Skip to main content

Touch VPN review

A fast, free and unlimited VPN – what could possibly go wrong?

Touch VPN

Our Verdict

We love the speed and the fact that it’s free, but Touch VPN raises too many flags to trust it with anything important.


  • Free
  • High performance
  • No registration required
  • Unlimited bandwidth


  • Worthless privacy policy
  • No information on the website
  • Dubious Android app reviews
  • DNS leaks with the Windows app

Touch VPN is a popular free VPN download which supports Windows, iOS, Android and Chrome.

The iOS version has ads and an optional ad-free version available for $29.99 (£22) a year. The Android app also has ads, with no commercial version. The others are entirely ad-free, and none require registration or have any data transfer limits.

That all sounds great, and we were keen to find out more. Unfortunately, the Touch VPN website wasn't much help, being little more than a single page with a few generic explanations of what a VPN can do.

There are a few scraps of information on the various app pages. The Chrome store explained that Touch VPN's extension can connect you to Sweden, United Kingdom, Denmark, France, United States, Netherlands, and Canada, for instance. But the text hadn't been updated since 2015, and most of it was very vague.

Pointing our browser at Touch VPN's social media feeds didn't show much sign of activity, either. The company’s Google+ page hadn't been updated since 2015, and its Twitter page had only three tweets, all identical, posted on the same date in 2016.

A good VPN should be constantly working to improve its services, so this dusty, abandoned look didn't exactly fill us with confidence. But then we noticed a possible explanation. In 2015, Touch VPN was acquired by AnchorFree, the company behind Hotspot Shield. That suggests Touch VPN has something to offer, and if the original owners left at acquisition time, it might also explain why there's little going on right now.


Most VPNs love to boast about their ‘no logging’ policies, their wide protocol support, and all the technologies they use to ensure your privacy and security. Touch VPN's website says absolutely nothing about any of that on its main page, unfortunately, so we decided to check out the small print.

The privacy policy was a surprise for a couple of reasons.

The first was the sheer volume of information collected. Anonymous details logged include "your approximate geo-location, hardware specifications, browser type and version, the date of the Software installation, the date of your last use of the Services, your operating system type, version and language, registry entries, your URL requests and respective time stamps."

Gulp. The policy says "we do not make any efforts to reveal your identity through this information", but we'll leave you to decide how reassured you should be.

The policy goes on to explain that it may also collect personal information, including "your IP address, your name and email address in case you provide us with this information (for instance when you open an account or if you approach us through the ‘contact us’ option), screen name, payment and billing information (if you purchase premium services)..."

Log in using a third-party account, such as Facebook, and the site could also get access to your "user name, email address, profile picture, birthday, gender and preferences."

The second problem with this privacy policy is that a lot of it makes no sense. It talks about checking whether your device is in use, for instance, to make sure it doesn't send you any "requests". Why would a VPN service send you requests?

And then we noticed a clue in this clause: "As part of the Services' nature and to enable browsing acceleration, information which is publicly accessible by other users that you have accessed may be accessed by those users from cached copy of this data from your device."

Accessing information via other users and caching data on your device are tricks used by Hola, and sure enough, searching for that clause at Google returned an identical line in the Hola privacy policy.  Touch VPN appears to have cut and pasted large chunks of the Hola document, just editing it to replace Hola's name with its own.

What's going on? There are two possibilities, neither very appealing. Either the privacy policy is legitimate, in which case Touch VPN logs more data than almost anyone (well, except Hola). Or it's a clumsy cut-and-pasted fake, in which case we're struggling to see why we should believe anything else the company says.

Touch VPN


Touch VPN offers several clients, each working in very different ways, so to properly understand the service we decided to explore the Chrome extension, as well as the Windows and Android apps.

We started with Chrome and immediately spotted a problem. Although the extension’s rating was an impressive 4.5, when we checked the reviews we found large numbers of duplicates. When we visited, the last 18 reviews were identical, all giving five stars but all using the same text. There was another regularly repeated template before that, again giving five stars. Maybe the rating wasn't as impressive as it first seemed, after all.

We installed the extension anyway, and noticed it required more permissions than we were expecting. Is it really necessary for the app to "manage your apps, extensions and themes", for instance?

The extension also asks for permission to "communicate with cooperating native applications", or reach outside of the browser to contact other processes. We would like to know the reason for that, too, but Touch VPN doesn't provide any explanation.

After completing the installation, we tapped the Touch VPN address bar icon and a simple console appeared. This gave us the option to choose a virtual location in Canada, France, Germany, India, Netherlands, Russian Federation, Singapore, the UK or US, and apply this change to all our browser tabs, or just the current one.

Alternatively, tap a Click to Connect button and Touch VPN automatically chooses a location for you. Most VPNs select your nearest server, but unfortunately Touch VPN appears to pick one at random, making it a little less useful.

However you connect, Touch VPN usually displays a flag icon in the bottom left of the screen as a constant reminder of your current location. This is a good idea, at least in theory, but during our tests it didn't appear all the time.

Although Touch VPN calls itself a "free proxy to unblock any sites", this wasn't the case for us. It unblocked our test YouTube clips, but Netflix and BBC iPlayer both refused to stream content when connected to Touch VPN servers.

Performance was generally very good, with speeds regularly reaching 50Mbps and more. There were occasional exceptions when a particular session seemed very slow, or at least inconsistent, but that's no surprise for a free product, and disconnecting and reconnecting always fixed the problem.

Although Touch VPN doesn't display ads, as far as we could tell, there are one or two marketing tricks. For example, after using the extension for a while, it asks you to share it on your social media feed before you can link to a specific location.

We also have some questions about privacy. Checking the extension code reveals this whitelist of domains which will be accessed directly, and not passed through the VPN tunnel:,, chrome-signin,, event.shelljacket,, box.anchorfree, googleapis, hsselite, firebaseio,,,, and

Several of these websites can be used for tracking, and as Touch VPN doesn't have a privacy policy we can trust, there's no way to be sure what it might be doing.

Touch VPN

The Touch VPN Windows app looks similar to the Chrome extension, but has even fewer options. You can choose a location, click Connect or Disconnect, and that's essentially it.

You get more locations in the Windows app, with sites including Argentina, Australia, Brazil, Canada, Czech Republic, Denmark, France, Germany, Hong Kong, India, Indonesia, Ireland, Italy, Japan, Mexico, Netherlands, Norway, Russia, Singapore, Spain, Sweden, Switzerland, Turkey, Ukraine, plus the UK and US. The list isn't displayed in alphabetical order, which makes it a little more awkward to browse, but otherwise it's an excellent set of locations for a free service.

Connect to a server and the app displays a session timer, along with the total amount of incoming and outgoing data. In the background, the app is creating a temporary IKeV2 connection using Windows' own VPN support. That's not giving you the security and control you'd get with a specialist OpenVPN-based client, but it's much more capable than the Chrome proxy approach.

The Windows app was a little more successful at site unblocking, too. We were able to watch content on BBC iPlayer and YouTube, although Netflix still wasn't fooled.

Performance was excellent, with UK-Europe and UK-US download speeds achieving at least 50Mbps on a 75Mbps connection. Even going long-distance to Hong Kong couldn't stop the party entirely, with downloads approaching a creditable 20Mbps (we've seen capable commercial services barely reach 10% of that).

What you don't get with the Windows client, unfortunately, is any form of DNS leak protection. Visiting showed Touch VPN was always assigning us servers in the locations we were promised, but our original DNS servers were still visible to anyone who looked.

Touch VPN

Touch VPN's Android app is better looking than its Windows and Chrome cousins, with a more consistent and straightforward interface.

The list of locations changes again, unfortunately, dropping a few from the Windows build. Here you get Australia, Canada, Czech Republic, Denmark, France, Germany, Hong Kong, India, Italy, Japan, Netherlands, Norway, Russia, Singapore, Spain, Switzerland, Turkey, Ukraine, and the UK and US.

The app works much like the other two. You're able to choose a specific location, or allow the app to select the best one automatically, then connect and disconnect with a click. We found automatic selection worked reliably this time, with Touch VPN always choosing the server nearest to us, and the selected location was always clearly displayed by the app.

Touch VPN's website unblocking results saw the Android app allowing access to BBC iPlayer, but not allowing us to view Netflix or protected YouTube clips. We're unsure why each client performed differently, but one explanation might be that they're using different servers within the same country, and some of these help bypass geo-blocks, while others don't.

Wi-Fi performance was reasonable, with maximum speeds of around 15Mbps. This tailed off drastically as we tried more distant servers – US to UK connections were barely 5Mbps – but that’s still enough to handle basic tasks.

The Settings dialog included a useful 'Notify me if I connect to unprotected Wi-Fi' option, handy as a reminder of when you might need a VPN.

Another setting option offers a choice of VPN protocols including OpenVPN UDP, TCP, and HydraVPN (there's no explanation of what the latter might be). There's no mention of OpenVPN support in the Google Play description, which only talks about proxies and SSL encryption, but when we checked out the app's APK file (its executable files and data) we did find OpenVPN and related libraries.

We noticed one questionable feature in a 'Sign in' option, which offered us the chance to sign in with Facebook, Twitter, Google+ or email. We tried it with a dummy email and saw no benefit to us, so our best guess is the company is hoping that curious users will try it with their social media profiles, and unwittingly hand over their profile details.

There are ads, too. Lots of ads, some displayed within the app when you're connected, and the occasional full-screen ones appearing when you connect or disconnect. They're annoying, though we've seen worse.

Touch VPN also adds a Performance Widget on your lock screen, forcing an extra swipe before you can fire up your device. That's even more annoying, but fortunately it's also optional, and you can turn it off from Settings.

Final verdict

Touch VPN's high speeds and unlimited bandwidth are appealing, but the copy-and-pasted privacy policy, duplicate reviews and over-the-top Chrome permissions suggest it's not to be trusted. Don't use it with anything faintly important. And ideally, don't use it at all.