Free Versus Paid VPNs: What You Need to Know
Spoiler alert: You'll (probably) get what you pay for.
A free VPN may just not be worth it.
The popularity of virtual private networks has grown in recent years as people have become more aware of how their activities are being constantly tracked and sold for profit by their internet service providers and others.
Other people are also using VPNs to get past geographic restrictions that would otherwise keep them from watching their favorite TV shows or sporting events.
If you fall into one or both of these camps, you might be thinking about signing up for a VPN, too. You also might be wondering if it's something you actually need to pay for, given that there are countless free VPNs available for download.
But security experts warn that, as the old saying goes, few things in life are actually free -- and that's especially true when it comes to VPNs.
"If something like this is free, then the user is the product," said Iskander Sanchez-Rola, director of privacy innovation for Gen, the parent company of the Norton 360 consumer security software, most versions of which includes a paid VPN.
"Don't get a VPN just because it's cheap or free or gives you a few free months of service. It's important to do your research and know what you're signing up for."
So what does paying for a VPN actually get you? Here's a look at the big differences between paid and free versions of the products.
More features
Legitimate VPN companies may offer a free version as a way to get you interested and eventually upgrade to the paid version down the road. But just like with other kinds of software, what you get could be bare bones. It might be slower than you would like or cap your data at a frustratingly low level.
For some people who only use a VPN from time to time, a very limited free version might be enough. That could be especially true for people who are primarily looking to watch out-of-market TV than actually protect their data and privacy.
Just remember, you get what you pay for. The only free VPN that CNET's testers have found to be worth using is ProtonVPN. Unlike with other free VPNs, there are no limits on data, usage time or connection speeds. It also delivers the same level of encryption as Proton's paid versions. Our testers say it's also fast and works well with streaming services.
On the downside, it only has access to three server locations and doesn't include the full suite of features you get with a paid subscription that currently starts at $10 a month.
More privacy?
There's no guarantee that any VPN, no matter how much you pay for it or what the company promises you, will keep your data private. By design, VPNs collect all of your internet traffic and data, and there's no way to see what they do with it after that.
If a VPN is free, you know that they're doing everything they can to monetize all of the personal data that travels between you and its servers, says Chester Wisniewski, director and global field chief technology officer for the cybersecurity company Sophos.
"The question is do you trust a random company that may or may not be in Cyprus more than you trust Comcast," he said. "And for a lot of people that may be a hard question to answer.
"You're shifting your trust, you're not making yourself truly private."
With any product like this you should carefully read the company's privacy policy and user agreement before signing up. If either of those statements mention that they sell user data even in anonymized form, you might want to think twice.
For many people, Wisniewski says, the Tor browser can be useful. Typically associated with the "dark web", you can use it pretty much like any other browser. It's a bit clunky and too slow for streaming, but it's free and doesn't require users to sign up or put their trust in a company, he says.
And if you're someone for whom security is paramount, like a human rights activist, political dissident, journalist or business person working in a country prone to government online snooping, never roll the dice on a free VPN. It's just not worth the risk.
When it comes to paid options, choose a VPN headquartered outside of the country you're currently in, and avoid choosing a VPN with a presence in an allied country. Encryption is critical, too. Your VPN should offer a protocol called OpenVPN TCP, while IKEv2 also is fine for mobile apps.
Potential for scams
There are scammy VPNs out there that go beyond the mere selling of your data for profit. In the past researchers have spotted fake VPN apps in both the Apple and Google stores that were designed to spread malware.
Other sketchy VPNs "fleece" consumers by charging a ridiculous amount of money for them, often after a free trial period, while others charge consumers more reasonable fees, but just don't work.
Signing up for a paid VPN run by a reputable company you've actually heard of doesn't guarantee its legitimacy, but the VPNs that advertise on illegal gambling websites or offer access to adult content probably should be avoided, Wisniewski says.
Free or paid, do I really need a VPN?
Experts have a variety of opinions about this. Sanchez-Rola says that while the potential for a cybercriminal to attack an average person's laptop or phone is remote, it's still possible, especially in places packed with people connected to the internet like a shopping mall or airport.
In addition, a VPN would protect someone who accidentally connects to malicious Wi-Fi, scrambling their data and making it useless if captured.
But Wisniewski argues that those scenarios aren't realistic, especially when just about all web traffic is already encrypted these days. He takes issue with the marketing used by some VPN providers that make it sound like evil hackers are just waiting to steal the average person's identities and life savings if they don't use a VPN.
He also worries that people will think that a VPN is a "cloak" that will just make their data disappear and solve all of their security problems.
"They're in danger of becoming obsessed with the wrong thing," he said, noting that good security practices like setting strong passwords and making sure devices are up to date are much more important for regular people.
"Do the basics really well and then just go live your life and stop panicking," Wisniewski said.