Free Chinese VPNs Expose Data of Millions of Users

Jack Turner

Our independent reviews and recommendations are funded in part by affiliate commissions, at no extra cost to our readers. Click to Learn More

New research has uncovered some disturbing findings for free VPN users, with several prominent Chinese-run free VPNs found to be keeping logs of user data. Up to 20 million users may have unknowingly had their data stored this way.

Despite marketing themselves as not collecting users data, the companies were discovered to be harvesting data, plus storing it in an unsecured backend server.

The news comes as a reminder that while some VPNs may be free, you could pay a price by trusting them with your data.

Looking for a safe VPN? Check out our guide to the top 10 most secure VPNs of 2020

Research by vpnMentor

The research, carried out by vpnMentor this month, was part of an ethical hacking project to test VPN systems for weaknesses. The group were actively looking for vulnerabilities, so they could be reported to the companies responsible to be fixed. It's a common practice in the software industry, with most companies offering rewards for information. The idea is that these exploits can be patched before a genuine hacker takes advantage of them.

The results of the discovery are shocking for two reasons. Firstly, sensitive user data was left on unencrypted servers, meaning that it was easily accessible. But more alarmingly, the data should never have been there in the first place, as the VPNs investigated all claim to be “zero log” solutions. In theory, this means that they don't collect data on users.

The information available, in plain text, included:

  • usernames
  • passwords
  • email addresses
  • home addresses
  • device information
  • Bitcoin accounts

According to the group, this data included the personal details of up to 20 million users. The files came to a whopping 1.2TB of data, and included 1,083,997,361 files.

As for the impact of this data falling into the wrong hands, the database represented a goldmine for scammers, opening up the users to fraud, blackmail, impersonation, doxing, hacking and more. And that's before considering the implications of states being able to learn details of VPN users. In China itself, for example, it's illegal to use a VPN.

The VPNs collecting data

The VPN apps found to be using these unencrypted servers are all Hong Kong-based, Chinese software packages. According to vpnMentor, the belief is that they are white label software that can be repackaged by a third party and sold under a different name.

The apps found to be using the unencrypted servers are:

  • UFO VPN
  • Fast VPN
  • Super VPN
  • Free VPN

Needless to say, if you are currently using one of these apps, we recommend uninstalling it immediately, and changing any passwords that you may have used with the software. All these VPNs are still available on the Google Play Store, and between them have millions of users.

As part of their research, vpnMentor reached out to the parent companies of these apps and informed them of its findings, before going public with its report. The responses were, on the whole, dismissive, and denied any issue. One company, UFO VPN stated:

We do not collect and restore users’ home addresses. ‘Clear text passwords’ are not the password for logging in their accounts. It must be the tokens to connect VPN servers, and we collect it within feedback from users to check if the wrong token is applied. We name it “password” in feedback and store it in cleartext. – UFO VPN Spokesperson

However, the evidence collected by vpnMentor strongly disputes this response from the company. It was able to do this by signing up for the VPN service itself, and then searching the unsecured server again, where it found the newly made account, complete with unprotected username and password stored in plain text.

Can You Trust a Free VPN?

A free VPN can be tempting, but as this report shows, they're not without their risks. Not only might you be leaving your personal data exposed, but you'll also be getting a pretty poor service.

Free VPNs tend to be slower, host advertising, and generally not offer much in the way of features. So, they really don't have much going for them.

If you are tempted by a free VPN, we'd strongly recommended opting for one that's based out of Hong Kong, like the ones named in the report. Due to a recent change in law, those found guilty of secession or subversion can be imprisoned for life – making operating and using a VPN there much higher risk. In fact, many VPNs, such as US-owned IPVanish and Private Internet Access, have actually pulled their Hong Kong servers as a direct result of these changes.

Secure VPNs from under $3 per month

The best way to ensure that your online activities remain secure and unexposed is with a paid for VPN service. The cost isn't prohibitive, starting at a few dollars a month, and they offer a wealth of features, servers, and fast download speeds. Some even offer military grade security.

In our table below, you can see our recommendations for the best secure VPNs you can choose, with prices beginning from under $3 per month:

0 out of 0
  • backward
  • forward
Test Score
Our scoring is based on independent tests and assessments of features, privacy settings, ease of use and value.
Verdict
No. of Devices
No. of Servers
Zero Data Logging
Killswitch
Ease of Use
Features
Privacy
Speed
Help & Support
Value for Money
Free Trial
Price From
Try
Click to find the latest offers, deals and discounts from the VPN provider
4.3/5
4.1/5
4/5
3.8/5
3.8/5
3.7/5
3.7/5
3.6/5
3.6/5
3.5/5

A safe, simple, outstanding VPN

Fast, effective, and one of the best

Powerful features and security, but technical

Good service at good speeds

Outstanding value, with an advanced VPN app

A good, well-priced VPN

A decent option for expert users

A beautifully simple VPN, though not the fastest

Superb features, but at a higher cost

Excellent privacy features for the security-minded

5

6

5

5

5

10

10

5

3

5

2,000+

3,605

1,000

3,000

3,035

480

112

130

1,500

450

★★★★★

★★★★★

★★★★★

★★★★☆

★★★★☆

★★★★★

★★★★★

★★★★☆

★★★★★

★★★★☆

★★★★★

★★★☆☆

★★★★★

★★★☆☆

★★★☆☆

★★★☆☆

★★★★★

★★★☆☆

★★★★★

★★★☆☆

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★★★

★★★☆☆

★★★★☆

★★★★☆

★★★☆☆

★★★★☆

★★★☆☆

★★★☆☆

★★★☆☆

★★★☆☆

★★★☆☆

★★★★☆

★★★★☆

★★★★★

★★★☆☆

★★★★☆

★★★☆☆

★★★★☆

★★★☆☆

★★★★☆

★★★★☆

★★★★★

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★☆

★★★★★

★★★☆☆

★★★★☆

$2.88 (2-year plan)

$2.99 (3-year plan)

$3.25 (1-year plan)

$4.99 (1-year plan)

$3.33 (1-year plan)

$4.08 (1-year plan)

$4 (1-year plan)

$5.41 (1-year plan)

$8.32 (1-year plan)

$1.99 (2-year plan)

About our links

Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Jack is the Content Manager for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.

Explore More See all news
close Thinking about your online privacy? Get 74% off PureVPN, Tech.co's top-rated VPN service See Deals