Article Hero
Blog4 minutes read
August 31, 2022
  • telegram
  • facebook
  • twitter
  • github

The Free VPN Scam

There’s a great quote in Richard Serra’s 1973 short film, ‘Television Delivers People’:

‘You are the product.’

In Serra’s time, he was referring to TV advertising. But in the modern age, this concept applies to any so-called ‘free’ service on the Internet.

In some cases, the person giving away the product or service is transparent about why they’re doing so: They might be hoping you’ll read their free book and like it so much that you’ll buy the sequels. Or they might be hoping for a donation, either to a certain charity or to them personally.

What you need to worry about are the ‘free’ services that don’t explain why they’re free. They also don’t explain how they can possibly stay in business, even though they’re hiring staff and they’re giving away something that other companies have to charge money for, or else they would go bankrupt.

With free VPN scams, you are the product. And you are the victim. And you are being exploited.

In this article, we’ll cover all of the shady practices seen on the free VPN scene, and point out an example of the kind of company you should avoid.


An Academic Study With Frightening Results

In 2016, a team of researchers studied a subset of free VPN services - those available to Android. The results were astounding.

  • 75% of the studied VPNs used third-party tracking libraries.
  • 38% contained malware.
  • 18% used no encryption at all.
  • 16% used packet injection to change what the user saw.
  • 80% had exit nodes in 5 or fewer countries.
  • 84% could not handle IPv6.
  • 16% steal bandwidth via communal port forwarding or botnetting.

Even back then, this study clearly showed that free VPNs cut corners, installed malware, faked their real capabilities, and were logging and reselling user data via third-party tracking.

Not much has changed today. As a matter of fact, things have gotten even worse.

Consumer Reports Exposes VPN Hyperbole

In 2021, a Consumer Reports study took place, this time on Windows-oriented VPN services. This was a mix of paid and free services, which should have brought up the overall quality…

Not so much.

They found that 75% of the VPNs they tested didn’t live up to their advertising. They made false or inflated claims, didn’t use the security or privacy methods that they listed on their websites, or otherwise lied to their users.

They rightly pointed out that any VPN offering ‘complete anonymity or untraceability, or protection from advertisers, governments, and criminals’ is full of crap. VPNs offer zero protection from browser fingerprinting, hardware fingerprinting, or far-end (post-exit node) traffic monitoring.

These services also failed in terms of custom data retention, ease of cancellation, transparency, and oversight. The results of the study, as neutral as Consumer Reports tried to remain, were a disaster.

What Specific Methods Do ‘Free’ VPNs Use To Scam Users?

The first, and one of the most reliably lucrative, ways that free VPNs make money is by reselling user information. If they say they’re not logging, odds are that they’re lying to you. If they say they had an audit, you can bet your ass that they turned off logging for the duration of the audit, then turned it back on immediately after. Your information is being collected. Your information is being sold. That’s how free VPNs pay the bills unless they’re being funded by an organization that wants exclusive access to such personal information.

As you’re using these scammy free VPNs, they can push any kind of traffic that they want. That includes browser redirection, HTML overwriting, and packet manipulation. This is used to send your traffic to partner websites, rewrite links with their affiliate codes, and otherwise monetize your browser activity. The banner ads that you see may or may not have been there on the real website that you were looking for. The links that you click may or may not go to the correct recommended sites and products. When using a free VPN, you just don’t know.

Using malware and botnet controllers to steal bandwidth and processing power is a major theme with free VPN scams. They can make money directly by reselling their users’ processing power. They can make money indirectly by selling premium services that use their free users’ computers as nodes on their VPN network. They can run advertising services with assets hosted on their free tier users’ systems. And as they utilize the unwitting user’s resources, they continue to collect information on them for resale.

Finally, some of the services resort to outright theft. This is easily done: Open up a new ‘free’ VPN service. Require a payment method on file as a form of identification and ‘just in case' the user wants to use premium services. Then defraud them with false charges, identity theft, and attempting to collect all of the login information for their financial services websites. Hit as many users as possible all at once, close shop, and disappear. Then open back up under a brand new name and do it all over again.

There are plenty of other scams available, of course. When you install a piece of software that exclusively routes all of your traffic to a single party, entrusting all encryption that they provide, allowing them to control the computer and country where your traffic (virtually) comes from… you’ve handed all power over to them. They can do whatever they want.

One Of The Most Recent Free VPN Scams

A free VPN scam from 2021 that made the news was Kasper VPN. This scam was so ridiculous, so blatant, that it should have been shut down right away. Instead, multiple massive companies allowed their ads to run for far too long, and the users ended up paying.

They claimed to be offering free access to a mobile version of GTA 5. Of course, GTA 5 has no mobile version. This was reported multiple times to Rockstar, but the ad stayed up for far too long.

The YouTube video making the same claim also stuck around, even after multiple reports that should have made the issue immediately obvious. It was a fake product offered by a brand new, no-name company. Still, the video stayed up for a long time.

As a result, thousands of users grabbed the app, which said that they needed to download a supposedly free VPN app as well. Instead, they were directed to a trial version of Kasper’s software. After three days, users were quietly charged $99 a year for… nothing. Most people uninstalled the VPN because they realized it was a scam.

But if they didn’t specifically opt-out of the trial before uninstalling, they were still charged even if they never used the service. The promised game access never happened (of course, given there was no mobile version of the game). Millions of dollars were subtracted from user accounts.

Kasper blamed a rogue affiliate.

Yes, they kept every penny of the falsely advertised service as they possibly could. They shifted blame to the affiliate and users. And they moved on to the next money-making opportunity.

To Make A Long Story Short

Don’t use free VPNs. Don’t trust free VPNs. They’re most likely selling your information, manipulating your connection for personal gain, and otherwise scamming you. Be alert to these kinds of manipulations. And be careful out there.

Will R
Hoody Editorial Team

Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key