While we only consider very few free VPNs as a possible alternative to top-notch premium services, we also have to admit that there is no perfect VPN, either paid or free. Obviously, certain VPN security risks are more common and frequent in the case of free VPNs while some may not even relate to paid VPNs. Let’s see how a VPN that is supposed to protect your anonymity may do just the opposite and risk your virtual as well as your physical security.

These are the 7 most dangerous VPN security risks

#1 Logging

VPN security risk - loggingIn our view, one of the most problematic VPN security risks is obviously the logging practices of a VPN. Why? Because logging is a gray area where your privacy no longer exists depending on what gets recorded and how long such data is stored.

Although most paid Virtual Private Networks claim no logs or zero-log policy, unfortunately not all of them mean it. However, when it comes to free VPNs, these providers definitely log more than it is “healthy” for your privacy.

Basically, there are two types of logs: connection and usage. While connection logs may be innocent and may not include your original (true) IP address or any other personally identifiable data, usage logs can surely identify you.

Whenever there is any limitation on your VPN service, you can be sure that there is logging involved; otherwise, how would the provider know how much data you have used, how many devices you have connected, and so on?

Logging for VPNS that collect sensitive data

Not all logs are evil, as you can see. There are certain data that VPN providers do need to be able to maintain their quality service. As long as this information cannot lead to your identification and exposure, you should be safe.

Apart from these logs, another possible place to leak your identity is when you actually pay for a premium service. When you buy a VPN plan, you need to be very careful to choose a service that offers you at least one anonymous payment option, such as cryptocurrency (Bitcoin, Dash, and Ethereum) or other alternatives.

If you pay with your credit or debit card, or via PayPal, there will be an identifiable transaction so you could be linked to a VPN account personally. This is not an option for those wanting full privacy and anonymity.

#2 Privacy Policy

one of VPN security issues - privacy policy

Closely related to the logging practices of a VPN service is the Privacy Policy. You should never trust the marketing slogans about the most important factor. Whatever a VPN provider may claim on its website, you must read the Privacy Policy word by word to understand what they actually may log even if it may be referred to as “data we collect for bettering our services” or something along this line.

Privacy Policy may reveal invasive data practices

We don’t advise you to sign up for any VPN service before reading the legal documents from beginning to end. We have seen a couple of unfortunate cases in the past years like the one we mentioned in our PureVPN Review; you know, when the FBI asked PureVPN to share theoretically non-existent logs regarding a cyberstalker.

While a part of you would condemn illegal VPN practices (cyberstalking), you can’t forget about the main characteristic and promotional base of these services, i.e., your privacy and no logs whatsoever.

#3 VPN service based in a Five/Nine/Fourteen Eyes country

VPN Security Risk - VPN service based in multiple countries

The third one of the VPN security risks can be argued, of course. We are sure there are people who wouldn’t consider a VPN provider being based in a Five Eyes country like the US or Canada as a serious security risk. Some premium services choose a tropical or more privacy-friendly country as their base, though, in order to avoid strict data retention laws; for example, NordVPN is based in Panama.

Nevertheless, even that may not be enough. Because, if a VPN provider logs your connections or keeps other data about you, it might still feel compelled to share those with the authorities. We have also seen some good examples like in the case of ExpressVPN (based in the British Virgin Islands, a Fourteen Eyes country) when the provider was forced to share data with the Turkish authorities; yet, it had no logs whatsoever to share.

Global surveillance fails

As you can see, it all boils down to what kind of logs the company has about you and whether they are willing to share these. A few dedicated premium VPN providers will go as far as moving their base to another more privacy-friendly country or shut down their servers in a surveillance-friendly country. In order to find out about this vital piece of information, you need to do your research right.

So, whether you choose a provider based in a surveillance-friendly country or not, make sure the logs can’t hurt you and your anonymity. With that said, we would still consider a privacy-friendly country as a more secure base.

#4 Leaks

VPN security leak - leaks

Well, even if the previous three VPN security risks are not present, leaks can change everything in a second. No matter how good, powerful, and secure encryption and VPN protocols a VPN offers, a leak can expose you right away.

Basically, there can be IP (IPv4 and IPv6), DNS, and WebRTC leaks in relation to a VPN service. These all can be disastrous if the leaked information lands in the wrong hands, such as the prying eyes, i.e., your ISP, cybercriminals, and the government.

A leak can disclose your physical location and your online activity as well. Therefore, we advise you to only use a VPN that offers leak protection and a kill switch, too. Do not settle for less because it could cost you dearly.

#5 Malware

Unfortunately, more than one-third of Android VPNs have been found containing some kind of malware. These infections could be Trojans, adware, riskware, or spyware programs, for example. The VPNs for Android and iOS devices are also more dangerous when it comes to online privacy since they can ask for all kinds of permissions to have access to other third-party apps and data to work at all. However, granting these could seriously lower your chances to stay anonymous.

VPN security issue - malware

Being distracted by annoying third-party ads while using your mobile is only one thing; however, these infections may spy on you, collect personal data, record your text messages and calls, and steal your banking credentials, too. Make sure you know and trust your VPN before installing it.

#6 Collecting and selling personal data

VPN Security issue - Collecting and selling personal data

Certain free VPN services can only keep running and cover their high costs if they collect data about you and sell these to third-party marketers or whoever pays a good price for them. While seeing more customized ads during browsing may not be such a big price to pay for your VPN protection, let us remind you that this practice is totally opposite to what such a service is for: Keeping you anonymous.

one of vpn security risks - Collecting and selling personal data

So, how are you anonymous if data about you and your online habits are collected and shared with third parties? Again, if such information is intercepted by the usual snoopers, you could be held responsible for anything in connection with your internet traffic, or worse, online frauds could be committed in your name, your home could be robbed, and so on. Of course, these are the worst scenarios, but in today’s world, you’d better be safe than sorry.

#7 Your IP address used as an exit node

Finally, the last of the VPN security risks in our list of the 7 “deadly sins” is one that can as good as incriminate you for something you haven’t even done.

There are some free VPN services like Hola VPN that use a questionable approach to building a VPN network by using volunteer peers and their bandwidth as well as their IP addresses. This can be a dangerous practice because when you join such a network, you also become an exit node, i.e., your IP address and bandwidth will be used by other users.

While this could be used for good and beneficial practices, in our world, you need to be prepared for when duality strikes. And, it does strike hard. On the dark side of this volunteer network of computers is the possibility to use an exit node for illegal activities, including uploading or downloading child pornography. But such a network can also be used as a botnet for all kinds of malicious attacks like DDoS. You should never sign up for a service that uses your IP address and bandwidth if you want to be on the safe side.

Security and privacy above all

If you agree with us that your security and privacy is above all else, you need to use a VPN that is the best of the best. We have tested and researched dozens of VPN services so that we can offer you solutions for your specific needs.

Check out our Best VPN Services page for more detailed information and a VPN ranking so that you can make the right choice that is not related to any VPN security risks.