Data from Statista shows that 26 percent of internet users worldwide use a VPN – and the percentage of internet users that use a VPN is much stronger in regions where attempts to censor the internet is higher. In Asia Pacific, 30 percent of internet users use a VPN – a number much higher than the global average. Thanks to recent attempts to stifle internet freedom – such as the U.S. Congress passing a law that allows ISPs to sell and share user data without user permission, the repeal of net neutrality, the metadata retention scheme in Australia, and similar policy changes – VPN usage is at an all-time high. (Not clear on what exactly "net neutrality means? Check out Everything You Need to Know About Net Neutrality Comes in the Hilarious Rant That Crashed the FCC's Website.)

Several sources have reported a particularly high spike in VPN usage in recent times: AnchorFree, the company behind Hotspot Shield, arguably the biggest VPN service provider in the world, recently reported having over 600 million people download its VPN software. One hundred million of these downloads occurred in 2017 alone, with major spikes happening when Congress passed legislation to allow ISPs to sell user data, when the Equifax hack happened, and when the repeal of net neutrality was announced. According to a study, when Australia recently passed its metadata retention scheme, VPN usage spiked a massive 470 percent in the country. This is in line with GlobalWebIndex’s study that found that the number one reason why people use a VPN is to keep their anonymity while browsing.

Internet censorship is on the rise globally, and as it continues to rise, you can expect that more and more people will gravitate towards using VPNs. There are a few key reasons for this:

  • Privacy should be a fundamental human right. So why pay for it when it is being generously offered for free?
  • Areas where the most censorship occurs – such as Asia Pacific and Africa – are the most impoverished. For most internet users in these regions, even if they wanted to, they couldn’t afford paying for a reliable VPN service on top of the cost of their monthly internet subscription. (For more in internet in developing nations, see Internet in the Developing World - Questions Around Access and Net Neutrality.)

Hotspot Shield, which recently reported having over 100 million downloads in 2017, is most renowned for its free VPN service – for which it has the majority of its users.

As VPN usage rises, interest in free VPNs will rise even more. But at what cost? Let’s get the facts out first. It is not feasible to have a truly free VPN for several reasons:

  • Server costs: It costs money to run servers that will be used to ensure users’ privacy and anonymity. The more users a VPN service has, the more money it will cost to maintain servers. It’s practically impossible to run a VPN service for millions of people on a charitable basis – at least if you’ll be offering reliable servers. Also, let’s not forget that since more people will be attracted to what is freely available, there will inevitably be abuse: Paid services can get around this by changing servers or limiting usage on each server. Free services cannot.
  • Bandwidth: Bandwidth costs money, too. Free VPNs like TunnelBear often get around this by offering something unrealistic such as 500MB of data per month. When truly unlimited bandwidth is offered, it begs the question: What’s the catch?
  • Security protocols: Most free VPNs use weak or poorly implemented security protocols, and for good reason: They cannot afford the costs and/or the expertise of implementing the most effective security protocols. Unfortunately, this results in the security and anonymity of the user being compromised.

“But… there are truly free VPN services,” you say! “What about Hotspot Shield, Hola, Betternet… Facebook even has the Onavo Protect VPN!” We’ll get there in a bit.

In a recent investigative research I did, I expose these VPN services for what they are: data farms. Pretty much every major VPN service you can think of is guilty, which makes me think of free VPN services as nothing more than data farms. Let’s take a look at the major services one by one:

  1. Hotspot Shield (600 million downloads): In a recent petition to the FTC, the Center for Democracy & Technology accused Hotspot Shield of being involved in a series of shady practices, including sharing/selling user data. Now, that’s just part of it. According to the petition, Hotspot Shield was found to be hijacking and redirecting user traffic to that of their affiliates, injecting ads in a way that could compromise user security, and transmitting user data over unsecure connections.
  2. Hola (160 million users): Hola’s business model is based around selling the bandwidth of users of its free VPN through its paid arm, Luminati. This model is much worse, because users on the Hola network (whom you know nothing about) will appear on the internet as you – and you could be held responsible for their activities. And, indeed, before they came clear about their policy, Hola was accused of selling user bandwidth – including to people who used their service as a botnet.
  3. Betternet (38 million users): Mobile folks will be particularly aware of Betternet. While there isn’t evidence that they directly share/sell user data, I believe they are worse: They give advertisers access to get data directly. When you use Betternet, their advertisers have direct access to get data they need to target their ads to you. A research paper by the CSIRO, an independent Australian federal government agency, found that Betternet has the highest number of third-party tracking libraries of all VPN apps in the app store.
  4. Onavo Protect (33 million users): Facebook has been under fire lately for a lot of things – Cambridge Analytica, sharing data with Chinese companies (including one flagged as a security threat by U.S. intelligence), etc. If anything should trigger a red flag about Onavo Protect, it is that it is owned by Facebook. And indeed the service has come under scrutiny for logging user data and sharing it with Facebook for its own purposes.

Conclusions

Again, as it has been repeatedly said, if you’re not paying for a product, it is most likely because you are the product. Free VPNs are no exceptions: You are paying with your data. While I won’t categorically say everybody should stop using free VPNs, I’ll say this: If you use free VPNs, no matter how popular or reliable they appear (or especially the more popular or reliable they appear), know that you are most likely using a data farm.