The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
Virtual private networks (VPNs) are necessary in an increasingly privacy-concerned digital landscape. Free VPNs can be attractive for users seeking cost-effective anonymity and security online. But beneath their no-cost appeal, such VPNs may hide multiple issues, ranging from privacy breaches to ad bombardment. So, are free VPNs safe?
This article presents an in-depth investigation into the safety, advantages, drawbacks and monetisation strategies of free VPNs. We’ll discuss data leaks associated with free providers and investigate the reputations of various free services.
You’ll find an objective comparison of our top free and paid VPN picks, and we’ll reveal our top free VPN pick. If a free VPN isn’t for you, read our best VPN guide to find the best-paid version for your privacy concerns.
Free VPNs seem appealing for users looking for a cost-effective way to enjoy privacy and freedom on the internet. However, you need to know the advantages and drawbacks to decide whether this is the right choice. We’ve compiled a list of the major pros and cons of free VPNs.
Getting a free VPN seems appealing for users looking for a cost-effective way to enjoy privacy and freedom on the internet. However, you need to know the advantages and drawbacks to decide whether this is the right choice, or if you should look at the best cheap VPNs instead. We’ve compiled a list of the major pros and cons of free VPNs.
In 2020, Google removed the “dangerous” security app SuperVPN from its Play Store following warnings of serious vulnerabilities exposing users to man-in-the-middle attacks. Despite these risks being highlighted in 2016, the app grew from 10,000 to more than 100 million downloads by the time it was removed.
Security warnings revealed unencrypted HTTP traffic, hardcoded encryption keys and unencrypted payloads, leading to potential interception of communications and redirection to malicious servers. Although SuperSoftTech, the app’s Chinese developer, wasn’t implicated in any data attacks, the persistent vulnerabilities made it an exploitable target. Users of this app are still advised to uninstall it immediately.
In May 2023, cybersecurity researcher Jeremiah Fowler disclosed a significant data breach associated with SuperVPN. He conducted a thorough investigation and discovered a non-password-secured database related to the popular free VPN service.
This publicly available database comprised over 360 million records containing sensitive user information such as email and IP addresses, device-specific details, refund requests and browsing history.
Fowler found two applications named SuperVPN registered under different developers on the Google Play Store and Apple App Store. The SuperVPN versions for iOS, iPad and macOS are attributed to a developer named Qingdao Leyou Hudong Network Technology Co, while SuperSoft Tech produces the second app.
The leaked database contains references to another company, Changsha Leyou Baichuan Network Technology Co, with multiple mentions of Qingdao Leyou Hudong Network Technology Co. Each of these companies seems to have Chinese ties, underscored by notes within the database written in Chinese. The exposed database was shut down after Fowler emailed the app owners to notify them of the leak. He received no response, which was puzzling and raised doubts about their commitment to user privacy.
All signs suggest Qingdao Leyou Hudong Network Technology Co owns and is responsible for the exposed database. Nevertheless, despite several similarities, the relationship between it and SuperSoft Tech remains unclear. For instance, the logos of the two entities, especially those of SuperVPN for Mac and other iOS devices, are strikingly similar.
Fowler’s efforts to contact both firms to ascertain whether they are linked or share a common developer yielded no result. Given the scant information about their ownership or location on their respective websites, concerns have been raised regarding the openness and safety of these no-charge VPN services.
Further investigation revealed SuperVPN shares customer support emails with Storm VPN, Luna VPN, Radar VPN, Rocket VPN and Ghost VPN, indicating potential connections between these services. This exposure contravenes SuperVPN’s declared commitment to not logging user data, hence threatening user privacy.
While researching the SuperVPN data leak, our experts found some intriguing information. Two free VPN apps with similar names are available on the Google Play Store. They are developed by SuperSoftTech and Wechoice Mobile and have different logos.
Our researchers identified discrepancies between the anonymity, privacy and security claims and the privacy policies for these applications on the Google Play Store.
Similarly, two SuperVPN apps are listed in the Apple App Store: the one discussed above (developed by Qingdao Leyou Hudong Network Technology Co) and another developed by Free Safety Connected Software Co, Ltd.
These apps with the same name and similar logos can cause confusion and mislead users. Moreover, their privacy policies seem to contradict their identity protection and data security claims, stating that user data can be disclosed to advertisers and other third parties.
The SuperVPN case highlights that, while VPNs are designed to provide subscribers with enhanced privacy and security online, they are not invincible. Weak encryption techniques, security gaps or inadequate security measures can lead to breaches, compromising sensitive user data.
The SuperVPN case discussed above is not an isolated occurrence. Many free VPNs have gained bad reputations by misusing user data.
| Free VPN provider | Reputation issues |
| Hola VPN | Hola VPN uses a peer-to-peer network model, which utilises users’ devices as servers, raising serious privacy concerns. The company is linked to Luminati, known for selling access to networks of enslaved devices, leading to fears of botnet misuse. These issues have severely tarnished Hola VPN’s reputation. |
| HotSpot Shield VPN | In 2017, HotSpot Shield VPN was accused of logging and selling user data. Alleged practices include injecting ads and mishandling payment info. The company denied these allegations. |
| Betternet | Betternet VPN was established to inject ads into web pages and collect user data for advertising purposes, raising privacy and security concerns. |
Having discussed the advantages, disadvantages and risks of using a free VPN solution, we’ll compare our top picks in these two categories: free and paid VPNs. Proton VPN is the only free VPN recommended by our experts, and NordVPN is our top-rated paid VPN service.
The comparison considers several key factors that typically influence the user experience and overall satisfaction, such as server network, privacy, access to restricted content, number of simultaneous connections and bandwidth limitations.
| Free: Proton VPN | Paid: NordVPN | |
|---|---|---|
| Data limit | Unlimited | Unlimited |
| Number of servers | 56 | 5,731 |
| Number of countries | 3 | 60 |
| Number of connected devices | 1 | 6 |
| Unlocks geo-blocked sites | Yes | Yes |
| Unblocks Netflix | No | Yes |
While Proton VPN’s free version offers a decent level of service, it falls short of the extensive network and convenience provided by NordVPN.
Below are some features offered by paid VPNs that you often can’t get from a free service.
Paid VPNs usually operate many servers in various countries, ensuring users enjoy fast internet access and can select servers optimised for specific purposes, such as peer-to-peer file sharing, bypassing heavy internet restrictions, or ensuring extra security.
Paid VPNs typically do not log or sell your online activity to third parties, a practice some free VPNs use to generate revenue.
A paid VPN uses strong encryption (like AES-256) to secure your data, preventing third parties from accessing your internet traffic, which is especially important when connected to public wifi networks.
Paid VPNs often include additional features such as a kill switch (which disconnects your devices from the internet if your VPN connection drops, ensuring your data is never exposed), DNS and IP leak protection, dark web monitoring (notifying you if your credentials are leaked), threat protection (blocking trackers, malicious ads and malware) and a private DNS function.
In countries with heavy internet restrictions, paid VPNs bypass them, giving users internet freedom without compromising security and allowing them to access blocked social media platforms, news outlets, web pages and apps.
Unlike free VPNs, which may impose limits, paid VPNs often offer unlimited bandwidth and allow for multiple simultaneous device connections.
Paid VPNs provide round-the-clock support to assist users with any issues or queries, which free VPNs usually lack.
Paid VPNs generally offer faster connection speeds, greater reliability and better performance than free VPNs, which are slower, less reliable and filled with intrusive ads.
While free VPNs seem appealing because of the price tag, the privacy, security and performance trade-offs might not be worth it. Paid VPNs are more reliable, secure and feature-rich in comparison, proving that in digital security and privacy, you often get what you pay for.
If you’re considering using a free VPN, we highly recommend Proton VPN based on our extensive research and test results. It offers unlimited bandwidth and robust encryption protocols, ensuring safe and uninterrupted browsing.
Moreover, the security protocols of Proton VPN’s free plan match those of its paid plans, ensuring a top-tier, secure service without spending a penny. It utilises industry-standard encryption methods, such as OpenVPN, IKEv2 and WireGuard, with AES-256 encryption, safeguarding your data effectively.
Unlike many free services, Proton VPN does not log user activities, adhering to a strict privacy-first approach. Like its paid service, this no-logs policy has been independently verified in an audit – something not many free providers can match.
The provider claims its free service is subsidised by the money it makes from paid-for subscriptions. The free version of its app is ad-free (aside from limited prompts to upgrade to a premium plan).
However, it has some limitations. It only supports a single-device connection and provides access to servers in only three countries: the US, the Netherlands and Japan. This restricts global access but still provides decent geographic diversity. The free plan does not support streaming or torrenting.
Performance-wise, Proton VPN is impressively fast. Its apps are available on various devices and operating systems and are user-friendly, ensuring a smooth experience, even for the less tech-savvy.
So, if you’re looking for a free VPN service that doesn’t compromise security, privacy or performance, Proton VPN might be your best bet. Alternatively, we have rated Surfshark VPN as the best value VPN available in terms of security and privacy features vs monthly cost.
