Tech support

Beware, this VPN may not be what you think it is

There are excellent ones, well-tested virtual private networks we recommend you try. But if you explore the competitive VPN market on your own, you’re likely to find shoddy VPN companies spilling hints of their doubt everywhere they go. Learning to identify a few of these red flags can save you hours of research and a hefty annual subscription cost to supposedly connect to the internet more securely.

Logo Tech Tips CNET


Is the price too good to be true? Has the company been caught keeping records? What are your connection speeds?

To save you some time, here are some of the biggest red flags to look out for when you take your new VPN out for a test drive. And on the other hand, here three things to look for in a VPN.

Read more: Best iPhone VPN of 2022

Free VPNs Usually Aren’t Free

There is no free lunch. Maintaining the hardware and expertise needed for large VPNs doesn’t come cheap. As a VPN customer, you either pay for a premium service with your dollars or you pay for free services with your usage data as it is collected by the free VPN and traded with advertisers or malicious actors.

As recently as August 2019, 90% of apps flagged as potentially dangerous in Top10VPN’s free VPN ownership survey still posed a risk to user privacy. Free VPNs can also expose you to silent installation of malware, barrages of pop-up ads, and brutally slow internet speeds.

Read more: Best Free VPN 2022: Try These Risk-Free Services for a Privacy Boost

Some VPNs have been caught reporting

If a VPN is taken keep or share user activity logs, I would not recommend it. While most VPN services claim that they do not track or keep user activity logs, sometimes this claim can be impossible to verify. In other cases, the claim collapses publicly when a VPN company turns over internet logs to law enforcement.

The latter has occurred in a few cases. EarthVPN, Hide My Ass VPN, and PureVPN have all been timed by privacy advocates for turning over logs to authorities, as has IPVanish.

To be clear, it’s entirely possible to be grateful for the arrest of objectionable scumbags while ardently advocating for consumer privacy interests. My beef isn’t with a VPN company that helps cops catch a child abuser via usage logs; it’s with any VPN company that lies to its customers about it. The lie that helps law enforcement in the United States catch a legitimate criminal is the same lie that helps law enforcement in China arrest someone viewing footage of the 1989 protests in Tiananmen Square.

Ideally, the VPN you choose should have undergone – and published the results of – an independent third-party audit of its operations, including its use of logs.

Read more: All the VPN terms you need to know

Now Playing:
Look at this:

Top 5 Reasons to Use a VPN


Weak encryption is everywhere

Another red flag to look out for when choosing a VPN is poor encryption standards. Users should expect AES-256 encryption or better VPN services. Almost all web browsers and applications already use AES, often touted as “military-grade” encryption, after it was adopted by the US government in 2002. If your VPN only offers PPTP and L2TP encryption, look elsewhere.

As you snoop around for encryption details, keep an eye out for one of our favorite phrases, “Perfect Forward Secrecy.” These three little words can have a big impact on your privacy: if one of your VPN’s servers is breached, Perfect Forward Secrecy ensures that any keys used to decrypt private internet traffic quickly become useless, giving you more of security.

Read more: How We Rate and Review VPNs

Extremely slow speeds? No thanks

With just a little elbow grease, any moderately skilled internet jerk can create a service that looks like a VPN but is really nothing more than a proxy service reselling your internet bandwidth. Not only can this slow down your internet speed, but it could also make you legally liable for anything they do with that resold bandwidth.

Hola’s case was the most famous. The company was caught in 2015 stealthily stealing users’ bandwidth and reselling it to any group wishing to deploy its user base as a botnet. Hola CEO Ofer Vilenski admitted that this had been done, but argued that this bandwidth harvest was typical of this type of technology.

Read more: How to set up a VPN on our iPhone or Android phone: Yes, you need it

“We assumed that by declaring Hola to be a (peer-to-peer) network, it was clear that people were sharing their bandwidth with the community network in exchange for their free service,” he wrote.

Almost all VPNs slow down your browsing speed, some by as much as half. But a rough crawl could be a sign of something worse than just a lack of servers. So if being commissioned as part of a botnet isn’t your cup of tea, check out those weirdly slow speeds and reputation of the VPN you’re paying for.

For more VPN buying tips, here’s how choose the right VPN for your work from home setup. Also, why do we does not recommend US-based VPNsand three things a VPN can’t help you with.