8 Ways Free VPN Services Are Making Money from You
Despite being disturbing and unethical, these practices are legal if disclosed in the VPN’s privacy policy and agreed to by the user. The discrepancies between the privacy claims and the privacy policy of free VPNs actually gave rise to a complaint against HotSpot Shield Free VPN filed with the Federal Trade Commission in the US. Although it hasn’t been settled yet, this case highlights the importance of careful consideration of the agreements users enter into.
Are free VPNs really that bad? How free VPNs profit from their users
Using a free Virtual Private Network (VPN) has become commonplace for many internet users. It promises to bring all privacy and security benefits of a VPN at no cost. Do they really deliver on this promise? How do free VPNs make money?
A ProPrivacy survey established that out of more than 1.25 billion downloads of consumer VPNs on the Google Play Store alone, a staggering 81.4 million were linked to potentially risky apps. Moreover, the number of users leaking information was estimated at an alarming 39 million.
It’s critical to understand the allure of ‘free’ VPNs. In the world of VPNs , they might sometimes come with a steep hidden price tag and considerable hazards. We’ll explore the shortcomings and risks you face when opting for such solutions.
Featured partners: This week’s best deals
Editor’s Choice
Best value
Surfshark 24
All-rounder
ExpressVPN 12 month
All-rounder
CyberGhost 2
How free VPNs make money from their users
In general, VPNs collect two types of user data: connection logs and usage logs. While the former are required for troubleshooting and service improvement, the latter give additional information about the user’s activities online, such as visited sites, downloaded information, online interactions, and locations.
Feeless as they may claim to be, free VPNs can largely profit from the information they collect. Let’s look at the various monetisation strategies some free services employ.
Selling user data
Free VPNs often utilise various data-tracking technologies such as cookies, web beacons, and tracking pixels to monitor your online activity. These digital footprints, coupled with the personal information you provide during registration (your name, address and email), are frequently repackaged and sold to advertisers or data brokers. In fact, the above-mentioned ProPrivacy research reports 40 per cent of free VPNs on the Google Play Store can leak personally identifiable data.
Far from acting as guardians of your privacy, such free VPNs could potentially auction off intricate details of your life and preferences to the highest bidder. Selling user data may extend to sharing your email with third-party businesses, opening the floodgates to an influx of spam and unwanted emails. The ramifications go beyond a cluttered inbox – you’re also left vulnerable to phishing emails and other malicious activities, adding significant risk to the perceived convenience of free VPNs.
Despite being disturbing and unethical, these practices are legal if disclosed in the VPN’s privacy policy and agreed to by the user. The discrepancies between the privacy claims and the privacy policy of free VPNs actually gave rise to a complaint against HotSpot Shield Free VPN filed with the Federal Trade Commission in the US. Although it hasn’t been settled yet, this case highlights the importance of careful consideration of the agreements users enter into.
Targeted ads
By nature of their business model, free VPNs often need to compensate for the lack of user subscription fees. One common method is leveraging the vast data they gather for advertising purposes.
They may directly use your data for marketing. Anytime you log in or search for something online that piques your interest, the VPN takes note. This data then informs the types of ads they present to you and how they can do so most efficiently. Touch VPN, for example, offers only free services, and its revenue is generated by in-app ads and purchases only.
Advertisers pay to feature ads within VPN apps, leading to users being flooded with pop-up ads. These ads are often personalised, which suggests the VPN has shared your data with the advertisers, potentially including the browsing history you intended to safeguard. This unfortunate paradox illustrates how the tool you trusted to maintain your privacy could instead be violating it for profit.
Using cookies to track you online
Contrary to the promise of anonymity, many free VPNs track users’ online activities, using connection and usage logs to profile user habits and interests.
As mentioned above, browser cookies, web beacons, and tracking pixels are common tools for monitoring online behaviour. While these tools keep tabs on your online activities, they’re often invisible.
As a result, even though you may believe you’re navigating the web anonymously, your online activities could be continually monitored, with some free VPNs even selling this data to third parties. This practice fundamentally undermines the intended purpose of a VPN – to protect your online privacy.
Using a free VPN could also lead to legal implications if it is based in one of the Five, Nine, or 14 Eyes alliance countries, obliging them to share user data with government agencies upon request. Therefore, while free VPNs might seem tempting, they often come with hidden costs to your privacy and potentially even your legal standing.
Upselling tactics
While free VPN services can offer a useful starting point, many employ upselling tactics to encourage users to switch to their paid plans. These methods often limit the free service, intending to make the premium offering more appealing. Upselling tactics could include:
- Data limits : Many free VPNs will restrict the amount of data you can use or throttle your connection speed. For example, Windscribe and Hide.me impose a 2GB and 10GB monthly data cap respectively, and with Hotspot Shield, users are limited to 500MB daily. Once you’ve reached this limit, you’ll likely be nudged to upgrade to a premium plan, promising unlimited data usage and faster speeds.
- Restricting geo-blocked sites : Free VPNs may limit the servers or countries you can connect to, barring you from accessing certain websites or services locked to specific geographic locations. For instance, Opera VPN limits the server selection to three regions for its free plan. If you wish to access these restricted sites, you’ll often find yourself being prompted to upgrade to a paid plan with a wider range of server access.
- Spam email : Finally, you may find your inbox inundated with promotional emails highlighting the limitations of the free plan while extolling the virtues of the premium services. Although these emails are part of the VPN provider’s marketing strategy, the volume and content can sometimes cross into the realm of spam.
Ultimately, all these upselling tactics aim to guide you towards paying for premium services by emphasising the potential benefits of paid VPN services.
Infecting your device with malware
Alarmingly, some free VPNs jeopardise the security of your device by covertly unloading malware, including spyware or ransomware, onto your computer, tablet, or smartphone, potentially causing significant damage.
Using malware, VPNs may gain complete control over your device, enabling unrestricted access to your stored data. From your device’s information and location data to more personal details such as emails, messages, and phone numbers, all data stored in your device can be extracted, edited, modified, and deleted.
A stark example of fraudulent tactics to make profits is the case of Hola , a VPN service known to utilise malware to transform its free users’ devices into exit nodes or VPN servers. As a peer-to-peer proxy service, Hola utilised users’ bandwidths and IP addresses to cater to its paying customers without knowledge or consent.
Getting you to advertise them on your social network feed
Sometimes, free VPNs encourage their users to advertise their services on social media. They might offer perks like extra data or faster connection speeds if you post about them on sites like Facebook, Twitter, or Instagram.
Here’s how it usually works: the free VPN asks you to mention their service on your social media, perhaps with a good review or a recommendation to your friends. In return, you get some benefits from the service.
This might seem like a fair swap, but keep in mind that you’re essentially providing the VPN with free advertising. It’s important to think about what you’re doing. Promoting a free VPN service could encourage others to use a service that might put their online privacy or safety at risk. Always read the small print and consider the potential impact before you agree to promote any service.
Selling your bandwidth to paying users
Like Hola, which we discussed above, some free VPNs can use your internet connection to benefit their paying customers. This is particularly relevant when a VPN offers both a free and a paid version. While you, as a free user, can connect to the internet without any obvious limitations, the VPN could be using your connection in unexpected ways.
An example of this tactic is when a VPN takes your unused internet capacity, essentially your “bandwidth”, and passes it to their paying customers. In simpler terms, the VPN uses your internet resources to improve the service for those who pay, creating a profit from this exchange.
To avoid this, consider switching to the VPN’s paid version if they have one. However, not all VPNs openly admit to this practice, which means you may not be aware if your device’s connection is being used to enhance someone else’s browsing experience.
Creating botnets
A botnet is a cluster of interconnected computers synchronised to carry out harmful actions. Individual machines within this network, called “bots”, are manipulated by a third party to circulate malware, launch attacks, or distribute spam. The control often infiltrates the machines through viruses or worms, converting them into “zombies” to serve malicious intents.
In addition to utilising their users’ bandwidths, Hola permitted free users’ devices to become part of a large botnet used for anonymous malware attacks. Not only does this misuse place your device at risk, but it can also get you involved in potentially harmful online activities stemming from the supposed safety of a free VPN service.
Despite the publicity of this incident, some free VPNs continue these practices unchecked, posing a substantial risk to their users.
Free VPNs vs paid: You get what you pay for
In comparing free and paid VPN services, it’s important to consider several crucial factors, such as data limits, the number of servers, and the number of locations. Let’s look at two popular providers: Windscribe’s free version and Surfshark’s paid service.
| Feature | Windscribe free | Surfshark paid |
|---|---|---|
| Data limit | 2 – 15GB/month: 2GB/month standard; up to 10GB/month if registered with an email; plus 5GB/month if the user tweets about Windscribe | Unlimited |
| Number of servers | 11 | 3,200 |
| Number of locations | 11 | 100 |
Unlike the Surfshark paid service offering an unlimited data allowance enabling you to stream, download, and surf as much as you like, Windscribe’s free VPN service offers a monthly data limit of 2GB. Even if you have registered with your email, tweeted about Windscribe, and are therefore provided with the maximum data allowance of 15GB per month, it could be a constraint for a heavy user.
In terms of server options, you can connect to 11 different servers across 11 locations with Windscribe’s free version. While this might seem adequate for casual browsing, it can be limiting if you require more extensive access. On the other hand, with a subscription to Surfshark’s paid VPN service, you have access to more than 3,000 servers located in more than 100 locations worldwide, offering a much more extensive network and freedom to its users.
Best alternative to
NordVPN is one of the most trusted VPN providers in the world, offering top-notch encryption, incredible speeds, and extra features to make all your online activities more secure.
8 Ways Free VPN Services Are Making Money from You
- August 03, 2018
- John Mason
(Spoiler: Your Data Isn’t so Private After All)
So, you wanted to protect your online privacy and got yourself a free VPN. You felt a surge of adrenaline as you turned it on and started browsing the web.
No longer was your personal data at the mercy of your ISP or DNS servers. You thought that you’d escaped from the tracking technology of personalized ads and that you were 100% secure.
Well you thought wrong!
“Nothing is truly free” is a saying that rings true especially for free VPNs. True, you may not be paying anything directly, but what you may not know is you’re still paying with something else more valuable – your personal data.
How can this be possible? Read more and find out how free VPNs make money from you!
1. They Insert Cookies, Web Beacons, and Pixels
Normally, being offered a cookie is great, especially if you have some milk on hand,but, not when they’re browser cookies. These little packets of data can track your browsing history without you even knowing about it.
Web beacons are similar to browser cookies in that they can also track your internet usage by using a clear picture file.
Tracking pixels are graphics with 1×1 dimensions that are loaded every time you visit a website or email and are used to track certain activities.
So, what do these three have in common? They all track your online habits in some way.
Free VPNs make money from you by permitting advertisers to insert these little trackers that collect information about your browsing history.
2. They Show You Ads
Letting advertisers access your data isn’t the only way free VPNs make money from you. They also make more money by letting their partners or sponsors display ads while using their service.
True, most ads may not be obtrusive enough to be a real bother, but they can still make the whole experience less enjoyable – not to mention annoying if you have to scroll down twice or thrice as much because they’re in the way.
What takes the cake would have to be those unskippable pop-up ads that require you to wait for a few seconds to a whole minute!
3. They Give Away Your Email to Their Business Partners
Some free VPNs give your email away to their business partners or third parties. This presents a huge problem because you never know what your email could be used for.
Ransomware, phishing, cryptojacking, and spam emails are just some of the cyber-threats that use email as an attack vector. This is why you should never allow anyone to mishandle your email – even your free VPN service.
4. They Make Your Computer an Exit Node for Paying Users
Most free VPNs also offer a paid subscription to their service. Normally, they let you use their free VPN service as a “free taste” of what their paid service offers. This means that they make money from their paid subscription and not from their free service.
The problem arises when a company offers their free VPN service wholly separately from their paid subscription. This is because they sell access to your network and computer, thereby, making it an exit node which other (paying) users can access the internet.
While this may not seem so bad an exchange for free VPN services, remember that being an exit node means that all the traffic made by other users goes through you- including illegal traffic. This could get you into a lot of trouble and you’re doing it at your own risk for free WHILE the company makes money from the paying users using you as an exit node.
5. They Sell Other Collected Information to Their Partners or 3rd Parties
If the free VPN you’re using doesn’t let their partners or 3rd parties track you, it may be because they (your free VPN provider) are doing it themselves and then selling the data they collected afterwards.
Some companies admit to doing this, but you still may not be aware of it since their notice to you is hidden away in their privacy policy – which, most of the time, is worded in legal jargon to keep you from fully understanding what you’re getting yourself into.
6. They Set Limits on Purpose
Remember the free VPNs that also offer paid services (#4)? The good ones will tell you outright that they’re only offering limited free services in the hopes that you’ll eventually upgrade to the paid subscription (which usually carries with it better services, anyway).
On the other hand, there are those that don’t warn you at all. They limit your data, bandwidth, and even disable peer-to-peer connections (torrents included) on purpose to manipulate you into upgrading to their premium service.
7. They Use Your Data for Marketing and Advertising Purposes
Some free VPNs tell you up front that they may (read: will) use your data for marketing purposes. This poses a threat because it means they are actually logging your data and using it to determine how best to sell you ads.
How is this different from numbers 1, 2, and 3? The difference is jurisdiction – specifically 14-eyes jurisdiction. Any VPN company situated in the countries under the 14-eyes jurisdiction can be compelled by their government or proper authorities to retain and surrender any and all data that may come into their possession – which includes your personal data that they logged.
8. They Openly Share User Data with Their Marketing Partners
Perhaps the most dangerous action a free VPN company can do is to openly share user data with their marketing partners. This differs from the preceding number in that this means that the free VPN and their marketing partner are basically one and the same entity as far as your personal data is concerned.
They are the most dangerous because they’re bluntly making you their “cattle” from which they can harvest the “milk” of your data. To these companies, your privacy, convenience, and safety come second to their money-making.
In the end
I don’t recommend using free VPNs. They sell/give away/share your information, let third parties track your internet traffic, show you ads, and even manipulate you by purposely setting limits. All of these acts ultimately mean that your privacy isn’t as secure as you thought it was.
If your free VPN doesn’t protect your privacy, why use it in the first place?
For more info on bad VPN practices, visit my original post: TheBestVPN: How Free VPNs Sell Your Data.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.
Share this Post
About the author
John Mason
John Mason is a cybersecurity enthusiast. In his free time, he likes to give (free and paid) consultations and write about privacy related concerns, news, politics and technology. His work has been published in Tripwire, Digital Guardian, Glassdoor, StaySafeOnline and many more. His website is located here: JohnCyberMason.com