Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More
New research has uncovered some disturbing findings for free VPN users, with several prominent Chinese-run free VPNs found to be keeping logs of user data. Up to 20 million users may have unknowingly had their data stored this way.
Despite marketing themselves as not collecting users data, the companies were discovered to be harvesting data, plus storing it in an unsecured backend server.
The news comes as a reminder that while some VPNs may be free, you could pay a price by trusting them with your data.
Looking for a safe VPN? Check out our guide to the top 10 most secure VPNs of 2020
Research by vpnMentor
The research, carried out by vpnMentor this month, was part of an ethical hacking project to test VPN systems for weaknesses. The group were actively looking for vulnerabilities, so they could be reported to the companies responsible to be fixed. It’s a common practice in the software industry, with most companies offering rewards for information. The idea is that these exploits can be patched before a genuine hacker takes advantage of them.
The results of the discovery are shocking for two reasons. Firstly, sensitive user data was left on unencrypted servers, meaning that it was easily accessible. But more alarmingly, the data should never have been there in the first place, as the VPNs investigated all claim to be “zero log” solutions. In theory, this means that they don’t collect data on users.
The information available, in plain text, included:
- usernames
- passwords
- email addresses
- home addresses
- device information
- Bitcoin accounts
According to the group, this data included the personal details of up to 20 million users. The files came to a whopping 1.2TB of data, and included 1,083,997,361 files.
As for the impact of this data falling into the wrong hands, the database represented a goldmine for scammers, opening up the users to fraud, blackmail, impersonation, doxing, hacking and more. And that’s before considering the implications of states being able to learn details of VPN users. In China itself, for example, it’s illegal to use a VPN.
The VPNs collecting data
The VPN apps found to be using these unencrypted servers are all Hong Kong-based, Chinese software packages. According to vpnMentor, the belief is that they are white label software that can be repackaged by a third party and sold under a different name.
The apps found to be using the unencrypted servers are:
- UFO VPN
- Fast VPN
- Super VPN
- Free VPN
Needless to say, if you are currently using one of these apps, we recommend uninstalling it immediately, and changing any passwords that you may have used with the software. All these VPNs are still available on the Google Play Store, and between them have millions of users.
As part of their research, vpnMentor reached out to the parent companies of these apps and informed them of its findings, before going public with its report. The responses were, on the whole, dismissive, and denied any issue. One company, UFO VPN stated:
We do not collect and restore users’ home addresses. ‘Clear text passwords’ are not the password for logging in their accounts. It must be the tokens to connect VPN servers, and we collect it within feedback from users to check if the wrong token is applied. We name it “password” in feedback and store it in cleartext. – UFO VPN Spokesperson
However, the evidence collected by vpnMentor strongly disputes this response from the company. It was able to do this by signing up for the VPN service itself, and then searching the unsecured server again, where it found the newly made account, complete with unprotected username and password stored in plain text.
Can You Trust a Free VPN?
A free VPN can be tempting, but as this report shows, they’re not without their risks. Not only might you be leaving your personal data exposed, but you’ll also be getting a pretty poor service.
Free VPNs tend to be slower, host advertising, and generally not offer much in the way of features. So, they really don’t have much going for them.
If you are tempted by a free VPN, we’d strongly recommended opting for one that’s based out of Hong Kong, like the ones named in the report. Due to a recent change in law, those found guilty of secession or subversion can be imprisoned for life – making operating and using a VPN there much higher risk. In fact, many VPNs, such as US-owned IPVanish and Private Internet Access, have actually pulled their Hong Kong servers as a direct result of these changes.
Secure VPNs from under $3 per month
The best way to ensure that your online activities remain secure and unexposed is with a paid for VPN service. The cost isn’t prohibitive, starting at a few dollars a month, and they offer a wealth of features, servers, and fast download speeds. Some even offer military grade security.
In our table below, you can see our recommendations for the best secure VPNs you can choose, with prices beginning from under $3 per month:
| Price From Lowest price for single month subscription to cheapest paid tier. Other plans are available. | Verdict | No. of Devices | No. of Servers | Zero Data Logging | Kill Switch | Stealth Servers | Malware & Ad Blocker | RAM-only servers | Double VPN | Try Click to find the latest offers, deals and discounts from the VPN provider | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Best for Privacy  | Best Security Features  |  |  |  |  |  |  |  |  | |||
|
| $1.63/month | ~$4.87 per month | $2.99/month | $8.32/month | $9.99/month | $1.00/month (5-year plan) | $3.99/month | |||||
| Super fast and easy to use, NordVPN is among the best we’ve tested. Advanced features like Onion-Over-VPN make it stand out from the crowd. | An excellent price for a powerful VPN tool with an adblocker, malware detector and no limit on the number of devices you can use it on. | Affordably priced ultra-secure VPN that has great privacy features but is a little slow. | A decent option for seasoned torrenters, but a little pricier than PureVPN and Private Internet Access. | A fast VPN that performed well on our speed tests, and also owns a lot of its own server infrastructure. | A highly reliable VPN with servers in more than 100 countries – but it comes with one of the heftiest price tags on the market. | A safe, simple, outstanding VPN, with thousands of servers dotted across almost 70 different countries. | A reliable, widely-used VPN that has decent privacy controls, but it performed very poorly on our speed tests. | Excellent privacy features for the security-minded | A beautifully simple VPN, with great security provisions | |||
| 6 | Unlimited | Unlimited | 10 | Unlimited | 5 | 5 | 8-12 | 5 | 10 | |||
| 5,000+ (60+ countries) | 3,200+ (65+ countries) | 30,000+ (84+ countries) | 1,800+ (64+ countries) | 2,200+ (55+ countries) | 3,000+ (94+ countries) | 7,600 (78+ countries) | 3,000+ (50+ countries) | 6,500 (100+ countries) | 1,800+ (40+ countries) | |||
| | | | | | | | | | | |||
| | | | | | | | | | | |||
| | | | | | | | | | | |||
| | | | | | | | | | | |||
| | | | | | | | | | | |||
| | | | | | | | | | | |||
| See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals | See Deals |
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page
