The Free VPN Scam

An Academic Study With Frightening Results

In 2016, a team of researchers studied a subset of free VPN services - those available to Android. The results were astounding.

• 75% of the studied VPNs used third-party tracking libraries.
• 38% contained malware.
• 18% used no encryption at all.
• 16% used packet injection to change what the user saw.
• 80% had exit nodes in 5 or fewer countries.
• 84% could not handle IPv6.
• 16% steal bandwidth via communal port forwarding or botnetting.

Even back then, this study clearly showed that free VPNs cut corners, installed malware, faked their real capabilities, and were logging and reselling user data via third-party tracking.

Not much has changed today. As a matter of fact, things have gotten even worse.

Consumer Reports Exposes VPN Hyperbole

In 2021, a Consumer Reports study took place, this time on Windows-oriented VPN services. This was a mix of paid and free services, which should have brought up the overall quality…

Not so much.

They found that 75% of the VPNs they tested didn’t live up to their advertising. They made false or inflated claims, didn’t use the security or privacy methods that they listed on their websites, or otherwise lied to their users.

They rightly pointed out that any VPN offering ‘complete anonymity or untraceability, or protection from advertisers, governments, and criminals’ is full of crap. VPNs offer zero protection from browser fingerprinting, hardware fingerprinting, or far-end (post-exit node) traffic monitoring.

These services also failed in terms of custom data retention, ease of cancellation, transparency, and oversight. The results of the study, as neutral as Consumer Reports tried to remain, were a disaster.

What Specific Methods Do ‘Free’ VPNs Use To Scam Users?

The first, and one of the most reliably lucrative, ways that free VPNs make money is by reselling user information. If they say they’re not logging, odds are that they’re lying to you. If they say they had an audit, you can bet your ass that they turned off logging for the duration of the audit, then turned it back on immediately after. Your information is being collected. Your information is being sold. That’s how free VPNs pay the bills unless they’re being funded by an organization that wants exclusive access to such personal information.

As you’re using these scammy free VPNs, they can push any kind of traffic that they want. That includes browser redirection, HTML overwriting, and packet manipulation. This is used to send your traffic to partner websites, rewrite links with their affiliate codes, and otherwise monetize your browser activity. The banner ads that you see may or may not have been there on the real website that you were looking for. The links that you click may or may not go to the correct recommended sites and products. When using a free VPN, you just don’t know.

Using malware and botnet controllers to steal bandwidth and processing power is a major theme with free VPN scams. They can make money directly by reselling their users’ processing power. They can make money indirectly by selling premium services that use their free users’ computers as nodes on their VPN network. They can run advertising services with assets hosted on their free tier users’ systems. And as they utilize the unwitting user’s resources, they continue to collect information on them for resale.

Finally, some of the services resort to outright theft. This is easily done: Open up a new ‘free’ VPN service. Require a payment method on file as a form of identification and ‘just in case' the user wants to use premium services. Then defraud them with false charges, identity theft, and attempting to collect all of the login information for their financial services websites. Hit as many users as possible all at once, close shop, and disappear. Then open back up under a brand new name and do it all over again.

There are plenty of other scams available, of course. When you install a piece of software that exclusively routes all of your traffic to a single party, entrusting all encryption that they provide, allowing them to control the computer and country where your traffic (virtually) comes from… you’ve handed all power over to them. They can do whatever they want.

One Of The Most Recent Free VPN Scams

A free VPN scam from 2021 that made the news was Kasper VPN. This scam was so ridiculous, so blatant, that it should have been shut down right away. Instead, multiple massive companies allowed their ads to run for far too long, and the users ended up paying.

They claimed to be offering free access to a mobile version of GTA 5. Of course, GTA 5 has no mobile version. This was reported multiple times to Rockstar, but the ad stayed up for far too long.

The YouTube video making the same claim also stuck around, even after multiple reports that should have made the issue immediately obvious. It was a fake product offered by a brand new, no-name company. Still, the video stayed up for a long time.

As a result, thousands of users grabbed the app, which said that they needed to download a supposedly free VPN app as well. Instead, they were directed to a trial version of Kasper’s software. After three days, users were quietly charged $99 a year for… nothing. Most people uninstalled the VPN because they realized it was a scam.

But if they didn’t specifically opt-out of the trial before uninstalling, they were still charged even if they never used the service. The promised game access never happened (of course, given there was no mobile version of the game). Millions of dollars were subtracted from user accounts.

Kasper blamed a rogue affiliate.

Yes, they kept every penny of the falsely advertised service as they possibly could. They shifted blame to the affiliate and users. And they moved on to the next money-making opportunity.

To Make A Long Story Short

Don’t use free VPNs. Don’t trust free VPNs. They’re most likely selling your information, manipulating your connection for personal gain, and otherwise scamming you. Be alert to these kinds of manipulations. And be careful out there.