There are plenty of acclaimed Virtual Private Networks (VPNs) around. From NordVPN to Astrill VPN, the VPN sector has some outstanding providers, and users can rely on them to keep their browsing safe and sound.

But that hasn’t always been the case. Not at all. Since VPNs first started appearing in the 2000s, there have been some shocking examples of how not to provide online security.

Even now, you’ll find apps that promise a lot but deliver very little. So we thought we’d offer our guide to the worst VPN providers ever. That way, users can be on guard and be able to spot rogue apps before they cause any damage.

What makes a bad VPN so dangerous?

Before we get into our list, let’s think for a bit about why these VPNs are so bad – and dangerous.

VPNs are supposed to provide security. They should offer ironclad encryption and IP anonymization, without any unpleasant surprises like malware. And they definitely shouldn’t be logging browsing histories to sell to third parties.

In a good VPN, the privacy policy matches up to company practices. You get what you pay for, nothing more, nothing less. And you know that your data will be protected.

With the worst VPN providers, none of that is true. Even worse, users might think they are getting first-class protection, leaving them totally exposed to online threats.

But in a sector where reputation matters, surely very few VPNs have breached these red lines? Think again. As we’ll see, rogue operators have been depressingly common. Let’s get to know some of the worst.

1. Hola! A fake VPN that caught out millions

Hola! was one of the first mass-market consumer VPN products. Well, we call it a VPN, but it actually never really offered the kind of protection a genuine VPN would.

Based on P2P connections, Hola promised to beat geo-blockers by routing your traffic through the connections of other users located around the world. And it attracted some superstar investment, from the creators of Skype and Israeli state research funds.

Soon, though, the truth emerged. Far from operating as a security tool, Hola had actually been adapted to provide extra bandwidth for its sister company, Luminati.

Each user on the network essentially functioned as a “bot,” boosting the profits of the Luminati hosting service, but sapping user bandwidth. Moreover, activists in the Adios Hola! network highlighted fatal weaknesses in the service’s code, as well as routine tracking on Android platforms.

And when users started peering into the Hola privacy policy, they found a nightmarish range of tracking features. The service has become much less popular as a result, but for a few years, Hola was a sponge, soaking up data and compromising user security.

Read our full Hola! VPN review

2. VPNBook: When free isn’t free at all

Many VPNs offer free services in an attempt to entice unsuspecting users. But when they only offer free coverage, alarm bells should ring. And that was definitely the case with notorious free provider VPNBook.

Dubbing itself the “Number 1 free premium VPN provider” in the US and UK, VPNBook tries to create a benevolent image for itself, claiming to be funded by donations and web-based advertising. If that was true, it might be worth investigating. However, it isn’t.

Researchers have found strong signs that VPNBook sells user data to third parties – an impression that has been backed up by their shady address information. Nobody can find out where the company is actually based, or who is behind it.

The likelihood is that VPNBook, like so many other free VPNs in the past, is a revenue stream masquerading as a security tool. And that’s before we even talk about the snail-like speeds that users experience. Put together, it definitely adds up to one of the worst VPN providers around.

Read iour full VPNBook review

3. Opera VPN: A sham VPN intended to boost a failing browser’s image

Once upon a time, Opera looked like a mounting challenge to Internet Explorer or Firefox. But it struggled to gain traction as other browsers like Chrome appeared, and now it’s basically a footnote in web history.

At one stage, the browser’s developers sought to capitalize on the trend towards VPN usage, so they bundled in an add-on called OperaVPN. Supposedly, this app would provide in-browser protection and encryption, without the hassle of downloading or paying for an external client.

Unfortunately, that wasn’t even close to reality. It soon emerged that OperaVPN wasn’t a real VPN. Instead of using premium protocols like OpenVPN, it simply routed traffic through proxy servers. This provided a degree of IP anonymization, but encryption was nowhere to be seen.

So how could Opera call it a VPN at all? Good question.

Opera didn’t really have an answer, so they quietly dropped OperaVPN in 2018, and there’s no sign of it returning in updated form.

Read our full Opera VPN review

4. OKVPN: Definitely not OK, not OK at all

Our final choice is probably the worst VPN of all. And don’t just take our word for it. Researchers at the Commonwealth Scientific and Industrial Research Organisation in Australia assessed hundreds of Android VPNs, and one name towered above the rest for all the wrong reasons: OKVPN.

Now delisted from Google Play, there was a time when OKVPN was a popular download. After all, it was free and had an attractive Android app. This gave the impression of competence. The problem was, underneath the hood, things were very sinister indeed.

It turned out that OKVPN was basically a malware injection machine, beaming all sorts of tracking tools to Android phones. And it also delivered a steady diet of popup ads, just to make the whole experience extra annoying.

Stick to the VPN elite, and avoid security nightmares

OKVPN was terrible, but it wasn’t alone. The same CSIRO study found that 38% of Android VPNs surveyed were involved in malware injection – a pretty astonishing percentage.

And as we’ve seen, even respectable providers like IPVanish have had their issues over the years. This makes it tricky for new users to choose a VPN they can trust.

But it’s not that hard. Elite providers like NordVPN, Cyberghost, Astrill, or ExpressVPN deliver on their promises and take privacy seriously. They may cost a few dollars a month, but when you factor in the cost of exposing your security and privacy, that’s a price worth paying.