Are VPNs Safe? It Depends! (11+ Things to Know) (2024)

Using a reliable VPN can be safe, but it depends on many factors.

For example, VPN security and privacy features need to be readily available, properly configured, and easy to use.

This also means VPN safety depends on how you use your VPN – and using a free VPN is rarely safe.

Keep reading to learn the 11+ things you need to know about VPN safety!

A common workaround used by many people is private browsing. This is a built-in feature that modern web browsers have offered for several years now.

For example:

• Google Chrome’s Incognito Mode
• Firefox’s Private Browsing/Private Window
• Safari’s Private Browsing
• Microsoft Edge’s InPrivate Browsing
• Opera’s Private Mode

The idea is pretty straightforward – when you use private browsing, your browsing and search history aren’t saved. Local data like cookies are usually also excluded.

However, private browsing doesn’t stop your ISP from snooping, as they can still see the data being shared from your device on their network. This already disqualifies private browsing from being truly private.

Plus, third parties like advertisers can still detect trace levels of activity, which can be used in cross-reference with your existing browser and device fingerprint to help them identify you.

Things like browser extensions, HTML5 APIs, and software bugs are also known to cause leaks that render the private browsing mode entirely ineffective.

And more malicious parties can use these vulnerabilities to exploit digital entryways and gain access to your browser or operating system.

This means private browsing isn’t just “not private” – it’s also as unsafe as regular browsing.

The best solution is to use a reliable VPN while practicing good online privacy and cybersecurity measures at all times.

There are many types of VPNs, with “premium vs. free” barely scratching the surface.

Even within the three main types of VPNs, you’ll still find both premium and free options.

But what are the three main types of VPNs?

The most common type of VPN is the remote access VPN. As most commercial VPNs fall under this category, it’s probably also the type you’re most familiar with.

Remote access VPNs connect users to a remote server (or, more commonly, give users access to multiple remote servers), hence the name.

This remote server forms part of the VPN’s overall network and is securely encrypted while simultaneously making it easy for users to set up and connect quickly.

Because the server is in a remote location (i.e., not in the same location as the user), remote access VPNs are commonly used to access geo-restricted content (like US Netflix for users outside of the US) by changing the user’s IP address to that of the server.

A remote access VPN is an ideal solution for most users, not least because it’s the most accessible option.

On the other hand, large businesses are generally better off using a site-to-site VPN for internal communications, especially if there are multiple business locations.

Site-to-site VPNs securely connect one site to another (or multiple others).

Suppose different sites or departments have their own intranet limiting users to native access related to their departmental function.

In that case, a site-to-site VPN can also be used for secure interdepartmental communications.

These are more difficult to set up than remote access VPNs and aren’t as flexible.

However, site-to-site VPNs remain the more secure option for large-scale companies when it comes to communicating between departments and locations.

The third main type of VPN is the client-to-provider VPN, which allows users to connect to the internet directly through the VPN provider rather than their ISP.

This is quickly becoming a prevalent VPN form, especially for public WiFi providers, as it essentially cuts the data’s virtual journey in half.

Instead of traffic being routed through an ISP and an encrypted tunnel, it’s automatically encrypted from the start.

Client-to-provider VPNs effectively protect users from having third parties accessing and potentially compromising the network connection, as well as bypassing internet access restrictions imposed by an ISP or government.

When I first heard the term “VPN,” I was skeptical about the legitimacy of them.

Everyone said they were essential cybersecurity tools, but are they safe? The answer was easy to find!

Not only are VPNs safe, but they’re among the best tools to help you enjoy your favorite online activities without third parties (like your ISP and government) spying on you.

The key is finding a trustworthy VPN provider that offers strong encryption and the best security features – so you’re not just safe in general but protected while unblocking websites and accessing geo-restricted content!

If you’re still skeptical, stick around. In the next section, I discuss the three most common questions related to VPN safety!

This largely depends on the iPhone VPN you’re using – and your iOS version.

iOS 8 and older versions typically limit you to Layer 2 Tunneling Protocol (L2TP), which isn’t the most secure VPN protocol.

For a company claiming to be highly privacy-conscious, it took Apple a surprisingly long time to include Internet Key Exchange Version 2 (IKEv2) and OpenVPN compatibility, considering these are far more secure.

For your VPN to be safe for your iPhone, use the most updated iOS version available.

Likewise, only use a reliable iPhone VPN and (ideally) install the app through the provider’s website instead of the App Store.

It’s safe to use a VPN for online banking. But, again, it depends on how you’re using your VPN and which VPN you’re using.

The biggest thing to look out for is getting locked out of your online banking profile because you’re connecting via different VPN servers.

Unfortunately, the only way to avoid this is to use a banking VPN that offers a dedicated IP, which costs extra.

I recommend reading our guide on the Top VPNs for Banking, which includes a list of additional security and privacy features to look out for.

VPNs are safe for torrenting, provided they have robust privacy and security features that include an internet kill switch, independently audited no-logs policy, and (preferably) RAM-only servers.

However, not all VPNs are torrent-friendly. Some allow downloads but not uploads, while some block all P2P (peer-to-peer) connections.

You can check our post on the Best VPNs for Torrenting for recommendations and a guide on how to safely torrent with a VPN.

A properly configured VPN with the necessary security features on its servers and apps is nearly impossible to hack.

So while VPNs can be hacked, a reliable VPN provider will fill the gaps while helping prevent cyber-attacks, including those launched by hackers.

That said, if you use an unreliable VPN provider, the possibility of your VPN being hacked is more likely.

This is usually the result of weak encryption, as VPN hacking typically involves breaking the encryption or stealing the encryption keys.

This is why it’s essential to always use a reliable VPN service.

Of course, you also need to practice other cybersecurity measures, or you risk having your device infected with malware that can render the use of a VPN functionally obsolete.

Although free VPNs seem like a great deal (especially if you’re on a tight budget), the consensus remains that free VPNs are not safe.

To make sure you fully understand this fact, here are the top six reasons.

Free VPNs and malware go hand-in-hand.

At best, the lack of revenue from premium subscription fees leads free VPN providers to cut corners with their security measures, leaving their apps extremely vulnerable to malware.

In some cases, the service is entirely fake and designed by hackers to trick you into installing malware.

However, for the most part, free VPN providers purposefully include adware (advertising-related malware) in their software.

This makes sense when you remember that running a VPN costs money and that most free VPNs generate income through advertising.

Free VPNs will also purposefully bombard you with ads in their app and/or while you’re browsing the internet.

These are from companies that aren’t just paying the free VPN provider to display their ads but also to track you online and target users that match their target audience.

Considering one of the primary privacy functions of a VPN is to help prevent third-party tracking, it’s shockingly ironic that most free VPNs include embedded tracking methods in their installation software.

As related to the adware issue mentioned above, many of these tracking tools are related to advertising.

However, it can also include analytic trackers (like Google Analytics), among others.

Whether an entirely free VPN or the freemium version of a premium VPN, functionality is severely limited.

In addition to the aforementioned security vulnerabilities making free VPNs highly susceptible to malware and other cyber-attacks, they also:

• Fail to bypass geo-restrictions and unblock online content (such as Netflix)
• Limit you to very few VPN servers and locations
• Impose strict bandwidth caps, usually around 500MB (TunnelBear’s freemium version) to 2GB (Windscribe’s freemium version) per month, though AtlasVPN is a rare bird with no bandwidth cap

Using a VPN will almost always slow your internet connection. With the best VPNs, the difference is barely noticeable.

Free VPNs, on the other hand, make it hard not to get frustrated with how slow they are.

One way this happens is by funneling free users through a limited number of VPN servers.

This quickly leads to network congestion, as more users mean the server is handling more data than it can process while maintaining optimal connection quality.

The inclusion of advertising will also considerably reduce your internet speed.

Finally, one of the most significant drawbacks to freemium VPNs is they’ll often deliberately slow your connection speed to try and get you to upgrade to their premium plans.

While this is typically passed off as giving premium subscribers priority on the servers available to both, it’s still an upselling technique.

Hotspot Shield and Hola are common examples of free VPNs that hijack users’ browsers and sell your “excess” bandwidth instead of a subscription fee.

Browser hijacking refers to multiple dodgy activities, including accessing private data stored in the browser and other browsers installed on the same device.

In HotSpot Shield’s case (according to research by the CDT), it more specifically included forced redirects to their affiliate partners.

As for selling your bandwidth, they use your device’s processing power, which not only adds undue wear-and-tear to your device but also lets others use your bandwidth.

Both issues raise serious privacy and security concerns.

In fact, Hola VPN users ended up being part of a massive botnet, whereby if exploited, user devices would be infected with malware, allowing cybercriminals to use them in a DDoS attack.

It’s also worth noting to be careful when using VPN browser extensions. These lightweight versions of the VPN software are generally more susceptible to hacking and can be used for browser hijacking.

These are technically two different risks when using a free VPN, but honeypots and those that sell user data are closely related.

Honeypot VPNs are generally real VPN services (premium or free) set up by government agencies through shell companies.

The encryption keys are held by the provider, meaning the government agencies don’t have to worry about intercepting encrypted data and storing them indefinitely until technology advances far enough to render current encryption methods vulnerable.

In other cases, these agencies will simply demand or buy the user data from a provider they don’t own. This is another prevalent way for free VPNs to cover their costs.

Of course, it isn’t only government agencies doing the buying.

As already mentioned, advertising companies will also pay for user data to build target audience profiles that influence their marketing campaigns.

There are endless Guides and Resources here at vpnAlert to help you find the best VPNs based on your intended use case, including in-depth VPN reviews and comparisons.

However, I also like to include sections (like this) that help you do your own research so that you can find the best VPN for you ASAP!

The best (and safest) VPNs will meet the following criteria:

Promises are cheap.

This has been proven repeatedly when a VPN provider advertises a no-logs policy, only to turn around and hand user data to government agencies like the NSA or FBI.

This is why I have a strong preference for premium VPN providers who are independently audited by a trusted third party.

While by no means an exhaustive list, this includes providers like NordVPN and ExpressVPN.

Another top VPN with an independent audit is Surfshark, though I feel they’re somewhat overdue for a new one.

Some jurisdictions I avoid include all Five, Nine, and Fourteen Eyes members and notoriously censorship-heavy and anti-VPN countries like China (including Chinese territories) and the UAE.

Jurisdictions like the British Virgin Islands (BVI) and Panama are widely recognized as two of the best locations for a VPN provider.

One thing to look out for is current and past scandals involving VPN companies.

This should include things like Hola VPN being used to establish a botnet for cyber-attacks, HotSpot Shield’s browser hijacking, and VPNs caught sharing user data with advertisers or government agencies.

In rare cases, providers that previously shared user data are reestablished under new ownership and prove themselves trustworthy thanks to increased cybersecurity and online privacy measures.

One example is IPVanish.

However, these are the exceptions – not the norm.

When in doubt, stick to a scandal-free provider in the game long enough for any dodgy activity to have come to light.

User reviews often highlight usability issues and poor customer support, so I always spend time reading through as many as possible (the more recent, the better).

One thing to be wary of is the negative reviews that competitor VPN providers pay for.

These kinds of covert smear campaigns are all too common in many industries, and VPNs are no exception.

Unfortunately, it can be challenging to tell when this is happening.

Even honest reviews might include a recommendation for a different VPN that the user finds “works better” for them.

Likewise, you should also be careful not to be led astray by positive reviews paid for by the praised provider.

These are usually (but not always) accompanied by an affiliate or referral link.

Bottom line: always DYOR (Do Your Own Research). Reading reviews is only one part of that process.

Quick Disclaimer:

vpnAlert never accepts money in exchange for positive reviews. We do earn money through affiliate partnerships with some (but not all) of the companies we review. However, we never let these partnerships influence our content.

One way we ensure totally unbiased reviews is by keeping our writers in the dark. They never know which companies we are affiliated with and are never asked to write a positive or negative review – only to be honest according to their own findings.

You can read our full Disclosure here.

I get it – reading the Terms of Service (and Privacy Policy if these are handled separately) can be a long and arduous task.

But if you want to know as much as possible about the VPN service you’re planning to trust with your data and online privacy, it’s something you should be doing.

It’s a vital part of the DYOR process.

Tricky legal language is understandably off-putting, but it’s worth making an effort to understand the most important terms that might be used to create nasty loopholes.

One tool I’ve found invaluable is the Terms of Service; Didn’t Read browser extension (available for all five major browsers). Websites are graded based on how privacy and user-friendly their ToS and Privacy Policy are, and the extension offers a summary of all the important parts.

Here’s an example I used on NordVPN’s website:

While VPNs are not free from security risks, most of them aren’t necessarily the provider’s fault if you use a reliable VPN.

But if you’re hoping a VPN will magically protect you from everything, the bad news is poor online privacy and security practices on your part are what put your VPN at risk.

I already covered things like VPN logs, issues with the ToS and Privacy Policy, and poor jurisdictions, so I won’t repeat them here.

Instead, let’s look at the two major VPN security risks you should be aware of.

IP, DNS, and WebRTC leaks are one of the VPN security risks that can either be the provider’s fault or yours.

Regardless of who’s to blame, any leak will result in your VPN protection and data privacy being compromised.

The first step to preventing this is to only use a VPN that offers leak protection and a kill switch feature.

Some providers might call it something else like a Network Lock, so ask their live chat support if in doubt.

You should also confirm if the Kill Switch is enabled by default or if you need to turn it on in the app’s settings manually.

The second step is to take matters into your own hands by installing the (free) uBlock Origin browser extension. In addition to being a powerful ad blocker, it also prevents WebRTC leaks.

Just because you’re not using a malware-infected VPN doesn’t mean your VPN is impervious. This is largely where you need to take responsibility.

Although many of the best VPNs include anti-malware features, you should still be using dedicated anti-malware software.

After all, VPNs are meant to be protecting your online privacy, not substituting other cybersecurity tools.

Anti-malware software should help prevent threats like trojans, spyware, adware, bot-attacks, and other malware from infecting your browser and/or device.

At the very least, it should let you scan your device to identify and quarantine or properly delete any existing threats.

Without anti-malware software, you risk rendering your VPN obsolete, thanks to hacking scripts like keyloggers – a form of spyware that records your keystrokes to steal passwords and sometimes even take periodic screenshots without your knowledge.

Some of my favorite tools to use with my VPN include:

• Malwarebytes (free or premium, includes a browser extension)
• uBlock Origin (blocks script-based attacks)
• NetCraft (an anti-phishing browser extension)
• NordPass (NordVPN’s premium cloud-based password manager)

I also recommend using Two-Factor Authentication (2FA) on all of your online accounts as an extra precaution against hacks and keyloggers.

While VPNs remain one of my must-have online privacy tools, yes, there are some additional disadvantages.

For brevity’s sake, I’m only going to focus on the disadvantages of reliable premium VPNs.

There are further disadvantages I already covered in the earlier sections 6 Reasons Why Free VPNs Are Not Safe, (in a less direct manner) Which Criteria and Features Make a VPN Safe?, and VPN Security Risks.

In most countries and for most use cases, VPN usage is perfectly legal.

However, some countries (most notably China, North Korea, and the UAE) either heavily restrict or outright ban VPNs and even block websites like this.

At the very least, they usually block VPN websites, meaning you’ll need to create a user account and install the VPN software before visiting or moving to such countries.

And in those countries, your choice of VPN is even more critical.

Not all VPN services will give you a safe connection or protect you from government VPN detection methods.

If caught, you might face severe fines and/or a prison sentence.

Likewise, performing illegal online activities while using a VPN is still illegal.

I never recommend using a VPN this way, with the notable exception of bypassing government censorship.

Even with the best VPN, expect your internet speed to drop at least a little.

This is because your online traffic has to travel through a minimum of one extra server (belonging to the VPN) before reaching its destination (the website you’re visiting) and again before returning to your device.

Additionally, the data encryption adds complexity layers that take slightly longer to process.

Ideally, this speed reduction should be barely noticeable.

With some of the top providers, it’s so minimal you’d have to perform internet speed tests to notice it at all.

Here’s an example:

Without (ExpressVPN)

On the flip side, it’s also possible that using a VPN will increase your internet speed, especially during bandwidth-intensive activities like gaming. This is because ISPs typically target users like gamers or online streamers with bandwidth throttling.

With a VPN, your ISP can’t see what you’re doing online – so they’re less likely to throttle your connection.

Perhaps a tad obvious, but reliable VPNs require a premium subscription – and that means an added expense. If your budget is already a little tight every month, this can be a huge disadvantage.

Here’s an example of a premium VPN’s subscription fees (NordVPN):

Likewise, if you need to purchase a new router that’s compatible with VPNs (whether the software is configured for you or not), that’s another major upfront expense.

On the plus side, this is only necessary if you need a router VPN.

Quick Tip: You can save money with these ! We update the page daily to ensure only verified, valid, and active deals are listed.

Reliable VPNs will have dedicated apps for the most common devices and operating systems, plus others.

But you might still run into compatibility issues when it comes to less popular or outdated operating systems or even incompatible hardware (like older smartphones or most routers).

Linux users are an odd exception, as Linux is increasingly popular but still typically requires manual configuration.

However, many of the Best VPNs for Linux either offer installation support or a dedicated Linux Debian and/or Ubuntu app.

Finding, paying for, and setting up a VPN takes time, especially if you’re using multiple devices or need to change a few settings.

Then there’s spending a few extra seconds (or minutes) launching the app and connecting to a VPN server before you can get online.

And when it comes to unblocking geo-restricted content, you might need to clear your browser cache, close the browser, reconnect to a different VPN server, and then try again.

This is because many sites and online services use anti-VPN methods.

Always remember to keep your intended VPN use case in mind when choosing a VPN.

After all, the best VPN for Netflix isn’t necessarily the best VPN for playing League of Legends, so look for specialized servers and talk to the provider’s live chat support if you still have any doubts!

I’m going against the grain here by saying you shouldn’t use a VPN all of the time or for everything you do online.

Instead, remember VPNs are only one tool in your online privacy and cybersecurity toolbox. And like most tools, they have a specific function.

That function is to create a secure, remote site-to-site connection or grant individual users secure, remote access to a different network by tunneling that connection from a network of lower trust (like public Wi-Fi) to a network of higher trust (the secure, encrypted VPN).

So to figure out when you shouldn’t use a VPN, start with understanding when you should. If you have a reliable VPN, use it for:

1. Adding an extra layer of online privacy to prevent your ISP (or government) from tracking your online activity and the websites you visit from seeing your real IP address.
2. Establishing a safe connection on unreliable networks, or those you just don’t trust, to add an extra layer of cybersecurity against network-based attacks like Man in the Middle.
3. Bypassing national and network-level censorship (like schools or businesses blocking certain online websites and platforms) and other geo-location blocks (like those used by Netflix).

Every other potential use case you’re thinking of? They either fall under one of these three categories or aren’t something a VPN can help you with.

Understanding your threat model will help you correctly identify if you need to use a VPN or if you’re giving in to paranoia.

Threat modeling is beyond the scope of this guide, but you can read more about it here.

Staying secure with a VPN starts with choosing the right VPN to use.

Here’s a quick-and-dirty cheat list of things to look for:

• A provider with a strict no-logs policy backed up with independent audits. RAM-only servers are also a huge plus, as even analytical data is only temporarily stored on the server and automatically deleted every time it’s rebooted.
• A VPN based in a privacy-friendly jurisdiction like Panama or BVI. Try avoiding VPNs in 5/9/14 Eyes countries like the US and UK.
• A suite of robust security features and the best encryption. Look for VPNs with obfuscation features, a kill switch, DDoS protection, and 256–bit AES encryption.
• Read reviews to understand the user experience, especially related to your intended use case, and uncover any hidden issues or past scandals.
• Go through the Terms of Service and Privacy Policy to learn what data the VPN provider records, who they share it with and how, and other privacy and security concerns they don’t talk about elsewhere on their website.

Next, it’s time to get your device ready.

Before installing the VPN software, make sure you’re already using a privacy-friendly browser and search engine, complete with extensions that protect you in ways a VPN can’t.

You can check out our 7 Privacy Tips here for some suggestions!

With everything in place, you can sign up for a VPN subscription, pay to activate your user account, and download the VPN software for your device.

Before you start the installation process, scan the .exe installation file with your anti-malware software (I recommend Malwarebytes). If everything’s clear, launch the file and follow the steps to complete the installation.

If there are any other, more advanced features you need to use (such as obfuscation methods), go ahead and enable them now or follow your VPN provider’s instructions on how to do so.

Clear your browser’s cache and cookies if you haven’t already, and consider flushing your DNS if you have other apps you need to use over a VPN connection.

Use the VPN app’s Quick Connect button (or similar) or choose your preferred server location.

Remember to practice basic online privacy and security measures too.

Never click on links you don’t trust, always use an HTTPS connection (the HTTPS Everywhere extension is a great tool for this), and limit the amount of private information you share online – especially on social media.

VPNs are a fantastic online privacy tool that’s safe to use – so long as you’re using a reliable VPN and practicing other privacy and cybersecurity methods.

Remember that although many commercial VPN providers promise a wide range of functionality, a VPN is a very niche tool with a specific purpose.

It’s never going to be the only step in securing your online privacy, and you should never rely on it in this way.

Throughout this guide, we’ve taken a look at what makes some VPNs safe and others unsafe, as well as extra tools and practices you can and should use together with your VPN.

Help us spread the word by sharing this post with your friends!