The never-ending privacy updates of applications like Whatsapp, making them more susceptible to data collection. All of this increases the popularity of VPNs. People use VPNs to either mask their IP addresses or hide their personal and financial information from stalkers or ISP’s prying eyes.
As the VPN market grows to meet this demand, there are now 1,000s of free VPNs. All promises to keep you safe and secure online without paying a dime. But the question that arises here is how are the free VPNs generating revenue? Most of the free VPNs provide a no-logs policy. But in fact, they store all your information in their data centers.
Media Highlighted Breaches
Back in 2020, a group of Free VPNs left their servers open and accessible, exposing private user data for anyone to see.
The data included Personal Identifiable Information (PII) such as:
- Email Addresses
- IP Addresses
- Clear Text Passwords
- Phone Models
- Home Addresses
- Device IDs
These VPNs claimed to have a no-log policy, but people found many instances of internet activity logs.
The affected VPNs consist of UFO VPN, Fast VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. The common thing between all these VPNs is that they have the same application developer.
Significant concerns over internet privacy while using a VPN started in March 2008. It was the time when a breach in NordVPNs Finnish data center occurred. However, the violation was minor and didn’t compromise any user information. But the customer’s internet traffic was prone to a MITM attack.
When a commercial or free VPN gets hacked or breached, both the provider and the consumer gets affected. It is because the hacker is after either corporate’s or end-users’ data.
Dangers Of Using Free VPNs
Compromising Your Security
The fundamental goal of a VPN is to protect your data and identity from hackers. But most of the free VPNs contain bugs causing an avalanche effect. It includes potential security breaches on your device that leaves you susceptible to viruses and malwares.
Most of the Free VPNs generate revenue from ads. They sell your data to third party ad companies by keeping logs of your activities.
Most of the premium VPNs offer Ad-Blockers, malware protection, and unlimited bandwidth with servers distributed worldwide.
Sudden Drops of Your Private Connection
While using a VPN connection, you hide your regular IP address by using a private IP address. This private IP address is displayed to the websites while you are using a VPN. As long as you have a stable internet connection, the VPN will work. If your internet connection drops, your real IP Address can leak because the related website will switch to your regular network connection.
Tracking your Online Activity
The reason you use a VPN is to mask your online activity. But what if the VPN you are using starts tracking your online activity and sells it to the highest bidder.
VPNs embed third-party trackers in their software. This includes free VPN like Betternet, Hotspot Shield (free version only), and Opera VPN. The number of premium VPNs using these tracking libraries is low.
WebRTC is a fundamental technology evolving the VoIP for online communication. It includes services like Discord, Facebook Messenger, Skype. It assists with P2P functionality on your browser without the need to install any secondary plugins or extensions.
The only drawback of WebRTC is that it leaks the IP address of users even when a VPN connection is active. Your device would be vulnerable to tracking as your IP Address Leaks. Also, the one who was stalking you before you enabled your VPN would be able to follow you.
DNS leaks while using a VPN, making your ISP DNS appear again in your device’s default setting. The DNS hijacking is an old malicious hacking strategy. Authoritarian regimes have appropriated it to enact internet censorship.
An example of DNS Hijacking Operations was by the Chinese Government through the Great Firewall. It restricts access to specific websites and internet services.
IPv6 and Dual-Stack Networks Leaks
Users are migrating to IPv6 on their devices. But the VPN they are using is still on IPv4 Network makes you vulnerable as most of the VPNs do not provide IPv6 protocols. Almost all VPN service providers are ignoring the IPv6 routing table. So all IPv6 traffic bypasses the VPN gateway interface meaning no Encrypted Tunnel for IPv6 traffic.
VPN services that only provide IPv4 also ignore IPv6 DNS lookups and expose your DNS Information.
Old And Vulnerable VPN Protocols
Attacks like brute-force can break through old VPN Protocols such as PPTP with MS-CHAPv2. Most VPN service providers are still using one of the weakest VPN Protocols, like SSL-VPN, making the user more vulnerable to hacking.
Hackers can retrieve any file, including sensitive PII, through a Remote Code Execution (RCE).
VPN data leaks do not happen only due to misconfigured protocols and encryption. But some of the VPN service providers compromise their customer’s privacy via Data Logging and Retention.
Most of the enterprise VPN providers avoid logging and retaining customer’s data. There are some scenarios when the law requires the data. Intelligence Alliances like 5-Eyes, 9-Eyes, and 14-Eyes ask their ISPs and other web services to keep the user’s data for security purposes. Some countries that are not a part of Intelligence Alliances do the same. Like China, Russia, and Sweden mandate VPN providers to keep user logs from six to ten months.
These countries have data retention laws to push VPN providers to hand over their customer’s logs. It includes traffic, IPs, geo-tracking, browsing cookies, and other sensitive information. Free VPNs log traffic data and sell it for marketing purposes. They also either use low-level encryption or don’t even use any encryption.
How to Avoid Data Leakage from VPNs?
By now, you would already know how your data leaks even while using a VPN. Let’s discuss how you can avoid data leakage. Remember you should use VPNs to extend Networks. But if you want to use VPNs as privacy tools, you should use a combination of a VPN, HTTPS, Tor browser, and updated antivirus.
You can use the following tips to avoid breaches of your data while using a VPN:
Avoid Free and Weak VPNs
VPN service providers who offer their free services need to be left alone. They are susceptible to data retention. Also, they generate revenue by selling your online activities to ad agencies.
Before using any VPN service, you need to check their Policies about what encryption module they use. Avoid using outdated Security Protocols like PPTP protocol. You can also check the encryption of your VPN traffic with a packet sniffer such as Wireshark. Reliable VPNs use military-grade AES-256 and even provide double-encryption, which hackers can’t bypass.
Look For VPNs With Better Features
Kill switch keeps you safe from leaking whenever your internet connection drops. It automatically drops your regular internet connection whenever you connect a VPN, and your internet connection drops while surfing the web.
Look For VPNs In Countries With No Data Retention Laws
You need to keep away from the countries present in the 5-Eyes, 9-Eyes, and a 14-Eyes alliance. If the VPN you’re using is from any of the countries mentioned above, your VPN service provider might store your data for the government.
If you want to keep yourself secured over the internet, use a VPN that provides a no-logs policy. Also, make sure it is not part of the 14-eyes intelligence Alliance.
Find Out About the VPNs Reputation
VPNs are susceptible to hacking, and most of the VPNs have suffered a breach in the past. Look around the web and see if the targeted VPN has been bypassed in the past. Also, how long it took for them to address the issue, take action, and fix the problem.
Some VPNs address the issues and announce them as they want to gain their user trust. It is because trust is the only thing that can save a VPNs reputation.
Data leaks are common across all kinds of VPNs, from free to enterprise VPNs. Most of them have suffered breaches in the past. But it is worth evaluating the VPN you’re going to buy. Read their guides and learn how to secure your device from accidental leaks.
You should also check for leaks every day as something that might have worked tomorrow would not work today. Again, buy a VPN with features that boost your online protection.