How Free VPNs Make Users Part Of a Botnet – Why You Should Avoid Them
It might be hard to believe, but some free VPNs have violated the trust of their users by secretly making their devices part of a botnet. Today we’ll discuss the negative implications this has on your cybersecurity, plus how you can avoid these risks by sticking with a reputable VPN provider.
If you follow the world of online security, you might have heard a lot of concern being expressed over the last couple of years about free VPNs and the potential security threat that they pose. One particular concern is that free VPNs could be making their unsuspecting users part of a botnet for malicious and even illegal purposes.
These paid alternatives to free VPNs take your privacy seriously:
- NordVPN – Most Trusted VPN – NordVPN is a dinosaur in tech terms, but has remained the world’s most trusted VPN due to a transparent logging policy, powerful encryption, and constantly expanding network.
- Surfshark – A dirt-cheap VPN with the most premium privacy provisions. Split your subscription with a friend for deeper discounts!
- ExpressVPN – Ridiculously fast network speeds, powerful encryption, great logging policy.
- PureVPN – A VPN with extensive experience going against the world’s toughest censor: China’s Great Firewall.
- IPVanish – The classic VPN choice for HD streaming buffs.
- VyprVPN – Completely self-owned network and cutting-edge protocols hide your identity online.
But what is a botnet, and how can one be created by a VPN? And most importantly, how can you avoid your device becoming part of a botnet? These are the questions that we are going to answer today in our article on how free VPNs make users part of a botnet – and how to avoid them.
What Is A Botnet?
The word botnet stands for robot network, and it refers to a group of computers which are remotely controlled by an organisation or individual. The devices which can be a part of a botnet include PCs, servers, routers, phones, and other electronic devices like shop tills or CCTV cameras. A big range of devices can be made to be a part of a botnet.
There can be legal and above board uses for a botnet. The SETI project, for example – the Search for Extraterrestrial Intelligence – has a project called SETI@Home where interested users give consent for their computers to be used to help to perform the complex calculations that are required for sifting through large amounts of astronomical data. Similarly, the Folding@Home project lets users sign up to donate their computing power to the analysis of protein folding patterns which could lead to new treatments for cancers or diseases like Alzheimer’s. In these cases, people agree to let their computer processors to be used for centralised calculations when they are not being used.
How Bad Guys Use Botnets
However, most botnets are not philanthropically minded projects for sharing calculations. The majority of botnets are set up by criminal organisations and they are formed of the machines of unwitting and unwilling users. A device can become infected by malware which makes the device give over its processing power to the controller, called the botmaster. The botmast controls a vast number of machines which are used for their processing power, usually without the device’s owners even being aware that their machines have been compromised.
Botnets are used for a variety of unsavoury tasks, such as distributed denial of service attacks, where many devices hit a website at the same time in order to bring the site down, or spamming, where the computers are used to send out spam email messages. Other common uses of botnets include click fraud, where adverts are repeatedly clicked by scripts to defraud money from advertisers, and cryptocurrency mining. Most disturbing of all, botnets can be used to serve illegal material, which could mean the devices of unsuspecting users could be used to serve child pornography or other illegal content.
Free VPNs Make Their Users Part Of A Botnet
You can see why botnets are something that users would very much want to avoid. Traditionally, most botnets have targeted unused machines like older servers which are not frequently used but which remain powered on and connected to the internet. But recently there has been a worrying trend of free VPNs which have coopted their user base into a botnet.
The most well known example of a free VPN that acted as a botnet is Hola. Hola was an extremely popular free VPN service from Israel that at its height had nearly 50 million users worldwide. But in 2015, it was revealed that Hola had been selling their users’ bandwidth to cover the costs of its free service – and that this bandwidth was able to buy for botnets. Hola users had been unknowingly giving their devices over to botnets that were being used for all of the shady purposes we mentioned above.
One of the operators of message board 8chan revealed that Hola users’ devices had been used to attack his website. He explained:
“When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this.”
Later, the news got even worse for Hola, when an advisory notice about the produce was posted, saying:
“The Hola Unblocker Windows client, Firefox addon, Chrome extension and Android application contain multiple vulnerabilities which allow a remote or local attacker to gain code execution and potentially escalate privileges on a user’s system.”
The Hola debacle was just one example of the ways that free VPN users can be hoodwinked and ma have their devices taken over and used as part of a botnet.
RELATED READING: Hola Doesn’t Work with Netflix, Try These Alternative VPNs
This problem arises with lots of free VPNs as if these services are not making their money from user subscriptions, they must make money in other ways – and these ways can include selling access to their users’ machines to shady organisations which run botnets. In other words, free VPNs actually make users less safe than no protection at all.
How To Choose A Reputable VPN
All of this might have you worried about using a VPN. You want to be absolutely sure that when you use you VPN, it will keep you safe and it will not be made a part of a botnet. Below we’ll recommend some VPNs which are known to be safe and trustworthy and which will never make you a part of a botnet. These trustworthy VPNs have all of the key features that you need for the best and safest VPN experience:
- Strong encryption. To make sure that your connection cannot be hacked or cracked, you want strong 256-bit encryption.
- A no logging policy. To make sure that your data will never be sold to another company, the best way to be sure is or there to be no record of your internet use. That’s why a good VPN should have a no logging policy so that they never save your data.
- Fast connections. Slow internet is the worst, and a bad VPN can be painfully slow to use. The VPNs that we recommend all have super fast VPN connections.
- No bandwidth limitations. Another way that free VPNs make money is by having a limited amount of free bandwidth, then charging users if they go over that low threshold. We prefer the certainty of a paid VPN service that has no bandwidth limitations, allowing you to use your provider to your heart’s content without fear of throttling and buffering.
- Support for different operating systems. With one paid VPN subscription you can protect all of your devices, like your phone, tablet, and computer. So look for VPNs with software support for all of the platforms that you use.
To find a trustworthy VPN that will never make you part of a botnet, try one of our recommended providers:
Our Recommended Safe VPNs
1. NordVPN
When you want the highest possible level of security with military grade encryption, then we recommend that you try NordVPN. For a start, the service has the essential security features of strong 256-bit encryption and a no logging policy. But there is a unique extra feature of NordVPN, which is double encryption. Double encryption means that when data leaves your device it is encrypted and sent to a server elsewhere in the world. At this first server, the data is encrypted again and sent to a second server, where it is decrypted and sent to its destination.
This double encryption means that it is essentially impossible to crack, so this VPN is ideal for those who want absolute peace of mind with their security. The server network has more than 5,100 servers in 59 different countries, and the software has a helpful map interface. The software is available for Windows, Mac OS, Linux, iOS, Chrome OS, Android, iOS and Windows Phone, as well as browser extensions for Firefox and Chrome.
Read our full NordVPN review.
- Very affordable plans
- Most VPN servers with different IP addresses
- Torrenting/P2P explicitly allowed
- Retains no metadata of your browsing
- Customer Service (24/7 Chat).
- Automatic server selection can be unreliable
- Refund processing can take up to 30 days.
2. Surfshark
The appeal of free VPNs is understandable, but premium providers like Surfshark offer incredible utility at rock-bottom prices. Indeed, this is the cheapest provider on our list, but you’d never know it by looking at their list of advanced privacy features.
For one, Surfshark uses the same encryption as the NSA in the form of the unbreakable 256-AES-GCM cipher. This is used to block out prying eyes like hackers and government snoops as you transmit data between your device and your choice of over 800 servers across 50 countries worldwide. And for enhanced anonymity, you can jump on one of Surfshark’s multi-hop connections, or opt for a static IP address to confound VPN blockers.
And hey, if it’s still not cheap enough, consider Surfshark’s complete lack of restrictions on simultaneous connections. If you need to split your subscription with a friend, you can both protect every one of your devices. No matter what you do, rest easier knowing Surfshark never keeps logs to identify you.
- Reliably unblocks Netflix US, UK, Japan, and more
- Torrent safely on any server, no guesswork required
- Unbreakable AES-256-GCM encryption on every connection
- Favorable BVI jurisdiction guarantees no logs kept
- 24/7 live chat ensures maximum uptime.
- Growing network doesn’t have same coverage as more mature VPNs
- Relatively young VPN still has to prove itself trustworthy over the long haul.
Read our full Surfshark review.
3. ExpressVPN
Serious internet users agree that one of the most popular and trustworthy VPN services is ExpressVPN. It has super fast connections which make it a pleasure to use, and it also offers exceptional reliability with servers around the world. A subscription offers you access to network of more than 3,000 servers in 160 different locations in 94 countries.
Importantly, ExpressVPN meets all of our security requirements with strong 256-bit encryption and a no logging policy to protect your privacy. This provider has a sterling reputation so you can be sure that your data will never be sold, and your device will never be co-opted to be part of a botnet. The software is available for Windows, Mac OS, Android, iOS, and Linux, and has helpful advanced features like a speed test and a DNS leak.
Read our full ExpressVPN review.
- Unblocks Netflix and other streaming sites
- Super fast servers
- Govt-level AES-256 encryption
- Strict no-logging policy
- Customer Service (24/7 Chat).
- Month-to-month plan has high cost.
4. PureVPN
If you’re looking for a very simple VPN solution that also includes a ton of extra security features, then you can’t beat PureVPN. With strong 256-bit encryption and a no logging policy, the VPN will work to keep you safe and to protect your privacy. The network of servers includes more than 2,000 servers in 140 different countries.
Here’s the great thing about PureVPN though: with your subscription, as well as the VPN you will also get a bundle of extra security software. This software includes anti virus and anti malware protection, plus an anti spam filter to keep your email free of unwanted messages. There is also app filtering, DDoS protection, a kill switch, the option for a dedicated IP, and a NAT firewall. You can install the easy to use security software package on Windows, Mac OS, Android, iOS, and Android TV devices, plus browser extensions are available for the Chrome and Firefox browsers.
Read our full PureVPN review.
5. IPVanish
If you don’t want your VPN to slow you down but you don’t want to compromise on security, then you should try IPVanish. It has some of the fastest connections of any of the VPNs that we’ve tried as well as a large network of 1,300 servers in 60 different countries.
The vital security features include strong 256-bit encryption and a no logging policy, so you can be sure that your data won’t be recorded or sold to others. The software has a lot of extra advanced features like a kill switch, auto reconnect, leak protection for IPv6 and DNS, periodic IP address change, and manually configurable DNS. You can install it on Windows, Mac OS, Android, Linux, Windows Phone, or iOS.
Read our full IPVanish review.
6. VyprVPN
If you need to use a VPN on networks which have VPN blocking features, then the must-have service for you is VyprVPN. Some networks are designed to detect and reject traffic that looks like it is from a VPN, such as many of the networks in China. However, VyprVPN can be used even on these restricted networks thanks to its special Chameleon protocol which encrypts both your data and your metadata – and so tricks VPN detection and lets you use the VPN even on restricted networks.
VyprVPN also has good security with 256-bit encryption and a no logging policy, with a server network of more than 700 servers in 70 different countries. The software is available for Windows, Mac, Android, and iOS.
Read our full VyprVPN review.
Conclusion
There are many problems with free VPNs, including slow connections, poor reliability, and limitations on bandwidth usage. But one of the most concerning problems is that users may be made a part of a botnet without even knowing it. This happened with the free VPN Hola, which was discovered to be selling its users’ bandwidth to all sorts of shady organisations, making the users part of a botnet.
To avoid this happening to you, you should stay away from free VPNs. Instead, use a trustworthy paid VPN like one of the ones that we have recommended. These paid VPNs will keep you safe and protect your privacy without ever making you part of a botnet.
Have you had security problems with free VPNs? Or do you prefer to stick to using a safe paid VPN service? Tell us about your experiences in the comments below.
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.
My favorite was Cyberghost until it starting to choose USA and connect you at Romania!?
No more Cyberghost for me
I agree with these 5 and also i like HMA (HideMyAss)
I’ve been saying this for years — free VPNs are incredibly dangerous. Stick to legit secure services like ExpressVPN and PIA instead.