While VPNs are being touted as one of the most effective means of keeping personal data away from the prying eyes of the outside world, it’s important to remember that they do allow nearly infinite access for the providers. These companies could easily decide to release users’ browsing history to a law enforcement agency or sell their customer data to a marketing business. Furthermore, malware disguised as a VPN could conceal malicious activity on a device behind a smokescreen of security protection. On top of all this, some VPNs are simply not technically up to scratch, offering little more than an amateurish level of network infrastructure with giant security holes.
This is particularly the case with mobile devices. An app that requests a VPN permission will have full control and visibility over the internet traffic of the user and can do what it likes once the VPN tunnel is set – for instance redirecting user traffic, injecting malicious code or accessing sensitive information.
So the age-old additive still stands: if it’s too good to be true, it probably isn’t – beware of free VPNs. The paid-for ones are generally more secure, but even they are not always watertight. Best to do some research and go for a well-known provider with a good track record and transparent privacy policies.