The Risks of Chinese VPNs
Virtual Private Networks (VPN) have become increasingly important since the global Covid-19 pandemic forced billions of people around the world to shelter in their homes, and increasingly rely on the internet for work, entertainment and communication.
VPN demand surged by over 40% worldwide as lockdowns came into force – even doubling or more in 21 countries.
A VPN is a powerful privacy and anti-censorship tool, but there are inherent risks with using one. Unless a VPN service has implemented measures to prevent it from happening, they can see – and potentially log – all your internet traffic.
This makes VPN traffic an appealing target for intelligence-gathering, especially so during this period of heightened demand.
The security risks posed by the involvement of companies like Huawei in the rollout of 5G outside of China are well-documented.
Similarly, companies like Hikvision and Dahua have been blacklisted due to accusations that their surveillance technology has been used in state-sponsored human rights abuses in China.
The world has been slower to catch up to the dangers posed by Chinese ownership of free VPN apps with hundreds of millions of users.
These risks have intensified not only in light of the increased VPN demand but also as China seizes the opportunity posed by the pandemic to export its surveillance tech
We have been reviewing VPNs since 2016, and have been investigating free mobile VPN apps very closely since 2018. We were the first to uncover the extent to which many of the most popular free VPN apps were secretly Chinese-owned, despite China’s strict ban on VPNs and general hostility to internet freedom.
Shortly after we published this report, China introduced sweeping new security laws in Hong Kong.
The powers allow for raids without a warrant, secret surveillance and confiscation of property related to national security offences. Authorities can also order the takedown of online material they believe breaches the law.
These changes make it much harder to argue that Hong Kong-registered VPN apps with mainland Chinese ownership are somehow beyond reach of Beijing.
It’s more important than ever to scrutinize those apps most vulnerable to state interference and raise awareness of the risks.
We therefore reviewed the top 20 free mobile VPN apps in Google Play and Apple’s App Store in the United States. We identified 14 apps for further investigation of their ownership and corporate structure.
As well as digging into who’s behind these VPNs, and identifying any red flags around overall credibility, we also analyzed their privacy policies.
2022 UPDATE: More than two years after we published these findings, Chinese ownership of popular free VPNs in strategically-important territories continues to be an issue. Our analysis of who owns the most popular free VPN iOS apps in Taiwan reveals that half have links to mainland China.