A database of users of free VPN applications for Android – Super VPN, Gecko VPN, and Chat VPN – was discovered on a shadow forum. Experts do not rule out that the owners of such services themselves leak personal information. Are all free services dangerous, and how to avoid leaking personal data?
What data do free VPNs collect?
During this particular incident alone, several VPN services were compromised. For SuperVPN, this is not the first leak: the service users’ data have already been leaked to the public in the summer of 2020. But how many hacks do we still not know about?
The point here is not even that the data of 21 million people who used free VPN services got into the Net – the owners of such services themselves leak the data of many hundreds of millions of users and sell it to companies involved in spying on people.
If a person uses a free online service, he should understand that most likely the commodity is himself. No one will create a rather complicated and expensive server infrastructure for free VPNs if they can’t recoup the costs.
Such companies collect and repeatedly resell the following data:
- what sites the person visited;
- what he is interested in;
- the amount of data the user exchanged with sites or other users;
- payment data, purchases made;
- the IP addresses from which the user opened a VPN connection.
How to protect yourself from leaks
It is essential to understand that leaking or selling data from a free VPN service is not an incident. It is guaranteed by the very logic of using any free service.
The worst thing is that people trust these services and psychologically feel safe using such VPN services. This hack can serve as a perfect sobering lesson for all users of free and relatively inexpensive and unpopular services.
There are a few simple rules to follow when one connects to the network using a VPN: Always know how trustworthy the service is. How many years has this service been on the market, and what is its reputation? Remember that with or without a VPN, there is no anonymity on the Internet: any user action can be linked to him personally. Unlike real life, in digital life, we leave traces so much and so often that an ordinary person can’t cover them completely.
Use VPN services as if they always collect all the data. There have been many cases where a VPN service has openly claimed that it does not collect logs and other data of its users. Later on, it turned out to be precisely the opposite.
It is better to run your own VPN server on the hosting of an independent company than to trust a third-party service. There are plenty of instructions on how to do this, and often you don’t even need special technical training to do it. Remember that even a paid service does not in any way guarantee the privacy of your data: paid VPN services can belong to government agencies of any country in the world and collect information for their benefit.