

Another team member requested a refund of his HMA subscription in accordance with the refund policy. After two months, his email had yet to be answered. 

These are not isolated incidents. If you look up HMA on Reddit, you’ll notice that many Redditors have complained about HMA’s customer service, especially with regard to honoring refund requests. 

Other VPNs That Don’t Honor Their Money-Back Guarantees

Fortunately, most VPNs we’ve used over the years honor their money-back guarantees. Some may take several weeks, but they do refund your money. However, don’t assume that a VPN has a money-back guarantee just because most do. For example, IPVanish doesn’t have a money-back guarantee for its monthly plan — can read more in our IPVanish review. 

VPNs That Have Suffered Major Breaches

Finally, let’s discuss VPNs that have experienced major server breaches. A major breach suggests that the VPN’s security is weak — or uses unreliable partners — and might not be able to protect your credentials, browsing activity or IP address. 

Example: SuperVPN

In 2023, cybersecurity researcher Jeremiah Fowler uncovered a massive chest of more than 360 million user records from SuperVPN. The exposed details included real user IP addresses, email addresses, geolocation data, information about servers used, unique app user ID numbers and UUID numbers, device information, customer support emails and refund requests. 

The leak also had links to websites users visited, which could be used to trace, identify and track users. This is concerning because SuperVPN claims to be a no-logs VPN; Fowler’s research shows it doesn’t take its logging policy seriously. 

A History of Data and Security Breaches

SuperVPN’s 2023 data breach was not an isolated incident. In May 2022, SuperVPN was named among other VPNs in a leak that exposed more than 21 million records. A month before this leak, Google had removed SuperVPN from its Play Store due to security vulnerabilities that made it susceptible to main-in-the-middle attacks.

Other VPNs That Have Suffered Data Breaches

ChatVPN and GeckoVPN were listed along with SuperVPN in the May 2023 data breach, which exposed usernames, email addresses, full names and payment-related data. 

The Correlation Between Data Breaches and Data Collection

However, a data breach isn’t always a failing grade for a VPN — what matters is how much data is exposed and how quickly the VPN moves to address the loophole.

Contrast the SuperVPN breach with NordVPN’s 2018 breach, in which hackers accessed a data center in Finland through a backdoor. Though the server was hacked, its operators (and thus the hackers) had no way to spy on user logs, so nothing was directly compromised. 

NordVPN decisively addressed the loophole by discontinuing its use of the problematic software. You can read more about it in our NordVPN review, as well as our guide explaining why we think NordVPN is still safe.

The Lure of Free VPNs: Watch Out for VPN Scams

You might have noticed by now that many of the worst VPNs have free plans. These free plans are often used as bait. Once VPN companies get their hands on your data, they sell it to advertisers and other companies to rake in profits. 

Before downloading any free VPN service, figure out how they are making money, and research to confirm that you’re not downloading dangerous software onto your device. 

Are There Any Good Free VPN Services?

There are many free VPNs that you can trust, and they are “freemium” VPNs — a VPN provider that offers a free plan with limitations as an incentive to upgrade later to a paid plan and stronger features. These VPN companies support themselves from the premium plans, not from user data.

We’ve been testing VPN services for years, and we walk through the best in our article on the best free VPNs. Here’s a snapshot of the best free VPNs:

• Proton VPN — This VPN offers unlimited data and is great for unblocking streaming platforms, but free users are limited to five server locations. See our ProtonVPN review.
• TunnelBear — The free version allows access to all features and server locations, but there’s a 2GB data cap for free users. See our TunnelBear review.
• Windscribe — It offers 15GB of monthly data and has an ad- and malware-blocker, but its user interface is not the most user-friendly. See our Windscribe review.
• PrivadoVPN — This privacy-focused free VPN offers 10GB of data, but you won’t get advanced features. See our PrivadoVPN review.
• hide.me — It offers access to five free servers and 10GB of monthly data but can’t unblock Netflix or Hulu. See our hide.me review.
• Atlas VPN — Its free servers can unblock streaming services and allow torrenting, but it has a monthly data limit of 5GB. See our Atlas VPN review.

Why You Should Pay for a Good VPN Service

Spending money on a VPN is smart because you’ll likely get your hands on a full-featured VPN that doesn’t contain malware or sell your data. Even the best free VPNs fall short because of data limits, limited servers or a lack of advanced security features. 

Premium VPNs Worth the Money

We’ve used and tested multiple premium VPNs over the years. The ones below provide the best value for your money. 

• ExpressVPN — This is the best overall virtual private network (VPN), with excellent security and privacy features. The best deal is the one-year plan, which costs $6.66 per month. All plans have a 30-day money-back guarantee. Our ExpressVPN review has the details.
• NordVPN — This is one of the fastest VPNs, with specialized servers for streaming. Its cheapest plan is the two-year plan, which costs $3.48 per month, and it offers a 30-day money-back guarantee. Learn more in our full NordVPN review.
• Surfshark — Choose Surfshark if you want a cheap VPN for the long term. Its two-year plan costs $2.29 per month, and you can use one subscription on as many devices as you like. Check out our detailed Surfshark review.
• CyberGhost — Opt for CyberGhost if you want a bargain, beginner-friendly but customizable VPN service. Its cheapest plan goes for $2.37 per month for two years, and its long-term plans have a 45-day refund policy. Our CyberGhost review has more information.
• Mullvad — This VPN is the ideal choice if you’re looking for a privacy-focused VPN since it allows anonymized user profiles and accepts cash. Mullvad costs about $5.30 per month, whether you purchase it for a month, a year or a decade. Mullvad offers a 30-day money-back guarantee except for cash payments. Learn more in our Mullvad review.

Final Thoughts

We’ve pointed out the key problems with poor VPNs. From logging sensitive data and transferring malware to leaking your IP address, bad VPNs can compromise your privacy and security. Some are barely usable, while others don’t work at all. If you’re considering a VPN and any of these issues pop up in your research, reconsider your choice.

We recommend good paid VPNs, like ExpressVPN, which come with more features and have no incentive to sell your data.

Have you used a poor VPN before? What have your worst VPN experiences been like? Are there any other red flags we should add to the list? Share your comments and experiences with us in the comments section below. As always, thanks for reading our article. 

FAQ: Best & Worst VPN Options

• Which VPN Is the Most Trusted?

  ExpressVPN is the most trustworthy VPN because it abides by a strict no-logs policy. It uses RAM-only servers that wipe your data with every reboot. Over the years, ExpressVPN’s server network has undergone multiple audits by independent audit firms, including KPMG and Cure53.

• Why Are Free VPNs Not Safe?

  Free VPNs are unsafe because they might share your information with third parties, including advertisers. Some free VPNs are malware vectors that infect your device, opening it up to hackers.

• Which VPN Is 100% Safe?

  ExpressVPN is one of the safest VPN options. It uses high-end encryption and protocols to secure user data. It also runs RAM-only servers, so it erases user data periodically. Plus, all its servers have obfuscation, which hides your VPN use from prying eyes.

• Is NordVPN a Scam?

  NordVPN isn’t a scam. We have subscribed to and used it for years, and it has proven to be a fast and reliable VPN service. It does everything it says, including changing your IP address, preventing leaks of your real IP and unblocking streaming services.

• Is ExpressVPN a Scam?

  ExpressVPN is a legitimate VPN that delivers on its promises. It can spoof your virtual location, anonymize and encrypt your traffic, and unblock streaming platforms. Plus, it has a trustworthy 30-day money-back guarantee.