Picking the right VPN can have a big impact on your life online – it can affect what sites you access, how fast your internet is, and most importantly, whether or not anyone can see what you're doing online.
All the best VPNs are fast, great for unblocking sites, and have excellent privacy features. If you're looking for one, I highly recommend reading reviews to make sure the providers you're considering live up to their claims, and can deliver what you really need from them. There are tons of options, and many are very good.
However, there are some VPNs out there that I think should be flat-out avoided. This could be because there are better options that do the same job for a cheaper price, or, more sinisterly, because these dodgy VPNs pose a tangible threat to your privacy while promising the opposite.
In an update to this page, I've added another offender to the list. It's a provider that has been on my radar for a while, and I've also covered it elsewhere – you'll find it sitting at the number one spot just below.
XNXUBD Browser VPN: 100% a scam
If you were to ask me to describe a dodgy, potentially dangerous VPN, you'd get XNXubd in all but name. It claims to be an Android and iOS VPN browser that offers "a safer and more private browsing experience," and search data shows that it's very popular in SE Asia, with Indonesia leading the pack. That popularity doesn't translate into quality, though, and the moment you open the website, alarm bells start ringing.
When you try to download the app, you're fed through a number of pages and eventually end up on a Google Drive link. Yep, you heard me – a direct download of a file Google is unable to scan for malware. Excellent start.
Head to the privacy policy, and it's claimed that the company own no products, and the policy only applies to the website. So, effectively, the application you're downloading has no privacy policy.
I've previously written about how XNXubd is dangerous and should be avoided, so if you're interested in seeing exactly how bad it is, please head through and read that. In short, though, promise me that you won't download this transparently untrustworthy VPN...
Hola VPN: P2P "VPN" that collects your data
The poster child for popular yet awful VPN services, Hola VPN fails on almost every level. First of all, it's not even a VPN at all. The website calls it a "community powered (Peer-to-Peer) VPN," and it essentially routes your connection through nodes (other users) in various locations around the world. It's fairly similar to Tor in this respect, so while you're able to use other peoples' bandwidth, they can use yours as well.
Hola's only decent encryption protocol is IKEv2, and while it's not bad, many premium providers like NordVPN are phasing it out due to it being outperformed in every way by the likes of OpenVPN and WireGuard. What's more, if IKEv2 fails to make a connection, Hola may default back to PPTP or L2TP – both of which have known security vulnerabilities.
The worst thing, however, is the fact that Hola VPN openly states that it may collect your IP address, what browser you're using, your operating system, and even what websites you visit, when you visited them, and for how long. This information can be used to identify you and tie you back to your activity.
If you're looking to improve your privacy, do not use Hola VPN.
Psiphon: Good for unblocking, terrible for privacy
Psiphon is quite honest about what it offers: a way to access sites that have been blocked through censorship or other means. However, despite it being a true VPN by nature – something that can't be said about Hola VPN – it certainly doesn't provide you with the protections you might expect from one.
In short, Psiphon doesn't promote itself as a privacy-preserving tool, I'm glad, at least, that it's honest about this. Quality modern VPNs use the OpenVPN, WireGuard, and IKEv2 protocols, or protocols based on these. Psiphon, on the other hand, only offers two protocols: SSH, and L2TP over IPSec. Both of these are considered outdated, and vulnerable to decryption. Psiphon also stores your connection IPs and the URLs you visit for up to 90 days, which is a huge red flag in my book.
These privacy deficiencies alone would be enough for me to tell you to steer clear of this provider. However, the fact of the matter is that many privacy-focused VPNs can do what Psiphon does, but better, as well as access blocked Netflix libraries, change your location to almost anywhere in the world, and even offer extra tools like malware detection and data breach alerts. Protect your privacy and your wallet, and go with something better.
Betternet: it's free, but inundated with ads
Betternet is owned and operated by Pango, which also owns Hotspot Shield, VPN 360, and Ultra VPN. Pango is US-based, making it vulnerable to US warrants, so that's not a great start. This wouldn't be such an issue if Betternet was a committed no-logs VPN, but its privacy policy states it stores your IP address until the end of your session. That's not as egregious as Psiphon's logging policy, but with so many competitors boasting audited policies emphasising the fact they do not do this, there's very little excuse for doing so.
What's more, Betternet's free VPN plan injects ads into your session. Obviously, free services need to be funded somehow, but the ones I recommend typically use a freemium model – you're offered a limited version of the full VPN, and paying customers subsidize the cost. Rivals like PrivadoVPN Free and Proton VPN Free offer an ad-free experience, and limit the number of servers you have access to, or impose data caps. This is far better than compromising your security by injecting ads into the apps, or the web pages you visit.
In our testing of Betternet, we also saw that the VPN suffers from both IPv6 and DNS leaks, which is inexcusable. You also don't get a kill switch, which means you could have your security compromised if the VPN drops out during your session.
Finally, although it was a long time ago, in 2016 Betternet's Android VPN app was found to contain tracking libraries and malware – an issue which the company never responded to.
All of these things add up to a VPN provider I highly recommend avoiding, simply because there are far better and more secure alternatives available – free or paid.
Turbo VPN: 100 million downloads, no kill switch
Turbo VPN is incredibly popular, and I find it difficult to understand why. It's got over 100 million installs on the Play Store alone, but unfortunately it's underpinnings do not match its success. As soon as you visit the website you'll notice there's very little information about how the service actually works. There's no description of what protocols are used, whether it uses encrypted DNS servers, or has a kill switch (spoiler alert: it doesn't).
Just like Betternet, the free plan includes ads, which immediately makes me concerned. What's worse, though, is the fact that much of Turbo VPN's privacy policy has been lifted from other VPN providers' websites. While the sentiment may be true, this undermines any belief that Turbo VPN is a quality service whose word can be trusted at face value.
In usage, Turbo VPN is also underwhelming. If the VPN disconnects, there are no notifications to inform you of this, and the lack of a kill switch means that you might end up continuing to browse indefinitely without the VPN active.
Considering the paid plan costs over $4 per month, there are far better options out there for half the price, and I wouldn't touch the free plan with a bargepole.
TunnelBear: beginner-friendly but underwhelming
TunnelBear is another popular free provider, and you might be surprised to see it on this list. It undergoes regular independent audits, and the simplicity of the interface makes it easy for newbies to get protected online.
However, in practice it's quite simply a lackluster VPN that omits a number of features that rivals offer, and considering some of these like Surfshark and ExpressVPN are very beginner friendly, I see no reason to choose TunnelBear over them.
What's more, in its most recent independent audit, it was found that TunnelBear had some significant security vulnerabilities. It's very noble for the provider to have been so transparent about these issues in a blog post, but the fact remains few other VPNs that undergo independent audits have such major issues discovered.
Elsewhere in our testing, it also became evident that TunnelBear performed very poorly when it came to unblocking streaming sites. This is one of the most important factors for many people when choosing a VPN, and although some providers, like Mullvad, make up for poor streaming VPN performance with impeccable privacy credentials, TunnelBear just doesn't excel anywhere.
What are the alternatives?
Thankfully, there are plenty of top-quality VPNs out there that do what they say on the tin. I've highlighted my top three below, all of which offer rock-solid privacy, can unblock streaming content from all around the world, and are very simple to use.