VPN Warning List – These VPNs are not recommended (2021)
May I let you in on a little secret?
When it comes to protecting your privacy, most VPNs fail.
Many popular and highly rated VPN services will leak your IP address or DNS requests, thus exposing your data to third parties. But there are bigger problems. Some VPNs will do that Infecting your computer with malware, Installations hidden tracing libraries on your devices, Theft of your private informationLeave your data exposed to third parties and even steal your bandwidth.
As you will see below, many popular VPNs are not safe to use – especially if you use a VPN to protect your online privacy.
VPNs can It looks perfect on the surface, yet remains an absolute security and privacy disaster When you take a closer look.
To combat the growing confusion and deception in the VPN market, we have created VPN Warning List (It is a work in progress). This warning list contains information that I personally find disturbing with many VPNs and the VPN market in general.
Disclaimer: This list does not necessarily reflect the most current information about each VPN service and/or application. VPNs are constantly updating their software, however, a history of bad practices could be a sign of a problem. You can report for yourself. Everything on this list is based on well-sourced information that is freely available online.
VPN Warning List
VPNs located in the Five Eyes countries
Always keep in mind the legal jurisdiction of your VPN provider. The following five countries work together in an alliance to collect, share, and analyze mass surveillance data: the United States, the United Kingdom, Australia, Canada and New Zealand.
While reviewing and testing Betternet, I found a number of annoying elements, such as Betternet giving third parties access to your data collected through their VPN. A Betternet Academy research paper listed it at number four on the list of the 10 best Android VPN apps most infected with malware. They’re also set for including 14 different third-party tracking libraries in their Android VPN app, while promising users “privacy and security.” We have all the details in our Betternet review.
With the growing interest in VPNs, fake VPN services have appeared. When I say “fake”, what I mean is that there are no servers, no software, no VPN – instead, it’s just someone trying to steal your money while pretending to be a VPN. It was one such example MySafeVPN, which was sending fraudulent emails and defrauding customers who paid, and expected an actual VPN service.
Free VPN Apps for Android and iOS
In general, you should be careful when downloading Which VPN application on your mobile device. A study of Android VPN apps found that 84% will leak your IP address, 82% will try to access your sensitive data, 75% use third-party tracking, 38% contain malware, and 18% do not even encrypt your data (leaving you exposed) completely). But this is not a surprise. Over the years, all kinds of apps have proven to be a security and privacy nightmare for both Android and iOS. We also have a guide on how to secure your Android device.
Free VPNs in general
Free VPN services have proven to be a disaster for privacy and security. Free VPNs make money by recording and selling your data, hitting you with ads, and/or redirecting your browser to e-commerce and third-party websites. Many of the most popular free VPNs on Google and Apple stores are loaded with malware. As the saying goes, “If something is free, you are the product.” (See our Free VPNs guide for a discussion of the risks and dangers of free VPNs.)
Hide my ass (HMA VPN)
Hide My Ass (HMA) is located in the UK – a bad site for privacy due to mandatory data retention and mass surveillance. To make matters worse, HMA has a disturbing history of handing customer data to law enforcement agencies around the world.
Hola VPN caught stealing user bandwidth and fraudulently reselling it through sister company Luminati. Hola users act as endpoints for the entire network. This means that other people are using your bandwidth and IP address when using Hola, and you could be caught due to their activities. (This is also discussed in our Free VPNs Guide.)
Hotspot Shield VPN
Additionally, Hotspot Shield was also in the news because it was discovered that its VPN leaves users vulnerable to revealing their location. Hotspot said they are working on a fix. See our Hotspot Shield VPN review for more information.
Ivacy is a Hong Kong VPN service provider that has some annoying issues. Their refund policy was previously limited to 500MB of bandwidth and 30 sessions. Some bloggers have also accused Ivacy of faking the locations of their VPN servers, which means you don’t get the ones you paid for. Many people think that Ivacy and PureVPN are under the same company and use the same network infrastructure.
Opera “Free VPN”
Opera browser now includes what it calls a “free VPN” which they say is “better for online privacy” (see here). First, this is not a VPN at all. Security experts have shown that this is just a web proxy using API requests. Second, Opera’s privacy policies include statements about data collection (including Usage data) and how this is shared with third parties (see here). Check out our Opera VPN review for more information.
This PureVPN review revealed several issues. In the previous test, we identified IPv6 leaks, IPv4 leaks, and DNS leaks with their VPN apps. PureVPN has also been caught handing customer data to the FBI (US authorities) despite it claiming to have a “no-logging policy”.
There are many free VPNs offered in Google Play or Apple Stores using various variations of the name “VPN Master”. Through testing, I found VPN Master apps to be riddled with dangerous malware, despite it having high ratings and millions of users. I even found that one of these free VPN apps called “VPN Master Free unlimed proxy” (sic) is owned and operated by a Chinese data collection company called TalkingData.
VPNSecure is based in Australia – a country with 5 eyes that is not so good for privacy. VPNSecure has also been identified in an academic paper for leaking IPv6 and DNS requests, leaving its users vulnerable to “monitoring and malicious proxies”. The same paper also noted that VPNSecure has a number of exit points at local ISPs. This indicates that users are inadvertently being used as endpoints in a P2P-like bandwidth network – that is, the user’s bandwidth is being stolen (although the paper could not confirm this). (See here for more information.)
Windscribe is a new addition to this list. He found that it leaves external servers completely unencrypted, a very foolish practice that leaves Windscribe users exposed. In July 2021, news broke that the Ukrainian authorities had confiscated Windscribe servers, which were left unencrypted. This gave the police the private key Windscribe, which could allow them to decrypt VPN traffic.
Windscribe has admitted that it does not follow “industry best practices” and has vowed to correct the situation and properly secure its servers. But the damage has been done. See our Windscribe security incident article for details.
conclusion: Use a secure and reliable VPN service
This list illustrates one fact that is often repeated on this site: Not using a VPN is better than using a bad VPN.
Even if you don’t find your VPN in this warning list, be careful. Many popular and highly rated VPNs have issues, such as IP leaks and features not working. That’s why we recommend testing your VPN regularly for any leaks or problems. In fact, we have a VPN test guide to help you do just that.
Best VPN Services
We also have a guide on the best VPN services here.
These are the VPNs that performed well in all of our tests, and are located in secure jurisdictions (outside the Five Eyes region). Here are the best choices:
Stay safe online.