Many Internet users turn to Virtual Private Network (VPN) services to protect themselves from the possibility of someone snooping on their browsing activity or tracking their location.
VPNs also allow users to access region-restricted content such as television shows and movies on streaming services.
There are hundreds of VPNs to choose from, which could make it difficult for newcomers to identify a reliable and efficient provider.
Certain providers offer free VPNs, but the cost of choosing one of these could be severe.
MyBroadband spoke to four of the world's most-reputed VPN providers – NordVPN, ExpressVPN, CyberGhost, and Surfshark – to establish why it is risky to choose a free VPN.
How a VPN works
To understand when a VPN is not functioning as it should, one should first consider how a conventional Internet connection takes place.
NordVPN's Head of Communications Ruby Gonzalez explained that since you have to be directed to websites or online resources you wish to access, you are first connected to your Internet service provider (ISP).
"All your internet traffic passes through your ISP's servers, which means they can see and log everything you do online. They may even hand your browsing history over to advertisers, government agencies, and other third parties," Gonzalez stated.
ExpressVPN's vice president Harold Li detailed how a VPN circumvents this.
"A VPN is a secure, encrypted connection between your device and the Internet."
"It works by routing your device's internet connection through your chosen VPN's private server so that when your data is transmitted to the Internet, the destination site or service receives it from the VPN rather than directly from your computer and ISP," Li explained.
Surfshark's Gabrielle Hermier explained that the VPN server's role is to make web requests on a user's behalf and create a "tunnel" for data to travel along without being followed around.
"The VPN acts as an intermediary, therefore hiding your IP address and helping to protect your identity," Li stated.
As a VPN encrypts your Internet traffic, information that is sent over your connection cannot be intercepted by other parties that are on the same network as you, like hackers who are connected to the same public Wi-Fi spot as you.
"The encrypted data looks like gibberish to anyone who intercepts it — it is impossible to read," Gonzalez said.
The big costs involved with real VPNs
In order to run an efficient VPN service, significant costs must be incurred.
CyberGhost detailed some of these, which include significant spending on human capital and infrastructure.
"Here at CyberGhost VPN, we have a team of over 70 professionals working every day to make sure we offer our community the best possible VPN experience. Our extensive network also includes over 6100 VPN servers located in 90 countries. As you can imagine, this isn't cheap."
"Good VPN companies operate a global server network, continually update their apps, provide customer support, and so much more. But all this costs money. And if you're getting it for free, what's the catch?" CyberGhost asked.
Surfshark's Hermier said that the average cost of a server in the USA or Europe is approximately $200, while Asian servers are around $500.
"Trustworthy service providers have at least a few hundred servers, which means that the maintenance of the infrastructure alone starts from $50,000 USD a month," Hermier noted.
She said that since Surfshark's user base grows each month, it has to add servers every week.
"It essentially means that our costs are increasing by approximately 10% month-on-month."
CyberGhost said that while paid VPN services cover these costs by charging users subscription fees, free VPN services make their money from the user.
They also sell their in-app space to advertising agencies and other clients, CyberGhost noted.
Little to no protection for your data
The main purpose of using a VPN – to protect your data – could be nullified by the fact that free VPNs track your browsing activity, putting your information in the hands of third-party companies.
"There is a saying, ‘If the service is free, you're the product,' and it is especially applicable in the industry of free VPNs," Hermier warned.
NordVPN's Gonzalez echoed this caution and said that most free VPN services tend to collect user data and sell it to third-party advertising companies or the authorities.
"Before signing up, users should always check service policies and learn about how their data is being processed," Gonzalez stated.
CyberGhost said one study claimed that "74% of free VPN apps contained tracking embedded in the source code".
"This means your data is getting collected and stored to be sold to advertising and analytics companies," CyberGhost said.
"Data is the new gold in our privacy-invading and tracker-exploitative digital age. We've seen online services that hide behind shady privacy policies and ‘free' products that mishandle your private information," the company noted.
It warned that is has observed companies selling data to marketers, government agencies, and other malicious parties for profit.
"We've seen these practices used to influence, categorize, and manipulate you," CyberGhost warned.
ExpressVPN's Li recommended that consumers avoid any free VPNs or a lifetime VPN subscription with a once-off fee.
Consequences of choosing a bad VPN
CyberGhost said there are a number of dangers involved with choosing a free VPN.
Firstly, this could make you more susceptible to malware.
"According to a study of free VPN apps, nearly 4 out of 10 free VPN software have hidden malware inside. The risks associated with it are many, but the most concerning of all is the possibility of losing all your passwords and having your accounts hijacked," CyberGhost stated.
Additionally, the security of these free VPNs is weak, which leaves the user all the more vulnerable to online attacks from cybercriminals, hackers, and governmental spying agencies, CyberGhost said.
Another issue is that you may not be able to unblock region-restricted content. CyberGhost said that expecting this from a free unlimited VPN is "wishful thinking".
"Their limited infrastructure and the small number of VPN servers mean that free VPNs have almost zero chances of providing you access to geo-blocked content."
Others possible problems include massive speed drops due to below-par server infrastructure, plenty of pop-up ads sold to companies that provide revenue to the free VPN, and being redirected to partnership websites against your will.
The consequences could be even worse, Surfshark's Hermier noted.
"One of the most popular free VPNs Hola (that has 50,000,000+ installs) was selling the bandwidth of users of their free service to people willing to pay through their Luminati business arm."
"It essentially means that if somebody acts maliciously through this network, they might harm the wellbeing of innocent people," Hermier said.
Making the right choice
On the flip side, there are a number of key characteristics which will help you identify an adequate VPN.
Both ExpressVPN and CyberGhost emphasised the importance of choosing a provider that is based in a country with privacy-friendly legislation. Such laws will prevent international surveillance alliances from gaining access to your data.
All of the VPNs recommended products with strict no-logs policies.
ExpressVPN's Li explained why it is an important consideration.
"Any VPN that is genuinely concerned about your privacy will not save logs containing information about your online activities. This means that even if it is hacked or subpoenaed for that information, it has nothing to reveal," Li stated.
"It's important that their policy had been tested under real-world circumstances, and undergone—and published the results of—an independent third-party audit of its operations," Li explained. Surfshark and NordVPN shared this sentiment.
Gonzalez said NordVPN doesn't store session information, used bandwidth, traffic data, IP addresses, or any other data.
"Its no-logging claims were confirmed by the industry-first audit performed by PricewaterhouseCoopers AG, Zurich, Switzerland."
According to CyberGhost, another indication of a VPN's trustworthiness is whether it releases Transparency Reports and what those reports show, CyberGhost stated.
"Transparency Reports also matter a lot. They can show if any user data is being shared with the authorities."
"Back in 2011, we were the first ones in the VPN industry ever to launch a Transparency Report, detailing the number of requests for data we get from various authorities."
The company now releases Transparency Reports every quarter.
A few more key considerations
According to CyberGhost and ExpressVPN, other key signs of a solid VPN to look out for are:
An extensive server network
Money-back guarantees and anonymous methods of payment
The possibility to protect more device with just one subscription
256 AES data encryption
DNS and IP leak protection
Unlimited bandwidth
Built-in killswitch
24/7 Customer Support services in multiple languages
Surfshark recommended considering the following factors:
Reliable encryption
Trustworthy security and privacy policies and tools. No-logs and anonymity policies with protection mechanisms like IP hiding and kill switches.
Versatility – Support for a wide array of platforms and operating systems.
Simultaneous connections – VPNs should also offer simultaneous connections to laptops, PC, smartphones, and extra room left for other devices.
Speed – Wide variety of servers and different configurations for different purposes
Accessibility – Wide range of server locations
Seal of Approval – Audit conducted by independent 3rd party researchers.
NordVPN's Gonzalez noted that a money-back warranty and easy-to-reach customer support could be considered as two more attributes of a reliable VPN service provider.