There's no such thing as a free lunch—and this old saying is just as relevant in the digital age. Countless apps and software promise to give you everything you need at no cost, and virtual private networks ( VPNs ) are no exception. App stores and online marketplaces are flooded with seemingly free VPNs, but despite the flashy marketing, these services aren't there purely out of generosity. Running servers and maintaining infrastructure comes with a substantial price tag. I took a closer look at how these “free” VPNs actually cover their costs, and what I discovered might make you think twice before hitting download. Along the way, I'll also show you how to spot a truly trustworthy VPN that won't compromise your privacy.
Why Your Data Is a Goldmine
I often recommend using privacy tools like a VPN, password manager , and passkey to ensure your data doesn’t get stolen and sold off to third parties. But why does it matter if some company has your personal information? To get the full picture, you need to examine your data from a business perspective. It’s not just boring habits or activities that nobody cares about. Your personal data is an asset that holds value, and this value increases the more recent and detailed the data is. If your personal data were a stock chart, then it would be trending up exponentially over the past decade as advertisers and companies find new, lucrative ways to profit from its sale.
Consider this scenario: A shady company collects the user data of tens of thousands of users who play a free phone game in New York City. This game collects data such as the user's phone model, age, in-game spending habits, geolocation, data usage, and demographic information for everyone on the platform. That company then sells the data as a package to an offshore business with prospective customers in New York City. The business plans to send targeted ads to a specific set of people who live near their store, own old phones, and engage in frivolous spending habits to encourage them to buy this company’s new phone.
That precise information is immensely valuable to the company that wants to push those targeted ads. This type of exchange is commonplace, and it may be easy to dismiss it as insignificant or ineffective. However, everyone is susceptible to marketing, especially given the increasing aggressiveness of social media algorithms. Even if you’re not concerned about targeted ads and giving away free information to corporations, data exchanges can lead to identity theft or even doxxing by malicious individuals. Consider how much more valuable that data becomes if it includes your address, credit card number, social security number, or your login email and password. This more nefarious form of data collection is often perpetrated by a company other than the one holding the personal information itself. Rather, the data is usually packaged and sold after a data breach or security incident has occurred.
A VPN can prevent certain entities, such as your internet service provider (ISP), from monitoring your online activity. While it can’t stop you from plugging in information on online forms or willingly submitting personal details to shady applications, it is supposed to be a layer of obfuscation that enables you to live a more private online life. However, not all VPNs are equal. Many have been subject to controversy over the years, and free VPNs with shady practices can harvest much more data from you than a regular application.
How Free VPNs Make Money
Most free VPNs fall into one of three categories. The first type may offer a limited free version that is supported by premium subscriptions. The second type is a completely free service that is supported by ads within the application. The last type is a catch-all for VPNs that I consider to be malicious services that either infect your device and harvest your data without disclosure.
Freemium VPNs: The Safe Free Option
Before discussing how bad actors in the space make money using your information, it is essential to note that there are free VPNs I do recommend . These free VPNs are often limited versions of the full premium subscription, such as Proton VPN , which offers a limited free version, free from ads and trackers, complemented by paid tiers that require a subscription. These paid plans enable the free versions to exist and continue operating; otherwise, it simply would not be possible to maintain them due to network costs.
I contacted Proton VPN and asked how the company is able to provide a free service to its users despite infrastructure costs. General manager David Peterson had this to say:
“At Proton VPN we are able to provide a free tier because we’re funded by our paying customers and don’t need to satisfy outside investors. When it comes to free services, people are rightfully suspicious and wonder, ‘What’s the catch?’—which is why we focus on offering a genuinely high-quality free service, with speeds up to 300 Mbps, over 2,000 exit nodes, and access to 10 countries. Even users who never upgrade often recommend Proton to others, some of whom end up becoming paying customers. This means we don’t have to rely on advertising to acquire users and can instead invest in continuously improving the service. We want to demonstrate that companies can be successful by simply doing the right thing.”
Unfortunately, not every VPN company is interested in doing the right thing. You should assess each one individually, rather than assuming it's legitimate just because it has a premium tier. In 2015, 47 million free users of Hola VPN discovered that they were unwittingly contributing to a botnet for the company’s sister service Luminati. This event demonstrated that even well-established companies can have flaws or engage in unscrupulous practices. Such lapses in judgment from formerly trustworthy providers are a significant reason why I don’t recommend subscribing to long-term VPN plans. What was a secure service today could turn out to be untrustworthy the next.
Ad-Supported VPNs: Free With a Price
Free VPNs without premium tiers often rely on alternative methods for generating revenue. Less reputable services will turn to ads. None of the VPNs we recommend are ad-supported, but you will see dozens of these services on search engines and app stores when you search for a free VPN. On the surface, it may not sound bad. After all, you get a free VPN, and the company gets some ad revenue. It’s a win-win, right? Not really. Ads are most effective when targeted at specific groups of users, and advertisers require data to identify the ideal audience.
A reputable VPN shouldn't request your location, phone number, call logs, or access to your camera.
These ad-supported services may do what they claim and hide your activity from your ISP. Worst case, it won’t hide your traffic well or at all. It should be a bright red flag if you can’t easily get your hands on a privacy policy or if a search inquiry doesn’t turn up any details about the company. Assuming the VPN functions as intended, you still end up sharing your data with the VPN and its advertising partners. Some may even go further than your ISP would, especially if you install it on your phone and allow all of the permissions it requires to access your call history, contacts, geolocation, calendar, and more. That information is funneled directly to advertisers to target you with ads, spam calls, and junk mail.
This type of user data is often collected through the use of software development kit (SDK) trackers, which provide companies with insight into the fine details of your interactions with apps. SDK trackers run in the background and harvest your unencrypted data. Beyond the direct privacy violation these trackers impose, your data can then be subject to a data breach if any of the advertisers that store it face an attack, since many brokers and advertisers operate in countries without strict data handling laws.
Zimperium released a report in 2025 that uncovered hundreds of shady free mobile VPNs and showed how these services track and sell data to brokers. Many of these apps resurface under a different name and logo if they are taken down, banned, or called out. Make sure to exercise extreme caution when downloading apps and to double-check that you’re installing the correct one in the first place. A common tactic of these VPN apps is to use the listed name (or close to it) of a popular, trusted provider in the hopes that you won’t pay too much attention. Take the image below, for example:
The Google Play Store now displays a "Verified" badge for trusted VPN applications, which helps cut through the noise. However, take a look at just how many unverified applications are listed in the midst of that, particularly on these first couple of pages of results for "free VPN."
Malicious VPNs: When Free Turns Dangerous
Ad-supported services are unscrupulous, but you can usually tell what you’re getting when these apps ask for permissions or are described as having in-app advertisements. The more malicious variety is applications that are masquerading as VPNs. The apps are most often found outside of traditional hubs like Google Play or the App Store and can infect your desktop or mobile device with malware , including trackers, spyware, or even ransomware. The more covert ones may even appear to function while hidden malware works in the background to steal your personal information.
Luckily, these can be easily avoided by sticking to trusted app platforms. You still have to contend with VPNs that may track you in more traditional ways, but most platforms have detection algorithms in place that significantly reduce the chance of blatant malware infecting your device. One good rule of thumb is that if a service sounds too good to be true, then it probably is. Don’t believe a VPN, or any app, that claims to give you the same performance and protection as the big names in the industry for free.
How to Spot a Trustworthy Free VPN
I have a detailed guide that covers all the ins and outs of selecting a VPN , which I recommend reading if you’re interested in the fine details. Here, I’ve compiled the following quick steps to assess whether or not you can trust a supposedly free VPN:
Run a Quick Reputation Check
It might sound simple, but many free VPNs appear one week and disappear the next. Conduct a quick search to determine if the company has been in operation for an extended period. If you can’t find anything, then don’t download it.
Scrutinize the Privacy Policy
If it doesn't have a privacy policy, don’t use it. If it does have one, then review it to ensure it isn’t harvesting your data.
Watch for Red-Flag App Permissions
A reputable VPN shouldn't request your location, phone number, call logs, or access to your camera. If it does, don't use it—and ideally, uninstall it.
These three steps, along with a dash of caution, will keep you safe from most predatory apps and free services floating around. As a final piece of advice, trust your intuition. Threats and tactics from untrustworthy providers are always evolving. There may come a time when a promising app looks perfectly fine on paper but just feels off in some way. Simply put, never download something that makes you uncomfortable.
