In today’s digital world, protecting yourself online has never been more important. Virtual private networks (VPN) have grown popularity as a quick and easy way to make sure that your internet service provider, the government or even malicious third parties are not tracking your activity online. While there are many free VPNs that offer their services in exchange for users seeing ads when they log on, some are less reputable than others.
Trend Micro recently released a report highlighting significant security risks in one popular free VPN provider. TechRadar Pro spoke with the Trend Micro’s Principal Security Strategist Bharat Mistry to learn more about the report and what consumers should look for when signing up for a VPN.
Why are VPNs growing in popularity among consumers and what are their primary uses for these services?
Consumers are increasingly using VPNs for Privacy and Identity protection more than anything else. By having a VPN you have an encrypted channel between your browser and the VPN endpoint thus stopping prying eyes (Governments, Internet Service Providers, Cyber Criminals and other eavesdroppers) seeing the sites that you are going to and the data you are accessing.
VPN services are especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure and having an encrypted channel ensures that the data is not seen by unintended parties. The other reason why VPNs are commonly used is so that users can access uncensored content that would normally not be allowed within their country or region. A good example of this is consumers using a VPN service which terminates in the UK to access BBC iPlayer content from outside the UK.
How can the average user tell if a VPN is safe to use? Are there any surefire ways to determine a VPN’s safety?
Any free or community VPN service will always have some drawback associated with it as the operators of the service require some revenue generation in order to keep the service up and running. For the average user unfortunately there is no sure fire easy way of ensuring a “free or Community” VPN service is safe to use as the VPN client or software on the user’s device may be doing other things such as harvesting personal information, sniffing the local network, interrogating the local machine’s registry, browser history and cache and selling the information on to the highest bidder.
The only way to ensure that a VPN service is genuine is to opt for a fee based service from well-known service providers that have a good reputation and have reviews from independent organisations.
How can some VPNs afford to offer their services to users for free?
There is no way a VPN service can be provided for free as it costs a lot of money to provide the infrastructure comprising of network links, bandwidth, servers and hosting. That infrastructure has to be paid for somehow. If it's not paid for by user fees, it's likely to be paid for by advertising, data gathering, or some nastier reason.
What was your company’s motivation for investigating the free version of HolaVPN?
The motivation behind the investigation was to expose the service for what it actually is, rather than how it’s marketed. Users of VPN services are extremely reliant on the privacy and identity protection features, especially those in oppressed countries where “freedom of speech” is prohibited or where the government is eavesdropping on the communications of individuals without any consent.
How can a residential proxy network potentially be abused by cybercriminals?
A large residential proxy network is a big risk to security on the internet. Because the exit nodes are hard to track and are of a dynamic nature, it is possible for users of the network to be anonymous to a high degree thus attracting cybercriminals and fraudsters. It is not hard to imagine that actors committing click fraud or targeted attackers who do reconnaissance of a network have a great interest in getting access to a residential proxy network. The advertisement business in general is exposed to a lot of attempts to commit fraud. The incentive for committing advertisement fraud is large as the total market of advertisements on the internet is estimated at many billions of dollars and is still growing each day.
What advice would you give to a consumer or business shopping for a VPN for the first time?
My advice for first time buyers is there is no such thing as a free VPN service as it costs money to operate the VPN infrastructure, so do your research first and foremost. Use search engines like Google for company or product name and read the review, especially those from independent trusted organisations or from professional reviewers. If you see a huge number of complaints showing then it might suggest the service isn’t reputable. Finally, be sure to choose a service that has capabilities that meet your needs. You may need one or more features only provided by certain services. So, think through your needs as you make a decision.
Bharat Mistry, Principal Security Strategist at Trend Micro (opens in new tab)