Are free VPNs safe? 7 risks and how to protect your privacy

A virtual private network (VPN) encrypts your internet connection to help protect your privacy online, especially on public Wi-Fi in places like cafés or airports. While many VPNs are paid services, some offer free versions that can be appealing if you’re trying to save money.

Perhaps unsurprisingly, these free options often come with major trade-offs. CNET's recent research into free VPN apps on iOS and Android found that more than 60% raise privacy concerns. That doesn’t mean all free VPNs are unsafe, but it highlights the need for caution when choosing one.

This article explores the risks of free VPNs, when they may be acceptable, and safer alternatives to consider.

1. Data logging and selling

Some free VPNs keep their services running by collecting and monetizing user data. This can include your browsing activity, IP address, device details, and even files you download. Instead of charging a subscription fee, these providers may share or sell that information to advertisers, analytics companies, or data brokers.

That creates a clear contradiction: a tool meant to protect your privacy can end up doing the opposite. Rather than shielding your data, certain free VPNs may track and package it for profit, exposing you to targeted ads or further data collection. If privacy is your goal, it’s important to choose a VPN provider with transparent policies that don’t rely on selling your information.

2. Weak encryption

A VPN protects your privacy primarily through encryption, which scrambles your internet traffic so outsiders such as hackers, your ISP, or other network observers can’t see your activity. This includes the sites you visit, files you download, and content you stream. However, not all VPNs offer the same level of protection. Some free services rely on outdated protocols or weaker configurations.

This is especially important on public Wi-Fi networks, which are often unsecured. If you’re accessing sensitive information — such as banking or work accounts — strong encryption is critical. Weaker VPNs can leave your data exposed, particularly to more sophisticated man-in-the-middle attacks. Choose a VPN that uses modern, industry-standard AES-256 encryption and is transparent about its security practices.

3. Malware infection

A major risk with free VPNs is that some come bundled with unwanted, or even malicious, software. When Top10VPN analyzed 100 free VPN apps on Android, antivirus tools flagged around 20% as potentially harmful.

Real-world cases highlight how serious this can be. Researchers at Koi Security uncovered a Chrome VPN extension with over 100,000 installs that had been updated to include spyware-like functionality. It secretly captured screenshots of users’ browsing activity and collected sensitive personal data — without clear user awareness.

In some cases, this behavior is tied to how free VPNs make money. Instead of charging users, some providers rely on advertising or monetize user data by sharing it with third parties. This can incentivize excessive tracking, or, in the worst cases, the inclusion of invasive or harmful code.

4. Intrusive pop-up ads

Another way some free VPN providers generate revenue is by showing frequent pop-up ads. As well as being an annoyance, it can also affect performance by increasing data usage and slowing down page load times.

More concerning is what happens behind the scenes. Some free VPNs use advertising trackers that monitor your online activity, such as the websites you visit or the apps you use. While this is sometimes disclosed in privacy policies, it’s often not obvious to users, and can undermine the very privacy a VPN is supposed to provide.

5. Browser hijacking

Some free VPNs include browser extensions that can interfere with your browsing experience. In certain cases, these extensions may redirect your traffic to sponsored or ad-heavy websites or modify search results to generate revenue.

This type of behavior is often referred to as browser hijacking. While users may technically grant permissions during installation, the extent of these changes isn’t always clear. As a result, you could be exposed to unreliable websites, including those that host phishing scams or harbor malicious downloads.

6. Slower speeds and data caps

You’re more likely to notice slower connection speeds when using a free VPN. This is often because they typically offer only a limited number of server locations, which can lead to increased latency, congestion, buffering, and longer load times.

Some providers also offer paid tiers and may limit speeds on free plans to encourage upgrades, though this varies by service.

In addition, many free VPNs impose monthly data caps, often in the range of 2 GB to 10 GB. And that can disappear quickly. Streaming just a single HD movie or a few hours of video can use up most — or all — of your allowance. For light browsing, this may not be an issue, but it can be restrictive for anything more data-intensive.

7. Data leaks

Another risk with some free VPNs is that the service itself may not handle your data securely. While a VPN is meant to protect your privacy, not all providers follow strict no-logs policies or limit how much user data they collect.

In fact, some free VPNs log information such as your IP address, browsing activity, or connection timestamps. This data may be stored insecurely, shared with third parties, or exposed in the event of a data breach — effectively leaking your data at the provider level rather than the actual VPN client.

By contrast, many reputable premium VPNs operate under audited no-logs policies and invest more heavily in secure infrastructure, reducing the risk of sensitive user data being stored or exposed in the first place.

How to choose a reliable VPN

Whether you decide to opt for a free or paid VPN, there are certain features you should look for that signal you're going with a safe VPN. Here's what to watch out for:

• Strong encryption: Choose VPNs that use AES-256 encryption and modern protocols like OpenVPN or WireGuard to keep data secure.
• No-log policy: A strict no-logs policy means the provider doesn’t store your browsing activity, IP address, or other personal data.
• Speed and server options: A broad server network helps prevent congestion and maintain consistent speeds.
• Kill switch: A VPN kill switch automatically disconnects your internet if the VPN connection drops, helping to prevent data leaks.
• Double VPN: By routing traffic through two servers, a double VPN adds an extra layer of privacy protection, useful for higher-risk scenarios.
• Advanced security features: Bundled features like malware protection, scam alerts, dark web monitoring, or a password manager can strengthen overall security.
• Affordable cost: Many paid VPNs are relatively inexpensive, often just a few dollars per month.
• Money-back guarantee: Trial periods or refund policies let you test the service before committing.

Are free VPNs ever worth using?

Free VPNs may be suitable in limited situations. For light, occasional use, such as reading news on public Wi-Fi, they can provide a basic layer of protection. However, for regular use or stronger privacy, paid options generally offer better security and performance.

Situations where using a free VPN may be acceptable include:

• Occasional light browsing: Casual activity on public Wi-Fi without logging into accounts.
• Testing VPN functionality: Testing out free trials from reputable providers before committing.
• Low-sensitivity use: Activities, like accessing geo-blocked content, that don’t involve sensitive personal data.

Even in these cases, vet the provider carefully, and avoid using free VPNs for banking, shopping, work, or any activity involving your sensitive information.

Protect your privacy with a trusted VPN

Free VPNs are rarely as good a deal as they seem — as well as frustrating data limits and slower speeds, potential privacy risks could end up costing you. A paid solution offers stronger protection and a more reliable experience without those compromises.

Norton VPN delivers bank-grade encryption, fast global servers, and a strict no-log policy to help keep your activity private. Try it risk-free with a 60-day money-back guarantee and experience safer, smoother browsing.

FAQs

Is a free VPN better than no VPN at all?

A free VPN isn’t always better than no VPN. While a free VPN can add a layer of protection, some may introduce new risks by collecting data or exposing you to potential malware. If the service isn’t transparent about how it handles data, it could leave you less private than before.

Are there any good free VPNs?

Yes, there are good free VPNs, but most of them are limited versions of paid services. They often include strict data caps, fewer server options, and reduced speeds. These can work for occasional tasks like checking email on public Wi-Fi, but they’re not ideal for regular browsing, streaming, or large downloads.

How do free VPNs make money?

Free VPNs typically rely on alternative revenue models. This can include showing ads, collecting and monetizing user data, or encouraging upgrades to paid plans. In some cases, the “free” service acts as a funnel, offering basic functionality while reserving stronger privacy and performance features for subscribers.

Do free VPNs sell your data?

Some do. Certain providers collect browsing activity, device details, or location data and sell it to advertisers or data brokers. This practice directly undermines the purpose of using a VPN. Always review a provider’s privacy policy carefully to understand what data is collected and how it’s used.