There are some big misconceptions surrounding Virtual Private Networks (VPNs). One of those misconceptions is that VPNs are sometimes free. And we get it, affordability is a big factor when choosing the right VPN, but a free VPN can never be truly free. In fact, price should be pretty far down on the list of priorities when picking a provider. If you saw the log scandal recently, you may know where this is headed…

But before we dive into that, let’s just remind ourselves of what they are and why we should be skeptical about cheap and free VPNs.

What actually is a VPN?

You might be aware that a VPN is a private network that we can connect to, to help secure and encrypt our connection. But we often forget servers are tangible computer hardware that must have a lot of architectural investment, cooling infrastructure, physical space, and a tonne of electricity. Then, consider VPN providers that have these physical servers stored all around the world. 

Why a VPN cannot be free

Clearly, it costs thousands, if not millions, to set up and maintain servers across the world. Now, there is no charity in the free market and VPNs aren’t a basic human need, so this means profit-seeking companies are the ones providing them.

There are only two ways for a VPN to make money. Either the customer pays them directly for providing access to the server, or the VPN sells the customer’s data for cash. Given that customers assume VPNs increase their privacy and security online, selling data is a huge issue.

There’s an old adage that says if you don’t pay for the product, you are the product. A free VPN is basically telling you indirectly that your data is being sold – at best. Otherwise, it’s just an outright scam or government surveillance program.

Paid isn’t always safe

So evidently, we need to accept that paying for a VPN is necessary. In fact, we need to not let affordability dictate which VPN we choose, because when the focus is being an affordable VPN, it’s a red flag that they’re not upholding the best security, fastest servers, or perhaps they’re supplementing their income elsewhere…

But even normally priced VPNs have let customers down in recent years. As mentioned earlier, some VPNs have to be found handing over logs to authorities. EarthVPN, PureVPN, Hide My Ass VPN, and IP Vanish have all been found to have handed over logs to authorities, despite many claims of “absolutely no logs” by IP Vanish and EarthVPN.

VPNs could be anything from scams to overseas government surveillance programs, it’s difficult to know when we first come across a new one. VPN scams are rife, so it’s wise to stick to proven, credible companies.

What are logs?

So, there are two types of logs to be aware of: connection logs and usage logs. Connection logs are basically anonymized logs that a VPN provider may use to help gauge the usage and traffic of each server. There are some genuine operational advantages to using these, and if a VPN provider limits the number of simultaneous connections (per user) then this is as good as saying they keep connection logs. 

Connection logs can save the time connected, IP address that it was connected from, which server is being used, and diagnostic data. Some jurisdictions will even force VPN providers to keep connection logs. Inevitably, though, IP addresses can be paired together with other data too, meaning the notion of it being “anonymized” isn’t impenetrable. VPN companies usually claim they destroy these connection logs after X amount of days, whilst others like NordVPN claim to not even have connection logs.

The second type of log is the usage log, which is even more concerning. This stores the websites visited with the IP address you visited them from. So, attached to your IP address could be unencrypted messages, which apps and services you use, your physical location, and your visited websites. This is an absolute no-go for VPNs, but clearly, some still can’t help but keep and share these logs.

How to choose a safe VPN

The reality is there is no watertight answer to this, but there are some red flags you should watch out for, and this can help with the process of elimination.

Of course, VPNs with any kind of track record or links to nefarious government behavior, selling data, or handing over logs should be an outright blacklist. It’s not worth believing that the companies have turned over a new leaf – if they’ve cooperated before, they will likely cooperate again. Why? Because they have broken their own mission statement and values that are core to the business. They have nothing left to offer after they break these.

Most companies do claim they do not keep logs, and we should naturally be skeptical of these claims. Clearly, it’s easier said than done. You can’t actually prove any of these claims as a customer, and nor can any outside reviewer. Even the audits and transparency theater performed by VPN companies cannot prove no-logging. All we can do is look for a squeaky clean track record and see if they perform in line with their own values they set out. 

Ultimately though, you get what you pay for. Price often indicates quality, and whilst there will be exceptions, a VPN isn’t a service to try and be frugal with so avoid no cost VPNs. And secondly, never be the guinea pig for a new VPN provider – let it prove itself over time and only then trust it.