Three VPNs to Avoid Like the Plague

Three VPNs to Avoid Like the Plague

You should know: This isn’t easy for us. We spend most of our time making lists of the better VPNs out there, like our list of the best VPNs for Netflix and our roundup of the top VPNs for iPhones. Focusing on the lousy, the subpar, and the rotten feels wrong. Still, someone has to sound the alarm. VPNs can be expensive, and you deserve to know if you’re throwing your money away.

So, without further ado, here’s our list of VPNs you’re just better off without.

1. SuperVPN: Just Plain Wrong

What’s wrong with SuperVPN? Plenty, but let’s start with the problem that matters most: The service isn’t secure. It’s not secure from government spying, and it’s not secure from hackers. The company’s privacy policy doesn’t say it stores IP addresses and records of its users’ online activities anymore, but it certainly used to. Now it offers the not-at-all reassuring promise that it “barely records your personal information” — whatever that means. Elsewhere, SuperVPN clearly says it complies with law enforcement requests for user information.

You may be thinking: I’m not planning to break the law, so why should I worry about government spying? Well, just because you haven’t broken the law doesn’t mean you won’t be targeted by government agencies. SuperVPN isn’t safe from hackers either. The service brags that it uses 1,024-bit encryption, an encryption method that’s been obsolete for some 15 years. Google Play removed the app for a time in early 2021 precisely because of worries about its security.

Add to these basic security problems the fact that it has no kill switch, it can’t even access Netflix, and there’s no available information online about the developer, and you get a pretty clear idea why you’re better off passing on this VPN.

2. Hola Free VPN: An Experiment You Don’t Want to Be Involved In

It sounds like a good idea: Route all your users’ internet activity through other users’ devices. No one knows which users are going to which sites, and you don’t have to worry about fancy encryption or external servers. Think about it for 10 seconds, though, and the idea starts to sound less good.

Let’s say you log on to Hola. The service gives you another user’s address so you can surf the web in anonymity. You’re not doing anything illegal, so everything’s cool. At the same time, however, Hola gives your IP address to Joe Blow in Cincinnati, and Joe Blow decides to use his VPN connection to order some heroin from Mexico. Guess whose house the FBI is going to show up at? Spoiler alert: not Joe’s.

We should point out that we’ve given Hola’s paid services positive reviews. Those services use AES-256 encryption, provide access to 1,500 servers, and even unblock Netflix. We’re not sure what the company was thinking, though, when it developed its free plan, and we recommend avoiding it, well, like the plague.

3. Psiphon VPN: Close Only Counts in Horseshoes

Yoda said it best: Do or do not; there is no try. The whole point of a VPN is to keep your data secure and conceal your online activities. If it’s not doing that, why bother installing it?

Psiphon’s privacy policy used to state, right at the very beginning, that the VPN “does not increase your online privacy, and should not be considered or used as an online security tool.” We’re guessing that probably cost the company some business. Suffice it to say, the policy doesn’t say that anymore. That doesn’t mean the service is 100 percent safe.

First, it’s important to note that Psiphon is headquartered in Canada. Why does that matter? Canada is a member of Five Eyes, an alliance of countries, including the U.S., that have agreed to share surveillance with one another. That surveillance includes information gathered from citizens’ online activities. In short, Canada can subpoena Psiphon at any time to turn over its customers’ records.

What records does Psiphon keep on its customers? Psiphon’s current privacy policy suggests the company doesn’t collect IP addresses, but it doesn’t go so far as to state that in concrete terms. We’ll give the company the benefit of the doubt and assume it doesn’t. That’s a step in the right direction.

It does, however, collect the IP addresses of sites visited, city and state information about the user’s IP address, information about how long a user was connected to the VPN, and a record of how much data the user downloaded from each site. Of course, it’s easier for law enforcement to track you if it has your actual IP address, but Psiphon certainly holds on to enough information to allow them to figure out who is doing what on the VPN. In other words, Psiphon is safe-ish, but not safe. And, as Yoda would tell you, safe-ish isn’t good enough.

What Can Go Wrong With a VPN?

The sad fact is, there are a lot of bad VPNs out there — so many that we don’t have the time or space to warn you about all of them. We can, however, offer some pointers on how to spot bad ones for yourself. Here’s what you want to check before you sign up.

• Logging information: All VPNs log some of your information. They have to in order to do basic operational tasks like charge you for the service. A VPN should never log information related to your online activities, though, including IP addresses, sites visited, and time stamps.
• Privacy policies: A company’s privacy policy will let you know what it does with the data it logs. VPNs sometimes try to obscure the facts from potential customers, but you can usually sort out which ones are trustworthy if you read their policies carefully. You don’t want to purchase a VPN that works with law enforcement or government agencies, and you don’t want to purchase one that hands data over to third-party vendors.
• Headquarter locations: If a company is headquartered in a Five Eyes, Nine Eyes, or 14 Eyes country, the government can force it to turn over customer records. Some companies claim they don’t keep customer records so they have nothing to turn over. The safe bet, though, is to go with VPNs that are located elsewhere.
• Leaks: Avoid VPNs that have a history of leaks. A DNS or WebRTC leak can expose your PII to anyone who happens to be watching.
• Security tools: Pay attention to what kind of security tools your VPN uses. You may not be an expert on the difference between TCP/IP and WireGuard protocols, but you can look for three important hallmarks of strong security:
  • AES-256 encryption, the same encryption used by the U.S. military
  • A kill switch, which closes sites and apps if you lose your VPN signal
  • Multihop technology, which routes your connection through not just one but multiple servers
• Company history: VPNs change over time. A company with a reputation for leaks can improve. In general, though, if your research into a VPN reveals that it has weak security or that it has a history of turning over customer data to the authorities, you may want to think twice about installing it.

Recap

Yes, you need a VPN. In this day and age, you shouldn’t be connecting to public Wi-Fi without one. You don’t want just any VPN though. If you need to save a few bucks, it’s fine to go with a service that doesn’t offer bells and whistles such as split tunneling or that can’t unblock streaming services such as Hulu and Netflix. If you can’t count on your VPN to keep you secure, though, you may be better off without a VPN at all.

We’ve given you three great examples of some specific VPNs to avoid. The truth is, if you want to avoid scams and rip-offs, you have to learn to spot the warning signs for yourself. You don’t have to be an expert — we’re here for that — but there are far too many people out there in the digital world trying to take advantage of you not to keep your guard up.