Monday, December 24, 2018

The Dangers of Free VPNs

If you use a free VPN, then you have to wonder how your provider earns money to cover their own costs. The answer often involves advertising, but it can also be through far more sinister means.

Running a VPN service costs a significant amount of money. There are setup costs, infrastructure costs, labor and other running costs. The companies behind these services generally want to make a profit as well.

Why are free VPNs a problem?

It really depends on your use case, but in general, VPNs are used to enhance both the online privacy and security of those who use one. Privacy and security tend to involve trust, which becomes especially important when we consider VPNs.

To understand this properly, we have to take a step back and examine how VPNs protect their users. The most common analogy is that a VPN provides an encrypted tunnel between the VPN client on a user’s device and the VPN server.

This tunnel essentially means that no other party can see the connections and data you are transferring between your device and the exit server. Your ISP, the government and other snoopers will be able to see that you are sending encrypted data through a VPN, but they won’t be able to see what it is.

If someone is examining the traffic between the exit server and the website you are visiting, they will be able to see that someone from the VPN’s server is connecting to the site, but they won’t know where the connection originates from.

In this way, a VPN’s encrypted tunnel protects users and their information from outside parties like hackers and governments, and also allows users to get around geo-restrictions by making it seem like their connection is coming from another place.

The point is that the VPN provider is the one that keeps you safe by letting you use their encrypted tunnel. Since all of your data goes through the provider, you need to find one that you can trust. If you can’t trust your provider, how can you know that your data is being kept secure and private?

What can a VPN provider see?

Technically, VPN providers have the capacity to see everything you do while connected. If it really wanted to, a VPN company could see what videos you watched, read emails you send, or monitor your search history.

Thankfully, reputable providers don’t do this. A good provider shouldn’t take any logs of your activity, which means that although they could theoretically access your data, they discard it instead. These “no-log” companies don’t keep copies of your data, so even if they get subpoenaed by a government agency, they have no data that they can hand over.

VPN providers may take different types of logs, so you need to be careful when reading the fine print of any potential provider. These logs can include your traffic, DNS requests, timestamps, bandwidth and IP address.

It will depend on your use case, but if you want your VPN to provide the highest level of privacy, then you will want to choose one that records no logs at all.

How do you know if a VPN provider keep logs?

Most VPN providers will state on their websites whether or not they take logs, and if so, what kind. If the privacy policy doesn’t state the logging policy, or they make their logging process unclear, it’s best to assume the worst. No-log policies can be a huge selling point of many VPNs, so if a company doesn’t make their practice clear, it’s best to assume that they do keep logs in some form.

How can you trust a VPN provider’s claims?

At the end of the day, you can never really be 100 percent sure. The closest we can get is if a VPN provider was served a warrant or subpoena and was unable to give any data because they simply don’t have it. Even so, a provider may change their practices after a the court order has been carried out.

While this may seem disheartening, the reality is that we don’t really need 100 percent confidence. For most situations, 99.99 percent is more than enough. You just need to find a VPN provider that you can trust enough for the activities that you intend to conduct over their service.

There are a range of things that you will need to consider when evaluating whether a VPN provider is trustworthy enough for your intended uses. First, you will want to see that their website looks reputable.

If everything checks out, you will want to go through their privacy policy and legal statements to ensure that everything is legitimate. Then you will want to do some background research to see if the company has been involved in any dodgy practices, and whether its users are generally happy with the service.

NordVPN recently became the first provider to undergo a voluntary third-party audit of its zero-logs policy. Other providers like ExpressVPN have had their servers seized by police, but the servers contained no information of use thanks to no-logs policies.

If you do a thorough search and it doesn’t bring up any red flags, then you can probably trust the VPN provider’s claims. This is because most established providers aren’t willing to sacrifice their long term revenue by doing something unscrupulous. They have a vested interest in keeping their users around and attracting more in the future, because keeping the business reputable will be worth more in the long run.

Can you trust free VPNs?

Paid VPNs can be dodgy, but free VPNs are even more of a minefield. From loading malware onto your computer to selling your data to third parties, there are countless dangers. This list narrows some of the offerings down a bit, but there are still many complications to consider.

When it comes to free VPNs, the relationship between the provider and the user is different to that of a paid VPN. The user isn’t paying the provider any money, so the provider doesn’t have to do much to keep the user happy. How bad a service will be tends to depend on the VPN provider’s business model:

Advertising

Some free VPN companies make their money through advertising. This can range from showing banner ads to users, such as Psiphon, to those like Hotspot shield, which the Center for Democracy and Technology alleged tracks users and hijacks web requests. Many free VPNs insert advertisements into your web browser, and these ads can place tracking cookies on your device to monitor your browsing.

If a VPN provider places ads in their app, it’s far from ideal, but it’s also hard to criticize a service for trying to monetize itself in some way. If a provider is actively tracking its users, this spells much bigger problems, particularly for those with privacy and security concerns.

Although Hotspot Shield claims that it doesn’t collect “information that allows us to trace Internet usage on Hotspot Shield back to individual users”, VPN users are better off avoiding services that track them.

Malware distribution

Some free applications may look like they are offering an excellent service, when they are actually an underhanded way for hackers to install malware. It can be hard to know for sure whether an app does this, so it’s always best to be prudent when downloading software.

In an academic study, numerous VPNs were run through a host of different virus scanners. Some free VPN apps such as Betternet and OKVPN tested positive for malicious activity in many of these tests. Those looking for a new VPN should err on the safe side and stay away from any free VPN that looks like it might be used to infect their devices.

Botnets

One of the most alarming VPN controversies of the last few years was when the popular service Hola was taken advantage of to form a botnet. Due to how the service operates, the bandwidth of Hola users was leveraged in an attack on 8chan.

Obviously, no one wants their devices to be part of a botnet that attacks other individuals or organizations. This is just another instance shows how users need to be careful when dealing with free VPNs.

As a free offering to attract users to a premium VPN service

Some VPN providers offer a free service as a way to draw new users toward their paid services. These vary in quality, but they can often be more legitimate than the free VPNs that rely on other business models. Free tier services like Hide.me and Windscribe aren’t necessarily bad, but they are much more limited than paid VPNs.

Research

VPN Gate is operated by the University of Tsukuba using volunteer resources. The university runs it as an experiment, but anyone can use it or operate a node to contribute to the network. As an experiment, its service is pretty restricted, but it’s also less likely that a university would be using the network for any illicit activity.

If a VPN’s free, it’s probably not fast

Trust issues aren’t the only problems that come with free VPNs. They also tend to be slow and have other service limitations. It’s an old cliche, but with VPNs, you really get what you pay for. On free plans, the providers are hardly rolling out the red carpet, so users will have to put up with subpar service.

Free VPNs often have fewer servers, which can force users to connect to those in less-than-ideal locations. This can make the speed much slower. In addition, some free VPN servers have heavy congestion, which can make connections stall to a near standstill. Other providers may force free users to wait in queues so that they don’t clog up the network.

A lot of VPNs also have bandwidth limits that restrict the speeds that free users can access. Many have data caps as well, which tend to be between 512MB and 2GB. This amount of data won’t get most people too far. A few hours of heavy browsing could easily eat up the cap and watching videos will drain it much faster.

What can you use free VPNs for?

Now that you understand a little bit about how free VPNs work and their various business models, we can talk about their limitations. As we have just discussed, free VPNs tend to operate in ways that really restrict their use.

These range from those that simply can’t be trusted and should be avoided at all costs, to those which have very low data caps or bandwidth limits. If you absolutely require privacy and performance, you will need to go with a paid provider that is well-regarded.

In saying that, there can be circumstances where a free VPN will help you without putting you in serious danger. These include if you need to spoof your location temporarily, or if you need to get around internet restrictions. Again, you need to make sure that you aren’t engaging in risky or illegal behavior if you are using a free VPN. Most of them are simply far too unreliable.

If you are going to use a free VPN, please make sure that you do your research and find a reliable provider that suits your needs. Using an untrustworthy provider can give you far more trouble than accessing the internet without one.

What shouldn’t you use free VPNs for?

In an ideal world, you wouldn’t use a free VPN at all, because the services are far too limited. Despite this, there are a lot of people who simply don’t have the money or don’t want to pay a few dollars each month for a reliable service.

Anyone who does use a free VPN needs to be aware of their issues and be incredibly careful with how they use it. They absolutely must not engage in any illegal behavior, nor anything that requires a high degree of security or anonymity.

As we discussed earlier, a VPN provider has the capacity to access all of the data that goes through their service. When the service is being provided to you for free, the provider doesn’t have much of an incentive to provide you with a reputable service. If you can’t trust the provider to give you a high-level of service, then you can’t trust them to be responsible for your privacy and security.

Everything on the internet should be free

One of the key issues isn’t with VPN technology itself, but with our attitudes to technology services in general. Many people have grown up in the internet age and become accustomed to free content, products and services. This is generally supported by advertising and other means.

These funding models have provided opportunities for the poor to access all kinds of media and technology that traditional payment models would have locked them out of.

It’s hard to deny that this has been a good thing in many ways, but it has also had some unfortunate results. The overwhelming amount of free stuff in our lives has left many of us unwilling to pay for things which we would have in the past.

With many products and services, such an attitude doesn’t cause problems. With VPNs, it can be a big issue. If you really care about your privacy and security, your best course of action is to stay far away from free VPNs, because they simply don’t provide a service you can trust.

      

The post The Dangers of Free VPNs appeared first on Cybersecurity Insiders.


December 24, 2018 at 09:09PM

0 comments:

Post a Comment