VPNs are a must-have today if you need genuine privacy protection. They provide unrestricted access, especially where governments are cracking down on what you can access online. However, some VPNs have such a shady history, and using them can be jumping out of the frying pan and into the fire.
4
Kape Technologies–owned VPNs
Private Internet Access, ExpressVPN, CyberGhost, ZenMate
I have grouped these VPNs into the same category because they share the same issue: ownership. Kape Technologies acquired CyberGhost in 2017, ZenMate in 2018, Private Internet Access in 2019, and finally, ExpressVPN in 2021.
This raises two concerns. First, it could allow user information to be aggregated across the services, which increases privacy risks. Second, it gives users a false sense of choice, since the same vision, culture, and product drive the different brands.
The issue goes even deeper. Kape Technologies was once known as Crossrider. According to an extensive analysis by Monthly Review, Crossrider had ties to shady apps and was once strongly linked to malware distribution, with the Crossrider Adware believed to have ties to the company.
These apps allowed developers to inject ads into software, hijack browsing sessions, and automatically change search engines to maximize revenue. The primary purpose of a VPN is to hand over your traffic to a service that conceals your activity from your ISP. A company with such a background would concern me if it had access to my information.
3
Hola VPN
Free is never free with VPNs
Whenever I encounter a free VPN, I avoid it. This applies to Hola VPN, as well as many other free VPNs available. A free VPN typically monetizes your connection. In the case of Hola VPN, it operates as a peer-to-peer network, which means that users’ bandwidth may be sold and routed through other users’ connections.
The bigger problem is that, because other people’s traffic is routed through your IP, you can be implicated in any misuse of it. In 2015, the BBC reported that over 47 million users were drawn into a network of computers used for criminal activity.
It goes deeper. Hola VPN has a history of logging user data, which the Hola privacy policy openly acknowledges. This includes data points like timestamps, IP addresses, device information, and websites visited. Because data stored by Hola VPN is not encrypted, your privacy and data are vulnerable to an attacker.
To make matters worse, Hola VPN gathers as much data from you as possible, yet bears no responsibility for how it is protected or stored, as it clearly admits in its privacy policy.
Notwithstanding anything else in this Policy, we are not responsible for the accuracy, correctness, and security of any of the information we gather, store, and disclose to you or to anyone else.
2
PureVPN
A no-logs claim that still produced logs
Marketing can be very flattering, and some VPNs flat-out lie in the name of promotion. PureVPN marketed itself as having a no-logs policy, meaning it does not keep or retain your data. However, in 2017, a Department of Justice complaint revealed that, at the request of the FBI, it had revealed data logs relating to a specific customer. It’s ironic that, to this day, part of Pure VPN’s privacy policy still reads:
You are invisible—even we can’t see what you do online.
Another reason PureVPN is a hard pass is its use of in-app third-party trackers to monitor users. A 2021 Hide Me report identified Pure VPN as hiding trackers in its software. While it is not uncommon for apps to include trackers, for a VPN provider, it is a huge red flag. You expect your VPN to shield your traffic rather than hand over your behavioral patterns to third-party websites.
When a privacy company lies about how it handles sensitive information or actively tracks your online behavior, it becomes unwise to trust or continue using their service.
1
IPVanish
A VPN subject to Five Eyes jurisdiction
IPVanish is another example of a VPN with a mismatch between marketing and actions. The company claims to have a no-logs policy.However, according to Cyberinsider, in 2016, at the request of the Department of Homeland Security, it submitted detailed connection logs of itsusers. These included names, email addresses, actual IP addresses, connection timestamps, and VPN activity. This was clear evidence that a significant amount of user data was being logged.
Another issue highlighted by this scandal is the jurisdiction risk faced by companies based within the Five Eyes surveillance alliance. They may be compelled to submit user information and have no way to object. This is why I generally avoid VPNs based in the United States.
It is worth noting that IPVanish changed ownership after the 2016 user log scandal. The company was sold to StackPath in 2017, later acquired by J2 Global, and is currently owned by Ziff Davis. While a change in ownership can indicate a fresh start and a new direction, I remain skeptical. It may appear to be a public relations strategy aimed at gaining sympathy, while underlying issues may remain unchanged.
All I have done is share my thoughts, point to verifiable past incidents, and highlight a few VPN red flags. Ultimately, effective PR often masks numerous flaws in popular VPNs. What I am more curious about is what happens after the hype has died down. Do you feel comfortable using any of the VPNs I have mentioned? Are past incidents and history overrated?