With data theft, mass surveillance, and internet censorship on the rise globally, a virtual private network has become a very important cybersecurity tool.
But, is a VPN always safe to use? The short answer is no.
While there are many legitimate and safe VPN services, there are also a large number of dangerous VPN products you must avoid.
Downloading an insecure VPN puts you at risk of malware, hacking, identity theft, legal action and more.
Free VPNs are the most common offenders. Our free VPN safety research has exposed dangerous free VPN apps that steal users’ personal data and sell their internet activity.
Even paid-for VPNs can be unsafe to use, if you’re not aware of a few important concepts:
VPN Logging Policies: If your VPN service keeps a record of your originating IP address, when you connect to its servers, and which websites you visit, it is a threat to your privacy. This information could be exposed, or governments could force the VPN to hand it over. For maximum security, you must check a VPN’s logging policy, and use a verified no-logs VPN service.
VPN Leaks: The purpose of a VPN is to hide your IP address and keep your internet activity private and secure. A VPN that leaks your IP and DNS credentials is not doing its job, and you shouldn’t use it. Use our VPN leak test tool to see whether your service is leaking, or test your DNS servers directly.
VPN Laws: VPNs are legal in most countries. However, in some countries – including China, Turkey and Russia – using a VPN is either illegal or severely restricted.
VPN Jurisdictions: Different countries have varying legislation surrounding the privacy of their citizens’ data. For instance, governments in the Five Eyes alliance, impose strict data retention laws and regularly force companies to hand over records of user web activity. Your safest option is to use a VPN based in a privacy-friendly jurisdiction.
Virtual Server Locations: The location of the VPN server you connect to can be important for privacy and security. Many VPN services use virtual server locations, where the advertised IP address doesn’t match the server’s physical location. This approach is often used to assign VPN IP addresses for countries where placing physical VPN servers is problematic.