VPNs Can Help Your Organization’s Cybersecurity
Virtual Private Networks (VPNs) create private and secure tunnels through public Internet space in which we nest our networks. They give us anonymity, protect our resources, and often allow us to get around geo-specific barriers to software and services. But you know all that. There are paid VPN services and free VPN services, but you know that, too. Often, in this world of getting the most with spending the least, our wallets (or, rather, those of our bosses) predicate examining VPNs that cost nothing. But be warned: just because you’re not paying for something doesn’t mean you won’t pay for it.
Everything Has a Cost
Nothing online is really free—everything comes at a cost. You might not realize what the cost is, but it’s always there. So, what are the hidden costs of a free VPN service?
In an independent study by CSIRO, 283 VPN-based Android apps were analyzed. One of the key findings was over 38% of the apps had some sort of malware presence. Though this study was done on Android apps, you can easily extrapolate that these statistics are likely very similar to apps and services on other platforms.
In the same study, it was found that 75% of apps used third-party tracking libraries. The top two trackers were Google Ads and Google Analytics, but the paper also pointed out that some of the least common tracking libraries used in all apps were the most prevalent in VPN apps. Some of this makes sense: instead of charging you for the app, the developer is relying on ad revenue. But the pervasiveness and quantity of these trackers is still worrying.
Third-Party Access to Private Information
82% of the apps analyzed in this study requested permissions to access more private information. Some wanted access to SMS messages, while others wanted to view other apps’ activities or read system logs. This last permission is categorized by Android as “highly sensitive,” as it can “expose personal information (including passwords).” Again, some of these permissions can be explained as being normal for the services offered, but the depths at which these free VPN apps are gaining access to your resources and protected information is troublesome.
Another way free VPNs can make money is by enticing you to opt for paid versions of their free services. The easiest way to do this is through tiers of service. You want free? Okay, that’s fine—but you’ll have to put up with low speeds and a very limited amount of data that can be transferred per day. Want the service you thought you were getting? Well, just take out your credit card and upgrade to the premium package.
Sale of Private Data
This is a little different than allowing third-party apps to access your data; this is the explicit selling of the data you provided when you created an account, as well as your usage statistics, to third parties. Luckily, due to GDPR and other privacy laws, this exploitation of private data does need to be spelled out for potential customers (it just might mean you have to read lots of fine print before you sign up).
Sale of Bandwidth
This one isn’t common, but it has happened. Hola’s free services allow users to get around geo-specific barriers to watch videos and TV shows. However, they also run another paid proxy site called Luminati. What do these two sites have in common? Basically, Hola has been selling unused bandwidth from its free Hola users to its paid Luminati users. And what has this bandwidth been used for? In one example, it was used as a botnet to run multiple DoS attacks against an online forum. What else is the bandwidth of free users being used for (other than making money for the company providing the free service)? No one knows.
Is A Free VPN Worth It?
In short, yes and no. You must do your research and read any and all fine print before agreeing to grant access or move traffic. And remember, some free VPN apps are better (read: safer) than others. However, always keep in mind these words from Ryan O’Leary, president of the Threat Research Center at WhiteHat Security, “The lower the cost of the [VPN] app, the greater the chance they have security problems. . . . At best, they are using ads to earn income. At worst, they are selling your private information. . . . When done correctly, VPNs are a good option [for extra security]. But never forget that, in the end, you get what you pay for. “