Are free VPNs safe?
A free service probably won’t keep you as safe online as you’d like
Between endless dark-web personal information leaks, shadowy data companies trading your browsing habits, and the threat of intelligence agencies tracking your every move, it can feel like it’s impossible to preserve your online privacy. Virtual private networks, or VPNs, can be an important tool for putting the balance back in your favor, but it’s important you choose the right one.
The best VPNs will encrypt your internet traffic until it reaches your VPN provider’s servers, shielding your home IP as it looks like you’re browsing from a completely different location. The very best ones will let you browse a truly global internet, easily sidestepping the geo-location blocks that keep you from watching content from your home country while you’re on holiday.
However, not all VPNs are created equal. While the best free VPNs will protect your privacy, others that will secretly log your traffic. In the worst case, they might even be selling it to cover the costs of running a VPN service. Stick with me and I’ll run you through the risks you need to keep in mind while picking a safe VPN, whether it’s free or premium.
Are paid-for VPNs safe?
Let’s be clear: it’s very important that you trust your VPN provider. You’re handing over the responsibility for routing all of your internet browsing traffic from your internet service provider (ISP) to a third party. Thankfully, most VPN providers are serious when it comes to safeguarding your data.
There’s a few things you can look out for when you’re making your choice to figure out if the provider you’re about to purchase from is legit. The most important one is whether they have a no-logs policy. This tells you that your VPN provider is making every effort to delete your data as soon as it’s transmitted. If your provider doesn’t have a no-logs policy, it’s pretty likely that data is being stored (and maybe even sold).
You can read through a VPN provider’s privacy policy to get the fine details on how much of your data is stored, but it’s not necessarily the best use of your time. The best indicator a no-logs policy is legit is that it’s been audited by a reputable third party. For example, one of the best VPN services, NordVPN, recently received it's fourth audit verifying its no-logs policy. Some providers even go so far as to commission yearly audits, or even “always-on” audits to provide continual reassurance that your data really isn’t being monitored.
These audits aren’t just for demonstrating that your data is safe from nosy employees. It’s also essential for maintaining anonymity in the face of requests from law enforcement, especially in countries where personal privacy isn’t enshrined in law. Even if a warrant is served to your VPN provider, they can’t over customer data that they don’t collect and save.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Speaking of, it’s also pretty important that your VPN offers obfuscated connections if you’re browsing from a country where your internet connection is heavily monitored.
An obfuscated VPN protocol disguises your VPN traffic by tunneling it through another protocol such as HTTPS. In essence, your VPN traffic now looks like normal encrypted browsing traffic to your ISP. The reason this is so important is that although a VPN encrypts your internet connection, there are tell-tale signs in the packets used to establish the connection that your ISP can spot using Deep Packet Inspection. If your government is working with your ISP to block VPN connections, being able to obfuscate your connection is often the only way to keep safely using your VPN without fear of disconnection or reprisal.
Beyond this, there are a few other smaller things you can do to make sure you’re not running straight into a scam VPN. Do they have a good money-back guarantee policy? A restrictive one (or none at all) could mean you’re spending money without any reassurance of a refund if your VPN doesn’t work. Is the VPN verified on a reputable app store, such as Google Play? There’s plenty of “free” VPNs on mobile app stores which are really just glorified malware masquerading as a bargain VPN provider, but it’s rare they’ll ever be verified. Can you get in touch with their customer service reps before you’ve bought a subscription? It’s worth it either way as you’ll probably have questions about their service. Even if you don’t, it’s a handy way to make sure you’re dealing with a real company instead of a cardboard cutout ready to take your money and split.
The best VPN for you will depend on your needs, but here are the top three I’d recommend:
1. The number one paid-for VPN: NordVPN
NordVPN is the best VPN provider out there. They’re fast, they have servers in over 80 countries, and they’re one of the safest VPNs you can use.
In addition to strong security fundamentals, NordVPN gives you access to features like threat protection, which is an integrated service that scans your downloaded files for malware, blocks known malware distributors, and keeps you aware of potentially vulnerable apps on your device. It even has the handy side-effect of keeping ads off your computer, too.
2. The easiest to use paid-for VPN: ExpressVPN
ExpressVPN is also a fantastic product. With one of the largest VPN server banks in the business, spanning over 100 locations, as well as lightning-fast connections powered by their proprietary LightWay protocol, ExpressVPN will power your unblocking efforts nearly anywhere on the globe. They’re also one of the only providers that consistently works in China, thanks to obfuscated protocols.
3. The cheapest paid-for VPN: SurfShark
SurfShark is the choice if you have a bunch of devices you need to secure but don’t want to break the bank. One SurfShark subscription covers an unlimited number of devices, all benefiting from SurfShark’s extensive suite of security tools in addition to a bullet-proof VPN. This includes a password manager, identity theft alert system, anti-virus, and a tracker free private search, all included under the SurfShark One package.
Are free VPNs safe to use?
In our extensive testing, we have uncovered the best free VPN services. With this being said, free VPNs do come with some drwbacks that you don't send to see with premium VPNs. Most of the time, you’re looking at bandwidth restrictions in the ballpark of 10GB a month, as well as restricted locations and subpar speeds. Beyond this, the real issue with free VPNs is that a lot of them aren’t interested in providing a quality service at all. Instead, they’re siphoning off all your data to profit off of it.
In the best case scenario, a free VPN will insert ads into your browsing traffic or package up your browsing data in an anonymized format to sell to a data broker. This is bad, but it isn’t the worst thing in the world. A VPN is certainly compromising your privacy by doing either of these things, but at least it’s not going to cause you actual financial damage. Unfortunately, it’s more likely that a free VPN is being used to harvest your private information for sale to hackers who can use your identity to carry out fraud. Think stuff like username and password pairs, bank account details, addresses, and so on.
Some free VPNs aren’t even interested in stealing your data. In fact, they’re just vectors for malware. You may have tried to save a few bucks downloading a free VPN for your phone, and now you can’t browse the internet because it’s DDoSing targets as part of an international botnet at the behest of a hacker gang. It’s a miserable prospect.
Even the best free VPNs on the market come with enticing upgrade options that encourage you to switch to premium plans. Instead of relying on free VPNs with limited features, you could consider upgrading to a premium VPN service, many of which offer affordable subscription plans. Purchasing a year or longer up front can drop the price of your subscription down to just a few dollars a month. A good money-back guarantee will take all the stress out of testing the VPN you choose, too. As such, most top-tier VPNs offer at least 30 days after you purchase to change your mind and request a refund.
There are a few free VPNs out there I’d recommend. Check out my list below for the best free VPNs:
1. The best free VPN: PrivadoVPN
PrivadoVPN is one of the only free VPN vendors out there that offers more than a cut-back service. All of Privado’s paid features are on offer in the free version, but only for 10GB a month and only across twelve different servers instead of the full sixty four. The connections are also as fast as the paid version, and it’s one of the rare free VPNs that offers P2P connections.
2. The free VPN with the most data: ProtonVPN
ProtonVPN has a fully free version with unlimited bandwidth. It’s built by the same minds behind ProtonMail, making it a certainty that the same careful approach to privacy and security is in play with ProtonVPN too.
3. The best free VPN with adblock: Windscribe
Windscribe also offers a generous 10GB a month, in addition to powerful ad-blocking capabilities that make Windscribe a great free choice for working from abroad and unblocking the occasional show or two.
Is using a VPN while travelling safe?
Using a VPN while traveling is usually safe, but it all depends on what you’re using it for, as well as where you’re using it. Many travelers opt to use a VPN while abroad to access their home country's content libraries on streaming platforms like Netflix.
Accessing geo-restricted content, such as streaming TV shows or movies, by using the best streaming VPN to change your location typically falls into a gray area in terms of legality. While it may not lead to legal action, violating a service's terms of use by using a VPN to access geo-blocked content could result in your account being terminated. It’s very rare that this ever actually occurs, but you can’t say you haven’t been warned.
On the other hand, attempting to access content blocked by government censorship while traveling can have more severe consequences. In countries where certain websites are banned, using a VPN to bypass these restrictions is often illegal and can lead to fines or even jail time. China and Russia are particularly notorious for cracking down on VPN use, but as a general rule you should check whether your destination has rules against VPN use before you travel.
While VPNs mask your IP address and encrypt your data, by default they do not conceal the fact that you are using a VPN. In countries where VPN usage is illegal, the ISP you’re connected to can detect your VPN connection with Deep Packet Inspection and report it to the authorities. If you’re found to have broken the law using a VPN, it could potentially result in prosecution or deportation.
To mitigate this risk, some VPN services offer obfuscated protocols. Obfuscation disguises the fact you’re using a VPN by disguising it as another type of traffic, such as HTTPS or SSH. Providers like ExpressVPN, NordVPN, and ProtonVPN offer obfuscated servers optimized for use in countries with repressive internet laws, allowing you to continue using your VPN to phone home without fear of reprisal from a dictatorship.
This might all sound pretty scary, but the reality is that using your VPN is safe in the vast majority of places around the globe. Very few countries have ever enacted laws related to VPNs, and those that have are the usual suspects when it comes to internet censorship, for example Russia, China, North Korea, Iran, and more.
Can you get caught using a VPN?
Let’s imagine you’re a journalist in a country that’s unfriendly to investigative journalism and you’re concerned about being caught. Let’s also assume you’re using a computer you trust, instead of an internet cafe PC. Using a normal VPN protocol, such as OpenVPN or WireGuard, your ISP will be able to tell that you’re using a VPN and which VPN server you’re connecting to.
Your ISP won’t be able to tell what traffic is passing through that tunnel. They can cut off the connection by blackholing the VPN IP, causing all traffic to that IP to drop. They can also look up your address and send investigators to your house to politely inquire as to why you’re using a VPN, with all the legal headaches associated with that type of inquiry. Some countries, such as Russia, have enacted laws that essentially allow law enforcement agents to demand to see your phone on the street in order to check whether or not you’re using a VPN.
You could also be caught paying for a VPN service if you live in a jurisdiction where law authorities can investigate your bank accounts. Paying in cryptocurrency, especially using Monero, can help mitigate this issue.
There’s also the issue over which VPN you get caught using. Your friendly law enforcement agents might serve up a warrant asking for all user information associated with a single IP in an attempt to work backwards towards you. With a no-logs VPN, this isn’t nearly as much of an issue as they simply won’t be able to serve up any information related to you.
All in all, the answer is mostly: no, you won’t get caught using a VPN as long as you use the right one.
What is the most secure VPN?
The most secure VPN is a subjective title that is going to depend as much on your personal use-case as anything else. However, there are a few general factors you can look out for that are a good indicator you’re using a secure VPN.
First up is protocol support. You might think a VPN that offers a wide range of protocols is more secure, but security is just as often about what you don’t offer. You should steer clear of VPN providers who are still offering L2TP and PPTP, as both of these protocols are deprecated for security reasons. Offering OpenVPN, IKEv2, and WireGuard protocols is a good sign your VPN vendor is taking their security seriously.
Regularly scheduled security audits are also a great indicator that you’re dealing with a security-conscious VPN vendor. Of course, a no-logs audit is also useful, but seeing that your VPN provider is commissioning code audits that expose potential security issues to be fixed before they’re leveraged by hackers is a huge confidence booster.
You could also look at the extra features a VPN provider offers. These can be as simple as a Kill Switch, which turns your internet connection off if your VPN connection drops out. They can also be as complex as the dark-web identity monitoring services baked into a few VPN providers such as NordVPN and Surfshark, which alert you if your details have ended up in a data leak.
How to choose a VPN
Choosing the right VPN involves weighing up a bunch of different factors to figure out the right one for you. There’s no one-size-fits-all VPN, but there’s a few different perspectives you can take to determine what’s important to you. I’ve already discussed security, so let’s move on to performance.
You should look for a VPN with consistent uptime, as well as speeds that accommodate your normal internet activities such as streaming and gaming. You should check out the server number and location diversity of the VPN provider's server network, as this impacts your ability to bypass geo-restrictions as well as optimizing connection speeds. Closer servers will always give you better speeds, so being able to choose a geographically close server is a plus.
It’s not enough to just have servers all over the planet, though. Content streaming sites such as Netflix and Amazon Prime are constantly updating their service to block VPN IPs, so it’s necessary to choose a VPN vendor that’s dedicated to providing geo-unblocking specifically.
Compatibility with your devices and operating systems is also essential, so confirm that the VPN supports all the platforms you use. Not all VPN features are available on all platforms, as you’ll often see that even the VPN protocols you have access to per platform differ greatly.
Finally, you should take all of this in context. Shop around! Compare pricing plans and subscription options to find a VPN that fits your budget while offering the features you need.
VPN FAQs
Which VPN is the safest?
It’s hard to say which is the safest VPN. It’s challenging because you have to compare several various factors (some of which are subjective), including encryption protocols, logging policies, jurisdiction, security audits, and other technical details. However, only looking into VPN vendors with a full third-party audit is a good place to start, and check out our list of the most secure VPN services.
Can VPNs be hacked?
While VPNs are designed to provide secure and encrypted connections, they can still be hacked. Older VPN protocols, such as PPTP, are insecure and vulnerable to brute-force attacks on the keys used to encrypt your data. While newer protocols are considered very strong, there are other avenues to consider such as the VPN servers a vendor uses. VPN servers themselves may be vulnerable to exploits and attacks if not properly configured or maintained, leading to unauthorized access to user data. This is why it’s important to use a VPN vendor that regularly works with external parties to audit their security strategies.
Is using a VPN dangerous?
Using a VPN itself is not inherently dangerous, as VPNs are designed to enhance online security and privacy by encrypting internet traffic and masking IP addresses. However, it is vital to choose a VPN provider that you can trust with your data, as well as one that takes their security seriously.
Are VPNs legal?
In most countries, using a VPN is legal. VPNs are legitimate tools designed to encrypt internet traffic. As such, there are generally no laws prohibiting the use of VPNs for personal or business purposes. However, while using a VPN itself is legal, certain activities conducted through VPNs may be illegal, such as piracy. Additionally, some countries have restrictions or regulations regarding the use of VPNs. In authoritarian regimes or countries with strict internet censorship laws, VPN usage may be restricted or banned altogether. If you’re unsure whether or not using a VPN is legal in your country, you should seek legal advice.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example:
1. Accessing a service from another country (subject to the terms and conditions of that service).
2. Protecting your online security and strengthening your online privacy when abroad.
We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Sam Dawson is a cybersecurity expert who has over four years of experience reviewing security-related software products. He focuses his writing on VPNs and security, previously writing for ProPrivacy before freelancing for Future PLC's brands, including TechRadar. Between running a penetration testing company and finishing a PhD focusing on speculative execution attacks at the University of Kent, he still somehow finds the time to keep an eye on how technology is impacting current affairs.
- Olivia PowellTech Software Commissioning Editor