Free Version of Hotspot Shield is secure or not??
No, free VPNs are generally not secure:
- Data collection: Free VPNs often collect and sell your data to third-party advertisers to pay for their services. This data can include your IP address, browser history, location, and more.
- Malware: Some free VPNs may contain malware that can damage your device or steal your data.
- Slow speeds: Free VPNs often have slower connection speeds than paid VPNs.
- Limited features: Free VPNs may have limited streaming access, outdated protocols, or missing features.
- Data caps: Free VPNs may limit the amount of data you can use.
- Ads: Free VPNs often bombard you with ads and pop-ups.
- Leaks: In the past, free VPNs have leaked user data, including credentials for millions of users.
If you want to use a VPN, it’s generally safer to use a paid VPN service. Paid VPNs can protect your data, give you faster internet speeds, and let you access restricted content. Some paid VPN providers also offer free trials. If you do want to use a free VPN, Proton VPN is considered one of the best options. Proton VPN’s free plan has no data or time limits, and it doesn’t show ads. However, it does have some limitations, such as limited servers and support for only one device.
A VPN (not used for work / etc) generally works like so:
Phone ←→ internet service provider ←→ VPN’s internet service provider ←→ VPN ←→ VPN’s internet service provider ←→ website.
instead of
phone ←→ internet service provider ←→ website.
So, the website then sees a visitor from “a part of the VPN’s internet service provider” instead of “a part of your internet service provider” because it’s the VPN’s Internet service provider that connects to it. The part is called the external IP address.
Additionally, communication between the phone and the VPN tends to be:
Phone (scrambles when sending something to the VPN, and unscrambles when receiving from the VPN) → internet service provider → VPN’s internet service provider → VPN (unscrambles when receiving something from the phone, and scrambles when sending something to the phone) → VPN’s internet service provider → website.
so, the internet service provider only sees seemingly meaningless communication between the phone and a VPN.
A VPN, on the other hand
1. is able to see the external IP addresses that lead to the websites/services you’re using (however, several websites may be behind one external IP address)
2. websites normally use https://, so is able (perhaps even with private DNS used) to see the websites you’re using but only in the form “https://whatever.example.com” and only that part of a link, as in that cannot make sense of the scrambled communication between the phone and the website. If there is an error message related to a secure connection on the browser and you select “continue anyway”, the VPN may be able to see more.
3. for websites that use http:// instead of https://, is able to see and even modify all communication between the website and the phone.
Without a VPN, others in the same Wi-Fi network, and your internet service provider are able to do so instead.
Though able to do so, not necessarily actually done. Despite this, if security is an issue, these should be assumed by default. It is difficult to guarantee that no information gets collected.
A VPN may associate stuff with you by the part of the internet service provider you’re currently using (though technically a part of your internet service provider instead of a part of you), the information you give to it (username, password, etc), and VPN apps may automatically collect identifiers from the device (e.g. SSAID) to associate stuff with you.
Another issue might be that other users of a VPN might be able to connect to your phone. This is often not an issue but can sometimes be. For example, if you use a FTP server on your phone to share files (without requiring a password) between your phone and your PC in your own Wi-Fi network, others may now be able to download the files you are sharing, even though others might not have been initially able to do so. So, instead of checking if others can connect with that VPN specifically, it is most likely much better to ensure there is no misconfiguration.
Perhaps the biggest potential issue with VPNs is the following:
a VPN might or might not also make your device a part of the VPN, so others may or may not be able to use your internet connection. This is an issue, because
1. if someone else abuses your connection, your Internet service provider may be told that someone who used the part of the internet service provider did evil at <website or service, etc> at <… AM/PM> time.
2. any data cap may be used up
From a quick search, it seems the named one doesn’t do this. But this might be difficult to confirm / might change later.