Using a virtual private network (VPN) service when connecting to the internet has long been recommended as a way to keep data private and secure. The interest in VPNs intensified earlier this year after Congress decided to roll back rules meant to protect user privacy and instead allow internet service providers (ISPs) to sell data about customers without consent.
“While VPNs have always been appropriate for untrusted networks, like unsecured Wi-Fi at places like coffee shops and airports, this change now means that we must all think about our home network connections as untrusted as well,” said Jarret Raim, head of strategy and operations for Rackspace Managed Security in San Antonio, Texas.
With this in mind, people are looking for VPN service providers. A quick search through the Google Play or iPhone app store will bring up a lot of free VPN options — and free always looks like the more attractive option.
But are the free VPN services as reliable and trustworthy as a paid VPN, or do you get what you pay for in these cases? What are the pros and cons of free versus paid VPNs?
The top “selling” point for a free VPN is the price. Some free, or partly free, options are supported by reputable security companies. Many free VPNs allow total anonymity because you often don’t have to provide too much personal and financial information, or even sign up for an account at all.
However, when it comes to free VPN offerings, you often really do get what you pay for.
For starters, the security of your data is questionable, as many free VPN services provide only one kind of VPN connection: the Point-to-Point Tunneling Protocol (PPTP), which is supported by most computers but is no longer considered secure. (Some mobile VPN apps don’t encrypt connections at all.) PPTP is fine if you don’t care about strong encryption and really just want to watch streaming video from other countries, but it won’t protect you from prying eyes.
Paid users usually have more options, such as OpenVPN (an open-source protocol that uses SSL encryption) or the Layer 2 Tunnel Protocol (L2TP) and IPsec combination. (L2TP itself is not encrypted, so IPsec adds the encryption layer.)
“If you’re paying for a good quality VPN, you can get 256-bit data encryption, compared to a free VPN, which is likely to only have 128-bit encryption,” explained Adnan Raja, vice president of marketing for Atlantic.Net, an IT consulting firm in Orlando, Florida.
You probably should avoid VPN services that offer only PPTP, or that don’t tell you which protocols they use or support. If a free service supports OpenVPN (and some do), that’s much better — but it still doesn’t mean the service is OK to use.
Quality of service
Free services have to pay for their overhead costs somehow. That revenue sometimes comes in the form of selling your browsing activity to third parties for advertising purposes, Raja said.
“This means your data isn’t 100 percent private,” he said. “Your web experience can be riddled with ads, have bottle-necked bandwidth speeds, lack data encryption, and even have monthly capped data usages.”
Many free VPNs pay the bills by displaying ads, which in and of itself isn’t nefarious. Many are simply the lowest tier of otherwise paid services, such as CyberGhost, Spotflux or AnchorFree Hotspot Shield.
These partly free services, which are generally reputable, put a limit on how much data the user gets, how quickly he gets it, or how many servers he can connect to before he has to start paying.
By contrast, fully paid VPN services usually provide much better quality-of-service. They offer unlimited data and hundreds (or thousands) of connection points, and generally don’t throttle delivery rates.
Free VPN services could even make you complicit in cyberattacks. The popular free VPN service Hola, for example, in 2015 was used in an online attack against a website, using customer bandwidth to deploy a botnet.
Paid VPNs tend to be more robust than free VPNs and less vulnerable to outages and meltdowns. You will also be more likely to have tech support available for a paid service than you would for a free service.
“A paid service will protect user interests and sensitive data at much higher speeds, whereas a free service could outsource to a third party to write its code, monitor systems and operate servers,” Raja said.
Finally, you don’t want a service logging your activities — keeping track of what you do and where you go online when you’re connected. If the company says it logs user activity, or, more likely, doesn’t state its logging policy, avoid it.
(In the fall of 2017, PureVPN, which is based in Hong Kong and says it doesn’t keep user logs, was named in a federal indictment as having provided user logs to the FBI. We’ve reached out to PureVPN for comment.)
Likewise, check to see where the VPN is legally based, which determines which government’s regulations it must obey. You don’t want to use a service that’s based in Russia or China — or, some people might argue, in the United States.
Some VPN services are registered in offshore banking havens such as Panama or the British Virgin Islands, and in such cases it’s often difficult to figure out who really owns or runs the company, or where it is based. Such anonymity is great if you’re trying to hide something illegal, but you might have a hard time getting your money back if you’re dissatisfied with your service.
Is there a con to using a paid VPN service over a free one? Having all of your network traffic heavily encrypted might slow down your transmission speed, but that’s dependent on the provider.
If you plan to turn to a VPN because you don’t want your ISP spying on you and selling your information, you may be out of luck.
“The most important thing to know about VPN providers is that they, like your ISP, have the ability to track all the traffic sent across their networks,” Raim said. (The question is whether they do, but you’ll have to take their word on that.) “As the driver to moving to VPNs is to protect that data, we need to choose our VPN providers carefully.”