VPN services that may NOT protect your privacy

VPN services that may NOT protect your privacy

Your data is … yours and you should keep it yours! Otherwise, you become the product and, sooner or later, a target for marketers, on one side, and hackers, on the other side. Do you want that?

VPNs should, by definition, protect your data, but sometimes they don’t. Don’t be fooled by marketing headlines and incomplete service descriptions! Take care of your data, do your own research, and avoid services that are too good to be true (e.g., free ones).

Do you remember the story of Pinocchio and the chapter when he meets the Fox and the Cat? Due to his naivety, Pinocchio not only trusts the two, but he even offers them a sum of money from the potential gain. Their answer is well-known:

We do not work for gain,” answered the Fox. “We work only to enrich others.”

To enrich others!” repeated the Cat.

What good people,” thought Pinocchio to himself.

Even small children understand that the Fox and the Cat do not have good intentions. However, Pinocchio is blinded by their sweet words.

When it comes to online privacy, don’t be a Pinocchio. Look around, read between the lines, and assume the worst. Consider the possibility that the service intends to get the most of your private data.

This article explains why privacy is important when it comes to VPN services, how you can do your own research, why you should stay away from free VPNs, and lists several VPNs that may not be your best friend for keeping your private data safe.

What is VPN privacy important, and how can a VPN get your data?

A VPN (Virtual Private Network) can see everything you do online, and it may log your activities. Moreover, by ignoring your right to privacy, malicious VPNs may use or sell your data.

According to a scientific study on Android VPN apps, the following practices are quite common:

  • Third-party user tracking – 75% of the apps analyzed used tracking libraries to monitor user activities.
  • Malware injection – over 38% of the studied apps contained some malware presence detected by VirusTotal.
  • Traffic interception – about 16% of the analyzed apps might forward traffic in a peer-forwarding fashion rather than using their own hosted machines.
  • Traffic manipulation – 16% of the analyzed VPN apps deployed non-transparent proxies to modify user’s HTTP traffic. Also, several apps actively injected JavaScript code for serving ads and redirecting e-commerce traffic to external ad partners.
  • App permissions abuses – 4% of the analyzed VPN apps used the app permissions to implement localhost proxies to intercept and inspect user traffic locally.

Unfortunately, most VPN users are not aware of these practices. The same study analyzed the public user reviews of the VPN apps on Google Play and showed that only a small number of VPN users have publicly raised any concerns.

For your own sake, you need to be one of those concerned about their online privacy. It would help if you did your homework, did your own research, and looked for red flags when choosing your VPN provider.

How to do your own research

Every time you subscribe to a VPN service (as a matter of fact you should do this with every service or app you subscribe to that has access to your data) you should take at least five minutes and look for:

  • the contact information;
  • the company running the service;
  • the privacy policy page;
  • any news or articles on the Internet related to the service.

And you should ask yourself questions like:

  • Is the contact information easily available on the website? Is the physical address listed clearly?
  • Is the company running the service listed with identification info (e.g., tax id)?
  • Does the privacy policy present the way the service process users’ private data? Does the service log data? Does it share the data with third parties?
  • Are there any independent audits publicly available? Take a search on “[VPN name] audit.” Look for independently performed audits by reputable companies (e.g., PricewaterhouseCoopers) rather than self-made audits.
  • What info can you find regarding the reputation of a VPN service by searching online? You can try, for example, “[VPN name] privacy concerns” or “is [VPN name] safe?”. Take your time and read 2-3 articles and judge for yourself.

If you have the slightest doubts that the VPN is fully engaged in protecting users’ privacy, search for another provider. There are plenty of excellent ones. Just take a look at the list of VPN services that offer access to the WireGuard protocol.

Are free VPNs safe?

You have probably heard this before: “If the app you are using is free, then you are the product!”. It means that one way or another, sooner or later, the free app or service will get paid for letting you use it.

Does that mean that your data is sold and your privacy is endangered? Not necessarily, but there is no way you, as a user and private person, can verify how your data is managed and the consequences of using a free service.

A VPN service has access to many private data based on its functioning principle. It can “see” your browsing habits, for example, and it may use this info in various ways (it can sell this data to interested companies or partner with companies that target you for numerous products).

Taking all these into accounts I do not consider free VPNs safe.

You may be tempted to believe that freemium services (those offering both free and paid plans) are safer. And, generally speaking, they should be. However, as the cost of providing free VPN services are high (due to infrastructure costs), many freemium VPN services look for additional ways to monetize their users. Thus, my advice is to stay away from them too.

VPN services that may not protect your privacy

Several VPN services are either transparent of exploiting user data or exposed publicly for unfair practices. We have gathered a list of such services and explained why it is advisable to avoid them. If you know of other similar services, please let us know in the comments sections.

[1] Hotspot Shield

Hotspot Shield - VPN privacy

Hotspot Shield apps are installed on millions of devices all over the World, and the VPN service is considered to be one of the most popular VPNs available on the market. Of course, Hotspot Shield began as a free service and later switched to the freemium model. However, it seems that Hotspot Shield’s practices are not as transparent and privacy-oriented as one expects from a VPN provider.

  1. The company behind the HotspotShield service

Hotspot Shield is (now) run by Aura, a group of companies (most of them located in the United States) that manage several VPN services. This should not be a problem by itself if there were no privacy and security concerns related to several VPNs owned by this group.

2. Aura’s privacy policy

Strangely, Aura’s privacy policy page does not mention Hotspot Shield but lists other VPNs like Betternet, Hexatech, and Touch VPN.

The privacy policy of Aura clearly states that their applications use various tracking technologies (Cookies, Pixel Tags / Page Tags / Web Beacons / Tracking Links, SDKs) to collect information about their users.

The user-related info is used, among others, to serve ads (!).

VPN Privacy - Aura's privacy policy

Moreover, it looks like the data collected from Aura apps is shared with third-party services that may, in their turn, use the data for marketing purposes and serve ads.

VPN privacy - Aura data share policy

3. Service security

In 2018 a security researcher found a way to identify Hotspot Shield users. The data leaked (country where the user was located and the user’s Wi-Fi name) could have been used to locate the user. The Hotspot Shield development team rapidly fixed the problem, but the Hotspot Shield apps’ security policies’ concern remains.

4. Third party auditing

In 2017, CDT (the Center for Democracy and Technology) filed a complaint signaling “undisclosed and unclear data sharing and traffic redirection occurring in Hotspot Shield Free VPN.” In plain words, CDT said that Hotspot Shield was misleading users related to the amount of data shared with third-party partners.

Hotspot Shield - CDT complaint

And the CDT conclusion says it all:

“Consumers who employ Hotspot Shield VPN do so to protect their privacy, and Hotspot Shield’s use of aggressive logging practices and third-party partnerships harm its consumers’ declared privacy interests.”

Additionally, Hotspot Shield was also found using various shady practices such as:

  • injecting Javascript code for advertising and tracking;
  • using various tracking libraries;
  • redirecting traffic to e-commerce sites.

Conclusion: Hotspot Shields and the companies running the service do not seem to be interested in complete privacy and anonymity. Hiding the IP address and encrypting traffic is not enough! Thus, my advice is to avoid them.

[2] Betternet (asa well as Hexatech and TouchVPN)

VPN services that may not protect your privacy - Betternet

Betternet is a hugely popular VPN service with millions of users from all over the World. It started as a free service, and then, a few years back, it switched to the freemium model.

However, there are some red flags regarding the Betternet service.

  1. The company behind the Betternet service

It is quite a challenge to find out who runs the service. On the Betternet website, Betternet LLC is listed. However, the Terms and conditions page mentions Pango and Pango GmbH as the entities behind Betternet. Strangely, when one clicks on the link to the Pango privacy policy, one is redirected to … (surprise!) Aura, the same group of companies that own Hotspot Shield. Additionally, other VPN services are mentioned, such as Hexatech and TouchVPN.

VPN privacy - Who is Aura?

Of course, the same privacy policy applies to all services managed by the group, which implies that user tracking is performed at scale.

2. Service security

A service vulnerability that allowed hackers to push fake updates and install malicious apps was discovered in 2020. The Betternet team fixed the issue rapidly after it came out, but the question regarding Betternet security practices remains.

3. Third party auditing

The Betternet Android app was listed in the article that presented VPN apps that included tracking technologies. The Betternet app had, at the time of the study (2017), no less than 14 tracking libraries!

Conclusion: is Betternet safe to use? I don’t think it is. You should better find other VPNs that have a better reputation.

As Hexatech and TouchVPN are also run by Aura my advice is to stay away from them too.

[3] Hola VPN

VPN services that may not protect your privacy - Hola.ord

Hola is another hugely popular free VPN service. However, it logs as much info about you as it can. On the positive side, their privacy policy is transparent about their extensive logging policy.

And, here it is what Hola logs:

  • your IP address;
  • name and email address, screen name;
  • payment, billing information, and any other information you provide to the service;
  • when you register through a third-party website (such as Gmail), Hola gets access and logs your user name, email address, profile picture, birth date, gender, and preferences.
  • when you register through a social network account (e.g., Facebook), Hola gets and stores the followings: your full name, home address, email address, birth date, profile picture, friends list, personal description, as well as any other information you made publicly available on your social media account;
  • installed applications from your devices;
  • browser type, web pages you visit, time spent on those pages, access times, and dates (for free users).
Data collected by Hola

As you can see, by using Hola, your private data stops being private. It is transferred, stored, and probably used by Hola.

Moreover, Hola shares gathered data with “trusted third-party service providers or partners for the purposes of providing you with the Services, storage, and analytics.” This means that your data is furthered processed and used, probably, against you.

And, yes, Hola may hand you your data and your profile to authorities, even though Israel, where Hola headquarters are located, is not a “Fourteen eyes” country.

Data shared by Hola.org

Conclusion: stay away from Hola if you consider that your data should remain private!

[4] PureVPN

PureVPN is a solid VPN provider with a privacy policy that states clearly that the service does not keep “any logs that can identify or help in monitoring a user’s activity”.

PureVPN privacy policy

However, PureVPN was caught logging user data. In 2017, an investigation made public revealed that PureVPN provided data to the FBI for the criminal case. That proved that the “no logs” claim was untrue. This should raise some concerns for those interested in privacy and anonymity.

PureVPN logs FBI

It is fair to mention that in 2019 and 2020, PureVPN completed two no-logs audits conducted by Altius IT and KPMG, respectively. The audits confirmed that, at the time of the audit, PureVPN kept not logs, and they “did not find any evidence of system configurations and/or system/service log files that independently, or collectively, could lead to identifying a specific person and/or the person’s activity when using the PureVPN service.”

Conclusion: Is PureVPN safe? Taking into account the latest audits, we may say it is. However, the fact that at some point, PureVPN shared user data with authorities remains a red flag.

Summary

Your personal data is important, and you should keep it private. It sounds obvious, but sometimes it is not. Especially when it comes to data privacy in the Internet world.

Plenty of apps and services gather access to your data and use them for their own gain. Don’t let this happen!

Online privacy and security are built on trust. That is why we have listed several VPN services that may have trust issues and that you should, in my opinion, avoid.

Do you know another VPN provider that should be on the list? Feel free to let us know in the comments below. Would you like to be notified when we publish new articles? Subscribe to our newsletter! It will make a Transylvanian baby-bat 🦇happy.

Leave a Reply

Your email address will not be published. Required fields are marked *

VPN hardware vs VPN software - article banner
Up Next:

VPN hardware vs VPN software - The main differences explained

VPN hardware vs VPN software - The main differences explained