Many popular free VPN apps are sketchy Chinese operations with dubious privacy policies, according to research.
Metric Labs' Top10VPN conducted a rare investigation into the ownership structure and responsiveness of top VPN providers who distributed their services on iOS and through Google's Play Store. 86 per cent are deemed to have substandard security policies that failed to disclose how the data was used. And 59 per cent are either Chinese-backed, or actually based in the People's Republic of China.
"It was often very challenging to verify who was actually behind these VPN apps, due to the great lengths companies went to in order to hide their ultimate ownership, and far beyond the means of the typical consumer to discover," concluded head of research Simon Migliano, who collated the data.
VPNs act kinda like a bridge: netizens' network traffic is routed through the VPN provider so that for all intents and purposes, each user appears on the internet at the location of the VPN's gateway. So, someone in the USA can use a VPN in the UK to appear as though they are using the web from Blighty. This obscures the true public IP address of the user. Also, connections to and from the user and the VPN are typically encrypted so if you're worried about your hotel or airport Wi-Fi being spied on, the VPN tunnel will mask it.
However, this means you place an enormous amount of trust in your VPN provider, which becomes effectively a second ISP. By carrying your network traffic, the VPN biz can potentially snoop on and tamper with your web browsing and internet activities. Websites and other online services that use HTTPS, or similar encryption, with mitigations to prevent man-in-the-middle eavesdropping can evade snooping VPNs.