8 Bad VPNs You Must Avoid to Protect Your Privacy

Georgina Torbet Updated 06-04-2020

We highly recommend that all people use VPNs—there’s no doubt about that. Indeed, there are many reasons to always use a VPN online, including but not limited to improved personal privacy.


But not all VPNs are worth using. In fact, some VPNs are so bad that you’d actually be better off not using anything, than routing your traffic through their servers. Here are some warning signs to look out for, plus specific VPN services to avoid if you value privacy.

What Makes a VPN Bad for Privacy?

Country of Origin

vpns - mobile security

Never connect to a VPN server that’s located in one of the “Five Eyes” countries What Is "Five Eyes" Surveillance? VPN Users, Beware! If you think VPNs protect you from government surveillance, you may be mistaken. It actually depends on where your VPN is hosted. Read More . Those are US, UK, Australia, New Zealand, Canada. Also avoid the “Nine Eyes” countries (France, Norway, Denmark, The Netherlands). And avoid the “Fourteen Eyes” countries (Belgium, Italy, Germany, Spain, Sweden).

The governments of these countries either spy on their own citizens, spy on each other’s citizens, swap such spying intelligence with each other, or otherwise enable and encourage spying in some way. These countries are likely to pressure and acquire intelligence from VPN servers operating in their territories.

Activity Logging

When connected to a VPN, all of your internet traffic is routed through the VPN’s server. Some keep minimal logs. This might be the IP from which you connected and the time of your connection. Others keep full track of browsing habits, websites visited, apps used, etc. Logs are bad because they allow activity to eventually be traced back to you.


Even VPN services that promise “no logging” can’t be trusted at face value. They might not participate in “activity logging” but may actually be logging other things. How do you know whether a VPN’s no-logging claim is trustworthy? You have to read their…

Terms of Service

A VPN service’s Terms of Service outlines exactly what you can expect as a user: what kind of activity is forbidden, what’s tracked, what’s not, etc. When in doubt, you should contact the service and ask questions to determine what their logging policy is really like.

Some things to keep in mind:

  • Should they log anything related to your connection, including IP or connection time, then it can eventually be traced back to you.
  • If they won’t block accounts, even ones that are highly abusive of the system, then there’s a good chance the service truly is log-free.
  • If they claim they can block accounts without logging information that can identify you as a user, then you should pry into how it works. Most of the time, they won’t be able to give you a clear answer, in which case you should assume logs are somehow involved.

Lack of OpenVPN

computer internet user


VPNs can operate using many different “types” of connections. L2TP and PPTP are some of the more popular. But they have glaring flaws that make them poor options for privacy. OpenVPN is the best protocol WireGuard vs. OpenVPN: Which One Should You Use? The newer WireGuard compares well to OpenVPN, but OpenVPN offers better flexibility. Here's a complete comparison between the two. Read More because it’s open source and offers the strongest encryption of traffic.

Leak Test Failure

Sometimes your actual connection to the VPN server can be compromised. For example, your PC goes to sleep and doesn’t reestablish the VPN connection upon waking, or you switch from Wi-Fi to Ethernet, or your router gets unplugged and you have to plug it back in.

Even when you’re “successfully” connected to the VPN, some of your traffic may not be routed through that connection. This is called a leak, and it undermines the entire point of using a VPN for privacy.

Certain VPN clients are better than others in this regard. So you should periodically check up on this using so-called leak tests What Are VPN Leaks? How to Test For and Prevent Them VPNs should safeguard your privacy, but leaks can reveal more than you might realize. How can you check and stop VPN leaks? Read More WebRTC Leak Test, IPLeak, and DNS Leak Test, just to name a few. Visit each test twice: once without VPN, once with VPN. Your IP addresses should be different both times.


Free Service

coins bitcoin

One of the most common VPN myths is that free VPN services are good enough. It turns out that free VPNs come with a lot of risks The Best Unlimited Free VPN Services (And Their Hidden Costs) Looking for a free unlimited VPN to protect your online privacy? Here are the top choices, along with their hidden costs. Read More . The main one is that such services need to pay for servers and bandwidth somehow. If users aren’t paying anything, then they need to generate revenue some other way. Most often this is by selling user data and information.

Free trials for paid services are fine. But unlimited free services are not. So, as with most things, you get what you pay for, and privacy is not cheap. We always recommend paid VPNs over free.

Lack of Anonymous Payment

One more thing to keep in mind: if you want to add an additional layer of obfuscation, you might prefer a VPN service that takes anonymous payments. Whereas a credit card or PayPal account can be traced back to you, cryptocurrencies like Bitcoin don’t leave such a breadcrumb trail to follow.


Which VPNs Should You Avoid?

It’s one thing to speculate whether a particular VPN service is safe or unsafe based on what they say and what they promise. It’s something else altogether when a VPN service is caught red-handed as far as tracking activity, keeping logs, selling user data, etc.

If you value your privacy, here are the VPN services you want to avoid—ones that have been shown and proven to violate user privacy in one way or another.

1. Hola

Back in 2015, Hola was found to do something that no other VPN service does: turn the PCs of its users into “exit nodes,” allowing other Hola users to route their traffic through said nodes. Hola sold this bandwidth to a third-party service. A violation this egregious puts Hola squarely in the category of services to NEVER use ever again.

2. HotSpot Shield

In 2017, a privacy group made a claim against HotSpot Shield for “intercepting and redirecting traffic to partner websites, including advertising companies.” This claim accused HotSpot Shield of logging connection details, which directly went against its privacy policy. A 2016 research paper [PDF] had previously found HotSpot Shield “injecting JavaScript codes” and “redirecting e-commerce traffic to partnering domains.”

3. HideMyAss

In 2011, the Federal Bureau of Investigation tracked a hacker’s activities back to an IP address belonging to the HideMyAss VPN service. The FBI acquired activity logs from HideMyAss and used them to catch and prosecute the hacker. Despite the illegality of the hacker’s actions, this incident made one thing clear: HideMyAss does keep traceable logs.

4. Facebook Onavo VPN

In early 2018, it came to light that Facebook’s built-in “Protect” feature for mobile apps was really just the Onavo VPN it acquired back in 2013. Regardless of how effective it is at protecting users, there’s one thing that ought to deter you: Onavo will collect your mobile traffic data to “improve Facebook products and services, gain insights into the products and service people value, and build better experiences.”

5. Opera Free VPN

In 2016, the Opera browser introduced a new “free unlimited VPN” feature available to all users. But despite the naming, Opera Free VPN is not a VPN in the truest sense. It’s more like a web proxy, and Opera does collect usage data which may or may not be shared with third parties.

6. PureVPN

In 2017, the Federal Bureau of Investigation tracked and arrested an alleged stalker after acquiring information on his activity using the PureVPN service. Despite PureVPN’s no-logging promise in its privacy policy, it turned out that they kept enough information to be able to identify the accused when cooperating with legal authorities.

7. VPNSecure

Not only is VPNSecure headquartered in Australia (a “Five Eyes” country), but a 2016 research paper [PDF] found IP leaks and DNS leaks with the service, plus “egress points” for residential users, which is similar to the “exit nodes” concept that sunk Hola above. The paper suspects but does not confirm that the bandwidth of users may be being used without their knowledge. However, if you want to be safe, you should probably stay away.

8. Zenmate

In 2018, a test by vpnMentor found that ZenMate (along with HotSpot Shield and PureVPN) suffered from IP leaks, which could give away your identify even when using the internet with an established VPN connection through ZenMate. This, coupled with the fact that ZenMate was slow to respond to these findings, makes us wary of their respect for user privacy.

Beware of Security Breaches

Another two VPN services you may want to think twice before using are NordVPN and TorGuard. In 2019, both VPNs were attacked by hackers. The hackers were able to access some information, although not login credentials. As neither company keeps user traffic logs, user traffic information was not compromised.

Companies suffering from a security breach is not unusual. Though you would hope that a VPN company would have better security than average. However, what was really worrying about this incident was the way that both companies responded. NordVPN did not disclose to its customers that a breach had occurred. TorGuard disputed whether the breach was really important.

There were accusations of blackmail and threats of court cases between the two companies.

In any case, it’s unlikely that any of this would have an effect on the security of customers in practice. However, it does not show either company in a flattering light. Both companies seem more interested in protecting their brand than in protecting their customers.

Privacy-Conscious VPNs You Can Trust

As of now, there are only a handful of VPNs with no-logging policies that privacy-minded folks trust. To learn more about what to look for in a VPN, see our advice on how to choose a VPN provider How to Choose a VPN Provider: 5 Tips to Keep in Mind Thinking about choosing a VPN but don't know where to start? Here's what you need to check before signing up to a VPN service. Read More . We recommend ExpressVPNCyberGhost, and Private Internet Access.

Explore more about: Online Privacy, Online Security, VPN.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Dropsy
    May 19, 2020 at 6:24 pm

    I believe that VPN Secure moved all its infrastructure to Hong Kong, so while it's marketing and website are housed in Australia, the servers aren't. There might be some leeway in getting around five-eyes scrutiny. I've performed leak tests and so far my connections have been fine. I'd urge you to re-evaluate them.

  2. ChoonChin
    May 19, 2020 at 9:09 am

    How about the VPNs that are embedded with browsers,such as 's Epic Privacy Browser?They aren't mentioned here.
    Second,how about the compatibility of Anti Virus suites and VPNs? I had a tough time reconciling Avira VPN and Bitdefender AV suite.

    Any guidance on these issues?

  3. HarvMan
    April 27, 2020 at 7:38 pm

    I have a Synology DiskStation with a VPN Server configured for OpenVPN.
    The best OpenVPN client I have used is Viscosity from SparkLabs.

    • ChoonChin
      May 19, 2020 at 9:10 am

      How does it fare in terms of compatibility with AV suites?
      Please reply to email.


  4. dragonmouth
    April 7, 2020 at 2:59 pm

    There are two kinds of VPNs - those that have been exposed as having compromised users' privacy and those that have not been outed yet.

    • ToughGuy
      April 8, 2020 at 7:20 am

      yep. But some even deny and just delete comments/reviews that might force some info out on them, I won't mention them, cause I don't wanna do that for the same reason. On the other hand, I'm glad how NordVPN turned their situation around, changed their whole security measures/criteria and turned their whole idea of security for the better. if you wanna read about it

  5. MYOB
    July 4, 2019 at 4:56 am

    You provide no citations verifying your claims, which is typical these days and passes as news. But it's all fake until you meet journalist's criterion of cutting legitimate sources.

  6. Lindsay
    January 23, 2018 at 10:23 pm

    Listing PureVPN as a baddie was slightly unfair.

    PureVPN did keep connection logs longer than they should have but the feds did not identify the culprit through them. The FBI already had his computer and login information in their possession. The PureVPN logs only showed that someone using his account was online at the time of the offense; just an extra cherry on top when it came to proving his guilt. As far as I know the Feds could not have gone straight to PureVPN and worked back to an unknown offender.

  7. David Tuff
    January 23, 2018 at 10:13 pm

    I bought a Lifetime licence from Purevpn because you recommended it. Now you don't and also from my experience their support is total crap.

  8. Cho
    January 23, 2018 at 5:28 pm

    Amusingly, the 5th mentioned service (5. PureVPN) is prominently displayed (large/center) in your article lol

    • gbswales
      May 19, 2020 at 1:10 pm

      You always need to carefully separate journalistic content from advertising interjected into the article. These adverts are designed to look as if they are part of the article and sometimes the advertising is an attempt to mitigate the effects of what the journalist is saying. Services like MUD, which are free to use, have to generate funds and the most common ways to do this are through advertising and the advertising departments have little connection with the journalistic content.

      A bigger concern is the reliability of the content and the possibility that it could contain product placement based on the writers personal preference or as a result of some kind of payment that is not openly declared. Most articles are not peer reviewed and you are reliant on the honesty of the writer. (I am not suggesting this is the case with this article)

      Lastly not everyone is as concerned about privacy when it comes to choosing VPN's and other services. Many people use VPNs to avoid some of the targeted advertising that we are all subjected to. Such people are often more concerned with cost and ease of use and some of the "bad" vpn's may meet their needs. You need only look at facebook and other social sites to see how low "privacy" is on some peoples radar.

      So articles are OK as a source of reference but they should never replace your own research when determining which services you are going to use..

  9. ron burtonz
    January 23, 2018 at 5:10 pm

    Instead of what countries are NOT recommended, and VPNs NOT to use, wouldn't it be more of a service to your readers to write about countries and VPNs that ARE recommended?

    • vpt
      January 23, 2018 at 7:11 pm

      I concur....The article could have been much more thorough with options to utilize.

      • scootie371
        January 27, 2018 at 8:41 pm

        This article does not want to be responsible for the research & responsibility that comes with providing info that may or may not be accurate for more than the day that they look at them. That's why -

  10. TonyCr
    December 22, 2017 at 1:46 am

    People seem to be missing a point about VPNs. They are very useful for making it appear that you are coming from another country. I am a US citizen, but I live in a country in SE Asia. Without a VPN to a US server, I'm constantly getting pages in the local language, often with local content. A VPN can get around this.

    Also, there are a number of sites that are blocked due to local paranoia (some BBC pages included). I just want to get a take on the news, not overthrow the country.

    The third reason is to be able to keep up on local news back in the US. Quite often, if you are showing a non-US IP address, you are blocked (this includes certain youtube content). The VPN allows me to view this content.

    Personally, I don't see any of these as something "criminal" (to use @Brian Klippel's word).

  11. Nusa
    December 21, 2017 at 10:18 am

    What VPN are you use guys? let me know...

  12. Lorbas
    December 21, 2017 at 3:05 am

    Once I finished reading the article I had to laugh heartily! First we are told NOT to use any VPN based in the 5,9,14,100, or whatever eyes countries. At the end he praises PIA , which is based in the US! Now, I've been using PIA for a while and it's one of the best VPN out there but combining the first and last statement in this article disqualifies the entire work. I wonder how much else is nonsense!

    • Mike
      January 24, 2018 at 7:30 am

      I was about to write the same comment about PIA till I saw yours; though I have read the articles on HMA, PUREVPN and Hola and the claims the author makes are true.

      Private Internet Access is located in the USA. Whether or not that makes the service safe to use is a personal judgement call, because if a VPN provider doesn't keep logs, then there's nothing to show anyone, no matter which agency asks for the info.

      I've personally tested PROTON VPN and haven't found any DNS, IPv6 or WEBRTC (which is usually dependent on the browser being used) leaks using Firefox. Plus they have a double-hop option called 'secure core' that really increases privacy and security.

  13. Brian Klippel
    December 21, 2017 at 12:22 am

    Don't be a criminal and it won't matter.

    • Jonathan
      January 23, 2018 at 3:15 pm

      Just because someone wants privacy while they use the Internet does not mean they're a criminal. And it DOES matter, Brian, because regardless of how honest and aboveboard YOU might be, your imagined honesty and hoity-toity self-righteousness (and oft times ignorance) will not protect you from the criminals that ARE out there looking for any web-browsing "Don Quixote" types they can find.

      • Brian Klippel
        January 24, 2018 at 11:21 pm

        No, my reply is in fact in relation to this part of the post ...

        "Never connect to a VPN server that’s located in one of the “5 eyes” countries (U.S., U.K., Australia, New Zealand, Canada), one of the “Nine Eyes” countries (France, Norway, Denmark, The Netherlands), or one of the “14 eyes” countries (Belgium, Italy, Germany, Spain, Sweden)."

        That has NOTHING to do with protecting you from criminals, it has to do with protecting you from the prying eyes of the government. I only know one demographic that really (as in not related to a tin-foil hat) needs to be worried about government/law enforcement potentially having some degree of tracking on you. You know, the kind of people that need to use bitcoin, because standard currency will track them straight to prison for terrorism, piracy, child pornography, extortion, etc.

        If you're concerned about security over hiding illicit acts, this statement about not using US/EU/Commonwealth countries is polar opposite to truth.

    • nag2
      May 19, 2020 at 3:08 pm

      The problem is you don't get to define what a criminal is. Only those in power get to define that. As such, you may be criminal free today and tomorrow you may be defined as one of the worst criminals. It all depends on the criterion used to define "criminal". Lots of folks (such as yourself) ignore that possibility to their detriment.

  14. Madeleine Gonzalez
    December 20, 2017 at 9:48 pm

    I have VPN IPVanish, connected to the UK. Should i be concerned?

    • Donald Trump
      December 20, 2017 at 11:33 pm

      Im assuming writer has some sort of compensation from the mentioned "safe" vpn's?

      • Lorbas
        December 21, 2017 at 3:08 am

        Yeah, especially since he warned us for USA based VPN and then recommends PIA, which is, you guessed it, located in the US! Lol

        • Tyger
          December 21, 2017 at 4:47 am

          That's because the FBI took over PIA's servers to find a criminal, but they never found any evidence. They actually proved they keep no logs.

  15. Jim Yost
    December 20, 2017 at 9:20 pm

    Not All VPNs Are Made Equal, Avoid These Ones!

    "These Ones" is redundant english. Simply say "Avoid these."

    "These Ones" is common in spoken speech (asleep in English class?) but is still redundant.

    • Jonizone
      May 20, 2020 at 12:30 am

      I agree Jim, illiteracy abounds in our society, and 'these ones' used frequently, 'absolutely' instead of 'yes', 'free gift', 'PIN number', 'ATM machine' and 'cool' proves your adage (asleep in English class) to be a fact.
      Aggravating it is to hear or read 'one' being pluralised.

  16. Raven
    December 20, 2017 at 4:37 pm

    Proton does not log. And, FWIW, on both Windows 10 and Mac, I have not had any connection issues nor anynleaks in the few months I've been using it. I know others have reported some ip leaks on Reddit, but I'm not sure what their configs are or if they set things up incorrectly. To see if it'll work for you, try the free version. Nothing to lose.

    • Fred
      January 24, 2018 at 9:32 am

      I concur. ProtonVPN have been reported as some of the best several times and they are located in Switzerland. I have been using them for several months and checked for leaks several times.

  17. na4a4a
    December 20, 2017 at 1:00 pm

    ALL VPNs have to log you. There is no such thing as a VPN service that retains no logs. In the event you do something illegal they will provide them to the authorities in order to protect their business.

    If you don't do anything illegal then you shouldn't have to worry, but VPNs won't risk themselves.

    • dragonmouth
      December 20, 2017 at 1:50 pm

      "If you don't do anything illegal then you shouldn't have to worry"
      One of the biggest fallacies in existence. If you truly believe that, I have a choice of bridges I can sell you at a attractive price.

      • na4a4a
        December 20, 2017 at 1:53 pm

        If you don't do anything illegal then you shouldn't have to worry about an otherwise secure VPN magically procuring logs of you.

        • Z
          December 20, 2017 at 3:12 pm

          Because anyone who wants privacy by definition is doing something illegal or immoral

        • na4a4a
          December 20, 2017 at 4:33 pm

          Hm, looks like I can't reply direct.
          How about you stop putting words in my mouth? The fact you're so offended probably means that's exactly why you use a VPN.

          I use VPNs for privacy, not pirating unlike you :-)

        • pn0
          December 20, 2017 at 8:42 pm

          Privacy requires having no activity logs. Otherwise, it's not private.

          And for "illegal". No one has any idea for sure what will be legal from year to year. And no one knows for sure what could be *perceived* as illegal either.

  18. Samatva Peace
    December 20, 2017 at 11:37 am

    Forget VPN, go Tor

    • Emil
      December 21, 2017 at 5:50 am

      Or use a VPN in conjunction with TOR.

  19. Josh
    December 20, 2017 at 11:31 am

    So, you have given your thought on what not to get. Why did you not offer suggestions on what to get? Without doing so, your article sounds a little one sided or perhaps like you may have a vendetta against them. Not that I am arguing against your thoughts, but you should offer more information.

    • dragonmouth
      December 20, 2017 at 1:47 pm

      The intent of the article is/was to be one-sided. It is not a dispassionate discussion of the state of VPNs. It is a warning about which VPNs not to use. However, if you read the article closely, there are links to other articles that DO recommend reputable VPNs.

    • Shifferbrains
      December 20, 2017 at 3:10 pm

      Use PIA, I have had no problems.I'm actually surprised this article didn't recommend this vpn.

      • Not you
        December 20, 2017 at 6:22 pm

        They did. PIA is private internet access

      • jim
        January 23, 2018 at 9:17 pm

        This article does recommend PIA. It also says not to use a vpn in the United States. It's not a very well written article. I was dubious of it from the title alone.

  20. Nusa
    December 20, 2017 at 3:10 am

    Ok, I just know that.. Now, I'm uninstalling my Proton and Opera VPN. and I just realized that there are 5 eyes, I do not understand in the affairs of VPN.

    Why I choose a free VPN Service.. Because I dont have any credit cards or paypal to pruchase the subscription, that's the reason why I using free VPN.

    So I need to know what a good VPN should I use? And give me the reason why I should use that VPN?

    • Indra L. Burukman
      December 20, 2017 at 4:15 am


      • Nusa
        December 20, 2017 at 4:58 am

        hmm really? why can you give me the reason?

    • Steve Asheim
      December 20, 2017 at 3:02 pm

      You can purchase google playstore card at your local store and use that to pay for a vpn subscription.

  21. Ken
    December 20, 2017 at 2:03 am

    Country of origin: do not connect to a VPN if the servers is in one of the five eyes country..

    Further down in the article, they recommend PIA. PIA servers are located in America. I'm a bit confused.

    • SamIam
      December 20, 2017 at 2:44 am

      This is the exact reason I choose ExpressVPN -- based in the BVI

    • Dick Hertz
      December 20, 2017 at 6:42 am

      PIA has servers in other countries too. Just don't connect to the 5/9/14 eye countries and you'll be ok. (I don't use them, I use nord)

    • Jesus
      December 20, 2017 at 7:08 pm

      yeah, I was wondering that too. did they change their servers location recently? because afaik they are located in the US

    • jim
      January 23, 2018 at 9:18 pm

      So is the author of the article.

  22. dragonmouth
    December 19, 2017 at 8:26 pm

    "A VPN service’s Terms of Service outlines (or should outline) exactly what you can expect as a user: .............When in doubt, you should contact the service and ask questions to determine what their logging policy is really like."
    Why should I trust either their stated TOS or their verbal assurances? They can be just telling me exactly what I want to hear.

    "As of now, there are only a handful of VPNs with no-logging policies that privacy-minded folks trust."
    Those VPNs just have not been caught compromising their users. There is NO assurance that any VPN is really trustworthy. You pays your money and you takes your chances!

  23. Christopher Stamey
    December 19, 2017 at 7:55 pm

    Most VPNs that advertise as "no logging" don't keep use logs but still have connection logs in order monitor system quality and other parameters not directly related to users. One reason I like is that they say they do upfront but also claim to delete the information within 24 hours. On top of that they aren't subject to any requests for user information governments might make and they have consistently cast connections. They also have real support from professionals although it may take a day or two.

    I often see the same few VPN providers on "best of" lists without any mention of Nevermind that several of those have issues with blocked IP addresses, DNS leaks, inconsistent speeds, or using virtual servers. I'm guessing it has something to do with kickbacks to the sites. I shouldn't complain as having fewer users on means more available bandwidth. I think they should be recognized more often, though.

    • Gail
      December 20, 2017 at 12:39 pm

      Big fan of They also do not hound or haunt you incessantly. All I want to do is watch shows on BBC - doesn’t seem like such a crime at all. I am in U.S. but but British products I see advertised on their telly and travel there fairly often. I subscribe to Britbox and AcornTV. So I want to see the Call The Midwife Christmas Special on Christmas Day this year and not 6-months later when it airs here. Thank you VPN!!