Resist falling for that free VPN deal, hazards lie in fine print

Photo Credit: digital photography by Juan Antonio Zamarripa

“There is no such thing as a free lunch.”

Popularized by Milton Friedman back ’75 the phrase “There is no such thing as a free lunch remains of great economic relevance today in describing things like “opportunity costs”.

However enticing, free VPNS are more often than not the origin of many security hazards and in some cases data collection machines, hence defeating the purpose of what a Virtual private network should be.

“When the product is free. You are the product”

Credits: Xiaolin Zeng

VPN service implies having servers in various countries, so the maintenance or renting costs can amount a few figures, depending on volume.

While most legit businesses will offer 7 days of free trial, a free connection on a indefinite period of time is sure to get its profit elsewhere; in ways that may harm your security and defeat the whole purpose of having a VPN in the first place.

Even more compelling evidence on the security risks one might face when exposed to a FREE vpn surface once you start doing research. Take the CSIRO (Commonwealth Scientific and Industrial Research Organization) the federal government agency for scientific research of Australia. In a study performed a few years ago, they analyzed no less than 283 VPN services only to find that 75% of the free ones contained tracking possibilities. You can read the entire CSIRO white paper here.

We list the most common of these corrupt practices that some VPN providers have been revealed to apply, while others admit as comme d’habitude use in their lawyer-eese terms of service or in very fine print.

SELLING USERS BANDWIDTH

using their users as servers by converting them into a botnet, some VPN providers appropriate their user bandwidth as their own and are resellling it through third parties or sister companies.

In other words, by searching a bargain you can be faced with two main issues:

1. Slower computer and internet connection: as you’re sharing your bandwidth and processor with others;

2. Higher Security Risks: assuming responsibility for what other users do online, that can be tracked down back to your IP.

DATA COLLECTION

In depth analytics of your use data can be sold to third parties companies also. In this case, your FREE VPN becomes a data collection machine that can use your browsing history and online habits to target you with spam, ads and may even compromise your banking accounts or hold you for ransom. Choosing a VPN provider, like My IP.io, that goes on a “no log kept” policies is the best approach to the matter.

ADS

modifying the web code to show ads is a common practice for “free” VPN services.

CSIRO identified FREE vpn apps “actively injecting JavaScript codes using frames for advertising and tracking purposes, while the static analysis of source code revealed apps that actively use up to 5 different third party tracking libraries.”

TRACKING LIBRARIES

The same study examined through ApkTool “the presence of embedded third party libraries (in the form of external hat files) for analytics, tracking or advertising purposes in the source code of free android apps. […] Since most VPN apps intend to provide online anonymity, the lower presence of tracking libraries is actually meaningful. However, we identified the presence of at least one tracking library in 75% of the FREE VPN apps claiming to protect user’s privacy” is stated in the same study.

POOR ENCRYPTION OR LACK THERE OF

The CSIRO research revealed worrisome aspects regarding encryption: “18% of the VPN apps implement tunneling protocols without encryption despite promising online anonymity and security to their users. In fact approximately 84% and 66% of the analyzed VPN apps do not tunnel IPv6 and DNS traffic through the tunnel interface respectively due to lack of IPv6 support, misconfigurations or developer-induced errors. Both the lack of strong encryption and traffic leakage can ease online tracking activities and by surveillance agencies.”

MALWARE

According to the CSIRO study “38% of the analyzed VPN apps by CSIRO have at least one positive malware report according to VirusTotaagencies.”

The Paid vs. The FREE VPN Issue

A good VPN will have its own servers and encryption protocols designed for it, reducing possible security failures to a minimum. Free VPN servicesare often an open door to malware and can be easily used by scammers.

In the FREE vs. PAID matter, its is important to understand that most legit businesses will offer 7 days of free trial, but a free connection on a indefinite period of time is sure to get its profit elsewhere; in ways that can harm your security and defeat the whole purpose of having a VPN in the first place.

We suggest you do yourself a favor and invest a good 5 bucks for a reliable VPN like the dedicated VPN you can get from My IP.io or from another reliable provider.

As a general rule, mundane but so incredibly important, reading the company’s Terms of Service and the Privacy Policy, before buying a vpn service is a thing you should really consider. Ideally, these documents are in plain English and not lawyer-eese.

Photo Credit: digital photography by Juan Antonio Zamarripa

Leave a Reply

Your email address will not be published. Required fields are marked *