SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
40% of free VPN apps found to leak data
Mon, 16th Nov 2020
FYI, this story is more than a year old

Recent political developments around the world have created an increased demand for VPN services. In Hong Kong, citizens flocked to VPNs to protect their freedom of speech, while Turkey, Pakistan, and India banned hundreds of apps even the US flirted with the idea of banning TikTok.

According to new research from NordVPN, the interest in consumer VPN apps spiked by 32% in July compared to the average 1% growth rate in previous months. In August, when the Trump administration announced they were considering banning TikTok, demand for free consumer VPNs grew by 48%.

Free VPN app category downloads in the US, Jan-July 2020. (Apps analyzed: Best VPN Proxy Betternet, Hi VPN - Free VPN Proxy, Server, Hotspot VPN Service, Hola Free VPN Proxy Unblocker, HotspotShield VPN - Wifi Proxy, NordVPN fast VPN app for privacy - security, SuperVPN Free VPN Client, Turbo VPN - Free VPN Proxy Server - Secure Service). SensorTower data.

ProPrivacy has researched the top 250 free VPN apps available on Google Play Store and found that 40% failed to adequately protect users privacy.

These apps, which falsely claim to protect privacy, collectively amount to 81.4 million downloads. This equals the populations of Germany, Turkey, and Iran, or a quarter of the US population.

According to NordVPN, the public's perception of digital privacy is changing.

"The number of VPN users is increasing as governments across the world are treating their citizen's privacy with contempt," it says.

"Some examples include the UK passing the law dubbed The Snoopers Charter, the US administration allowing ISPs to track customers and sell data to third parties in 2017, and the Chinese criminalising criticism of the government. The latest action resulted in the number of NordVPN inquiries from Hong Kong increasing by 120 times."

"The growing awareness of digital privacy has become hugely lucrative for opportunists. A survey run by NordVPN shows that half of Americans are using VPNs, and a third of them rely on free services."

Whats wrong with free VPNs?

ProPrivacy tested free VPNs for a range of leaks using both IPv4 and IPv6 connections. The results were disturbing. Four in every ten tested VPNs had a leak. This represents a monumental failure for almost half of all free VPNs and could potentially be putting the privacy of their users at risk.

"There is no such thing as a free lunch. If a user does not pay for a service, there must be an alternative price to be paid. And, very often, it's privacy.

"That is exactly what happened this July, when seven free VPN providers were caught leaking 1,2TB of personal user data despite their continuous claims to be holding no logs," says Daniel Markuson, Digital Privacy Expert at NordVPN.

Additionally, a study by CSIRO discovered that more than 75% of free VPNs have at least one third-party tracker rooted in their software. These trackers collect information on customers online presence and forward that data to advertising agencies to optimize their ads.

Ways to know your VPN is trustworthy

Reliable VPN providers invest their time and effort in auditing their service for no-logs policy affirmations, participate in the VPN Trust Initiative led by i2Coalition, and have very detailed and clear terms of service and privacy policy statements.

According to Markuson, when looking for a trustworthy VPN provider, the user should at least check if the claims of no-logs are based on evidence.

"If the service they are choosing is free of charge, it should be a red flag to question where the provider is getting funding and how they survive. Usually, the answer is that they make money by selling users data to third parties.

"Free VPNs are notoriously bad when it comes to privacy, entirely defeating the point of downloading a VPN to protect your privacy in the first place," he says.

"To help users ensure their VPN is working as it should, we have created a simple VPN Leak Testing tool, which walks users through a number of steps to properly test their VPN and protect themselves online," adds Sean McGrath, Editor and Free VPN Leak Project Lead at ProPrivacy."